All Products
Search

This Product

    Cloud Storage Gateway:Usage notes

    Document Center

    Cloud Storage Gateway:Usage notes

    Last Updated:Nov 04, 2024

    Before you use Cloud Storage Gateway (CSG), we recommend that you read the following usage notes.

    File gateways

    • Do not frequently interrupt the upload of large files to Network File System (NFS) or Server Message Block (SMB) shares. The system uploads files by using multipart upload. If you interrupt the upload of large files, parts are generated in the associated Object Storage Service (OSS) bucket. These parts consume the capacity of the OSS bucket, causing the storage usage of the bucket to be slightly higher than the total file size. You can use a lifecycle rule to automatically delete parts. For more information, see Delete parts.

    • The cache capacity of a share is calculated based on the following formula: Recommended local cache capacity = [Application bandwidth (MB/s) - Backend bandwidth of the gateway (MB/s)] × Write duration (seconds) × 1.2.

      To obtain better performance of local access, you can select the higher of the estimated amount of hot data and the recommended local cache capacity as the local cache capacity.

    • If you want to write a large file by using a file gateway, keep the size of the file smaller than 30% of the cache disk capacity and do not write multiple large files at the same time. If you write multiple large files at the same time, the cache disk space may be quickly exhausted.

    • A file gateway in version 1.0.38 or later supports up to 30 TB of a file. If you upload a file that is larger than 2 TB, we recommend that you provide an Internet bandwidth of 500 MB/s or higher or connect to Alibaba Cloud over an Express Connect circuit. Otherwise, an upload timeout error may occur.

    • File gateways support sparse files. If a sparse file fails to be uploaded to a file gateway, run the following command to convert the format of the sparse file: 

      dd if=<sparse file name> of=<sparse file name> conv=notrunc bs=1M

      The size of the sparse file cannot exceed the available cache disk capacity.

    • The names of files and directories on a file gateway must be encoded in UTF-8. File gateways do not support file and directory names that are encoded in formats other than UTF-8. For example, if you mount an NFS share of a file gateway on a Windows client, creating a file or directory with Chinese characters included in its name will fail with the 0x8007045D error code.

    • If the size of a file in a file gateway exceeds 256 MB, we recommend that you disable versioning for the associated OSS bucket. Otherwise, a timeout error may occur when the gateway uploads metadata to the associated bucket. This degrades the overall performance of the gateway.

    • File gateways implement permission isolation on Windows Active Directory (AD) based on POSIX Access Control Lists (ACLs). File gateways do not allow you to authorize multiple AD users across directories. For example, the AA/BB/CC directory belongs to User 1. If you authorize User 2 to access only the CC directory, User 2 cannot access the data in the CC directory from the AA/BB/CC directory. In this scenario, you must also authorize User 2 to access the AA and BB directories.

    • When the associated bucket stores more than one million files, we recommend that you set the intervals of reverse synchronization to longer than 3,600 seconds.

    • For file gateways version 1.0.36 and later, a Multipurpose Internet Mail Extensions (MIME) type is automatically specified in the OSS metadata based on the file suffix.

    • If reverse synchronization is enabled, empty on-premises directories that are not uploaded to Alibaba Cloud may be deleted by reverse synchronization during a scan cycle. To address this issue, you can create the directories again.

    • By default, you can rename a directory whose total number of subdirectories and files is no more than 5 million. If you want to rename a directory that contains more than 5 million subdirectories and files, submit a ticket.

    • When reverse synchronization is enabled, some directory rename operations may fail due to incomplete metadata cache on the gateway side.

    File gateways deployed on Alibaba Cloud

    • The synchronization bandwidth of a gateway is related to the bandwidth of OSS. OSS supports a maximum bandwidth of 10 Gbit/s for each user. The bandwidth slightly varies among clusters in different regions. For more information, Submit a ticket.

    • By default, the upload bandwidth of gateways deployed on Alibaba Cloud is 1 Mbit/s. These gateways access OSS buckets across regions over the Internet. As a result, the data transmission performance may be unstable.

    • Network storage protocols such as NFS and SMB require special ports. Therefore, you must configure security group rules to open these ports.

      • After you create a file gateway on Alibaba Cloud, a security group prefixed with Cloud_Storage_Gateway_Usage is configured for the gateway by default. Do not use this security group when you create Elastic Compute Service (ECS) instances. Ports required for NFS and SMB are automatically configured in this security group.

      • CSG supports AD domains. You need to configure specific ports to support the following protocols: AD, Domain Name System (DNS), and Kerberos. For information about how to join a gateway to an AD domain, see How do I join a file gateway to an Active Directory domain? The following table describes the ports that are required for supported protocols.

      Protocol

      Port

      NFS

      111 (TCP and UDP), 2049 (TCP and UDP), 32887 (TCP and UDP), 32888 (TCP and UDP), and 32889 (TCP and UDP)

      SMB

      137 (UDP), 138 (UDP), 139 (TCP), 389 (TCP), 445 (TCP), and 901 (TCP)

      AD

      389 (TCP and UDP), 445 (TCP and UDP)

      DNS

      53 (UDP and TCP)

      Kerberos

      88 (UDP and TCP)

    On-premises file gateways

    The console for on-premises file gateways uses the HTTPS protocol. Network storage protocols such as NFS and SMB require special ports. You need to configure a firewall to support these ports.

    On-premises file gateways support AD domains. You need to configure specific ports to support the following protocols: AD, DNS, and Kerberos. If you want to join an on-premises file gateway to an AD domain, you must open the corresponding ports in the client firewall.

    Protocol

    Port

    HTTPS

    443

    NFS

    111 (TCP and UDP), 2049 (TCP and UDP), 32887 (TCP and UDP), 32888 (TCP and UDP), and 32889 (TCP and UDP)

    SMB

    137 (UDP), 138 (UDP), 139 (TCP), 389 (TCP), 445 (TCP), and 901 (TCP)

    AD

    389 (TCP and UDP), 445 (TCP and UDP)

    DNS

    53 (UDP and TCP)

    Kerberos

    88 (UDP and TCP)

    iSCSI gateways

    • The cache capacity of Internet Small Computer Systems Interface (iSCSI) volumes is calculated based on the following formula: Recommended local cache capacity = [Application bandwidth (MB/s) - Backend bandwidth of the gateway (MB/s)] × Write duration (seconds) × 1.2.

      To obtain better performance of local access, you can select the higher of the estimated amount of hot data and the recommended local cache capacity as the local cache capacity.

    • The synchronization bandwidth of an iSCSI gateway is related to OSS bandwidth. OSS supports a maximum bandwidth of 10 Gbit/s for each user. The bandwidth slightly varies among clusters in different regions. For more information, contact OSS technical support for bandwidth information.

    • The default input/output operations per second (IOPS) are subject to the backend disk capacity. An ultra disk supports a maximum bandwidth of 110 MB/s. An SSD supports a maximum bandwidth of 230 MB/s.