This topic describes how to manage Server Message Block (SMB) shares in the on-premises file gateway console. You can create, delete, disable, and modify SMB shares. You can also configure AD or LDAP and add SMB users.
Prerequisites
A cache disk is added to the gateway. For more information, see Add a cache disk.
Cloud resources are bound. For more information, see Bind a cloud resource.
Background information
SMB is a network protocol that facilitates network communication between servers and clients or between network nodes. You can use this protocol to share files. SMB requires both a client and a server.
Cloud Storage Gateway (CSG) acts as an SMB server and provides the file sharing service. When you access CSG from a Windows-based client, CSG receives a request from the client and returns a response.
To use the SMB service, you must configure a share directory in the CSG console, create an SMB user, and specify user permissions.
Create an SMB share
Open your browser, enter
https://<IP address of the file gateway>
in the address bar, and then press Enter.In the dialog box that appears, enter your username and password, and then click OK.
On the SMB page, click Create in the upper-right corner.
In the Create SMB Share dialog box, set the following parameters.
Parameter
Description
Share Name
The name of the SMB share.
Read-only Users
The list of users who have read-only access to the SMB share.
Read/Write Users
The list of users who have read and write access to the SMB share.
Enable
Specify whether to enable SMB sharing.
If you do not want to enable SMB sharing, you can select No to disable SMB sharing.
Browsable
Specify whether the SMB share can be discovered by network neighbors.
Mode
Valid values: Cache Mode and Replication Mode.
Replication Mode: In this mode, two backups of all data are created. One is stored in the on-premises cache disk and the other is stored in the OSS bucket.
Cache Mode: In this mode, the backup stored in the on-premises cache disk contains only metadata and user data that is frequently accessed. The backup stored in the OSS bucket contains all data.
Reverse Sync
Specify whether to synchronize metadata stored in the OSS bucket to the on-premises cache disk. This feature is suitable for disaster recovery, data restoration, and data sharing scenarios.
NoteDuring a remote sync process, the system scans all objects in the bucket. If the number of objects is large, you are charged for calling the OSS API. For more information, see Pricing of OSS.
Encryption Type
You can select None or Server-side Encryption.
If you select Server-side Encryption, you must also set the ID parameter. You can log on to the KMS console and create a key. For more information, see Create a CMK.
After you enable OSS server-side encryption, you can bring your own key (BYOK). The system supports keys imported from Key Management Service (KMS).
After OSS server-side encryption is enabled, the system uses the imported key to encrypt files uploaded to OSS by using a share directory. You can call the GetObject operation to check whether the specified file is encrypted. In the response header, if the x-oss-server-side-encryption field value is KMS and the x-oss-server-side-encryption-key-id field value is the key ID, the file is encrypted.
NoteThis feature is available only to selected users.
When you create a key in the KMS console, you must select the same region as the OSS bucket.
Bucket Name
Select an existing bucket.
Subdirectory
Specify a subdirectory of the bucket.
The subdirectory name can contain only letters and digits.
NoteFile gateways V1.0.38 and later allow you to map the root directory of a file system to a subdirectory of a bucket. This enables separate file access between users.
You can specify an existing subdirectory or a subdirectory that does not exist in the bucket. After you create a share, the specified subdirectory serves as the root directory, and stores all related files and directories.
Cache Use
Specifies whether to enable metadata disks. If you use metadata disks, data disks are separated from metadata disks, and metadata disks are used to store metadata of share directories.
If you select Yes, you must set the Metadata and Data parameters.
If you select No, you must set the Cache Disk parameter.
NoteThis feature is available only to selected users.
Ignore Deletion
During the data synchronization process, the OSS bucket ignores all delete operations. The backup stored in the OSS bucket contains all data.
Sync Latency
You can specify a synchronization latency to upload files that you have modified and closed. The Sync Latency feature avoids OSS file fragmentation caused by frequent on-premises modifications. The default value is 5 seconds and the maximum value is 120 seconds.
Write Speed Limit
Specify the maximum speed of writing data. Valid values: 0 to 1280. Unit: MB/s. Default value: 0, which indicates that the upload rate is not limited.
