Nasuni Filer Administration Guide
Nasuni Filer
Administration Guide
Version 8.0
March 2018
Last modified: March 27, 2018
© 2018 Nasuni Corporation
All Rights Reserved
Document Information
Nasuni Filer Administration Guide
Version 8.0
March 2018
Copyright
Copyright © 2010-2018 Nasuni Corporation. All rights reserved.
Notice
The Information in this document is subject to change without notice and does not
represent a commitment on the part of Nasuni Corporation (“Nasuni”). The software and
services described in this document are furnished under terms and conditions found at
www.nasuni.com/legal. The software and services may be used only in accordance with
such terms. These terms are subject to change from time to time, so you should check our
website from time to time for the latest terms. This document contains the confidential and
proprietary information of Nasuni and may not be used or disclosed to any third party
except as specifically set forth in such terms and conditions and any confidentiality
agreement in place with Nasuni. No part of this manual may be reproduced in any form or
by any means, electronic or mechanical, including photocopying and recording, without
the express written permission of Nasuni. Licensed users may contact Nasuni for access
to additional copies.
Although Nasuni has attempted to ensure the accuracy of the content of this document, it
is possible that this document might contain technical inaccuracies, typos or other errors.
Nasuni assumes no liability for any error in this document and disclaims all damages that
might arise from the use of this document, whether direct, indirect, incidental,
consequential or otherwise, including, but not limited to loss of data or profits. Nasuni
provides this publication “as is” without warranty of any kind, either express or implied,
including, but not limited to implied warranties of merchantability or fitness for a particular
purpose.
Trademarks
NASUNI, the NASUNI logo, and UNIFS are registered trademarks and/or service marks of Nasuni Corporation. All other
marks are the property of their respective owners.
Contacting Nasuni Corporation
Nasuni Corporation
One Marina Park Drive
Boston, MA 02210
Telephone: 1-857-444-8500
Sales: 1-800-208-3418
http://www.nasuni.com
Email: info@nasuni.com
Technical Support
Telephone: 1-888-6NASUNI (888-662-7864)
Email: support@nasuni.com
Technical Support is available 24/7/365 for full production
customers.
Contents
Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .iii
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xiii
Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xiii
What’s in this Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xiii
Text Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xiv
Product Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
Electronic Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
Release Notes for Nasuni Documentation Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xvi
Chapter 1: Introducing the Nasuni Filer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Nasuni NAS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Nasuni Filer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Nasuni Management Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Key Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
About File Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
About the Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Cache Capacity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Initial, Recommended, and Minimum Memory . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Trial Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Chapter 2: Starting Out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Starting with the Nasuni Filer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Installing the Nasuni Filer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Creating new volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Managing the Nasuni Filer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Managing data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Providing data access to users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Sharing data between Nasuni Filers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Nasuni Filer Administration Guide 8.0
iii
Contents
Adding data to volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Protecting data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Managing volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Handling encryption keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Role-based access control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
SSL certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Antivirus protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Firewall protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Changing performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Alternatives for configuring your Nasuni Filer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Configuring your Nasuni Filer using the Nasuni Filer user interface . . . . . . . . . . 17
Configuring your Nasuni Filer using either the user interface or the NMC . . . . . 18
Configuring the Nasuni Management Console . . . . . . . . . . . . . . . . . . . . . . . . . 21
Chapter 3: Login Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Logging in to the Nasuni Filer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Resetting Administrative Account (Forgot Password) . . . . . . . . . . . . . . . . . . . . . . . 24
Navigation Bar on Login Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Power . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Chapter 4: Common Screen Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Nasuni Corporate Web Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Status Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Username . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Name of the Nasuni Filer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Nasuni Filer Version and Base Operating System Version . . . . . . . . . . . . . . . . . 27
Navigation Bar Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Viewing Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Viewing the Nasuni Filer Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Viewing the Nasuni Filer Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Shutting Down and Rebooting the Nasuni Filer . . . . . . . . . . . . . . . . . . . . . . . . . 31
Logging Out of the Nasuni Filer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Changing User Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Pop-up Software Update Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Nasuni Management Console message and notice . . . . . . . . . . . . . . . . . . . . . . . . . 35
Nasuni Filer Administration Guide 8.0
iv
Contents
Chapter 5: Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Data Growth Chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
New Data in Cache Chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Network Activity Charts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Migration Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Snapshot Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Local Cache Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Quality of Service (inbound and outbound bandwidth limit) . . . . . . . . . . . . . . . . . . 43
Volume Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Local Time Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Chapter 6: Volumes Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Viewing Local and Remote Volume Information . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Local Volume Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Remote Volume Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Managing Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Adding a Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Connecting to a Remote Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Take a Snapshot Now . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Viewing Volume Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Volume properties page for CIFS and NFS volumes and FTP directories . . . . . 62
Volume properties page for iSCSI volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Data Growth Chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Changing Volume Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Renaming a Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Changing iSCSI Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Changing the Volume Quota . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Directory Quotas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
File Alert Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Antivirus Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
File System Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Encryption Key Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Safe Delete of volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Cloud I/O . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Remote Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Enabling or Disabling Auto Cache for Volumes . . . . . . . . . . . . . . . . . . . . . . . . 105
Snapshot Scheduling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Sync Scheduling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Nasuni Filer Administration Guide 8.0
v
Contents
Snapshot Directory Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Snapshot Retention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Prioritized Snapshot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Pinned Folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Auto Caching Folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Deleting a Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
CIFS Shares, NFS Exports, and FTP Directories . . . . . . . . . . . . . . . . . . . . . . . 124
FTP Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Multiple Volume Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Chapter 7: Managing Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Adding Data to Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Accessing volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Adding data to a volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Accessing Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Folder and file access permissions in Windows . . . . . . . . . . . . . . . . . . . . . . . 165
Folder and file access permissions in UNIX and Linux . . . . . . . . . . . . . . . . . . 166
Accessing data using the FTP/SFTP protocol . . . . . . . . . . . . . . . . . . . . . . . . . 167
Mapping a Windows network drive to a CIFS share . . . . . . . . . . . . . . . . . . . . 169
Accessing an iSCSI volume in Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Mounting a CIFS share in Linux or UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Defining NFS datastores using VMware client . . . . . . . . . . . . . . . . . . . . . . . . . 175
Mounting an NFS export in Linux or UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Web Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Nasuni Mobile Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Folder-Level Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
File Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
File Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Folder-Level Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Administrative Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Nasuni Desktop Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Chapter 8: Remote Access Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Enabling Remote Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Viewing Remote and Local Volume Connections . . . . . . . . . . . . . . . . . . . . . . . . . 205
Connecting to a Remote Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Configuring a Sync Schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Synchronization (Merge) Conflicts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Nasuni Filer Administration Guide 8.0
vi
Contents
Synchronization (Merge) Conflict Log File . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Synchronization (Merge) Conflict Messages . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Name of Conflicting File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
Disconnecting from a Remote Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
Chapter 9: File Browser Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
What is a Snapshot? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
File System Browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Selecting Volume, Folder, or Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Actions with Selected Volume, Folder, or Files . . . . . . . . . . . . . . . . . . . . . . . . 220
Global File Locking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
Restoring Volume, Folder, or Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
Using Snapshot Directory Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
Accessing CIFS and NFS Snapshot Directories using Windows . . . . . . . . . . . 232
Accessing CIFS and NFS Snapshot Directories using UNIX . . . . . . . . . . . . . . 234
Accessing Files in Snapshot Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Restoring a File or a Folder from a Snapshot Directory . . . . . . . . . . . . . . . . . . 236
Chapter 10: Services Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Data Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
Configuring a CIFS Migration Source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Configuring an NFS Migration Source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Configuring a CIFS Data Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
Configuring an NFS Data Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Editing a Data Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Scheduling a Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Viewing migration information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
Rerunning a Migration Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
Disconnecting from (deleting) a Migration Source . . . . . . . . . . . . . . . . . . . . . . 265
Deleting a Migration Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
Viewing a Migration Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
Side Load . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
Starting the Side Load process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Viewing and controlling the Side Load process . . . . . . . . . . . . . . . . . . . . . . . . 270
Nasuni Sync and Mobile Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Mobile Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Desktop Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
Nasuni Management Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
Nasuni Filer Administration Guide 8.0
vii
Contents
Remote Support Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
Sending Diagnostics to Nasuni . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
Chapter 11: Configuration Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
Email Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
Nasuni Filer Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
HTTPS Proxy Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
Network Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
About Traffic Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
Configuring Network Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
Quality of Service Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
Adding a Quality of Service rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Changing a Quality of Service rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
Deleting a Quality of Service Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
Filer Time Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
FTP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
Configuring FTP settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
General CIFS Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
Configuring CIFS settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
Joining a Nasuni Filer to a domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
Directory Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
Viewing information about Directory Services already configured . . . . . . . . . . 325
Editing LDAP Directory Services domain settings . . . . . . . . . . . . . . . . . . . . . . 327
Updating the Kerberos keytab file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
Editing Active Directory domain settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330
Editing Active Directory general settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
Resyncing Active Directory domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
Deleting Active Directory domain configuration . . . . . . . . . . . . . . . . . . . . . . . . 333
Domain Settings (for Nasuni Filers running versions before 7.8) . . . . . . . . . . . . . . 335
Joining a Nasuni Filer (that has not previously joined any domain) to a domain (for Nasuni Filers
running versions before 7.8) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336
Joining the Nasuni Filer to an Active Directory domain (for Nasuni Filers running versions
before 7.8) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336
Viewing Active Directory domains (for Nasuni Filers running versions before 7.8) 337
Allowing Active Directory domains to access the Nasuni Filer (for Nasuni Filers running
versions before 7.8) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338
Leaving an Active Directory domain (for Nasuni Filers running versions before 7.8) 339
API Access Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
API Access key for the Nasuni VSS Hardware Provider . . . . . . . . . . . . . . . . . 340
Nasuni Filer Administration Guide 8.0
viii
Contents
API Access key for external auditing using Varonis . . . . . . . . . . . . . . . . . . . . . 340
Central Configuration Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
Encryption Key Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
Viewing information about encryption keys . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Adding (Importing or Uploading) Encryption Keys . . . . . . . . . . . . . . . . . . . . . . 348
Downloading (Exporting) Generated Encryption Keys . . . . . . . . . . . . . . . . . . . 349
Escrowing Encryption Keys with Nasuni . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
Deleting Encryption Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352
Backup Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353
Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
Quota Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358
Viewing quota report configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359
Adding a new quota report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359
Sending a quota report (capacity report) now . . . . . . . . . . . . . . . . . . . . . . . . . 361
Changing an existing quota report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361
Deleting a quota report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361
SSL Server and Client Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362
Viewing SSL CA-signed server certificates or self-signed server certificate . . 363
Generating SSL CA-signed Certificates or a Self-Signed Certificate . . . . . . . . 365
Copying Existing SSL Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368
Uploading SSL Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
Replacing SSL Certificates or SSL Certificate Chains . . . . . . . . . . . . . . . . . . . 372
Setting SSL Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374
Saving SSL Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375
Deleting SSL Certificates or Certificate Requests . . . . . . . . . . . . . . . . . . . . . . 376
Resetting an SSL Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376
Viewing SSL certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377
Uploading SSL certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378
Deleting SSL certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379
Users and Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380
Viewing Permission Groups and Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381
Adding Permission Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383
Editing Permission Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388
Deleting Permission Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388
Adding Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389
Editing Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392
Deleting Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392
SNMP Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394
Nasuni Filer Administration Guide 8.0
ix
Contents
Web Access Branding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397
Automatic Software Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399
Cache Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400
Cloud Credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402
Global Locking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406
Changing User Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407
Chapter 12: Status Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408
Subscription Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409
Refreshing Subscription License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410
Software Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411
Cache Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413
Viewing or cancelling cache jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413
Unprotected Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414
Viewing unprotected files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414
Network Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416
Network Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416
Traffic Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418
Physical Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419
Network Activity Charts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420
Platform Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423
Viewing platform status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423
RAID Arrays (hardware appliances only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425
RAID Disks (hardware appliances only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426
Full Disk Encryption (FDE) (hardware appliances only) . . . . . . . . . . . . . . . . . . 427
CPU Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429
Memory Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 430
System Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431
CIFS Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433
CIFS Shares . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433
Resetting the CIFS Authentication Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435
Resetting All CIFS Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436
Disconnecting a Single CIFS Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437
iSCSI Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438
NFS Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440
FTP Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441
Viewing FTP directories and FTP clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441
Disconnecting FTP clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 442
Nasuni Filer Administration Guide 8.0
x
Contents
File Heuristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443
File Types in snapshots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444
File Sizes in snapshots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444
Chapter 13: Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445
Retaining Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445
Viewing Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446
Acknowledging Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 448
Downloading Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 448
Deleting Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449
Chapter 14: Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450
Side Load and Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450
Before Recovering Data with the Nasuni Filer . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451
Preparing the Original Source Nasuni Filer (if available) . . . . . . . . . . . . . . . . . . . . 452
Recovering Data with the Nasuni Filer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454
Performing the Side Load process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462
Other Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462
Appendix A: Nasuni Terms of Service
and License Agreement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463
Nasuni Corporation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463
Appendix B: Filtering Displays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464
Appendix C: DNS Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465
Configuring the DNS for Mobile Access or Desktop Sync . . . . . . . . . . . . . . . . . . . 465
Overview of configuring the DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465
A record type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465
SRV record type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466
TXT record type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467
PTR record type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467
Microsoft Windows DNS Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469
Using third-party DNS configuration software . . . . . . . . . . . . . . . . . . . . . . . . . 473
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473
Appendix D: Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474
Nasuni Filer and NMC Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474
Appendix E: Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 481
Nasuni Filer Administration Guide 8.0
xi
Contents
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495
Nasuni Filer Administration Guide 8.0
xii
Preface
Audience
This Administration Guide is intended for the IT administrator or person responsible for managing
Network Attached Storage (NAS) and Storage Area Networks (SAN) using the Nasuni Filer user
interface.
What’s in this Book
This guide contains the following chapters:
•
Chapter 1, “Introducing the Nasuni Filer,” on page 1 describes the major features and concepts
of the Nasuni Filer.
•
Chapter 2, “Starting Out,” on page 8 gives shortcuts to common tasks that users can perform
with the Nasuni Filer user interface.
•
Chapter 3, “Login Page,” on page 22 explains how to log in to the Nasuni Filer, reset the
account, and access online help.
•
Chapter 4, “Common Screen Elements,” on page 26 explains the user interface elements that
are common to all the pages, including status messages, online help, messages, and the
procedure for shutting down the Nasuni Filer.
•
Chapter 5, “Home Page,” on page 36 explains the features of the Home page, including viewing
details of Nasuni Filer status.
•
Chapter 6, “Volumes Page,” on page 45 explains how to add or delete a volume, view volume
details, modify volume properties, define CIFS shares and NFS exports and FTP/SFTP
directories, manage remote access, and configure snapshots.
•
Chapter 7, “Managing Data,” on page 163 explains how to add and access data on Windows,
Linux, and UNIX systems, including Web Access, Mobile Access, and Desktop Client.
•
Chapter 8, “Remote Access Overview,” on page 205 explains how to manage remote access,
including synchronization.
•
Chapter 9, “File Browser Page,” on page 211 explains how to select versions of files and folders
to download or restore from snapshots.
•
Chapter 10, “Services Page,” on page 237 explains how to configure data migration, enable
remote support, configure Desktop/Mobile Access, and place the Nasuni Filer under the
management of the Nasuni Management Console.
Nasuni Filer Administration Guide 8.0
xiii
Preface
What’s in this Book
•
Chapter 11, “Configuration Page,” on page 283 explains how to configure the network, the
Nasuni Filer description, CIFS settings, time, FTP/SFTP settings, email, security and encryption,
SSL certificates, firewall, Quality of Service, HTTPS proxy, Active Directory and LDAP domains,
quota settings, automatic updates, SNMP monitoring, cache, users and groups, passwords,
and account reset.
•
Chapter 12, “Status Page,” on page 408 explains the features for monitoring the status of
software, network, hardware, subscription, CIFS shares, NFS exports, FTP/SFTP directories,
iSCSI volumes, and file statistics.
•
Chapter 13, “Notifications,” on page 445 explains how to view messages about various
conditions in the Nasuni Filer.
•
Chapter 14, “Recovery,” on page 450 explains how to recover files and folders with the Nasuni
Filer in the event of a disaster or deliberate transition.
•
Appendix E, “Glossary,” on page 481 provides definitions of terms related to the Nasuni Filer.
•
Appendix A, “Nasuni Terms of Service and License Agreement,” on page 463 is the link to the
Nasuni Terms of Service and License Agreement.
Text Conventions
The following text conventions are used in this document:
Convention
Description
1. Number
Used to indicate a step in a task.
• Bullet
Used for items in a list without any particular order.
Bold
Used to give emphasis to a word. Also used for named
graphical elements.
Italics
Used to represent options or parameters.
Underline
Used for hyperlinks, such as links to Web sites.
Monospace
Used to indicate pathnames, filenames, folder names,
typed information, and code.
Nasuni Filer Administration Guide 8.0
xiv
Product Documentation
Electronic Publications
Extensive documentation is available for all aspects of installing, configuring, and operating the Nasuni
Filer. The latest version of each of the following documents is available in PDF format at
http://www.nasuni.com/support/documentation.
•
Hardware Getting Started Guide: For setting up the Nasuni Filer on the Nasuni Filer hardware
appliance.
To download this guide for the NF-60, visit:
http://info.nasuni.com/hubfs/Nasuni.com-assets/Support-Docs/
Nasuni_Filer_HW_GS_Guide_NF-60.pdf
To download this guide for the NF-200, visit:
http://info.nasuni.com/hubfs/Nasuni.com-assets/Support-Docs/
Nasuni_Filer_HW_GS_Guide_NF-200.pdf
To download this guide for the NF-400, visit:
http://info.nasuni.com/hubfs/Nasuni.com-assets/Support-Docs/
Nasuni_Filer_HW_GS_Guide_NF-400.pdf
To download this guide for the NF-440, visit:
http://info.nasuni.com/hubfs/Nasuni.com-assets/Support-Docs/
Nasuni_Filer_HW_GS_Guide_NF-440.pdf
To download this guide for the NF-600, visit:
http://info.nasuni.com/hubfs/Nasuni.com-assets/Support-Docs/
Nasuni_Filer_HW_GS_Guide_NF-600.pdf
•
Installing the Nasuni Filer on Virtual Platforms: For installing the Nasuni Filer on a virtual machine
within a corporate network. To download this guide, visit:
http://info.nasuni.com/hubfs/Nasuni.com-assets/Support-Docs/Installing-on-Virtual.pdf
•
Installing the Nasuni Filer on the Azure Platform: For installing the Nasuni Filer on the Microsoft
Azure cloud virtual machine. To download this guide, visit:
http://info.nasuni.com/hubfs/Nasuni.com-assets/Support-Docs/Installing-on-Azure.pdf
•
Installing the Nasuni Filer on the EC2 Platform: For installing the Nasuni Filer on the Amazon
EC2 cloud virtual machine. To download this guide, visit:
http://info.nasuni.com/hubfs/Nasuni.com-assets/Support-Docs/Installing-on-EC2.pdf
Nasuni Filer Administration Guide 8.0
xv
Release Notes for Nasuni Documentation Set
•
Initial Configuration Guide: For configuring and deploying the Nasuni Filer after the initial
installation on the hardware appliance or virtual machine. To download this guide, visit:
http://info.nasuni.com/hubfs/Nasuni.com-assets/Support-Docs/
Nasuni_Filer_Initial_Configuration_Guide.pdf
•
Administration Guide: For managing unified storage using the Nasuni Filer.
To download this guide, visit:
http://info.nasuni.com/hubfs/Nasuni.com-assets/Support-Docs/
Nasuni_Filer_Administration_Guide.pdf
•
Nasuni Management Console Guide: For managing multiple Nasuni Filers.
To download this guide, visit:
http://info.nasuni.com/hubfs/Nasuni.com-assets/Support-Docs/NMCGuide.pdf
•
Nasuni Management Console Quick Start Guide: To quickly get started using the Nasuni
Management Console to manage multiple Nasuni Filers. To download this guide, visit:
http://info.nasuni.com/hubfs/Nasuni.com-assets/Support-Docs/NMCQuickStartGuide.pdf
•
Using Multiple Protocols: Discusses scenarios requiring particular access to data, and how
different combinations of protocols can help provide the access that clients need.
To download this guide, visit:
http://info.nasuni.com/hubfs/Nasuni.com-assets/Support-Docs/UsingMultipleProtocols.pdf
•
Third-Party Licensing Guide: Listing of third-party software used in the Nasuni Filer.
To download this guide, visit:
http://info.nasuni.com/hubfs/Nasuni.com-assets/Support-Docs/Nasuni_Filer_ThirdParty_Licensing_Guide.pdf
Release Notes for Nasuni Documentation Set
Date (As Of)
Changes
2018-03-30
Added support for Varonis and other systems that use Advanced Message
Queuing Protocol (AMQP), in Administration Guide and NMC Guide.
Added explanations of Safe Delete feature, in Administration Guide and
NMC Guide.
Added a description of the NMC API, in NMC API.
Cautioned about deleting files deleted from folder that two different Nasuni
Filers have enabled Global Locking on, in Administration Guide.
Global Locking Guide. and NMC Guide.
Nasuni Filer Administration Guide 8.0
xvi
Release Notes for Nasuni Documentation Set
Date (As Of)
Changes
Clarified supported instance types, in Installing the Nasuni Filer on the EC2
Platform.
Added procedures for accessing software through Azure Marketplace, in
Configuring Customer-Provided Azure Tenant.
Updated screen shots and procedures for SSL certificates, in
Administration Guide.
Updated screen shot, in Configuring Customer-Provided Azure Tenant.
Fixed incorrect screen shot, in DFS Configuration Guide.
Added procedure for removing Revit Worksharing Monitor, in Revit
Configuration Guide.
2018-02-28
Added information about time to generate an encryption key, in Best
Practices Guide, Encryption Key Best Practices, NMC Guide,
Recovery Guide, and Administration Guide.
Added considerations about MTU on the EC2 platform, in Installing the
Nasuni Filer on the EC2 Platform.
Noted that enabling "Snapshot Directory Access" prevents directories from
being deleted, in NMC Guide, Administration Guide, and Best
Practices Guide.
Clarified behavior of Security indication when permission of remote volume
is set to Disabled, in NMC Guide.
Noted that you cannot create an internal link to folders created by using
the "%U" wildcard, in several documents.
Clarified the relative size of the COW disk, in Cache Configuration Guide
and Installing on Virtual.
Added tip on hard links with Linux and Mac OS X clients using global
locking with CIFS, in Administration Guide.
Updated default number of cores to 4, in Initial Configuration Guide and
Installing on Virtual.
Added tip on case-sensitive volumes and multiple volume protocols, in
Administration Guide.
Added tip on using Windows “net use” command, in Administration Guide
and Initial Configuration Guide.
Added details of the suggested usage, in Revit Configuration Guide.
Clarified how Auto Cache works, in Administration Guide and NMC Guide.
Specified that the user names for CIFS Administrative Users should not
have the leading domain, in Administration Guide.
Nasuni Filer Administration Guide 8.0
xvii
Release Notes for Nasuni Documentation Set
Date (As Of)
Changes
Added tip about Embedded Host Client for installing the Nasuni Filer into
VMware ESXi using the vSphere Web interface, in Installing on
Virtual.
Added description of backup keys, which enable recovery of Nasuni Filers
that don’t have owned volumes or snapshots, in Administration
Guide and Recovery Guide.
Updated procedure for installing Nasuni Filer and NMC on Microsoft Azure
platform, in Configuring Customer-Provided Azure Tenant for the
Nasuni Filer.
Added the Device ID and Logged In fields to the Mobile Licenses table, in
NMC Guide.
Added description of Prioritize Snapshot feature, in NMC Guide and
Administration Guide.
Created tip for error when installing to non-default location on Hyper-V, in
Installing on Virtual.
2017-11-15
Clarified when the file syncs occur related to Global Locking, in Cache
Configuration Guide, Best Practices Guide, Global Locking Guide,
and Administration Guide.
Clarified processing when a Nasuni Filer goes under the control of a Nasuni
Management Console, in NMC Guide and Administration Guide.
Added details about how certain types of loads can affect syncs, in NMC
Guide, Merge Conflicts Guide, and Administration Guide.
Warned that downloading large files from the NMC can take a long time, in
NMC Guide.
Added warning against saving encryption key files to volume, in Best
Practices Guide, NMC Guide, Recovery Guide, and Administration
Guide.
Updated copyright, trademark, disclaimer, and liability statements, in most
documents.
Updated maximum Azure disk size to 4,095 GiB, in Best Practices Guide,
Cache Configuration Guide, Initial Configuration Guide, Resizing
Cache Guide, Installing on Virtual Platforms, and Suggestions for
VM Installation.
2017-10-31
Added procedure for possible notification during snapshot or sync, in NMC
Guide and Administration Guide.
Added details about the Clam AntiVirus (ClamAV®) open-source antivirus
engine, in Best Practices Guide, NMC Guide, Third-Party Licensing
Guide, and Administration Guide.
Nasuni Filer Administration Guide 8.0
xviii
Release Notes for Nasuni Documentation Set
Date (As Of)
Changes
New screenshots, in Installing the Nasuni Filer on the EC2 Platform.
Added reminders to keep COW disk in proportion to cache disk when
changing the size of the cache disk, in Cache Configuration and
several other documents.
Selecting the “Secure transfer required” feature for an Azure Storage
account does not affect the operation of the Nasuni Filer, in
Configuring Customer-Provided Azure Storage for the Nasuni Filer
and Installing Nasuni Filer on Customer-Provided Azure Storage
Getting Started Guide.
Corrected the default number of cores for a Nasuni Filer, in Best Practices
Guide, Initial Configuration Guide, and Installing on Virtual Platforms.
Clarified the processing for recovery after resetting the administrative
account, in Recovery Guide, Administration Guide, and NMC Guide.
Clarified the prerequisites for performing the Side Load procedure, in
Recovery Guide, Administration Guide, and Side Load Guide.
Clarified the default outbound Quality of Service, in Best Practices Guide,
Cache Configuration Guide, Administration Guide, and NMC Guide.
Added material about enabling Auditing to help mitigate ransomware, in
Best Practices Guide, Administration Guide, and NMC Guide.
Clarified meaning of Restrict Anonymous setting for CIFS, in Administration
Guide and NMC Guide.
2017-09-29
Added material on Cloud I/O and Cloud Credentials, in Administration
Guide and NMC Guide.
Added discussion of chunk size and related topics, in Best Practices
Guide, Cache Configuration Guide, Administration Guide, and NMC
Guide.
Rewrote section on General CIFS Settings to clarify processing in different
situations, in Administration Guide and NMC Guide.
Added details about how long notifications are retained, in Administration
Guide and NMC Guide.
Added procedure for obtaining JSON format of shares configuration in
NMC, in NMC Guide.
Clarified use of DFS for failover, in DFS Configuration and Best Practices
Guide.
Reconciled the recovery procedures, in Administration Guide and Recovery
Guide.
Nasuni Filer Administration Guide 8.0
xix
Release Notes for Nasuni Documentation Set
Date (As Of)
Changes
Removed mentions of default volume and default CIFS share, in Best
Practices Guide, Best Practices Guide, and Administration Guide.
Clarified best use cases for Side Load procedure, in Side Load Feature.
Added warnings against restoring a virtual machine from a virtual machine
snapshot or backup, in Cache Configuration Guide and Installing on
Virtual Platforms.
Added information about how permissions affect the ability to download
files, in Administration Guide and NMC Guide.
Added procedure for SMB3 encryption, in Administration Guide, Security
Features, and NMC Guide.
Added instructions for “Snapshot ran out of internal space” error, in
Administration Guide and Best Practices Guide.
Updated the supported Cleversafe/IBM Cloud Object Storage version to
3.8.3.
Added details of auditing becoming disabled if Varonis or AMQP
destinations are removed, in Administration Guide and NMC Guide.
Added details of the use of encryption keys with remote volumes, in
Encryption Key Best Practices.
Added details of auditing output types, including Varonis, AMQP, and local
CSV, in NMC Guide.
Clarified details of NTFS Exclusive Mode and NTFS Compatible Mode, in
Administration Guide and others.
2017-08-31
Formatting and pagination, in Data API doc.
Added Varonis integration, in Administration Guide and NMC Guide.
Clarified NMC procedure for changing SMB protocol.
Added procedure for installing NMC using Azure Resource Manager, in
Installing the Nasuni Filer on the Azure Platform.
Clarified that displayed size might differ from external size indications, in
Administration Guide and other documents.
Clarified the distinction between “private cloud”, “customer-controlled
public cloud”, “BYOC”, and “public cloud” in many docs. Changed
name of Private-Cloud-Getting-Started-Guide-Azure to GS-Guidefor-Azure-BYOC.
Added link to NASUNI-FILER-MIB for SNMP support, in Administration
Guide.
Nasuni Filer Administration Guide 8.0
xx
Release Notes for Nasuni Documentation Set
Date (As Of)
Changes
Added NTFS Exclusive Mode to available permissions for volume, in
Administration Guide and other documents.
Created Upgrading Nasuni Filers to Use Case-Insensitive Volumes
procedure.
Clarified that changes to the Snapshot Retention setting go into effect
when the next snapshot occurs, and that it is normal to temporarily
see more snapshots than the Snapshot Retention setting would
suggest, in Administration Guide and NMC Guide.
Added detailed instructions in volume creation procedures about preferring
case-insensitive CIFS volumes, in Administration Guide, Best
Practices Guide, and Worksheets for Configuring NMC, Nasuni
Filers, Volumes, and Shares.
Added best practices for handling historical SIDs before adding data, in
Administration Guide, Best Practices Guide, and NMC Guide.
Removed references to fsck, since it is unnecessary with OS7, in
Administration Guide, NMC Guide, Recovery Guide, Installing on
Virtual.
Nasuni Filer Administration Guide 8.0
xxi
Chapter 1: Introducing the Nasuni Filer
Nasuni NAS
Nasuni delivers an advanced storage solution using a cloud infrastructure. The core technology is a
next-generation storage controller – the Nasuni Filer – that offers the security and performance of
traditional storage, while adding unlimited scalability, automatic offsite protection, and global multi-site
access to files. The Nasuni system is managed through a single, small-footprint point of control within
the enterprise’s data center.
The Nasuni Filer is an on-premises storage device supporting NFS, CIFS, FTP/SFTP, iSCSI, and HTTP/
REST protocols. The Nasuni Filer is fully integrated with Active Directory, LDAP, Distributed File System
(DFS), and Windows Previous Versions. It includes a high-performance cache and takes periodic
snapshots that enable file-level restores. Its reach and capacity far exceed those of a traditional
controller, however, because it does not rely only on memory and local disk to manage its data: it has
the entire capacity of the cloud at its disposal. All data is deduplicated, compressed, and encrypted
before storage.
Several choices are available for the back-end cloud storage component, including the following:
•
Your own public cloud service from Microsoft Azure Blob Storage or Amazon AWS S3.
•
Private cloud products, including Cleversafe, IBM Cloud Object Storage, EMC ViPR/ECS, and
EMC Atmos.
The choices for the back-end cloud storage component are part of each customer license. Each
volume has only one back-end cloud storage component.
Multi-site access enables organizations with several locations to work on a single set of shared data.
Nasuni’s architecture allows multiple storage controllers to have live access to the same volume of
data. Organizations benefit by having a simple, safe, and secure way to share data across any number
of sites. Nasuni’s multi-site access enables capabilities that include:
•
Secure data distribution to remote office/branch office (ROBO).
•
Remote offices forwarding data to a central point.
•
Two-way synchronized read-write.
Multi-site access does away with cumbersome replication schemes and slow WAN optimizers.
Nasuni Filer Administration Guide 8.0
1
Introducing the Nasuni Filer
Nasuni Filer
Nasuni Filer
Nasuni’s NAS is delivered through the Nasuni Filer, a storage controller that runs in your data center
and provides primary storage with built-in backup, offsite protection, and multi-site access. With your
Nasuni Filer, you manage your volumes and performance using the Web-based Nasuni Filer user
interface.
The Nasuni Filer is available as a virtual appliance, as a hardware appliance, and as a Microsoft Azure
and Amazon EC2 virtual appliance.
Nasuni Management Console
The Nasuni Management Console enables you to monitor and manage many Nasuni Filers from one
central appliance. Using the Nasuni Management Console, you can view the status of all of your
managed Nasuni Filers, as well as configure their settings. Using the Nasuni Management Console, you
can ensure consistent settings on all your Nasuni Filers.
Note: If a Nasuni Filer loses internet connectivity with the Nasuni Management Console, the
Nasuni Filer can still leave the Nasuni Management Console.
Nasuni Filer Administration Guide 8.0
2
Introducing the Nasuni Filer
Key Terms
Key Terms
The following terms are helpful in understanding the Nasuni Filer:
•
Nasuni Filer: The storage controller in your data center that integrates with your infrastructure
via CIFS, NFS, iSCSI, FTP/SFTP, or HTTPS/REST protocols. The Nasuni Filer can be mapped
as a network drive.
•
Nasuni Filer user interface: The Web-based graphical user interface with which you configure
and manage the Nasuni Filer. The Nasuni Filer user interface is accessible with supported Web
browsers including Mozilla Firefox, Internet Explorer, Safari, and Google Chrome.
•
Nasuni Management Console (NMC): The Web-accessible appliance with which you can
configure and manage multiple Nasuni Filers. The Nasuni Management Console is accessible
with supported Web browsers including Mozilla Firefox, Internet Explorer, Apple Safari, and
Google Chrome.
•
Cloud storage: Internet-based, highly protected, unlimited storage.
•
Volume: A set of files and directories (CIFS, NFS, and FTP/SFTP) or blocks of data (iSCSI).
•
Share/export: An access point to a folder on a volume that can be shared or exported on your
network. Access to a CIFS share can be customized on a user-level or group-level basis. You
can create many shares or exports on a volume, for different purposes or audiences.
•
Cache: The local storage of the Nasuni Filer. All data and metadata that is accessed regularly is
kept locally in the cache. If requested data is not locally resident, it is staged into the cache and
provided for the request.
•
Snapshot: A snapshot is a complete picture of your volume at a specific point in time.
Snapshots offer data protection by enabling you to recover data deleted in error or to restore an
entire file system. After a snapshot has been taken and is sent to cloud storage, it is not
possible to modify that snapshot.
Also, see “Glossary” on page 481.
Terminology
The following terminology is useful in understanding Nasuni technology:
•
Accessing data from Windows: See “Network Drives”, including “Mapping a Windows
network drive to a CIFS share” on page 169, “Accessing an iSCSI volume in Windows” on
page 170, and “Web Access” on page 177.
•
Accessing data from Linux and UNIX: See “Network Drives”, including “Mounting a CIFS
share in Linux or UNIX” on page 173, “Mounting an NFS export in Linux or UNIX” on page 176,
and “Web Access” on page 177.
•
Alerts and messages: See “Notifications”, including “Notifications” on page 445.
•
Allowing access to data on Nasuni Filer: See “Shares”, “Exports”, “FTP directories”, and
“Remote Access”, including “Adding a New CIFS Share to a Volume” on page 125, “Adding an
NFS Export to a Volume” on page 143, “Adding FTP directories for a volume” on page 153, and
“Remote Access” on page 102.
Nasuni Filer Administration Guide 8.0
3
Introducing the Nasuni Filer
Terminology
•
Backup: See “Snapshots”, including “Snapshot Scheduling” on page 107 and “Snapshot
Retention” on page 115.
•
Bandwidth: See “Quality of Service (QoS)”, including “Quality of Service (inbound and
outbound bandwidth limit)” on page 43.
•
Local data: See “Cache”, including “About the Cache” on page 5 and “Cache Settings” on
page 400.
•
Maximum capacity: See “Quota”, including “Viewing Local and Remote Volume Information”
on page 46, “Changing the Volume Quota” on page 74, and “Directory Quotas” on page 75.
•
Merging data from other Nasuni Filers with your Nasuni Filer: See “Sync”, including “Sync
Scheduling” on page 110.
•
Moving data to your Nasuni Filer: See “Data Migration”, including “Configure” on page 238.
•
Other Nasuni Filers: See “Remote Volumes”, including “Connecting to a Remote Volume” on
page 58.
•
Sets of data: See “Volumes”, including “Adding a Volume” on page 51.
Also, see “Glossary” on page 481.
Nasuni Filer Administration Guide 8.0
4
Introducing the Nasuni Filer
About File Systems
About File Systems
File system data and metadata are stored locally on the Nasuni Filer. However, permanent storage is in
the form of cloud-based storage. Changes in files are sent to cloud storage by the Nasuni Filer, at times
that your snapshot schedule specifies and at rates specified by your Quality of Service (inbound and
outbound bandwidth) setting. On volumes with global file locking enabled, global locking provides file
synchronization independently of the snapshot and synchronization processing. You can also manually
initiate snapshots.
Note: The Nasuni Filer supports Windows, UNIX, and Linux clients. Client capabilities and
behavior vary, depending on the client type and version of the client operating system.
File system metadata includes:
•
Standard access control list (ACL) and file system metadata, such as permissions and file size.
•
Version history of operations on files, including creating, updating, deleting, and moving files.
•
Location of file versions.
Data is versioned with the ability to go back to a point in time at the volume, directory, and file levels.
Volume metadata includes:
•
Version history of operations on the volume, including creating, updating, deleting, and moving
the volume. When and by whom the volume was instantiated.
•
Protocol: CIFS, NFS, FTP/SFTP, iSCSI, and HTTP/REST.
•
Encryption settings.
About the Cache
When you first launch the Nasuni Filer, the local cache is empty, although the Cache display on the
Home page might reflect the data required to set up the file system. Afterwards, any data written to a
volume is staged in the local cache. After one hour, the first snapshot occurs. (To take a snapshot
sooner, click “Take snapshot now” on the Volumes page.) Each file in the cache is deduplicated,
compressed, encrypted, and sent to cloud storage. This is the only time that the entire cache is sent to
cloud storage. Subsequent snapshots include only the changes between the original version of the files
and the most recent version of the files.
The cache continuously tracks “recently changed” data, such as files created or changed since the last
snapshot. New data that has been saved to the cache, but has not yet been protected in cloud storage,
is classified as “new data in cache not yet protected”.
The most recently used files remain in the cache. Saved data that was written once and rarely used
afterwards is eventually removed (“evicted”) from the cache to free up space for data that is accessed
more frequently. If one of these evicted files is later requested for reads or writes, the Nasuni Filer
retrieves the file from cloud storage and puts it back into the local cache automatically.
To view unprotected files in the cache, see “Unprotected Files” on page 414.
Nasuni Filer Administration Guide 8.0
5
Introducing the Nasuni Filer
About the Cache
Cache Capacity
The cache keeps local copies of working files for fast access to frequently accessed data. When the
cache starts to become full, it first removes (“evicts”) files that have already been sent to cloud storage
and are rarely accessed, using a least-recently-used (LRU) algorithm. If more space is necessary, a
snapshot is performed to protect more data in cloud storage, after which the protected data can then
be evicted from the cache. As a result, the cache rarely reaches full capacity. After a snapshot is
complete, the cache status displays 0% “new data in cache not yet protected”, until you change data
or create new data.
You can continue to use your system normally during each snapshot.
The size and status of the cache is displayed on the Home page.
Figure 1-1: Cache status.
Note: Nasuni’s display of size might differ from other indications of size, such as Windows
Explorer and other utilities. Typically, such utilities display only the size of the data
currently present in the local cache, while Nasuni displays the full size, regardless of
where the data is.
As a default, the Nasuni Filer tries to keep about 30 percent of the cache free to accept new data.
Pinning volumes or folders in the cache or manually changing the cache settings can affect the
percentage of the cache that is free to accept new data.
To view unprotected files in the cache, see “Unprotected Files” on page 414.
Nasuni Filer Administration Guide 8.0
6
Introducing the Nasuni Filer
Trial Mode
Initial, Recommended, and Minimum Memory
The memory allocation for a virtual machine platform (VM) is set and changed in the hypervisor. The
memory allocation that is first set is the "initial memory allocation".
The "recommended memory allocation" is a suggested amount of memory. If the VM has less than the
"recommended memory allocation", an alert informs the customer of the situation.
There is also a "minimum memory allocation". If the VM has less than the "minimum memory
allocation", then the software does not run.
Tip: For both the Nasuni Filer and the NMC, it might be necessary to increase the memory
allocation above the recommended memory allocation, depending on the workload.
For the Nasuni Filer, these values are:
•
Initial memory allocation: 8 GiB
•
Recommended memory allocation: 8 GiB
•
Minimum memory allocation: 4 GiB
Note: The document preview feature of Nasuni Web Access requires a minimum of 8 GiB
and version OS7 of the Nasuni Filer base operating system.
For the NMC, these values are:
•
Initial memory allocation: 6 GiB
•
Recommended memory allocation: 6 GiB
•
Minimum memory allocation: 2 GiB
Trial Mode
You are entitled to a free, 14-day, fully-functional evaluation of the Nasuni Filer. After your free trial
period has expired, you must upgrade to continue using the product.
If the Nasuni Filer is in Trial mode, the Trial Mode indicator appears on the bottom of each page.
Figure 1-2: Trial Mode indicator.
Clicking this indicator opens the Subscription Status page, which includes details about how much
time remains in the Trial period. See “Subscription Status” on page 409.
When your trial period ends, you cannot send any data to or receive data from cloud storage until you
upgrade your account. Local data in the cache is accessible. However, if you do not upgrade your
account within 30 days after the trial period ends, your data might be deleted. See the Nasuni Filer
Terms of Service and License Agreement for details at http://www.nasuni.com/legal/.
To upgrade your account from Trial mode, contact your Nasuni account representative for assistance.
Nasuni Filer Administration Guide 8.0
7
Chapter 2: Starting Out
This chapter includes these sections:
•
An overview of some of the tasks that you can perform with the Nasuni Filer, along with links to
further information.
Note: If this Nasuni Filer is under the control of the Nasuni Management Console, for
many of these tasks, you use the Nasuni Management Console to view information or
perform actions. For details, see the Nasuni Management Console Guide.
•
A list of available actions on the Nasuni Filer user interface and the Nasuni Management
Console.
Starting with the Nasuni Filer
Installing the Nasuni Filer
The Nasuni Filer is already installed on Nasuni hardware appliances.
Installing and configuring the Nasuni Filer on a virtual platform is a simple and straightforward process.
•
First, download and install the software on your virtual platform. To set up a Nasuni Filer on the
Microsoft Azure or Amazon EC2 cloud platforms, see the installation guide for the specific
platform. For installation instructions for a virtual machine platform, see the Installing the Nasuni
Filer on Virtual Platforms document.
•
Run the Install Wizard, including entering the Serial Number and Authorization Code, found
under the Account section of www.nasuni.com. The Serial Number and Authorization Code are
also found on the Account Serial Numbers page of the Nasuni Management Console. See the
Nasuni Filer Initial Configuration Guide.
•
A best practice for Nasuni Filers is to join an Active Directory or LDAP domain as soon as
installation is complete. For details, see “Joining a Nasuni Filer (that has not previously joined
any domain) to a domain (for Nasuni Filers running versions before 7.8)” on page 336.
Important: You cannot enable both Active Directory and LDAP Directory Services for a
Nasuni Filer.
Recovery
You can perform the procedure to recover a Nasuni Filer for a genuine emergency, or when moving the
Nasuni Filer to another location. See “Recovery” on page 450.
Nasuni Filer Administration Guide 8.0
8
Starting Out
Starting with the Nasuni Filer
Creating new volumes
You use volumes to manage data. If you do not already have a volume set up, you can create a new
volume.
Note: If this Nasuni Filer is under the control of the Nasuni Management Console, you use
the Nasuni Management Console to perform this task.
•
Before creating a new volume, ensure that you have the encryption keys you would like to use.
Nasuni recommends creating and uploading your own encryption keys (“Adding (Importing or
Uploading) Encryption Keys” on page 348). Otherwise, you can specify generating a new
encryption key when you create the new volume. Nasuni also recommends safeguarding your
encryption keys yourself. You can download generated encryption keys for safeguarding
(“Downloading (Exporting) Generated Encryption Keys” on page 349). Alternatively, you can
escrow encryption keys with Nasuni (“Escrowing Encryption Keys with Nasuni” on page 350).
Important: The time to generate an encryption key can vary widely, depending on the
hardware (real or virtual) that the Nasuni Filer is executing on. Encryption keys
are generated in the background, so as to not block use of the Nasuni Filer
during generation.
•
To create a new volume on a Nasuni Filer, see “Adding a Volume” on page 51.
•
You can create CIFS shares (“Adding a New CIFS Share to a Volume” on page 125), NFS
exports (“Adding an NFS Export to a Volume” on page 143), or FTP/SFTP directories (“Adding
FTP directories for a volume” on page 153) for users to access. If you created a CIFS share,
NFS export, or FTP/SFTP directory automatically when you created a new volume, you can
check and edit the settings for CIFS shares (“Editing a CIFS Share” on page 139), NFS exports
(“Editing an NFS Export” on page 146), or FTP/SFTP directories (“Editing FTP directories” on
page 158).
Managing the Nasuni Filer
You have many options for configuring the Nasuni Filer.
•
You can configure the Nasuni Filer to automatically download and install software updates. To
prevent automatic software updates from occurring at inconvenient times, you can specify the
days and times for automatic software updates to occur, or prevent automatic software updates
entirely. See “Automatic Software Updates” on page 399.
Alternatively, you can manually update the Nasuni Filer software. See “Software Updates” on
page 411.
Note: If this Nasuni Filer is under the control of the Nasuni Management Console, you
use the Nasuni Management Console to perform this task.
•
You can view the status and expiration date of your subscription. See “Subscription Status” on
page 409. You can also refresh your subscription license. See “Refreshing Subscription
License” on page 410.
Note: If this Nasuni Filer is under the control of the Nasuni Management Console, you
use the Nasuni Management Console to perform this task.
Nasuni Filer Administration Guide 8.0
9
Starting Out
•
Managing data
The Notifications page lets you view and acknowledge Nasuni Filer messages. See
“Notifications” on page 445.
Note: If this Nasuni Filer is under the control of the Nasuni Management Console, you
use the Nasuni Management Console to perform this task.
•
You can configure email alerts, which are sent to your email account from the Nasuni Filer. You
can select various types of alerts to receive. See “Email Settings” on page 285.
Managing data
Providing data access to users
You can define the specific data that users can access. You can also define which users can access
data.
Note: If this Nasuni Filer is under the control of the Nasuni Management Console, you use
the Nasuni Management Console to perform this task.
•
You can create a CIFS share, an NFS export, or an FTP/SFTP directory for each directory in the
volume that you want to provide access to. You can create many CIFS shares, NFS exports, or
FTP/SFTP directories on a volume. See “Adding a New CIFS Share to a Volume” on page 125,
“Adding an NFS Export to a Volume” on page 143, and “Adding FTP directories for a volume”
on page 153. If you created a CIFS share, NFS export, or FTP/SFTP directory automatically
when you created a new volume, you can check and edit the settings for CIFS shares (“Editing a
CIFS Share” on page 139), NFS exports (“Editing an NFS Export” on page 146), or FTP/SFTP
directories (“Editing FTP directories” on page 158).
For each CIFS share, NFS export, or FTP/SFTP directory, you can define which volume and
which directory within the volume to share, export, or FTP. You can specify Read-Only access.
You can limit which hosts can access the CIFS share, NFS export, or FTP/SFTP directory.
For CIFS shares with Active Directory or LDAP security, you can define groups that can access
the CIFS share, and specify Read-Write, or Read-Only, or Deny access for each group. You can
add users to or remove users from these groups. You can also specify individual users that can
access the CIFS share, and specify Read-Write, Read-Only, or Deny access for each individual
user.
You can map network drives to CIFS shares in Windows, access iSCSI volumes in Windows,
and mount CIFS shares or NFS exports in Linux or UNIX. You can access FTP/SFTP directories
using the FTP/SFTP protocol.
You can also define multiple protocols to access data using CIFS, NFS, and FTP/SFTP.
•
You can enable Web Access to CIFS shares and NFS exports. This allows users to access data
using any supported Web browser. See “Web Access” on page 177.
Note: Web Access is not available with LDAP Directory Services security.
•
You can enable and install the Nasuni Desktop Client for CIFS shares. This allows users to
access data using a simple interface on their own desktop. See “Nasuni Desktop Client” on
page 202.
Nasuni Filer Administration Guide 8.0
10
Starting Out
•
Managing data
You can enable Mobile Access to CIFS shares. This enables users to access data using mobile
devices, including iOS-based devices (such as iPhone and iPad) and Android phones. See
“Nasuni Mobile Access” on page 185.
You can specify details of the Mobile Service, such as adding another port for Mobile Access,
limiting how long users remain authenticated on mobile devices, limiting users to only one
mobile device, and limiting the types of mobile devices that can use Mobile Access. See
“Mobile Access: Configuring” on page 274.
You can enable, disable, and delete individual licenses for the Mobile Access service. See
“Mobile Access: Managing access by mobile devices” on page 275.
Sharing data between Nasuni Filers
You share data between Nasuni Filers by using volumes. If you do not already have a volume set up on
the source Nasuni Filer, you can create a new volume (“Adding a Volume” on page 51).
Note: If this Nasuni Filer is under the control of the Nasuni Management Console, you use
the Nasuni Management Console to perform this task.
Tip: Before adding data to a Nasuni Filer, it is a Best Practice to clean up historical and
orphaned SIDs. This can help prevent later difficulties with permissions. For more details,
see CIFS Permissions Best Practices.
•
Volumes are not shared by default. First, you need to enable Remote Access on the source
volume. You can then specify Read/Write or Read Only access for the destination Nasuni Filers.
See “Remote Access” on page 102.
•
After the source volume has Remote Access enabled, you connect the destination Nasuni Filers
to the source volume. See “Connecting to a Remote Volume” on page 58.
•
End users access the data through CIFS shares, NFS exports, or FTP/SFTP directories of the
destination volume. You define CIFS shares (“Adding a New CIFS Share to a Volume” on
page 125), NFS exports (“Adding an NFS Export to a Volume” on page 143), or FTP/SFTP
directories (“Adding FTP directories for a volume” on page 153) on the destination volume for
users to access. If you created a CIFS share, NFS export, or FTP/SFTP directory automatically
when you created a new volume, you can check and edit the settings for CIFS shares (“Editing a
CIFS Share” on page 139), NFS exports (“Editing an NFS Export” on page 146), or FTP/SFTP
directories (“Editing FTP directories” on page 158).
•
You can schedule when Nasuni syncs (synchronizes) the data between Nasuni Filers. See
“Configuring a Sync Schedule” on page 206.
Nasuni Filer Administration Guide 8.0
11
Starting Out
Managing data
Adding data to volumes
Tip: Before adding data to a Nasuni Filer, it is a Best Practice to clean up historical and
orphaned SIDs. This can help prevent later difficulties with permissions. For more details,
see CIFS Permissions Best Practices.
There are several ways to add data to volumes.
•
The best way to load your data to a volume is by using the Data Migration Service. This feature
supports multiple sources and targets for migrations using CIFS or NFS protocols. See
“Configure” on page 238.
•
You can share data from other Nasuni Filers as described in “Sharing data between Nasuni
Filers” on page 11.
•
You can define Web Access to CIFS shares. This enables users to add data to volumes using
any supported Web browser. See “Web Access” on page 177.
Note: If this Nasuni Filer is under the control of the Nasuni Management Console, you
use the Nasuni Management Console to perform this task.
Note: Web Access is not available with LDAP Directory Services security.
•
You can define Mobile Access to CIFS shares. This enables users to add data to volumes using
mobile devices, including iOS-based devices (such as iPhone and iPad) and Android phones.
See “Nasuni Mobile Access” on page 185.
Note: If this Nasuni Filer is under the control of the Nasuni Management Console, you
use the Nasuni Management Console to perform this task.
•
You can enable and install the Nasuni Desktop Client for CIFS shares. This allows users to
access data using a simple interface on their own desktop. See “Nasuni Desktop Client” on
page 202.
•
You can map network drives to CIFS shares in Windows (see “Mapping a Windows network
drive to a CIFS share” on page 169), access iSCSI volumes in Windows (see “Accessing an
iSCSI volume in Windows” on page 170), and mount CIFS shares or NFS exports in Linux or
UNIX (see “Mounting a CIFS share in Linux or UNIX” on page 173 and “Mounting an NFS export
in Linux or UNIX” on page 176). This enables users to add data to volumes using the file
management capabilities of Windows, Linux, and UNIX operating systems.
•
You can access FTP/SFTP directories using the FTP/SFTP protocol. See “Accessing data using
the FTP/SFTP protocol” on page 167.
Protecting data
A snapshot is a complete picture of the files and folders in your file system at a specific point in time.
Snapshots offer data protection by enabling you to recover past versions of a file or to restore an entire
file system. You can select when and how frequently to perform snapshots. For example, you can
configure snapshots to occur only during off-hours when network usage is low.
•
You can schedule snapshots for whenever suits your system best. See “Snapshot Scheduling”
on page 107.
•
You can also take manual snapshots at any time. See “Take a Snapshot Now” on page 61.
Nasuni Filer Administration Guide 8.0
12
Starting Out
Security
•
For compliance purposes or your own best practices, you can specify to delete older snapshots
from cloud storage, based on a configured snapshot retention policy for a specific volume. See
“Snapshot Retention” on page 115.
•
You can restore a file or folder (for a CIFS or NFS volume, or FTP/SFTP directory) or an entire
volume (for an iSCSI volume) from any location. See “Searching for a Folder or File by Name” on
page 217 and “Restoring Volume, Folder, or Files” on page 230.
Managing volumes
The Nasuni Filer offers many options for managing volumes.
Note: If this Nasuni Filer is under the control of the Nasuni Management Console, you use
the Nasuni Management Console to perform this task.
•
Volumes should have names that describe what data they contain and that users recognize.
You can change the name of a volume. See “Volume Status” on page 44.
•
You can change the name of an iSCSI target. See “Volume properties page for iSCSI volumes”
on page 68.
•
You can monitor file statistics. See “File Types in snapshots” on page 444, “File Sizes in
snapshots” on page 444, and “Data Growth Chart” on page 38.
•
For CIFS and NFS volumes and FTP/SFTP directories, the volume quota (maximum capacity)
enables you to limit the amount of storage space for a volume, including snapshots, which helps
you to control your storage costs. You can change the volume quota. See “Changing the
Volume Quota” on page 74.
The Nasuni Filer can also send email reports to administrators or to users about which
directories are near or over their quota. For details about setting a directory quota, see “Setting
Quota or Rule” on page 221.
•
You can delete volumes that are no longer needed. See “Deleting a Volume” on page 121.
Security
Handling encryption keys
Encryption keys are used to encrypt your data in cloud storage. You can use the Nasuni Filer to
manage encryption keys in several ways.
Note: If this Nasuni Filer is under the control of the Nasuni Management Console, you use
the Nasuni Management Console to perform this task.
•
You can view encryption keys and their settings. See “Encryption Key Management” on
page 346.
•
Nasuni recommends creating and uploading your own encryption keys. You can upload
encryption keys to the Nasuni Filer. See “Adding (Importing or Uploading) Encryption Keys” on
page 348.
Nasuni Filer Administration Guide 8.0
13
Starting Out
Security
Alternatively, you can specify generating a new encryption key when you create a new volume.
Important: The time to generate an encryption key can vary widely, depending on the
hardware (real or virtual) that the Nasuni Filer is executing on. Encryption keys
are generated in the background, so as to not block use of the Nasuni Filer
during generation.
•
The next step is to add specific encryption keys to specific volumes. See “Adding Encryption
Keys to a Volume” on page 95.
The next step is to enable (or disable) specific encryption keys for specific volumes. See
“Enabling Encryption Keys” on page 90 or “Disabling Encryption Keys” on page 93.
•
Nasuni recommends safeguarding your encryption keys yourself. You can download generated
encryption keys for safeguarding. See “Downloading (Exporting) Generated Encryption Keys”
on page 349.
Alternatively, you can escrow uploaded encryption keys with Nasuni. See “Escrowing
Encryption Keys with Nasuni” on page 350.
Note: All automatically generated encryption keys are automatically escrowed with
Nasuni.
•
You can delete encryption keys that are not necessary for recovery purposes. See “Deleting
Encryption Keys” on page 352.
Role-based access control
Rather than managing the permissions for performing tasks for each individual user, it is simpler to
create groups that have specific combinations of permissions, and then assign users to the appropriate
groups. You can define users and groups of users, and then assign specific permissions to each group.
•
To control who has permission to perform actions on the Nasuni Filer, you can define users and
groups of users, then assign specific permissions. See “Users and Groups” on page 380.
•
To control who has permission to access CIFS shares that have Active Directory or LDAP
Directory Services security, you can define users and groups of users, then assign specific
permissions. See “Editing a CIFS Share” on page 139.
SSL certificates
The user interface of the Nasuni Filer is Web-based. In order to secure this Web site, SSL certificates or
self-signed certificates are used. You can view or add SSL certificates or a self-signed certificate that
Nasuni Filer Administration Guide 8.0
14
Starting Out
Changing performance
you can use when accessing the Nasuni Filer user interface. See “SSL Server and Client Certificates”
on page 362.
Note: If this Nasuni Filer is under the control of the Nasuni Management Console, you use
the Nasuni Management Console to perform this task.
Antivirus protection
Nasuni offers the option of protecting data with antivirus scanning, and review of files flagged for
violations. The Nasuni Filer Antivirus Service uses the Clam AntiVirus (ClamAV®) open-source antivirus
engine. Synchronization with the ClamAV virus database occurs within four hours of an update.
Customers can report false positives here.
If this Nasuni Filer is under the control of the Nasuni Management Console, you use the Nasuni
Management Console to perform this task.
•
You can enable or disable the Antivirus Service. See “Antivirus Service” on page 78.
•
You can review antivirus violations. See “Reviewing Infected Files” on page 80.
Firewall protection
You can limit traffic to the Nasuni Filer user interface and the Nasuni Support SSH port, which provides
firewall protection. See “Firewall” on page 355.
Changing performance
There are a number of ways that you can change the performance of the system.
•
The Quality of Service (QoS) settings specify the inbound and outbound bandwidth for moving
data to and from the Nasuni Filer.
Tip: Set the outbound Quality of Service to the highest value possible. This helps
snapshots complete rapidly.
Snapshots are slower during periods of lower bandwidth. Local user read/write operations are
not affected. Limiting the bandwidth of inbound and outbound data between specific hours can
help decrease network congestion. See “Quality of Service Settings” on page 299.
•
The cache is the local storage of the Nasuni Filer. All data and metadata that are accessed
regularly are kept locally in the cache. By default, the amount of local cache space reserved for
new writes is managed automatically, using an advanced algorithm to optimize cache usage.
