All Products
Search

This Product

    File Storage NAS:Access points

    Document Center

    File Storage NAS:Access points

    Last Updated:Dec 16, 2024

    Access points are provided by File Storage NAS (NAS) for different applications and users to access General-purpose Network File System (NFS) file systems. This access method allows you to easily manage the access of different applications and users to datasets. You can create multiple access points for a NAS file system, configure different Resource Access Management (RAM) policies for the access points, and apply the access points to different services. This reduces the complexity of permission management for multiple services to access shared datasets.

    Background information

    In container computing scenarios, NAS serves as the default storage supported by the Container Storage Interface (CSI) plug-in and as the default persistent storage for container pods in daily production. Developers and users of container applications perform read and write operations on persistent storage based on persistent volumes (PVs). They do not focus on the namespaces and directory structures of traditional file systems. NAS creates different access points for different users or applications based on specific requirements. This way, you can declare that the access points are used for PVs in container environments. Access points can be used to divide the directories of a NAS file system into independent namespaces. Different users or services (differentiated by RAM identities) can be mounted on their respective directories based on access points. This implements directory-based tenant isolation.

    Benefits

    • Directory-based tenant isolation

      Access points can be used to limit the accessible namespaces for users to the directories of a NAS file system. This way, data can be shared in a file system and managed in a centralized manner. In addition, quotas can be used to control service usage.

    • Easy permission management

      • Access points support RAM-based permission management. You can configure different RAM policies and grant permissions to different RAM users or roles.

      • You can associate Portable Operating System Interface (POSIX) user information with access points to access a file system. This way, you can use centralized POSIX information to read and write data, eliminating the impacts caused by the differences between Elastic Compute Service (ECS) instances and between processes and simplifying Linux-native POSIX permission management.

    Limits

    • File systems

      Only General-purpose NFS file systems support access points.

    • Mounting methods

      ECS instances must use NFS-based encryption in transit to mount NAS access points. Unencrypted mounting of access points is not supported.

    • Specifications

      A single General-purpose NFS file system allows you to create up to 1,000 access points in two vSwitches.

      Note

      An access point can be accessed by ECS instances that belong to different vSwitches in the same virtual private cloud (VPC). We recommend that you create multiple access points in the same vSwitch by default. We recommend that you select a vSwitch that resides in the same zone as the NAS file system to achieve optimal performance.

    • Operating systems

      Only the Linux operating systems listed in the following table can access General-purpose NFS file systems by using access points.

      Operating system

      Version

      Alibaba Cloud Linux

      • Alibaba Cloud Linux 2.1903 64-bit

      • Alibaba Cloud Linux 3.2104 LTS 64-bit

      Red Hat

      • Red Hat Enterprise Linux 7.x 64-bit

      • Red Hat Enterprise Linux 8.x 64-bit

      CentOS

      • CentOS 7.x 64-bit

      • CentOS 8.x 64-bit

      Ubuntu

      • Ubuntu 16.04 64-bit

      • Ubuntu 18.04 64-bit

      • Ubuntu 20.04 64-bit

      Debian

      • Debian 9.x 64-bit

      • Debian 10.x 64-bit

    Performance description

    If you mount a NAS file system by using an access point, the file system is accessed over NFS with encryption in transit enabled. Compared with mounting a NAS file system by using a mount target, mounting a NAS file system by using an access point can increase the access latency by about 10% and decrease the IOPS by about 30%.

    Supported regions

    • China (Chengdu)

    • Philippines (Manila)

    • China (Hangzhou)

    • China (Shanghai)

    • China (Shenzhen)

    • China (Heyuan)

    • China (Guangzhou)

    • China (Qingdao)

    • China (Beijing)

    • China (Zhangjiakou)

    • China (Hohhot)

    • China (Ulanqab)

    • China (Hong Kong)

    • Singapore

    • UK (London)

    • SAU (Riyadh - Partner Region)

    • South Korea (Seoul)

    • US (Virginia)

    • US (Silicon Valley)

    • Indonesia (Jakarta)

    • Germany (Frankfurt)

    • Japan (Tokyo)

    • Thailand (Bangkok)

    • Malaysia (Kuala Lumpur)

    Procedure

    1. Create a file system. For more information, see Create a file system.

    2. Create an access point. For more information, see Create an access point.

    3. Optional. Configure a RAM policy for the access point. For more information, see (Optional) Configure a policy for the access point.

    4. Mount and access the file system. For more information, see Use an access point to access a file system on Linux.