All Products
Search

This Product

    Cloud Storage Gateway:Manage SMB shares

    Document Center

    Cloud Storage Gateway:Manage SMB shares

    Last Updated:Jan 17, 2025

    This topic describes how to manage Server Message Block (SMB) shares in the on-premises file gateway console. You can create, delete, disable, and modify SMB shares. You can also configure AD or LDAP and add SMB users.

    Prerequisites

    1. A cache disk is attached to the gateway. For more information, see Add a cache disk.

    2. A cloud resource is bound. For more information, see Bind a cloud resource.

    Background information

    SMB is a network protocol that facilitates network communication between servers and clients or between network nodes. You can use this protocol to share files. SMB requires both a client and a server.

    Cloud Storage Gateway (CSG) acts as an SMB server and provides the file sharing service. When you access CSG from a Windows-based client, CSG receives a request from the client and returns a response.

    To use the SMB service, you must configure a share in the CSG console, create an SMB user, and specify user permissions.

    Create an SMB share

    1. Open your browser, enter https://<IP address of the file gateway> in the address bar, and then press Enter.

    2. In the dialog box that appears, enter your username and password, and then click OK.

    3. In the left-side navigation pane, click SMB. On the SMB Shares tab, click Create in the upper-right corner.

    4. In the Create SMB Share dialog box, set the following parameters.

      Parameter

      Description

      Share Name

      The name of the SMB share.

      Read-only Users

      The users who have read-only access to the SMB share.

      Read/write Users

      The users who have read and write access to the SMB share.

      Enabled

      Specify whether to enable SMB sharing.

      If you do not want to enable SMB sharing, select No to disable SMB sharing.

      Discoverable

      Specify whether the SMB share can be discovered by network neighbors.

      Data Access Mode

      Select a mode for the share. You can select Replication Mode or Cache mode.

      • Replication Mode: In this mode, two backups are created for all data. One backup is stored in the on-premises cache disk and the other backup is stored in the associated OSS bucket.

      • Cache Mode: In this mode, the on-premises cache disk stores only metadata and the user data that is frequently accessed. The bucket stores full data.

      Enable Reverse Sync

      Specify whether to synchronize metadata of objects in the OSS bucket to the on-premises cache disk. This feature is suitable for disaster recovery, data restoration, and data sharing.

      Note

      During a reverse synchronization process, the system scans all objects in the bucket. If the bucket contains a large number of objects, you are charged for calling the OSS API. For more information, see Pricing of OSS.

      Encryption Type

      Select whether to use encryption. You can select No Encryption or Server Side Encryption.

      If you select Server Side Encryption, you must set the CMK ID parameter. You can create a key in the Key Management Service (KMS). For more information, see Create a CMK.

      If you enable the OSS server-side encryption feature, you can bring your own key (BYOK). You can use keys that are imported from KMS.

      After you enable server-side encryption, files that are uploaded to OSS from the share are encrypted by using KMS-managed keys. You can call the GetObject operation to check whether the specified object is encrypted. If the value of the x-oss-server-side-encryption field is KMS and the value of the x-oss-server-side-encryption-key-id field is the key ID, the file is encrypted.

      Note

      • Only the users on the whitelist can use this feature.

      • When you create a CMK in the KMS console, you must select the region in which the OSS bucket resides.

      Bucket Name

      Select an existing bucket that you want to associate with the share.

      Path Prefix

      Enter a subdirectory of the bucket.

      The name of a subdirectory can contain only letters and digits.

      Note

      Starting from V1.0.38, you can map the root directory of a file system to a subdirectory of the bucket. This way, you can isolate file access requests.

      You can specify an existing subdirectory or a new subdirectory. After you create a share, the specified subdirectory serves as the root directory. All the related files and directories are stored in the root directory.

      Use Metadata

      Select whether to use metadata disks. If you use metadata disks, data disks are separated from metadata disks, and metadata disks are used to store the metadata of data in the share.

      • If you select Yes, you must set the Metadata and Data parameters.

      • If you select No, you must set the Cache Disk Path parameter.

      Note

      Only users on the whitelist can use this feature.

      Ignore delete

      If you select Yes, the data that is deleted from the on-premises cache disk is not deleted from the OSS bucket. The bucket stores full data.

      Sync Delay

      Specify a period of time to delay the upload of files. This setting prevents frequent on-premises modifications from creating a large number of fragments in OSS. Default value: 5. Maximum value: 120. Unit: seconds.

      Max Write Speed

      Specify the maximum write speed. Valid values: 0 to 1280. Unit: MB/s. The default value 0 indicates that the write speed is unlimited.

      Max Upload Speed

      Specify the maximum upload speed. Valid values: 0 to 1280. Unit: MB/s. The default value 0 indicates that the upload speed is unlimited.