However, you can override the amount of local cache space reserved for new writes in order to
suit your company’s workload. Reserving a large portion of the cache for new writes allows
snapshots to complete more rapidly, but reduces the amount of data that is kept locally.
Conversely, reserving a small portion of the cache for new writes allows keeping more data
locally, but increases the time for completing snapshots. See “Cache Settings” on page 400. To
view unprotected files in the cache, see “Unprotected Files” on page 414.
Nasuni Filer Administration Guide 8.0
15
Starting Out
Changing performance
•
Frequent snapshots increase the system load significantly. You can change when and how
frequently snapshots occur. See “Snapshot Scheduling” on page 107.
•
Pinning a folder forces a folder to remain in the local cache at all times. This can improve
performance and reduce the time necessary to return accessed data to clients. See “Pinning
Folders in the Cache” on page 224. To view unprotected files in the cache, see “Unprotected
Files” on page 414.
Nasuni Filer Administration Guide 8.0
16
Starting Out
Alternatives for configuring your Nasuni Filer
Alternatives for configuring your Nasuni Filer
For many settings on the Nasuni Filer, you can perform the configuration either with the Nasuni Filer
user interface or with the Nasuni Management Console. The following tables show which settings you
can configure with which user interface.
Configuring your Nasuni Filer using the Nasuni Filer user interface
Some actions can only be performed using the Nasuni Filer user interface, not with the Nasuni Management
Console.
Affected item
Place Filer in NMC control
Cloud Credentials
Data Migrations
Data Migration sources
Data Migration schedules
Network
Firewall
SSL certificates
HTTPS proxy
Email
On Nasuni Filer
Action: Menu
Enable: Services → Nasuni Management Console
Configure: Configuration → Cloud Credentials
Configure, Delete, View: Services → View Migrations
Create, Delete, View: Services → Migration Sources
Schedule, Delete, View: Services → Migration Schedules
Edit: Configuration → Network Configuration
Charts, Status: Status → Network Status
Edit: Configuration → Firewall
Add, Delete, Set, View: Configuration → SSL Certificates
Edit: Configuration → HTTPS Proxy
Edit: Configuration → Email Settings
Nasuni Filer Administration Guide 8.0
17
Starting Out
Alternatives for configuring your Nasuni Filer
Configuring your Nasuni Filer using either the user interface or the NMC
Some actions can be performed using either the Nasuni Filer user interface or the Nasuni Management
Console.
Affected item
On Nasuni Filer
Action: Menu
Nasuni Filer Operations
Manual software
Updates: Status → Updates
update
Subscription status View, Refresh: Status → Subscription Status
Send: Services → Send Diagnostics
On Nasuni Management Console
Action: Menu
Update: Filers → Software Update
Refresh: Account Status → Refresh
License
Send: Filers → Send Diagnostics
Send diagnostics
to Nasuni
Shutdown
Power: Power button
Shutdown: Filers → Shutdown &
Reboot
Folder Operations
Auto cache
Enable: File Browser → select folder
Pinning folder
Pin folder: File Browser → select volume
Enable: Volumes → File System
Browser → select folder
Enable: Volumes → File System
Browser → select folder
Volume Operations
Take snapshot now Take: Volumes → All Volumes
Antivirus violations Review: Volumes → select volume
File
Browse, Download, Search, Restore, Bring
into cache: File Browser →select volume
Folder
Browse, Search, Restore, Bring into cache:
File Browser →select volume
Create: File Browser; Edit: Volumes →
Properties → Quotas
Nasuni Filer Configuration
Place Filer in NMC
Enable: Services → Nasuni Management
control
Console
Mobile Access
Enable: Volumes → Mobile Service Settings
Manage: Services → Mobile Licenses
Remote Support
Enable: Services → Remote Support Service
Service
Active Directory
Join: Configuration → General Settings
domain
Join, Leave, Edit, View: Configuration →
Directory Services
LDAP directory
Join: Configuration → General Settings
Services
Configure, View, Update: Configuration →
Directory Services
Time Zone, Server
Edit: Configuration → Time Configuration
Cache
Edit: Configuration → Cache Settings
Encryption Keys
Upload, Download, Escrow, Delete, View:
Configuration → Encryption Keys
Directory quotas
Nasuni Filer Administration Guide 8.0
Take: Volumes → Take Snapshot
Review: Volumes → Antivirus
Violations
Volumes → File Browser
Volumes → File Browser
Volumes → File Browser
View List: Filers
Enable: Filers → Mobile Settings
Manage: Filers → Mobile Licenses
Enable: Filers → Remote Support
View: Filers → Security Settings
Edit: Filers → Time Configuration
Edit: Filers → Cache Settings
Upload, Send, Escrow, Delete,
View: Filers → Encryption Keys
18
Starting Out
Affected item
Automatic Software
Updates
Quality of Service
Users and Groups
Description
Password
Alternatives for configuring your Nasuni Filer
On Nasuni Filer
Action: Menu
Edit: Configuration → Automatic Updates
On Nasuni Management Console
Action: Menu
Edit: Filers → Automatic Updates
Edit: Configuration → Quality of Service
Add, Delete, Edit: Configuration → Users/
Groups
Edit: Configuration → Filer Description
Edit: Configuration → Change Password
Edit: Filers → Quality of Service
Add, Delete, Edit: Console Settings
→ Users/Groups
Edit: Filers → Description
Edit: Console Settings → Users/
Groups → Edit User
Nasuni Filer Administration Guide 8.0
19
Starting Out
Alternatives for configuring your Nasuni Filer
Affected item
On Nasuni Filer
Action: Menu
Volume Configuration
Volume
Create, Delete, Connect, Disconnect, Edit,
Rename: Volumes → All Volumes → select
volume
Browse: File Browser → select volume
Encryption Keys
Add, Enable: Volumes → select volume
(Volume)
CIFS share
Create, Delete, Edit: Volumes → select
volume
Disconnect client, Reset authentication
cache, Reset clients: Status → CIFS Status
NFS export
Create, Delete, Edit: Volumes → select
volume
Status: Status → NFS Status
iSCSI
Edit: Volumes → select volume
Status: Status → iSCSI Status
FTP directory
Create, Delete, Edit: Volumes → select
volume
Status: Status → FTP Status
Quota
Edit: Volumes → select volume
Report: Configuration → Quota Settings
Auto cache
Enable: Volumes → select volume
Remote Access
Enable: Volumes → select volume
Sync scheduling
Edit sync schedule, Edit snapshot schedule,
Snapshot
Edit snapshot retention: Volumes → select
scheduling
volume
Snapshot retention
Snapshot directory Enable snapshot directory access, Enable file
access
alert service, Enable antivirus service:
File Alert Service
Volumes → select volume
Antivirus Service
Filer Monitoring
SNMP monitoring
Enable: Configuration → SNMP monitoring
Hardware
Status: Status → Hardware Status
appliance status
Traffic groups
View: Status → Network Status
Physical ports
File information
Chart: Status → File Heuristics
Unprotected files
Notifications
View: Status → Unprotected Files
Filter, Acknowledge, Delete: Notifications
Volume Monitoring
Size
Status, Chart: Home
Data not yet
protected
Data growth
Nasuni Filer Administration Guide 8.0
On Nasuni Management Console
Action: Menu
Create, Delete, Connect,
Disconnect, Rename: Volumes
Add, Enable: Volumes →
Encryption Keys
Create, Delete, Edit, Status:
Volumes → Shares
Status: Filers → CIFS
Create, Delete, Edit: Volumes →
Exports
Status: Filers → NFS
Edit: Volumes → iSCSI
Status: Filers → iSCSI
Create, Delete, Edit: Volumes →
FTP Directories
Status: Filers → FTP
Edit: Volumes → Quota
Report: Filers → Quota Reports
Enable: Volumes → Sync Schedule
Enable: Volumes → Remote Access
Edit: Volumes
Enable: Volumes
Edit: Filers → SNMP Settings
View: Home → Hardware Health
View: Filers → Hardware
View: Filers → Network → Network
Chart, Table: Home → File Types
Written, File Sizes in Snapshots
View: Volumes → Unprotected Files
Search, Acknowledge, Delete:
Notifications
Status, Chart: Volumes
20
Starting Out
Alternatives for configuring your Nasuni Filer
Affected item
Snapshot status
On Nasuni Filer
Action: Menu
View: Home
View: Volumes → select volume
On Nasuni Management Console
Action: Menu
View: Volumes → Last Snapshot
Configuring the Nasuni Management Console
Some actions can only be performed using the Nasuni Management Console, not with the Nasuni Filer user
interface.
Affected item
Cloud Credentials
Manual software update
Send diagnostics to Nasuni
Time Zone, Time Server
Network
Firewall
HTTPS proxy
SSL certificates
Users and Groups
Automatic Software Updates
Remote Support Service
Description
Password
Email
SNMP monitoring
Notifications
Nasuni Filer Administration Guide 8.0
On Nasuni Management Console
Action: Menu
Configure: Account → Cloud Credentials
Update: Console Settings → Software Update
Send: Console Settings → Send Diagnostics
Edit: Console Settings → Time Configuration
Edit: Console Settings → Networking
Edit: Console Settings → Firewall
Edit: Console Settings → Proxy
Add, Delete, View: Console Settings → SSL Certificates
Add, Delete, Edit, View: Console Settings → Users / Groups
Edit: Console Settings → Automatic Updates
Edit: Console Settings → Remote Support
Edit: Console Settings → Description
Edit: user → Change Password
Edit: Console Settings → Email Settings
Edit: Console Settings → SNMP Monitoring
Search, Acknowledge, Delete: Notifications
21
Chapter 3: Login Page
When you open the Nasuni Filer user interface in a Web browser, the Login page appears, where you
can log in securely using your username and password. Accounts for the administrative management
of the Nasuni Filer are called Filer Administrators. Supported Web browsers include Mozilla Firefox,
Internet Explorer, Apple Safari, and Google Chrome. See the Nasuni Filer Initial Configuration Guide for
a current list of supported Web browsers.
At the top of the Login page, you can access online help. See “Help” on page 25 for details.
You can also shut down the Nasuni Filer, if necessary. See “Power” on page 25 for details.
Figure 3-1: Nasuni Filer Log in page.
At the bottom of the Login page is a link to the Nasuni corporate Web site. There is also a link to use if
you have lost the login password. See “Resetting Administrative Account (Forgot Password)” on
page 24 for details.
Nasuni Filer Administration Guide 8.0
22
Login Page
Logging in to the Nasuni Filer
Logging in to the Nasuni Filer
To log in to the Nasuni Filer:
1. Using your Web browser, open the specified IP address for the Nasuni Filer. The IP address is
obtained during installation. For hardware appliances, see the appropriate Hardware Appliance
Getting Started Guide. For virtual platforms, To set up a Nasuni Filer on the Microsoft Azure or
Amazon EC2 cloud platforms, see the installation guide for the specific platform. For installation
instructions for a virtual machine platform, see Installing the Nasuni Filer on Virtual Platforms.
The Nasuni Filer Log in page appears.
Figure 3-2: Nasuni Filer Log in page.
2. Type your username (case-sensitive) in the Username text box.
Note: If you have associated an Active Directory or LDAP Directory Services domain
group with a permission group, you can log in using Active Directory or LDAP Directory
Services credentials. See “Adding Permission Groups” on page 383.
3. Type your password (case-sensitive) in the Password text box.
Warning: Performing too many unsuccessful login attempts disables login for 5
minutes. If this happens, wait 5 minutes, then log in with the correct username and
password.
4. Click Log in.
•
After you log in, the Nasuni Filer Home page appears. See “Home Page” on page 36 for
details on the features of this page.
•
After you log in, you can change the password, as detailed in “Changing User Password” on
page 407.
Nasuni Filer Administration Guide 8.0
23
Login Page
•
Resetting Administrative Account (Forgot Password)
You can begin using the Nasuni Filer immediately to map a network drive as explained in
“Mapping a Windows network drive to a CIFS share” on page 169. You can also mount a
CIFS share, as explained in “Mounting a CIFS share in Linux or UNIX” on page 173. You can
also mount an NFS export, as explained in “Mounting an NFS export in Linux or UNIX” on
page 176.
Note: If you already have a Nasuni Filer, and this is another Nasuni Filer associated with your
account, you must create a volume and CIFS share before you can map a drive. See
Chapter 6, “Volumes Page,” on page 45 for details.
•
You can access FTP/SFTP directories using the FTP protocol. See “Accessing data using
the FTP/SFTP protocol” on page 167.
Resetting Administrative Account (Forgot Password)
If you have lost the password for the administrative account, this feature resets the administrative
account information for this Nasuni Filer, and allows you to create or recreate a Filer Administrator user.
No data is deleted and no configurations are changed. After logging in, you can change your password,
as detailed in “Changing User Password” on page 407.
Important: For this procedure, you need the Serial Number and Authorization Code for this
Nasuni Filer, found under the Account section of www.nasuni.com. The Serial
Number and Authorization Code are also found on the Account Serial Numbers
page of the Nasuni Management Console.
Note: This procedure does not deauthorize the Nasuni.com account, just the Nasuni Filer
administrative account, which is independent of the Nasuni.com account and specific
to the Nasuni Filer.
Caution: Do not use this process to change between Nasuni.com accounts.
To reset the administrative account:
1. Locate the “Forgot Password?” hyperlink at the bottom of the Login page.
2. Click the hyperlink. The Administrative Account Reset page appears.
Figure 3-3: Administrative Account Reset page.
Nasuni Filer Administration Guide 8.0
24
Login Page
Navigation Bar on Login Page
3. To proceed, select the Click here to Accept check box. This means that you acknowledge that
this Nasuni Filer is to be de-authorized from the account. The Nasuni Filer requires re-activation
through the setup wizard.
4. Click Confirm. The registration wizard appears.
Note: To exit this screen without resetting the account, click your Web browser’s Back
button.
5. To re-register and re-create the Filer Administrator for this Nasuni Filer with another username
and password, see “Setting Up the Nasuni Filer” in the Nasuni Filer Initial Configuration Guide.
This lets the Filer Administrator log in to the Nasuni Filer user interface.
Navigation Bar on Login Page
The navigation bar on the Login screen displays the following options:
•
Help
•
Power
.
.
Help
Click Help
to display the Help menu. Links to the following information are available:
•
Nasuni Filer documentation in PDF format. See “Product Documentation” on page xv.
•
Nasuni Filer Release Notes. See “Viewing the Nasuni Filer Release Notes” on page 29.
•
Nasuni Terms of Service. See “Nasuni Terms of Service and License Agreement” on page 463.
•
Privacy policy.
•
Service Level Agreement.
•
Contact Nasuni support and sales.
Power
To shut down the Nasuni Filer, click Power
on page 31 for details.
Nasuni Filer Administration Guide 8.0
. See “Shutting Down and Rebooting the Nasuni Filer”
25
Chapter 4: Common Screen Elements
Several useful elements appear on all pages of the Nasuni Filer user interface.
Nasuni Corporate Web Site
At the bottom of each page is a link to the Nasuni corporate Web site.
Figure 4-1: Link to the Nasuni corporate Web site.
Status Messages
Status messages, such as when the last snapshot occurred, appear on the bottom left of each page.
Figure 4-2: Status message.
Username
In the navigation bar at the top of all pages, the name of the user who is logged in appears with the date
of the last login.
Figure 4-3: Username logged in.
Name of the Nasuni Filer
The name of the Nasuni Filer appears in the upper left, under the Nasuni logo.
Figure 4-4: Name of Nasuni Filer.
Nasuni Filer Administration Guide 8.0
26
Common Screen Elements
Nasuni Filer Version and Base Operating System Version
The version of the Nasuni Filer software, such as 7.5, appears on the bottom right of each page. The
version of the Nasuni Filer base operating system, such as OS7, also appears on the bottom right of
each page.
Figure 4-5: Nasuni Filer version and base operating system version.
Nasuni Filer Administration Guide 8.0
27
Common Screen Elements
Navigation Bar Functions
Navigation Bar Functions
The navigation bar of the Nasuni Filer user interface displays the following useful options:
•
Notifications
•
Help
•
Power
.
.
.
Viewing Notifications
Urgent notifications that require acknowledgment appear on the Notifications pane. You can view and
filter all notifications using the Notifications pane.
To view notifications, click the megaphone-shaped Notifications icon at the top right of any page. The
Notifications pane appears.
Figure 4-6: Notifications pane.
Urgent notifications that require acknowledgment appear on the Notifications pane, based on the
state of your system. A number to the right of a notification indicates multiple occurrences of the same
notification. You can acknowledge a notification by clicking the x. To acknowledge all the urgent
notifications, click Acknowledge All. For more information about Notifications, see Chapter 13,
“Notifications,” on page 445.
Viewing the Nasuni Filer Help
The Nasuni Filer Help is available on the navigation bar at the top of all pages.
Click Help
to display the Help menu. Links to the following information are available:
•
Nasuni Filer documentation in PDF format. See “Product Documentation” on page xv.
•
Nasuni Filer Release Notes. See “Viewing the Nasuni Filer Release Notes” on page 29.
•
Nasuni Terms of Service. See “Nasuni Terms of Service and License Agreement” on page 463.
•
Privacy policy.
•
Service Level Agreement.
•
Contact information for Nasuni support and sales.
Nasuni Filer Administration Guide 8.0
28
Common Screen Elements
Navigation Bar Functions
Viewing the Nasuni Filer Release Notes
The Release Notes option is available by clicking Help on the navigation bar at the top of all pages.
Release Notes for the Nasuni Filer contain the latest information about the latest version, as well as
previous versions.
Tip: To automatically download and install software updates, see “Automatic Software
Updates” on page 399. To manually update the Nasuni Filer software, see “Software
Updates” on page 411.
To view release notes:
1. Click Help on the navigation bar at the top of the page, then select Release Notes from the list.
The Release Notes dialog box appears with the latest release notes.
Figure 4-7: Release Notes dialog box.
2. Scroll down to review information about the Nasuni Filer software release.
Nasuni Filer Administration Guide 8.0
29
Common Screen Elements
Navigation Bar Functions
3. To close the release notes dialog box, press the Esc key or click the x at the top of the dialog
box.
Note: To ensure that you see the latest release notes, reload the page or refresh your
browser’s cache.
Nasuni Filer Administration Guide 8.0
30
Common Screen Elements
Navigation Bar Functions
Shutting Down and Rebooting the Nasuni Filer
The Power (or Shutdown) option is located on the navigation bar at the top of all pages. When you shut
down the Nasuni Filer, all users are disconnected from the Nasuni Filer and data is not accessible
during the shutdown process. You can choose to shut down the Nasuni Filer immediately, or to perform
a snapshot before shutting down.
Tip: Consider performing a snapshot before shutting down the Nasuni Filer. See “Take a
Snapshot Now” on page 61 for details.
Note: When a reboot is requested, a notification is logged that the reboot was requested and
by whom the reboot was requested.
To shut down the Nasuni Filer:
1. Click Power
appears.
on the navigation bar at the top of the page. The Shutdown Filer dialog box
Figure 4-8: Shutdown Filer dialog box.
Note: To exit and return to the previous page, click the x at the top of the page, or click
Cancel.
2. Enter a Username (case-sensitive) and Password (case-sensitive) that has permission to
perform this operation.
3. Select one of the following options:
•
Perform snapshot before shutting down: The Nasuni Filer performs a snapshot before
shutting down. This ensures that data is fully protected in cloud storage before shutting
down. However, this process can take considerable time, depending on the size of the
cache and the amount of changed and new data in the cache.
Tip: On the Windows Azure virtual platform, virtual machines that have been shut
down continue to incur compute charges. To avoid these charges, use the Windows
Azure Management Portal at https://manage.windowsazure.com/ to stop or
delete the virtual machines.
Nasuni Filer Administration Guide 8.0
31
Common Screen Elements
•
Navigation Bar Functions
Shut down immediately: (Default) Shuts down the Nasuni Filer without performing a
snapshot. Data that has not already been captured by a snapshot is not protected in cloud
storage. However, data in the cache is not lost. A message on the Nasuni Filer Home page
notifies you that the Nasuni Filer is shutting down. If you change your mind, you have 60
seconds to cancel the shutdown.
Tip: On the Windows Azure virtual platform, virtual machines that have been shut
down continue to incur compute charges. To avoid these charges, use the Windows
Azure Management Portal at https://manage.windowsazure.com/ to stop or
delete the virtual machines.
•
Reboot immediately: Reboots the Nasuni Filer without performing a snapshot. In a few
moments, the console reloads and the Nasuni Filer Home page re-appears.
4. Click Shutdown.
The message “The Nasuni Filer is shutting down.” appears.
5. To stop the shutdown, click the hyperlink marked “click here” to cancel the shutdown. You have
60 seconds to cancel the shutdown.
The message “Shutdown cancelled at user request.” appears.
The shutdown stops.
6. If you do not stop the process, the Nasuni Filer shuts down or reboots, depending on the option
chosen in step 3, and the Nasuni Filer user interface is no longer accessible.
On the console, a series of shutdown messages appears, and the console automatically closes
down.
To restart a shutdown Nasuni Filer, you can power on the Nasuni Filer from your platform.
Logging Out of the Nasuni Filer
The Logout option is available by clicking the user name on the navigation bar at the top of all pages.
Logging out of the Nasuni Filer does not affect any operations such as snapshots or file sharing access.
To log out of the Nasuni Filer:
1. Click the user name on the navigation bar at the top of the page, then click Logout from the
drop-down list.
Figure 4-9: Logout.
You are logged out of the Nasuni Filer.
2. The Login page appears. You can log back in when needed, as detailed in “Logging in to the
Nasuni Filer” on page 23.
Nasuni Filer Administration Guide 8.0
32
Common Screen Elements
Pop-up Software Update Notifications
Changing User Password
You can change the currently logged-in user account password to a new password.
Note: This option is not available if you log in using Active Directory or LDAP Directory
Services credentials.
To change the user account password:
1. Click the user name at the top of the page, then select Change Password from the drop-down
list. The Change User Password page appears.
Figure 4-10: Change User Password page.
2. Enter your current password (case-sensitive) in the Old password text box.
3. Enter the new password (case-sensitive) for your user account in the New password text box.
An indicator of password strength appears. Password strength is enforced for this action. You
should use strong passwords.
4. Enter the new password (case-sensitive) again in the Confirm new password text box.
5. Click Save New Password.
You are taken to the Home page, where the message “Password successfully changed” is
displayed.
Note: If this Nasuni Filer is under the control of the Nasuni Management Console,
changes to the password are propagated to the Nasuni Management Console.
Pop-up Software Update Notifications
If a new software update is available, a pop-up notification appears in the right margin. For example:
Figure 4-11: Software update notification.
Nasuni Filer Administration Guide 8.0
33
Common Screen Elements
Notifications
You can acknowledge this notification by clicking the x. To delete notifications, see “Deleting
Notifications” on page 449.
You can update the Nasuni Filer software from the hyperlink. See “Software Updates” on page 411 for
more details.
Note: Nasuni does not recommend applying software updates during your normal business
hours, because this can disrupt access. Apply software updates during off-hours.
Notifications
You can access notifications using the megaphone-shaped Notifications icon at the top right.
Figure 4-12: Notifications icon.
A number on the Notifications icon indicates the number of new, unacknowledged, urgent
notifications that require acknowledgment.
Figure 4-13: Number of new notifications.
To view notifications, click the Notifications icon. The Notifications pane appears.
Figure 4-14: Notifications pane.
Urgent notifications that require acknowledgment appear on the Notifications pane, based on the
state of your system. A number to the right of a notification indicates multiple occurrences of the same
notification. You can acknowledge a notification by clicking the x. To acknowledge all the urgent
notifications, click Acknowledge All.
To view all notifications, click View all Notifications. For details on notifications, see Chapter 13,
“Notifications,” on page 445.
Nasuni Filer Administration Guide 8.0
34
Common Screen Elements
Nasuni Management Console message and notice
Nasuni Management Console message and notice
If this Nasuni Filer is under Nasuni Management Console control, a message appears at the top of the
page.
Figure 4-15: Nasuni Management Console message.
In addition, a notice appears on the menu bar at the upper right of the page:
Figure 4-16: Nasuni Management Console notice.
You can disable Nasuni Management Console control by clicking the “Nasuni Management Console”
hyperlink. See “Nasuni Management Console” on page 279 for more details.
Note: If this Nasuni Filer is under the control of the Nasuni Management Console, for many
tasks you use the Nasuni Management Console to view information or perform actions.
For details, see the Nasuni Management Console Guide.
Nasuni Filer Administration Guide 8.0
35
Chapter 5: Home Page
Home
The Home page appears after you log in to the Nasuni Filer. The Home page displays a dashboard with
details about the state of the Nasuni Filer.
The Home page offers links to the Volumes, File Browser, Services, Configuration, Status, and
Notifications pages.
The Home page displays the following information for the Nasuni Filer:
•
Messages, including alerts, notifications, and available software updates.
•
Data Growth chart.
•
“New Data in Cache” chart.
•
Network Activity charts.
•
Migration Status information.
•
Snapshot Status information.
•
Local Cache Status graphic.
•
Quality of Service (inbound and outbound bandwidth) information.
•
Volume Status information.
Note: The Home page, and all other pages of the Nasuni Filer user interface, might look
different to different users. Also, different menus and actions might be available for
different users. This is because different users are assigned different permissions,
based on their roles in the role-based access control system. See “Users and Groups”
on page 380 for details.
Note: If this Nasuni Filer is under the control of the Nasuni Management Console, menus and
menu choices might look different, because you use the Nasuni Management Console
to perform these tasks.
Nasuni Filer Administration Guide 8.0
36
Home Page
The Nasuni Filer Home page looks like this.
Figure 5-1: Home page.
You can return to the Home page by clicking the name of the Nasuni Filer in the top left corner.
Nasuni Filer Administration Guide 8.0
37
Home Page
Data Growth Chart
Data Growth Chart
Chart
A chart of Data Growth appears at the top of the Home page.
Figure 5-2: Data Growth chart.
This chart shows the total amount of stored data on the vertical axis versus time along the horizontal
axis. The amount of data is shown in units such as KB, MB, GB, and TB. The length of time is shown by
month and day. The data growth updates automatically every 5 minutes.
You can use the Data Growth chart to monitor the amount of data stored using this Nasuni Filer, and to
determine how much data each volume contributes to the total.
You can select the time period of this chart by clicking the drop-down list and selecting one of the
following time periods:
•
Previous 7 days.
•
Previous 14 days.
•
Previous 30 days.
•
Previous 90 days.
•
All time.
You can select which volumes to include or exclude by clicking the available volume names under the
chart.
If you hover the mouse over any part of the chart, a label appears displaying details about the amount
of data in that volume at that date and time.
Figure 5-3: Details of data and time on Data Growth chart.
To zoom in on a specific range of displayed data, click the chart at the high end of the range you want,
then drag to the low end of the range you want, then release. The chart rescales to zoom in on the
selected range. To reset the zoom to the default display, click Reset zoom.
Nasuni Filer Administration Guide 8.0
38
Home Page
New Data in Cache Chart
New Data in Cache Chart
A chart of New Data in Cache (not yet protected) appears in the middle of the Home page.
Figure 5-4: New Data in Cache chart.
This is a bar chart showing the amount of new data in the cache that has not yet been protected in
cloud storage. Each volume appears on the vertical axis on the left side. The amount of data for each
volume appears as a horizontal bar. If all the data for a volume has already been protected in cloud
storage, there is no bar for that volume.
You can use this chart to monitor how much data is present in the cache that has not yet been
protected in cloud storage. This can be helpful when planning snapshot schedules (see “Snapshot
Scheduling” on page 107) or manually taking snapshots (see “Take a Snapshot Now” on page 61).
If there are any antivirus violations that are not yet protected, the total of antivirus violations is
displayed.
To view unprotected files in the cache, see “Unprotected Files” on page 414.
Nasuni Filer Administration Guide 8.0
39
Home Page
Network Activity Charts
Network Activity Charts
You can view charts of the network activity of the Nasuni Filer. One chart shows data transmitted to
and received from cloud storage. The other chart shows other network traffic to and from the Nasuni
Filer. The scale is in Kbits/second or Mbits/second, depending on throughput.
There is a chart of Cloud Traffic (upper chart) and a chart of Local Traffic (lower chart).
Figure 5-5: Network Activity charts.
You can use these charts to monitor network activity during data transfer.
Both charts have the same vertical scale. You can select the time period of these charts by clicking the
drop-down list and selecting one of the following time periods:
•
Previous Hour.
•
Previous Day.
On the Cloud Traffic chart (upper chart), you can select which network activity to include or exclude by
clicking Cloud Transmit (for data transmitted to the cloud by the Nasuni Filer), Cloud Receive (for data
received from the cloud by the Nasuni Filer), Mobile Transmit (for data transmitted to mobile devices
by the Nasuni Filer), or Mobile Receive (for data received from mobile devices by the Nasuni Filer)
under the Cloud Traffic chart.
On the Local Traffic chart (lower chart), you can select which network activity to include or exclude by
clicking UI Transmit (for data transmitted to the user interface by the Nasuni Filer), UI Receive (for data
received from the user interface by the Nasuni Filer), Client Transmit (for data transmitted to the client
by the Nasuni Filer), Client Receive (for data received from the client by the Nasuni Filer), Migration
Transmit (for data transmitted to a data migration by the Nasuni Filer), or Migration Receive (for data
received from a data migration by the Nasuni Filer) under the Local Traffic chart.
To zoom in on a specific range of displayed data, click the chart at the high end of the range you want,
then drag to the low end of the range you want, then release. The chart rescales to zoom in on the
selected range.
To reset the zoom to the default display, click Reset zoom.
Nasuni Filer Administration Guide 8.0
40
Home Page
Network Activity Charts
If you hover the mouse over any part of either chart, a label appears displaying details about the
amount of network activity at that date and time.
Figure 5-6: Details of network activity on Network Activity charts.
Nasuni Filer Administration Guide 8.0
41
Home Page
Migration Status
Migration Status
The status of data migration activities appears at the top of the right-hand column.
Figure 5-7: Migration Status.
The migration status includes the name of the migration, the target volume, the time and date of the last
run, and the status of the migration.
To view details of a migration, start or stop a migration, download a log of a migration, or perform other
migration activities, click the “Migration” link or the Settings icon
. See “Data Migration” on
page 238 for more details.
Snapshot Status
View
The status of the most recent snapshot appears in the right-hand column.
If the snapshot is in progress, a bar chart of the progress appears:
Figure 5-8: Snapshot Status when snapshot is in progress.
This shows the percentage complete, the total size, and the volume name of the snapshot.
Note: Nasuni’s display of size might differ from other indications of size, such as Windows
Explorer and other utilities. Typically, such utilities display only the size of the data
currently present in the local cache, while Nasuni displays the full size, regardless of
where the data is.
If the snapshot is complete, the status of the snapshot appears, including the volume name and the
date and time that the snapshot completed:
To view details of the volume, click the highlighted volume name in the status.
By default, snapshots of unshared volumes occur hourly (every 5 minutes for shared volumes). If the
default interval is not suitable, see “Snapshot Scheduling” on page 107 for details on how to change
the snapshot interval.
Nasuni Filer Administration Guide 8.0
42
Home Page
Local Cache Status
Local Cache Status
The status of local storage, namely, the cache, appears in the middle of the right column of the Home
page.
Figure 5-9: Local Cache Status.
The cache status includes a bar chart indicating how much of the cache is in use, the percentage of the
cache in use, and the total size of the cache.
See “About the Cache” on page 5 for details on how the cache works in the Nasuni Filer. See “Cache
Settings” on page 400 for information on configuring the cache.
If the RAID array is in the process of being rebuilt, a bar chart indicates how much of the RAID array has
been rebuilt.
To view unprotected files in the cache, see “Unprotected Files” on page 414.
Quality of Service (inbound and outbound bandwidth limit)
The Quality of Service (QoS) settings indicate the inbound and outbound bandwidth limit of moving
data to and from the Nasuni Filer, such as for transmitting snapshots to cloud storage. The current
Quality of Service appears in the right column of the Home page.
Figure 5-10: Quality of Service.
The default inbound Quality of Service is unlimited. The default outbound Quality of Service is 10
megabits per second. However, you can schedule rules for different Quality of Service (QoS) settings
. You can also create additional
on different days and times by clicking the link or the Settings icon
Quality of Service (QoS) rules. See “Quality of Service Settings” on page 299 for details on adding or
changing QoS rules.
Tip: Set the outbound Quality of Service to the highest value possible. This helps snapshots
complete rapidly.
Nasuni Filer Administration Guide 8.0
43
Home Page
Volume Status
Volume Status
Status
The status of each volume appears on the bottom of the right column of the Home page.
Figure 5-11: Volume Status.
For each volume, the name of the volume, the size of the volume, and the date and time of the last
snapshot appear.
Note: Nasuni’s display of size might differ from other indications of size, such as Windows
Explorer and other utilities. Typically, such utilities display only the size of the data
currently present in the local cache, while Nasuni displays the full size, regardless of
where the data is.
You can view details about each volume by clicking the link of each volume name. To view a list of
volumes, click the Settings icon
.
Local Time Status
Status
You can synchronize the local clock with the configured Network Time Protocol (NTP) server. By
default, all Nasuni Filers are set to use Nasuni's NTP server, time.nasuni.com, to set the time daily.
To synchronize with the NTP server, click Sync clock with NTP.
Figure 5-12: Local Time Status.
To configure the NTP server, see “Filer Time Configuration” on page 304.
Nasuni Filer Administration Guide 8.0
44
Chapter 6: Volumes Page
Volumes
From the Volumes page, you can perform the following activities:
•
View the information and properties of local and remote volumes.
•
Add new volumes using the CIFS, NFS, or iSCSI protocols.
•
Connect to remote volumes.
•
Initiate a snapshot.
•
Select the Volume Properties page for a volume.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
Note: The Volumes page, and all other pages of the Nasuni Filer user interface, might look
different to different users. Also, different menus and actions might be available for
different users. This is because different users are assigned different permissions,
based on their roles in the role-based access control system. See “Users and Groups”
on page 380 for details.
On the Volume Properties page of each volume, you can perform the following activities (see “Viewing
Volume Properties” on page 62):
•
Change the properties of volumes, including volume name and quota (maximum capacity).
•
Create and change CIFS shares, NFS exports, and FTP/SFTP directories.
•
Configure snapshot retention and scheduling.
•
Enable and disable access to snapshot directories.
•
Add, disable, and enable encryption keys for volumes.
•
Configure iSCSI security.
•
Configure remote access to volumes.
•
Configure sync schedules.
•
Configure file auditing for the volume.
•
Configure alerts for files with specified name patterns.
•
Configure antivirus protection.
•
Delete a volume.
Nasuni Filer Administration Guide 8.0
45
Volumes Page
Viewing Local and Remote Volume Information
Viewing Local and Remote Volume Information
Click Volumes, then select All Volumes from the list. The Volumes page displays the following
information for all local and remote volumes.
Figure 6-1: Volumes page.
Note: It can take several minutes for recently published volumes to appear. To refresh the
display, click Refresh Connections.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
Nasuni Filer Administration Guide 8.0
46
Volumes Page
Viewing Local and Remote Volume Information
Local Volume Information
The following properties appear for each local volume:
•
Safe Delete status: If Safe Delete is enabled for this volume, and if the deletion of the volume is
awaiting approval by volume-delete-capable administrators, the status “Pending Delete
Approval” appears. If Safe Delete is enabled for this volume, and if the deletion of the volume
has been approved by the required number of volume-delete-capable administrators, the status
“Pending Delete” appears. To cancel a pending deletion, see “Cancelling volume deletion” on
page 123. To revoke approval of a deletion, see “Revoking approval of volume deletion” on
page 123.
Tip: Volumes become Read-Only when they are in either the "Pending Delete Approval"
state or in the "Pending Delete" state, and return to their initial state if a delete is
cancelled. Administrators should notify the file system users that the volume is going
to be deleted.
•
Name: The name of the volume. You can change this name to something more useful or
descriptive, if needed. See “Renaming a Volume” on page 71 for details.
•
Case Sensitive (CIFS): For CIFS volumes, an indication of whether the volume treats file and
directory names as case-sensitive: Yes or No.
Tip: Case-insensitive CIFS-only volumes perform better than case-sensitive volumes.
•
Size (or LUN Size for iSCSI volumes): The amount of storage used for the volume, not including
snapshots.
Note: Nasuni’s display of size might differ from other indications of size, such as
Windows Explorer and other utilities. Typically, such utilities display only the size of
the data currently present in the local cache, while Nasuni displays the full size,
regardless of where the data is.
•
Protocol: The protocol or protocols of the volume: CIFS, NFS, or iSCSI, or a combination of
CIFS, NFS, and FTP.
•
Permissions Policy: (Not visible on remote volumes.) If multiple protocols are enabled, the
selected permissions policy for the protocols, from the following:
•
UNIX/NFS Permissions Only Mode: Default mode for NFS volumes. Recommended for
primary or heavy NFS use. Not recommended for Windows users. Only the traditional
UNIX mode bits control permissions (chmod). Windows can view permissions as access
control lists (ACLs), but cannot add or remove access control entries (ACEs). Windows
CIFS users can change permissions using the Security tab of the Windows Properties
dialog box.
•
NTFS Compatible Mode: Default mode for CIFS volumes on Nasuni Filers joined to
Active Directory. This mode is required for multiple protocol support, such as NFS or
FTP/SFTP protocols, as well as CIFS/SMB. NFS and FTP/SFTP protocols cannot see all
NTFS permissions and do not obey all access rules in NTFS permissions. NFS and FTP/
SFTP protocols obey only the POSIX access control list (ACL) component of inheritance
rules. A high level of Windows compatibility is supported through the CIFS/SMB
protocol, with some limitations.
Nasuni Filer Administration Guide 8.0
47
Volumes Page
•
Viewing Local and Remote Volume Information
NTFS Exclusive Mode: Optional mode for CIFS volumes on Nasuni Filers joined to
Active Directory. Recommended for CIFS volumes that do not require mixed mode
access, because multiple protocols, such as NFS or FTP/SFTP, are not supported.
Produces full NTFS permissions, as supported on CIFS/SMB. Windows clients obey
inheritance rules. This policy has the greatest Windows compatibility.
Important: You cannot switch from NTFS Exclusive Mode to NTFS Compatible
Mode.
Important: Volumes in NTFS Exclusive Mode do not support multiple protocols.
•
POSIX Mixed Mode: Default mode for CIFS volumes on Nasuni Filers joined to LDAP.
Recommended for combined CIFS and FTP/SFTP volumes, with light NFS use. Also
recommended for CIFS-only volumes with Linux or Mac clients, with UNIX extensions
enabled. Access control lists (ACLs) are supported entirely through POSIX ACLs.
Windows clients receive mapping of POSIX ACLs to NTFS ACLs. However, the
mappings are not as complete as mappings done for NTFS Compatible Mode. NFS
clients cannot view the ACLs.
The NFSv4 protocol automatically translates the underlying ACLs to NFSv4 ACLs. The
common tools for managing POSIX ACLs are not supported on NFSv4. To manage
ACLs using NFSv4, you must use the NFSv4 ACL tools. Not all Nasuni Filers support
NFSv4. You can check whether NFSv4 is supported on the NFS Status page (Nasuni
Filers) or the Exports page (NMC).
•
Unauthenticated Access Mode: Default mode for CIFS volumes on Nasuni Filers that
are not joined to Active Directory or to LDAP. Recommended for CIFS Public-mode
volumes. For CIFS clients, this mode acts as an open share. For all other protocols, this
mode acts identically to POSIX Mixed Mode.
•
Total Shares (CIFS), Total Exports (NFS), or Total FTP Directories (FTP): For CIFS volumes,
the total number of CIFS shares. For NFS volumes, the total number of NFS exports. For FTP/
SFTP directories, the total number of FTP/SFTP directories.
•
Volume Pinned: Indicates whether the entire volume, namely, the root folder of the volume, is
pinned in the cache: Yes or No. You can pin the volume, or individual folders, to the cache as
detailed in “Pinning Folders in the Cache” on page 224. To view unprotected files in the cache,
see “Unprotected Files” on page 414.
•
Remote Access: For CIFS and NFS volumes and FTP/SFTP directories, the setting of remote
access to this volume: Enabled or Disabled.
•
New Data in Cache: The amount of new data that has been saved to the cache, but has not yet
been protected in cloud storage. To view unprotected files in the cache, see “Unprotected
Files” on page 414.
•
Last Snapshot: Date and time of last snapshot, or “No snapshots” if there are no snapshots.
View
Remotely accessible volumes are labeled “Remotely Accessible Volume”. A remotely accessible
volume is available remotely for other Nasuni Filers in your Nasuni.com account. To display and change
the properties of the remotely accessible volume, click Edit Properties, then click Enabled next to
Nasuni Filer Administration Guide 8.0
48
Volumes Page
Viewing Local and Remote Volume Information
Remote Access. The Remote Access page for that volume appears. See “Remote Access” on
page 102 for more details.
Note: iSCSI volumes are never remotely accessible.
Volumes that are not remotely accessible are labeled “Local Volume”. A local volume is available locally
and is not enabled for remote access. To display and change the properties of the local volume, click
Edit Properties, then click Disabled next to Remote Access. The Remote Access page for that
volume appears. See “Remote Access” on page 102 for more details.
Remote Volume Information
Remote access allows one or more Nasuni Filers to connect, using Nasuni, to a volume associated with
another Nasuni Filer. To connect to a remote volume, see “Connecting to a Remote Volume” on
page 58.
The following properties appear for each remote volume that is not connected:
•
Name: The name of the remote volume.
•
Connected: Whether this volume is connected: False.
•
Case Sensitive (CIFS): For CIFS volumes, an indication of whether the volume treats file and
directory names as case-sensitive: Yes or No.
Tip: Case-insensitive CIFS-only volumes perform better than case-sensitive volumes.
•
Permissions: The current permissions for the remote volume: Read Only or Read/Write.
•
Made accessible from: The name of the remote Nasuni Filer where this remote volume is
located.
The following properties appear for each connected remote volume:
•
Local Name: The local name of the remote volume.
•
Size: The amount of storage used by the remote volume, not including snapshots.
Note: Nasuni’s display of size might differ from other indications of size, such as
Windows Explorer and other utilities. Typically, such utilities display only the size of
the data currently present in the local cache, while Nasuni displays the full size,
regardless of where the data is.
•
Protocol: The protocol or protocols of the remote volume: CIFS or NFS, or a combination of
CIFS, NFS, and FTP.
•
Total Shares (CIFS), Total Exports (NFS), or Total FTP Directories (FTP): For remote CIFS
volumes, the total number of CIFS shares. For remote NFS volumes, the total number of NFS
exports. For remote FTP/SFTP directories, the total number of FTP/SFTP directories.
•
Volume Pinned: Indicates whether the entire volume, namely, the root folder of the volume, is
pinned in the cache: Yes or No. You can pin the volume, or individual folders, to the cache as
detailed in “Pinning Folders in the Cache” on page 224.
•
Connected: Whether this volume is connected: True.
Nasuni Filer Administration Guide 8.0
49
Volumes Page
•
Viewing Local and Remote Volume Information
Case Sensitive (CIFS): For CIFS volumes, an indication of whether the volume treats file and
directory names as case-sensitive: Yes or No.
Tip: Case-insensitive CIFS-only volumes perform better than case-sensitive volumes.
•
Permissions: The current permissions for the remote volume: Read Only or Read/Write.
•
Made accessible from: The name of the remote Nasuni Filer where this remote volume is
located.
•
New Data in Cache: The amount of new data that has been saved to the remote volume’s
cache, but has not yet been protected in cloud storage.
•
Last Snapshot: Date and time of last snapshot of the remote volume, or “No snapshots” if there
are no snapshots.
Nasuni Filer Administration Guide 8.0
50
Volumes Page
Managing Volumes
Managing Volumes
This section describes various aspects of managing volumes.
Adding a Volume
Create
This section explains how to add a new CIFS, NFS, or iSCSI volume.
Note: In Trial Mode, the maximum number of volumes you can have is limited to two.
Tip: Before adding data to a Nasuni Filer, it is a Best Practice to clean up historical and
orphaned SIDs. This can help prevent later difficulties with permissions. For more
details, see CIFS Permissions Best Practices.
Tip: Before adding a volume, configure the cloud credentials for this volume. To configure
cloud credentials, see “Cloud Credentials” on page 402.
See www.nasuni.com/support/documentation for a worksheet for planning configurations.
Note: If this Nasuni Filer is under Nasuni Management Console control, this operation is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
Nasuni Filer Administration Guide 8.0
51
Volumes Page
Managing Volumes
To add a new CIFS, NFS, or iSCSI volume, follow these steps:
1. Click Volumes, then click Add New Volume from the list. The Add New Volume page appears.
Figure 6-2: Add New Volume page.
2. Enter a human-readable name for the volume in the Name text box, for example, “New York
Office”. The name you enter is automatically applied as the encryption key name in the
Keyname text box.
Note: For iSCSI volumes, the iSCSI volume name is used to generate the target name.
This includes changing any upper-case letters to lower-case, and changing any
non-ASCII symbols to their hex code.
3. From the Cloud Provider drop-down list, select the cloud storage provider for this volume. The
choices for the back-end cloud storage component are part of each customer license.
4. From the Credentials drop-down list, select the cloud credentials for this volume. To configure
cloud credentials, see “Cloud Credentials” on page 402.
Nasuni Filer Administration Guide 8.0
52
Volumes Page
Managing Volumes
5. From the Region drop-down list, specify a region where you want to store your data.
You should store your data in a region that is near your users and data centers to reduce data
access latencies. In addition, the region you select should be remote from your other operations
for geographic redundancy and recovery purposes. You should also consider any compliance
requirements for the location of data.
Note: Regardless of which region you choose, your data is protected with multiple copies
in that region.
6. You can use an existing encryption key, create a new encryption key, or upload an encryption
key.
•
To use an existing encryption key, select an encryption key from the Key drop-down list.
•
To create a new encryption key, select Create New Key from the Key drop-down list, then
optionally enter a name for the new encryption key in the Keyname text box.
Important: The time to generate an encryption key can vary widely, depending on the
hardware (real or virtual) that the Nasuni Filer is executing on. Encryption
keys are generated in the background, so as to not block use of the
Nasuni Filer during generation.
Note: If you select Create New Key, the new encryption key is automatically
escrowed for you. It is also prudent to download and protect the new
encryption key, in case you need it for recovery or other purposes later. See
“Downloading (Exporting) Generated Encryption Keys” on page 349 for more
details.
•
To upload an encryption key, follow these steps:
a. Select Upload New Key from the Key drop-down list. The Import OpenPGP Key(s) page
appears.
Figure 6-3: Import OpenPGP Key(s) page.
b. Click Choose File, then navigate to the encryption key file. This file should be OpenPGP
compatible.
Tip: All uploaded encryption keys should be at least 2048 bits long.
Nasuni Filer Administration Guide 8.0
53
Volumes Page
Managing Volumes
c. If an encryption key passphrase is needed, enter the encryption key passphrase in the
Key Passphrase text box.
d. Click Import Key. The encryption key is imported to the Nasuni Filer.
Tip: Imported encryption keys are not automatically escrowed. Save all imported
encryption keys to another secure location outside the Nasuni Filer, so that they
are available if needed for recovery.
Warning: Do NOT save encryption key files to a volume on a Nasuni Filer. You
will NOT be able to use these to recover data. This is NOT how to
upload encryption keys to a Nasuni Filer. To upload encryption keys to
a Nasuni Filer, see “Adding (Importing or Uploading) Encryption Keys”
on page 348.
7. From the Network Protocol drop-down list, select a network protocol on your network. This is
the protocol you use to access files on a volume. Your choices are:
•
CIFS (Windows clients): This protocol allows Windows users to share files across a
network. The CIFS protocol is used on other operating systems besides Windows, including
UNIX, Linux, and Mac OS X.
•
NFS (Unix clients): This protocol allows UNIX users to access and share file systems across
a computer network using UNIX and Linux.
•
iSCSI Target: This protocol allows users to access SAN blocks of data across a computer
network using the iSCSI protocol.
Note: You can enable FTP/SFTP access to a CIFS volume or an NFS volume after the
volume is created. See “Multiple Volume Protocols” on page 160.
8. For CIFS and NFS volumes only, set the maximum volume capacity (in gigabytes) in the Quota
text box. A value of 0 or blank specifies an unlimited volume capacity (up to your licensed
capacity). Quotas are applied after each successful snapshot. Nasuni recommends that you
only increase quotas rather than decrease them. A notification occurs when the volume reaches
90 percent of the quota. Another notification occurs when the volume reaches the quota. If the
volume is shared, then the quota is compared to the sum of all Nasuni Filers connected to the
volume.
9. For CIFS and NFS volumes only, to automatically create a CIFS share or an NFS export for the
new volume, leave the Create a default Share/Export check box selected.
Nasuni Filer Administration Guide 8.0
54
Volumes Page
Managing Volumes
10. For iSCSI volumes only, the iSCSI Properties pane appears:
Figure 6-4: iSCSI Properties pane.
a. In the Volume Size text box, enter the Volume Size, in GB.
Note: All iSCSI (SAN) volume data is pinned in the cache. Therefore, the Volume Size
of an iSCSI volume is limited by the size of the cache. iSCSI volumes can use
up to 75 percent of the cache. The computed limit is displayed.
Note: The Volume Size of an iSCSI volume can be increased, if necessary, but not
decreased.
b. To control which hosts are allowed to connect to this volume, in the Allowed Hosts text box,
enter a comma-separated list of the IP addresses or subnet addresses that are allowed to
access this volume. If you leave this field blank, all hosts on your network have access to this
volume without restrictions.
c. To restrict access to this iSCSI volume, in the CHAP User Name text box, enter a ChallengeHandshake Authentication Protocol (CHAP) User Name that initiators must log in with. In the
CHAP Password text box, enter a Challenge-Handshake Authentication Protocol (CHAP)
Password that initiators must log in with. The CHAP Password must be 12-16 characters
long.
11. For CIFS volumes only, to specify that the volume should treat file and directory names as casesensitive, select “Case Sensitive”. The default is deselected, namely, case-insensitive.
Tip: Case-insensitive CIFS-only volumes perform better than case-sensitive volumes.
Caution: A case-insensitive volume cannot have multiple volume protocols. If this
volume must support multiple protocols, select this checkbox to make the
volume case-sensitive.
Nasuni Filer Administration Guide 8.0
55
Volumes Page
Managing Volumes
12. For CIFS volumes only, if the Nasuni Filer is configured for Active Directory or LDAP Directory
Services authentication, the CIFS-Specific Properties area appears.
Figure 6-5: CIFS-Specific Properties.
From the User Authentication drop-down list, select the method for the Nasuni Filer to
authenticate users connecting to CIFS shares within this volume: Active Directory, LDAP
Directory Services, Authenticated Access, or Publicly Available to All Users.
Note: “Authenticated Access” refers to either Active Directory or LDAP Directory
Services.
Note: If the Nasuni Filer is configured for Active Directory authentication, but is not joined
to a domain, a message appears, indicating that the new volume is not usable until
the Nasuni Filer joins a domain, at which time you can choose Active Directory,
LDAP Directory Services, or Public authentication.
Tip: It is not possible to change the authentication mode of a volume after you create the
volume.
13. For CIFS volumes only, if the Nasuni Filer is configured for Active Directory or LDAP Directory
Services authentication, the CIFS-Specific Properties area appears. From the Permissions
Policy drop-down list, select one of the following:
•
UNIX/NFS Permissions Only Mode: Default mode for NFS volumes. Recommended for
primary or heavy NFS use. Not recommended for Windows users. Only the traditional
UNIX mode bits control permissions (chmod). Windows can view permissions as access
control lists (ACLs), but cannot add or remove access control entries (ACEs). Windows
CIFS users can change permissions using the Security tab of the Windows Properties
dialog box.
•
NTFS Compatible Mode: Default mode for CIFS volumes on Nasuni Filers joined to
Active Directory. This mode is required for multiple protocol support, such as NFS or
FTP/SFTP protocols, as well as CIFS/SMB. NFS and FTP/SFTP protocols cannot see all
NTFS permissions and do not obey all access rules in NTFS permissions. NFS and FTP/
SFTP protocols obey only the POSIX access control list (ACL) component of inheritance
rules. A high level of Windows compatibility is supported through the CIFS/SMB
protocol, with some limitations.
•
NTFS Exclusive Mode: Optional mode for CIFS volumes on Nasuni Filers joined to
Active Directory. Recommended for CIFS volumes that do not require mixed mode
access, because multiple protocols, such as NFS or FTP/SFTP, are not supported.
Produces full NTFS permissions, as supported on CIFS/SMB. Windows clients obey
inheritance rules. This policy has the greatest Windows compatibility.
Important: You cannot switch from NTFS Exclusive Mode to NTFS Compatible
Mode.
Nasuni Filer Administration Guide 8.0
56
Volumes Page
Managing Volumes
Important: Volumes in NTFS Exclusive Mode do not support multiple protocols.
•
POSIX Mixed Mode: Default mode for CIFS volumes on Nasuni Filers joined to LDAP.
Recommended for combined CIFS and FTP/SFTP volumes, with light NFS use. Also
recommended for CIFS-only volumes with Linux or Mac clients, with UNIX extensions
enabled. Access control lists (ACLs) are supported entirely through POSIX ACLs.
Windows clients receive mapping of POSIX ACLs to NTFS ACLs. However, the
mappings are not as complete as mappings done for NTFS Compatible Mode. NFS
clients cannot view the ACLs.
The NFSv4 protocol automatically translates the underlying ACLs to NFSv4 ACLs. The
common tools for managing POSIX ACLs are not supported on NFSv4. To manage
ACLs using NFSv4, you must use the NFSv4 ACL tools. Not all Nasuni Filers support
NFSv4. You can check whether NFSv4 is supported on the NFS Status page (Nasuni
Filers) or the Exports page (NMC).
•
Unauthenticated Access Mode: Default mode for CIFS volumes on Nasuni Filers that
are not joined to Active Directory or to LDAP. Recommended for CIFS Public-mode
volumes. For CIFS clients, this mode acts as an open share. For all other protocols, this
mode acts identically to POSIX Mixed Mode.
14. Click Save.
A message appears telling you that the new volume creation is complete. Click x to close the
message box. The new volume appears on the Home page under Volumes.
To add a CIFS share to a new volume, see “Adding a New CIFS Share to a Volume” on page 125.
To add an NFS export to a new volume, see “Adding an NFS Export to a Volume” on page 143.
To add an FTP/SFTP directory to a new volume, see “Adding FTP directories for a volume” on
page 153.
To enable another protocol for a volume, see “Multiple Volume Protocols” on page 160.
To map a network drive to an automatically created CIFS share, see “Mapping a Windows network
drive to a CIFS share” on page 169.
To access a new iSCSI volume in Windows, see “Accessing an iSCSI volume in Windows” on
page 170.
To mount an automatically created CIFS share in Linux or UNIX, see “Mounting a CIFS share in Linux or
UNIX” on page 173.
To mount an automatically created NFS export in Linux or UNIX, see “Mounting an NFS export in Linux
or UNIX” on page 176.
To access data using the FTP/SFTP protocol, see “Accessing data using the FTP/SFTP protocol” on
page 167.
Nasuni Filer Administration Guide 8.0
57
Volumes Page
Managing Volumes
Connecting to a Remote Volume
Connect
Remote access allows one or more Nasuni Filers to connect, using Nasuni, to a volume associated with
another Nasuni Filer. After you enable remote access to a volume, and grant permissions on a volume,
you can connect a Nasuni Filer to the remote volume. To enable remote access and grant permissions
on a volume, see “Remote Access” on page 102.
Note: If you connect to a remote volume that has multiple protocols defined (including CIFS,
NFS, and FTP), the volume inherits the same protocols as the original volume. If the
protocols for the remote volume change, the volume inherits the changed protocols.
This might take some time. You can refresh the volume connections in order to inherit
the changed protocols immediately. The Nasuni Filer must be running version 6.0 or
later software in order to connect to a remote volume that has multiple protocols
defined.
To connect to a remote volume:
1. Click Volumes, then click Connect to Remote Volume.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
Note: It can take some time for recently published volumes to display on the page. You
can click Refresh Connections to refresh the view for new volumes to appear.
A list of remote volumes available for a remote connection appears on the page.
Figure 6-6: Volumes Published by other Filers.
Tip: Shared volumes on Nasuni Filers running version 5.5 or later are not available to
Nasuni Filers running versions before version 5.5. To see shared volumes on Nasuni
Filers running version 5.5 or later, update the software to version 5.5 or later.
The following properties appear for each remote volume that is not connected:
•
Name: The name of the remote volume.
Nasuni Filer Administration Guide 8.0
58
Volumes Page
Managing Volumes
•
Connected: Whether the volume is connected: False.
•
Case Sensitive (CIFS): For CIFS volumes, an indication of whether the volume treats file
and directory names as case-sensitive: Yes or No.
Tip: Case-insensitive CIFS-only volumes perform better than case-sensitive volumes.
•
Permissions: The current permissions for the remote volume: Read Only or Read/Write.
•
Made accessible from: The name of the remote Nasuni Filer where this remote volume is
located.
The following properties appear for each connected remote volume:
•
Local Name: The local name of the remote volume.
•
Size: The amount of storage used by the remote volume, not including snapshots.
Note: Nasuni’s display of size might differ from other indications of size, such as
Windows Explorer and other utilities. Typically, such utilities display only the size of
the data currently present in the local cache, while Nasuni displays the full size,
regardless of where the data is.
•
Protocol: The protocol or protocols of the remote volume: CIFS or NFS, or a combination of
CIFS, NFS, and FTP.
•
Total Shares (CIFS), Total Exports (NFS), or Total FTP Directories (FTP): For remote CIFS
volumes, the total number of CIFS shares. For remote NFS volumes, the total number of
NFS exports. For remote FTP/SFTP directories, the total number of FTP/SFTP directories.
•
Volume Pinned: Indicates whether the entire volume, namely, the root folder of the volume,
is pinned in the cache: Yes or No. You can pin the volume, or individual folders, to the cache
as detailed in “Pinning Folders in the Cache” on page 224.
•
Connected: Whether the volume is connected: True.
•
Case Sensitive (CIFS): For CIFS volumes, an indication of whether the volume treats file
and directory names as case-sensitive: Yes or No.
Tip: Case-insensitive CIFS-only volumes perform better than case-sensitive volumes.
•
Permissions: The current permissions for the remote volume: Read Only or Read/Write.
•
Made accessible from: The name of the remote Nasuni Filer where this remote volume is
located.
•
New Data in Cache: The amount of new data that has been saved to the remote volume’s
cache, but has not yet been protected in cloud storage.
•
Last Snapshot: Date and time of last snapshot of the remote volume, or “No snapshots” if
there are no snapshots.