Upload Speed Limit
Specify the maximum speed of uploading data. Valid values: 0 to 1280. Unit: MB/s. Default value: 0, which indicates that the upload rate is not limited.
NoteWhen you customize the maximum write speed and upload speed, make sure that the maximum upload speed is not lower than the maximum write speed.
Fragmentation Optimization
Specifies whether to optimize the performance for applications that frequently and randomly read and write small amounts of data. You can enable this feature based on your needs.
Upload Optimization
This feature releases cache in real time. You can enable this feature if you synchronize only backups to the cloud.
AD and LDAP
Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) are standard application protocols used to query and change directory information. Select the AD or LDAP service that you want to join and configure the settings.
You can join an AD domain only after you complete the DNS settings.
You can join either an AD or LDAP domain.
The permissions of the current AD domain user, LDAP user, and on-premises user override each other and whichever configured last takes effect. After you join or leave an AD domain, or connect to or disconnect from an LDAP server, the user permissions configured in the CIFS share are automatically removed.
The AD feature supports 64-bit Windows Server 2016 Datacenter and Windows Server 2012 R2 Datacenter.
The LDAP feature supports 64-bit CentOS 7.4 with OpenLDAP 2.4.44.
Configure AD settings
Configure the DNS server.
In the on-premises console of file gateways, click About.
In the Network Configuration section, click Update DNS.
In the Update DNS dialog box, enter the IP addresses of DNS servers. Click OK.
In the DNS server field, specify the IP address of the AD server to resolve the AD domain name.
Join an AD domain.
Choose .
In the Windows AD section, click Join AD.
In the Join AD dialog box, set the following parameters. Click OK.
Server IP Address: Enter the IP address of the AD server.
Username: Enter the username of the administrator.
Password: Enter the password of the administrator.
After the connection is established, the status of Connected under Windows Active Directory (AD) changes to Yes.
NoteAfter you join the AD domain, the on-premises user permissions configured in the SMB share are removed.
CSG does not support multiple AD domains for a gateway. For example, you can configure either a parent domain or a child domain for a gateway.
Configure LDAP
In the on-premises console of file gateways, choose .
In the LDAP section, click Join LDAP.
In the Connect LDAP Server dialog box, configure the following parameters and click OK.
Server IP Address: Enter the IP address of the LDAP server, which is the directory system agent.
TLS Support: Specify the method used by the system to communicate with the LDAP server.
Base DN: Specify the LDAP domain, for example, dc=iftdomain or dc=ift.local.
Root DN: Specify the root DN, for example, cn=admin, dc=iftdomain, or dc=ift.local.
Password: Enter the password of the root directory.
After the connection is established, the status of Connected under Lightweight Directory Access Protocol (LDAP) becomes Yes.
NoteAfter you join the LDAP domain, the on-premises user permissions configured in the SMB share are removed.
Add an SMB user
If you have not joined a domain, you can create an SMB user to access Cloud Storage Gateway.
If you have joined an AD domain, you can view all AD users on the SMB Users page.
If you have joined an LDAP domain, you can view all LDAP users that have a Samba password on the SMB Users page.
If you have joined an LDAP domain but have not configured a Samba password, click Create to add a Samba password for the LDAP users on the SMB user page.
We recommend that you specify the same password for both Samba and LDAP.
In the on-premises console of file gateways, choose .
Click Create.
In the Add SMB User dialog box, set the name and password.
Click OK.
What to do next
On the SMB page, you can also perform the following operations.
Operation | Description |
Disable an SMB share | On the SMB page, you can disable the toggle on the upper-left side of the page to disable NFS sharing. If you want to disable a single SMB share, you can use the following method. On the SMB page, find the NFS share. Click Settings and set Enable to No. |
Delete an SMB share | On the SMB Shares tab, find the SMB share, and click Delete. Note After the SMB share is deleted, the Windows mount point or mapped network drive immediately becomes ineffective. |
Modify an SMB share | On the SMB Shares tab, find the SMB share, and click Settings or Advanced Settings. |
Cache Refresh | On the SMB Shares tab, find the SMB share, and click Cache Refresh. |
Delete an SMB user | On the SMB Shares tab, find the SMB user, and click Delete. |
Disable a connection | On the AD/LDAP tab, click End Connection. |