      Note

      When you limit the write speed and upload speed, make sure that the upload speed limit is not smaller than the write speed limit.

      Optimize Fragments

      Specify whether to optimize the performance for applications that frequently and randomly read and write small amounts of data.

      Fast Cache Reclaim

      If you select Yes, cached data is cleared in real time. This feature is suitable for cloud backup scenarios.

    AD and LDAP

    Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) are standard application protocols used to query and modify data within a directory. You can join and configure an AD or LDAP service based on your business requirements.

    • You can join an AD domain only after you complete the DNS settings.

    • You can add a gateway to either an AD or LDAP domain, but not both.

    • The permissions of the current AD domain user, LDAP user, and on-premises user override each other and whichever configured last takes effect. After you join or leave an AD domain, or connect to or disconnect from an LDAP server, existing user permissions configured in the Common Internet File System (CIFS) share are automatically removed.

    • The AD feature supports 64-bit Windows Server 2016 Datacenter and Windows Server 2012 R2 Datacenter.

    • The LDAP feature supports 64-bit CentOS 7.4 with OpenLDAP 2.4.44.

    Configure AD

    1. Configure the DNS server.

      1. In the left-side navigation pane of the on-premises gateway console, click About.

      2. In the Network Configuration section, click Update DNS.

      3. In the Update DNS dialog box, enter the IP addresses of DNS servers, and click OK.

        In the DNS server field, specify the IP address of the AD server to resolve the AD domain name.

    2. Join an AD domain.

      1. In the left-side navigation pane, click SMB. On the page that appears, click AD/LDAP.

      2. In the Windows AD section, click Join AD.

      3. In the Join AD dialog box, configure the following parameters and click OK.

        • Server IP: Enter the IP address of the AD server.

        • Username: Enter the username of the administrator.

        • Password: Enter the password of the administrator.

        After the connection is established, the Connected parameter in the Windows Active Directory (AD) section changes to Yes.

        Note

        • After you join the AD domain, the local user permissions configured for the SMB share are removed.

        • CSG does not support multiple AD domains for a gateway. For example, you can configure either a parent domain or a child domain for a gateway, but not both.

    Configure LDAP

    1. In the left-side navigation pane of the on-premises gateway console, click SMB. On the page that appears, click AD/LDAP.

    2. In the LDAP section, click Connect.

    3. In the Connect LDAP dialog box, configure the following parameters and click OK.

      • Server IP: Enter the IP address of the LDAP server, which is the directory system agent.

      • Support TLS: Specify whether to use TLS to communicate with the LDAP server.

      • Base DN: Specify the LDAP domain, for example, dc=iftdomain or dc=ift.local.

      • Root DN: Specify the root DN, for example, cn=admin, dc=iftdomain, or dc=ift.local.

      • Password: Enter the password of the root directory.

      After the connection is established, the Connected parameter in the LDAP becomes Yes.

      Note

      After you join the LDAP domain, the on-premises user permissions configured in the SMB share are removed.

    Add an SMB user

    If you have not joined a domain, you can create an SMB user to access the gateway.

    • If you have joined an AD domain, you can view all AD users on the SMB Users tab.

    • If you have joined an LDAP domain, you can view all LDAP users that have a Samba password on the SMB Users tab.

    • If you have joined an LDAP domain but have not configured a Samba password, click Create to add a Samba password for the LDAP users on the SMB Users tab.

      We recommend that you specify the same password for both Samba and LDAP.

    1. In the left-side navigation pane of the on-premises gateway console, click SMB. On the page that appears, click SMB Users.

    2. Click Create.

    3. In the Add SMB User dialog box, set the name and password.

    4. Click OK.

    Related operations

    On the SMB page, you can also perform the following operations.

    Operation

    Procedure

    Disable SMB shares

    On the SMB page, you can turn off the toggle on the upper-left side of the page to disable all NFS shares of the gateway.

    If you want to disable a single SMB share, you can use the following method.

    On the SMB page, find the NFS share. Click Settings and set Enabled to No.

    Delete an SMB share

    On the SMB Shares tab, find the SMB share, and click Delete.

    Warning

    • After the SMB share is deleted, the Windows mount point or mapped network drive immediately becomes ineffective.

    • Deleting shares will interrupt your business activities and data synchronization tasks. Exercise caution when performing this action.

    Modify an SMB share

    On the SMB Shares tab, find the SMB share, and click Settings or Advanced Settings to modify share settings.

    Refresh cache

    On the SMB Shares tab, find the SMB share, and click Cache Refresh.

    Delete an SMB user

    On the SMB Shares tab, find the SMB user, and click Delete.

    Close the connection.

    On the AD/LDAP tab, click Disconnect.

    What to do next

    Access an SMB share