Nasuni Filer Administration Guide 8.0
59
Volumes Page
Managing Volumes
2. To access a remote volume that is not connected, click Connect to Volume. The Connect to
Remote Volume page appears.
Figure 6-7: Connect to Remote Volume page.
3. Optionally, provide a different local name for the volume, if needed, in the Local Name text box.
Volume descriptions are important for identification purposes.
4. From the Storage Access drop-down list, select one of the following ways to deal with shares
or exports from the remote volume:
•
Inherit storage access points: To inherit the CIFS share or NFS export settings from the
remote volume.
•
Create default storage access points: To automatically create a CIFS share or NFS export
for the remote volume on your Nasuni Filer, but without inheriting the CIFS share or NFS
export settings from the remote volume.
•
Skip creating storage access points: To skip creating a new CIFS share or NFS export.
5. In the Inherit Settings area, select or deselect the setting that you want to inherit from the
remotely accessible volume.
6. Click Connect Remote Volume to access the remote volume. The message “Your filer has
been granted access” appears. Click x to close the message.
7. The volume on the remote Nasuni Filer appears in the Remote Volumes list, with a Connected
status of True.
You can now access data on the selected remote volume.
Nasuni Filer Administration Guide 8.0
60
Volumes Page
Managing Volumes
Take a Snapshot Now
Take
You can take an immediate snapshot of your files, folders, and blocks from the Volumes page. To
schedule regular snapshots, see “Snapshot Scheduling” on page 107.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
Note: To perform consistent point-in-time snapshots of iSCSI volumes on Windows systems,
you can use the Nasuni VSS Hardware Provider. For details, see “API Access Keys” on
page 340.
To take a snapshot now:
1. Click Volumes, then click All Volumes from the list. The Volumes page appears.
Figure 6-8: Volumes page.
2. For the volume that you want to take a snapshot of, click Take snapshot now.
A message “Snapshot requested” appears. Click x to close the message box.
Nasuni Filer Administration Guide 8.0
61
Volumes Page
Viewing Volume Properties
Viewing Volume Properties
On the Volumes page, select a volume, then click Edit Properties. The Volume properties page
appears.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
The volume properties page displays configuration settings and current values for a specific volume.
Volume properties page for CIFS and NFS volumes and FTP directories
For CIFS and NFS volumes and FTP/SFTP directories, the Volume properties page looks like this:
Figure 6-9: Volume properties page for CIFS volume.
To change settings, you can click specific links, or select settings from the Properties drop-down list.
Nasuni Filer Administration Guide 8.0
62
Volumes Page
Viewing Volume Properties
If Safe Delete is enabled for this volume, and if the Delete Volume key has been pressed for this
volume, the following message appears:
Figure 6-10: Pending Safe Delete message.
If the user is one of the volume-delete-capable administrators, and deletion has not occurred, the
“Cancel Delete” button appears.
Also, if the user is one of the volume-delete-capable administrators, but not the initiator of the delete,
and deletion has not been approved, the “Approve Delete” button appears.
Also, if the user is one of the volume-delete-capable administrators, but not the initiator of the delete,
and they have approved the deletion, the “Revoke Approval” button appears.
Also, if the user is the initiator of the delete and all approvals have been received, the “Delete
Immediately” button appears.
Note: Safe Delete is only available for CIFS and NFS volumes, not for iSCSI volumes.
The following information appears for each volume:
In the Volume Overview area:
•
Name: The name of the local volume, or the local name of the remote volume. To rename
the volume, click the status. For details, see “Renaming a Volume” on page 71.
•
Case Sensitive (CIFS): For CIFS volumes, an indication of whether the volume treats file
and directory names as case-sensitive: Yes or No.
Tip: Case-insensitive CIFS-only volumes perform better than case-sensitive volumes.
•
Global Name: (Only visible on remote volumes.) The global name of the remote volume.
•
Owned By: (Only visible on remote volumes.) The remote Nasuni Filer that owns the remote
volume.
•
Cloud Provider: The name of the cloud provider for the volume.
•
Region: (Only visible on local volumes.) The location of the cloud provider for the volume.
•
Vault (for Cleversafe/IBM Cloud Object Storage volumes only): The name of the Cleversafe/
IBM Cloud Object Storage vault.
•
Size: The current size of the volume.
Note: Nasuni’s display of size might differ from other indications of size, such as
Windows Explorer and other utilities. Typically, such utilities display only the size of
the data currently present in the local cache, while Nasuni displays the full size,
regardless of where the data is.
Nasuni Filer Administration Guide 8.0
63
Volumes Page
•
Viewing Volume Properties
Quota (Maximum Capacity): The quota (maximum capacity) configuration in GB. The
default is Unlimited, up to your licensed capacity. If the quota is not Unlimited, the
percentage of the quota that is currently being used also appears. A notification occurs
when the volume reaches 90 percent of the quota and when the volume reaches the quota.
If the volume is shared, then the quota is compared to the sum of all Nasuni Filers
connected to the volume. To change the quota, click the status. For details, see “Changing
the Volume Quota” on page 74.
Note: If the licensed capacity is exceeded, you can still store more data temporarily. If
your total stored data nears or exceeds your licensed capacity, you receive
warnings to increase your licensed capacity.
In the File Monitoring area:
Note: The File Monitoring area is unavailable for iSCSI volumes.
•
File Alert Service: Indicates whether the File Alert Service (automatically notifying you when
files or directories with particular names are written to the Nasuni Filer) is Enabled or
Disabled. To enable or disable the File Alert Service, click the status. For details, see “File
Alert Service” on page 76.
•
Antivirus Service: Indicates whether the Antivirus Service is Enabled or Disabled. To enable
or disable the Antivirus Service, click the status. For details, see “Antivirus Service” on
page 78.
•
Antivirus Violations: Displays any infected files discovered by the Antivirus Service. To view
the list of Antivirus Violations, click the status. For details, see “Reviewing Infected Files” on
page 80.
•
Auditing: Indicates whether the File System Auditing service is Enabled or Disabled. To
enable or disable the File System Auditing service, click the status. For details, see “File
System Auditing” on page 82.
If external auditing is being handled by Varonis, the status also indicates “Managed by
Varonis”. To view the status of external auditing, click “Managed by Varonis”.
In the Security and Encryption area:
•
Encryption Keys: The Name, ID, and Enabled setting of the encryption keys for the volume.
To add, disable, or enable encryption keys, click the status. For details, see “Encryption Key
Management” on page 90.
•
Safe Delete: Indicates whether the Safe Delete feature is Enabled or Disabled. To enable or
disable the Safe Delete feature, click the status. For details, see “Safe Delete of volumes” on
page 97.
Note: Note: Safe Delete is only available for CIFS and NFS volumes, not for iSCSI
volumes.
If the Cloud Provider is a customer-provided cloud provider, the following appears in the
Cloud I/O area:
•
Deduplication: Before sending data to the cloud, Nasuni breaks files into optimally-sized
chunks that are then deduplicated to improve performance. This displays the status for
deduplication: Enabled or Disabled. To enable or disable deduplication, click the status. For
more details, see “Cloud I/O” on page 100.
Nasuni Filer Administration Guide 8.0
64
Volumes Page
Viewing Volume Properties
•
Compression: Before sending data to the cloud, Nasuni breaks files into optimally-sized
chunks that are then compressed to improve performance. This displays the status for
compression: Enabled or Disabled. To enable or disable compression, click the status. For
more details, see “Cloud I/O” on page 100.
•
Chunk Size: Before sending data to the cloud, Nasuni breaks files into optimally-sized
chunks to improve performance. This displays the size of the chunks. To change the chunk
size, click the value. For more details, see “Cloud I/O” on page 100.
In the Access area:
•
Protocol: The protocol or protocols of the volume: CIFS, NFS, or iSCSI, or a combination of
CIFS, NFS, and FTP.
See “Enabling multiple volume protocols” on page 161.
•
Permissions Policy: (Not visible on remote volumes.) If multiple protocols are enabled, the
selected permissions policy for the protocols, from the following:
•
UNIX/NFS Permissions Only Mode: Default mode for NFS volumes. Recommended for
primary or heavy NFS use. Not recommended for Windows users. Only the traditional
UNIX mode bits control permissions (chmod). Windows can view permissions as access
control lists (ACLs), but cannot add or remove access control entries (ACEs). Windows
CIFS users can change permissions using the Security tab of the Windows Properties
dialog box.
•
NTFS Compatible Mode: Default mode for CIFS volumes on Nasuni Filers joined to
Active Directory. This mode is required for multiple protocol support, such as NFS or
FTP/SFTP protocols, as well as CIFS/SMB. NFS and FTP/SFTP protocols cannot see all
NTFS permissions and do not obey all access rules in NTFS permissions. NFS and FTP/
SFTP protocols obey only the POSIX access control list (ACL) component of inheritance
rules. A high level of Windows compatibility is supported through the CIFS/SMB
protocol, with some limitations.
•
NTFS Exclusive Mode: Optional mode for CIFS volumes on Nasuni Filers joined to
Active Directory. Recommended for CIFS volumes that do not require mixed mode
access, because multiple protocols, such as NFS or FTP/SFTP, are not supported.
Produces full NTFS permissions, as supported on CIFS/SMB. Windows clients obey
inheritance rules. This policy has the greatest Windows compatibility.
Important: You cannot switch from NTFS Exclusive Mode to NTFS Compatible
Mode.
Important: Volumes in NTFS Exclusive Mode do not support multiple protocols.
Nasuni Filer Administration Guide 8.0
65
Volumes Page
Viewing Volume Properties
•
POSIX Mixed Mode: Default mode for CIFS volumes on Nasuni Filers joined to LDAP.
Recommended for combined CIFS and FTP/SFTP volumes, with light NFS use. Also
recommended for CIFS-only volumes with Linux or Mac clients, with UNIX extensions
enabled. Access control lists (ACLs) are supported entirely through POSIX ACLs.
Windows clients receive mapping of POSIX ACLs to NTFS ACLs. However, the
mappings are not as complete as mappings done for NTFS Compatible Mode. NFS
clients cannot view the ACLs.
The NFSv4 protocol automatically translates the underlying ACLs to NFSv4 ACLs. The
common tools for managing POSIX ACLs are not supported on NFSv4. To manage
ACLs using NFSv4, you must use the NFSv4 ACL tools. Not all Nasuni Filers support
NFSv4. You can check whether NFSv4 is supported on the NFS Status page (Nasuni
Filers) or the Exports page (NMC).
•
Unauthenticated Access Mode: Default mode for CIFS volumes on Nasuni Filers that
are not joined to Active Directory or to LDAP. Recommended for CIFS Public-mode
volumes. For CIFS clients, this mode acts as an open share. For all other protocols, this
mode acts identically to POSIX Mixed Mode.
•
CIFS Authentication: (Not visible on remote volumes.) (CIFS only) The authentication mode
for this volume: Authenticated Access (meaning either Active Directory or LDAP Directory
Services), or Publicly Available.
•
Total Shares (CIFS), Total Exports (NFS), or Total FTP Directories (FTP): Total number of
CIFS shares, NFS exports, or FTP/SFTP directories. To add or edit CIFS shares, NFS
exports, or FTP/SFTP directories, click the status. For details, see “Adding a New CIFS
Share to a Volume” on page 125, “Adding an NFS Export to a Volume” on page 143, or
“Adding FTP directories for a volume” on page 153.
•
Remote Access: (Not visible on remote volumes.) The setting of remote access for this
volume: Enabled or Disabled. To enable or disable remote access, click the status. For
details, see “Remote Access” on page 102.
•
Remote Access Type: (Only visible on remote volumes.) The type of access permitted to
this remote volume: Read/Write or Read Only. For details, see “Remote Access” on
page 102.
In the Cache Management area:
•
New Data in Cache: The amount of new data that has been saved to the cache, but has not
yet been protected in cloud storage. To view unprotected files in the cache, see
“Unprotected Files” on page 414.
•
Pinned Folders: Indicates the number of folders pinned in the cache. To pin folders to the
cache, click the status. For details, see “Pinning Folders in the Cache” on page 224. To view
unprotected files in the cache, see “Unprotected Files” on page 414.
Nasuni Filer Administration Guide 8.0
66
Volumes Page
•
Viewing Volume Properties
Auto Caching Folders: Indicates the number of folders with Auto Cache (immediately
bringing data from other Nasuni Filers into the local cache) enabled. To enable Auto Cache
for folders, click the status. For details, see “Enabling Auto Cache for Folders” on page 225.
To enable or disable Auto Cache for a volume, see “Enabling or Disabling Auto Cache for
Volumes” on page 105.
Note: Auto Cache must be enabled for a volume before Auto Cache is enabled for a
folder in the volume.
In the Snapshots and Synchronization area:
•
Last Snapshot: Date and time of last snapshot, or “No snapshots” if there are no
snapshots.
•
Snapshot Schedule: The schedule for snapshots. If there is no schedule for snapshots,
indicates Disabled. To schedule snapshots, click the status. For details, see “Snapshot
Scheduling” on page 107.
•
Sync Schedule: (Only available for remotely accessible volumes.) The schedule of when the
volume synchronizes data (“syncs”) from Nasuni, merging local data with data from other
Nasuni Filers connected to this volume. If there is no schedule for syncs, indicates Disabled.
To schedule syncs, click the status. For details, see “Sync Scheduling” on page 110. To
enable or disable Auto Cache for a volume, see “Enabling or Disabling Auto Cache for
Volumes” on page 105.
Note: A sync happens before every snapshot.
Note: On volumes with global locking enabled, global locking provides file
synchronization independently of snapshot and synchronization processing.
•
Snapshot Directory Access: Indicates whether access to the snapshot directory for the
volume is Enabled or Disabled. To enable or disable snapshot directory access for a volume,
click the status. For details, see “Snapshot Directory Access” on page 113.
•
Snapshot Retention: (Not visible on remote volumes.) The snapshot retention policy. To
configure a snapshot retention policy, click the status. For details, see “Snapshot Retention”
on page 115.
•
Prioritize Snapshot: Indicates Prioritized Snapshot for the volume is Enabled or Disabled.
To enable or disable Prioritized Snapshot for a volume, click the status. For details, see
“Prioritized Snapshot” on page 117.
The Delete Volume button appears at the bottom of the Volume properties page for local volumes. To
delete a volume, click the button. For details, see “Deleting a Volume” on page 121.
The Disconnect Volume button appears at the bottom of the Volume properties page for remote
volumes. To disconnect a volume, click the button. For details, see “Disconnecting from a Remote
Volume” on page 209.
The Take snapshot now button appears at the bottom of the Volume properties page. To take a
snapshot, click the button. For details, see “Take a Snapshot Now” on page 61.
Nasuni Filer Administration Guide 8.0
67
Volumes Page
Viewing Volume Properties
Volume properties page for iSCSI volumes
For iSCSI volumes, the Volume properties page looks like this:
Figure 6-11: Volume properties page for iSCSI volume.
To change settings, you can click specific links, or select settings from the Properties drop-down list.
The following information appears for each volume:
In the Volume Overview area:
•
Name: The name of the volume. To rename the volume, click the status. For details, see
“Renaming a Volume” on page 71.
•
Cloud Provider: The name of the cloud provider.
•
Region: The location of the cloud provider.
•
LUN Size: Size of the iSCSI volume in GB.
Note: Nasuni’s display of size might differ from other indications of size, such as
Windows Explorer and other utilities. Typically, such utilities display only the size of
the data currently present in the local cache, while Nasuni displays the full size,
regardless of where the data is.
Nasuni Filer Administration Guide 8.0
68
Volumes Page
Viewing Volume Properties
In the Security and Encryption area:
•
Encryption Keys: The Name, ID, and Enabled setting of the encryption keys for the volume.
To add, disable, or enable encryption keys, click the status. For details, see “Encryption Key
Management” on page 90.
If the Cloud Provider is a customer-provided cloud provider, the following appears in the
Cloud I/O area:
•
Deduplication: Before sending data to the cloud, Nasuni breaks files into optimally-sized
chunks that are then deduplicated to improve performance. This displays the status for
deduplication: Enabled or Disabled. To enable or disable deduplication, click the status. For
more details, see “Cloud I/O” on page 100.
•
Compression: Before sending data to the cloud, Nasuni breaks files into optimally-sized
chunks that are then compressed to improve performance. This displays the status for
compression: Enabled or Disabled. To enable or disable compression, click the status. For
more details, see “Cloud I/O” on page 100.
•
Chunk Size: Before sending data to the cloud, Nasuni breaks files into optimally-sized
chunks to improve performance. This displays the size of the chunks. To change the chunk
size, click the value. For more details, see “Cloud I/O” on page 100.
In the Access area:
•
Protocol: The protocol used for the volume: iSCSI. To edit the iSCSI settings, click the
Protocol. For details, see “Changing iSCSI Settings” on page 72.
•
Target Name: The iSCSI Qualified Name of the iSCSI target, in this format:
•
iqn.
•
Date that the naming authority took ownership of the domain, in yyyy-mm format.
•
“.” followed by the reversed domain name of the authority, such as com.nasuni.
•
“:” followed by a storage target name specified by the naming authority.
Example: iqn.2008-11.com.nasuni:filer.nasuni.net:51
To edit the iSCSI settings, click Target Name. See “Changing iSCSI Settings” on page 72.
In the Cache Management area:
•
New Data in Cache: The amount of new data that has been saved to the cache, but has not
yet been protected in cloud storage. This might not match the amount of data written to the
volume, because of the presence of metadata.
•
Volume Pinned: Indicates whether the volume is pinned in the cache: Yes. iSCSI (SAN)
volume data is always resident (pinned) in the cache.
In the Snapshots and Synchronization area:
•
Last Snapshot: Date and time of last snapshot, or “No snapshots” if no snapshots.
•
Snapshot Schedule: The schedule for snapshots. If there is no schedule for snapshots,
indicates Disabled. To schedule snapshots, click the status. For details, see “Snapshot
Scheduling” on page 107.
•
Snapshot Retention: The snapshot retention policy. To configure a snapshot retention
policy, click the status. For details, see “Snapshot Retention” on page 115.
Nasuni Filer Administration Guide 8.0
69
Volumes Page
Viewing Volume Properties
The Delete Volume button appears at the bottom of the Volume properties page. To delete a volume,
click the button. For details, see “Deleting a Volume” on page 121.
The Take snapshot now button appears at the bottom of the Volume properties page. To take a
snapshot, click the button. For details, see “Take a Snapshot Now” on page 61.
Data Growth Chart
A chart of Data Growth for the selected volume appears at the bottom of the Volume properties page.
Figure 6-12: Data Growth chart for selected volume.
This shows the total amount of stored data (on the vertical axis) versus time (along the horizontal axis).
This chart includes both data and metadata. The amount of data is shown in units such as KB, MB, GB,
and TB. The length of time is shown by month and day. The data growth chart updates automatically
every 5 minutes.
You can select the time period of this chart by clicking the drop-down list and selecting one of the
following time periods:
•
Previous 7 days.
•
Previous 14 days.
•
Previous 30 days.
•
Previous 90 days.
•
All time.
If you hover the mouse over any part of the chart, a label appears displaying details about the amount
of data in that volume at that date and time.
Figure 6-13: Details of data and time on Data Growth chart.
To zoom in on a specific range of displayed data, click the chart at the high end of the range you want,
then drag to the low end of the range you want, then release. The chart rescales to zoom in on the
selected range.
To reset the zoom to the default display, click Reset zoom.
Nasuni Filer Administration Guide 8.0
70
Volumes Page
Changing Volume Properties
Changing Volume Properties
Edit
You can change many of the properties of a volume on the Volume properties page.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
Renaming a Volume
Rename
You can rename a volume.
Note: If a snapshot is in progress when you attempt to rename a volume, you receive a
message to retry after the snapshot is complete.
See www.nasuni.com/support/documentation for a worksheet for planning configurations.
To rename a volume:
1. Click Volumes, then select the volume from the list. The Volumes page appears.
2. Select a volume, then click Edit Properties. The Volume properties page appears.
3. Click the Name of the volume. The Rename Volume dialog box appears.
Figure 6-14: Rename Volume dialog box.
4. Enter the new name for the volume in the Name text box.
Note: For iSCSI volumes, the iSCSI volume name is used to generate the target name.
This includes changing any upper-case letters to lower-case, and changing any
non-ASCII symbols to their hex code.
5. Click Save. Your changes are saved. The confirmation message “Successfully changed volume
name” appears.
To exit the dialog box without changing the volume name, click Cancel.
Nasuni Filer Administration Guide 8.0
71
Volumes Page
Changing Volume Properties
Changing iSCSI Settings
Edit
You can change the settings of iSCSI volumes after the iSCSI volume is created.
See www.nasuni.com/support/documentation for a worksheet for planning configurations.
To change the settings of an iSCSI volume:
1. Click Volumes, then select the iSCSI volume from the list.
2. The Volume properties page appears.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
3. From the Properties drop-down list, select iSCSI Settings. The iSCSI Settings page appears.
Figure 6-15: iSCSI Settings page.
4. In the Target Name text box, you can change the Target Name. The Target Name is created
automatically using the volume name. However, you can change the Target Name that was
automatically generated. The Target Name is the iSCSI Qualified Name of the iSCSI target, in
this format:
•
iqn.
•
Date that the naming authority took ownership of the domain, in yyyy-mm format.
•
“.” followed by the reversed domain name of the authority, such as com.nasuni.
•
“:” followed by a storage target name specified by the naming authority.
Example: iqn.2008-11.com.nasuni:filer.nasuni.net:51
Nasuni Filer Administration Guide 8.0
72
Volumes Page
Changing Volume Properties
5. In the Volume Size text box, enter the Volume Size, in GB.
Note: All iSCSI (SAN) volume data is pinned in the cache. Therefore, the Volume Size of
an iSCSI volume is limited by the size of the cache. iSCSI volumes can use up to 75
percent of the cache. The computed limit is displayed.
Note: The Volume Size of an iSCSI volume can be increased, if necessary, but not
decreased.
6. To control which hosts are allowed to connect to this volume, in the Allowed Hosts text box,
you can change the comma-separated list of the IP addresses or subnet addresses that are
allowed to access this volume. If you leave this field blank, all hosts on your network have
access to this volume without restrictions.
7. To restrict access to this iSCSI volume, in the CHAP User Name text box, you can enter a
Challenge-Handshake Authentication Protocol (CHAP) User Name that initiators must log in
with. In the CHAP Password text box, you can enter a Challenge-Handshake Authentication
Protocol (CHAP) Password that initiators must log in with.
8. Click Save. The changes to the iSCSI settings are saved.
Nasuni Filer Administration Guide 8.0
73
Volumes Page
Changing Volume Properties
Changing the Volume Quota
Edit
For CIFS and NFS volumes and FTP/SFTP directories, the volume quota (maximum capacity) enables
you to limit the amount of storage space for a volume, including snapshots. This helps you to control
your storage costs. Although unlimited storage space is available, the volume is limited to the volume
quota, which is limited by your licensed capacity. Nasuni recommends that you only increase quotas
rather than decrease them.
Note: A notification occurs when the volume reaches 90 percent of the quota. Another
notification occurs when the volume reaches the quota. If the volume is shared, then
the quota is compared to the sum of all Nasuni Filers connected to the volume. If your
total stored data nears or exceeds your licensed capacity, you receive warnings to
increase your licensed capacity. If the licensed capacity is exceeded, you can still store
more data temporarily.
See www.nasuni.com/support/documentation for a worksheet for planning configurations.
To modify a volume quota:
1. Click Volumes, then select the volume from the list.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. The Volume properties page appears. The Quota setting is visible.
Figure 6-16: Quota setting.
3. Click the Quota setting. The Change Volume Quota dialog box appears.
Figure 6-17: Change Volume Quota dialog box.
4. Set the maximum volume capacity by entering a quota value (in gigabytes or fractions of a
gigabyte, such as 6.8) in the Quota text box. Entering a “0” configures the quota to an unlimited
capacity (up to your licensed capacity). If the volume is shared, then the quota is compared to
the sum of all Nasuni Filers connected to the volume.
Nasuni Filer Administration Guide 8.0
74
Volumes Page
Changing Volume Properties
5. Click Save. Your changes are saved. The confirmation message “Successfully changed volume
quota” appears.
Directory Quotas
Edit
You can view, edit, and delete the current directory quota rules and quotas for a volume. Quotas are
available for CIFS and NFS volumes and FTP/SFTP directories, but not for iSCSI volumes.
Note: You set directory quotas on the File Browser page. For details, see “Setting Quota or
Rule” on page 221.
Note: You configure directory quota reports on the Configuration page. For details, see
“Quota Settings” on page 358.
To view, edit, or delete directory quotas, follow these steps:
1. Click Volumes, then select the volume from the list.
2. The Volume properties page appears. Click Properties, then click Quotas. The Quota page
appears.
Figure 6-18: Quota page.
In the Quota Rules list, each directory quota rule in the volume appears with the Location
controlled by the quota rule, an optional email address to notify when the data in the location
nears or exceeds the Limit, and the Limit for the quota rule.
In the Applied Quotas list, each directory quota in the volume appears with the Location
controlled by the quota, an optional email address to notify when the data in the location nears
or exceeds the Limit, the Limit for the quota rule, the Total Used data in the directory, and the
Percent Used data in the directory.
3. To edit a directory quota rule or directory quota, click Edit and change the optional Email
address or the Limit. When finished, click Save Quota.
Tip: If User Folders Support is enabled for the CIFS share that the directory is in, then the
email address of the directory owner is used automatically. This eliminates the
necessity of manually entering hundreds of email addresses for multi-user systems.
See step q on page 131.
4. To delete a directory quota rule or quota, click Delete.
Nasuni Filer Administration Guide 8.0
75
Volumes Page
Changing Volume Properties
File Alert Service
Enable file alert service
The File Alert Service triggers an alert (no more than one per day) in the Notifications system when files
and directories whose names match patterns you specify are written to the Nasuni Filer. This can be
valuable in tracking certain special files for compliance purposes, such as files or directories that
contain text like “HIPAA”.
You can use wildcards when you specify each pattern. For example, if you specify *.mp3, you receive
an alert (no more than one per day) when any files whose names end in .mp3 are written to the Nasuni
Filer. You can also view the file alert logs in the .nasuni/file_alerts directory.
Note: File alerts configured here apply only to the local Nasuni Filer, and not to any other
Nasuni Filer. To enable file alerts on other Nasuni Filers in a multi-site configuration,
you must configure the other Nasuni Filers individually. To administer file alerts
consistently on multiple Nasuni Filers, use the Nasuni Management Console.
If you have configured email settings, you receive an email (no more than one per day) when names of
files or directories match one of the patterns. To configure email settings, see “Email Settings” on
page 285.
Note: If a match is detected, you receive no more than one alert per day. The alert contains
the path to a complete log file containing all detected matches.
See www.nasuni.com/support/documentation for a worksheet for planning configurations.
To configure the File Alert Service:
1. Click Volumes, then select the volume from the list.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. The Volume properties page appears. The File Alert Service setting is visible.
Figure 6-19: File Alert Service setting.
Nasuni Filer Administration Guide 8.0
76
Volumes Page
Changing Volume Properties
3. Click the File Alert Service setting. Alternatively, select File Alert Service from the Properties
drop-down list. The File Alert Service page appears.
Figure 6-20: File Alert Service page.
4. To enable the File Alert Service, select enabled from the File Alert Service is drop-down list. To
disable the File Alert Service, select disabled from the File Alert Service is drop-down list.
5. If the File Alert Service is enabled, enter name patterns in the File/Directory Patterns text box.
Enter one name pattern per line. You can use glob syntax wildcards when you specify each
pattern, such as the following:
Wildcard
Meaning
Example
*
Matches any number of *.mp3
any character.
means any file name that ends with “mp3”.
?
Matches any one
character.
test.mp?
means file names like “test.mp3” or “test.mp4”.
[sequence]
Matches any character
in the specified
sequence.
[A-Z]*.*
means file names that start with an upper-case
letter.
[!sequence] Matches any character
NOT in the specified
sequence.
[!A-Z]*.*
means file names that do not start with an uppercase letter.
6. Click Save. Your changes are saved.
Nasuni Filer Administration Guide 8.0
77
Volumes Page
Changing Volume Properties
Antivirus Service
Enable antivirus service
The Antivirus Service provides protection against viruses and other malware in files on a volume. The
Antivirus Service scans every new or modified file for the presence of viruses and other malware. The
entire file is scanned, not just the changed part. Files are scanned when included in a snapshot, but not
during Global Locking processing. If a scanned file is found to be infected, the authorized administrator
has the option to ignore the infection. Only files with no detected malware, or infected files that the
authorized administrator deliberately ignores, are allowed into cloud storage.
The Nasuni Filer Antivirus Service uses the Clam AntiVirus (ClamAV®) open-source antivirus engine.
Synchronization with the ClamAV virus database occurs within four hours of an update. Customers can
report false positives here.
The Antivirus Service scans container files (such as .zip files) as large as 100 MB, and non-container
files as large as 25 MB.
You can enable or disable antivirus protection at the volume level.
The Antivirus Service setting is inherited by connecting Nasuni Filers. For example, if the Boston Nasuni
Filer enables the Antivirus Service for a volume, and the London Nasuni Filer connects to that volume,
then the Antivirus Service is also enabled for that volume on the London Nasuni Filer. In such a case,
there might be a brief time lag before the London Nasuni Filer inherits that setting.
Note: The Antivirus Service is available for CIFS and NFS volumes and FTP/SFTP directories.
The Antivirus Service is not available for iSCSI volumes.
Note: Antivirus violations are displayed in the Nasuni Filer or Nasuni Management Console,
and are also logged to the .nasuni/av_violations/ folder of the volume. In the
Antivirus log file, each violation entry is of the form:
<DATE> <TIME> <TIMEZONE> New AV violation: <SIGNATURE> found: <PATH>
Example:
2015-09-08 14:32:33 GMT New AV violation: EicarSignature found: /ei.txt
See www.nasuni.com/support/documentation for a worksheet for planning configurations.
Enabling and Disabling Antivirus Service
Note: Only the volume owner can enable or disable the Antivirus Service for a volume. In
particular, you cannot enable or disable the Antivirus Service for a remote volume.
To configure the Antivirus Service:
1. Click Volumes, then select the volume from the list.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
Nasuni Filer Administration Guide 8.0
78
Volumes Page
Changing Volume Properties
2. The Volume properties page appears. The Antivirus Service setting is visible.
Figure 6-21: Antivirus Service setting.
3. Click the Antivirus Service setting. Alternatively, select Antivirus Service from the Properties
drop-down list. The Antivirus Service page appears.
Figure 6-22: Antivirus Service page.
4. To enable the Antivirus Service, select enabled from the “Volume Antivirus Service is” dropdown list. To disable the Antivirus Service, select disabled from the “Volume Antivirus Service
is” drop-down list.
If you select enabled, then configure the Antivirus Service by performing these steps:
a. For volumes on which the CIFS protocol has been enabled only, to check files as they are
written to the Nasuni Filer, in addition to the specified Antivirus Service schedule, select
enabled from the “Check files immediately” drop-down list. Otherwise, select disabled
from the “Check files immediately” drop-down list.
Note: Enabling “Check files immediately” can have a small effect on performance.
Nasuni Filer Administration Guide 8.0
79
Volumes Page
Changing Volume Properties
b. In the Scanning Schedule area, select the days for Antivirus Service scanning to occur (for
example, Sunday to Saturday).
Note: In addition to the specified Scanning Schedule, an antivirus scan is performed
automatically with every snapshot.
c. To specify scanning 24 hours a day, select the 24 Hours/Day check box.
Alternatively, select the hour for scanning to start from the Start drop-down list. Select the
hour for scanning to stop from the Stop drop-down list.
d. For the specified time period, select the frequency for Antivirus Service scanning to occur
from the Frequency drop-down list. If the volume does not have Remote Access enabled,
your choices are 1, 2, 4, 8, 12, or 24 (hours). If the volume does have Remote Access enabled,
your choices are 1, 5, 10, 25, or 30 (minutes), or 1, 2, 4, 8, 12, or 24 (hours).
5. Click Save. Your changes are saved.
Reviewing Infected Files
Review
If the Antivirus Service finds any files infected with a virus or other malware, that information is
displayed on the volume’s Volume properties page. The authorized administrator must review each
infected file before that file is allowed into cloud storage.
To review infected files:
1. Click Volumes, then select the volume from the list.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. The Volume properties page appears. The Antivirus Violations setting is visible.
Figure 6-23: Antivirus Violations setting.
Nasuni Filer Administration Guide 8.0
80
Volumes Page
Changing Volume Properties
3. Click the Antivirus Violations setting. Alternatively, select Antivirus Violations from the
Properties list. The Antivirus Violations page appears.
Figure 6-24: Antivirus Violations page.
A list appears showing the files that are infected with a virus or other malware. For each file in
the list, the complete file path and file name, infection name, and list of available actions
appears.
4. For each file in the list, click either Ignore or Delete File.
To ignore a detected infection and permit the infected file to enter cloud storage, click Ignore.
The Confirm File Ignore dialog box appears. Click Confirm Ignore. The infected file is
permitted to enter cloud storage.
Note: The Nasuni Filer records the name of the authorized administrator who authorizes
ignoring the infected file.
Alternatively, to delete the infected file and prevent the infected file from entering cloud storage,
click Delete File. The Confirm File Delete dialog box appears. Click Confirm Delete. The
infected file is deleted.
5. After all the infected files have been ignored or deleted, the message “No data available in
table” appears.
Nasuni Filer Administration Guide 8.0
81
Volumes Page
Changing Volume Properties
File System Auditing
Take
You can configure extensive file system auditing and logging of operations for a volume.
As an alternative to Nasuni’s own auditing options, Nasuni also supports auditing by Varonis. Events
created by the Nasuni Filer propagate to the Varonis monitoring infrastructure. For more details, see
“External Auditing Status” on page 85 and “Varonis Configuration” on page 87.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
Tip: Auditing volume events such as Create, Delete, Rename, and Security can aid in
recovering from ransomware attacks.
Note: It is possible that occasionally a specified operation might not be audited and logged,
such as when a Nasuni Filer reboots or restarts. Also, if events occur faster than the
auditing, a “Lost Events” entry is made in the log file.
Note: If you remove a destination that a volume is using for Varonis or AMQP auditing,
auditing becomes disabled for that volume.
Tip: Log files take up space. To reduce the amount of space necessary for log files, you can:
limit the number of event categories to audit, limit which volumes to audit, use filters to
reduce the directories or files to audit, and limit the log file retention period.
To configure file system auditing for a volume, follow these steps:
1. Click Volumes, then select the volume from the list.
2. The Volume properties page appears. The current Auditing status appears in the File
Monitoring area.
Nasuni Filer Administration Guide 8.0
82
Volumes Page
Changing Volume Properties
3. From the Properties drop-down list, select Auditing. The Auditing Configuration page
appears.
Figure 6-25: Top portion of Auditing Configuration page.
Tip: No changes on this page are saved until you click Save.
4. If this volume has external auditing selected (such as Varonis), the content on this page is
unavailable, except for the “Revert control to Filer” button. To revert control of auditing to the
Nasuni Filer, click “Revert control to Filer”. For details on external auditing, see “External
Auditing Status” on page 85.
5. To enable file system auditing for this volume, click Auditing Enabled.
Important: When you enable file system auditing for this volume, auditing log files are
written to the .nasuni\audit\<filerdescription>\<yyyymmdd>
directory, where filerdescription is the description of the Nasuni Filer
and yyyymmdd is the date of the log file. For details on log files, see “Log file
location and format” on page 87.
6. In the Event Types area, select the operations to include in file system auditing, from these
choices:
•
Create: Operations that create files, directories, or links.
•
Delete: Operations that delete files or directories.
•
Rename: Operations that rename files or directories.
•
Close: Operations that close files.
Nasuni Filer Administration Guide 8.0
83
Volumes Page
Changing Volume Properties
•
Security: Changes to file or directory ownership or permission.
•
Metadata: Changes to update time and extended attributes.
•
Write: Operations that write or truncate files.
•
Read: Operations that read files or directories.
Note: Some event types generate a greater load and result in greater traffic.
7. To delete log files older than a specified number of days, select Prune Audit Logs and enter a
number greater than zero in Days to Keep. If Prune Audit Logs is not selected, or if Days to
Keep is zero, audit logs are not deleted.
8. To audit operations only for specified directories or files, select Exclude by Default and enter
the specific directories or files to include in the Include Patterns text box.
Figure 6-26: Bottom portion of Auditing Configuration page.
Separate the patterns with a comma or by placing a pattern on a new line. You can use glob
syntax wildcards when you specify each pattern, such as the following:
Wildcard
Meaning
Example
*
Matches any number of
any character.
*.mp3
means any file name that ends with “mp3”.
?
Matches any one
character.
test.mp?
means file names like “test.mp3” or “test.mp4”.
[sequence]
Matches any character
in the specified
sequence.
[A-Z]*.*
means file names that start with an upper-case
letter.
[!sequence]
Matches any character
NOT in the specified
sequence.
[!A-Z]*.*
means file names that do not start with an uppercase letter.
9. To audit operations for directories or files in the Include Patterns text box, even if those
directories or files are logically part of the entries in the Exclude Patterns text box, select
Include List Takes Priority.
Nasuni Filer Administration Guide 8.0
84
Volumes Page
Changing Volume Properties
10. To include specified directories or files in audit operations, such as *.tmp files, enter the
specific directories or files to include in the Include Patterns text box. Separate the patterns
with a comma or by placing a pattern on a new line. You can use glob syntax wildcards when
you specify each pattern, as described in step 8.
11. To exclude specified directories or files from audit operations, such as *.tmp files, enter the
specific directories or files to exclude in the Exclude Patterns text box. Separate the patterns
with a comma or by placing a pattern on a new line. You can use glob syntax wildcards when
you specify each pattern, as described in step 8.
12. Click Save.
The specified operations for the specified directories and files are audited and written in log files
for later use.
External Auditing Status
Nasuni can use an external auditing service, such as Varonis. To complete configuration of the Varonis
application to use Nasuni auditing events, you must provide a Nasuni API access key. For details of the
Varonis configuration, see “Varonis Configuration” on page 87. For details about the Nasuni access
key, see “API Access Keys” on page 340.
If auditing is being handled by an external service, such as Varonis, the status is available on the
External Auditing Status page.
To view the External Auditing Status page, follow these steps:
1. Click Volumes, then select the volume from the list.
The Volume properties page appears. The current Auditing status appears in the File
Monitoring area.
Nasuni Filer Administration Guide 8.0
85
Volumes Page
Changing Volume Properties
2. Click Enabled. The External Auditing Status page appears.
Figure 6-27: External Auditing Status page.
The following information appears:
•
Type: The type of auditing service, including Varonis.
•
AMQP Audit Destination: The name of the AMQP server of the external auditing service,
such as the Varonis server, specified by the external auditing service.
•
Host: IP address of the AMQP server of the external auditing service, such as the Varonis
server, specified by the external auditing service..
•
Status: The status of the current connection, including the following:
•
Connected: Connected to the auditing service.
•
Connecting: A temporary status while attempting to connect to the auditing service.
•
Re-connecting: A temporary status while attempting to re-connect after a previous
successful connection.
•
Down: Attempts to connect have failed.
•
Details: Details of the current status of the connection, such as “Connection
reestablished ...”.
•
Connection established: Date and time (UTC) when the current connection was
established.
•
Connection Uptime: Length of time of the current connection.
Nasuni Filer Administration Guide 8.0
86
Volumes Page
•
Changing Volume Properties
Latest update: Date and time (UTC) of the latest update from the current connection.
Varonis Configuration
Nasuni can use an external auditing service, such as Varonis. When specifying a file server on the File
Server Wizard of the Varonis Management Console, for example:
•
Select Common from the left-hand menu.
•
Enter the name or IP address of the Nasuni Filer as the “File server name”.
•
Select Nasuni from the “File server type” drop-down list. Alternatively, if you click “Detect File
Server Type”, Nasuni is chosen.
•
After selecting Nasuni as the “File server type”, the “Nasuni Management API Settings” pane
appears.
•
Enter the Nasuni API Access Key Name (from the Configuration → API Access Keys page)
as the “Access key name”. For details about the Nasuni access key, see “API Access
Keys” on page 340.
•
Enter the Nasuni API Access Key Passcode (from the Configuration → API Access Keys
page) as the “Access key passcode”. For details about the Nasuni access key, see “API
Access Keys” on page 340.
When specifying shares on the File Server Wizard of the Varonis Management Console, for example:
•
Select Shares from the left-hand menu.
•
The unhidden CIFS shares of the Nasuni Filer appear in the “Available Shares” area.
•
•
•
To move a share to the “Registered Shares” area, select the share, then click the down
arrow.
In the “Registered Shares” area, you can perform the following:
•
Enable whether to collect Events on the share.
•
Enable whether to crawl/monitor the share.
In the Automatic Detection area, you can perform the following:
•
Specify what to do with new shares, by selecting “Automatically detect shares” to be
either Never, “Detect and notify”, “Detect and Monitor”, or “Detect, Monitor, and
Notify”.
•
Specify the frequency of notification by selecting Notify to be Always or Once.
Log file location and format
Log files are written to the .nasuni\audit\<description>\<yyyymmdd> directory, where
description is the description of the Nasuni Filer and yyyymmdd is the date of the log file.
Note: If this is a shared volume, entries from multiple Nasuni Filer may appear in the same
<description> directory.
Log file names are in the format audit-<timestamp>.csv, where timestamp is the GMT time of the
log file. A sample log file name is audit-10-07-57-494069.csv.
Nasuni Filer Administration Guide 8.0
87
Volumes Page
Changing Volume Properties
Note: You cannot access the log files from the Nasuni Management Console or from the
Nasuni Filer. You must mount the volume and access the appropriate directory.
Each line of the log file is a record for a single audited operation. Each record includes the following
information, if available, separated by commas.
Here is a sample log file record:
2013-09-19 22:48:39.697221,Read,Read Directory,/.snapshot,,FOREST1\
jjones,FOREST1\domain users,S-1-5-21-4239937795-3974351056921346076-1113,files,CIFS,10.10.10.10,
•
Timestamp (UTC) of the audited operation, such as “2013-09-19 22:48:39.697221” in the
example above.
•
Category of the operation, from the Event Types above, such as “Read” in the example above.
•
Event type as a subtype of the category, such as the following:
•
Create: Create Directory or Create File.
•
Delete: Delete Directory or Delete File.
•
Read: Read Directory or Read File, such as “Read Directory” in the example above.
•
Security: Change Owner, Change Permissions, Set ACL, or Set DOS Attribute.
•
Write: Truncate File or Write to File.
•
Path/from of the item, such as “/.snapshot” in the example above.
•
New path/to of the item (if appropriate), such as “” in the example above.
•
User of the item (if appropriate), such as “FOREST1\jjones” in the example above.
•
Group of the user (if appropriate), such as “FOREST1\domain users” in the example above.
•
SID (for Active Directory) of the CIFS item (if appropriate), such as “S-1-5-21-42399377953974351056-921346076-1113” in the example above.
•
Share name for the item (for CIFS volumes only, if appropriate), such as “files” in the
example above.
•
Volume type of the item: CIFS, NFS, FTP, or Internal, such as “CIFS” in the example above.
Internal refers to events that are generated by internal processes that don’t use the external
protocols.
•
Client IP address that caused the event (for CIFS volumes only, if appropriate), such as
“10.10.10.10” in the example above.
•
Snapshot timestamp (UTC), if event occurred on an item in a snapshot, such as “” in the
example above.
Here is a sample log file record:
2013-09-19 22:48:39.697221,Read,Read Directory,/.snapshot,,FOREST1\
jjones,FOREST1\domain users,S-1-5-21-4239937795-3974351056921346076-1113,files,CIFS,10.10.10.10,
Each log file contains at most 100,000 records. For additional records, a new log file is created.
Nasuni Filer Administration Guide 8.0
88
Volumes Page
Changing Volume Properties
Note: It is possible that occasionally a specified operation might not be audited and logged,
such as when a Nasuni Filer reboots or restarts. Also, if events occur faster than the
auditing, a “Lost Events” entry is made in the log file.
Nasuni Filer Administration Guide 8.0
89
Volumes Page
Changing Volume Properties
Encryption Key Management
On the Encryption Keys page, you can view the status of current encryption keys and view information
on all encryption keys. You can add an encryption key to a volume, and enable or disable encryption
keys.
All data on a volume is encrypted using one or more encryption keys before being sent to cloud
storage. Volumes may be encrypted with one or more encryption keys, and encryption keys may be
used for any number of volumes.
There are several actions you can perform on encryption keys, including adding new encryption keys,
enabling or disabling encryption keys, escrowing encryption keys with Nasuni, and, under certain
circumstances, deleting encryption keys.
All uploaded encryption keys should be at least 2048 bits long.
Warning: Do NOT save encryption key files to a volume on a Nasuni Filer. You will NOT
be able to use these to recover data. This is NOT how to upload encryption
keys to a Nasuni Filer. To upload encryption keys to a Nasuni Filer, use the
Encryption Keys page.
At least one encryption key must be enabled for a volume, but several encryption keys can be enabled
at the same time. When multiple encryption keys are enabled, all of the enabled encryption keys are
used to encrypt data in such a way that any one of the encryption keys can decrypt the data.
There are several reasons you might want to disable an encryption key, such as, when someone with
access to the encryption key leaves the company, or if your enterprise has a policy of rotating
encryption keys periodically. When you disable an encryption key, no future data is encrypted with that
encryption key. However, all data previously encrypted by that disabled encryption key remains
encrypted by that disabled encryption key. For this reason, before you disable an encryption key, you
should consider establishing a snapshot retention policy that removes the data that was encrypted with
the disabled encryption key.
Because volumes must have at least one encryption key associated with them, in practice you add a
new encryption key to a volume first, and then disable the existing encryption key.
You can delete encryption keys, but only in the case where they are not being used by any volumes.
You cannot modify encryption keys stored on the system. For security reasons, encryption keys that
you upload cannot be downloaded from the system. You can only download encryption keys that the
Nasuni Filer has generated internally.
To upload an encryption key, see “Adding (Importing or Uploading) Encryption Keys” on page 348.
See www.nasuni.com/support/documentation for a worksheet for planning configurations.
Enabling Encryption Keys
Enable
If you have disabled one or more encryption keys for a volume, you can enable them.
Note: Several encryption keys can be enabled at the same time. When multiple encryption
keys are enabled at the same time, all of the enabled encryption keys are used to
encrypt data in such a way that any one of the encryption keys can decrypt the data.
Nasuni Filer Administration Guide 8.0
90
Volumes Page
Changing Volume Properties
To enable encryption keys:
1. Click Volumes, then select the volume from the list.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. The Volume properties page appears. The Encryption Keys setting for one or more encryption
keys is visible.
Figure 6-28: Encryption Keys setting.
3. Click one of the Encryption Keys settings. Alternatively, select Encryption Keys from the
Properties drop-down list. The Encryption Keys page appears.
Figure 6-29: Encryption Keys page.
Nasuni Filer Administration Guide 8.0
91
Volumes Page
Changing Volume Properties
4. Click Re-enable for the encryption key you want to enable. The Enable Volume Key page
appears.
Figure 6-30: Enable Volume Key page.
5. Enter a Username (case-sensitive) and Password (case-sensitive) that has permission to
perform this operation.
6. To enable the encryption key, click Save. Your changes are saved.
Nasuni Filer Administration Guide 8.0
92
Volumes Page
Changing Volume Properties
Disabling Encryption Keys
At least one encryption key must be enabled for a volume. Except for that requirement, you can disable
any current encryption key. However, in order to decrypt any data that was encrypted with the current
encryption key, the Nasuni Filer must retain the current encryption key, even if that encryption key is
disabled. You must add a new encryption key before disabling the current encryption key. Future data
for this volume is encrypted using the new encryption key, and not the disabled encryption key. For
additional information about encryption keys, see “Encryption Key Management” on page 346.
Note: You can have several encryption keys enabled at the same time. When multiple
encryption keys are enabled at the same time, all of the enabled encryption keys are
used to encrypt data in such a way that any one of the encryption keys can decrypt the
data.
To disable encryption keys for a volume:
1. Click Volumes, then select the volume from the list.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. The Volume properties page appears. The Encryption Keys setting for one or more encryption
keys is visible.
Figure 6-31: Encryption Keys setting.
3. Click one of the Encryption Keys settings. Alternatively, select Encryption Keys from the
Properties drop-down list. The Encryption Keys page appears.
Figure 6-32: Encryption Keys page.
Nasuni Filer Administration Guide 8.0
93
Volumes Page
Changing Volume Properties
4. Click Disable for the encryption key you want to disable. The Disable Volume Key page
appears.
Figure 6-33: Disable Volume Key page.
5. Enter a Username (case-sensitive) and Password (case-sensitive) that has permission to
perform this operation.
6. To disable the encryption key, click Save.
The encryption key is disabled for the volume. You can re-enable encryption keys at a later time,
if needed. See “Enabling Encryption Keys” on page 90 for details.
Nasuni Filer Administration Guide 8.0
94
Volumes Page
Changing Volume Properties
Adding Encryption Keys to a Volume
Add
When you add an encryption key to a volume, all data is encrypted using the encryption key you select.
After you add the encryption key, it cannot be removed, but it can be disabled.
Note: Several encryption keys can be enabled at the same time. When multiple encryption
keys are enabled at the same time, all of the enabled encryption keys are used to
encrypt data in such a way that any one of the encryption keys can decrypt the data.
Warning: Do NOT save encryption key files to a volume on a Nasuni Filer. You will NOT
be able to use these to recover data. This is NOT how to upload encryption
keys to a Nasuni Filer.
To add an encryption key to a volume:
1. Click Volumes, then select the volume from the list.
2. The Volume properties page appears. The Encryption Keys setting for one or more encryption
keys is visible.
Figure 6-34: Encryption Keys setting.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
3. Click one of the Encryption Keys settings. Alternatively, select Encryption Keys from the
Properties drop-down list. The Encryption Keys page appears.
Figure 6-35: Encryption Keys page.
Nasuni Filer Administration Guide 8.0
95
Volumes Page
Changing Volume Properties
4. Click Add to Volume for the encryption key you want to add to the volume. The Add Volume
Key page appears.
Figure 6-36: Add Volume Key page.
5. Enter a Username (case-sensitive) and Password (case-sensitive) that has permission to
perform this operation.
6. To add the encryption key to the volume, click Save.
The encryption key is added to the volume.
Tip: If you create a new encryption key, make sure that you download and protect the new
encryption key, in case you need it for recovery or other purposes later. See
“Downloading (Exporting) Generated Encryption Keys” on page 349 for more details.
Nasuni Filer Administration Guide 8.0
96
Volumes Page
Changing Volume Properties
Safe Delete of volumes
To help ensure that one administrator cannot delete a volume accidentally or by themselves, you can
specify how many administrators must approve deleting a volume. This feature is called “Safe Delete”.
Only if the specified number of administrators approves the deletion does the volume become
scheduled for deletion. Safe Delete settings are managed on a per-volume basis.
Note: Safe Delete is only available for CIFS and NFS volumes, not for iSCSI volumes.
An administrator with the ability to delete a volume, initiate a volume deletion, or approve a volume
deletion, is called a volume-delete-capable administrator, and includes administrators with any of these
permissions:

Manage all aspects of the Nasuni Filer (super user)

Manage all aspects of Volumes

Add and Delete Volumes
Tip: Only administrators with the permission “Manage all aspects of the Nasuni Filer (super
user)” can enable or disable Safe Delete.
All actions related to Safe Delete are logged, including the following:

Enable Safe Delete

Disable Safe Delete

Change required number of approvals

Request volume delete

Approval received

Final approval granted

Approval revoked

Delete request cancelled
If enabled, for each of these actions, a notification is created, and an email alert is sent. To enable
Notifications, see “Notifications” on page 445. To enable email alerts, enable “Safe Delete Alerts”.
In addition, once per day, a report is generated of all pending deletions, pending deletion approvals,
and volumes recently deleted through the automated Safe Delete cleanup process. This report includes
the state of volume pending deletion, which administrator initiated the pending deletion, and which
administrators have approved the pending deletion. You can receive this report if you are configured to
receive email alerts.
Enabling Safe Delete
To enable Safe Delete, follow this procedure:
1. Click Volumes, then select the volume from the list.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. The Volume properties page appears. The Safe Delete setting is visible.
Nasuni Filer Administration Guide 8.0
97
Volumes Page
Changing Volume Properties
3. Click Disabled. The Safe Delete dialog box appears.
Figure 6-37: Safe Delete dialog box.
4. To enable Safe Delete, toggle “Enable Safe Delete” to On.
Then, enter the number of “Approvals Required”. The number of “Approvals Required” must
be less than the number of volume-delete-capable administrators. For example, if the number of
volume-delete-capable administrators is 3, then the number of “Approvals Required” can be 1
or 2, because the volume delete initiator is not included in the number of volume-delete-capable
administrators available for approval.
5. Click Save.
The Safe Delete feature is enabled. If notifications are enabled, a notification is created. If email
alerts are enabled, an email alert is sent. To enable Notifications, see “Notifications” on
page 445. To enable email alerts, enable “Safe Delete Alerts”.
Disabling Safe Delete
To disable Safe Delete, follow this procedure:
1. Click Volumes, then select the volume from the list.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. The Volume properties page appears. The Safe Delete setting is visible.
3. Click Enabled. The Safe Delete dialog box appears.
Figure 6-38: Safe Delete dialog box.
4. To disable Safe Delete, toggle “Enable Safe Delete” to Off.
5. Click Save.
The Safe Delete feature is disabled. The Safe Delete feature is disabled and the number of
Nasuni Filer Administration Guide 8.0
98
Volumes Page
Changing Volume Properties
“Approvals Required” is reset to 1. If notifications are enabled, a notification is created. If email
alerts are enabled, an email alert is sent. To enable Notifications, see “Notifications” on
page 445. To enable email alerts, enable “Safe Delete Alerts”.
Nasuni Filer Administration Guide 8.0
99
Volumes Page
Changing Volume Properties
Cloud I/O
Enable
If the Cloud Provider is a customer-provided cloud provider, the Cloud I/O area appears.
Before sending data to the cloud, Nasuni breaks files into optimally-sized pieces for transport between
the on-premises cache and cloud storage. This not only disguises the actual sizes of files, but also
improves performance. These chunks are then deduplicated, compressed, and encrypted.
If the file is smaller than 1 GiB, the default chunk size is 1 MiB. If the file is 1 GiB or larger, and the
appliance has less than 16 GiB of RAM, the default chunk size is 2 MiB. If the file is 1 GiB or larger, and
the appliance has 16 GiB of RAM or more, the default chunk size is 10 MiB.
For customer-provided clouds, such as Microsoft Azure, EMC Atmos, Cleversafe, IBM Cloud Object
Storage, EMC ViPR, and EMC ECS, if directed by Nasuni Support, you can adjust the chunk size, or
enable or disable Nasuni's compression and deduplication, using the Cloud I/O area of the Volume
Overview page (Nasuni Filer) or the Volume Cloud I/O page (NMC). If you do manually change the
chunk size, the variable chunk size mentioned above no longer operates. You can restore the variable
chunk size mentioned above by leaving the Chunk Size field blank and then clicking Save.
To enable or disable Nasuni's compression and deduplication, or to adjust the chunk size, follow these
steps:
1. From the Volume list, select the volume. The Volume page for the volume appears, including
the Cloud I/O area.
Figure 6-39: Cloud I/O area on the Volume page.
Nasuni Filer Administration Guide 8.0
100
Volumes Page
Changing Volume Properties
2. To enable or disable deduplication, enable or disable compression, or change the chunk size,
click the current value. The Change Volume Cloud I/O dialog box appears.
Figure 6-40: Change Volume Cloud I/O dialog box.
3. Select or deselect deduplication and compression.
4. Enter the chunk size, and select the units from the drop-down menu. To use the default chunk
size, leave the text box blank.
Warning: Contact Nasuni Support before changing the chunk size.
5. Click Save to save your settings.
Nasuni Filer Administration Guide 8.0
101
Volumes Page
Changing Volume Properties
Remote Access
Enable
On the Remote Access page, you can enable or disable access to the selected volume by your remote
offices attached to your Nasuni.com account. If remote access to this volume is enabled, you can
select permissions for remote access to this volume.
See www.nasuni.com/support/documentation for a worksheet for planning configurations.
Tip: Perform any necessary data migrations to the volume before enabling Remote Access.
Otherwise, data migration processing can impact the synchronization of remote
volumes. See “Data Migration” on page 238.
Note: If the Nasuni Filer is not running version 6.0 or later software, that Nasuni Filer cannot
connect to a remote volume that has multiple protocols defined (including CIFS, NFS,
and FTP).
Setting Remote Access
To set remote access to a volume:
1. Click Volumes, then select the volume from the list.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. The Volume properties page appears. The Remote Access setting is visible.
Figure 6-41: Remote Access setting.
Nasuni Filer Administration Guide 8.0
102
Volumes Page
Changing Volume Properties
3. Click the Remote Access setting. Alternatively, select Remote Access from the Properties
drop-down list. The Remote Access page appears.
Figure 6-42: Remote Access page.
4. To enable or disable access to this volume, from the “Remote Access is” drop-down list,
select either enabled or disabled.
Note: If you disable access to a volume that other Nasuni Filers are connected to, those
Nasuni Filers still have access to the disabled volume, but only Read Only access.
5. If access to this volume is enabled, from the Remote Access Permissions drop-down list, select
either Read Only, Read/Write, or custom.
•
Read Only: All other Nasuni Filers on your account can view the data on the selected
volume, but cannot change that data.
•
Read/Write: All other Nasuni Filers on your account can view the data on the selected
volume, and can also change that data.
•
custom: You specify the access for each other Nasuni Filer on your account separately.
Note: If you choose “custom”, new Nasuni Filers cannot access the volume until you
explicitly provide the type of access.
Nasuni Filer Administration Guide 8.0
103
Volumes Page
Changing Volume Properties
6. If you select custom remote access permissions, then you use the list of other Nasuni Filers on
your account.
Figure 6-43: Remote Access custom permissions.
For each other Nasuni Filer on your account, select the drop-down list beside the name of the
Nasuni Filer and select either Disabled, Read Only, or Read/Write.
•
Disabled: This Nasuni Filer cannot view or change the data on the selected volume.
•
Read Only: This Nasuni Filer can view the data on the selected volume, but cannot change
that data.
•
Read/Write: This Nasuni Filer can view the data on the selected volume, and can also
change that data.
7. Click Save. The specified remote access permissions are applied to the volume.
A message appears to confirm your selection.
Nasuni Filer Administration Guide 8.0
104
Volumes Page
Changing Volume Properties
Enabling or Disabling Auto Cache for Volumes
Enable
If you enable the “Auto Cache” option, new data is brought into the local cache from other Nasuni Filers
that are attached to this volume. Otherwise, new data is brought into the local cache from other Nasuni
Filers only when that data is accessed next.
You can only enable Auto Cache for shared volumes.
Enabling Auto Cache for a folder does not bring all data for this folder into the cache. Enabling Auto
Cache for a folder brings in only uncached data from other Nasuni Filers that are also attached to this
volume. Uncached data includes data that is already in the cloud but that is not presently in the cache,
as well as new and recently modified remote data.
Enabling Auto Cache does not immediately bring any data into the cache. To bring data into the cache
immediately, use the “Bring into Cache” button on the File System Browser screen. Otherwise, data
begins to transfer the next time the Nasuni Filer synchronizes with the cloud.
Tip: Because Auto Cache is not enabled by default, new data in the folder comes into the
local cache only when requested. Before enabling Auto Cache, ensure that all of the
following apply to your deployment:
•
All the Nasuni Filers on which you plan to enable Auto Cache have caches large enough
to contain data from the other Nasuni Filers.
•
All the data in the folder is relevant and appropriate for all other sites that access the
folder.
•
Network access at each site is not adversely affected by automatically moving large
quantities of data.
Tip: Auto Cache should not be used during the initial transfer of data into a Nasuni Filer or
during certain one-time operations, such as a bulk data load.
Note: Auto Cache is only available for shared or remote volumes.
Tip: You enable Auto Cache for individual folders. See “Enabling Auto Cache for Folders” on
page 225.
See www.nasuni.com/support/documentation for a worksheet for planning configurations.
To enable or disable Auto Cache:
1. Click Volumes, then select the volume from the list.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
Nasuni Filer Administration Guide 8.0
105
Volumes Page
Changing Volume Properties
2. The Volume properties page appears. Select Sync Schedule from the Properties drop-down
list. The Sync Schedule page appears.
Figure 6-44: Sync Schedule page.
3. To enable Auto Cache, select the Auto Cache check box. Alternatively, to disable Auto Cache,
clear the Auto Cache check box.
4. If Auto Cache is enabled, you can specify bringing only files greater than or equal to a specified
size into the cache automatically. Enter the minimum size (in whole numbers) in the Auto Cache
Minimum File Size text box, then select the correct units from the drop-down list.
5. Click Save. Your changes are saved.
A message appears to confirm your selection.
To enable Auto Cache for individual folders, see “Enabling Auto Cache for Folders” on page 225.
Nasuni Filer Administration Guide 8.0
106
Volumes Page
Changing Volume Properties
Snapshot Scheduling
Edit snapshot schedule
A snapshot is a complete picture of the files and folders in your file system at a specific point in time.
Using snapshots, the Nasuni Filer can identify new or changed data. Snapshots offer data protection by
enabling you to recover a file deleted in error or to restore an entire file system. After a snapshot has
been taken and is sent to cloud storage, it is not possible to modify that snapshot.
With snapshots, you can find, view, and restore past versions of your files quickly. You can restore a
single file, a directory, or an entire volume.
The Nasuni Filer captures complete snapshots of files at regular intervals and stores all snapshots in
cloud storage to protect your files. You can select which days of the week on which to perform
snapshots; what time of day to start and stop creating snapshots; and the frequency for creating
snapshots. If the volume does not have Remote Access enabled, your frequency choices are every 1, 2,
4, 8, 12, or 24 (hours). If the volume does have Remote Access enabled, your frequency choices are
every 1, 5, 10, 15, 25, or 30 (minutes), or 1, 2, 4, 8, 12, or 24 (hours). For example, you can configure
snapshots to not occur during work-time and only push new and changed data during off-hours when
network usage is low. If there is no new or changed data at the scheduled time of the snapshot, the
snapshot does not occur.
Warning: Frequent snapshots increase the system load significantly.
Tip: On volumes with Global Locking enabled, we recommend reducing the normal snapshot
and synchronization frequency of the volume, because Global Locking provides file
synchronization independently of the snapshot and synchronization frequency. This file
synchronization occurs when the file gives up the file lock, and when file locks are
degraded to read locks (in Advanced mode only).
Tip: “Snapshot ran out of internal space” error
The snapshot (copy-on-write or COW) disk is used during the snapshot process. If any
writes to the Nasuni Filer occur during a snapshot, the previous data from the cache disk
is copied to the COW disk, and the new data is written to the cache disk. Hence, the
term “copy-on-write”. This allows new writes to take place at any time, even during the
snapshot process.
If the copy-on-write (COW) disk is too small, then a snapshot might fail. You can
increase the size of the COW disk. See the Cache Configuration Guide for details.
Tip: If you receive a message of the type “Unable to inherit all folder settings
on volume: settings could not be applied during the mount
operation.”, verify your folder settings to determine if they should be recreated,
updated, or deleted.
Note: To perform consistent point-in-time snapshots of iSCSI volumes on Windows systems,
you can use the Nasuni VSS Hardware Provider. For details, see “API Access Keys” on
page 340.
See “Quality of Service Settings” on page 299 to configure inbound and outbound bandwidth limits.
See www.nasuni.com/support/documentation for a worksheet for planning configurations.
Nasuni Filer Administration Guide 8.0
107
Volumes Page
Changing Volume Properties
To schedule snapshots:
1. Click Volumes, then select the volume from the list.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. The Volume properties page appears. The Snapshot Schedule setting is visible.
Figure 6-45: Snapshot Schedule setting.
3. Click the Snapshot Schedule setting. Alternatively, select Snapshot Schedule from the
Properties drop-down list. The Snapshot Schedule page appears.
Figure 6-46: Snapshot Schedule page.
4. Select the days for snapshots to occur (for example, Sunday through Saturday).
5. To specify snapshots 24 hours a day, select the 24 Hours/Day check box.
Alternatively, select the time to start snapshots from the Start drop-down list. Select the time to
stop snapshots from the Stop drop-down list.
6. Select the frequency for snapshots to be taken and sent to cloud storage from the Frequency
drop-down list. If the volume does not have Remote Access enabled, your choices are every 1,
Nasuni Filer Administration Guide 8.0
108
Volumes Page
Changing Volume Properties
2, 4, 8, 12, or 24 (hours). If the volume does have Remote Access enabled, your choices are
every 1, 5, 10, 15, 25, or 30 (minutes), or 1, 2, 4, 8, 12, or 24 (hours).
Note: Volumes that do not have remote access enabled only have Frequency options of
hours, not minutes. For snapshots more frequent than 1 per hour, enable remote
access for the volume. See “Remote Access” on page 102.
Warning: Frequent snapshots increase the system load significantly.
7. Click Save. Your changes are saved.
A message appears to confirm your selection.
Note: To configure the inbound and outbound bandwidth, see “Quality of Service Settings”
on page 299 for details.
Nasuni Filer Administration Guide 8.0
109
Volumes Page
Changing Volume Properties
Sync Scheduling
Edit sync schedule
You can schedule when, and with what frequency, the selected volume synchronizes data (“syncs” or
merges) from Nasuni, merging your local data with any new or changed data from other Nasuni Filers
connected to this volume. This helps to ensure that everyone in your organization is using the most
current data.
If you enable the “Auto Cache” option, new or changed data is brought into the local cache from other
Nasuni Filers that are attached to this volume immediately. Otherwise, data is brought into the local
cache from other Nasuni Filers when that data is accessed next.
Tip: Because Auto Cache is not enabled by default, new data in the volume comes into the
local cache only when requested. If you plan on enabling Auto Cache, ensure that all of
the following apply to your deployment:
•
All the Nasuni Filers on which you plan to enable Auto Cache have caches large enough to
contain data from the other Nasuni Filers.
•
All the data in the volume is relevant and appropriate for all other sites that access the
volume.
•
Network access at each site is not adversely affected by automatically moving large
quantities of data.
•
Auto Cache should not be used during the initial transfer of data into a Nasuni Filer or during
certain one-time operations, such as a bulk data load.
Tip: Before adding data to a Nasuni Filer, it is a Best Practice to clean up historical and
orphaned SIDs. This can help prevent later difficulties with permissions. For more
details, see CIFS Permissions Best Practices.
Tip: If you receive a message of the type “Unable to inherit all folder settings
on volume: settings could not be applied during the mount
operation.”, verify your folder settings to determine if they should be recreated,
updated, or deleted.
You can select which days of the week on which to sync data; at what time of day to start and stop
syncing data; and the frequency for syncing data: every 1, 5, 10, 25, or 30 minutes, or every 1, 2, 4, 8,
12, or 24 hours for each volume. For example, you can configure syncs to not occur during work-time
and only sync data during off-hours when network usage is low.
Warning: If you have directories with tens of thousands of files but few changes during
each snapshot, or large files that require multiple snapshots, frequent syncs
can increase the system load significantly.
See “Quality of Service Settings” on page 299 to configure bandwidth limits.
See www.nasuni.com/support/documentation for a worksheet for planning configurations.
To schedule syncs:
1. Click Volumes, then select the volume from the list.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
Nasuni Filer Administration Guide 8.0
110
Volumes Page
Changing Volume Properties
2. The Volume properties page appears. The Sync Schedule setting is visible.
Figure 6-47: Sync Schedule setting.
3. Click the Sync Schedule setting. Alternatively, select Sync Schedule from the Properties dropdown list. The Sync Schedule page appears.
Figure 6-48: Sync Schedule page.
4. Select the days for syncs to occur (for example, Sunday to Saturday).
5. To specify syncs 24 hours per day, select the 24 Hours/Day check box.
Alternatively, select the time to start syncs from the Start drop-down list. Select the time to stop
syncs from the Stop drop-down list.
6. Select the frequency for syncs to occur from the Frequency drop-down list. Your choices are
every 1, 5, 10, 25, 30 (minutes), or 1, 2, 4, 8, 12, or 24 (hours).
7. To enable Auto Cache (automatically bringing data from other Nasuni Filers into the local cache
immediately), select the Auto Cache check box. Alternatively, to disable Auto Cache, clear the
Auto Cache check box. See “Enabling or Disabling Auto Cache for Volumes” on page 105.
Nasuni Filer Administration Guide 8.0
111
Volumes Page
Changing Volume Properties
8. If Auto Cache is enabled, you can specify bringing only files greater than or equal to a specified
size into the cache automatically. Enter the minimum size (in whole numbers) in the Auto Cache
Minimum File Size text box, then select the correct units from the drop-down list.
9. Click Save. Your changes are saved.
A message appears to confirm your selection.
Nasuni Filer Administration Guide 8.0
112
Volumes Page
Changing Volume Properties
Snapshot Directory Access
Enable snapshot directory access
You can enable access to the snapshot directory to permit browsing the snapshot history and viewing
the files and directories for NFS exports, CIFS shares, and FTP/SFTP directories. For more information,
see “Using Snapshot Directory Access” on page 232.
Note: Snapshot access can add a significant load to the Nasuni Filer.
Note: Snapshot access is not available for iSCSI volumes.
Note: With volumes on which the CIFS protocol has been enabled, for snapshot directory
access to operate, snapshot directory access must also be enabled for the CIFS share.
For more details, see step p on page 131.
Tip: If "Snapshot Directory Access" is enabled on a volume and “Enable Snapshot
Directories” is enabled on a CIFS share of that volume, then directories in that CIFS
share on that volume cannot be deleted.
See www.nasuni.com/support/documentation for a worksheet for planning configurations.
To enable access to the snapshot directory for a volume:
1. Click Volumes, then select the volume from the list.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. The Volume properties page appears. The Snapshot Directory Access setting is visible.
Figure 6-49: Snapshot Directory Access setting.
3. Click the Snapshot Directory Access setting. The Edit Snapshot Directory Access dialog
box appears.
Figure 6-50: Edit Snapshot Directory Access dialog box.
Nasuni Filer Administration Guide 8.0
113
Volumes Page
Changing Volume Properties
4. To enable access to the snapshot directory, select the Snapshot Directory Access Enabled
check box. To disable snapshot access, clear the Snapshot Directory Access Enabled check
box.
Note: The setting of Windows Previous Versions is independent of the setting of
Snapshot Access.
5. Click Save. Your changes are saved. To exit the dialog box without making any changes, click
Cancel.
Nasuni Filer Administration Guide 8.0
114
Volumes Page
Changing Volume Properties
Snapshot Retention
Edit snapshot retention
A snapshot is a complete picture of the files and folders in your file system at a specific point in time.
Using snapshots, the Nasuni Filer can identify new or changed data. Snapshots offer data protection by
enabling you to recover a file deleted in error or to restore an entire file system. After a snapshot has
been taken and is sent to cloud storage, it is not possible to modify that snapshot.
For compliance purposes or your own best practices, you can specify to delete older snapshots from
cloud storage, based on a configured policy for a specific volume. Snapshot retention policies are
configured on the volume level. Snapshot retention policies also work on shared volumes.
Tip: Changes to the Snapshot Retention setting go into effect when the next snapshot
occurs. It is normal to temporarily see more snapshots than the Snapshot Retention
setting would suggest.
Tip: Set a snapshot retention policy for any volumes used for backup.
Caution: For security purposes, when a snapshot is removed, it is permanently deleted
from cloud storage and cannot be recovered.
Note: As long as a file is included in any snapshot within your snapshot retention policy, that
file is not removed. However, if you delete a file, and none of the retained snapshots
includes that file, the file is removed.
See www.nasuni.com/support/documentation for a worksheet for planning configurations.
To set a snapshot retention policy for a volume:
1. Click Volumes, then select the volume from the list. The Volume properties page appears. The
Snapshot Retention setting is visible.
Figure 6-51: Snapshot Retention setting.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
Nasuni Filer Administration Guide 8.0
115
Volumes Page
Changing Volume Properties
2. Click the Snapshot Retention setting. Alternatively, select Snapshot Retention from the
Properties drop-down list. The Snapshot Retention page appears.
Figure 6-52: Snapshot Retention page.
3. From the “I want to retain” drop-down list, select a retention policy option:
•
all snapshots: (Default) Retains all snapshots indefinitely. If you require deleting older
snapshots for compliance or other reasons, do not select this option.
•
a set number of snapshots: (Not available if the volume has Remote Access enabled) Enter
the Number of snapshots to retain, from 1 to 1 billion (1,000,000,000). For example, if you
choose to keep 100 snapshots, then the 100 most recent snapshots are retained, and the
rest are deleted automatically.
Figure 6-53: Snapshot Retention by number.
Warning: You cannot select “a set number of snapshots” if the volume has
Remote Access enabled.
•
snapshots within a given time: Enter the number of Years, Months, or Days for which you
want to retain snapshots. For example, if you choose to keep two months’ worth of
snapshots, then snapshots that were taken before then are deleted automatically.
Figure 6-54: Snapshot Retention by time.
4. To accept your snapshot retention policy, click Save. Your changes are saved.
A message appears to confirm your selection.
Nasuni Filer Administration Guide 8.0
116
Volumes Page
Changing Volume Properties
Prioritized Snapshot
If you have more than one Nasuni Filer, sometimes you might want to ensure that snapshots for one
volume occur before snapshots for other volumes. This feature is called Prioritized Snapshot.
Note: The volume must have sharing enabled. That is, this volume must either be a remote
volume, or a local volume with Remote Access enabled.
The Prioritized Snapshot state forces this volume on this Nasuni Filer to be the next volume to obtain
the snapshot lock from nasuni.com. Essentially, this volume on this Nasuni Filer jumps to the front of
the queue for snapshot processing.
If no new data is placed on this volume on this Nasuni Filer, this state continues until new data is placed
on this volume on this Nasuni Filer, or until the expiration time passes. This state continues until either
the snapshot for this volume on this Nasuni Filer completes, or until the expiration time passes. The
expiration time is 24 hours.
During this state:
•
If this volume is a local volume, no other volume on this Nasuni Filer can create a snapshot.
•
If this volume is a remote volume, no other Nasuni Filer can create a snapshot for this volume.
If this becomes a concern, you can cancel Prioritized Snapshot for the volume.
To enable Prioritized Snapshot, on the Volume Overview page, click Disabled for the Prioritize
Snapshot item. If you click Disabled, and another volume on this Nasuni Filer already has the
Prioritized Snapshot state, the name of the volume with the prioritized snapshot is displayed. If you
click Disabled, and another Nasuni Filer already has the Prioritized Snapshot state for this volume, the
name of the Nasuni Filer with the prioritized snapshot is displayed. Otherwise, the Prioritize Snapshot
dialog box appears. Click Prioritize Snapshot. The state of the Prioritize Snapshot item changes to
Enabled. The snapshot is prioritized. An indication of the amount of time left for the Prioritized
Snapshot state appears.
To cancel Prioritized Snapshot, on the Volume Overview page, click Enabled for the Prioritize
Snapshot item. The Prioritize Snapshot dialog box appears. Click Cancel Prioritization. The state of
the Prioritize Snapshot item changes to Disabled. The snapshot is no longer prioritized.
Nasuni Filer Administration Guide 8.0
117
Volumes Page
Changing Volume Properties
Pinned Folders
Edit snapshot retention
Pinning a folder specifies that the folder and its contents must remain in the local cache at all times.
This can improve performance and reduce the time necessary to return accessed data to clients.
You can view pinned folders. You can also disable pinning for folders.
Note: Enabling this feature means that the entire folder, and all the folder’s contents, remain
resident in the cache at all times. This reduces the available cache by the size of the
folder. If too much cache space is taken up by pinned folders, an Alert notification is
given.
Note: Pinning a folder does not bring the folder’s data into the cache. If the folder’s data is
not already present in the cache, you must specifically bring that data to the cache. To
check on whether data is resident in the cache, see “Browsing a Volume” on page 213.
To bring data to the cache, see “Bringing Data into Cache” on page 220.
Note: All iSCSI (SAN) volume data is already pinned in the cache, so it is not necessary to pin
iSCSI volumes.
To pin a folder in the cache, see “Pinning Folders in the Cache” on page 224. To view unprotected files
in the cache, see “Unprotected Files” on page 414.
See www.nasuni.com/support/documentation for a worksheet for planning configurations.
To view pinned folders, or disable pinning for a folder, follow these steps:
1. Click Volumes, then select the volume from the list. The Volume properties page appears. The
Pinned Folders setting is visible.
Figure 6-55: Pinned Folders setting.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. Click the Pinned Folders setting. Alternatively, select Pinned Folders from the Properties
drop-down list. The Pinned Folders page appears.
Figure 6-56: Pinned Folders page.
3. To disable pinning for a folder, click Disable for that folder.
Nasuni Filer Administration Guide 8.0
118
Volumes Page
Changing Volume Properties
4. The Disable Folder Setting dialog box appears. Click Disable Folder Setting. Pinning is
disabled for that folder.
Alternatively, to not disable pinning for that folder, click Cancel.
Nasuni Filer Administration Guide 8.0
119
Volumes Page
Changing Volume Properties
Auto Caching Folders
Edit snapshot retention
You can view or delete the Auto Cache setting for folders. If Auto Cache is enabled for a folder, new
data in that folder is brought into the local cache immediately from other Nasuni Filers that are attached
to this volume. Otherwise, new data is brought into the local cache from other Nasuni Filers when that
data is accessed next.
To view unprotected files in the cache, see “Unprotected Files” on page 414.
To view the Auto Cache settings for a folder, follow these steps:
1. Click Volumes, then select the volume from the list. The Volume properties page appears. The
Auto Caching Folders setting is visible.
Figure 6-57: Auto Caching Folders setting.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. Click the Auto Caching Folders setting. Alternatively, select Auto Caching Folders from the
Properties drop-down list. The Auto Caching Folders page appears.
Figure 6-58: Auto Caching Folders page.
The status of Auto Cache for the volume appears: Allowed or Disabled. To change the Auto
cache setting for the volume, click the status. See “Enabling or Disabling Auto Cache for
Volumes” on page 105.
3. To disable Auto Cache for a folder, click Delete for that folder.
4. The Delete Folder Setting dialog box appears. Click Delete Setting. Auto Cache is disabled
for that folder.
Alternatively, to not disable Auto Cache for that folder, click Cancel.
Nasuni Filer Administration Guide 8.0
120
Volumes Page
Changing Volume Properties
Deleting a Volume
Delete
This section explains how to delete a volume in the Nasuni Filer. Deleting a volume destroys all the
volume’s data stored in the cache, as well as data stored in cloud storage.
Note: Deleting a volume reduces the licensed capacity used; however, the background
delete operation can take time to process, depending on the number of files or blocks.
The Nasuni Filer might be less responsive during this time.
If Safe Delete is enabled for this volume, a specified number of volume-delete-capable administrators
must approve the deletion. To enable or disable Safe Delete, see “Safe Delete of volumes” on page 97.
Note: Safe Delete is only available for CIFS and NFS volumes, not for iSCSI volumes.
If Safe Delete is enabled for this volume, after the “Delete Volume” button is clicked, the following
events are possible:
•
Any of the volume-delete-capable administrators, not including the initiator of the delete, can
click “Approve Delete” to approve the deletion of the volume.
•
If the required number of volume-delete-capable administrators approves the deletion, the
volume is scheduled for deletion.
•
If any of the volume-delete-capable administrators clicks “Cancel Delete”, the volume’s
deletion is cancelled.
•
If any volume-delete-capable administrator who approved deletion clicks “Revoke Approval”,
their approval of the deletion is revoked.
Tip: Volumes become Read-Only when they are in either the "Pending Delete Approval"
state or in the "Pending Delete" state, and return to their initial state if a delete is
cancelled. Administrators should notify the file system users that the volume is going to
be deleted.
Before deleting a volume, complete the following prerequisites:
•
For volumes with a CIFS share, an NFS export, or an FTP/SFTP directory, you must delete the
CIFS share, NFS export, or FTP/SFTP directory before you can delete the volume. For details on
deleting a CIFS share, see “Deleting a CIFS Share” on page 141. For details on deleting an NFS
export, see “Deleting an NFS Export” on page 151. For details on deleting an FTP/SFTP
directory, see “Deleting FTP directories” on page 159.
•
If other Nasuni Filers are connected to the volume, they should disconnect from the volume.
See “Disconnecting from a Remote Volume” on page 209 for details.
•
If the volume is configured for remote access, you must disable remote access on the volume
before deleting it. See “Remote Access” on page 102 for details on disabling remote access.
•
It is necessary to disconnect from iSCSI volumes before deleting the iSCSI volume, as detailed
in “Disconnecting from an iSCSI volume” on page 171.
•
Administrators should notify the file system users that the volume is going to be deleted.
Nasuni Filer Administration Guide 8.0
121
Volumes Page
Changing Volume Properties
To delete a volume:
Caution: You cannot undo this procedure.
1. Ensure that you have deleted the CIFS shares, NFS exports, and FTP/SFTP directories
associated with the volume.
2. Click Volumes, then select the volume from the list. The Volume properties page appears.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
3. Click Delete Volume. Alternatively, select Delete from the drop-down list. The Delete Volume
page appears.
Figure 6-59: Delete Volume page.
4. Read any warnings that appear on the Delete Volume page. Ensure that the prerequisites
mentioned above have been satisfied to avoid data loss.
5. Enter a Username (case-sensitive) and Password (case-sensitive) that has permission to
perform this operation.
6. Click Delete to schedule this volume for deletion.
If Safe Delete is enabled for this volume, the volume is not immediately scheduled for deletion.
Instead, the specified number of volume-delete-capable administrators must approve the
deletion before the volume is scheduled for deletion.
Tip: Volumes become Read-Only when they are in either the "Pending Delete Approval"
state or in the "Pending Delete" state, and return to their initial state if a delete is
cancelled. Administrators should notify the file system users that the volume is going
to be deleted.
Nasuni Filer Administration Guide 8.0
122
Volumes Page
Changing Volume Properties
If notifications are enabled, a notification is created. If email alerts are enabled, an email alert is
sent. To enable Notifications, see “Notifications” on page 445. To enable email alerts, enable
“Safe Delete Alerts”.
If Safe Delete is enabled for this volume, volume-delete-capable administrators can approve the
deletion by clicking “Approve Delete” at the top of the screen.
Alternatively, volume-delete-capable administrators can cancel the proposed delete by clicking
“Cancel Delete” at the bottom of the screen.
After the final volume delete approval is received, the initiator of the delete can choose to click
“Delete Immediately” to immediately delete the volume. Otherwise, the volume is deleted
within 24 hours of receiving the final approval.
Alternatively, to exit this screen without deleting the volume, click your Web browser’s Back
button.
Cancelling volume deletion
If Safe Delete is enabled for this volume, and if “Delete Volume” has been clicked, the volume is either
awaiting approval for deletion by volume-delete-capable administrators, or has already been approved
for deletion by volume-delete-capable administrators. In either case, any volume-delete-capable
administrator can cancel the proposed or pending deletion by clicking “Cancel Delete”. If notifications
are enabled, a notification is created. If email alerts are enabled, an email alert is sent. To enable
Notifications, see “Notifications” on page 445. To enable email alerts, enable “Safe Delete Alerts”.
Revoking approval of volume deletion
If Safe Delete is enabled for this volume, and if “Delete Volume” has been clicked, any volume-deletecapable administrator who has approved the deletion can revoke their approval of the deletion by
clicking “Revoke Approval”. If notifications are enabled, a notification is created. If email alerts are
enabled, an email alert is sent. To enable Notifications, see “Notifications” on page 445. To enable
email alerts, enable “Safe Delete Alerts”.
Nasuni Filer Administration Guide 8.0
123
Volumes Page
Changing Volume Properties
CIFS Shares, NFS Exports, and FTP Directories
You can view, add, edit, and delete CIFS shares, NFS exports, and FTP/SFTP directories.
Note: iSCSI (SAN) volumes cannot be shared or exported.
Viewing a CIFS Share
You can view CIFS shares.
To view shared CIFS folders:
1. From the Status drop-down menu, select CIFS Status. The CIFS Shares page appears.
Figure 6-60: CIFS Shares page.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. For each shared folder, information about the CIFS share appears, including the Name of the
CIFS share, the Path of the shared folder, and available Actions, such as Edit Share and Delete
Share.
Nasuni Filer Administration Guide 8.0
124
Volumes Page
Changing Volume Properties
Adding a New CIFS Share to a Volume
Create
On the Volume properties page, you can add CIFS shares to a volume that has the CIFS protocol
enabled.
Tip: You can only add CIFS shares to a volume that has the CIFS protocol enabled. To create
a CIFS volume, see “Adding a Volume” on page 51. To enable the CIFS protocol for a
volume, see “Enabling multiple volume protocols” on page 161.
By default, the Nasuni Filer provides a CIFS share called “files” for your first CIFS volume on the first
Nasuni Filer associated with an account. You can change the configuration settings of this CIFS share,
if needed. See “Editing a CIFS Share” on page 139 for details.
See www.nasuni.com/support/documentation for a worksheet for planning configurations.
To add a shared folder to a volume:
1. Click Volumes, then select a volume that has the CIFS protocol enabled from the list.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. The Volume properties page appears. The Total Shares status is visible.
Figure 6-61: Total Shares status.
3. Click the Total Shares status. Alternatively, select CIFS Shares from the Properties drop-down
list. The CIFS Shares page appears.
Figure 6-62: CIFS Shares page.
Nasuni Filer Administration Guide 8.0
125
Volumes Page
Changing Volume Properties
4. Click Add New Share. The Add CIFS Share/Edit Settings page appears.
Figure 6-63: Add CIFS Share/Edit Settings page.
5. Click the Folder text box and navigate to an existing folder on the selected volume.
Note: To create a folder in Windows, use Windows Explorer to navigate to the root folder
of the volume, then create folders as needed.
6. In the Name text box, enter a name for this CIFS share. The following characters are not valid
for CIFS share names:
< > : " / \ | ? *
Also, do not use the $ character at the end of the name of the CIFS share. Windows clients
interpret these CIFS shares as hidden.
If the Security of this Nasuni Filer is Directory Services, and if User Folders Support is
enabled, you can modify the name of the CIFS share to include the wildcard “%U” to represent
the user name. (See step q on page 131.) For example, the wildcard CIFS share name:
%U_share
for the user “rudyg” becomes the CIFS share name:
rudyg_share
If the CIFS share “%U_share” maps to the folder “/homes”, then, when the user maps
“rudyg_share”, the resulting location is “/homes/rudyg”.
Tip: You cannot create an internal link to folders created by using the "%U" wildcard in the
CIFS share name.
Tip: For Windows uses, see Naming Files, Paths, and Namespaces.
7. Optionally, enter a descriptive comment in the Comment text box.
Nasuni Filer Administration Guide 8.0
126
Volumes Page
Changing Volume Properties
8. If you want the CIFS share to be visible in the list of CIFS shares when users map the Nasuni
Filer, select the Visible Share check box. If the CIFS share is not visible, it does not appear in
the list of CIFS shares when users map the Nasuni Filer; however, if you know the CIFS share’s
name, you can still map the CIFS share directly.
9. If you want the CIFS share folder to be Read Only for users on the network, select the Read
Only Share check box. This means that users can access the CIFS share, but have Read Only
rights and, therefore, cannot make changes to any of the files in the shared folder.
10. Optionally, click Show Advanced Options. The Advanced Options pane appears.
Figure 6-64: Advanced Options pane.
a. In the Allowed Hosts text box, enter the IP addresses, IP address/netmask values, or ranges
of IP addresses that are allowed to access the CIFS share folder on your network. If you leave
this field blank, all users on your network have access to the CIFS share without restrictions.
Separate entries with spaces.
b. In the Block files text box, enter the names of files or directories to make invisible and
inaccessible in the share. Enter one name per line. You can use wildcard characters, such as
“?” and “*”. Do not use the forward slash “/” character.
Note: Using this feature can break compatibility with some clients.
Nasuni Filer Administration Guide 8.0
127
Volumes Page
Changing Volume Properties
c. If the Security of this Nasuni Filer is Public, the Authentication, Groups, and Users options
do not appear. Continue with step m on page 131.
d. If the Security of this Nasuni Filer is Authenticated Access (meaning either Active Directory
authentication or LDAP Directory Services authentication), the Authentication, Groups, and
Users options appear.
To authenticate all users, select Authenticate all Users from the Authenticate drop-down
menu. Continue with step m on page 131.
Otherwise, to authenticate only specified groups and users, select Authenticate only
specified Groups and Users from the Authenticate drop-down menu. This enables the
Groups and Users areas.
e. To add one group, follow these steps:
i.
In the Groups area, click Add One. The Name search box appears.
Figure 6-65: Add One Name search box.
ii. Enter a partial or complete group name, then click Search
. The Select Group dialog
box appears, containing the partial or complete group name.
Figure 6-66: Select Group dialog box.
iii. To control the range of the search, select one of the following:
•
All: To search through all groups.
•
Domain only: To search though domain groups only.
•
Native only: To search through native groups only.
Nasuni Filer Administration Guide 8.0
128
Volumes Page
Changing Volume Properties
iv. Click Search. A list of groups that match your search appears. Select the group to define
access for, then click Add Selected Group. The selected group appears in the Groups
area.
Figure 6-67: Groups area.
f.
To add more than one group, follow these steps:
i.
In the Groups area, click Add Many. The Select Groups dialog box appears.
ii. In the Search text box, enter a partial or complete group name.
iii. To control the range of the search, select one of the following:
•
All: To search through all groups.
•
Domain only: To search though domain groups only.
•
Native only: To search through native groups only.
iv. Click Search. A list of groups that match your search appears.
v. Select the groups to define access for, then click Add Selected Groups. The selected
groups appear in the Groups area.
g. For each group in the Groups list, from the Access drop-down list, select either Read-Write,
Read-Only, or Deny.
h. To delete a group from the Groups list, click Delete next to the group name. The group is
deleted from the list.
i.
To add one user, follow these steps:
i.
In the Users area, click Add One. The Name search box appears.
Figure 6-68: Add One Name search box.
Nasuni Filer Administration Guide 8.0
129
Volumes Page
Changing Volume Properties
ii. Enter a partial or complete user name, then click Search
appears, containing the partial or complete user name.
. The Select User dialog box
Figure 6-69: Select User dialog box.
iii. To control the range of the search, select one of the following:
•
All: To search through all users.
•
Domain only: To search though domain users only.
•
Native only: To search through native users only.
iv. Click Search. A list of users that match your search appears. Select the user to define
access for, then click Add Selected User. The selected user appears in the Users area.
Figure 6-70: Users area.
j.
To add more than one user, follow these steps:
i.
In the Users area, click Add Many. The Select Users dialog box appears.
ii. In the Search text box, enter a partial or complete user name.
iii. To control the range of the search, select one of the following:
•
All: To search through all users.
•
Domain only: To search though domain users only.
•
Native only: To search through native users only.
iv. Click Search. A list of users that match your search appears.
v. Select the users to define access for, then click Add Selected Users. The selected users
appear in the Users area.
k. For each user in the Users list, from the Access drop-down list, select either Read-Write,
Read-Only, or Deny.
l.
To delete a user from the Users list, click Delete next to the user name. The user is deleted
from the list.
Nasuni Filer Administration Guide 8.0
130
Volumes Page
Changing Volume Properties
m. To hide files and folders that a user cannot access, leave the Hide Unreadable Files check
box selected. This option is selected by default.
n. To allow clients to view or restore files using the Previous Versions tab in Windows, select the
Enable Previous Versions check box. For details on using Windows Previous Versions, see
your Microsoft Windows documentation.
Tip: When Windows Explorer has a folder open of a share hosted by a Nasuni Filer, you
might experience performance issues if you have enabled Previous Versions for that
share. To mitigate such performance issues:
• On the Nasuni Filer or the NMC, disable Previous Versions for the original share.
• Create a 2nd share identical to the first, and enable Previous Versions for the 2nd
share.
• Instruct users who are using the original share to NOT enable Windows Previous
Versions.
• If a user needs to use Windows Previous Versions, instruct them to use the 2nd
share.
o. For case-sensitive volumes only, to enable case sensitivity for file or folder names, select the
Case-Sensitive Paths check box.
Tip: Using case-sensitive paths improves performance.
Note: Even if case-sensitivity is not enabled, non-Windows clients such as Linux
might still treat the paths as case-sensitive.
p. To enable clients to access snapshot directories within the CIFS share, select the Enable
Snapshot Directories check box. The volume must have Snapshot Directory Access
enabled. For more details, see “Snapshot Directory Access” on page 113.
Note: Snapshot directory access can add a significant load to the Nasuni Filer.
Note: When Enable Snapshot Directories is enabled on a CIFS share, you cannot
delete directories from the client.
Note: The setting of Windows Previous Versions is independent of the setting of
Snapshot Directory Access.
Tip: If "Snapshot Directory Access" is enabled on a volume and “Enable Snapshot
Directories” is enabled on a CIFS share of that volume, then directories in that
CIFS share on that volume cannot be deleted.
q. If the Security of this Nasuni Filer is Directory Services, then User Folders Support is
available. To enable User Folders Support, select Enabled from the User Folders Support
drop-down list. Otherwise, select Disabled from the User Folders Support drop-down list.
If enabled, the target folder path for the CIFS share is automatically appended with a folder
named for the user. For example, the CIFS share “homes” that points to the folder “/homes”
mounted by the user “rudyg” results in a mapping to “/homes/rudyg”. This can simplify
setting up multiple CIFS shares for multiple users.
Nasuni Filer Administration Guide 8.0
131
Volumes Page
Changing Volume Properties
In addition, you can modify the name of the CIFS share to include the wildcard “%U” to
represent the user name. For example, the wildcard CIFS share name:
%U_share
for the user “rudyg” becomes the CIFS share name:
rudyg_share
If the CIFS share “%U_share” maps to the folder “/homes”, then, when the user maps
“rudyg_share”, the resulting location is “/homes/rudyg”.
Tip: You cannot create an internal link to folders created by using the "%U" wildcard
in the CIFS share name.
Note: If you use this option, disabling case sensitivity is recommended.
Note: Even if Case-Sensitive Paths is not enabled, UNC paths accessed via User
Folders Support are case-sensitive.
Enable
r.
To enable access by mobile devices, such as iPhones and Android phones, select the Sync
and Mobile Access check box. For more details on the Mobile Service, see “Nasuni Sync
and Mobile Access” on page 273 and “Nasuni Mobile Access” on page 185. See
www.nasuni.com/support/documentation for a worksheet for planning configurations.
Also, to enable access using the Nasuni Desktop Client, select the Sync and Mobile Access
check box. For more details on the Nasuni Desktop Client, see “Nasuni Desktop Client” on
page 202. See www.nasuni.com/support/documentation for the Nasuni Desktop Client
Administrator Guide and the Nasuni Desktop Client User Guide.
s. To enable Web Access to files and folders, including creating shared links, select the Web
Access check box. The Web Access Settings pane appears. For more details on Web
Access, see “Web Access” on page 177.
Continue with specific instructions at “Web Access Settings” on page 134.
Note: Web Access is not available with LDAP Directory Services security.
t.
Asynchronous I/O enables concurrent read and write access to the share. To enable
Asynchronous I/O, select Enable Asynchronous I/O. Asynchronous I/O is enabled by
default.
u. To enable support for the SMB2 protocol for Mac OS X clients, select Enhanced Support for
Mac OS X. Enabling this can speed up performance for Mac OS X clients.
v. To select handling of SMB encryption for CIFS clients, from the SMB Encryption drop-down
list, select one of the following options:
•
Optional: It is optional for clients to use SMB encryption when connecting to the share.
SMB3 encryption is enabled if the client machine specifically requests it. This is the
default.
•
Desired: It is desired that clients use SMB encryption when connecting to the share. The
Nasuni Filer requests that the client machine use SMB3 encryption. If the client supports
SMB3 encryption, the connection is encrypted.
Nasuni Filer Administration Guide 8.0
132
Volumes Page
•
Changing Volume Properties
Required: It is required that clients use SMB encryption when connecting to the share.
All clients must use SMB3 encryption. If a client does not support SMB3 encryption, the
client is not allowed to mount the CIFS share on the Nasuni Filer.
Note: This includes SMB3 encryption for Windows clients.
Tip: SMB encryption enhances security and prevents snooping on client traffic.
Windows clients should use SMB3 encryption if it is enabled on the CIFS share
that they are connecting to.
11. To create the CIFS share, click Save Share. The CIFS share is created and ready for use.
In Windows, you can map a drive to a new shared folder as explained in “Mapping a Windows network
drive to a CIFS share” on page 169. In Linux and UNIX, you can mount a CIFS share, as explained in
“Mounting a CIFS share in Linux or UNIX” on page 173.
Nasuni Filer Administration Guide 8.0
133
Volumes Page
Changing Volume Properties
Web Access Settings
In the Web Access Settings pane, you can specify details about Shared Links.
A shared link is a URL that points to a specific file or folder within Web Access. This can be useful for
providing a trusted partner or contractor with secure access to a folder or file that they do not have
credentials to access directly. For more details on shared links, see “Shared Links” on page 179. You
can control how long until the shared link expires, whether a password is required, and who is allowed
to create shared links.
Tip: You can change the logo and the primary and secondary colors of the Web Access
display for branding purposes. See “Web Access Branding” on page 397.
If Web Access is enabled, the Web Access Settings pane appears.
Figure 6-71: Web Access Settings pane.
To configure shared links, follow these steps:
1. To allow creating shared links, select Enable Shared Links.
2. If Shared Links are enabled, in the External Hostname text box, optionally enter an external
hostname that users can access for the shared links.
3. If shared links are enabled, in the Maximum Expiration text box, enter the maximum number of
days until a shared link expires. To specify that there is no limit to the time until expiration, enter
0 (zero).
4. If shared links are enabled, to specify that any shared links must include a password, select
Require Password.
Nasuni Filer Administration Guide 8.0
134
Volumes Page
Changing Volume Properties
5. If shared links are enabled, to allow creating shared links that permit writing to directories,
select Allow Writable Shared Links to Directories.
6. If shared links are enabled, select either Allow all Users or Allow only specified Groups and
Users from the Shared Link Permissions drop-down list.
7. If shared links are enabled, and you selected Allow only specified Groups and Users, you can
specify the groups and users who can create shared links.
Note: If you specify groups and also specify users within the specified groups, the
Access for the specified users is given by this table:
If the group Access is
and the user Access is: then the user’s actual Access
is:
Deny
Deny
Deny
Deny
Read-Write
Deny
Deny
Read-Only
Deny
Read-Write
Deny
Deny
Read-Write
Read-Write
Read-Write
Read-Write
Read-Only
Read-Write
Read-Only
Deny
Deny
Read-Only
Read-Write
Read-Write
Read-Only
Read-Only
Read-Only
If a user is not a member of a specified group, then the Access specification for the
user is not affected by the Access specification for the specified group.
If a user is a member of two or more groups, the group Access in the above table is
as follows:
•
If the group Access for at least one of the groups is Deny, then the group Access in the
table above is Deny.
•
If none of the groups’ Access is Deny, but the group Access for at least one of the
groups is Read-Write, then the group Access in the table above is Read-Write.
•
Otherwise, the group Access in the table above is Read-Only.
Nasuni Filer Administration Guide 8.0
135
Volumes Page
Changing Volume Properties
Follow these steps:
a. To add one group, follow these steps:
i.
In the Groups area, click Add One. The Domain\Name search box appears.
Figure 6-72: Add One Name search box.
ii. Enter a partial or complete group name, then click Search
. The Select Group dialog
box appears, containing the partial or complete group name.
Figure 6-73: Select Group dialog box.
iii. To control the range of the search, select one of the following:
•
All: To search through all groups.
•
Domain only: To search though domain groups only.
•
Native only: To search through native groups only.
iv. Click Search. A list of groups that match your search appears.
v. Select the group, then click Add Selected Group. The selected group appears in the
Groups area.
Figure 6-74: Groups area.
b. To add more than one group, follow these steps:
i.
In the Groups area, click Add Many. The Select Groups dialog box appears.
ii. In the Search text box, enter a partial or complete group name.
Nasuni Filer Administration Guide 8.0
136
Volumes Page
Changing Volume Properties
iii. To control the range of the search, select one of the following:
•
All: To search through all groups.
•
Domain only: To search though domain groups only.
•
Native only: To search through native groups only.
iv. Click Search. A list of groups that match your search appears.
v. Select the groups, then click Add Selected Groups. The selected groups appear in the
Groups area.
c. For each group in the Groups list, from the Access drop-down list, select either Read-Write,
Read-Only, or Deny.
d. To delete a group from the Groups list, click Delete next to the group name. The group is
deleted from the list.
e. To add one user, follow these steps:
i.
In the Users area, click Add One. The Name search box appears.
Figure 6-75: Add One Name search box.
ii. Enter a partial or complete user name, then click Search
appears, containing the partial or complete user name.
. The Select User dialog box
Figure 6-76: Select User dialog box.
iii. To control the range of the search, select one of the following:
•
All: To search through all users.
•
Domain only: To search though domain users only.
•
Native only: To search through native users only.
Nasuni Filer Administration Guide 8.0
137
Volumes Page
Changing Volume Properties
iv. Click Search. A list of users that match your search appears. Select the user, then click
Add Selected User. The selected user appears in the Users area.
Figure 6-77: Users area.
f.
To add more than one user, follow these steps:
i.
In the Users area, click Add Many. The Select Users dialog box appears.
ii. In the Search text box, enter a partial or complete user name.
iii. To control the range of the search, select one of the following:
•
All: To search through all users.
•
Domain only: To search though domain users only.
•
Native only: To search through native users only.
iv. Click Search. A list of users that match your search appears.
v. Select the users, then click Add Selected Users. The selected users appear in the Users
area.
g. For each user in the Users list, from the Access drop-down list, select either Read-Write,
Read-Only, or Deny.
h. To delete a user from the Users list, click Delete next to the user name. The user is deleted
from the list.
8. Continue with the procedure at step t on page 132.
Nasuni Filer Administration Guide 8.0
138
Volumes Page
Changing Volume Properties
Editing a CIFS Share
Edit
You can edit the features of any CIFS share after you create it.
See www.nasuni.com/support/documentation for a worksheet for planning configurations.
To edit the features of a shared folder:
1. Click Volumes, then select a volume that has the CIFS protocol enabled from the list.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. The Volume properties page appears. The Total Shares status is visible.
Figure 6-78: Total Shares status.
3. Click the Total Shares status. Alternatively, select CIFS Shares from the Properties dropdown list. The CIFS Shares page appears.
Figure 6-79: CIFS Shares page.
Nasuni Filer Administration Guide 8.0
139
Volumes Page
Changing Volume Properties
4. For the CIFS share that you want to edit, click Edit Share. The Add CIFS Share/Edit Settings
page appears.
Figure 6-80: Add CIFS Share/Edit Settings page.
5. For details about CIFS share settings, see “Adding a New CIFS Share to a Volume” on
page 125.
6. Make your edits, then click Save Share. Your changes are saved.
Nasuni Filer Administration Guide 8.0
140
Volumes Page
Changing Volume Properties
Deleting a CIFS Share
Delete
You can delete a CIFS share. Deleting a CIFS share does not delete any of your data. It deletes the
access point to the data.
To delete a CIFS share:
1. Click Volumes, then select a volume that has the CIFS protocol enabled from the list.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. The Volume properties page appears. The Total Shares status is visible.
Figure 6-81: Total Shares status.
3. Click the Total Shares status. Alternatively, select CIFS Shares from the Properties dropdown list. The CIFS Shares page appears.
Figure 6-82: CIFS Shares page.
4. For the CIFS share that you want to delete, click Delete Share.
The Confirm Share Delete dialog box appears.
5. The share name appears in the dialog box. Confirm that the correct share is about to be
deleted.
6. Click Confirm Delete. The CIFS share is removed. Alternatively, click Cancel to exit the dialog
box without deleting the share.
Nasuni Filer Administration Guide 8.0
141
Volumes Page
Changing Volume Properties
Viewing an NFS Export
You can view existing NFS exports.
To view NFS exports:
1. Click Volumes, then select a volume that has the NFS protocol enabled from the list.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. The Volume properties page appears. The Total Exports status is visible.
Figure 6-83: Total Exports status.
3. Click the Total Exports status. Alternatively, select NFS Exports from the Properties dropdown list. The NFS Exports page appears.
Figure 6-84: NFS Exports page.
4. For each exported directory, information about the NFS export appears, including the Name of
the NFS export, the Path of the exported directory, and available Actions, such as Edit Export
and Delete Export.
Nasuni Filer Administration Guide 8.0
142
Volumes Page
Changing Volume Properties
Adding an NFS Export to a Volume
Create
You can add an NFS export to a volume that has the NFS protocol enabled.
Tip: You can only add NFS exports to a volume that has the NFS protocol enabled. To create
an NFS volume, see “Adding a Volume” on page 51. To enable the NFS protocol for a
volume, see “Enabling multiple volume protocols” on page 161.
To add an NFS export to an NFS volume:
1. Click Volumes, then select a volume that has the NFS protocol enabled from the list.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. The Volume properties page appears. The Total Exports status is visible.
Figure 6-85: Total Exports status.
3. Click the Total Exports status. Alternatively, select NFS Exports from the Properties dropdown list. The NFS Exports page appears.
Figure 6-86: NFS Exports page.
Nasuni Filer Administration Guide 8.0
143
Volumes Page
Changing Volume Properties
4. Click Add New Export. The Add NFS Export/Edit Settings page appears.
Figure 6-87: Add NFS Export/Edit Settings page.
5. Click the Directory text box and navigate to the directory you want.
6. In the Name text box, enter a name for this NFS export. The following characters are not valid
for NFS export names:
< > : " / \ | ? *
7. Optionally, enter a descriptive comment in the Comment text box.
8. In the Allowed Hosts text box, enter the hostname or IP address with optional netmask that is
allowed to access the NFS export folder on your network. If you leave this field blank, all users
on your network have access to the NFS export without restrictions. Only a single entry is
allowed, however, the hostname can contain the * character as a wildcard.
9. From the Access Mode drop-down list, select an access mode. Your choices are:
•
Normal Users Permitted (root_squash): All users who have User IDs (UIDs) greater than
zero can map to the NFS export. (Typically, users with a UID of zero (root user) are forcibly
mapped to the anonymous NFS UID.) This is the same as “root_squash” on UNIX systems: it
reduces the access rights for a remote superuser (root).
•
All Users Permitted (no_root_squash): All users can map to the NFS export with their
normal UID. This is the same as “no_root_squash” on UNIX systems: it allows remote root
users to have root access.
•
Anonymize All Users (all_squash): All users are forcibly mapped to the anonymous NFS
UID. This is the same as “all_squash” on UNIX systems: it converts all users to the
anonymous UID and GID.
Nasuni Filer Administration Guide 8.0
144
Volumes Page
Changing Volume Properties
10. If you want the NFS export folder to be Read Only for users on the network, select the Read
Only check box. This means that users can access the NFS export, but have Read Only rights
and therefore cannot make changes to any of the files that reside in the NFS exported folder.
11. Click Show Advanced Options. Advanced options appear.
From the Performance Tuning drop-down list, select the type of Performance Tuning. The
choices include the following:
•
Default (sync): Replies to each NFS request only after all data has been stored to disk. This
is safer than async, but there is a delay between the store and the reply.
•
No Write Delay (no_wdelay / sync): If NFS deduces a likelihood of a related storage
request arriving soon, then NFS’s optimization algorithm delays storage. This saves disk
writes and can speed performance. However, if NFS deduces incorrectly, this behavior
causes a delay in every request. The no_wdelay option eliminates the delay.
•
Asynchronous Replies (async): Replies to requests before the data is stored to disk.
Warning: This improves performance, but can result in lost data if the server goes
down.
12. To accept your selections, click Save Export. Your changes are saved. A “Created NFS Export
- <Directory Name>” message appears.
The NFS export is created and ready for use. The NFS export is available to clients under
/nfs/<Directory name> and exposes the directory within the volume. To mount an NFS
export in Linux or UNIX, see “Mounting an NFS export in Linux or UNIX” on page 176.
Nasuni Filer Administration Guide 8.0
145
Volumes Page
Changing Volume Properties
Editing an NFS Export
Edit
You can edit the features of any NFS export after you create it.
To edit the features of an NFS export:
1. Click Volumes, then select a volume that has the NFS protocol enabled from the list.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. The Volume properties page appears. The Total Exports status is visible.
Figure 6-88: Total Exports status.
3. Click the Total Exports status. Alternatively, select NFS Exports from the Properties dropdown list. The NFS Exports page appears.
Figure 6-89: NFS Exports page.
Nasuni Filer Administration Guide 8.0
146
Volumes Page
Changing Volume Properties
4. For the NFS export you want to edit, click Edit Export. The Add NFS Export/Edit Settings
page appears.
Figure 6-90: Add NFS Export/Edit Settings page.
For details about NFS export settings, see “Adding an NFS Export to a Volume” on page 143.
5. Make your edits, then click Save Export. Your changes are saved.
Nasuni Filer Administration Guide 8.0
147
Volumes Page
Changing Volume Properties
Multiple hosts for an NFS export
Multiple
You can enable multiple hosts for a given NFS export. Each host can have different host options,
including allowed hosts, access mode, read only, and performance tuning.
To enable additional hosts for a given NFS export, follow these steps:
1. Click Volumes, then select a volume that has the NFS protocol enabled from the list.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. The Volume properties page appears. The Total Exports status is visible.
Figure 6-91: Total Exports status.
3. Click the Total Exports status. Alternatively, select NFS Exports from the Properties dropdown list. The NFS Exports page appears.
Figure 6-92: NFS Exports page.
4. For the export for which you want to define an additional host, click Host Options. The NFS
Host Options dialog box appears.
Figure 6-93: NFS Host Options dialog box.
Nasuni Filer Administration Guide 8.0
148
Volumes Page
Changing Volume Properties
5. To add new NFS host options, click Add. The NFS Export: Host Options dialog box appears.
Figure 6-94: NFS Export: Host Options dialog box.
a. In the Allowed Hosts text box, enter a hostname or IP address with optional netmask that is
allowed to access the NFS export folder on your network. If you leave this field blank, all users
on your network have access to the NFS export without restrictions. Only a single entry is
allowed, however, the hostname can contain the * character as a wildcard.
b. From the Access Mode drop-down list, select an access mode. Your choices are:
•
Normal Users Permitted (root_squash): All users who have User IDs (UIDs) greater
than zero can map to the NFS export. (Typically, users with a UID of zero (root user) are
forcibly mapped to the anonymous NFS UID.) This is the same as “root_squash” on
UNIX systems: it reduces the access rights for a remote superuser (root).
•
All Users Permitted (no_root_squash): All users can map to the NFS export with their
normal UID. This is the same as “no_root_squash” on UNIX systems: it allows remote
root users to have root access.
•
Anonymize All Users (all_squash): All users are forcibly mapped to the anonymous
NFS UID. This is the same as “all_squash” on UNIX systems: it converts all users to the
anonymous UID and GID.
c. If you want the NFS export folder to be Read Only for users on the network, select the Read
Only check box. This means that users can access the NFS export, but have Read Only rights
and therefore cannot make changes to any of the files that reside in the NFS exported folder.
Nasuni Filer Administration Guide 8.0
149
Volumes Page
Changing Volume Properties
d. From the Performance Tuning drop-down list, select the type of Performance Tuning. The
choices include the following:
•
Default (sync): Replies to each NFS request only after all data has been stored to disk.
This is safer than async, but there is a delay between the store and the reply.
•
No Write Delay (no_wdelay / sync): If NFS deduces a likelihood of a related storage
request arriving soon, then NFS’s optimization algorithm delays storage. This saves disk
writes and can speed performance. However, if NFS deduces incorrectly, this behavior
causes a delay in every request. The no_wdelay option eliminates the delay.
•
Asynchronous Replies (async): Replies to requests before the data is stored to disk.
Warning: This improves performance, but can result in lost data if the server
goes down.
e. To accept your selections, click Save Options. Your changes are saved.
Figure 6-95: NFS Export: Host Options dialog box.
6. To edit existing NFS host options, for the export whose host you want to edit, click Edit. The
NFS Export: Host Options dialog box appears. Follow the same steps from step a on page
page 149 through step e on page page 150.
7. To delete an existing host, for the export from which you want to delete a host, click Delete. The
remove “NFS Host Option?” dialog box appears. To delete the specified host, click Delete.
8. To save the host options in the NFS Host Options list, click Save. The host options are saved.
Alternatively, to exit this screen without changing the export, click the Close button.
Nasuni Filer Administration Guide 8.0
150
Volumes Page
Changing Volume Properties
Deleting an NFS Export
Delete
You can delete an NFS export. Deleting an NFS export does not delete any of your data. It deletes the
access point to the data.
To delete an NFS export:
1. Click Volumes, then select a volume that has the NFS protocol enabled from the list.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. The Volume properties page appears. The Total Exports status is visible.
Figure 6-96: Total Exports status.
3. Click the Total Exports status. Alternatively, select NFS Exports from the Properties dropdown list. The NFS Exports page appears.
Figure 6-97: NFS Exports page.
4. For the NFS export you want to delete, click Delete Export.
The Confirm Export Delete dialog box appears.
5. Click Confirm Delete. The NFS export is removed.
Nasuni Filer Administration Guide 8.0
151
Volumes Page
Changing Volume Properties
FTP Directories
You can create, view, edit, and delete FTP/SFTP directories for volumes that have the FTP protocol
enabled. This enables you to allow FTP/SFTP access to directories and files without adding new users.
Tip: In order to access data using the FTP/SFTP protocol, the following steps are necessary:
1. Create a CIFS or NFS volume. See “Adding a Volume” on page 51.
2. Enable the FTP protocol on the volume. See “Enabling multiple volume protocols” on
page 161.
3. (Optional) Configure FTP settings. See “Configuring FTP settings” on page 306.
4. Add a new FTP/SFTP directory. See “Adding FTP directories for a volume” on page 153.
5. (Optional) Create a permission group that has storage access. See “Adding Permission
Groups” on page 383.
6. (Optional) Create a user in a permission group that has storage access. See “Adding Users”
on page 389. Active Directory and LDAP users can log in for FTP access just as they do for
CIFS access. Also, if anonymous access is enabled, you don't need a specific group or user.
7. Access files using the FTP/SFTP protocol. See “Accessing data using the FTP/SFTP
protocol” on page 167.
Viewing FTP directories
To view FTP/SFTP directories for a volume, follow these steps:
1. Click Volumes, then select a volume that has the FTP protocol enabled from the list.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. The Volume properties page appears. Select FTP Directories from the Properties drop-down
list. The FTP Directories page appears.
Figure 6-98: FTP Directories page.
For each FTP/SFTP directory, the following information is displayed:
•
Name: The name of the FTP/SFTP directory.
•
Path: The path to the FTP/SFTP directory.
Nasuni Filer Administration Guide 8.0
152
Volumes Page
Changing Volume Properties
Adding FTP directories for a volume
Tip: You can only create FTP/SFTP directories for volumes that have the FTP protocol
enabled. To enable the FTP protocol for a volume, see “Enabling multiple volume
protocols” on page 161. To configure FTP settings for this Nasuni Filer, see “Configuring
FTP settings” on page 306.
To create a new FTP/SFTP directory for a volume, follow these steps:
1. On the FTP Directories page for a volume, click Add New FTP Directory. The Add FTP
Directory / Edit Settings page appears.
Figure 6-99: Add FTP Directory / Edit Settings page.
2. Click the Directory text box and navigate to the directory you want to access using FTP/SFTP.
Nasuni Filer Administration Guide 8.0
153
Volumes Page
Changing Volume Properties
3. In the Name text box, enter a name for this FTP/SFTP directory. The following characters are
not valid for FTP/SFTP directory names:
< > : " / \ | ? *
Tip: For Windows uses, see Naming Files, Paths, and Namespaces.
4. Optionally, enter a descriptive comment in the Comment text box.
5. If you want the FTP/SFTP directory to be read-only, select the Read Only check box. This
means that users can access the FTP/SFTP directory, but only have read-only rights and
therefore cannot make changes to any of the files or directories in the FTP/SFTP directory.
6. From the Visibility drop-down list, select the visibility of the new FTP/SFTP directory. Your
choices are:
•
Default: Every file is visible to the user. However, even if a file is visible to the user, the user
might not be able to access the file because of permissions.
•
Hide Unreadable: Files that the user does not have permission to access are not visible to
the user.
•
Invisible: No files are visible to the user. However, if a user has the filename of a file, and the
appropriate permission, the user can access the file.
7. To control the permissions on new files in this FTP/SFTP directory, there are several choices,
which use umask settings to represent read, write, and execute permissions for the user, the
group, and others. Select one of the following choices from the Permissions on New Files
drop-down menu:
•
No Extra Restrictions (Default): The owner, the group, and all others have all permissions
for all files in this FTP/SFTP directory. This is a umask setting of 000, which, for a requested
permission of 777, produces 777.
•
Read-Only Others: The owner and the group have all permissions for all files in this FTP/
SFTP directory. Others can only read all files in this FTP/SFTP directory. This is a umask
setting of 002, which, for a requested permission of 777, produces 775.
•
Read-Only Groups and Others: The owner has all permissions for all files in this FTP/SFTP
directory. The group and others can only read all files in this FTP/SFTP directory. This is a
umask setting of 022, which, for a requested permission of 777, produces 755.
•
Restrict Others: The owner and the group have all permissions for all files in this FTP/SFTP
directory. Others have no permissions for all files in this FTP/SFTP directory. This is a umask
setting of 006, which, for a requested permission of 777, produces 771.
•
Restrict Groups and Others: The owner has all permissions for all files in this FTP/SFTP
directory. The group and others have no permissions for all files in this FTP/SFTP directory.
This is a umask setting of 066, which, for a requested permission of 777, produces 711.
•
Read-Only Groups, Restrict Others: The owner has all permissions for all files in this FTP/
SFTP directory. The group can only read all files in this FTP/SFTP directory. Others have no
permissions for all files in this FTP/SFTP directory. This is a umask setting of 026, which, for
a requested permission of 777, produces 751.
Nasuni Filer Administration Guide 8.0
154
Volumes Page
Changing Volume Properties
8. To control which hosts are allowed to connect to this FTP/SFTP directory, in the IP
Restrictions text box, enter a comma-separated list of the IP addresses or subnet addresses of
the hosts that are allowed to access this FTP/SFTP directory. If you leave this field blank, all
hosts on your network have access to this FTP/SFTP directory without restrictions.
Note: You cannot use IP Restrictions in conjunction with Allowed Users/Groups in step 9
on page 155.
9. To control the users and groups that have access to the FTP/SFTP directory, from the Allowed
Users/Groups drop-down list, select one of the following choices.
•
Everyone: Allows all users and groups to access the FTP/SFTP directory.
•
Anonymous Only: Allows only the anonymous user to access the FTP/SFTP directory. This
selection is only available if Anonymous is enabled, as in step 10 on page 158.
•
Specific Users/Groups: Allows you to specify the users and groups that have access to
this FTP/SFTP directory. The Allowed Groups and Allowed Users areas appear.
Note: You cannot use Allowed Users/Groups in conjunction with IP Restrictions in step 8
on page 155.
Tip: A user can access the FTP/SFTP directory if the user is accessing the FTP/SFTP
directory from one of the allowed hosts and is either one of the allowed users or a
member of one of the allowed groups.
Tip: To specify users or groups, the users or groups must have Storage Access enabled. See
“Users and Groups” on page 380.
a. To add one group, follow these steps:
i.
In the Allowed Groups area, click Add One. The Name search box appears.
Figure 6-100: Add One Name search box.
ii. Enter a partial or complete group name, then click Search
. The Select Group dialog
box appears, containing the partial or complete group name.
Figure 6-101: Select Group dialog box.
Nasuni Filer Administration Guide 8.0
155
Volumes Page
Changing Volume Properties
iii. To control the range of the search, select one of the following:
•
All: To search through all groups.
•
Domain only: To search though domain groups only.
•
Native only: To search through native groups only.
iv. Click Search. A list of groups that match your search appears. Select the group to define
access for, then click Add Selected Group. The selected group appears in the Allowed
Groups area.
Figure 6-102: Allowed Groups area.
b. To add more than one group, follow these steps:
i.
In the Allowed Groups area, click Add Many. The Select Groups dialog box appears.
ii. In the Search text box, enter a partial or complete group name.
iii. To control the range of the search, select one of the following:
•
All: To search through all groups.
•
Domain only: To search though domain groups only.
•
Native only: To search through native groups only.
iv. Click Search. A list of groups that match your search appears.
v. Select the groups to define access for, then click Add Selected Groups. The selected
groups appear in the Allowed Groups area.
c. To delete a group from the Allowed Groups list, click Delete next to the group name. The
group is deleted from the list.
d. To add one user, follow these steps:
i.
In the Allowed Users area, click Add One. The Name search box appears.
Figure 6-103: Add One Name search box.
Nasuni Filer Administration Guide 8.0
156
Volumes Page
Changing Volume Properties
ii. Enter a partial or complete user name, then click Search
appears, containing the partial or complete user name.
. The Select User dialog box
Figure 6-104: Select User dialog box.
iii. To control the range of the search, select one of the following:
•
All: To search through all users.
•
Domain only: To search though domain users only.
•
Native only: To search through native users only.
iv. Click Search. A list of users that match your search appears. Select the user to define
access for, then click Add Selected User. The selected user appears in the Allowed
Users area.
Figure 6-105: Allowed Users area.
e. To add more than one user, follow these steps:
i.
In the Allowed Users area, click Add Many. The Select Users dialog box appears.
ii. In the Search text box, enter a partial or complete user name.
iii. To control the range of the search, select one of the following:
•
All: To search through all users.
•
Domain only: To search though domain users only.
•
Native only: To search through native users only.
iv. Click Search. A list of users that match your search appears.
v. Select the users to define access for, then click Add Selected Users. The selected users
appear in the Allowed Users area.
f.
To delete a user from the Allowed Users list, click Delete next to the user name. The user is
deleted from the list.
Nasuni Filer Administration Guide 8.0
157
Volumes Page
Changing Volume Properties
10. To allow anonymous FTP access, select the Anonymous check box.
Tip: If anonymous FTP access is enabled, any user can access the FTP/SFTP directory.
11. To hide ownership details in directories, select Hide Ownership in Listings. This can enhance
security.
12. To accept your selections, click Save Directory.
The FTP/SFTP directory is created and appears in the list of FTP/SFTP directories. The FTP/
SFTP directory is available to users.
Alternatively, to exit this screen without creating an FTP/SFTP directory, click the Reset button.
Editing FTP directories
To edit the selected FTP/SFTP directory, click Edit Directory, then follow the steps of “Adding FTP
directories for a volume” on page 153.
Nasuni Filer Administration Guide 8.0
158
Volumes Page
Changing Volume Properties
Deleting FTP directories
To delete the selected FTP/SFTP directory access point (not the data), follow these steps:
1. Click Volumes, then select a volume that has the FTP protocol enabled from the list.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. The Volume properties page appears. Select FTP Directories from the Properties drop-down
list. The FTP Directories page appears.
Figure 6-106: FTP Directories page.
3. For the FTP/SFTP directory you want to delete, click Delete Directory.
The Confirm Directory Delete dialog box appears.
4. Click Confirm Delete. The FTP/SFTP directory is removed.
Nasuni Filer Administration Guide 8.0
159
Volumes Page
Changing Volume Properties
Multiple Volume Protocols
You can assign CIFS, NFS, and FTP protocols to existing CIFS and NFS volumes. This enables you to
allow access to data using multiple protocols. This might be helpful for simplifying access by users or
applications.
Tip: You cannot assign multiple protocols to a volume to which a volume running a pre-6.0
version is connected. Update the connected volume to version 6.0 or later first, then
perform a snapshot for the volume.
Caution: A case-insensitive volume cannot have multiple volume protocols. To use
multiple volume protocols, you must create the volume as case-sensitive. See
step 11 on page 55.
Note: If this volume has Remote Access enabled and other volumes connect to this volume,
the connected volumes inherit the same protocols as this volume. If these protocols
change, the connected volumes inherit the changed protocols. This can take some
time. You can refresh the volume connections in order to inherit the changed protocols
immediately. The connected Nasuni Filer must be running version 6.0 or later software
in order to connect to a remote volume that has multiple protocols defined.
Tip: In order to access data using the FTP/SFTP protocol, the following steps are necessary:
• Create a volume. See “Adding a Volume” on page 51.
• Enable the FTP protocol on the volume. See “Enabling multiple volume protocols” on
page 161.
• (Optional) Configure FTP settings. See “Configuring FTP settings” on page 306.
• Add a new FTP/SFTP directory. See “Adding FTP directories for a volume” on
page 153.
• (Optional) Create a permission group that has storage access. See “Adding
Permission Groups” on page 383.
• (Optional) Create a user in a permission group that has storage access. See “Adding
Users” on page 389.
• Access files using the FTP/SFTP protocol. See “Accessing data using the FTP/SFTP
protocol” on page 167.
Warning: Protocols work in parallel. Enabling an additional protocol to an original
protocol does not affect the original protocol. However, writing data to the
volume using one protocol can affect the permissions or other metadata used
by another protocol. This can inadvertently affect permissions in unexpected
ways.
Viewing multiple volume protocols
To view the protocols that are enabled for a volume, follow these steps:
1. Click Volumes, then select the volume from the list.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
Nasuni Filer Administration Guide 8.0
160
Volumes Page
Changing Volume Properties
2. The Volume properties page appears. The Protocol status is visible.
Figure 6-107: Protocol status.
If multiple protocols are enabled for a volume, the protocols are listed.
Enabling multiple volume protocols
To enable CIFS, NFS, or FTP protocols for a CIFS or NFS volume, follow these steps:
1. Click Volumes, then select a CIFS or NFS volume from the list.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. Select Protocols from the Properties drop-down list. The Enabled Volume Protocols page
appears.
Figure 6-108: Enabled Volume Protocols page.
The currently enabled protocols for the volume are selected.
3. To enable another protocol, select that protocol also.
Warning: After enabling a protocol, you cannot disable that protocol.
4. From the Volume Permissions Policy drop-down list, select one of the following:
•
UNIX/NFS Permissions Only Mode: Default mode for NFS volumes. Recommended for
primary or heavy NFS use. Not recommended for Windows users. Only the traditional
UNIX mode bits control permissions (chmod). Windows can view permissions as access
control lists (ACLs), but cannot add or remove access control entries (ACEs). Windows
CIFS users can change permissions using the Security tab of the Windows Properties
dialog box.
Nasuni Filer Administration Guide 8.0
161
Volumes Page
Changing Volume Properties
•
NTFS Compatible Mode: Default mode for CIFS volumes on Nasuni Filers joined to
Active Directory. This mode is required for multiple protocol support, such as NFS or
FTP/SFTP protocols, as well as CIFS/SMB. NFS and FTP/SFTP protocols cannot see all
NTFS permissions and do not obey all access rules in NTFS permissions. NFS and FTP/
SFTP protocols obey only the POSIX access control list (ACL) component of inheritance
rules. A high level of Windows compatibility is supported through the CIFS/SMB
protocol, with some limitations.
•
NTFS Exclusive Mode: Optional mode for CIFS volumes on Nasuni Filers joined to
Active Directory. Recommended for CIFS volumes that do not require mixed mode
access, because multiple protocols, such as NFS or FTP/SFTP, are not supported.
Produces full NTFS permissions, as supported on CIFS/SMB. Windows clients obey
inheritance rules. This policy has the greatest Windows compatibility.
Important: You cannot switch from NTFS Exclusive Mode to NTFS Compatible
Mode.
Important: Volumes in NTFS Exclusive Mode do not support multiple protocols.
•
POSIX Mixed Mode: Default mode for CIFS volumes on Nasuni Filers joined to LDAP.
Recommended for combined CIFS and FTP/SFTP volumes, with light NFS use. Also
recommended for CIFS-only volumes with Linux or Mac clients, with UNIX extensions
enabled. Access control lists (ACLs) are supported entirely through POSIX ACLs.
Windows clients receive mapping of POSIX ACLs to NTFS ACLs. However, the
mappings are not as complete as mappings done for NTFS Compatible Mode. NFS
clients cannot view the ACLs.
The NFSv4 protocol automatically translates the underlying ACLs to NFSv4 ACLs. The
common tools for managing POSIX ACLs are not supported on NFSv4. To manage
ACLs using NFSv4, you must use the NFSv4 ACL tools. Not all Nasuni Filers support
NFSv4. You can check whether NFSv4 is supported on the NFS Status page (Nasuni
Filers) or the Exports page (NMC).
•
Unauthenticated Access Mode: Default mode for CIFS volumes on Nasuni Filers that
are not joined to Active Directory or to LDAP. Recommended for CIFS Public-mode
volumes. For CIFS clients, this mode acts as an open share. For all other protocols, this
mode acts identically to POSIX Mixed Mode.
5. Click Save.
The selected protocol is enabled.
Tip: To add a CIFS share to a volume, see “Adding a New CIFS Share to a Volume” on
page 125. To add an NFS export to a volume, see “Adding an NFS Export to a Volume”
on page 143. To add an FTP/SFTP directory to a volume, see “Adding FTP directories
for a volume” on page 153.
Tip: To configure CIFS settings for this Nasuni Filer, see “Configuring CIFS settings” on
page 308. To configure FTP settings for this Nasuni Filer, see “Configuring FTP settings”
on page 306.
Nasuni Filer Administration Guide 8.0
162
Chapter 7: Managing Data
This section is about managing data, which includes:
•
Adding data to volumes.
•
Accessing data stored on Nasuni Filers.
Adding Data to Volumes
There are several ways to move data to a volume, including the following:
•
Automated data migration, as described in “Data Migration” on page 238.
•
Sync data from other Nasuni Filers, as described in “Sync Scheduling” on page 110.
•
Web Access, as described in “Web Access” on page 177.
•
Copying data from local or network drives to the volume.
This section gives details on copying data from local or network drives to the volume.
Accessing volumes
There are several ways to access Nasuni Filer volumes, including the following:
•
In Windows, you can map network drives to volumes, as described in “Mapping a Windows
network drive to a CIFS share” on page 169.
•
In Windows, you can access iSCSI volumes, as described in “Accessing an iSCSI volume in
Windows” on page 170.
•
You can use a VMware client, such as the VMware vSphere Client, to define NFS datastores.
See “Defining NFS datastores using VMware client” on page 175.
•
In Linux or UNIX, you can mount volumes, as described in “Mounting a CIFS share in Linux or
UNIX” on page 173 and “Mounting an NFS export in Linux or UNIX” on page 176.
•
You can access FTP/SFTP directories using an FTP client with the FTP/SFTP protocol.
Nasuni Filer Administration Guide 8.0
163
Managing Data
Adding Data to Volumes - Adding data to a volume -
Adding data to a volume
After you have established access to a Nasuni Filer volume, you can add data to that volume in several
ways.
Tip: Before adding data to a Nasuni Filer, it is a Best Practice to clean up historical and
orphaned SIDs. This can help prevent later difficulties with permissions. For more details,
see CIFS Permissions Best Practices.
In Windows, you can use Windows Explorer to access volumes mapped to network drives, then copy
and paste data to volumes:
Figure 7-1: Accessing volume with Windows Explorer.
In Windows, you can use command line instructions to navigate to volumes mapped to network drives,
then copy data to the volume:
Q:\>cd documents_2013
Q:\documents_2013>copy c:\
Nasuni_Filer_Administration_Guide_v3.1.pdf .
In Linux or UNIX, you can use command line instructions to navigate to mounted volumes, then copy
data to the volume:
Station1: User2$ cd docs
Station1:docs User2$ ls
Nasuni_Filer_Administration_Guide_v3.1.pdf
Station1:docs User2$ cp /<source>/
Nasuni_Filer_Administration_Guide_v5.1.pdf .
You can access FTP/SFTP directories using an FTP client with the FTP/SFTP protocol.
Nasuni Filer Administration Guide 8.0
164
Managing Data
Accessing Data - Folder and file access permissions in Windows -
Accessing Data
There are a variety of ways to access files and folders with Windows, Linux, and UNIX systems. This
section gives details on how to access data stored on the Nasuni Filer.
Folder and file access permissions in Windows
Special default permissions are applied to these folders and files:
•
.nasuni
•
.nasuni/sync_logs/
•
Files in .nasuni/sync_logs/
•
.nasuni/av_violations/
•
Files in .nasuni/av_violations/
•
.nasuni/file_alerts/
•
Files in .nasuni/file_alerts/
•
.nasuni/audit/
•
Files in .nasuni/audit/
Caution: Do not change the permissions on these folders or files unless it is absolutely
necessary. Use caution when changing any permissions. Incorrect permissions can
cause problems in access and processing.
In Windows, using Active Directory security, all users have Read permission for all files and all folders
under the topmost .nasuni folder. However, unless a user also has Read permission for the
topmost .nasuni folder, that user cannot access any of those files or folders under the
topmost .nasuni folder. By default, only a Filer Administrator has Read permission for the
topmost .nasuni folder. If a Filer Administrator wants to allow a user to view the files, the Filer
Administrator should change the permission on the topmost .nasuni folder for that user.
Tip: In Windows, if a folder gives permission to the group “Everyone”, unprivileged users
might not be able to access the folder. Instead, Nasuni recommends that you assign
users to another group that has the desired permission for the folder.
Tip: If you are using Active Directory authentication and your Nasuni Filer is joined to an
Active Directory server that has Windows Server 2012 domain controllers, and the
following conditions occur:
• The Windows Server 2012 domain controller has Resource SID compression enabled.
• The client accesses the Nasuni Filer CIFS volume by hostname.
• The user client is authenticating using access to the CIFS volume based on
membership in
a domain local group.
Then the user is denied access to the CIFS volume.
Nasuni Filer Administration Guide 8.0
165
Managing Data
Accessing Data - Folder and file access permissions in UNIX and Linux -
Folder and file access permissions in UNIX and Linux
In UNIX and Linux, the default permissions for certain folders and files are as follows:
Folder or file
Permissions
.nasuni/
500
.nasuni/sync_logs/
500
Files in .nasuni/sync_logs/
444
.nasuni/av_violations/
500
Files in .nasuni/av_violations/
444
.nasuni/file_alerts/
500
Files in .nasuni/file_alerts/
444
.nasuni/audit/
500
Files in .nasuni/audit/
444
If you change the permissions on any of these folders and files, the Nasuni Filer preserves your
changes. However, new files still receive the default permissions of 444. The owner of each folder can
delete files in that folder.
Nasuni Filer Administration Guide 8.0
166
Managing Data
Accessing Data - Accessing data using the FTP/SFTP protocol -
Accessing data using the FTP/SFTP protocol
If the FTP/SFTP protocol has been enabled for a volume, and FTP/SFTP directories have been added
to a volume, you can use FTP/SFTP commands and various applications to access that data.
Tip: Before adding data to a Nasuni Filer, it is a Best Practice to clean up historical and
orphaned SIDs. This can help prevent later difficulties with permissions. For more details,
see CIFS Permissions Best Practices.
Tip: In order to access data using the FTP/SFTP protocol, the following steps are necessary:
1. Create a CIFS or NFS volume. See “Adding a Volume” on page 51.
2. Enable the FTP protocol on the volume. See “Enabling multiple volume protocols” on
page 161.
3. (Optional) Configure FTP settings. See “Configuring FTP settings” on page 306.
4. Add a new FTP/SFTP directory. See “Adding FTP directories for a volume” on page 153.
5. (Optional) Create a permission group that has storage access. See “Adding Permission
Groups” on page 383.
6. (Optional) Create a user in a permission group that has storage access. See “Adding Users”
on page 389. Active Directory and LDAP users can log in for FTP access just as they do for
CIFS access. Also, if anonymous access is enabled, you don't need a specific group or user.
7. Access files using the FTP/SFTP protocol. See “Accessing data using the FTP/SFTP
protocol” on page 167.
To access data using FTP commands, use commands such as these:
1. Enter the following FTP command:
ftp <filer DNS | filer IP>
where <filer DNS | filer IP> is the DNS or IP address or hostname of the Nasuni
Filer.
2. When prompted, enter a valid username and password for that Nasuni Filer.
Note: This user must belong to a permission group that has Storage Access enabled.
See “Users and Groups” on page 380.
3. Navigate to the directory using a command of the form:
cd /<ftp_directory>/<folder_name>
where <ftp_directory> is the name of the FTP directory and <folder_name> is the
name of the folder that the FTP access is defined for.
Nasuni Filer Administration Guide 8.0
167
Managing Data
Accessing Data - Accessing data using the FTP/SFTP protocol -
Alternatively, follow these steps:
1. Enter the following on the address bar of your Web browser:
ftp://<user_name>@<filer>/<ftp_directory>/<folder_name>
where
<user_name> is the username of the user. This user must belong to a permission group
that has Storage Access enabled. See “Users and Groups” on page 380.
<filer> is the IP address or hostname of the Nasuni Filer.
<ftp_directory> is the name of the FTP directory.
<folder_name> is the name of the folder that FTP access is defined for.
Note: If you are not logging in anonymously, you still must specify a username in the URL,
such as ftp://username@ftp.server.hostname. This is true even if Anonymous
access is not enabled.
2. When prompted, enter a valid username and password for that Nasuni Filer.
Note: This user must belong to a permission group that has Storage Access enabled.
See “Users and Groups” on page 380.
3. A display of the FTP/SFTP directory appears. You can then navigate this directory to access
folders and files.
Nasuni Filer Administration Guide 8.0
168
Managing Data
Accessing Data - Mapping a Windows network drive to a CIFS share -
Mapping a Windows network drive to a CIFS share
You can map a Windows network drive to a CIFS share on the Nasuni Filer.
Note: You must have CIFS share privileges to access the folder on the Nasuni Filer and map
a network drive to it. See “Adding a New CIFS Share to a Volume” on page 125 and
“Editing a CIFS Share” on page 139 for more details.
Tip: If using the Windows “net use” command, ensure that the user name is expressed in
the form
/user:[DomainName\]UserName]
or
/user:[DottedDomainName\]UserName
For example:
net use r: \\1.1.1.1\Volume_HW_filer
/user:mydomain.mycompany.com\user_person password
Tip: Before adding data to a Nasuni Filer, it is a Best Practice to clean up historical and
orphaned SIDs. This can help prevent later difficulties with permissions. For more details,
see CIFS Permissions Best Practices.
To map a Windows network drive to a CIFS share:
1. In Windows, right-click My Computer.
2. Select Map Network Drive. The Map Network Drive dialog box appears.
Figure 7-2: Map Network Drive dialog box.
3. From the Drive drop-down list, select an available network drive letter to map the CIFS share to.
An unused network drive letter is automatically selected.
4. From the Folder drop-down list, select a shared folder on the Nasuni Filer.
Alternatively, in the Folder text box, enter the IP address or URL of a shared folder on the
Nasuni Filer. For example, \\10.1.10.97\files.
Alternatively, click Browse to navigate to the IP address or URL of a shared folder on the
Nasuni Filer. For example, \\10.1.10.97\files.
Nasuni Filer Administration Guide 8.0
169
Managing Data
Accessing Data - Accessing an iSCSI volume in Windows -
5. If prompted for a username and password, use a username that has data access permissions.
Tip: For some Windows platforms, it might be necessary to use <hostname>\
<username> instead of the username, where <hostname> is the IP address or
hostname of the Nasuni Filer.
6. Click Finish.
7. With Windows Explorer, select the network drive letter that you mapped. For example:
Figure 7-3: Sample mapped drives.
Tip: Alternatively, you can enter the path for the CIFS share folder or IP address in
Windows Explorer instead of using the Map Network Drive dialog box.
8. Open the drive, then drag and drop files that you want to send to the Nasuni Filer. You can now
open these files and do your work from this mapped drive. By default, snapshots of unshared
volumes are taken every hour (every 5 minutes for shared volumes) to provide you with a
backup of your work.
Accessing an iSCSI volume in Windows
You can access an iSCSI volume on your Nasuni Filer from Windows. To Windows, the iSCSI volume
appears as a hard drive.
Note: This procedure uses the Windows iSCSI Initiator application, which is available for
Windows 2000, Windows Server 2003, Windows 2008, Windows 7, and Windows XP.
Tip: Before adding data to a Nasuni Filer, it is a Best Practice to clean up historical and
orphaned SIDs. This can help prevent later difficulties with permissions. For more details,
see CIFS Permissions Best Practices.
To access an iSCSI volume in Windows, follow this procedure:
1. Select Start → Administrative Tools → iSCSI Initiator. The iSCSI Initiator opens.
2. Select the Targets tab.
3. In the Target text box, enter the IP address of the Nasuni Filer.
4. Click Quick Connect. The Quick Connect dialog box appears. If you are not using CHAP
authentication, the Nasuni Filer should appear in the Discovered targets list with the status
Connected. If you are using CHAP authentication, the Nasuni Filer should appear in the list with
the status Inactive.
5. Click Done. The Quick Connect dialog box closes.
6. If you are using CHAP authentication, follow these steps:
a. Select the Nasuni Filer in the Discovered targets list.
b. Click Connect. The Connect to Target dialog box opens.
Nasuni Filer Administration Guide 8.0
170
Managing Data Accessing Data - Accessing an iSCSI volume in Windows - Disconnecting from an iSCSI volume
c. Click Advanced. The Advanced Settings dialog box opens.
d. Select Enable CHAP log on.
e. In the Name text box, enter the CHAP username for this iSCSI volume. For details, see step c
of step 10 of “Adding a Volume” on page 51.
f.
In the Target secret text box, enter the CHAP password for this iSCSI volume. For details,
see step c of step 10 of “Adding a Volume” on page 51.
g. Click OK. The Advanced Settings dialog box closes.
h. Click OK. The Connect to Target dialog box closes. The Nasuni Filer should appear in the
list with the status Connected.
7. Click OK. This closes iSCSI Initiator. At this point, the iSCSI volume appears as a new hard
drive to Windows. It is now necessary to partition this new hard drive.
8. Select Start → Administrative Tools → Computer Management. The Computer
Management window opens.
9. Select Storage.
10. Select Disk Management. The Initialize Disk dialog box opens. The new hard drive appears in
the Select disks pane.
11. Select the new drive.
12. Select GPT (GUID Partition Table). Selecting this option permits sizes larger than 2 TB.
13. Click OK.
14. Right-click the drive and select New Simple Volume from the drop-down list. The New Simple
Volume Wizard opens. Click Next.
15. Specify the volume size on the new drive, then click Next.
16. Select a drive letter for the drive, then click Next. Note this drive letter to access the iSCSI
volume.
17. Enter a volume name, then click Next.
18. Select the file system from the File system drop-down list, then select Perform a quick
format, then click Next.
19. Click Finish. The new drive is configured as a Windows drive.
20. The status of the hard drive should be Healthy.
You can now access the iSCSI volume using the assigned Windows drive letter. In particular, you can
add data to the iSCSI volume using the Windows drive letter with Windows Explorer or with the
Windows command line interface.
Disconnecting from an iSCSI volume
Note: It is necessary to disconnect from iSCSI volumes before deleting the iSCSI volume.
To disconnect from an iSCSI volume, follow these steps:
Nasuni Filer Administration Guide 8.0
171
Managing Data Accessing Data - Accessing an iSCSI volume in Windows - Disconnecting from an iSCSI volume
1. Select Start → Administrative Tools → Computer Management. The Computer
Management window opens.
2. Select Storage.
3. Select Disk Management. The Initialize Disk dialog box opens. The hard drive appears in the
Select disks pane.
4. Right-click the drive and select Delete Volume from the drop-down list.
5. Click OK. The Computer Management window closes.
6. Select Start → Administrative Tools → iSCSI Initiator. The iSCSI Initiator opens.
7. Select the Targets tab.
8. In the Target list, select the target.
9. Click Disconnect. The status of the target should become Inactive. However, the target is
remembered, in case you want to reconnect to the iSCSI volume again.
To permanently remove the connection to the iSCSI volume, select the Discovery tab, then
select the target IP address and click Remove. This removes the target.
10. Click OK. The iSCSI Initiator closes.
Nasuni Filer Administration Guide 8.0
172
Managing Data Accessing Data - Mounting a CIFS share in Linux or UNIX - Disconnecting from an iSCSI volume
Mounting a CIFS share in Linux or UNIX
You can mount a CIFS share in Linux or UNIX using the mount.cifs command. There should not be
any issues between the CIFS character set and the Linux character set. In most cases, use
mount.cifs with the option iocharset=utf-8. CIFS volumes are case-insensitive by default, which
is not consistent with Linux.
Note: Even if case-sensitivity is not enabled, non-Windows clients such as Linux might still
treat the paths as case-sensitive. To ensure that paths are treated as case-insensitive,
mount CIFS shares using the nocase option, such as in this command:
mount -v -t cifs –o nocase,<options> <share IP address> /mnt/<folder>
Note: You must have CIFS share privileges to access the folder on the Nasuni Filer. See
“Adding a New CIFS Share to a Volume” on page 125 and “Editing a CIFS Share” on
page 139 for more details.
Note: Linux clients must connect to CIFS/SMB shares as users that have permission to that
share. If Active Directory is used, clients must log in as an Active Directory user. If
LDAP Directory Services are in use, then clients must log in as a user defined in LDAP;
Kerberos is also required. Linux clients can also log in as a Native User with Storage
Access enabled.
Tip: Keep in mind the default permissions for certain folders and files in UNIX and Linux. See
“Folder and file access permissions in UNIX and Linux” on page 166.
Tip: Before adding data to a Nasuni Filer, it is a Best Practice to clean up historical and
orphaned SIDs. This can help prevent later difficulties with permissions. For more details,
see CIFS Permissions Best Practices.
Tip: If global locking is enabled for a CIFS volume, creating hard links is not currently
supported on Mac OS or Linux clients connected via CIFS.
To mount a CIFS share, enter the following command:
mount -t cifs -o iocharset=utf-8, user=<username>,
domain=<domain-shortname> //<filername>/<sharename> /<localdir>
where:
•
username is the username to connect as.
•
domain-shortname is the shortname (not the fully qualified domain name) of the
domain.
•
filername is the name or the IP address of the Nasuni Filer.
•
sharename is the name of the CIFS share on the Nasuni Filer.
•
localdir is the name of the local Linux directory.
The result of the mount command is to mount the CIFS share in the local directory. Users can then add
data to the CIFS volume using copy commands.
Tip: You can place the mount command in a script that runs on login and mounts the CIFS
share automatically.
Nasuni Filer Administration Guide 8.0
173
Managing Data Accessing Data - Mounting a CIFS share in Linux or UNIX - Disconnecting from an iSCSI volume
To disconnect from the CIFS share, use the unmount command.
Nasuni Filer Administration Guide 8.0
174
Managing DataAccessing Data - Defining NFS datastores using VMware client - Disconnecting from an iSCSI vol-
Defining NFS datastores using VMware client
You can use a VMware client, such as the VMware vSphere Client, to define NFS datastores.
To define NFS datastores using a VMware client, follow these steps:
1. On the VMware client, select the host from the list.
2. Select the Configuration tab, then select Storage from the list on the left.
3. In the Datastores area, click Add Storage. The Add Storage dialog box appears.
4. In the Storage Type area, select Network File System, then click Next.
5. In the Properties area, in the Server text box, enter the IP address of the Nasuni Filer.
6. In the Properties area, in the Folder text box, enter the following:
/nfs/<name of NFS volume or NFS export>
where <name of NFS volume or NFS export> is the case-sensitive name of either the
NFS volume or the NFS export.
Figure 7-4: Folder text box.
7. In the Datastore Name text box, enter the name that you want to give to this datastore.
8. Click Next, then review the information and click Finish.
The datastore appears in the Datastores list.
Nasuni Filer Administration Guide 8.0
175
Managing Data Accessing Data - Mounting an NFS export in Linux or UNIX - Disconnecting from an iSCSI volume
Mounting an NFS export in Linux or UNIX
You can mount an NFS export in Linux or UNIX using the mount command.
Note: You must have export privileges to access the folder on the Nasuni Filer. See “Adding
an NFS Export to a Volume” on page 143 and “Editing an NFS Export” on page 146 for
more details.
Tip: Keep in mind the default permissions for certain folders and files in UNIX and Linux. See
“Folder and file access permissions in UNIX and Linux” on page 166.
To mount an NFS export in Linux or UNIX, enter the following command:
mount -t nfs <IP address>:/nfs/<exportname> <target>
where:
•
IP address is the name or the IP address of the Nasuni Filer.
•
exportname is the name of the NFS export on the Nasuni Filer.
•
target is the name of the local directory.
Note: The default options for the mount command should work. However, if this does not
work, use this version with explicit options:
mount -o tcp,nfsvers=3,timeo=600,rsize=16384,wsize=16384,hard
This version of the mount command includes these explicit options:
•
TCP.
•
10-minute timeout.
•
Read and write sizes of 16 KB.
•
Hard mount (soft mounts can corrupt data).
These values of rsize and wsize are recommended, but we recommend that you tune them
for your system.
The result of the mount command is to mount the NFS export in the target directory. Users can then
add data to the NFS volume using copy commands.
Tip: You can place the mount command in a script that runs on login and mounts the NFS
export automatically.
Tip: Depending on the specific operating system, performing the mount might also create a
graphical icon of the NFS export that enables drag and drop and other GUI actions.
To disconnect from the NFS export, use the unmount command.
Nasuni Filer Administration Guide 8.0
176
Managing Data
Accessing Data - Web Access - Disconnecting from an iSCSI volume
Web Access
Using Nasuni Web Access, you can access CIFS share data or NFS export data stored in the Nasuni
Filer using a Web browser. Some of the actions you can perform depend on the capabilities of the Web
browser.
Note: To access data in an NFS export, you must enable the CIFS protocol for the NFS
volume. See “Multiple Volume Protocols” on page 160.
Note: You must enable Web Access for the CIFS share that you want to access. For details,
see “Adding a New CIFS Share to a Volume” on page 125 or “Editing a CIFS Share” on
page 139. Web Access is not available with LDAP Directory Services security.
Tip: The user must have Active Directory or Storage Access permissions. See “Users and
Groups” on page 380.
The URL of the Web Access page is similar to the URL of the Nasuni Filer user interface. For example,
if you use this URL to access your Nasuni Filer user interface:
https://yourfiler.example.com:8443/
then the URL of the Web Access page is:
https://yourfiler.example.com:443/
After you log in, the Nasuni Web Access page appears.
Figure 7-5: Nasuni Web Access page.
The Nasuni Web Access page shows a list of the CIFS shares available on this Nasuni Filer.
Tip: You can change the logo and the primary and secondary colors of the Web Access
display for branding purposes. See “Web Access Branding” on page 397.
Nasuni Filer Administration Guide 8.0
177
Managing Data
Accessing Data - Web Access - Opening a CIFS share or directory
Opening a CIFS share or directory
To open a CIFS share or directory, click the name of that CIFS share or directory. The contents appear
as a list.
Figure 7-6: Contents of directory.
The path to the directory appears above the list on the left. To navigate to a higher point in the directory
hierarchy, click one of the directory names in the path.
Sorting directory
To sort the display, click the Sort button
Modified from the list.
in the upper right, then select Type, Name, Size, or
Uploading file
Tip: Before adding data to a Nasuni Filer, it is a Best Practice to clean up historical and
orphaned SIDs. This can help prevent later difficulties with permissions. For more details,
see CIFS Permissions Best Practices.
To upload a file to this directory, click the Upload files button
Upload Files dialog box appears.
above the list on the right. The
Figure 7-7: Upload Files dialog box.
To navigate to the files to upload, click Choose Files. Alternatively, drag and drop the selected files
onto the drag and drop area.
Nasuni Filer Administration Guide 8.0
178
Managing Data
Accessing Data - Web Access - Downloading files and folders
Tip: If a file already exists with the same name as the file you are uploading, you are asked to
confirm overwriting the existing file. Alternatively, click Done.
Downloading files and folders
To download a file, several files, or a folder, first select the items to download. You can click on a single
item to select it, or Ctrl-click on multiple items to select them all. The Download icon appears in the
upper row.
Figure 7-8: Download icon.
When you have selected all the items to download, click the Download button. Your Web browser then
downloads the items as it has been configured. If you download multiple files or a folder, the result is a
.zip file.
Tip: The largest file that can be downloaded using Web Access is 2 GB.
Tip: You can download at most 2,000 files at a time.
Creating folders
To create a folder inside this folder, click the Add Folder button
name for the new folder.
above the list on the right. Enter a
Creating internal links to files or folders
To create an internal link URL to a file or folder in Web Access, select the file or folder, then click the
above the list on the right. The Share Internal Link dialog box appears.
Get internal link button
Figure 7-9: Share Internal Link dialog box.
You can copy the text of the internal link URL for use elsewhere. The link opens an instance of Web
Access and displays the linked object.
Tip: You cannot create an internal link to folders created by using the "%U" wildcard in the
CIFS share name.
Shared Links
A shared link is a URL that points to a specific file or folder within Web Access. This can be useful for
providing a trusted partner or contractor with access to a folder or file that they do not have credentials
to access directly.
Nasuni Filer Administration Guide 8.0
179
Managing Data
Accessing Data - Web Access - Shared Links
Shared links are only available for CIFS shares.
Tip: After a recovery, if any of the original source Nasuni Filer’s CIFS shares had Shared
Links defined, these links must be regenerated. Use Web Access to view links that must
be regenerated, and regenerate them.
You can control how long until the shared link expires, whether a password is required, and who is
allowed to create shared links. All access through shared links is audited, if auditing is enabled for the
volume. See “File System Auditing” on page 82.
To create shared links, Shared Links must be enabled for the CIFS share, and the user must have
permission. See “Web Access Settings” on page 134.
To create a shared link to a folder or file, select the item, then click the Share public link button
above the list on the right. If the button does not appear, either Shared Links is not enabled for the CIFS
share, or the user does not have permission. See “Web Access Settings” on page 134.
The Share Public Link dialog box appears.
Figure 7-10: Share Public Link dialog box.
Nasuni Filer Administration Guide 8.0
180
Managing Data
Accessing Data - Web Access - Shared Links
Click On, then select an expiration date and the type of access. If a password is required, enter the
password for this item. Click Create. The Share Public Link dialog box appears, displaying the shared
link URL.
Figure 7-11: Share Public Link dialog box with shared link URL.
You can copy the text of the link URL for use elsewhere. The link opens an instance of Web Access and
displays the linked object. The link works only until the specified expiration date. If a password is
required, the password must be entered to access the linked object.
You can change the shared link for an item by selecting the item with the shared link and clicking the
above the list on the right. The Share Public Link dialog box appears.
Share public link button
Figure 7-12: Share Public Link dialog box.
Nasuni Filer Administration Guide 8.0
181
Managing Data
Accessing Data - Web Access - Opening or previewing file
To view the shared link URL again, click Regenerate.
You can toggle the shared link On or Off.
You can select an expiration date and the type of access.
If a password is required, you can enter the password for this item.
Click Update. The Share Public Link dialog box appears, displaying the shared link URL.
Tip: After a recovery, if any of the original source Nasuni Filer’s CIFS shares had Shared
Links defined, these links must be regenerated. Use Web Access to view links that must
be regenerated, and regenerate them.
Opening or previewing file
To access a file, click the file name. If the file is of a format that the browser can handle, a preview of the
file opens in the browser. Supported file types include images, PDFs, documents (including text,
Microsoft Word, Open Office, rich text format), presentations (including Microsoft PowerPoint and
Open Office), spreadsheets (including Microsoft Excel, Open Office, and .csv), video (including .mp4
and .mov), and audio (including .mp3 and .wav).
Note: Streaming video does not work with self-signed certificates. To add a new certificate,
see “SSL Server and Client Certificates” on page 362.
Note: The document preview feature of Nasuni Web Access requires a minimum of 8 GiB
and version OS7 of the Nasuni Filer base operating system.
Note: The maximum file size for preview is 250 MB.
Previews appear in a separate display box. When the preview box appears, you can navigate to the
next and previous files in the folder using right and left arrows.
Audio and video previews include controls to start, pause, mute, unmute, adjust volume, and display
fullscreen.
You can scroll forwards and backwards through multipage documents using your mouse scroll
function.
If the file is of a format that the browser does not recognize, you are offered the option of downloading
the file.
If the display takes a while to present, a message appears offering you the option of downloading the
file. If the display takes longer than 20 seconds to appear, a message appears offering you the option
of downloading the file.
Viewing details
To view details of an item, select the item, then click the View Details button
the page.
Nasuni Filer Administration Guide 8.0
at the upper right of
182
Managing Data
Accessing Data - Web Access - Viewing details
If the item is a directory, the Directory Info pane appears.
Figure 7-13: Directory Info pane.
The name of the directory appears, as well as the date last modified and an indication of whether the
directory is shared.
To view other versions of the directory, if available, click Versions. A list of available versions appears.
Figure 7-14: Directory Info Versions pane.
To open a previous version of the selected directory, click a version in the list. That version of the
directory is selected. To exit from the selected version, click “X” at the top of the page.
If the item is a file, the File Info pane appears.
Figure 7-15: File Info pane.
The name of the file appears, as well as the date last modified, the size, and an indication of whether
the file is shared.
Note: Nasuni’s display of size might differ from other indications of size, such as Windows
Explorer and other utilities. Typically, such utilities display only the size of the data
currently present in the local cache, while Nasuni displays the full size, regardless of
where the data is.
To view other versions of the file, if available, click Versions. A list of available versions appears. To
open a previous version of the selected file, click a version in the list. That version of the file is selected.
To exit from the selected version, click “X” at the top of the page.
Nasuni Filer Administration Guide 8.0
183
Managing Data
Accessing Data - Web Access - Deleting file or empty directory
Deleting file or empty directory
To delete a file or empty directory, select the item, then click the Delete button
dialog box appears. Click Delete to delete the item.
in the upper right. A
Note: The directory must be empty before you delete it.
Showing hidden files
To show hidden files, click the Settings button
files, select Yes, then click Save.
on the left. A dialog box appears. To show hidden
Nasuni Filer user interface
To go to the Nasuni Filer user interface, click the user name in the top right corner, then select Filer
Admin Access from the drop-down list.
Logging out
To logout from this page, click the user name in the top right corner, then select Logout from the dropdown list.
Nasuni Corporate Web Site
To visit the Nasuni corporate Web site, click the user name in the top right corner, then select Visit
Nasuni.com from the drop-down list.
Nasuni Filer Administration Guide 8.0
184
Managing Data Accessing Data - Nasuni Mobile Access - Providing Access to the Nasuni Mobile Access Applica-
Nasuni Mobile Access
You can access data stored in the Nasuni Filer using mobile devices, including iOS-based devices
(such as iPhone and iPad) and Android phones. Nasuni Mobile Access is available for volumes on
which the CIFS protocol has been enabled, but not for NFS-only or iSCSI-only volumes. You must
enable Nasuni Mobile Access for a CIFS share in order to access its folders and files from mobile
devices. For details, see step r of “Adding a New CIFS Share to a Volume” on page 125, or “Editing a
CIFS Share” on page 139. In addition, the mobile device must be enabled, as described in “Mobile
Access: Managing access by mobile devices” on page 275.
Tip: To enable mobile access to a CIFS share for some users, but not all users, create a
second CIFS share to the same data as the original CIFS share. Then enable mobile
access to the second CIFS share and permit only those specific users to have access to
the second CIFS share.
You must download and install the appropriate Nasuni Mobile Access application for your platform.
See “Nasuni Sync and Mobile Access” on page 273.
Providing Access to the Nasuni Mobile Access Application to Users
The Nasuni Mobile application needs the following information to access your Nasuni Filers: host
address, port number, and user credentials. The administrator has several options for providing this
information to configure the Nasuni Mobile application for users. Several of these methods simplify
login, so that the user does not need to know the host or port.
Configuring DNS to Simplify User Login
The administrator can configure the company DNS server to simplify user login to your Nasuni Filers. A
properly configured DNS includes the host and port necessary for Mobile Access. When the user enters
their company email address and password into the Nasuni Mobile Access application, the application
retrieves the host and port from the DNS to simplify the login. As a result, the user only needs to enter
their company email address and password, instead of entering their username, password, host, and
port.
See “Logging in to the Nasuni Mobile Access application” on page 186.
For more information on configuring DNS, see “Mobile Access: Configuring DNS to Simplify User
Login” on page 277.
Providing Link to Users
The administrator can also create a link to share access information for your Nasuni Filers. This link can
include the hostname or IP address, the port number, and the username. The administrator can then
email this link to users to simplify the process of connecting them to Mobile Access. The link has this
form:
https://<hostname>:<portnumber>/fs/mobile/config?username=<username>
Since the username is optional, the link might also have this form:
https://<hostname>:<portnumber>/fs/mobile/config
Opening this link on the mobile device launches the Nasuni Mobile Access application, and fills in
information necessary to log in to the Nasuni Filer.
Nasuni Filer Administration Guide 8.0
185
Managing Data
Accessing Data - Nasuni Mobile Access - Providing Hostname and Port to Users
The user can then log in to the Nasuni Mobile Access application using Active Directory credentials,
which might include the domain, and their username and password.
For more information on creating an invitation link, see “Mobile Access: Creating an invitation link” on
page 276.
Providing Hostname and Port to Users
If the administrator has not configured the company DNS server to simplify user login to your Nasuni
Filers, the administrator can, alternatively, directly provide the hostname or IP address of the Nasuni
Filer, along with the port. If VPN access is required for your mobile deployment, then the hostname
should be the internal hostname or IP address and the port should be 443. If direct external access is
allowed for mobile devices, then the administrator should provide the external hostname or IP address
and port that has been configured. Those should use network address translation (NAT) to re-direct to
the internal hostname or IP address and the port 443, or another port that the Administrator has set up
for Mobile Access.
Logging in to the Nasuni Mobile Access application
If the administrator has configured the company DNS server to simplify user login to your Nasuni
Filers, the login screen looks like this.
Figure 7-16: Initial Login screen.
You must enter your company email address and password. If available, the host and port are retrieved
from DNS.
If multiple sites are defined, you can select a site from a list:
Figure 7-17: Initial Login screen when DNS configured for multiple sites.
Nasuni Filer Administration Guide 8.0
186
Managing Data
Accessing Data - Nasuni Mobile Access - Logging in to the Nasuni Mobile Access application
If the administrator has not configured the company DNS server to simplify user login to your
Nasuni Filers, but you have used the administrator-created link containing the host and port, the
login screen looks like this.
Figure 7-18: Login screen when using link.
You must enter Active Directory credentials, which might include the domain, and username and
password. The host and port are provided.
If the administrator has not configured the company DNS server to simplify user login to your
Nasuni Filers, and you have not employed the administrator-created link containing the host and
port, the Advanced check box appears. Select the Advanced check box, and the login screen looks
like this.
Figure 7-19: Login screen when entering host, port, and credentials.
You then log in to the Nasuni Mobile Access application using your Active Directory credentials.
Credentials include the domain, username, and password. The domain is optional, depending upon
how Active Directory is configured.
Nasuni Filer Administration Guide 8.0
187
Managing Data
Accessing Data - Nasuni Mobile Access - Using the Nasuni Mobile Access application
Using the Nasuni Mobile Access application
See www.nasuni.com/support/documentation for a worksheet for planning Nasuni Mobile Access
configurations.
This section presents some of the actions that you can perform using mobile devices. Some of the
actions available depend on which mobile platform you are using.
Tip: The figures show images from an Android tablet. The screens might appear different on
other mobile platforms.
After you log in to the Nasuni Mobile Access application, a list of the CIFS shares available on this
Nasuni Filer appears.
Figure 7-20: Shares available on mobile device.
Nasuni Filer Administration Guide 8.0
188
Managing Data
Accessing Data - Folder-Level Tasks - Opening a CIFS share or folder
Folder-Level Tasks
Opening a CIFS share or folder
To open a CIFS share or folder, tap the name of that CIFS share or folder. The contents appear as a list.
Figure 7-21: List of folders.
To sort the display, tap the Sort icon
following:
at the top right. From the drop-down list, select one of the

Name: To sort the list by name of the item.

Modified Time: To sort the list by the time the item was last modified.

Type: To sort the list by type of item.
Tip: For iOS, the same sort options appear at the top of the list of folders and files.
Nasuni Filer Administration Guide 8.0
189
Managing Data
Accessing Data - File Operations - Navigating folder hierarchy
Navigating folder hierarchy
To navigate to a higher point in the folder hierarchy, tap the upward-facing arrow button at the top left.
Tip: For iOS, tap the leftward-facing arrow button at the top left.
Manually entering paths
To manually enter a path to a file or folder, tap the three-dot icon in the upper right corner. A drop-down
menu appears.
Figure 7-22: Drop-down menu.
Tap Go to. The “Go to Path” dialog box appears. Enter the path, then tap Browse. The specified path
opens.
File Operations
Viewing details about a file
To view information about a file, tap the drop-down icon
pane appears.
beside its name. The drop-down menu
Figure 7-23: Drop-down menu pane.
Nasuni Filer Administration Guide 8.0
190
Managing Data
Accessing Data - File Operations - Viewing details about a file
Tap Details. A page appears showing information including the name, size, and date modified.
Figure 7-24: File information.
Note: Nasuni’s display of size might differ from other indications of size, such as Windows
Explorer and other utilities. Typically, such utilities display only the size of the data
currently present in the local cache, while Nasuni displays the full size, regardless of
where the data is.
Note: For iOS, if a file is in the cache, a symbol appears next to the file name.
Figure 7-25: Symbol indicating file in cache.
Buttons are available to perform the following operations:
•
View File, if the mobile device can handle the file format. Otherwise, Download the file. See
“Opening a file” on page 192.
•
Versions: view any available previous versions of the file. See “Viewing and restoring previous
versions of a file” on page 193.
Nasuni Filer Administration Guide 8.0
191
Managing Data
•
Accessing Data - File Operations - Opening a file
Share: Sharing the file as either an attachment or a link. See “Sharing a file as an attachment”
on page 196 and “Sharing a file as a link” on page 197.
Tip: For iOS, tap the share icon at the top right.
•
Favorite: To tag a file as a favorite. See “Tagging a file or folder as favorite” on page 199.
Tip: For iOS, tap the star icon above the file name.
•
Open with: To select an app to open a file with. See “Opening a file with a specific app” on
page 194.
Tip: For iOS, tap the share icon at the top right.
Opening a file
To open a file, tap the file name. If the file is of a format that the mobile device can handle (such as
graphics, text, or PDF), a preview of the file opens. (On some mobile platforms, a new display opens on
which you can choose an action.)
Figure 7-26: Open file preview.
To see a full-screen version of the file, tap the arrow at the upper left of the preview pane.
Figure 7-27: Open PDF file.
You can perform additional actions by tapping the three-dot icon in the upper right corner. For some
file formats, such as videos, this icon might not be available.
If the file is an image file, such as a .JPG or .PNG file, among other image files, you can move from one
image to the next in a folder by swiping left or swiping right.
Nasuni Filer Administration Guide 8.0
192
Managing Data
Accessing Data - File Operations - Viewing and restoring previous versions of a file
Viewing and restoring previous versions of a file
To view any available previous versions of the file, tap the drop-down icon
beside its name, then
tap Versions. If any previous versions of the file are available, they appear in a list.
Figure 7-28: Versions of file.
The different versions include the file name, file size, and file date and time.
Note: Nasuni’s display of size might differ from other indications of size, such as Windows
Explorer and other utilities. Typically, such utilities display only the size of the data
currently present in the local cache, while Nasuni displays the full size, regardless of
where the data is.
To view one of the previous versions, tap the file name.
To view a menu of other available actions for a previous version, tap the drop-down icon
name.
beside its
Figure 7-29: Available actions for versions of file.
To view details of a previous version, tap Details.
To open a previous version with a specific app, tap Open with and select the app from the list. The file
opens in the selected app.
To replace the current version of the file with the selected previous version, tap Restore. To verify that
you want to restore the selected previous version as the current version, tap Restore. The selected
previous version of the file becomes the current version.
Nasuni Filer Administration Guide 8.0
193
Managing Data
Accessing Data - File Access - Opening a file with a specific app
File Access
Opening a file with a specific app
To select an app to open a file with, tap the drop-down icon
A list of apps appears that can open the file on the device.
beside its name, then tap “Open with”.
Figure 7-30: Apps that can open file on device.
Tip: For iOS, tap the share icon at the top right.
Select an app from the list. To always open similar files with the selected app, click Always. Otherwise,
click “Just once”. The file opens in the selected app.
Accessing files directly from apps
On Android platforms, apps can directly open files on the Nasuni Filer. You must first log in to the
Nasuni Mobile Access application.
To open a file on the Nasuni Filer from within the app, perform the usual File Open procedure for that
app. Select Browse. A list of file sources appears.
Figure 7-31: Sources for files on device.
Select Nasuni from the list. The Nasuni app displays available files on the Nasuni Filer. Navigate to the
file you want. When done with the file in the app, perform the usual File Save procedure. The file is
saved to the Nasuni Filer.
On both iOS and Android platforms, apps can directly save files on the Nasuni Filer. You must first log
in to the Nasuni Mobile Access application.
Nasuni Filer Administration Guide 8.0
194
Managing Data
Accessing Data - File Access - Uploading a file
To create a new file on the Nasuni Filer within the app, perform the usual New File procedure for that
app. When done with the file in the app, perform the usual File Save As procedure. Select Browse or
Share. A list of available destinations, including the Nasuni Filer, appears.
Figure 7-32: Destinations for file on device.
Select Nasuni from the list. The Nasuni app displays the Nasuni Filer. Navigate to the folder where you
want to save the new file. The file is saved to the Nasuni Filer.
Uploading a file
Tip: Before adding data to a Nasuni Filer, it is a Best Practice to clean up historical and
orphaned SIDs. This can help prevent later difficulties with permissions. For more details,
see CIFS Permissions Best Practices.
To upload a file to a folder on the Nasuni Filer, navigate to the destination folder, then tap the Upload
icon at the bottom of the display.
Figure 7-33: Upload icon.
Tip: For iOS, tap the three-dot icon at the top right, then tap “Upload File”.
A menu appears with several choices of the kind of item to upload.
Figure 7-34: Upload list.
Nasuni Filer Administration Guide 8.0
195
Managing Data
Accessing Data - File Access - Sharing a file as an attachment
Select the type of item from the list. A list appears of folders and available files for that type of item on
the device. Navigate to the file to upload, then select it. Tap OK.
Note: For iOS, when uploading multiple files, the limit is 25.
Sharing a file as an attachment
To share the file as an attachment, such as an attachment to an email, tap the drop-down icon
beside its name. The drop-down pane appears showing available actions, including Share, Favorite,
Details, Versions, Open with, and Delete.
Figure 7-35: Drop-down pane.
Tap Share, then tap Attachment.
Tip: For iOS, tap the share icon at the top right.
Then tap “Email File” or “Email Link”.
A window appears with a list of available apps that can share this file as an attachment.
Figure 7-36: Apps that can share file as attachment.
Select the app from the list, then follow instructions for that app.
Nasuni Filer Administration Guide 8.0
196
Managing Data
Accessing Data - File Access - Sharing a file as a link
Sharing a file as a link
To share a link to the file, tap the drop-down icon
Internal Link.
beside its name, then tap Share, then tap
Tip: For iOS, tap the share icon at the top right.
Then tap “Email Link” or “Copy Link”.
Tip: You cannot create an internal link to folders created by using the "%U" wildcard in the
CIFS share name.
A window appears with a list of available apps that can share a link to this file. Select the app from the
list, then follow instructions for that app.
Tip: Users should use a Web browser to open shared links.
Tip: After a recovery, if any of the original source Nasuni Filer’s CIFS shares had Shared
Links defined, these links must be regenerated. Use Web Access to view links that must
be regenerated, and regenerate them.
To Edit or Update a link, tap the link, then tap Edit or Update.
Figure 7-37: Update shared link.
You can change the expiration date, the password, and other features of the link. To retain the same
link with the new features, tap Update.
Nasuni Filer Administration Guide 8.0
197
Managing Data
Accessing Data - Folder-Level Operations - Creating a folder
To create a new link with the new features, and make the existing link invalid, tap Regenerate.
Figure 7-38: Regenerate shared link.
To remove a link on Android platforms, tap Remove.
Figure 7-39: Remove shared link.
To remove a link on iOS platforms, turn off “Share via a public link”, then tap Delete.
Folder-Level Operations
Creating a folder
To create a folder, navigate to the folder in which to create the new folder. In the upper right corner, tap
the three-dot icon, then tap New Folder. The “Enter a directory name” dialog box appears.
Figure 7-40: “Enter a directory name” dialog box.
Enter a name for the new folder, then tap OK. A new folder is created.
Nasuni Filer Administration Guide 8.0
198
Managing Data
Accessing Data - Folder-Level Operations - Tagging a file or folder as favorite
Tagging a file or folder as favorite
To tag a file or folder as a favorite, tap the drop-down icon
beside its name, then tap the star icon
. Favorite files and folders remain on the device for off-line access.
Tip: For iOS, tap the star icon above the file name.
Note: The files and folders within a favorite folder are not automatically also Favorites. You
must tag each item as a favorite separately.
Viewing favorite files or folders
Favorite files remain on the device for off-line access.
To view favorite files or folders, tap the menu icon in the upper left, then select Favorites.
Tip: For iOS, tap the star icon at the bottom of the display.
A list of favorite files and folders appears. Favorite files remain on the device for off-line access.
Figure 7-41: Favorites list.
Note: The files and folders within a favorite folder are not automatically also Favorites. You
must tag each item as a favorite separately.
Searching for file names
To search for file names in a folder, navigate to the folder, then tap in the Search area at the top of the
screen.
Figure 7-42: Search area.
Nasuni Filer Administration Guide 8.0
199
Managing Data
Accessing Data - Administrative Operations - Deleting a file or empty folder
Enter text in the Search area. Any files in the folder that contain the text appear in a list with the search
text highlighted.
Figure 7-43: Search list.
Tip: The search does not include any subfolders of the selected folder.
Deleting a file or empty folder
To delete a file or an empty folder, tap the drop-down icon
beside its name, then tap Delete.
Tip: For iOS, tap the three-dot icon at the top right, then tap Delete. Select files or folders to
delete.
A message appears, verifying that you want to delete the file. Tap Delete.
Administrative Operations
Settings
To access the app settings, tap the menu icon at the top left (for iOS, bottom right), then select
Settings. The Settings page appears.
Figure 7-44: Settings page.
Nasuni Filer Administration Guide 8.0
200
Managing Data
Accessing Data - Administrative Operations - Logging out
On the Settings page, you can view the User name, Host name, and Company Name for the
currently logged in user. You can also view the Favorites size and App version. You can also view
information About Nasuni Mobile.
To specify that you stay logged in even when the Nasuni Mobile Access application is not running,
select “Stay Logged In”.
If you have selected “Stay Logged In”: To use a passcode instead of the full credentials when
logging in, select “Use Security Passcode”. Enter the passcode, then verify the passcode. You
can then use this passcode when logging in.
To specify that you be warned before attempting to download data when not on a Wi-Fi connection,
select “Warn before downloading when not on a Wi-Fi connection”.
To send feedback to Nasuni, tap Send Feedback, then use the appropriate app to send a message.
Logging out
To log out from the Nasuni Mobile Access application, tap the three-dot icon at the top right of the
display, then tap Log Out. A dialog appears warning you that logging out removes all saved data from
the device. To continue anyway, tap Remove Data. Otherwise, tap Cancel.
Nasuni Filer Administration Guide 8.0
201
Managing Data
Accessing Data - Nasuni Desktop Client - Installation
Nasuni Desktop Client
Nasuni combines the best features of consumer file-sharing applications with the secure and robust
storage infrastructure that enterprises demand. The Nasuni Desktop Client provides an easy-to-use,
enterprise-friendly service for accessing enterprise data. The Nasuni Desktop Client consists of a
simple interface to the Nasuni Filer on the user’s computer.
The Nasuni Desktop Client is available for the following platforms.
Operating System
x86
x86 64
Windows 7
Yes
Yes
Windows 8.1
Yes
Yes
Windows 10
Yes
Yes
Windows Server 2008
Yes
Windows Server 2012
Yes
OS X Mavericks 10.9
Yes
OS X Yosemite 10.10
Yes
OS X El Capitan 10.11
Yes
Installation
The Nasuni Desktop Client requires a separate installation and configuration on each end user’s
computer. For more details, see the Nasuni Desktop Client Administrator Guide and the Nasuni Desktop
Client User Guide.
Configuration
You can configure many features of the Nasuni Desktop Client, including the following:
•
Filer name or IP address, and port.
•
Username for the Nasuni Filer.
•
Password for the Username of the Nasuni Filer.
•
Proxy, including proxy type, proxy server and port, and password.
•
Source CIFS share or subdirectory on the Nasuni Filer.
•
Target directory on your local computer.
Nasuni Filer Administration Guide 8.0
202
Managing Data
Accessing Data - Nasuni Desktop Client - Preferences
Preferences
You can also specify preferences about the processing of the Nasuni Desktop Client, including the
following:
•
Exclude any files or directories by name, using wildcards and regular expressions.
•
Time between each attempted synchronization between the Desktop Client and the Nasuni
Filer.
•
Direction of data flow between the Nasuni Desktop Client and the Nasuni Filer, including BiDirectional, Only Filer to Client, and Only Client to Filer.
•
Upload of smaller files to the Nasuni Filer before the expiration of the Sync Frequency.
Nasuni Desktop Client controls
You can perform a number of actions using the Nasuni Desktop Client controls menu.
Creating a new connection to a Nasuni Filer
You can create a new connection to a Nasuni Filer.
Managing existing connections to Nasuni Filers
You can manage existing connections to Nasuni Filers.
Changing preferences
You can change preferences, including the following:
•
Maximum size of the log file in MB.
•
Level of logging.
•
Maximum bandwidth to use to upload data to the Nasuni Filer and to download data from the
Nasuni Filer.
Updating the connection to the Nasuni Filer
You can update the connection to the Nasuni Filer.
Viewing revision information of the Nasuni Desktop Client
You can view the revision information of the Nasuni Desktop Client.
Stopping the Nasuni Desktop Client
You can stop the Nasuni Desktop Client.
Nasuni Web page
You can open the Nasuni Web page.
Latest synced files
You can view a list of the last 5 synced files.
Nasuni Filer Administration Guide 8.0
203
Managing Data
Accessing Data - Nasuni Desktop Client - Using files or folders from the Nasuni Filer
Using files or folders from the Nasuni Filer
You select a source share on the Nasuni Filer. Any files or folders in that source share are available in
the target directory you select. Within the target directory, navigate to the files or folders you want to
use. You can perform actions on any of these files or folders, including opening, copying, and deleting.
Note: The specific results of some actions depend on the Connection Direction.
Adding files or folders to the Nasuni Filer
Any files or folders that you add to the target directory that you select are automatically transferred to
the source share on the Nasuni Filer that you selected.
Tip: Before adding data to a Nasuni Filer, it is a Best Practice to clean up historical and
orphaned SIDs. This can help prevent later difficulties with permissions. For more details,
see CIFS Permissions Best Practices.
Note: The specific results of actions depend on the Connection Direction.
Warning: If a file changes on the Nasuni Desktop Client and synchronizes with the
Nasuni Filer, the Client version of the file overwrites the Filer version of the file
if it already exists. To recover an earlier version of the file, use Filer Versions.
Warning: When considering synchronizing data in existing folders, especially when the
folders already contain data, verify that you want them synchronized. If you
want the data to be separate, creating another directory or share that is not
synchronized might be preferable.
Copy files or folders from any source. Navigate to the target directory you selected. Within the target
directory, navigate to the folder where you want to add files or folders. Paste the files or folders into the
folder within the target directory.
You can verify that any added files or folders are present on the Nasuni Filer by using the File Browser
feature of the Nasuni Filer user interface or the Nasuni Management Console user interface.
Nasuni Filer Administration Guide 8.0
204
Chapter 8: Remote Access Overview
Remote access allows one or more Nasuni Filers to connect, using Nasuni, to a volume associated with
another Nasuni Filer. Using remote access, your remote locations (registered under the same
Nasuni.com account) can connect and collaborate on the same global file system.
Remote access requires a “volume owner” who oversees:
•
Configuring a snapshot retention policy.
•
Managing volume encryption keys.
•
Managing volume access at other locations.
Enabling Remote Access
To share a volume with other Nasuni Filers associated with your Nasuni.com account, you first must
enable remote access on the volume. See “Remote Access” on page 102.
Tip: Perform any necessary data migrations to the volume before enabling Remote Access.
Otherwise, data migration processing can impact the synchronization of remote
volumes. See “Data Migration” on page 238.
Viewing Remote and Local Volume Connections
To view information about all available remote and local Nasuni Filer connections, you use the Volumes
page.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
For details on viewing remote and local volume connections, see “Viewing Local and Remote Volume
Information” on page 46 and “Viewing Volume Properties” on page 62.
Nasuni Filer Administration Guide 8.0
205
Remote Access Overview
Connecting to a Remote Volume
Connecting to a Remote Volume
For details on connecting to a remote volume, see “Connecting to a Remote Volume” on page 58.
Note: The Nasuni Filer must be running version 6.0 or later software in order to connect to a
remote volume that has multiple protocols defined (including CIFS, NFS, and FTP).
Configuring a Sync Schedule
You can set the schedule by which a volume synchronizes data from Nasuni’s data service. This
merges local data with new or changed data from other Nasuni Filers connected to the same volume.
You can control how often changes are synchronized from cloud storage. Remote volumes inherit their
initial schedules from the master volume the first time the connection is made. For details on the
process of configuring a sync schedule, see “Sync Scheduling” on page 110.
Synchronization (Merge) Conflicts
During a synchronization or merge, locally changed data is never overwritten with data from other
Nasuni Filers connected to the remote volume. As a result, several different types of merge conflicts are
handled:
•
Name conflict: For example, files on two different Nasuni Filers are created or renamed with the
same name during the same time interval.
•
Metadata conflict: For example, metadata is changed for the same file on two different Nasuni
Filers during the same time interval.
•
Data conflict: For example, the data is changed for the same file on two different Nasuni Filers
during the same time interval.
If a merge conflict occurs during a synchronization or merge, the Nasuni Filer performs these actions:
•
Creates a merge conflict log file in the .nasuni\sync_logs directory. The file name of the
merge conflict log file is the date in GMT format. The merge conflict log file contains entries for
each merge conflict. Each entry has details about one specific conflict. See “Synchronization
(Merge) Conflict Log File” on page 207.
•
Creates a merge conflict message that points to the .nasuni\sync_logs directory. See
“Synchronization (Merge) Conflict Messages” on page 207.
•
For name conflicts and data conflicts, changes the name of the conflicting file to include details
about the conflict. See “Name of Conflicting File” on page 208.
Nasuni Filer Administration Guide 8.0
206
Remote Access Overview
•
Synchronization (Merge) Conflicts
Optionally, sends an email to the administrator, if configured. See “Email Settings” on page 285.
Note: If you enable Global Locking for a folder, synchronization conflicts do not occur unless
the lock on a file is broken manually. See “Global File Locking” on page 227.
Synchronization (Merge) Conflict Log File
If there are any merge conflicts, information about the merge conflicts is written to a merge conflict log
file. These files are located in the .nasuni\sync_logs directory of the volume where the merge
conflict occurred.
For example, this file:
\ny_files\.nasuni\sync_logs\ny_files_New York Office_2013-08.csv
is a summary of the merge conflicts involving the ny_files volume on the New York Office Nasuni
Filer during a merge on 2013-08.
In the merge conflict sync_logs files, conflict messages include the domain and user names to make
it easier to find pertinent conflicts.
The information in the merge conflict file is in CSV format, in this form:
<local timestamp>, <GMT timestamp>, <conflict type>,
<file name>, <local user>, <local filer>,
<remote user>, <remote filer>, <merge version>
Such as:
2013-08-19 12:28:25EST, 2013-08-19 17:28:25GMT, name conflict,
“/folder/file.txt”, “smith”, “lfiler”, “jones”, “rfiler”, 2013-08-19
Full user names are provided.
It is the responsibility of the Filer Administrator to determine how best to resolve merge conflicts.
Synchronization (Merge) Conflict Messages
To view synchronization conflict messages:
1. Click Notifications.
2. Click All Messages to display all messages. New merge conflicts generate an informational
message. You can search for messages about merges. Type “Merge” in the Search text box.
Figure 8-1: Messages Search text box.
Note: Text searches are case-sensitive.
Nasuni Filer Administration Guide 8.0
207
Remote Access Overview
Synchronization (Merge) Conflicts
Messages such as the following appear:
Figure 8-2: Message about merge conflicts.
3. Download the log file to view the log. Log entries look like this:
2013-08-19 12:28:25EST, 2013-08-19 17:28:25GMT, name conflict,
“/folder/file.txt”, “smith”, “lfiler”, “jones”, “rfiler”, 2013-08-19
It is the responsibility of the Filer Administrator to determine how best to resolve merge conflicts.
Name of Conflicting File
In addition, for name conflicts and data conflicts for CIFS volumes, the file name of the conflicting file is
changed to include the conflict information, in this format:
<original filename> (<name or data> conflict from
<domain1>_<username1>@<Filer1>
with
<domain2>_<username2>@<Filer2>).<original suffix>
The conflict information in the new file name includes the domain names (truncated to 16 characters),
user names (truncated to 16 characters), and names of the Nasuni Filers (truncated to 16 characters) for
the two conflicting parties.
Note: If the volume is connected to Active Directory, the user name information (including
domain name) appears in the name of the merge conflict file. If the volume is
connected to LDAP Directory Services, the user name information appears in the name
of the merge conflict file.
For example:
My_File (data conflict from NYdom_patm@NewYork
with BOSdom_leeg@Boston).txt
It is the responsibility of the Filer Administrator to determine how best to resolve merge conflicts.
Nasuni Filer Administration Guide 8.0
208
Remote Access Overview
Disconnecting from a Remote Volume
Disconnecting from a Remote Volume
Disconnect
You can disconnect from a volume at a remote location.
Tip: Ensure that you first delete the CIFS shares, NFS exports, and FTP directories for the
remote volume from which you want to disconnect. See “Deleting a CIFS Share” on
page 141, “Deleting an NFS Export” on page 151, and “Deleting FTP directories” on
page 159 for details.
Caution: Disconnecting from a volume deletes any data in the cache. To protect recently
changed data, you can take an on-demand snapshot before disconnecting from the
volume. See “Take a Snapshot Now” on page 61 for details.
To disconnect from a remote volume:
1. Click Volumes. Select a remote volume. The Volume properties page appears.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. Click Disconnect Volume. Alternatively, select Disconnect from the Properties drop-down
list. The Disconnect Volume page appears.
Figure 8-3: Disconnect Volume page.
3. Read any warnings that appear on the Disconnect Volume page. Ensure that the prerequisites
mentioned above have been satisfied to avoid data loss.
4. Enter a Username (case-sensitive) and Password (case-sensitive) that has permission to
perform this operation.
Nasuni Filer Administration Guide 8.0
209
Remote Access Overview
Disconnecting from a Remote Volume
5. To disconnect the remote volume from your Nasuni Filer, click Disconnect. The message
“Disconnected volume” appears. Click x to close the message.
Data on the remote volume is no longer accessible.
Nasuni Filer Administration Guide 8.0
210
Chapter 9: File Browser Page
File Browser
Synchronous snapshots are saved to cloud storage periodically (as frequently as hourly for unshared
volumes; as frequently as every minute for shared volumes), which allows you to roll back a file or an
entire directory to any point in its history.
You can restore files or folders from a CIFS or NFS volume or FTP directory, and entire iSCSI volumes,
that are managed by the Nasuni Filer. During a restore procedure, saved data is recovered from cloud
storage.
Note: The File Browser page, and all other pages of the Nasuni Filer user interface, might
look different to different users. Also, different menus and actions might be available
for different users. This is because different users are assigned different permissions,
based on their roles in the role-based access control system. See “Users and Groups”
on page 380 for details.
What is a Snapshot?
A snapshot is a complete picture of the files and folders in your file system at a specific point in time.
With snapshots, the Nasuni Filer can identify new or changed data. Snapshots offer data protection by
enabling you to recover a file deleted in error or to restore an entire file system. After a snapshot has
been taken and is sent to cloud storage, it is not possible to modify that snapshot.
With snapshots, you can find, view, and restore past versions of your files quickly. You can restore a
single file, a directory, or an entire volume.
The Nasuni Filer captures complete snapshots of files at regular intervals and stores all snapshots in
cloud storage to protect your files. You can select which days of the week on which to perform
snapshots; what time of day to start and stop creating snapshots; and the frequency for creating
snapshots. If the volume does not have Remote Access enabled, your frequency choices are every 1, 2,
4, 8, 12, or 24 (hours). If the volume does have Remote Access enabled, your frequency choices are
every 1, 5, 10, 15, 25, or 30 (minutes), or 1, 2, 4, 8, 12, or 24 (hours). For example, you can configure
snapshots to not occur during work-time and only push new and changed data during off-hours when
network usage is low. For details, see “Snapshot Scheduling” on page 107.
You can retain all snapshots indefinitely, which is the default. Or, for compliance purposes or your own
best practices, you can specify to delete older snapshots from cloud storage, based on a configured
policy for a specific volume. For details, see “Snapshot Retention” on page 115.
Nasuni Filer Administration Guide 8.0
211
File Browser Page
File System Browser
File System Browser
You can use the file system browser to perform a variety of tasks:
•
Browse folders and files in volumes on the Nasuni Filer.
•
Search for folders and files by name.
•
Filter results by date.
•
Examine multiple versions of folders and files.
•
Download folders and files.
•
Bring volumes, folders, and files into the cache.
•
Pin individual folders in the cache.
•
Enable Global File Locking for volumes.
•
Enable Auto Cache for individual folders.
•
Create quotas for volumes and folders.
•
Restore a file or folder (for a CIFS or NFS volume or FTP directory) or an entire volume (for an
iSCSI volume). You can do this, for example, if data has been deleted erroneously. For details
on restoring data in the event of a disaster, see “Recovery” on page 450.
In order to access folders and files, ensure that you have performed these necessary tasks:
•
Have configured at least one volume. For more information, see “Adding a Volume” on page 51.
•
For CIFS and NFS volumes or FTP directories, have shared or exported at least one volume or
FTP directory. For more information, see “Adding a New CIFS Share to a Volume” on page 125,
“Adding an NFS Export to a Volume” on page 143, and “Adding FTP directories for a volume”
on page 153.
•
(Optional) Have configured a snapshot schedule to ensure that reliable, periodic snapshots of
the volume are taken. For more information, see “Snapshot Scheduling” on page 107.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions. Ensure that the Nasuni Management Console is
running version 5.5 or later.
Selecting Volume, Folder, or Files
You can select a volume, a folder, or one or more files. You can select by browsing or by searching.
Nasuni Filer Administration Guide 8.0
212
File Browser Page
File System Browser
Browsing a Volume
Browse
To browse folders and files in a volume, follow these steps:
1. Click File Browser. The File System Browser page appears.
Figure 9-1: File System Browser page.
2. From the Volume drop-down list, select a volume name.
Figure 9-2: Volume drop-down list.
The properties of the selected volume are displayed.
Figure 9-3: Volume properties.
The volume properties include:
•
Volume: The name of the volume and Nasuni Filer.
•
Content Size: The size of the volume and its contents.
Note: Nasuni’s display of size might differ from other indications of size, such as
Windows Explorer and other utilities. Typically, such utilities display only the size of
the data currently present in the local cache, while Nasuni displays the full size,
regardless of where the data is.
•
Ownership: The owner of the volume.
•
Cache Resident: (CIFS and NFS volumes and FTP directories.) Indicates whether the folder
is currently in the cache (Yes) or not (No). To view unprotected files in the cache, see
“Unprotected Files” on page 414.
Note: iSCSI volumes are always resident in the cache.
Nasuni Filer Administration Guide 8.0
213
File Browser Page
File System Browser
•
Global Locking: (For folders.) Indicates whether Global Locking is enabled for the volume
(Enabled). If this Global Locking status is inherited, includes the word “Inherited”. If the
Global Locking mode is Optimized, includes the word “Optimized”. To enable Global
Locking for a volume, see “Global File Locking” on page 227.
•
Pinning: (For folders.) Indicates whether the folder is pinned in the cache (Enabled). To
enable pinning for a folder, see “Pinning Folders in the Cache” on page 224. To view
unprotected files in the cache, see “Unprotected Files” on page 414.
•
Auto Cache: (For folders.) Indicates whether Auto Cache (automatically bringing data from
other Nasuni Filers into the local cache immediately) is enabled for the folder. To enable
Auto Cache for a folder, see “Enabling Auto Cache for Folders” on page 225.
The files and folders that reside on the selected volume are displayed.
Figure 9-4: Files and folders on the volume.
Note: You cannot browse files and folders on an iSCSI volume.
3. From the list of files and folders you can select the following:
•
One folder: select the folder you want. The selected folder is highlighted in the list.
The properties of the selected folder are displayed.
Figure 9-5: Folder properties.
The folder properties include:
•
Location: The path to the folder.
Nasuni Filer Administration Guide 8.0
214
File Browser Page
•
File System Browser
Content Size: The size of the folder and its contents.
Note: Nasuni’s display of size might differ from other indications of size, such as
Windows Explorer and other utilities. Typically, such utilities display only the
size of the data currently present in the local cache, while Nasuni displays the
full size, regardless of where the data is.
•
•
Ownership: The owner of the folder.
•
Cache Resident: (CIFS and NFS volumes and FTP directories.) Indicates whether the
folder is currently in the cache (Yes) or not (No). To view unprotected files in the cache,
see “Unprotected Files” on page 414.
•
Global Locking: If Global Locking is enabled for the volume, indicates whether the
folder is Locked or Unlocked. To enable Global Locking for a volume, see “Global File
Locking” on page 227.
•
Pinning: (For folders.) Indicates whether the folder is pinned in the cache (Enabled). To
enable pinning for a folder, see “Pinning Folders in the Cache” on page 224. To view
unprotected files in the cache, see “Unprotected Files” on page 414.
•
Auto Cache: (For folders.) Indicates whether Auto Cache (automatically bringing data
from other Nasuni Filers into the local cache immediately) is enabled for the folder. To
enable Auto Cache for a folder, see “Enabling Auto Cache for Folders” on page 225. To
view unprotected files in the cache, see “Unprotected Files” on page 414.
One file: select the file you want. The selected file is highlighted in the list.
The properties of the selected file are displayed.
Figure 9-6: File properties.
The file properties include:
•
Location: The path to the file.
•
Size: The size of the file.
Note: Nasuni’s display of size might differ from other indications of size, such as
Windows Explorer and other utilities. Typically, such utilities display only the
size of the data currently present in the local cache, while Nasuni displays the
full size, regardless of where the data is.
•
Ownership: The owner of the file.
•
Cache Resident: (CIFS and NFS volumes and FTP directories.) Indicates whether the
file is currently in the cache (Yes) or not (No). To view unprotected files in the cache, see
“Unprotected Files” on page 414.
Nasuni Filer Administration Guide 8.0
215
File Browser Page
•
File System Browser
Lock Status: If Global Locking is enabled for the volume, indicates whether the file is
Locked or Unlocked. To enable Global Locking for a volume, see “Global File Locking”
on page 227. If locked by multiple Nasuni Filers, a list appears.
Figure 9-7: Locked by multiple Nasuni Filers.
•
Pinning: (For files.) Indicates whether the folder that contains the file is pinned in the
cache (Enabled). To enable pinning for a folder, see “Pinning Folders in the Cache” on
page 224. To view unprotected files in the cache, see “Unprotected Files” on page 414.
•
Auto Cache: (For files.) Indicates whether Auto Cache (automatically bringing data from
other Nasuni Filers into the local cache immediately) is enabled for the folder that
contains the file. To enable Auto Cache for a folder, see “Enabling Auto Cache for
Folders” on page 225. To view unprotected files in the cache, see “Unprotected Files”
on page 414.
You can now perform actions with the selected folder or file, as described in “Actions with Selected
Volume, Folder, or Files” on page 220.
You can also filter the current results by date, as described in “Filtering by Date” on page 216.
Filtering by Date
By default, the current contents of the volume are displayed. To select contents from another date and
time from available snapshots, follow these steps:
1. Navigate to a volume as described in “Browsing a Volume” on page 213.
2. Click the Version drop-down list. A calendar of available dates appears. Select the date, then
select the snapshot on that date. The folders and files from that snapshot appear.
Note: Some dates do not have snapshots. When you click a date with no snapshots, the
message “There are no snapshots for the selected date.” appears.
Folders and files from snapshots display the date and time of the version in addition to their
other properties.
3. Select a folder or file from the list. To select multiple individual items from snapshots, use
Ctrl+click. To select a range of items from snapshots, use Shift+click.
4. To select the current version of folders and files, click the Version drop-down list and select
Current Version.
You can now perform actions with the selected folder or files, as described in “Actions with
Selected Volume, Folder, or Files” on page 220.
Nasuni Filer Administration Guide 8.0
216
File Browser Page
File System Browser
Searching for a Folder or File by Name
Search
In addition to browsing for folders and files, you can also search for a specific folder or file by name
within a snapshot, and then select it for further actions.
Caution: In most cases, snapshots are not in the local cache, and must be brought into
the local cache to be searched. As a result, snapshot searches can impact
performance. Searching a large number of snapshots proceeds better by using
a Nasuni Filer that users are not using heavily at the same time.
Note: iSCSI volumes do not contain folders or files, so you cannot search them.
To search for a folder or file by name in a snapshot, follow these steps:
1. Navigate to a volume as described in “Browsing a Volume” on page 213. If you intend to restrict
the search to a specific directory, navigate to that directory.
2. Click Search. The Search Versions dialog box appears.
Figure 9-8: Search Versions dialog box.
3. The default is to search all directories. To limit the search to the currently selected directory (and
any subdirectories), select Start from Current Folder. Limiting the search can save time.
4. The default is to search all versions. To specify search dates, click the Date Range box. The
Date Range list appears.
Figure 9-9: Date Range list.
Nasuni Filer Administration Guide 8.0
217
File Browser Page
File System Browser
5. From the list, select one of these options for the search date:
•
Today: Searches snapshots from today.
•
All Versions: Searches all snapshots regardless of date. This is the default.
Caution: Searching all snapshots can take a long time and add extra load to your
Nasuni Filer.
•
Last 7 Days (if available): Searches only snapshots from the past 7 days, if there are any
available.
Caution: Searching large numbers of snapshots can take a long time and add
extra load to your Nasuni Filer.
•
Last 30 Days (if available): Searches only snapshots from the past 30 days, if there are any
available.
Caution: Searching large numbers of snapshots can take a long time and add
extra load to your Nasuni Filer.
•
Custom Range: Opens the Custom Range pane for you to select a start date and an end
date within which to search snapshots.
Figure 9-10: Custom Range pane.
Navigate to the start date and the end date during which to search snapshots.
Caution: Searching large numbers of snapshots can take a long time and add
extra load to your Nasuni Filer.
Nasuni Filer Administration Guide 8.0
218
File Browser Page
File System Browser
6. Enter all or part of the name of the folder or file to search for in the Query text box.
Note: You can use glob syntax wildcards when you specify the name, such as the
following:
Wildcard
Meaning
Example
*
Matches any number of
any character.
*.mp3
means any file name that ends with “mp3”.
?
Matches any one
character.
test.mp?
means file names like “test.mp3” or “test.mp4”.
[sequence]
Matches any character
in the specified
sequence.
[A-Z]*.mp3
means file names that start with an upper-case
letter.
[!sequence]
Matches any character
NOT in the specified
sequence.
[!A-Z]*.mp3
means file names that do not start with an uppercase letter.
The search matches the query text within a folder or file name. For example, searching for
“mount” finds items named “Mount”, “mounted”, “unmounted”, and “unmount”. The search
is not case-sensitive.
Optionally, you can specify searching for the exact name of the file (including the filename
extension) or folder by selecting the Exact Match check box. In this case, searching for
“mount” only finds items named “mount”. This search is also not case-sensitive.
7. Click Search. The Search Status results appear in a list.
Figure 9-11: Search Status results.
To cancel a running search before it completes, click Stop Search.
8. After the search completes, click a folder or file in the list to highlight it.
9. Click Navigate to Selected to navigate to the selected item.
The folder or file you searched for is selected.
You can now perform actions with the selected folder or file, as described in “Actions with Selected
Volume, Folder, or Files” on page 220.
Nasuni Filer Administration Guide 8.0
219
File Browser Page
File System Browser
Actions with Selected Volume, Folder, or Files
After selecting a volume, folder or files, as described in “Selecting Volume, Folder, or Files” on
page 212, you can perform the following actions:
•
Bring volume, folder, or files into the cache.
•
Create quotas for folders.
•
Download folders and files.
•
Pin individual folders in the cache.
•
Enable Global File Locking for volumes.
•
Enable Auto Cache for individual folders.
•
Restore a file or folder (for a CIFS or NFS volume and FTP directories) or an entire volume (for an
iSCSI volume).
Bringing Data into Cache
Bring into cache
When a volume, folder, or file is selected that is not already in the cache, you can bring that item into
the cache.
Note: If the selected data is not already present in the Nasuni Filer’s cache, selecting Bring
into Cache begins the process of copying the selected data into the cache. This
process continues running in the background until all the selected data is copied into
the cache. If the size of the selected data exceeds the available space in the cache,
then the Nasuni Filer releases already-protected data from the cache to make room for
the incoming data. This process affects network bandwidth until it has completed. If
the user requests any of the selected data while this process is running, the requested
data is copied into the cache immediately.
To view unprotected files in the cache, see “Unprotected Files” on page 414.
To bring data into the cache, follow these steps:
1. Select a volume, folder or file as described in “Selecting Volume, Folder, or Files” on page 212.
Note: You can only bring data selected from Current Version into the cache.
Note: You cannot bring files infected with malware into the cache.
Nasuni Filer Administration Guide 8.0
220
File Browser Page
File System Browser
2. Click Bring into Cache. The Bring Into Cache dialog box appears. The dialog box is slightly
different with volumes, folders, and files.
Figure 9-12: Bring Volume Into Cache dialog box.
a. Information about the volume, folder, or file is displayed, as well as the amount of space
currently available in the cache.
b. (For volume or folder only) To bring only the metadata of the volume or folder into the cache,
but not the data itself, select the Bring Metadata Only check box.
c. Click Start Transfer.
This begins the process of copying data and metadata into the local cache. When the process is
complete, a notification indicates that the process is complete and, if configured, an email indicates
that the process is complete.
Setting Quota or Rule
Create
You can set a quota on the contents of a volume or a folder. You can configure quota reports to be sent
to administrators or users when volumes or folders approach or exceed their quota.
To set a volume or folder quota, follow these steps:
1. Select a volume or folder as described in “Selecting Volume, Folder, or Files” on page 212.
Nasuni Filer Administration Guide 8.0
221
File Browser Page
File System Browser
2. Click Set Quota or Rule. The Set Quota or Rule dialog box appears.
Figure 9-13: Set Quota or Rule dialog box.
3. Verify the location in the Location text box.
4. From the Quota Type drop-down list, select one of the following choices:
•
Rule: Applies the specified Limit to any newly created subdirectories of the selected volume
or folder. To apply the specified Limit to existing subdirectories, see step 7 on page 223
below.
Important: Quotas cannot be nested. Quotas cannot be created anywhere in a
directory tree that already has a quota set in one of the parents. Quotas
also cannot be created on any parent directory when any of the
subdirectories has a quota already.
•
Quota: Applies the specified Limit only to the selected volume or folder.
5. (Optional) To receive reports when the selected volume or folder is near or over its Limit, in the
Email text box, enter a comma-separated list of email address.
Tip: If User Folders Support is enabled for the CIFS share that the directory is in, then the
email address of the directory owner is used automatically. This prevents the
necessity of manually entering hundreds of email addresses for multi-user systems.
See step q on page 131. However, if email addresses are entered here, the entered
email addresses override looking up an email address from Directory Services.
6. In the Limit text box, enter or select the quota limit (in gigabytes or fractions of a gigabyte, such
as 6.8). The content size of uncompressed data is displayed to help you decide on a quota limit.
Note: Nasuni’s display of size might differ from other indications of size, such as
Windows Explorer and other utilities. Typically, such utilities display only the size of
Nasuni Filer Administration Guide 8.0
222
File Browser Page
File System Browser
the data currently present in the local cache, while Nasuni displays the full size,
regardless of where the data is.
7. For the Rule quota type, to apply the same Limit to the data in any existing sub-directories of
the selected directory, select the Apply to existing sub-directories check box.
8. Click Save Quota or Save Rule to save your changes. Otherwise, click Cancel.
The quota is enabled as configured.
Downloading Files
Download
You can download one or more files to your local computer.
To download one or more files, follow these steps:
1. Select one or more files as described in “Selecting Volume, Folder, or Files” on page 212.
2. Click Download File.
Downloading features depend on your Web browser. If the file is of a type that your Web
browser recognizes (such as a PDF file), the file might download and display directly in the
browser.
If the Web browser cannot directly display the file, navigate to a location where the file should
be saved.
Tip: Although users with “Perform File Restores/Access Versions” permission have the
ability to access all files on the file server, clicking Download File results in permission
denied.
Tip: Users who are members of groups that have the “Manage all aspects of Volumes”
permission, the “Manage all aspects of the Filer (super user)” permission, or the
“Manage Volume Settings (Can't add/delete)” permission can download files. To
control who can download files, manage these permissions accordingly. However,
note that each of these permissions control other settings besides downloading files.
For details, see Appendix D, “Permissions,” on page 474.
The selected files are downloaded to your local computer.
Nasuni Filer Administration Guide 8.0
223
File Browser Page
File System Browser
Pinning Folders in the Cache
Pin folder
Pinning a folder specifies that the folder and its contents must remain in the local cache at all times.
This can improve performance and reduce the time necessary to return accessed data to clients.
Warning: Enabling this feature means that the entire folder, and all the folder’s contents,
remain resident in the cache at all times. This reduces the available cache by
the size of the folder. If the amount of data pinned in the cache exceeds the
size of the cache, you are not able to access data that is not in the cache. If
this occurs, an Alert notification is given.
Note: Pinning a folder does not bring the folder’s data into the cache. If the folder’s data is
not already present in the cache, you must specifically bring that data to the cache. To
check on whether data is resident in the cache, see “Browsing a Volume” on page 213.
To bring data to the cache, see “Bringing Data into Cache” on page 220.
Note: All iSCSI (SAN) volume data is already pinned in the cache, so it is not necessary to pin
iSCSI volumes.
To view pinned folders, or disable pinning for a folder, see “Pinned Folders” on page 118. To view
unprotected files in the cache, see “Unprotected Files” on page 414.
See www.nasuni.com/support/documentation for a worksheet for planning configurations.
To pin a folder in the cache, follow these steps:
1. Select a folder as described in “Selecting Volume, Folder, or Files” on page 212.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. Click Edit Cache Settings. The Folder Cache Settings dialog box appears.
Figure 9-14: Folder Cache Settings dialog box.
3. Select Enable Pinning.
4. Click Save Settings. Your changes are saved.
Otherwise, to close the dialog box without saving changes, click Close.
Nasuni Filer Administration Guide 8.0
224
File Browser Page
File System Browser
Enabling Auto Cache for Folders
Enable
If you enable the “Auto Cache” option for a folder, new data in that folder is brought into the local cache
from other Nasuni Filers that are attached to this volume. Otherwise, new data is brought into the local
cache from other Nasuni Filers only when that data is accessed next.
You can only enable Auto Cache for shared volumes.
Enabling Auto Cache for a folder does not bring all data for this folder into the cache. Enabling Auto
Cache for a folder brings in only uncached data from other Nasuni Filers that are also attached to this
volume. Uncached data includes data that is already in the cloud but that is not presently in the cache,
as well as new and recently modified remote data.
Enabling Auto Cache does not immediately bring any data into the cache. To bring data into the cache
immediately, use the “Bring into Cache” button on the File System Browser screen. Otherwise, data
begins to transfer the next time the Nasuni Filer synchronizes with the cloud.
Tip: Because Auto Cache is not enabled by default, new data in the folder comes into the
local cache only when requested. Before enabling Auto Cache, ensure that all of the
following apply to your deployment:
•
All the Nasuni Filers on which you plan to enable Auto Cache have caches large enough
to contain data from the other Nasuni Filers.
•
All the data in the folder is relevant and appropriate for all other sites that access the
folder.
•
Network access at each site is not adversely affected by automatically moving large
quantities of data.
Tip: Auto Cache should not be used during the initial transfer of data into a Nasuni Filer or
during certain one-time operations, such as a bulk data load.
Note: Before enabling Auto Cache for a folder, the folder’s volume must have Remote
Access enabled and Auto Cache enabled. For details, see “Setting Remote Access” on
page 102 and “Enabling or Disabling Auto Cache for Volumes” on page 105.
Note: Auto Cache is only available for shared or remote volumes.
Note: If Auto Cache is enabled and you disable Auto Cache, any process bringing data into
the cache continues until complete.
To enable Auto Cache for a folder, follow these steps:
1. Select a folder as described in “Selecting Volume, Folder, or Files” on page 212.
Nasuni Filer Administration Guide 8.0
225
File Browser Page
File System Browser
2. Click Edit Cache Settings. The Folder Cache Settings dialog box appears.
Figure 9-15: Folder Cache Settings dialog box.
3. Select Enable Auto Cache.
4. Click Save Settings. Your changes are saved.
Otherwise, to close the dialog box without saving changes, click Close.
Nasuni Filer Administration Guide 8.0
226
File Browser Page
File System Browser
Global File Locking
Lock
The purpose of the Global Locking feature is to prevent conflicts when two or more users attempt to
change the same file on different Nasuni Filers. If you enable the Global Locking feature for a directory
and its descendants, any files in that directory or its descendants can only be changed by one user at a
time. Any other users cannot change the same file at the same time.
Typically, when User X opens a file to change it, the application locks the file, preventing access by
User Y. Applications and platforms differ on specific behavior. User Y might receive the option of
opening a Read-Only copy of the file, opening a copy of the file with a different name, or receiving a
notice when User X closes the file. When User X does close the file, User Y can then access the file.
Tip: Enabling Global Locking can have an impact on performance, depending on factors that
include network congestion, user load, and file sizes. Do not enable Global Locking until
after initial data load and after large data migrations. If users do not typically collaborate
on the same file at the same time, it is unnecessary to enable Global Locking.
Note: The Nasuni Filer supports the use of byte-range locking for applications that benefit
from this feature. However, because of the impact on performance, byte-range locking
is disabled by default. If your applications require byte-range locking, contact Nasuni
Technical Support to enable byte-range locking.
Tip: If global locking is enabled for a CIFS volume, creating hard links is not currently
supported on Mac OS or Linux clients connected via CIFS.
Caution: If two Nasuni Filers both have Global Locking enabled for the same folder, and
a file is deleted or removed in the folder on one of the Nasuni Filers, the file
might still be available on the other Nasuni Filer.
You can also manually break the locking of a file. This might become necessary if a user leaves a file
open and another user needs to open that file.
Warning: If you manually break the locking of a file, this might result in conflicts for the
file. See “Synchronization (Merge) Conflicts” on page 206.
Note: If a user continues using a file after the lock is manually broken, the file might become
locked again.
Enabling Global Locking
To enable Global Locking for a folder (which can be a volume) and its descendants, follow these steps:
1. Select a folder as described in “Selecting Volume, Folder, or Files” on page 212.
Nasuni Filer Administration Guide 8.0
227
File Browser Page
File System Browser
2. Click Edit Global Locking Settings. The Global Locking Setting dialog box appears.
Figure 9-16: Global Locking Setting dialog box.
3. Select Enable Global Locking.
Caution: If two Nasuni Filers both have Global Locking enabled for the same folder, and
a file is deleted or removed in the folder on one of the Nasuni Filers, the file
might still be available on the other Nasuni Filer.
4. From the Locking Mode drop-down list, select one of the following locking modes:
•
Optimized: Recommended for most applications that don’t rely heavily on shared access
modes. Optimized locking gives the best performance, but lower protocol compatibility.
Note: NFS volumes only support Optimized mode locking.
•
Advanced: Recommended for applications that rely on shared access modes. Advanced
locking provides the highest global locking compatibility, but might impact performance.
Note: If Advanced locking is set on a directory, then any sub-directories that inherit the
Advanced setting do not have the option to "Edit Global Locking Settings".
5. Click Save Settings. Your changes are saved.
Otherwise, to close the dialog box without saving changes, click Close.
Breaking Global Locking
To break Global Locking for a file, follow these steps:
1. Select the file as described in “Selecting Volume, Folder, or Files” on page 212.
2. Click Break Global Lock. The Break Global Lock dialog box appears.
Figure 9-17: Break Global Lock dialog box.
3. Click Break Lock. The lock for the file is released, allowing other users to open the file.
Nasuni Filer Administration Guide 8.0
228
File Browser Page
File System Browser
Otherwise, to close the dialog box without making changes, click Close.
Nasuni Filer Administration Guide 8.0
229
File Browser Page
File System Browser
Restoring Volume, Folder, or Files
Restore
You can restore a stored version of a volume, folder, or files. You might do this if data was erroneously
destroyed or corrupted, or if you need a previous version. You can restore the data to its original
location, or to another location.
Note: If you rename a file or a folder that has a previous version, then the previous versions of
the newly renamed file or folder are no longer available. If the file or folder is renamed
back to the original name, then any previous versions of the file or folder become
available again.
To restore data from a snapshot, follow these steps:
1. Select a volume, folder, or files in a snapshot as described in “Selecting Volume, Folder, or
Files” on page 212.
Tip: You can tell that you have selected files or a folder in a snapshot if the Version displays a
date and not “Current Version.”
2. Click Restore Folder or Restore File. The Restore Folder or Restore File dialog box appears
Figure 9-18: Restore Folder dialog box.
3. Verify the selection in the Selection text box.
4. By default, the file or folder is restored to its original location. To restore the file or folder to
another path, click in the Destination box and navigate to the alternative path.
Caution: If the file or folder is restored to its original location, it replaces the file or
folder of the same name (if any) in that original location.
5. To back up existing files before proceeding, select the Back Up Existing check box. If any files
that you selected to restore also exist in your volume, they are copied and retained. Backup files
are created with the preface “backupxxxx.” For example, “backup0001.Sales.doc”.
Caution: If Back Up Existing is not selected, the restore overwrites any files with the
same name.
Nasuni Filer Administration Guide 8.0
230
File Browser Page
File System Browser
6. To restore the selected files or folder to your system, click Restore File or Restore Folder. The
Restore in Progress pane appears.
Figure 9-19: Restore in Progress pane.
This pane includes the following:
•
The number of folders processed.
•
The number of files processed.
Note: Files and folders in the snapshots are not deleted or changed during the restore.
The restored files or folder appear in the specified folder.
Nasuni Filer Administration Guide 8.0
231
File Browser Page
Using Snapshot Directory Access
Using Snapshot Directory Access
For CIFS and NFS volumes, you can browse the recent snapshot history and view files and directories
within a volume.
Tip: If multiple protocol volumes are enabled, the .snapshot directory is hidden.
For NFS volumes, ensure that you have met the following criteria:
•
Configured at least one NFS volume and created at least one NFS export. For more information,
see “Adding a Volume” on page 51 and “Adding an NFS Export to a Volume” on page 143.
•
Enabled the Snapshot Directory Access option on the Volume properties page. For more
information, see “Snapshot Directory Access” on page 113.
•
Configured (optional) a snapshot schedule to ensure that reliable, periodic snapshots of the
NFS volume are taken. For more information, see “Snapshot Scheduling” on page 107.
Caution: If a user creates a directory named .snapshot on an NFS volume, and the
Snapshot Directory Access setting is enabled on that volume, the usercreated directory might appear to be empty or might hide any user-created
content. We suggest that users not create directories named .snapshot
on NFS volumes with Snapshot Directory Access enabled.
For CIFS volumes, ensure that you have met the following criteria:
•
Configured at least one CIFS volume and created at least one CIFS share. For more information,
see “Adding a Volume” on page 51 and “Adding a New CIFS Share to a Volume” on page 125.
•
Enabled the Snapshot Directory Access option on the Volume properties page. For more
information, see “Snapshot Directory Access” on page 113.
Tip: If "Snapshot Directory Access" is enabled on a volume and “Enable Snapshot
Directories” is enabled on a CIFS share of that volume, then directories in that CIFS
share on that volume cannot be deleted.
•
Enabled snapshot access for the CIFS share. For more information, see “Adding a New CIFS
Share to a Volume” on page 125 and “Editing a CIFS Share” on page 139.
Tip: If "Snapshot Directory Access" is enabled on a volume and “Enable Snapshot
Directories” is enabled on a CIFS share of that volume, then directories in that CIFS
share on that volume cannot be deleted.
•
Configured (optional) a snapshot schedule to ensure that reliable, periodic snapshots of the
CIFS volume are taken. For more information, see “Snapshot Scheduling” on page 107.
Accessing CIFS and NFS Snapshot Directories using Windows
A .snapshot directory is located in every directory of a volume that was successfully included in at
least one snapshot, and that has not been removed as the result of a snapshot retention policy (see
Nasuni Filer Administration Guide 8.0
232
File Browser Page
Using Snapshot Directory Access
“Snapshot Retention” on page 115). You can navigate to the .snapshot directory, change the current
directory to the .snapshot directory, and locate files within directory trees.
Tip: To simplify access to snapshot directories in Windows, map a network drive to a CIFS
share, as described in “Mapping a Windows network drive to a CIFS share” on
page 169.
Tip: If multiple protocol volumes are enabled, the .snapshot directory is hidden.
Each .snapshot directory contains one or more subdirectories that correspond to each snapshot
taken, and whose name includes the date and time GMT that it was created, such as
2013_07_22_18.36.17GMT.
Typically, the .snapshot directories are hidden from directory listings. On Windows systems, this
includes the dir command and Windows Explorer, although you can configure Windows Explorer to
show hidden files and folders.
For example, the .snapshot directory is not visible in this listing (in which the CIFS share district
has been mapped to the Windows drive X:):
X:\>dir
Volume in drive X is district
Directory of X:\
03/28/2013 02:12 PM
<DIR>
.
05/03/2013 03:56 PM
<DIR>
..
2 Dir(s) 64,246,075,392 bytes free
There are two default directories listed; however, the directory called .snapshot is not visible.
However, you can still change to the .snapshot directory (assuming that access to this directory is
enabled):
X:\>cd .snapshot
X:\.snapshot>
X:\.snapshot>dir
Volume in drive X is district
Directory of X:\.snapshot
03/28/2013 02:12 PM
<DIR>
.
03/28/2013 02:12 PM
<DIR>
..
03/28/2013 02:12 PM
<DIR>
2013_05_08_06.07.53GMT
03/28/2013 02:12 PM
<DIR>
2013_05_04_06.07.09GMT
03/28/2013 02:12 PM
<DIR>
2013_05_03_18.20.54GMT
03/28/2013 02:12 PM
<DIR>
2013_04_19_18.05.40GMT
03/28/2013 02:12 PM
<DIR>
2013_04_12_06.06.04GMT
03/28/2013 02:12 PM
<DIR>
2013_03_28_18.16.12GMT
03/26/2013 03:25 PM
<DIR>
2013_03_26_19.52.41GMT
03/29/2013 12:11 PM
<DIR>
2013_03_26_19.52.40GMT
0 File(s)
0 bytes
11 Dir(s) 64,246,075,392 bytes free
Nasuni Filer Administration Guide 8.0
233
File Browser Page
Using Snapshot Directory Access
You can also access the .snapshot directories using Windows Explorer:
Figure 9-20: .snapshot directory in Windows Explorer.
Accessing CIFS and NFS Snapshot Directories using UNIX
A .snapshot directory is located in every directory of a volume that was successfully included in at
least one snapshot, and that has not been removed by a snapshot retention policy. You can navigate to
the .snapshot directory, change the directory to the .snapshot directory, and locate files within
directory trees.
Note: All .snapshot directories have read-only access. You can read the files and
directories contained in the snapshot directories; however, you cannot move, delete,
or edit files and directories.
Tip: If multiple protocol volumes are enabled, the .snapshot directory is hidden.
For example, the .snapshot directory is not visible in this listing:
Server1: user1$ ls -lah
total 32
drwxrwxrwx 5 root wheel 4.0K Apr 13 11:12 .
drwxr-xr-x 3 user1 staff 102B Apr 13 14:59 ..
drwxr-xr-x 2 root wheel 4.0K Apr 12 16:59 folder_one
drwxr-xr-x 2 root wheel 4.0K Apr 12 14:38 folder_two
There are two directories listed; however, the directory called .snapshot is not visible. However, you
can still change to the .snapshot directory (assuming that access to this folder is enabled):
Server1: User1$ cd .snapshot
Server1:.snapshot User1$
For example:
sys:local$ cd /mnt/filer/export
sys:export$ cd dir1
sys:dir1$ cd dir2
sys:dir2$ cd .snapshot
sys:.snapshot$ ls
Nasuni Filer Administration Guide 8.0
234
File Browser Page
Using Snapshot Directory Access
Accessing Files in Snapshot Directories
The file system for snapshot directories and the content in the directories is read-only.
Tip: If multiple protocol volumes are enabled, the .snapshot directory is hidden.
Once inside a .snapshot directory, you can list the contents. For example, in UNIX:
Server1:.snapshot User1$ ls
2013_04_04_19.49.17GMT 2013_04_05_14.22.01GMT
2013_04_05_15.57.52GMT 2013_04_07_19.16.16GMT
2013_04_12_21.27.15GMT 2013_04_05_14.11.17GMT
In Windows:
X:\.snapshot>dir
03/28/2013 02:12
03/28/2013 02:12
03/28/2013 02:12
03/28/2013 02:12
03/28/2013 02:12
PM
PM
PM
PM
PM
<DIR>
<DIR>
<DIR>
<DIR>
<DIR>
.
..
2013_05_08_06.07.53GMT
2013_05_04_06.07.09GMT
2013_05_03_20.01.54GMT
The directories within a .snapshot directory have names that correspond to the time when each
snapshot was taken. For example, this directory:
2013_04_12_18.39.17GMT
refers to a snapshot that was taken on April 12th, 2013 at 18:39:17 GMT:
You can navigate to one of the listed directories to display the version of the file system that was
available from that location at the time of the snapshot.
Listing the contents of a snapshot directory can take time, because this data might not be in the local
cache and might have to be retrieved from cloud storage. See “Searching for a Folder or File by Name”
on page 217 for more information.
The snapshots within the .snapshot directories include the following 45 snapshots, if they are
available:
•
The last 10 snapshots.
•
The last 12 hourly snapshots, by hour.
•
The last 7 daily snapshots, by day.
•
The last 4 weekly snapshots, by week.
•
The last 12 monthly snapshots, by month.
To access other snapshots, use the Nasuni Filer user interface to access this data.
Nasuni Filer Administration Guide 8.0
235
File Browser Page
Using Snapshot Directory Access
Restoring a File or a Folder from a Snapshot Directory
You can restore a file or a folder from a snapshot.
To restore a file or directory:
1. Navigate to the directory that contains the file or folder to restore.
2. In that directory, navigate to the .snapshot directory.
Tip: If multiple protocol volumes are enabled, the .snapshot directory is hidden.
3. In the .snapshot directory, navigate to the directory for the specific snapshot you want.
4. Copy the files or directories from the snapshot directory to the target location.
For example, in UNIX:
Station1:.snapshot User2$ cd 2013_04_12_21.27.15GMT
Station1:2013_04_12_21.27.15GMT User2$ ls
file_1.txt
file_3.txt
Station1:2013_04_12_21.27.15GMT User2$ cp file_1.txt /some/other/
place
For example, in Windows:
X:\>cd docs
X:\docs>cd .snapshot
X:\docs\.snapshot>cd 2013_05_18_15.57.46GMT
X:\docs\.snapshot\2013_05_18_15.57.46GMT>dir
Volume in drive X is district
05/18/2013 11:56 AM
<DIR>
.
05/18/2013 11:56 AM
<DIR>
..
05/17/2013 07:37 AM
106,502 hw_gs_guide_5.0.pdf
04/09/2013 03:14 PM
2,787,760 Administration_Guide_5.0.pdf
X:\docs\.snapshot\2013_05_18_15.57.46GMT>copy hw_gs_guide_5.0.pdf
c:\
You can also restore folders or files using the Nasuni Filer user interface, as detailed in “Restoring
Volume, Folder, or Files” on page 230.
Nasuni Filer Administration Guide 8.0
236
Chapter 10: Services Page
Services
The Services page enables you to:
•
Configure and schedule data migrations, which are an efficient way to copy bulk data into the
Nasuni Filer using the Data Migration Service.
•
Configure and perform a Side Load, transferring data from a source Nasuni Filer to a destination
(new) Nasuni Filer. The source Nasuni Filer must already be decommissioned.
•
Configure the Mobile Service, which enables access to the Nasuni Filer using mobile devices
such as iPhones, iPads, and Android phones.
•
Place this Nasuni Filer under the management of the Nasuni Management Console.
•
Enable the Remote Support Service, which simplifies access for Nasuni Technical Support.
•
Send diagnostic information to Nasuni.
Note: The Services page, and all other pages of the Nasuni Filer user interface, might look
different to different users. Also, different menus and actions might be available for
different users. This is because different users are assigned different permissions,
based on their roles in the role-based access control system. See “Users and Groups”
on page 380 for details.
Note: If this Nasuni Filer is under the control of the Nasuni Management Console, some
menus and menu choices might look different, because you use the Nasuni
Management Console to perform these tasks.
Nasuni Filer Administration Guide 8.0
237
Services Page
Data Migration
Data Migration
After you have configured the Nasuni Filer, the best way to load your data to a volume is by using the
Data Migration Service. This feature supports multiple sources and targets for migrations using the
CIFS or NFS protocols. The Data Migration Service copies files; it does not move them. Therefore, the
source data is not modified during the migration process.
While a migration is running, you can configure and schedule additional migrations to run one after the
other. Migration procedures can only run one at a time.
Tip: Perform any necessary data migrations to the volume before enabling Remote Access.
Otherwise, data migration processing can impact the synchronization of remote
volumes. If Remote Access is already enabled, disable Remote Access before
performing data migration.
Note: Data migration is only available for CIFS and NFS volumes, not iSCSI volumes.
Note: The Data Migration Service can only migrate files that it has permission to access.
Ensure that the user you specify has permission to read all the files in the CIFS share
that you plan to copy. If the user cannot read all files in the source CIFS share, then the
migration cannot run properly. Therefore, you should specify a user with administrative
or backup operator privileges.
Note: The Data Migration Service does not maintain the sparseness of sparse files when
migrated. Therefore, the size of a migrated sparse file might differ from the size of the
source file.
Important: The Data Migration Service uses the cache. To ensure that the Data Migration
Service has enough space, set Cache Settings to 30 percent or greater. See
“Cache Settings” on page 400.
Configure
Tip: Before adding data to a Nasuni Filer, it is a Best Practice to clean up historical and
orphaned SIDs. This can help prevent later difficulties with permissions. For more details,
see CIFS Permissions Best Practices.
Configuring a data migration procedure requires the following steps:
View
Services
1. Configuring the migration source, as in “Configuring a CIFS Migration Source” on page 239 or
“Configuring an NFS Migration Source” on page 241.
2. Configuring the data migration itself, as in “Configuring a CIFS Data Migration” on page 243 or
“Configuring an NFS Data Migration” on page 251.
Since the procedures for CIFS and NFS data migrations are slightly different, they are addressed
separately.
Nasuni Filer Administration Guide 8.0
238
Services Page
Data Migration
Configuring a CIFS Migration Source
Create
Before you configure a CIFS migration source, ensure that you have a source CIFS volume and CIFS
share configured. See “Adding a Volume” on page 51 and “Adding a New CIFS Share to a Volume” on
page 125 for more information.
To configure a migration source for a CIFS share:
1. Click Migration Sources. The Migration Sources page appears.
Figure 10-1: Migration Sources page.
2. Click Add CIFS Source. The Create/Reconnect CIFS Migration Source dialog box appears.
Figure 10-2: Create/Reconnect CIFS Migration Source dialog box.
3. In the Source Server text box, enter the source server’s IP address or hostname.
4. In the Source Share Name text box, enter the name of the CIFS share on the source server. For
example, files.
Nasuni Filer Administration Guide 8.0
239
Services Page
Data Migration
5. In the User Name and Password text boxes, enter a User Name (case-sensitive) and
Password (case-sensitive) that has permission to perform this operation. For any Active
Directory CIFS shares, the username must be in the form of domain\username.
Note: Depending on the settings of the CIFS share, the username and password might
be optional.
Note: Ensure that the user you are specifying has permission to read all the files in the
CIFS share that you plan to copy. If the user cannot read all files in the source CIFS share,
then the migration cannot run properly. Therefore, you should specify a user with
administrative or backup operator privileges.
6. To retain the User Name and Password in order to automatically reconnect with the source after
rebooting the Nasuni Filer, select Retain Passwords from the Password Retention drop-down
list.
Alternatively, to not retain passwords, select Do not retain passwords (best security) from the
Password Retention drop-down list.
Tip: The security best practice is to not retain passwords.
Caution: If you select Retain Passwords, Nasuni authorized support personnel who
can access the Nasuni Filer’s disks could possibly recover the retained User Name
and Password.
7. To add the specified CIFS migration source, click Connect to Source.
The CIFS migration source that you added is displayed.
Figure 10-3: Added CIFS migration source.
The migration source is saved for re-use. If you want to disconnect from the migration source,
see “Disconnecting from (deleting) a Migration Source” on page 265.
See “Configuring a CIFS Data Migration” on page 243 to continue.
Nasuni Filer Administration Guide 8.0
240
Services Page
Data Migration
Configuring an NFS Migration Source
Ensure that you have a source NFS volume and NFS export configured before configuring an NFS
migration source. See “Adding a Volume” on page 51 and “Adding an NFS Export to a Volume” on
page 143 for more information.
To create a migration source for an NFS export:
1. Click Migration Sources. The Migration Sources page appears.
Figure 10-4: Migration Sources page.
2. Click Add NFS Source. The Create/Reconnect NFS Migration Source dialog box appears.
Figure 10-5: Create/Reconnect NFS Migration Source dialog box.
3. In the Source Server text box, enter the source server IP address or hostname.
4. In the Source Path text box, enter the source directory path exported by the source server.
5. Click Connect to Source to add the NFS migration source.
The NFS migration source that you added is displayed.
Figure 10-6: Added NFS migration source.
Nasuni Filer Administration Guide 8.0
241
Services Page
Data Migration
The migration source is saved for re-use. If you want to disconnect from the source, see
“Disconnecting from (deleting) a Migration Source” on page 265.
See “Configuring an NFS Data Migration” on page 251 to continue.
Nasuni Filer Administration Guide 8.0
242
Services Page
Data Migration
Configuring a CIFS Data Migration
Before you configure a CIFS migration, ensure that you have a source CIFS volume and CIFS share
configured, and that you have created a CIFS data migration source. See “Volumes Page” on page 45,
“Adding a New CIFS Share to a Volume” on page 125, and “Configuring a CIFS Migration Source” on
page 239 for more information.
To configure a CIFS data migration:
1. Click Services, then select Add Migration from the list. The Configure Data Migration page
appears.
Figure 10-7: Configure Data Migration page.
Note: If the only migration source is a CIFS source, the Configure Data Migration page
does not appear and the Configure CIFS Data Migration page appears automatically.
Select Add CIFS Data Migration.
Nasuni Filer Administration Guide 8.0
243
Services Page
Data Migration
2. The Configure CIFS Data Migration page appears.
Figure 10-8: Configure CIFS Data Migration page.
3. To copy the information for an existing migration, select the existing migration from the Copy
Migration drop-down list.
4. In the Migration Name text box, enter a descriptive name for the migration procedure. This is
for your own use.
Nasuni Filer Administration Guide 8.0
244
Services Page
Data Migration
5. From the Source Share drop-down list, select the source CIFS share. The drop-down list
contains the currently defined data migration source CIFS shares.
Alternatively, select Add Source. The Add CIFS Migration Source dialog box appears.
Figure 10-9: Add CIFS Migration Source dialog box.
See “Configuring a CIFS Migration Source” on page 239 to continue. Then, from the Source
Share drop-down list, select the new source CIFS share.
6. In the Source Folder text box, navigate to a source folder from within the source CIFS share to
copy data from. You can select multiple source folders, as long as they are all on the same level,
that is, subfolders of the same folder.
7. From the Destination Volume drop-down list, select a local target destination volume to copy
data to.
Tip: Nasuni recommends migrating to an unshared portion of a volume, so users are not
accessing or changing data during data migration into that portion of the volume.
8. Optionally, in the Destination Folder text box, select or create a specific folder on the
destination volume to copy files to. The Select Destination Folder dialog box appears.
Navigate to the desired destination folder.
Note: If a destination folder does not already exist, then you can create one by clicking
Create Folder.
Caution: The migration procedure copies data from a CIFS share to a local volume
and directory. Data already on that volume can be overwritten or updated, depending
on the state of the Preserve Changes check box. See step 14 on page 248 for details.
Nasuni Filer Administration Guide 8.0
245
Services Page
Data Migration
9. Optionally, from the File Permissions drop-down list, select one of these options for handling
permissions of migrated data:
•
Apply specified NTFS-style permission sets: Enables the Custom perm area to manage
permission sets. See step 11 on page 246 for details.
•
(Advanced) Clone NTFS-Style permissions: Copies the permissions from the source as
closely as possible.
•
Copy Data Only, ignores NTFS-style permissions: Only copies the data and ignores the
existing permissions.
10. Optionally, enter a file owner in the File Owner text box. This option is only available for the
“User” or “Authenticated Access” (which includes Active Directory and LDAP Directory
Services) security mode. You can enter or search for the name of the file owner user. Leaving
this text box blank means that files can be accessed as read-write for all associated users.
Note: The “User” security mode is only available if activated by the product license.
11. Optionally, if the File Permissions selection is Apply specified NTFS-style permission sets,
the Custom perm area enables you to manage permission sets. Permission sets define the
specific users and groups that have access to the copied files.
a. Click the Manage icon
. The Modify Permission Sets dialog box appears.
Figure 10-10: Modify Permission Sets dialog box.
b. To edit a permission set, click Edit Permission next to the permission set’s label.
To delete a permission set, click Delete next to the permission set’s label.
c. To add a permission set, click Add Permission. The Add Permission Set dialog box
appears.
Figure 10-11: Add Permission Set dialog box.
i.
In the Label text box, type a label to describe this permission set.
Nasuni Filer Administration Guide 8.0
246
Services Page
Data Migration
ii. To add a user, in the Permissions area, click Add Users. The Select Users dialog box
appears.
Figure 10-12: Select Users dialog box.
iii. In the Search text box, enter a partial or complete username, then click Search. A list of
user names that contain your search text appears. Select the users to define access for,
then click Add Selected Users. The selected users appear in the Permissions area.
iv. For each user in the Permissions list, from the Access drop-down list, select either Full
Control or Read Only.
v. To delete a user from the Permissions list, click Delete next to the user’s Name. The user
is deleted from the list.
vi. To add a group, in the Permissions area, click Add Groups. The Select Groups dialog
box appears.
Figure 10-13: Select Groups dialog box.
vii. In the Search text box, enter a partial or complete group name, then click Search. A list
of group names that contain your search text appears. Select the groups to define access
for, then click Add Selected Groups. The selected groups appear in the Permissions
area.
viii. For each group in the Permissions list, from the Access drop-down list, select either Full
Control or Read Only.
Nasuni Filer Administration Guide 8.0
247
Services Page
Data Migration
ix. To delete a group from the Permissions list, click Delete next to the group Name. The
group is deleted from the list.
x. To add everyone to the Permissions list, click Add Everyone. The group Everyone
appears in the Permissions area. From the Access drop-down list, select either Full
Control or Read Only.
To delete the group Everyone from the Permissions list, click Delete next to Everyone.
The group Everyone is deleted from the list.
xi. To save the permission set, click Save Permission Set. The permission set is created and
appears in the list of permission sets. Otherwise, click Cancel and no changes are made.
xii. Click Close to close the Modify Permission Sets page.
d. From the Custom Perm drop-down list, select a permission set.
12. In the Exclude Patterns text box, enter a list of names, including wildcards, of folders or files to
exclude from the data migration. When you specify folders to exclude, specify the full path
without the leading slash (/) or the trailing asterisk (*), in the form RootFolder/SubFolder.
You can use these wildcards when you specify each pattern:
Wildcard
Meaning
Example
*
Matching any number of
any character.
*.mp3
means any file name that ends
with “mp3”.
?
Matching any one
character.
test.mp?
means file names like “test.mp3”
or “test.mp4”.
[sequence]
Matching any character in
the specified sequence.
[A-Z]*.*
means file names that start with an
upper-case letter.
[!sequence]
Matching any character not
in the specified sequence.
[!A-Z]*.*
means file names that do not start
with an upper-case letter.
13. To delete files that are at the destination but are not at the source, select the Delete removed
files check box. This enables you to ensure that the destination files mirror the source files.
Caution: This action deletes data from the Nasuni Filer.
14. To prevent overwriting newer files on the destination with older files from the source, select the
Preserve Changes check box. This enables you to update files, but not overwrite them with
older versions.
15. To specify logging only error messages that might occur during data migration, but not success
messages or skip messages, select the Only Log Errors check box.
Nasuni Filer Administration Guide 8.0
248
Services Page
Data Migration
16. From the Error Limit drop-down list, select one of the following options:
a. Default: The data migration halts after a fixed number of consecutive errors, currently 32.
b. 500 Errors: The data migration halts after 500 consecutive errors.
c. Unlimited: The data migration does not halt, no matter how many errors occur.
17. From the Next Action drop-down list, select one of the following options:
a. Save & Start Immediately: This option saves the data migration configuration, then
immediately begins the data migration. Select this when you want to start the data migration
at once.
b. Save & Schedule Migration: This option saves the data migration configuration, then allows
you to immediately schedule the data migration for some future time. Select this when you
do not want to begin the data migration now, and you know when you do want to begin the
data migration. See “Scheduling a Migration” on page 258 for more details.
c. Just Save: This option saves the data migration configuration without beginning the data
migration or scheduling the data migration. Select this when you do not want to begin the
data migration now, and you do not know when you do want to begin the data migration.
18. Click Save Migration to save your selections. The Create Data Migration dialog box appears.
Click Save/Start Migration.
Note: The migration process can overwrite existing files in the destination folder,
depending on the state of the Preserve Changes check box. See step 14 on page 248.
A status page appears showing the status of current migrations.
Figure 10-14: Status of current CIFS migrations.
After the migration starts, the following information appears on the status of the migration:
•
Migration: The name of this migration.
•
Source: The source for this migration.
•
Target: The location on the Nasuni Filer to which the files are copied.
•
Scheduled: Whether or not this migration is controlled by a migration schedule: Yes or No.
•
Status: Current status of the overall migration run, such as: Running, Interrupted,
Completed.
•
Current Operation: Activity of the currently running migration.
Nasuni Filer Administration Guide 8.0
249
Services Page
Data Migration
•
Est. Time: Time estimate for the currently running migration to complete. This estimate can
be impacted by a variety of factors, and continually updates as the migration progresses.
•
Est. Rate: Estimated data transfer rate for the currently running migration, in files per minute
and in MB per second.
•
Progress: Number of files that have completed for the currently running migration
compared to the total number of files to be migrated, as well as amount of data completed
compared with the total amount of data to be migrated. For example, “50 of 100 files - 5 GB
of 10 GB”.
A progress bar appears with a percentage complete, based on the number and sizes of files
being migrated. You can also view the migration results log. See “Viewing a Migration Log” on
page 267 for more details.
You can schedule, remove, and re-run a migration procedure. For more information, see:
•
“Scheduling a Migration” on page 258.
•
“Deleting a Migration Procedure” on page 266.
•
“Rerunning a Migration Procedure” on page 265.
Nasuni Filer Administration Guide 8.0
250
Services Page
Data Migration
Configuring an NFS Data Migration
Before configuring an NFS migration, ensure that you have a source NFS volume and NFS export
configured, and that you have configured an NFS migration source. See “Adding a Volume” on
page 51, “Adding an NFS Export to a Volume” on page 143, and “Configuring an NFS Migration
Source” on page 241 for more information.
To configure an NFS data migration:
1. Click Services, then select Add Migration from the list. The Configure Data Migration page
appears.
Figure 10-15: Configure Data Migration page.
Note: If the only migration source is an NFS source, the Configure Data Migration page
does not appear and the Configure NFS Data Migration page appears automatically.
Click Add NFS Data Migration.
Nasuni Filer Administration Guide 8.0
251
Services Page
Data Migration
2. The Configure NFS Data Migration page appears.
Figure 10-16: Configure NFS Data Migration page.
3. To copy the information for an existing migration, select the existing migration from the Copy
Migration drop-down list.
4. In the Migration Name text box, enter a descriptive name for the migration procedure. This is
for your own use.
Nasuni Filer Administration Guide 8.0
252
Services Page
Data Migration
5. From the Source Export drop-down list, select the source NFS export. The drop-down list
contains the currently defined data migration source NFS exports.
Alternatively, select Add Source. The Add NFS Migration Source dialog box appears.
Figure 10-17: Add NFS Migration Source dialog box.
See “Configuring an NFS Migration Source” on page 241 to continue. Then, from the Source
Export drop-down list, select the new source NFS export.
6. In the Source Directory text box, enter or navigate to a source directory within the NFS export
to copy data from.
7. From the Destination Volume drop-down list, select a local target destination volume to copy
data to.
Tip: Nasuni recommends migrating to an unexported portion of a volume, so that users
are not accessing or changing data in that portion of the volume during data migration.
8. Optionally, in the Destination Directory text box, enter or navigate to a specific directory on the
volume to copy files to. The Select Destination Folder dialog box appears. Navigate to the
desired destination folder.
Note: If a destination folder does not already exist, then you can create one by clicking
Create Folder.
Caution: The migration procedure copies data from an NFS export to a local volume
and directory. Data already on the volume can be overwritten or updated, depending
on the state of the Preserve Changes check box. See step 11 on page 254.
Nasuni Filer Administration Guide 8.0
253
Services Page
Data Migration
9. In the Exclude Patterns text box, enter a list of names, including wildcards, of folders or files to
exclude from the data migration. When you specify folders to exclude, specify the full path
without the leading slash (/) or the trailing asterisk (*), in the form RootFolder/SubFolder.
You can use these wildcards when you specify each pattern:
Wildcard
Meaning
Example
*
Matching any number of
any character.
*.mp3
means any file name that ends
with “mp3”.
?
Matching any one
character.
test.mp?
means file names like “test.mp3”
or “test.mp4”.
[sequence]
Matching any character in
the specified sequence.
[A-Z]*.*
means file names that start with an
upper-case letter.
[!sequence]
Matching any character not
in the specified sequence.
[!A-Z]*.*
means file names that do not start
with an upper-case letter.
10. To delete files that are at the destination but are not at the source, select the Delete removed
files check box. This enables you to ensure that the destination files mirror the source files.
Caution: This action deletes data from the Nasuni Filer.
11. To prevent overwriting newer files on the destination with older files from the source, select the
Preserve Changes check box. This enables you to update files, but not overwrite them with
older versions.
12. To specify logging only error messages that might occur during data migration, but not success
messages or skip messages, select the Only Log Errors check box.
13. From the Error Limit drop-down list, select one of the following options:
a. Default: The data migration halts after a fixed number of consecutive errors, currently 32.
b. 500 Errors: The data migration halts after 500 consecutive errors.
c. Unlimited: The data migration does not halt, no matter how many errors occur.
14. From the Next Action drop-down list, select one of the following options:
a. Save & Start Immediately: This option saves the data migration configuration, then
immediately begins the data migration. Select this when you want to start the data migration
at once.
b. Save & Schedule Migration: This option saves the data migration configuration, then allows
you to immediately schedule the data migration for some future time. Select this when you
do not want to begin the data migration now, and you know when you do want to begin the
data migration. See “Scheduling a Migration” on page 258 for more details.
Nasuni Filer Administration Guide 8.0
254
Services Page
Data Migration
c. Just Save: This option saves the data migration configuration without beginning the data
migration or scheduling the data migration. Select this when you do not want to begin the
data migration now, and you do not know when you do want to begin the data migration.
15. Click Save Migration to save your selections. The Create Data Migration dialog box appears.
Click Save/Start Migration.
Caution: The migration process can overwrite existing files in the destination
directory, depending on the state of the Preserve Changes check box. See step 11
on page 254.
16. A status page appears showing the current migrations.
Figure 10-18: Current Migrations page.
17. After the migration starts, the following information appears on the status of the migration:
•
Migration: The name of this migration.
•
Source: The source for this migration.
•
Target: The location on the Nasuni Filer to which the files are copied.
•
Scheduled: Whether or not this migration is controlled by a migration schedule: Yes or No.
•
Status: Current status of the overall migration run, such as: Running, Interrupted,
Completed.
•
Current Operation: Activity of the currently running migration.
•
Est. Time: Time estimate for the currently running migration to complete. This estimate can
be impacted by a variety of factors, and continually updates as the migration progresses.
•
Est. Rate: Estimated data transfer rate for the currently running migration, in files per minute
and in MB per second.
•
Progress: Number of files that have completed for the currently running migration
compared to the total number of files to be migrated, as well as amount of data completed
compared with the total amount of data to be migrated. For example, “50 of 100 files - 5 GB
of 10 GB”.
A progress bar appears with a percentage complete, based on the number and sizes of files
being migrated. You can also view the migration results log. See “Viewing a Migration Log” on
page 267 for more details.
Nasuni Filer Administration Guide 8.0
255
Services Page
Data Migration
To schedule a migration procedure, see “Scheduling a Migration” on page 258.
To remove a migration procedure, see “Deleting a Migration Procedure” on page 266.
To re-run a migration procedure, see “Rerunning a Migration Procedure” on page 265.
Nasuni Filer Administration Guide 8.0
256
Services Page
Data Migration
Editing a Data Migration
After you configure a data migration, you can edit that data migration.
To edit a data migration:
1. Click Services, then select View Migrations from the list. The Current Migrations page
appears.
Figure 10-19: Current Migrations page.
2. Click Edit. The Configure Data Migration screen appears. See “Configuring a CIFS Data
Migration” on page 243 or “Configuring an NFS Data Migration” on page 251 for details.
Nasuni Filer Administration Guide 8.0
257
Services Page
Data Migration
Scheduling a Migration
Schedule
You can schedule an existing migration to run automatically and periodically. You have the option to
schedule a migration to run based on specific days and times, or to run after a specific number of hours
or minutes.
Scheduling a Migration by Day and Time
To schedule a migration by day and time, follow these steps:
1. Click Services, then select View Migrations. The Current Migrations page appears.
Figure 10-20: Current Migrations page.
Nasuni Filer Administration Guide 8.0
258
Services Page
Data Migration
2. For the migration that you want to schedule, click Schedule. The Editing Migration Schedule
page appears.
Figure 10-21: Editing Migration Schedule page.
3. From the Scheduling Mode drop-down list, select By Day and Time.
4. Select the days of the week that you want the migration to run.
You can select or deselect all days by clicking Select/Deselect all.
5. From the Time drop-down lists, select the hour, minute, and AM or PM label for the time on
each selected day for the migration to start running.
Note: If you configure multiple migrations on a Nasuni Filer, they do not run at the same
time. A migration runs at its scheduled time only if no other migration is running. If two
migrations are scheduled for exactly the same time, one migration starts and the other
starts when the first one finishes. If the start time for one migration occurs while another
migration is running, the migration that has not started is skipped until its next scheduled
start time. To help prevent one migration from impacting another, schedule them farther
apart in time.
6. Select the days of the week that you want to suspend a running migration. For example, you
might want to suspend migrations from running during weekdays.
You can select or deselect all days by clicking Select/Deselect all.
Nasuni Filer Administration Guide 8.0
259
Services Page
Data Migration
7. From the Suspend Time drop-down lists, select the hour, minute, and AM or PM label for the
time on each selected day to suspend a running migration.
Note: Suspended migrations resume at the next scheduled start time.
8. Click Save Schedule. The Scheduled Migrations page appears.
Figure 10-22: Scheduled Migrations page.
The migration starts running at the next scheduled start time.
Scheduling a Migration by Hours and Minutes (at a Frequency)
To schedule a migration to run after a specified number of hours and minutes, follow these steps:
1. Click Services, then select View Migrations from the list. The Current Migrations page
appears.
Figure 10-23: Current Migrations page.
Nasuni Filer Administration Guide 8.0
260
Services Page
Data Migration
2. Click Schedule. The Editing Migration Schedule page appears.
Figure 10-24: Editing Migration Schedule page.
3. From the Scheduling Mode drop-down list, select Repeat at a Frequency.
4. In the Hours text box, enter the number of hours to wait before restarting the migration
procedure. The number of hours can be zero, as long as the number of minutes is not also zero.
5. In the Minutes text box, enter the number of minutes to wait before restarting the migration
procedure. The number of minutes can be zero, as long as the number of hours is not also zero.
Note: If you configure multiple schedules, they do not run simultaneously. A migration
runs after its specified hours and minutes if no other migration is running.
6. Click Save Schedule. The Scheduled Migrations page appears.
Figure 10-25: Scheduled Migrations page.
The migration starts running after the specified number of hours and minutes.
Nasuni Filer Administration Guide 8.0
261
Services Page
Data Migration
Viewing Schedules
View
Delete
To view configured data migration schedules:
1. Click Services, then select View Schedules from the list. The Scheduled Migrations page
appears.
Figure 10-26: Scheduled Migrations page.
Migrations that you have scheduled are displayed.
Editing a Migration Schedule
To modify the schedule for a data migration, click Services, then select View Schedules from the list,
then click Edit for the schedule that you want to modify.
Deleting a Migration Schedule
Delete
To delete the schedule for a data migration, click Services, then select View Schedules from the list,
then click Delete for the schedule that you want to delete. The message “Successfully deleted the
schedule” appears. This deletes the schedule for the data migration, but not the data migration itself.
Nasuni Filer Administration Guide 8.0
262
Services Page
Data Migration
Viewing migration information
You can view detailed information about a migration.
To view migration information:
1. Click Services, then select View Migrations from the list. The Current Migrations page
appears.
Figure 10-27: Current Migrations page.
For each migration in the list, the following information appears:
•
Migration: The name of this migration.
•
Source: The source for this migration.
•
Target: The location on the Nasuni Filer to which the files are copied.
•
Scheduled: Whether or not this migration is controlled by a migration schedule: Yes or No.
•
Status: Current status of the overall migration run, such as: Running, Interrupted,
Completed.
•
Current Operation: Activity of the currently running migration.
•
Est. Time: Time estimate for the currently running migration to complete. This estimate can
be impacted by a variety of factors, and continually updates as the migration progresses.
•
Est. Rate: Estimated data transfer rate for the currently running migration, in files per minute
and in MB per second.
•
Progress: Number of files that have completed for the currently running migration
compared to the total number of files to be migrated, as well as amount of data completed
compared with the total amount of data to be migrated. For example, “50 of 100 files - 5 GB
of 10 GB”.
A progress bar appears with a percentage complete, based on the number and sizes of files
being migrated. You can also view the migration results log. See “Viewing a Migration Log” on
page 267 for more details.
Nasuni Filer Administration Guide 8.0
263
Services Page
Data Migration
2. For the migration you want to view, click Info. The Migration Information dialog box appears.
Figure 10-28: Migration Information dialog box.
The following information appears:
•
Migration Name: The name of this migration.
•
Source: The source for this migration.
•
Destination: The location on the Nasuni Filer to which the files are copied.
•
Delete Removed Files: Whether the migration should delete files that are at the destination
but are not at the source: yes (delete) or no (do not delete).
•
Preserve Changes: Whether the migration should prevent overwriting newer files on the
destination with older files from the source: yes (do not overwrite) or no (overwrite).
•
Copy NTFS Permissions: Whether the migration should copy permissions from the source:
yes (copy permissions) or no (do not copy permissions).
•
File Owner (CIFS only): The name of the file owner user.
•
Is Scheduled: Whether or not this migration is controlled by a migration schedule: yes (is
scheduled) or no (is not scheduled).
•
Log Only Errors: Whether the migration should log only error messages that might occur
during data migration, but not success messages or skip messages: yes (log only errors) or
no (log errors, success messages, and skip messages.
•
Error Limit: The number of errors that halts the data migration. Default is 32; 500; or
unlimited.
•
Exclusions: Names, including wildcards, of folders or files to exclude from the data
migration.
3. Click Close when done.
Nasuni Filer Administration Guide 8.0
264
Services Page
Data Migration
Rerunning a Migration Procedure
You can rerun a migration if, for example, there were errors during the last run or users have changed
files on the source after the migration procedure ran. If you periodically migrate data from one source
for backup or disaster recovery purposes, then, when you rerun a migration, the Nasuni Filer migrates
the data, but only copies files that have changed, as well as any ACLs or permissions that have
changed. It does not start the entire migration again.
Tip: If you perform large migrations or frequent migrations, consider using a different Nasuni
Filer to migrate data, instead of the Nasuni Filer that your users access. In this way, each
Nasuni Filer instance can access the same volume. This is done by enabling remote
access for the volume on one Nasuni Filer, and connecting to the now remotely
accessible volume on the other Nasuni Filer.
To rerun a migration procedure:
1. Click Services, then select View Migrations from the list. The Current Migrations page
appears.
Figure 10-29: Current Migrations page.
2. To rerun a migration procedure, click Start.
Disconnecting from (deleting) a Migration Source
Delete
You can disconnect from (delete) a migration source, if necessary, without deleting the migration itself.
To disconnect from a migration source:
1. Click Services, then select Migration Sources from the list. The Migration Sources page
appears.
Figure 10-30: Migration Sources page.
View
2. Click Delete to the right of the migration source that you want to disconnect from. The Confirm
Source Delete dialog box appears.
Nasuni Filer Administration Guide 8.0
265
Services Page
Data Migration
3. Click Confirm.
To exit the dialog box without disconnecting from the migration source, click Cancel.
The migration source is disconnected and does not appear in the Migration Sources list.
Deleting a Migration Procedure
Delete
Use the delete option for migration procedures that you never want to run again. To disconnect from a
migration source, without deleting the migration procedure, see “Disconnecting from (deleting) a
Migration Source” on page 265.
To delete a migration procedure:
1. Click Services, then select View Migrations from the list. The Current Migrations page
appears.
Figure 10-31: Current Migrations page.
2. To remove a migration procedure from the queue, click Delete for that procedure.
The migration procedure is not saved.
Nasuni Filer Administration Guide 8.0
266
Services Page
Data Migration
Viewing a Migration Log
You can view a log file of the migration process. The log file is also available as a text .CSV file within
the target migration directory of the migration. From your Web browser, the log is viewable for the most
recently run migration procedure. All log files reside in the target directory unless you delete them.
An example of a log file name is: migration-log-2013-07-25-125255_10755.txt.
To view a migration status log:
1. Click Services, then select View Migrations from the list. The Current Migrations page
appears.
Figure 10-32: Current Migrations page.
2. Click Log. This button is only available if a migration has run and there is a log file to view. The
Migration Log window appears.
Figure 10-33: Migration Log.
Because log files can be very long, only the last 30 lines of the data migration log file appear. To
download the full log file, click Download Full File. This text file is in .CSV format and contains
a detailed record of the migration, including date, time, source, target, where you migrated from
and to, and the status of each file and directory being migrated.
Note: Any errors during a migration are recorded in the migration log. You can view the
full details of any error in this log.
Nasuni Filer Administration Guide 8.0
267
Services Page
Side Load
Side Load
Nasuni supports a Recovery process (see “Recovery” on page 450) that enables you to recover the
Nasuni Filer after a true disaster, such as the loss of a data center. However, most of the time, clients
perform the Recovery process in order to transition from one platform to another.
In such a situation, there is a working Nasuni Filer in your data center that contains active data in the
cache. Performing the Recovery process results in a new Nasuni Filer that has an empty cache. The
client often then re-populates the new cache with data, which can require considerable inbound
bandwidth from the cloud, and which can take days, weeks, or even months to complete.
The Side Load feature enables you to transfer cache data directly from the source Nasuni Filer to the
new Nasuni Filer. The source Nasuni Filer must already be decommissioned.
To view unprotected files in the cache, see “Unprotected Files” on page 414.
Important: You can only perform the Side Load procedure as part of the entire Recovery
procedure.
In particular, before performing the Side Load procedure, you must perform the
procedure “Preparing the Original Source Nasuni Filer (if available)” on page 452,
which includes running the preparedr command on the console of the original
source Nasuni Filer, as described in step 13 on page 453.
Also, before performing the Side Load procedure, you must perform the
procedure “Recovering Data with the Nasuni Filer” on page 454, which includes
the original source Nasuni Filer becoming decommissioned, as described in
step 6 on page 455.
Tip: Only one Side Load process is permitted at a time for each Nasuni Filer.
Tip: Only the Admin user can perform the Side Load process.
Tip: The source Nasuni Filer must be:
•
Running;
•
Decommissioned;
•
Using release 7.0 or above.
Warning: If the total data available on the source Nasuni Filer exceeds the available
cache space on the new Nasuni Filer, you receive a warning message and
notification.
You can configure Notifications to notify you by email when the Side Load process completes.
For complete details on the Side Load process, see the Side Load Feature document.
Nasuni Filer Administration Guide 8.0
268
Services Page
Side Load
Starting the Side Load process
To start the Side Load process from the source Nasuni Filer to the current Nasuni Filer, follow these
steps:
1. On the current or destination Nasuni Filer, click Services, then select Side Load from the list.
The Side Load page appears.
Figure 10-34: Side Load page.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. In the Host Address text box, enter the host address of the source Nasuni Filer. The source
Nasuni Filer must already be decommissioned.
3. In the Username text box, enter the username for the specified source Nasuni Filer. The source
Nasuni Filer must already be decommissioned.
4. In the Password text box, enter the password for the specified Username for the specified
source Nasuni Filer. The source Nasuni Filer must already be decommissioned.
5. Click Connect and Start.
A connection is established with the data of the source Nasuni Filer. Data begins moving to the
current Nasuni Filer.
After the data transfer starts, you can view the progress of the Side Load process.
6. When the Side Load process completes, the Complete label appears on the bar graph.
Tip: Record any information you want to retain from the screen before clicking Done.
Click Done.
Nasuni Filer Administration Guide 8.0
269
Services Page
Side Load
Viewing and controlling the Side Load process
To view or control the progress of the Side Load process, follow these steps:
1. Click Services, then select Side Load from the list. If the Side Load process has not yet
completed, the Side Load - Status page appears.
Figure 10-35: Side Load - Status page.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
The following information appears:
•
Host Address: The host address of the source Nasuni Filer. The source Nasuni Filer must
already be decommissioned.
•
Progress: A bar graph indicating the progress of the Side Load process. The percentage of
the Side Load process that is complete appears. If the Side Load process is running, the
Running label appears. If the Side Load process is paused, the Paused label appears.
•
Data Processed: The amount of data processed (in KB, MB, GB, or TB) and the total
amount of data to process (in KB, MB, GB, or TB).
•
Est. Rate: The estimated rate of data transfer (in KB/S, MB/S, GB/S, or TB/S).
•
Est. Time Remaining: The estimated time until the Side Load process is complete.
Nasuni Filer Administration Guide 8.0
270
Services Page
Side Load
2. To pause a running Side Load process, click Pause. The Side Load process pauses indefinitely.
The bar graph label changes to Paused.
Figure 10-36: Side Load - Status page, paused.
To continue with the Side Load process after a pause, click Resume. The Side Load process
continues. The bar graph label changes to Running.
3. To cancel the Side Load process, click Cancel. The Cancel Side Load dialog box appears.
Figure 10-37: Cancel Side Load dialog box.
To cancel the Side Load process, click Continue. If the Side Load process is canceled, the bar
graph label changes to Canceled.
Figure 10-38: Side Load status page, canceled.
Tip: Record any information you want to retain from the screen before clicking Done.
Nasuni Filer Administration Guide 8.0
271
Services Page
Side Load
4. When the Side Load process completes, the Complete label appears on the bar graph.
Tip: Record any information you want to retain from the screen before clicking Done.
5. Click Done.
Nasuni Filer Administration Guide 8.0
272
Services Page
Nasuni Sync and Mobile Access
Nasuni Sync and Mobile Access
The Nasuni Sync and Mobile Access service enables you to access folders and files from mobile
devices, including iOS-based devices (such as iPhone and iPad) and Android phones. The Nasuni Sync
and Mobile Access service enables you to access folders and files using the Nasuni Desktop Client on
Windows, OS X, and Linux clients. The Nasuni Sync and Mobile Access service is available for volumes
on which the CIFS protocol has been enabled, but not for NFS or iSCSI volumes.
Mobile Access
To access folders and files from mobile devices, you first perform the following actions:
•
Enable Nasuni Mobile Access for a CIFS share. For details, see step r on page 132 of “Adding a
New CIFS Share to a Volume”, or “Editing a CIFS Share” on page 139.
•
Optionally, configure Mobile Access settings, as described in “Mobile Access: Configuring” on
page 274.
•
Optionally, manage the access for mobile devices, as described in “Mobile Access: Managing
access by mobile devices” on page 275.
On your mobile device, you must perform the following actions:
•
Download and install the appropriate Nasuni Mobile Access application for your platform. The
Nasuni Mobile Access application is freely available to your users from the appropriate app
store.
•
Log in to the Nasuni Mobile Access application using Active Directory credentials, including
domain, username, and password. If only one Active Directory domain is used, the full domain
path usually is not necessary. Logging in successfully registers the mobile device with the
Nasuni Filer. See “Logging in to the Nasuni Mobile Access application” on page 186.
After logging in to the Nasuni Mobile Access application, you can perform the following tasks
(depending on the capabilities of the mobile device):
•
Navigate CIFS shares, folders, and files that you have access to in the Nasuni Filer file system.
•
Sort the contents of folders by name, file type, or date modified.
•
View file information such as file name, file size, and date and time of last modification.
•
Open files that can be opened, including playing video and audio files.
Note: Streaming media might not operate for Nasuni Filers that use the default selfsigned certificate. To configure SSL certificates for the Nasuni Filer, see “SSL Server and
Client Certificates” on page 362.
•
Download and upload files.
•
Email links to files.
•
View and access previous versions of files.
•
Identify “favorite” files for easier access.
•
Configure user settings.
Nasuni Filer Administration Guide 8.0
273
Services Page
Nasuni Sync and Mobile Access
For details on performing these actions, see “Nasuni Mobile Access” on page 185.
See www.nasuni.com/support/documentation for a worksheet for planning configurations.
Mobile Access: Configuring
Mobile Access offers several optional features that you can configure.
To configure optional Nasuni Mobile Access features, follow these steps:
1. Click Services, then select Mobile Service Settings from the list. The Mobile Service Settings
page appears.
Figure 10-39: Mobile Service Settings page.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. To add another port for Mobile Access, enter the port number in the Additional API port text
box. The port number must be between 1 and 65535, inclusive. Leave blank to disable an
additional port.
3. To limit how long users remain authenticated on mobile devices, enter the maximum length of
time in minutes in the Session Expiration text field. To allow unlimited session time, enter 0
(zero).
4. To limit users to only one mobile device, select Limit to a single device.
5. You can limit the types of mobile devices that can use Mobile Access.
To allow Android devices to use Mobile Access, select Android.
To allow iOS devices to use Mobile Access, select iOS.
To allow Linux systems to use Mobile Access, select Linux.
To allow OS X systems to use Mobile Access, select OS X.
To allow Windows systems to use Mobile Access, select Windows.
Nasuni Filer Administration Guide 8.0
274
Services Page
Nasuni Sync and Mobile Access
6. To save your changes, click Save.
Mobile Access: Managing access by mobile devices
Manage
You can disable, enable, and delete licenses for mobile devices.
See www.nasuni.com/support/documentation for a worksheet for planning configurations.
To manage access to Nasuni Mobile Access by mobile devices, follow these steps:
1. Click Services, then select Mobile Licenses from the list. The Mobile License Usage page
appears.
Figure 10-40: Mobile License Usage page.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
Note: To access the Mobile License Usage page, the user must belong to a group that
has “Manage all aspects of the Filer (super user)” or “Manage Volume security settings”
permission. For details about assigning users to groups or assigning permissions to
groups, see “Users and Groups” on page 380
2. To search by Username, Device Type, or Device ID, enter the search information in the Search
text box. The list of Licenses is limited to those that contain the Search text. All searches are
case-sensitive.
3. To sort by Username, Device Type, Device ID, Logged In status, Enabled status, or
Authenticated On date, click on the heading of the column. To sort in the opposite direction,
click the heading again.
4. Disabling a mobile device blocks access and, on the next attempt at access, clears the mobile
device’s cache of any cached files. To disable mobile service on devices, follow these steps:
a. Select the check box to the left of each mobile device to disable.
b. From the drop-down list, select Disable selected licenses.
The selected licenses are disabled for mobile access.
Nasuni Filer Administration Guide 8.0
275
Services Page
Nasuni Sync and Mobile Access
5. Enabling a mobile device allows access by the mobile device. To enable mobile service on
devices, follow these steps:
a. Select the check box to the left of each mobile device to enable.
b. From the drop-down list, select Enable selected licenses.
The selected licenses are enabled for mobile access.
6. Deleting a mobile device removes the mobile device from the list, but does not block future
access. Instead, the user must log in again the next time they run the Nasuni Mobile Access
application. To delete mobile devices, such as when people stop using a mobile device, follow
these steps:
a. Select the check box to the left of each mobile device to delete.
b. From the drop-down list, select Delete selected licenses.
The selected licenses are deleted.
Mobile Access: Creating an invitation link
You can create a link to share access information for your Nasuni Filers. This link can include the
hostname or IP address, the port number, and the username. You can then email this link to users to
simplify the process of connecting them to Mobile Access.
To create an invitation link to Nasuni Mobile Access, follow these steps:
1. Click Services, then select Mobile Service Settings from the list. The Mobile Service Settings
page appears.
Figure 10-41: Mobile Service Settings page.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
Nasuni Filer Administration Guide 8.0
276
Services Page
Nasuni Sync and Mobile Access
2. Click Invitation Link. The Generate Invitation Link page appears.
Figure 10-42: Generate Invitation Link page.
3. Enter the Host and the Port that mobile clients use to access the Web server. Ensure that you
provide the port for HTTPS access.
4. Click Generate. A link is generated of the form:
https://<host_name>:<port_number>/fs/mobile/config
where <host_name> and <port_number> are the Host and Port specified in step 3. If Port is
443, <port_number> is omitted from the link.
5. Copy the link, and paste it as a URL into the email that you send to users to inform them of the
availability of Mobile Access.
Mobile Access: Configuring DNS to Simplify User Login
Alternatively, the administrator can configure the company DNS server to simplify user login to your
Nasuni Filers. The configured DNS entry includes the host and port necessary for Mobile Access. When
the user logs into the Nasuni mobile application using their company email address and password, the
application retrieves the host and port from the DNS to complete the login.
To configure the DNS, it is necessary to create a DNS record, with PTR, SRV, TXT, and A record types.
All four of these record types are necessary for both single-host and multiple-host configurations.
For detailed configuration information, see Appendix C, “DNS Configuration,” on page 465.
Nasuni Filer Administration Guide 8.0
277
Services Page
Nasuni Sync and Mobile Access
Desktop Client
To access folders and files using the Nasuni Desktop Client on Windows, OS X, and Linux clients, you
first perform the following actions:
•
Enable Nasuni Mobile Access for a CIFS share. For details, see step r on page 132 of “Adding a
New CIFS Share to a Volume”, or “Editing a CIFS Share” on page 139.
On your Windows, OS X, and Linux clients, you must perform the following actions:
•
Download and install the appropriate Nasuni Desktop Client software for your platform. For
more details, see the Nasuni Desktop Client Administrator Guide and the Nasuni Desktop Client
User Guide.
•
Configure the Nasuni Desktop Client to access your Nasuni Filer.
After installing the Nasuni Desktop Client, you can perform the following tasks (depending on the
capabilities of the client):
•
Create a new connection to a Nasuni Filer
•
Manage existing connections to Nasuni Filers
•
Use files or folders from the Nasuni Filer
•
Add files or folders to the Nasuni Filer
•
Sort the contents of folders by name, file type, or date modified.
•
View file information such as file name, file size, and date and time of last modification.
•
Open files that can be opened, including playing video and audio files.
•
Download and upload files.
•
Email links to files.
•
View and access previous versions of files.
•
Identify “favorite” files for easier access.
For details on accessing data using the Nasuni Desktop Client, see “Nasuni Desktop Client” on
page 202.
Nasuni Filer Administration Guide 8.0
278
Services Page
Nasuni Management Console
Nasuni Management Console
Enable
The Nasuni Management Console enables you to monitor and manage multiple Nasuni Filers from one
central appliance. Using the Nasuni Management Console, you can view the status of all your managed
Nasuni Filers, as well as configure their settings, to ensure consistent settings.
Note: When a Nasuni Filer is under the control of the Nasuni Management Console, portions
of the Nasuni Filer user interface are not accessible, because those functions are now
controlled by the Nasuni Management Console.
Note: If a Nasuni Filer is under the control of the Nasuni Management Console, you can
return that Nasuni Filer to self-management mode at any time. If a Nasuni Filer loses
internet connectivity with the Nasuni Management Console, the Nasuni Filer can still
leave the Nasuni Management Console.
Caution: When a Nasuni Filer goes under the control of the Nasuni Management
Console, the following processing occurs:
• Any existing local users and groups on the Nasuni Filer are replaced by the
users and groups of the NMC.
• Any approvals or pending deletes for a Safe Delete volume are canceled.
• When a Nasuni Filer becomes managed by the Nasuni Management
Console, if any volumes have Safe Delete enabled, then any pending approvals
of volume deletion, and any pending volume deletions, are cancelled. The
number of “Approvals Required” is also reset to 1. However, each volume’s
Safe Delete setting remains enabled.• When a Nasuni Filer is disconnected
from the Nasuni Management Console, the Nasuni Filer retains those users
and groups that pertain to the Nasuni Filer.
These pages do not appear if the Nasuni Filer is under the control of the Nasuni Management Console:
•
Volumes, and all pages under Volumes.
•
File Browser, and all pages under File Browser.
•
Services pages, including Mobile Service Settings and Mobile Licenses.
•
Configuration pages, including Email Settings, Filer Description, Quality of Service, Time
Configuration, FTP Settings, API Access Keys, Quota Settings, Users/Groups, SNMP
Monitoring, Automatic Updates, and Cache Settings.
•
Status pages, including Updates, CIFS Status, iSCSI Status, NFS Status, and FTP Status.
Nasuni Filer Administration Guide 8.0
279
Services Page
Nasuni Management Console
To enable or disable management of this Nasuni Filer by the Nasuni Management Console:
1. Click Services, then select Nasuni Management Console from the list. The Nasuni
Management Console page appears.
Figure 10-43: Nasuni Management Console page.
2. From the NMC Management is drop-down list, select either enabled or disabled.
Warning: When a Nasuni Filer joins the NMC, all users on the Nasuni Filer are replaced
with the users defined in the NMC.
3. Click Save. A confirmation message appears. A message also appears at the top of the screen.
Nasuni Filer Administration Guide 8.0
280
Services Page
Remote Support Service
Remote Support Service
Enable
The Remote Support Service allows authorized Nasuni Technical Support personnel to remotely and
securely access your Nasuni Filer. This can help Nasuni Technical Support to diagnose and resolve any
issues with your Nasuni Filer quickly and proactively. No changes to your corporate firewalls are
necessary.
This service is disabled by default and is strictly opt-in. You can enable or disable this service at any
time. You can also enable this service for a specific period of time. Enabling this service allows Nasuni
to offer a higher level of service and support.
Tip: If you need technical assistance, contact Nasuni Technical Support and inform them if
you have enabled Remote Support Service.
You receive an Informational notification whenever the Remote Support Service is enabled or disabled.
Note: If the Remote Support Service is enabled, you can change the Timeout value without
stopping and restarting the Remote Support Service.
To configure the Remote Support Service:
1. Click Services, then select Remote Support Service from the list. The Remote Support page
appears.
Figure 10-44: Remote Support page.
2. From the Remote Service is drop-down list, select either enabled or disabled.
3. If you select enabled, the Timeout text box appears. Enter the length of time, in minutes, that
you want to permit the Remote Support Service access to be enabled. Enter 0 (zero) to allow
access for an indefinite amount of time.
4. Click Save. A confirmation message appears. If you entered a nonzero Timeout time, a
countdown begins. To disable the Remote Support Service access immediately, click Disable.
Nasuni Filer Administration Guide 8.0
281
Services Page
Sending Diagnostics to Nasuni
Sending Diagnostics to Nasuni
Send
If you experience problems that you cannot resolve, you can send diagnostic information to Nasuni
Technical Support for troubleshooting purposes.
Note: Local diagnostic information is automatically sent when needed, so there is typically no
need to do this, unless instructed to by Nasuni Technical Support. Using Send
Diagnostics includes more information than the automatic diagnostic information.
To send diagnostic information:
1. Click Services, then select Send Diagnostics from the list. The Send Diagnostic Information
to Nasuni dialog box appears.
Figure 10-45: Send Diagnostic Information to Nasuni dialog box.
2. Enter a Username (case-sensitive) and Password (case-sensitive) that has permission to
perform this operation.
3. Click Send Now.
The message “Diagnostic information was successfully delivered to Nasuni” appears. Click the
x to close the message box.
Nasuni Filer Administration Guide 8.0
282
Chapter 11: Configuration Page
Configuration
The Configuration page enables you to configure the following elements:
•
Email Settings.
•
Filer description.
•
HTTPS proxy.
•
Network Configuration.
•
Quality of Service.
•
Time Configuration.
•
FTP Settings.
•
Domain Settings.
•
General CIFS Settings.
•
Directory Services.
•
API Access Keys.
•
Central Configuration Policies.
•
Encryption Keys.
•
Firewall.
•
Quota Settings.
•
SSL Certificates.
•
Users and Groups.
•
SNMP Monitoring.
•
Web Access branding.
•
Automatic Software Updates.
•
Cache Settings.
•
Cloud Credentials.
•
Global Locking.
•
Passwords.
Note: The Configuration page, and all other pages of the Nasuni Filer user interface, might
look different to different users. Also, different menus and actions might be available for
different users. This is because different users are assigned different permissions,
Nasuni Filer Administration Guide 8.0
283
Configuration Page
based on their roles in the role-based access control system. See “Users and Groups”
on page 380 for details.
Note: If this Nasuni Filer is under the control of the Nasuni Management Console, menus and
menu choices might look different, because you use the Nasuni Management Console
to perform these tasks.
Nasuni Filer Administration Guide 8.0
284
Configuration Page
Email Settings
Email Settings
Edit
You can configure email alerts, which are sent to your email account from the Nasuni Filer. You can
also view the alert messages you receive on the Notifications page.
Email alerts go to specific groups. To specify which groups receive email alerts, see “Adding
Permission Groups” on page 383.
See www.nasuni.com/support/documentation for a worksheet for planning configurations.
To configure email settings:
1. Click Configuration, then select Email Settings from the list. The Email Settings and
Configuration page appears.
Figure 11-1: Email Settings and Configuration page.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. If you require TLS (Transport Level Security) security, select the Require TLS check box.
If this check box is selected, and the email server does not support TLS security, the Nasuni
Filer does not use the server.
Even if the check box is not selected, TLS security is still used by default if the email server
supports it.
Nasuni Filer Administration Guide 8.0
285
Configuration Page
Email Settings
3. Enter the source email address in the From name text box. You can use this source email
address to filter emails or to ensure that emails do not go into a spam folder.
Note: When sending an email alert, Nasuni logs into the specified SMTP server using the
specified credentials and sends the email from the source email address.
4. Specify an SMTP server in the SMTP server text box. For example, mail.mycompany.net.
5. Specify an SMTP port number in the SMTP port text box. If you do not specify a value, the
default port 25 is used.
6. Optionally, enter a login name (for example, an email account) in the Login text box (casesensitive) if your email server requires it. For example, name@mycompany.com. Optionally,
enter a password (case-sensitive) in the Password text box if your email server requires it.
7. To test your settings and then save your settings, enter a test email address in the Test Email
Recipient text box. Then click Test & Save. A test message is sent to the specified email
address for confirmation purposes.
Alternatively, click Save to accept your selections without sending a test message.
Nasuni Filer Administration Guide 8.0
286
Configuration Page
Nasuni Filer Description
Nasuni Filer Description
Edit
You can change the name of the Nasuni Filer from the default name assigned when you installed it. The
name can be up to 140 characters in length.
This name is used as a descriptive name for the Nasuni Filer when you log in to your account at
www.nasuni.com or when you perform a recovery.
When you install the Nasuni Filer, a message appears in the message panel prompting you to change
the name of the Nasuni Filer.
See www.nasuni.com/support/documentation for a worksheet for planning configurations.
To change the Nasuni Filer’s description:
1. Click Configuration, then select Filer Description from the list. The Change Nasuni Filer
Description page appears.
Figure 11-2: Change Nasuni Filer Description page.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. Enter the new name in the Nasuni Filer Name text box.
3. Click Save Filer Description.
The message “Filer description successfully changed to: <name>.” appears.
Nasuni Filer Administration Guide 8.0
287
Configuration Page
HTTPS Proxy Configuration
HTTPS Proxy Configuration
Edit
You can configure the Nasuni Filer to use an HTTPS proxy server, if needed. All HTTPS traffic goes
through the proxy server that you specify.
Note: If this Nasuni Filer is under the control of the Nasuni Management Console, when you
enable or disable the HTTPS proxy, the Nasuni Management Console cannot update
the Nasuni Filer settings for about 2 minutes.
To configure the HTTPS Proxy:
1. Click Configuration, then select HTTPS Proxy from the list. The HTTPS Proxy Settings page
appears.
Figure 11-3: HTTPS Proxy Settings page.
2. To enable HTTPS proxy support, select the Enable Proxy Support check box.
3. In the Proxy Server text box, enter the hostname or IP address of a host running the HTTPS
proxy.
4. In the Port text box, enter the port number used by the HTTPS proxy server.
5. Optionally, enter a valid username (case-sensitive) as configured by the proxy server in the User
Name text box and the password (case-sensitive) in the Password text box.
6. Optionally, in the Do Not Proxy text box, enter a list of hostnames or IP addresses not to proxy
(one per line).
7. To test your settings and then save your settings, click Test & Save.
Alternatively, click Save to accept your selections without testing.
Nasuni Filer Administration Guide 8.0
288
Configuration Page
Network Configuration
Network Configuration
Edit
The network address configuration is initially set during installation of the Nasuni Filer. However, you
can change network settings as required. Changing network settings might temporarily disconnect
users accessing the Nasuni Filer.
Note: If you need to reconfigure the network, but the Nasuni Filer user interface is not
available, you can access network settings using the service menu on the console.
See the Nasuni Filer Initial Configuration Guide for details.
See www.nasuni.com/support/documentation for a worksheet for planning configurations.
About Traffic Groups
Three default traffic groups are available, but you can change the purpose and the name of each traffic
group:
•
General: All traffic is in the General traffic group, unless explicitly assigned to a different traffic
group. Systems with only one network interface card (NIC) always use the General traffic group.
This traffic group is not for any specific purpose.
•
Management: The Management traffic group limits access to the assigned interfaces of the
Nasuni Filer to administrative access only.
•
External: The External traffic group designates a set of interfaces that carry only Web Access
traffic and Mobile Access traffic.
Note: You use the Firewall configuration page to configure what kind of traffic the Nasuni
Fileraccepts on each traffic group.
You cannot combine traffic from two or more traffic groups together.
Note: If a proxy is defined such that it is on one of the networks local to the Nasuni Filer, this
local proxy is used for cloud traffic, Remote Support traffic, and Nasuni API traffic.
Traffic flows on whichever interface can reach the local proxy.
Bonding. If you assign more than one device to the same traffic group, the assigned devices are
“bonded” for that traffic group. A bonded interface is a virtual network interface that runs on two or
more physical interfaces. The Nasuni Filer offers a transmit-load-balancing bonding mode, which is a
high-availability bonding mode with a performance enhancement when sending packets. Bonding also
provides failover benefits. This bonding mode monitors the state of the network interface cards (NICs)
that are in the bond: if the active device fails, it switches to a different active device. In addition, when
transmitting a packet, the system determines (using an internal metric) which device in the bond is least
busy, and transmits the packet using that device. When the host sends a packet to the Nasuni Filer, the
packet always goes to the active device.
Network switch ports to which bonded Nasuni Filer ports are attached must be configured as switch
port access with trunk access disabled. Any switch port where a bonded Nasuni Filer port is attached
should also not be bridged with any other Nasuni Filer port.
The Spanning Tree's blocking, listening, and learning stages should be disabled or bypassed on all
switch ports to which a bonded Nasuni Filer port is attached. (Cisco switches have a feature called
PortFast that is used to disable these Spanning Tree stages on a port-by-port basis.)
Nasuni Filer Administration Guide 8.0
289
Configuration Page
Network Configuration
Bonded Nasuni Filer port members may also be split across more than one switch in order to achieve
switch redundancy. However, all switch ports that are attached to members of the same bond must
comprise a single broadcast domain (namely, the same VLAN) configured on the switch port.
Additionally, if problems exist after deploying a Nasuni Filer bond across more than one switch,
reattach all bond members to the same switch. If the problems disappear, then the cause of the
problem resides in the configuration of the switches and not in the configuration of the Nasuni Filer.
Basic Configuration. Put all available NICs into the General traffic group. The Nasuni Filer uses a
single IP address, and all types of traffic use that IP address. Traffic leaving the LAN uses a default
gateway available on this LAN.
Separating client and cloud traffic. Divide the NICs into General and External traffic groups. The
Nasuni Filer uses one IP address for serving CIFS, NFS, FTP, and iSCSI traffic, along with the user
interface and management protocols, and one IP address for Web Access and Mobile Access. The
default gateway must be specified on the LAN that the External traffic group uses.
Separating data and management traffic. Divide the NICs into General and Management traffic
groups. The Nasuni Filer uses one IP address for serving CIFS, NFS, FTP and iSCSI traffic in addition to
communicating with cloud APIs, and a different IP address for the user interface and management
protocols. This configuration expects that administrators use a separate “back plane” network to
manage devices more securely.
Sample network topologies.
This example is for General traffic only.
Figure 11-4: General traffic only.
Nasuni Filer Administration Guide 8.0
290
Configuration Page
Network Configuration
This example is for General and External traffic.
Figure 11-5: General and External traffic.
This example is for General and Management traffic.
Figure 11-6: General and Management traffic.
Nasuni Filer Administration Guide 8.0
291
Configuration Page
Network Configuration
This example is for General, External, and Management traffic.
Figure 11-7: General, External, and Management traffic.
Nasuni Filer Administration Guide 8.0
292
Configuration Page
Network Configuration
Configuring Network Settings
To configure network settings, follow these steps:
1. Click Configuration, then select Network Configuration from the list. The Network
Configuration page appears.
Figure 11-8: Network Configuration page.
Nasuni Filer Administration Guide 8.0
293
Configuration Page
Network Configuration
2. To change the hostname for this Nasuni Filer, enter a new hostname in the Hostname text box.
Enter the hostname (15 characters or less) or Fully Qualified Domain Name (64 characters or
less) for this Nasuni Filer. You can use ASCII lower-case letters a through z, digits 0 (zero)
through 9, and hyphens. The Nasuni Filer hostname is automatically registered in the DNS
server, so that users can access this host by name.
The name that you enter is the name that you provide to users so they can access the Nasuni
Filer.
Note: If joining a Nasuni Filer to Active Directory, Nasuni recommends using the fully
qualified domain name with the hostname, such as filer.domain.com. If the Nasuni
Filer would never join Active Directory, you can use the hostname without the domain
name.
Tip: After you change the Hostname of the Nasuni Filer, you should delete the Active
Directory computer object with that Hostname.
3. In the Network Interface Settings area, to manage traffic groups, click Manage Traffic
Groups. The Traffic Groups dialog box appears.
Figure 11-9: Traffic Groups dialog box.
The Traffic Groups dialog box displays a list of the currently available traffic groups. For each
traffic group, the traffic group’s name and description appears. For more information about
traffic groups, see “About Traffic Groups” on page 289.
a. To add a new traffic group, click Add Traffic Group. The Add Traffic Group dialog box
appears.
Figure 11-10: Add Traffic Group dialog box.
Nasuni Filer Administration Guide 8.0
294
Configuration Page
i.
Network Configuration
In the Name text box, enter a short name for the new traffic group.
ii. Optionally, in the Description text box, enter a description of the purpose or
characteristics of the new traffic group.
iii. Click OK to add the new traffic group. Alternatively, click Cancel to exit without adding a
new traffic group.
b. To edit a traffic group’s name or description, click Edit. The Edit Traffic Group dialog box
appears. The Edit Traffic Group dialog box is similar to the Add Traffic Group dialog box
described in step a above. Enter a new name or description for the traffic group, then click
OK.
c. To delete a traffic group, click Delete. The traffic group is deleted.
d. To save all changes to the traffic groups, including added traffic groups and edited traffic
groups, click Save. Alternatively, to exit without saving any changes, click Cancel.
Note: You configure the network settings for each traffic group in step 5 below.
4. In the Network Interface Settings area, for each Device in the list, select the Traffic Group
from the drop-down list.
Figure 11-11: Network Interface Settings area.
See “About Traffic Groups” on page 289 for more details.
Tip: If any network interfaces are not in use, set them to “Disabled”.
Nasuni Filer Administration Guide 8.0
295
Configuration Page
Network Configuration
5. In the Network Interface Settings area, to configure each Traffic Group, click Edit beside the
Traffic Group. The Network Settings page appears.
Figure 11-12: Network Settings page.
From the Network Type drop-down list, select either Static or DHCP.
Tip: For optimal performance, do not use DHCP.
If you select DHCP (Dynamic Host Configuration Protocol), the IP Address, Netmask, and MTU
Value fields become unavailable.
Note: DHCP may not be enabled on more than one traffic group.
If you select Static, you must provide Network Interface Settings and System Settings. See your
IT administrator for assistance. Enter the following information:
•
Enter the static IP address in the IP Address text box. The address of a static device must
not already be present on the network. The Nasuni Filer verifies this and displays an error if a
collision is detected.
Note: If you define more than one static device, the Nasuni Filerchecks that the
subnets specified do not appear more than once.
•
Enter a netmask address in the Netmask text box.
•
Enter the MTU value in the MTU Value text box.
Tip: MTU settings should not exceed 1500.
The maximum transmission unit (MTU) is the size (in bytes) of the largest protocol data unit
that the layer can pass onwards. A larger MTU brings greater efficiency, because each
packet carries more user data, while protocol overheads, such as headers, remain fixed; the
resulting higher efficiency means a slight improvement in the bulk protocol throughput. A
larger MTU also means processing fewer packets for the same amount of data. However,
large packets can occupy a slow link for some time, causing greater delays to following
packets, and increasing lag and minimum latency.
Nasuni Filer Administration Guide 8.0
296
Configuration Page
Network Configuration
•
(Optional) You can specify a gateway for each traffic group. This gateway is used to return
traffic for clients outside one of the Nasuni Filer's local networks that do not use the default
gateway. In the Gateway text box, enter the IP address for the gateway.
•
Click OK to use these values. Click Cancel to exit this page without making any changes.
6. In the System Settings area, from the Settings Source drop-down list, select one of the
following:
•
DHCP (Dynamic Host Configuration Protocol): Provides a network IP address for a host on
an IP network automatically. The Default Gateway, Search Domain, Primary DNS Server,
and Secondary DNS Server fields become unavailable.
•
DHCP with custom DNS: Provides a network IP address for a host on an IP network
automatically. The Default Gateway field becomes unavailable. Enter the following
information:
•
Enter one or more local search domains in the Search Domain text box, each separated
by a space. You must enter valid hostnames.
You can use search domains to avoid typing the complete address of domains that you
use frequently. The search domains that you enter are automatically appended to names
that you specify for purposes such as Active Directory configuration, data migration
sources, HTTPS proxy, and NTP server. For example, if you specify the search domain
“mycompany.com”, then typing “server1” for one of these purposes would connect to
“server1.mycompany.com”.
•
•
Enter the IP address for your primary DNS server in the Primary DNS server text box.
You must enter a valid hostname or IP address.
•
Enter the IP address for your secondary DNS server in the Secondary DNS server text
box (if applicable). You must enter a valid hostname or IP address.
Static: Address information must be entered manually. Enter the following information:
•
Enter a default gateway address in the Default Gateway text box.
The gateway address must match a subnet of a defined static network.
•
Enter one or more local search domains in the Search Domain text box, each separated
by a space. You must enter valid hostnames.
You can use search domains to avoid typing the complete address of domains that you
use frequently. The search domains that you enter are automatically appended to names
that you specify for purposes such as Active Directory configuration, data migration
sources, HTTPS proxy, and NTP server. For example, if you specify the search domain
“mycompany.com”, then typing “server1” for one of these purposes would connect to
“server1.mycompany.com”.
•
Enter the IP address for your primary DNS server in the Primary DNS server text box.
You must enter a valid hostname or IP address.
•
Enter the IP address for your secondary DNS server in the Secondary DNS server text
box (if applicable). You must enter a valid hostname or IP address.
Nasuni Filer Administration Guide 8.0
297
Configuration Page
Network Configuration
7. Click Save Network Configuration to accept your entries. The Confirm Network Changes
page appears.
Figure 11-13: Confirm Network Changes page.
8. Enter a Username (case-sensitive) and Password (case-sensitive) that has permission to
perform this operation, then click Submit. Your changes are saved.
A message box appears indicating that you will be disconnected briefly from the user interface
while the changes are applied. Close this message box and refresh the page, or re-access the
Nasuni Filer with your new IP address.
Nasuni Filer Administration Guide 8.0
298
Configuration Page
Quality of Service Settings
Quality of Service Settings
Quality of Service (QoS) settings specify the inbound and outbound bandwidth limit for moving data to
and from the Nasuni Filer, such as snapshots to cloud storage. The default inbound Quality of Service
is unlimited. The default outbound Quality of Service is 10 megabits per second. However, Nasuni does
not recommend keeping that bandwidth. You can change this limit as needed.
Tip: Set the outbound Quality of Service to the highest value possible. This helps snapshots
complete rapidly.
The IT administrator or person who administers the Nasuni Filers can also create additional Quality of
Service (QoS) rules for different days and times. A Nasuni Filer can have a maximum of 12 rules.
Note: When you create one or more Quality of Service rules, the default Quality of Service
bandwidth becomes unlimited during any time that is not defined by a rule.
Note: If the inbound Quality of Service is too low, and data must be obtained from cloud
storage, data access might be affected.
Note: If the outbound Quality of Service is large or unlimited, and the inbound Quality of
Service is small, the limited inbound bandwidth for return packets (such as
acknowledgements) might affect the outbound bandwidth.
You can schedule inbound and outbound bandwidth limitations for specific days and between specific
hours. For example, if you specify 100 kilobits per second outbound for Monday through Friday from
8:00 AM to 3:00 PM, then the Nasuni Filer configures the outbound bandwidth to a maximum of 100
kilobits per second during that period, but does not limit the bandwidth used outside that period.
Snapshots are slower during the limited bandwidth period. Local user read/write operations are not
affected.
Limiting the bandwidth between specific hours can help decrease network congestion. For example, by
configuring snapshots to occur every hour with a bandwidth limit of 50 kilobits a second, a large
snapshot completes at a slower rate, but with no impact on network speeds. A snapshot cannot run
until the running snapshot is completed.
See www.nasuni.com/support/documentation for a worksheet for planning configurations.
Nasuni Filer Administration Guide 8.0
299
Configuration Page
Quality of Service Settings
Adding a Quality of Service rule
To add a new Quality of Service rule:
1. Click Configuration, then select Quality of Service from the list. The Quality of Service
Settings page appears.
Figure 11-14: Quality of Service Settings page.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. Click Add Rule. The Add QoS Rule dialog box appears.
Figure 11-15: Add QoS Rule dialog box.
Note: You cannot have a rule that applies to the same day and hour as another rule.
Nasuni Filer Administration Guide 8.0
300
Configuration Page
Quality of Service Settings
3. Select the days during which you want to limit bandwidth (for example, Sunday to Saturday). To
select or deselect all days, click Select/Deselect all.
4. To apply this rule 24 hours per day for each day selected, select the All Day check box.
5. Otherwise, from the Start drop-down list, select the time that you want to start limiting
bandwidth on the selected days.
From the Stop drop-down list, select the time that you want to stop limiting bandwidth on the
selected days.
6. Enter the Outbound Limit value, and select the units from the drop-down list. Use 0 (zero) to
specify no limit.
Tip: Set the outbound Quality of Service to the highest value possible. This helps
snapshots complete rapidly.
7. Enter the Inbound Limit value, and select the units from the drop-down list. Use 0 (zero) to
specify no limit.
8. Click Add Rule to accept your selections. The new rule appears on the Quality of Service
Settings page.
Changing a Quality of Service rule
Edit
To change an existing Quality of Service rule:
1. Click Configuration, then select Quality of Service from the list. The Quality of Service
Settings page appears.
Figure 11-16: Quality of Service Settings page.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
Nasuni Filer Administration Guide 8.0
301
Configuration Page
Quality of Service Settings
2. Find the rule that you want to change, then click Edit Rule beside that rule. The Edit QoS Rule
dialog box appears.
Figure 11-17: Edit QoS Rule dialog box.
Note: You cannot have a rule that applies to the same day and hour as another rule.
3. Select the days during which you want to limit bandwidth (for example, Sunday to Saturday). To
select or deselect all days, click Select/Deselect all.
4. To apply this rule 24 hours per day for each day selected, select the All Day check box.
5. Otherwise, from the Start drop-down list, select the time that you want to start limiting
bandwidth on the selected days.
From the Stop drop-down list, select the time that you want to stop limiting bandwidth on the
selected days.
6. Enter the Outbound Limit value, and select the units from the drop-down list. Use 0 (zero) to
specify no limit.
Tip: Set the outbound Quality of Service to the highest value possible. This helps
snapshots complete rapidly.
7. Enter the Inbound Limit value, and select the units from the drop-down list. Use 0 (zero) to
specify no limit.
8. Click Edit Rule to accept your selections. The changed rule appears on the Quality of Service
Settings page.
Nasuni Filer Administration Guide 8.0
302
Configuration Page
Quality of Service Settings
Deleting a Quality of Service Rule
To delete an existing Quality of Service rule:
1. Click Configuration, then select Quality of Service from the list. The Quality of Service
Settings page appears.
Figure 11-18: Quality of Service Settings page.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. Find the rule that you want to delete, then click Delete Rule beside that rule.
The rule is removed from the list.
Nasuni Filer Administration Guide 8.0
303
Configuration Page
Filer Time Configuration
Filer Time Configuration
Edit
You can set the time zone and time server for the Nasuni Filer, which are necessary for notifications and
file sharing purposes. The time zone setting you select should be for the region where the Nasuni Filer
is physically located. For example, if you are located in the eastern part of the United States, use “US/
Eastern”.
See www.nasuni.com/support/documentation for a worksheet for planning configurations.
To configure the time zone and source settings, follow these steps:
1. Click Configuration, then select Time Configuration. The Filer Time Configuration page
appears.
Figure 11-19: Filer Time Configuration page.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. From the Time Zone drop-down list, select a time zone. Time zones are listed alphabetically by
country (such as “Portugal”), city (such as “Europe/Zagreb”, and abbreviation (such as “GMT”).
3. In the Time Server text box, enter the hostnames of one or more valid Network Time Protocol
(NTP) servers, separated by commas. By default, all Nasuni Filers are set to use Nasuni's NTP
server, time.nasuni.com, to set the time daily. If you cannot open port 123 in your firewall to
access time.nasuni.com, you should change to an internal NTP server.
You can also specify using NTP services from Active Directory domain controllers. See “Domain
Settings (for Nasuni Filers running versions before 7.8)” on page 335.
Nasuni Filer Administration Guide 8.0
304
Configuration Page
Filer Time Configuration
4. Click Save Time Configuration to accept your selection. The message “Timezone set; you may
be disconnected while your changes are applied.” appears.
Nasuni Filer Administration Guide 8.0
305
Configuration Page
FTP Settings
FTP Settings
You can view and configure FTP/SFTP settings for the Nasuni Filer. These advanced features of the
FTP/SFTP protocol apply to all volumes on the Nasuni Filer.
Tip: In order to access data using the FTP/SFTP protocol, the following steps are necessary:
1. Create a CIFS or NFS volume. See “Adding a Volume” on page 51.
2. Enable the FTP protocol on the volume. See “Enabling multiple volume protocols” on
page 161.
3. (Optional) Configure FTP settings. See “Configuring FTP settings” on page 306.
4. Add a new FTP/SFTP directory. See “Adding FTP directories for a volume” on page 153.
5. (Optional) Create a permission group that has storage access. See “Adding Permission
Groups” on page 383.
6. (Optional) Create a user in a permission group that has storage access. See “Adding Users”
on page 389. Active Directory and LDAP users can log in for FTP access just as they do for
CIFS access. Also, if anonymous access is enabled, you don't need a specific group or user.
7. Access files using the FTP/SFTP protocol. See “Accessing data using the FTP/SFTP
protocol” on page 167.
Configuring FTP settings
To configure FTP settings, follow these steps:
1. Click Configuration, then select FTP Settings. The General FTP Settings page appears.
Figure 11-20: General FTP Settings page.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
Nasuni Filer Administration Guide 8.0
306
Configuration Page
FTP Settings
2. Optionally, in the Masquerade Address text box, type an IP address (not a DNS hostname) to
present to the client instead of the local server's IP address or DNS hostname.
3. Optionally, in the Idle Login Timeout text box, type the time in seconds to wait before closing
an idle connection. Zero (0) means never close an idle connection.
4. Optionally, in the Anonymous Access Username text box, type the username that the user
must log in with in order to access any FTP/SFTP directory anonymously. Default: anonymous.
The username is case sensitive.
5. Optionally, in the Anonymous Access Group text box, type the group associated with the
Anonymous Access Username.
6. Click Save FTP Settings to save your settings.
Tip: To enable the FTP protocol for a volume, see “Enabling multiple volume protocols” on
page 161. To add an FTP directory to a volume, see “Adding FTP directories for a
volume” on page 153.
Nasuni Filer Administration Guide 8.0
307
Configuration Page
General CIFS Settings
General CIFS Settings
On the General CIFS Settings page you can perform the following actions:
•
Configure CIFS settings. See “Configuring CIFS settings” on page 308.
•
Join the Nasuni Filer to an Active Directory domain or an LDAP Directory Services domain. You
can specify the domain, and an Auto Detect wizard attempts to discover necessary domain
information automatically. See “Joining a Nasuni Filer to a domain” on page 311.
Tip: LDAP Directory Services must be enabled in the client license before joining an LDAP
domain. Active Directory is enabled by default.
Important: You cannot enable both Active Directory and LDAP Directory Services for a
Nasuni Filer.
Support for authentication using Active Directory or LDAP has been combined on the Directory
Services page. See “Directory Services” on page 325.
You can associate an Active Directory or LDAP Directory Services domain group with a permission
group. This enables you to log in using Active Directory or LDAP Directory Services credentials. See
“Adding Permission Groups” on page 383.
See www.nasuni.com/support/documentation for a worksheet for planning configurations.
Configuring CIFS settings
Edit
To configure CIFS settings, follow these steps:
1. Click Configuration, then select General Settings from the list. The General CIFS Settings
page appears.
Figure 11-21: General CIFS Settings page.
Nasuni Filer Administration Guide 8.0
308
Configuration Page
General CIFS Settings
2. If the current security mode is LDAP Directory Services or Public, the Workgroup text box is
also available.
Figure 11-22: General CIFS Settings page.
In the Workgroup text box, enter a local Windows NT-compatible workgroup name (15
characters maximum) in which the Nasuni Filer can be accessed. To use the default workgroup
for the domain, leave this field blank. Some domains need this value if the name cannot be
automatically determined.
3. Optionally, in the Administrative User(s) text box, enter a list of administrative users. Entering a
user name provides each specified user with full access to all CIFS shares and rights to change
file and folder permissions, regardless of current ACL settings.
In specifying Administrative User(s), follow these guidelines:
•
User names must be in the Primary domain, as described in “Directory Services” on
page 325.
•
If you are specifying more than one user name, separate the user names with commas or
semicolons.
•
Do not specify groups. Only specify individual users.
•
Do not use domain names. Only specify user names in the Primary domain. For
example, do not use “mydomain\myname” or “myname@mydomain.com”. Only use
“myname”.
Nasuni Filer Administration Guide 8.0
309
Configuration Page
General CIFS Settings
Note: If this Nasuni Filer is under the control of the Nasuni Management Console, the
following button and pane do not appear, because you use the Nasuni Management
Console to perform these tasks. Click Filers, then select CIFS Settings.
4. Optionally, to display advanced options, click Show Advanced Options. The Advanced
Options pane appears.
Figure 11-23: Advanced Options pane.
Note: For sites with mostly Windows clients, the default settings are best.
a. From the Allocation Roundup Size drop-down list, select the allocation roundup size.
Unless you have applications that require disabling this option, select Default (1 MiB).
Disabling this option can degrade performance because it rounds up the file sizes on disk.
b. From the Protocol Level drop-down list, select the maximum version of the CIFS/SMB
protocol that the server negotiates with the client. This is the highest level that the Nasuni Filer
will support. The client can negotiate a lower version, if necessary. The choices include the
following:
•
CIFS: Common Internet File System protocol, also called SMB 1.0.
•
CIFS & SMB2: Server Message Block version 2.0. SMB 2.0 offers improved
performance over SMB 1.0.
•
CIFS & SMB3: Server Message Block version 3.0. SMB 3.0 offers improved
performance and security over SMB 2.0.
Tip: Best practice is to select “CIFS & SMB2”. Using SMB2 can improve performance
significantly.
Nasuni Filer Administration Guide 8.0
310
Configuration Page
General CIFS Settings
c. To allow clients to use Portable Operating System Interface (POSIX) semantics, select the
Enhanced Support for POSIX Clients check box (selected by default). If you clear this
option, POSIX clients can still connect. However, they do not have the full range of file server
operations.
Tip: CIFS shares that have OS X clients should select the Enhanced Support for
POSIX Clients check box.
d. To not allow anonymous connections, select Restrict Anonymous. When selected, users
cannot log into CIFS without entering a username and password.
e. To close this display, click Hide Advanced Options.
5. Click Save CIFS Settings to save your settings. The Change General CIFS Settings? dialog
box appears.
Note: Changing these settings only affects new CIFS/SMB clients. You must disconnect
or reset an existing client's connection to use the new settings.
6. Click Continue Saving. Your CIFS settings are saved.
Otherwise, click Cancel.
Joining a Nasuni Filer to a domain
Join
If the Nasuni Filer has not previously joined any Active Directory domain or LDAP Directory Services
domain before, you can join the Nasuni Filer to a domain. Both Active Directory and LDAP are
supported. You can specify the domain, and an Auto Detect wizard attempts to discover necessary
domain information automatically. For the procedure to join the Nasuni Filer to a domain, see
“Procedure for joining a Nasuni Filer (not previously joined to any domain) to a domain” on page 313.
Important: You cannot enable both Active Directory and LDAP Directory Services for a
Nasuni Filer.
About Active Directory
Microsoft's Active Directory (AD) service is capable of providing security across multiple domains or
forests through domain and forest trust relationships. The trusts established between domains allow or
deny users access to resources outside their native domain. After you establish the correct trust
relationships among your Active Directory servers, you can enable access and permissions for users
and groups within the trusted domains. Configuration of trusts between domains is outside the scope
of this document.
Tip: Nasuni also supports the “Identity Management for UNIX” role service for Active
Directory. This feature allows UNIX-style user and group identities to be stored in Active
Directory, and can synchronize identity management across CIFS/SMB and NFS. If your
organization uses this, please contact Nasuni Support.
This feature is sometimes known as RFC 2307 extensions.
The Nasuni Filercan join one Windows Active Directory domain server and access its users and groups.
These users and groups can only be edited through Active Directory tools.
Nasuni Filer Administration Guide 8.0
311
Configuration Page
General CIFS Settings
The Nasuni Management Console joins one domain, called the primary domain. If the client’s
environment has valid, active trust relationships between the primary domain and other domains, the
Nasuni Management Console attempts to discover those domains automatically. You can then select
which of the non-primary domains to allow to access the Nasuni Management Console.
The Nasuni Management Console offers support for trusted domains of multiple Active Directory
servers. This can simplify enabling access and permissions for users and groups within trusted
domains. To use trusted domains of multiple Active Directory servers, you must establish the correct
trust relationships among your Active Directory servers.
There are two aspects to trusted domain support: authentication and sharing. The authentication
aspect allows a user to access a Nasuni Management Console's resources in a different domain. The
sharing aspect enables systems in different domains to access the same data.
About LDAP Directory Services
As an alternative to Microsoft Active Directory, some organizations prefer to use their own LDAP and
Kerberos services. This is often the case for organizations that rely heavily on UNIX-style clients, such
as Linux or Mac OS X. The LDAP protocol is used for identifying users and other resources. The
Kerberos protocol is used for authentication. In lieu of joining a domain, the Nasuni Management
Console requires a Kerberos keytab file, which contains encryption keys associated with network
services (service principal names).
Note: The Nasuni Management Console requires the use of Kerberos for secure
authentication, and does not support storing passwords in LDAP.
Important: You cannot enable both Active Directory and LDAP Directory Services for a
Nasuni Filer.
Nasuni Filer Administration Guide 8.0
312
Configuration Page
General CIFS Settings
Procedure for joining a Nasuni Filer (not previously joined to any domain) to a domain
Join
Tip: LDAP Directory Services must be enabled in the client license before joining an LDAP
domain. Active Directory is enabled by default.
If the Nasuni Filer has not previously joined any Active Directory domain or LDAP Directory Services
domain before, follow these steps:
1. Click Configuration, then select General Settings from the list. On the General CIFS Settings
page, the “Connect to a Directory Service” button is available.
Figure 11-24: “Connect to a Directory Service” button available on General CIFS Settings
page.
2. To join an Active Directory domain, follow the procedure starting at step a on page 314.
Otherwise, to join an LDAP Directory Services domain, skip to step 3 on page 319.
Important: You cannot enable both Active Directory and LDAP Directory Services for a
Nasuni Filer.
Nasuni Filer Administration Guide 8.0
313
Configuration Page
General CIFS Settings
a. Click “Connect to a Directory Service”. The Directory Services page appears.
Figure 11-25: Directory Services page.
b. In the Domain text box, enter the fully qualified Active Directory domain name that you want
the Nasuni Filer to join. The Nasuni Filer joins this domain to authenticate users from the
Active Directory server.
c. Leave Auto Detect selected. If Auto Detect is selected, the wizard attempts to determine
whether the specified domain is an Active Directory domain or an LDAP domain, and then
attempts to retrieve pertinent information using DNS.
Note: For Auto Detect to work, the DNS must be configured to refer to directory service
settings.
If, after you click Continue (step j on page 315), the wizard is unsuccessful in automatically
detecting configuration information, deselect Auto Detect. The Directory Service Type
drop-down list becomes available.
d. To automatically alter the system’s hostname so that is part of the domain to be joined, select
Alter System Hostname. For example, if joining a Nasuni Filer (such as filer) to a domain
(such as domain.com), Nasuni recommends using the fully qualified domain name with the
hostname to form the new hostname (such as filer.domain.com).
Alternatively, if you know that the hostname is correct for this domain, deselect Alter System
Hostname.
Nasuni Filer Administration Guide 8.0
314
Configuration Page
General CIFS Settings
e. If Auto Detect is deselected, the Directory Service Type drop-down list becomes available.
From the drop-down list, select Active Directory.
Important: You cannot enable both Active Directory and LDAP Directory Services for a
Nasuni Filer.
f.
(Optional) In the Workgroup text box, enter a local Windows NT-compatible workgroup
name (15 characters maximum) in which the Nasuni Filer can be accessed. To use the default
workgroup for the domain, leave this field blank. Some domains need this value if the name
cannot be automatically determined.
Tip: This value cannot be changed after the Nasuni Filer joins the domain.
g. (Optional) In the Domain Controller text box, enter the fully qualified domain name of the
primary domain controller. For example, DomainControllerName.domain.com.
Entering a Domain Controller name forces the Nasuni Filer to use only that domain
controller. However, leaving the Domain Controller text box blank causes the Nasuni Filer
to automatically find and use an appropriate Domain Controller, and also allows for Domain
Controller failover. Unless you want only one specific domain controller to be used, leave the
Domain Controller text box blank.
In particular, if you want support for trusted domains of multiple Active Directory servers,
leave the Domain Controller text box blank.
Note: The Active Directory Sites and Services feature tries to find nearby Domain
Controllers to use.
h. (Optional) In the Computer OU text box, enter a domain organization unit in which the Nasuni
Filer is placed. The computer’s container is the default location. If you leave this value blank,
the Nasuni Filer is placed in a default location.
Tip: This value cannot be changed after the Nasuni Filer joins the domain.
i.
(Optional) To use Network Time Protocol (NTP) services provided by domain controllers,
select NTP from Domain Controllers. If no NTP services are available from domain
controllers, the current NTP server is used. See “Filer Time Configuration” on page 304.
Tip: This value cannot be changed after the Nasuni Filer joins the domain.
j.
Click Continue. The wizard attempts to look up domain information in the DNS. If successful,
the wizard returns to this page, enters the information found, and deselects Auto Detect. You
can then enter or change any information.
k. If the message appears that Auto Detect was successful, verify any values that Auto Detect
added, deselect Auto Detect if still selected, then click Continue.
Nasuni Filer Administration Guide 8.0
315
Configuration Page
l.
General CIFS Settings
The Confirm/Authenticate Directory Service dialog box appears.
Figure 11-26: Confirm/Authenticate Directory Service dialog box.
Enter the user name and password of a user who is authorized to join this Nasuni Filer to the
specified domain. Click Submit.
m. The wizard attempts to use the given credentials for the specified domain. If successful, the
Volume Selection tab is selected.
Figure 11-27: Volume Selection tab.
For each volume in the list, select whether to use domain-based authentication for that
volume, then click Continue.
Nasuni Filer Administration Guide 8.0
316
Configuration Page
General CIFS Settings
n. The wizard attempts to establish the specified authentication for the specified volumes. If
successful, the Domain Configuration tab is selected.
Figure 11-28: Domain Configuration tab.
If any other Nasuni Filers on your account are already configured for access to the specified
domain, they appear in a list. Select one of those Nasuni Filers from the Configuration
Source drop-down list in order to duplicate its user and group mappings. This helps to
ensure consistent and successful authentication.
Alternatively, if there are no other Nasuni Filers already configured for access to the
specified domain, or if you prefer to configure domains and trusts manually, select Local
Settings from the Configuration Source drop-down list.
Click Continue.
o. The wizard attempts to configure for the specified domain. If successful, the Enable
Domains tab is selected.
Figure 11-29: Enable Domains tab.
A list of available domains appears. From this list, select the domains that you want the
Nasuni Filer to access.
Click Continue.
Nasuni Filer Administration Guide 8.0
317
Configuration Page
General CIFS Settings
p. The wizard attempts to enable the selected domains. If successful, the “Complete the
Configuration” tab is selected.
Figure 11-30: “Complete the Configuration” tab.
Verify the configuration values, then click Finish.
q. The wizard attempts to complete the configuration. If successful, the Directory Services
page appears.
Figure 11-31: Directory Services page.
The newly joined domain appears in the Domain Settings list.
To configure directory services settings, see “Directory Services” on page 325.
To configure CIFS settings, see “General CIFS Settings” on page 308.
Nasuni Filer Administration Guide 8.0
318
Configuration Page
General CIFS Settings
3. Alternatively, to join an LDAP Directory Services domain, follow the procedure below.
Important: You cannot enable both Active Directory and LDAP Directory Services for a
Nasuni Filer.
Tip: LDAP Directory Services must be enabled in the client license before joining an LDAP
domain. Active Directory is enabled by default.
Important: If your LDAP server does not use a publicly trusted certificate, you must upload a
globally or locally trusted certificate to the Nasuni Filer, so that the Nasuni Filer
trusts your LDAP server. See “Uploading SSL Certificates” on page 370.
Important: We recommend the use of indexes for uidNumber and gidNumber attributes. If
your LDAP Directory Server can look up records based on uidNumber and
gidNumber quickly without an index, this is also sufficient.
a. Click “Connect to a Directory Service”. The Directory Services page appears.
Figure 11-32: Directory Services page.
b. In the Domain text box, enter the fully qualified LDAP Directory Services domain name that
you want the Nasuni Filer to join. The Nasuni Filer joins this domain to authenticate users from
the LDAP Directory Services server.
c. Leave Auto Detect selected. If Auto Detect is selected, the wizard attempts to determine
whether the specified domain is an Active Directory domain or an LDAP domain, and then
Nasuni Filer Administration Guide 8.0
319
Configuration Page
General CIFS Settings
attempts to retrieve pertinent information using DNS. If the wizard detects an LDAP Directory
Services domain, it also tries to detect the type of domain (FreeIPA, Apple Open Directory, or
Generic).
Note: For Auto Detect to work, the DNS must be configured to refer to directory service
settings.
If, after clicking Continue (step f on page 320), the wizard is unsuccessful in automatically
detecting configuration information, deselect Auto Detect. The Directory Service Type
drop-down list becomes available.
d. To automatically alter the system’s hostname so that is part of the domain to be joined, select
Alter System Hostname. For example, if joining a Nasuni Filer (such as filer) to a domain
(such as domain.com), Nasuni recommends using the fully qualified domain name with the
hostname to form the new hostname (such as filer.domain.com).
Alternatively, if you know that the hostname is correct for this domain, deselect Alter System
Hostname.
e. If Auto Detect is deselected, the Directory Service Type drop-down list becomes available.
From the drop-down list, select LDAP Directory Services.
Important: You cannot enable both Active Directory and LDAP Directory Services for a
Nasuni Filer.
f.
Click Continue. The wizard attempts to look up domain information in the DNS. If successful,
the wizard returns to this page, enters the information found, and deselects Auto Detect. You
can then enter or change any information.
Figure 11-33: Directory Services page.
g. If the message appears that Auto Detect was successful, verify any values that Auto Detect
added, deselect Auto Detect if still selected, then click Continue.
Nasuni Filer Administration Guide 8.0
320
Configuration Page
General CIFS Settings
h. If the directory services provider has not already been selected, from the Directory Services
Provider drop-down list, select the provider that matches your LDAP and Kerberos servers.
Options include FreeIPA, Generic LDAP/Kerberos, and Apple OpenDirectory. By
selecting the appropriate provider, the wizard selects various connection parameters. The
following steps detail the Generic LDAP/Kerberos option where the wizard does not
assume any connection settings.
Note: Some of the following fields are optional, depending on the choice of Directory
Services Provider.
i.
In the LDAP Servers text box, enter a list of the domain names (or IP addresses) of the
LDAP servers for the Nasuni Filer to connect to, separated by commas.
To use DNS to retrieve information, leave this text box blank.
ii. In the Kerberos KDC Servers text box, enter a list of the IP addresses or hostnames of
the Kerberos Key Distribution Center (KDC) servers for the Nasuni Filer to connect to,
separated by commas.
To use DNS to retrieve information, leave this text box blank.
iii. (Optional.) From the LDAP ID Schema drop-down list, select the LDAP ID schema used
by your LDAP infrastructure: RFC2307 or RFC2307bis.
iv. (Optional.) In the LDAP User Search Base text box, enter an LDAP DN (distinguished
name) that indicates a subtree that contains users.
v. (Optional.) In the LDAP Group Search Base text box, enter an LDAP DN (distinguished
name) that indicates a subtree that contains groups.
vi. (Optional.) In the LDAP User Name Attribute text box, enter the LDAP user name
attribute.
vii. (Optional.) In the LDAP Group Name Attribute text box, enter the LDAP group name
attribute.
viii. (Optional.) In the LDAP Netgroup Search Base text box, enter an LDAP DN
(distinguished name) that indicates a subtree that contains netgroups.
ix. (Optional.) In the LDAP Bind DN text box, enter an LDAP DN (distinguished name) to use
instead of an anonymous bind.
x. (Optional.) In the LDAP Bind Password text box, enter a password to use to bind with
DN.
xi. In the Minimum Supported ID text box, enter the minimum user or group ID to map to
the Nasuni Filer. This is needed for the case where you want the Nasuni Filer to ignore
some of the IDs that Auto Detect might identify in your LDAP infrastructure, or to use IDs
outside of the ranges that are allowed to be automatically chosen by the Nasuni Filer.
To have Auto Detect find this, leave blank.
Nasuni Filer Administration Guide 8.0
321
Configuration Page
General CIFS Settings
xii. In the Maximum Supported ID text box, enter the maximum user or group ID to map to
the Nasuni Filer. This is needed for the case where you want the Nasuni Filer to ignore
some of the IDs that Auto Detect might identify in your LDAP infrastructure, or to use IDs
outside of the ranges that are allowed to be automatically chosen by the Nasuni Filer.
To have Auto Detect find this, leave blank.
xiii. Click Continue. The wizard attempts to look up domain information in DNS. If successful,
the wizard returns to this page, enters the information found, and deselects Auto Detect.
You can then enter or change any information.
i.
The Confirm/Authenticate Directory Service dialog box appears.
Figure 11-34: Confirm/Authenticate Directory Service dialog box.
If necessary, enter the user name and password of a directory user who is authorized to join
this Nasuni Filer to the specified domain. Click Submit.
j.
The wizard checks the provided information before proceeding to the Keytab step. If the
wizard is successful in checking the LDAP domain and other information, the wizard
highlights the Keytab step.
Nasuni Filer Administration Guide 8.0
322
Configuration Page
General CIFS Settings
k. From the Keytab Source drop-down list, select the source of the Kerberos keytab for the
Nasuni Filer from the following choices:
•
FreeIPA Server (only available on a FreeIPA system): If you select a FreeIPA server,
enter the Username, Password, and Repeat Password, then click Continue.
Figure 11-35: Directory Services page, Keytab step, selecting server.
•
Keytab file upload: If you select to upload a keytab file, click Browse to navigate to the
file, then click Continue.
Figure 11-36: Directory Services page, Keytab step, uploading keytab file.
l.
The wizard checks the provided keytab information before proceeding to the Volume
Selection step. If the wizard is successful in obtaining the Kerberos keytab information, the
wizard highlights the Volume Selection step.
For each volume in the list, select whether to use authentication based on LDAP Directory
Services for that volume, then click Continue.
m. The wizard attempts to establish the specified authentication for the specified volumes. If
successful, the Domain Configuration tab is selected.
If any other Nasuni Filers on your account are already configured for access to the specified
domain, they appear in a list. Select one of those Nasuni Filers from the Configuration
Source drop-down list in order to duplicate its user and group mappings. This helps to
ensure consistent user authentication and ID mapping across Nasuni Filers accessing the
same volumes.
Alternatively, if there are no other Nasuni Filers already configured for access to the specified
domain, or if you prefer to configure domains and trusts manually, select Local Settings from
the Configuration Source drop-down list.
Click Continue.
Nasuni Filer Administration Guide 8.0
323
Configuration Page
General CIFS Settings
n. The wizard attempts to configure for the specified domain. If successful, the “Complete the
Configuration” tab is selected.
Verify the configuration values, then click Continue.
o. The wizard attempts to complete the configuration. If successful, the Directory Services
page appears.
Figure 11-37: Directory Services page.
The newly joined domain appears in the Domain Settings list.
To configure directory services settings, see “Directory Services” on page 325.
To configure CIFS settings, see “General CIFS Settings” on page 308.
Nasuni Filer Administration Guide 8.0
324
Configuration Page
Directory Services
Directory Services
The Nasuni Filer supports Directory Services using either Active Directory or LDAP (Lightweight
Directory Access Protocol) with Kerberos for authentication. See “General CIFS Settings” on page 308
for details about Active Directory and LDAP Directory Services.
Important: You cannot enable both Active Directory and LDAP Directory Services for a
Nasuni Filer.
You can associate an Active Directory or LDAP Directory Services domain group with a permission
group. This enables you to log in using Active Directory or LDAP Directory Services credentials. See
“Adding Permission Groups” on page 383.
See www.nasuni.com/support/documentation for a worksheet for planning configurations.
Viewing information about Directory Services already configured
View
To view information about Directory Services, follow these steps:
1. Click Configuration, then select Directory Services from the list. The Directory Services page
appears.
Figure 11-38: Directory Services page for LDAP Directory Services.
For LDAP Directory Services, information on this page includes the following:
•
Type: Type of authentication, such as Publicly Available, Active Directory, and LDAP
Directory Services.
•
Connection Status: The current status of the connection.
ENABLED indicates that the connection has been configured successfully.
DISABLED indicates that the connection has not been configured successfully.
HEALTHY indicates that the connection is successful.
UNHEALTHY indicates that the connection is not successful.
•
Domain Settings: A list of domains appears, displaying the following information:
•
Domain: The IP address or the hostname of the domain.
Nasuni Filer Administration Guide 8.0
325
Configuration Page
•
•
•
Directory Services
Details: Details about the Directory Services entry, including the following:
•
Provider: The Directory Services provider.
•
Schema: The LDAP schema: either RFC2307 or RFC2307bis.
•
LDAP Servers: The IP address or the hostname of the servers that service the
domain.
•
KDCs: The IP address or the hostname of the Kerberos Key Distribution Centers
(KDC) that supply session tickets and temporary session keys.
Status: The status of the domain: Enabled or Disabled.
Keytab Contents: The contents of the keytab file used to authenticate to the KDC, including
the following information:
•
Service Type: The service type and the IP address or the hostname of the host that is
offering it.
•
Realm: The IP address or the hostname of the server hosting the application.
2. For Active Directory, the Directory Services page looks like this:
Figure 11-39: Directory Services page for Active Directory.
For Active Directory, information on this page includes the following:
•
Type: Type of authentication, such as Publicly Available, Active Directory, and LDAP
Directory Services.
•
Connection Status: The current status of the connection.
ENABLED indicates that the connection has been configured successfully.
DISABLED indicates that the connection has not been configured successfully.
HEALTHY indicates that the connection is successful.
UNHEALTHY indicates that the connection is not successful.
•
Domain Settings: A list of domains appears, displaying the following information:
•
Domain: The IP address or the hostname of the domain.
•
Type: The type of Active Directory domain: Primary or Child.
Nasuni Filer Administration Guide 8.0
326
Configuration Page
Directory Services
•
NT Name: The local Windows NT-compatible workgroup name of the Active Directory
domain.
•
Status: The status of the domain: Enabled or Disabled.
Editing LDAP Directory Services domain settings
Configure
To edit settings for the LDAP Directory Services domain, follow these steps:
1. Click Configuration, then select Directory Services from the list. The Directory Services page
appears.
Figure 11-40: Directory Services page.
Nasuni Filer Administration Guide 8.0
327
Configuration Page
Directory Services
2. For the domain whose information you want to edit, click Edit. The Edit Domain dialog box
appears.
Figure 11-41: Edit Domain dialog box.
Note: The fields available depend on the Directory Services Provider selected.
3. In the LDAP Servers text box, enter a list of the IP addresses or hostnames of the LDAP servers
for the Nasuni Filer to connect to, separated by commas.
To use DNS to retrieve information, leave this text box blank.
4. In the Kerberos KDC Servers text box, enter a list of the IP addresses or hostnames of the
Kerberos Key Distribution Center (KDC) servers for the Nasuni Filer to connect to, separated by
commas.
To use DNS to retrieve information, leave this text box blank.
5. Click Save. The information is applied to the selected domain.
Nasuni Filer Administration Guide 8.0
328
Configuration Page
Directory Services
Updating the Kerberos keytab file
Update
The Kerberos keytab file contains encryption keys associated with services (the service principal
names) located on servers hosting Kerberos-enabled protocols.
To update the keytab file, follow these steps:
1. Click Configuration, then select Directory Services from the list. The Directory Services page
appears.
Figure 11-42: Directory Services page.
2. Click Update Keytab. The Update Keytab dialog box appears.
Figure 11-43: Update Keytab dialog box.
Nasuni Filer Administration Guide 8.0
329
Configuration Page
Directory Services
3. From the Keytab Source drop-down list, select the source of the Kerberos keytab for the
Nasuni Filer.
•
If you select a server, enter the Username, Password, and Repeat Password, then click
Submit.
•
If you select to upload a keytab file, click Choose File to navigate to the file, then click
Submit.
The keytab file is updated.
Editing Active Directory domain settings
Edit
To edit settings for an Active Directory domain, follow these steps:
1. Click Configuration, then select Directory Services from the list. The Directory Services page
appears.
Figure 11-44: Directory Services page for Active Directory.
2. For the domain whose information you want to edit, click Edit. The Edit Domain dialog box
appears.
Figure 11-45: Edit Domain dialog box.
3. To enable or disable resources in the Active Directory domain accessing the Nasuni Filer, select
or deselect Enable Source.
Tip: The Primary domain cannot be disabled.
Nasuni Filer Administration Guide 8.0
330
Configuration Page
Directory Services
4. Click Save. The information is applied to the selected domain.
Editing Active Directory general settings
Edit
To edit settings for Active Directory, follow these steps:
1. Click Configuration, then select Directory Services from the list. The Directory Services page
appears.
Figure 11-46: Directory Services page for Active Directory.
2. (Optional) In the Domain Controller text box, enter the fully qualified domain name of the
primary domain controller. For example, DomainControllerName.domain.com.
Entering a Domain Controller name forces the Nasuni Filer to use only that domain controller.
However, leaving the Domain Controller text box blank causes the Nasuni Filer to use the
primary domain controller on the join, and also allows for domain controller failover. Unless you
want only one specific domain controller to be used, leave the Domain Controller text box
blank.
In particular, if you want support for trusted domains of multiple Active Directory servers, leave
the Domain Controller text box blank.
3. To reconnect a Nasuni Filer to Active Directory, or refresh its current connection status, select
Rejoin Active Directory.
4. Click Submit. The information is applied to the selected domain.
Nasuni Filer Administration Guide 8.0
331
Configuration Page
Directory Services
Resyncing Active Directory domain
Edit
You can resynchronize the current Nasuni Filer to the Active Directory domain configuration of another
Nasuni Filer. This can be useful if the domain configuration changes on one Nasuni Filer, perhaps by a
new domain being added, so that all the Nasuni Filers no longer have the same domain configuration.
This procedure clones the Active Directory domain configuration of a selected Nasuni Filer.
To resync an Active Directory domain configuration, follow these steps:
1. Click Configuration, then select Directory Services from the list. The Directory Services page
appears.
Figure 11-47: Directory Services page for Active Directory.
2. Click Resync Domain Configuration. The Resync Domain dialog box appears.
Figure 11-48: Resync Domain dialog box.
3. From the Configuration Source drop-down list, select the Nasuni Filer from which to copy the
Active Directory domain configuration. All Nasuni Filers from which you are allowed to copy the
domain configuration are listed.
Nasuni Filer Administration Guide 8.0
332
Configuration Page
Directory Services
4. Click Save. The selected domain configuration is used for this Nasuni Filer.
Deleting Active Directory domain configuration
Edit
You can delete an Active Directory domain configuration. This removes the Nasuni Filer from the
current domain. This can be useful for fully purging all domain settings, such as when re-using an
existing Nasuni FIler hardware appliance in a a new domain.
Tip: Before deleting an Active Directory domain configuration, ensure that the Nasuni Filer no
longer has any volumes using Active Directory authentication.
After deleting the Active Directory domain configuration, the state of the Nasuni Filer is comparable to
that of a Nasuni Filer that has never joined an Active Directory domain.
To delete an Active Directory domain configuration, follow these steps:
1. Click Configuration, then select Directory Services from the list. The Directory Services page
appears.
Figure 11-49: Directory Services page for Active Directory.
Nasuni Filer Administration Guide 8.0
333
Configuration Page
Directory Services
2. Click Delete Configuration. The Delete Domain Configuration dialog box appears.
Figure 11-50: Delete Domain Configuration dialog box.
3. Enter the Username and Password of a user who has permission to perform this action.
4. Select “I understand and accept responsibility for this action”.
5. Click Delete. The domain configuration is deleted for this Nasuni Filer.
The Nasuni Filer is removed from the current domain. The state of the Nasuni Filer is comparable to that
of a Nasuni Filer that has never joined an Active Directory domain.
Nasuni Filer Administration Guide 8.0
334
Configuration Page
Domain Settings (for Nasuni Filers running versions before 7.8)
Domain Settings (for Nasuni Filers running versions before 7.8)
Microsoft's Active Directory (AD) service is capable of providing security across multiple domains or
forests through domain and forest trust relationships. The trusts established between domains allow or
deny users access to resources outside their native domain. After you establish the correct trust
relationships among your Active Directory servers, you can enable access and permissions for users
and groups within the trusted domains. Configuration of trusts between domains is outside the scope
of this document.
Tip: Nasuni also supports the "Identity Management for UNIX" role service for Active
Directory. This feature allows UNIX-style user and group identities to be stored in the
Active Directory, and can synchronize identity management across CIFS/SMB and NFS.
If your organization uses this, please contact Nasuni Support.
This feature is sometimes known as RFC 2307 extensions.
The Nasuni Filer can join one Windows Active Directory domain server and access its users and
groups. These users and groups can only be edited through Active Directory tools.
The Nasuni Filer joins one domain, called the primary domain. If the client’s environment has valid,
active trust relationships between the primary domain and other domains, the Nasuni Filer attempts to
discover those domains. You can then select which of the non-primary domains to allow to access the
Nasuni Filer.
The Nasuni Filer offers support for trusted domains of multiple Active Directory servers. This can
simplify enabling access and permissions for users and groups within trusted domains. To use trusted
domains of multiple Active Directory servers, you must establish the correct trust relationships among
your Active Directory servers.
Tip: Nasuni Filers joined to separate domains can share volumes if both Nasuni Filers trust
the same domains.
There are two aspects to trusted domain support: authentication and sharing. The authentication
aspect allows a user to access a Nasuni Filer's resources in a different domain. The sharing aspect
enables Nasuni Filers in different domains to access the same data.
Tip: If the Nasuni Filer has never joined an Active Directory domain, the General Settings
page displays the Join Domain button to initiate the process of joining the Nasuni Filer to
an Active Directory domain. Clicking Join Domain starts a wizard that guides you through
the process of joining a Nasuni Filer to a domain. When the Nasuni Filer joins a domain,
you are prompted to decide which of any volumes that existed before the join should use
Active Directory authentication and which should act as if the Nasuni Filer is still in Public
mode.
The Domain Settings page offers settings to join the Nasuni Filer to a domain, to enable or disable
access by secondary domains, and to leave the current domain.
Note: The Domain Settings page is not available until the Nasuni Filer has joined an Active
Directory domain. See “Joining a Nasuni Filer to a domain” on page 311.
Nasuni Filer Administration Guide 8.0
335
Configuration Page
Domain Settings (for Nasuni Filers running versions before 7.8)
Joining a Nasuni Filer (that has not previously joined any domain) to a domain (for Nasuni
Filers running versions before 7.8)
To join a Nasuni Filer (that has not previously joined any domain) to an Active Directory domain, see
“Joining a Nasuni Filer to a domain” on page 311.
Joining the Nasuni Filer to an Active Directory domain (for Nasuni Filers running versions
before 7.8)
Join
Caution: If the Nasuni Filer is already joined to an Active Directory domain, this
procedure causes the Nasuni Filer to leave that Active Directory domain. The Nasuni Filer
loses the resources of all domains that the Nasuni Filer is aware of, including users and
groups. A Nasuni Filer that has left the domain does not provide CIFS access to any
clients.
To join the Nasuni Filer to an Active Directory domain, follow these steps:
1. Click Configuration, then select Domain Settings from the list. The CIFS Domain Settings
page appears.
Figure 11-51: CIFS Domain Settings page.
The current source domains, if any, appear in the Source Domains list.
Nasuni Filer Administration Guide 8.0
336
Configuration Page
Domain Settings (for Nasuni Filers running versions before 7.8)
2. Continue with step b of the “Joining a Nasuni Filer to a domain” procedure on page 314.
Viewing Active Directory domains (for Nasuni Filers running versions before 7.8)
View
To view Active Directory domains, follow these steps:
1. Click Configuration, then select Domain Settings from the list. The CIFS Domain Settings
page appears.
Figure 11-52: CIFS Domain Settings page.
2. If the Nasuni Filer is actively joined to Active Directory, and the Nasuni Filer passes the health
check, a banner across the top of the page says, “The system is actively joined to Active
Directory.”.
Nasuni Filer Administration Guide 8.0
337
Configuration Page
Domain Settings (for Nasuni Filers running versions before 7.8)
3. If the Nasuni Filer has successfully joined the domain, a list of Source Domains appears. For
each Source Domain in the list, the following information appears:
•
Domain: The name of the Active Directory domain.
•
NT Name: The local Windows NT-compatible workgroup name of the Active Directory
domain.
•
Enabled: An indication of whether resources in the Active Directory Domain have access to
the Nasuni Filer: Yes or No.
4. To update the list of trusted domains that the Nasuni Filer is aware of, click Update Domains.
Allowing Active Directory domains to access the Nasuni Filer (for Nasuni Filers running
versions before 7.8)
To allow a Source Domain to access the Nasuni Filer, follow these steps:
1. Click Details for the Source Domain that you want to allow to access the Nasuni Filer. The
Domain Source Settings dialog box appears.
Figure 11-53: Domain Source Settings dialog box.
2. To allow resources in the Source Domain to access the Nasuni Filer, select the Enable Source
check box. Otherwise, clear the check box.
Note: The Source for the domain that the Nasuni Filer is joined to (the primary domain)
cannot be disabled.
3. Click Save to save your changes. Otherwise, click Cancel.
Nasuni Filer Administration Guide 8.0
338
Configuration Page
Domain Settings (for Nasuni Filers running versions before 7.8)
Leaving an Active Directory domain (for Nasuni Filers running versions before 7.8)
Leave
Caution: This procedure causes the Nasuni Filer to leave the Active Directory domain.
The Nasuni Filer loses the resources of all domains that the Nasuni Filer is aware of,
including users and groups. A Nasuni Filer that has left the domain does not provide
CIFS access to any clients.
To leave an Active Directory domain, follow these steps:
1. To leave the Active Directory domain, click Leave Domain. The Leave the Domain dialog box
appears.
Figure 11-54: Leave the Domain dialog box.
2. In the User Name text box, enter a username that has permissions for removing computers
from the Active Directory domain.
Note: Avoid using the domain name in this field. The username should NOT be in the
following formats: username@domain.com or domain\username.
3. In the Password text box, enter the password for the User Name. Confirm this password in the
Repeat Password text box.
4. Click Leave to have the Nasuni Filer leave the Active Directory domain. Otherwise, click Cancel.
The Nasuni Filer leaves the Active Directory domain.
Nasuni Filer Administration Guide 8.0
339
Configuration Page
API Access Keys
API Access Keys
Certain programs external to the Nasuni Filer require a Nasuni API access key for configuration
purposes.
API Access key for the Nasuni VSS Hardware Provider
The Nasuni VSS Hardware Provider supports creating shadow copies of iSCSI volumes for third-party
Windows applications. This provider provides a fast, consistent method to take snapshots of iSCSI
volumes on the Nasuni Filer. For more details, see Using the Nasuni VSS Hardware Provider, available
at www.nasuni.com/support/documentation.
This consists of two pieces:
•
Nasuni Provider: This is a service that runs on a Windows Server machine (including Windows
Server 2003, Windows Server 2008, and Windows Server 2012). This service initiates shadow
copies for iSCSI volumes on a registered Nasuni Filer. The provider communicates with the
Nasuni Filer over HTTPS. Registering the Nasuni Filer with the provider requires the Nasuni Filer
IP address, an API key name, and a key passcode.
•
Nasuni Filer API Access Keys: On the Nasuni Filer or Nasuni Management Console user
interfaces, the administrator needs to create a Key Name and generate a Key Passcode.
API Access key for external auditing using Varonis
Nasuni can use an external auditing service, such as Varonis. To complete configuration of the Varonis
application to use Nasuni auditing events, you must provide a Nasuni API access key. For more details,
see “External Auditing Status” on page 85.
To obtain an API Access Key and Passcode, follow these steps:
1. On the Nasuni Filer, click Configuration and select API Access Keys from the drop-down
menu. The API Access Keys page appears.
Figure 11-55: API Access Keys page.
Nasuni Filer Administration Guide 8.0
340
Configuration Page
API Access Keys
2. Click Add API Key. The Add API Key dialog box appears.
Figure 11-56: Add API Key dialog box.
3. In the Name text box, enter a name for this API key. Use a name that is meaningful to you, such
as “vsskey” or “varoniskey”.
4. Click Create Key. The Nasuni Filer generates a Key Passcode for this key. The Successfully
Generated API Key dialog box appears.
Figure 11-57: Successfully Generated API Key dialog box.
5. Copy and store the Key Passcode.
6. Click Close.
7. The new key appears in the API Access Keys list.
8. To regenerate the Key Passcode, click Update.
9. To delete this key, click Delete.
Note: If you update or delete a key, and then add another key, you must re-do the
Configuring Nasuni VSS Hardware Provider procedure.
Nasuni Filer Administration Guide 8.0
341
Configuration Page
Central Configuration Policies
Central Configuration Policies
It is often expedient to define certain configuration policies for entire groups of users. These are called
Central Configuration Policies. For a specified group or groups, you can define the following
parameters:
•
Sync path: The path to the shared folder on the Nasuni Filer.
•
Bandwidth Limit: The inbound and outbound bandwidth limit for moving data to and from the
Nasuni Filer.
Note: Central Configuration Policies are only for Active Directory users and groups.
Note: If an existing Central Configuration policy changes, the user must logout and login to
see the new Central Configuration policy.
Creating or editing Central Configuration Policies
To create or edit Central Configuration Policies, follow these steps:
1. On the Nasuni Filer, click Configuration and select Configuration Policies from the drop-down
menu. The Central Configuration Policies page appears.
Figure 11-58: Central Configuration Policies page.
The following information appears for each configuration policy:
•
Name: The name of the central configuration policy.
•
Groups: The number of groups that the policy applies to.
•
Sync Paths: The number of Sync paths that the policy includes.
Nasuni Filer Administration Guide 8.0
342
Configuration Page
Central Configuration Policies
2. Click Create Policy. The Create Central Configuration Policy dialog box appears.
Figure 11-59: Create Central Configuration Policy dialog box.
Alternatively, to edit an existing Central Configuration Policy, click Edit
beside the name of
the Central Configuration Policy. The Edit Central Configuration Policy dialog box appears.
3. In the Policy Name text box, enter a name for this policy. Use a name that is meaningful to you,
such as “designers”.
4. In the Client Nasuni Folder text box, enter the folder name on the client machine. The default
Client Nasuni Folder is $HOME/Nasuni. The local variable $HOME must be defined, and usually
refers to the user’s home directory. This creates a folder named Nasuni under the user’s folder.
Tip: If you don’t want different users to be able to view each other’s data, use the default
location, which points to each user’s specific folder.
If you do want different users on the same client to be able to view each other’s data, use
a specific folder name, such as nasunifolder, that all these users can access, not a
folder in a specific user’s home directory.
Nasuni Filer Administration Guide 8.0
343
Configuration Page
Central Configuration Policies
5. You define configuration policies for groups of users.
Tip: To create groups, see “Users and Groups” on page 380.
To add one group, follow these steps:
a. In the Groups area, click Add One. The Name search box appears.
Figure 11-60: Add One Name search box.
b. Enter a partial or complete group name, then click Search
appears, containing the partial or complete group name.
. The Select Group dialog box
Figure 11-61: Select Group dialog box.
c. Click Search. A list of groups that match your search appears. Select the group to define
access for, then click Add Selected Group. The selected group appears in the Groups area.
Figure 11-62: Groups area.
6. To add more than one group, follow these steps:
a. In the Groups area, click Add Many. The Select Groups dialog box appears.
b. In the Search text box, enter a partial or complete group name.
c. Click Search. A list of groups that match your search appears.
d. Select the groups to define access for, then click Add Selected Groups. The selected groups
appear in the Groups area.
7. To delete a group from the Groups list, click Delete next to the group name. The group is
deleted from the list.
Nasuni Filer Administration Guide 8.0
344
Configuration Page
Central Configuration Policies
8. To specify one or more Sync paths, follow these steps:
a. Click Add One beside Sync Paths. The Add Sync Path dialog box appears.
Figure 11-63: Add Sync Path search box.
b. Click the Select Volume drop-down list. From the list, select the volume for the Sync path.
c. Click the Select Share drop-down list. A list of shares appears. From the list, select the share
within the selected volume for the Sync path.
d. From the list of paths, select the Sync paths for this policy.
e. Click Add. The selected Sync paths are added to the dialog box.
f.
To specify read-only access to the share, select Read Only for the share.
9. To allow users to override the Sync paths, select “Allow Users to Override Sync Paths”.
10. To set a Bandwidth Limit, in the Bandwidth Limit text box, type the value of the maximum
bandwidth, in MB/second. To specify no upper limit, type 0 or leave the text box blank.
11. To allow users to override the Bandwidth Limit, select “Allow Users to Override Bandwidth
Limit”.
12. To save the specified policy, click Save Policy.
The policy appears in the list of Central Configuration Policies.
Figure 11-64: Central Configuration Policies.
Deleting Central Configuration Policies
To delete Central Configuration Policies, follow these steps:
1. On the Nasuni Filer, click Configuration and select Configuration Policies from the drop-down
menu. The Central Configuration Policies page appears.
Figure 11-65: Central Configuration Policies page.
2. For the Central Configuration Policy that you want to delete, click Delete
Delete Policy dialog box appears. Click Delete Policy.
The selected policy is deleted.
Nasuni Filer Administration Guide 8.0
. The About to
345
Configuration Page
Encryption Key Management
Encryption Key Management
The Nasuni Filer automatically encrypts your data at your premises using the OpenPGP encryption
protocol, with 256-bit Advanced Encryption Standard (AES-256) encryption as the default encryption.
The data remains encrypted in cloud storage.
You can escrow your encryption keys with Nasuni (or a trusted third party), or generate and store your
own encryption keys. Your data is encrypted and compressed and is never visible to Nasuni.
Warning: Do NOT save encryption key files to a volume on a Nasuni Filer. You will NOT
be able to use these to recover data. This is NOT how to upload encryption
keys to a Nasuni Filer. To upload encryption keys to a Nasuni Filer, see
“Adding (Importing or Uploading) Encryption Keys” on page 348.
All data on a volume is encrypted using one or more encryption keys before being sent to cloud
storage. Volumes may be encrypted with one or more encryption keys, and encryption keys may be
used for any number of volumes.
There are several actions you can perform on encryption keys, including adding new encryption keys,
enabling or disabling encryption keys, escrowing encryption keys with Nasuni, and, under certain
circumstances, deleting encryption keys.
All uploaded encryption keys should be at least 2048 bits long.
Warning: Do NOT save encryption key files to a volume on a Nasuni Filer. You will NOT
be able to use these to recover data. This is NOT how to upload encryption
keys to a Nasuni Filer. To upload encryption keys to a Nasuni Filer, use the
Encryption Keys page.
At least one encryption key must be enabled for a volume, but several encryption keys can be enabled
at the same time. When multiple encryption keys are enabled, all of the enabled encryption keys are
used to encrypt data in such a way that any one of the encryption keys can decrypt the data.
There are several reasons you might want to disable an encryption key, such as, when someone with
access to the encryption key leaves the company, or if your enterprise has a policy of rotating
encryption keys periodically. When you disable an encryption key, no future data is encrypted with that
encryption key. However, all data previously encrypted by that disabled encryption key remains
encrypted by that disabled encryption key. For this reason, before you disable an encryption key, you
should consider establishing a snapshot retention policy that removes the data that was encrypted with
the disabled encryption key.
Because volumes must have at least one encryption key associated with them, in practice you add a
new encryption key to a volume first, and then disable the existing encryption key.
You can delete encryption keys, but only in the case where they are not being used by any volumes.
You cannot modify encryption keys stored on the system. For security reasons, encryption keys that
you upload cannot be downloaded from the system. You can only download encryption keys that the
Nasuni Filer has generated internally.
Note: To add an encryption key to a volume, see “Adding Encryption Keys to a Volume” on
page 95.
See www.nasuni.com/support/documentation for a worksheet for planning configurations.
Nasuni Filer Administration Guide 8.0
346
Configuration Page
Encryption Key Management
Viewing information about encryption keys
View
To view information about encryption keys:
1. Click Configuration, then select Encryption Keys from the list. The Encryption Keys page
appears.
Figure 11-66: Encryption Keys page.
On this page, you can view information about each of the encryption keys currently in use,
including the encryption key name, fingerprint, encryption key ID, algorithm, length (in bits),
whether the encryption key is escrowed by Nasuni, and which volumes use the encryption key.
The fingerprint is a cryptographic hash of the encryption key. The key ID is a shorter version of
the fingerprint of the encryption key, generally including just the last 8 digits.
2. Optionally, you can click a volume hyperlink to go to the Volume properties page. See
“Encryption Key Management” on page 90 for details.
Nasuni Filer Administration Guide 8.0
347
Configuration Page
Encryption Key Management
Adding (Importing or Uploading) Encryption Keys
Upload
You can generate your own encryption keys using any OpenPGP-compatible program, such as PGP or
GnuPG. You can then add (import or upload) the encryption key to the Nasuni Filer. The encryption key
is used to encrypt your data before it is sent to cloud storage and decrypt data when it is read back.
The Nasuni Filer accepts multiple encryption algorithms for encryption keys.
Important: Imported encryption keys are not automatically escrowed. You MUST SAVE all
imported encryption keys to another location outside the Nasuni Filer, so that
they are available if needed for recovery. All encryption keys associated with a
volume must be recovered as part of the recovery process. To escrow encryption
keys with Nasuni, see “Escrowing Encryption Keys with Nasuni” on page 350.
All uploaded encryption keys should be at least 2048 bits long.
To add (import or upload) an encryption key:
1. Click Configuration, then select Encryption Keys from the list. The Encryption Keys page
appears.
Figure 11-67: Encryption Keys page.
2. Click Upload Encryption Key(s). The Import OpenPGP Key(s) page appears.
Figure 11-68: Import OpenPGP Key(s) page.
Nasuni Filer Administration Guide 8.0
348
Configuration Page
Encryption Key Management
3. Click Choose File, then navigate to the encryption key file. This file should be OpenPGP
compatible.
4. If an encryption key passphrase is needed, enter the encryption key passphrase in the Key
Passphrase text box.
5. Click Import Key. The encryption key is imported to the Nasuni Filer.
Tip: Imported encryption keys are not automatically escrowed. Save all imported encryption
keys to another location outside the Nasuni Filer, so that they are available if needed for
recovery.
Note: You cannot download uploaded encryption keys.
Downloading (Exporting) Generated Encryption Keys
Download
If you are using encryption keys generated internally by the Nasuni Filer, you can export (download) and
escrow your encryption keys with Nasuni or a trusted third party.
To export (download) encryption keys:
1. Click Configuration, then select Encryption Keys from the list. The Encryption Keys page
appears.
Figure 11-69: Encryption Keys page.
2. Click Download generated keys. Depending on your browser, a message box might appear; if
so, navigate to an appropriate folder and save the encryption key file. The encryption key file is
saved with a .pgp extension.
Tip: If you are planning on trying the recovery functionality during trial mode, download your
encryption keys to a safe location first.
Nasuni Filer Administration Guide 8.0
349
Configuration Page
Encryption Key Management
Escrowing Encryption Keys with Nasuni
Escrow
You can escrow your encryption keys with Nasuni. Escrowing an encryption key with Nasuni means
that you can, at any time, request the encryption key during a recovery from Nasuni. Your encryption
key is protected on Nasuni servers using the same security practices that we use for all encryption keys
escrowed with Nasuni.
To escrow encryption keys with Nasuni:
1. Click Configuration, then select Encryption Keys from the list. The Encryption Keys page
appears.
Figure 11-70: Encryption Keys page.
2. For the encryption key that you want to escrow with Nasuni, click Escrow key with Nasuni. The
Escrow your encryption key with Nasuni page appears.
Figure 11-71: Escrow your encryption key with Nasuni page.
Nasuni Filer Administration Guide 8.0
350
Configuration Page
Encryption Key Management
3. Enter a Username (case-sensitive) and Password (case-sensitive) that has permission to
perform this operation.
Caution: You are about to permanently escrow your encryption key with the Nasuni
Corporation. This process is irreversible.
4. Click Escrow Key. Your encryption key is escrowed with Nasuni.
Nasuni Filer Administration Guide 8.0
351
Configuration Page
Encryption Key Management
Deleting Encryption Keys
Delete
You can delete encryption keys, as long as the encryption key is not currently assigned to a volume and
never has been assigned to a volume. Encryption keys that were once assigned to a volume, but are
now disabled, might be needed for recovery procedures and so cannot be deleted.
To delete an encryption key, follow these steps:
1. Click Configuration, then select Encryption Keys from the list. The Encryption Keys page
appears.
Figure 11-72: Encryption Keys page.
2. For the encryption key that you want to delete, click Delete This Key. The Delete an OpenPGP
Key dialog box appears.
Figure 11-73: Delete an OpenPGP Key dialog box.
3. Enter a Username (case-sensitive) and Password (case-sensitive) that has permission to
perform this operation.
Caution: You are about to permanently delete this encryption key. This process is
irreversible.
4. Click Delete. Your encryption key is deleted.
Nasuni Filer Administration Guide 8.0
352
Configuration Page
Encryption Key Management
Backup Keys
A backup key is a type of encryption key that is used to ensure that it is possible to recover a Nasuni
Filer that has no owned volumes. Without a backup key, it is not possible to recover a Nasuni Filer that
has no owned volumes.
If a Nasuni Filer has no owned volumes and no backup key, after 2 days, the following notification is
sent: “Because this Filer has no volumes or backup keys, you cannot currently perform a disaster
recovery on this Filer. On the Encryption Keys page, you can generate a backup key to enable disaster
recovery.”
You can generate a backup key on the Encryption Keys page.
Figure 11-74: Encryption Keys page.
Important: The time to generate an encryption key can vary widely, depending on the
hardware (real or virtual) that the Nasuni Filer is executing on. Encryption keys
are generated in the background, so as to not block use of the Nasuni Filer
during generation.
The “Generate Key” button is available if the Nasuni Filer has no owned volumes and no backup key.
Alternatively, you can upload an encryption key for use as a backup key.
If a backup key has been generated or uploaded for a Nasuni Filer, the backup key appears in the list of
encryption keys on the Encryption Keys page.
Figure 11-75: Encryption Keys page.
Nasuni Filer Administration Guide 8.0
353
Configuration Page
Encryption Key Management
A generated backup key is automatically escrowed with Nasuni. You can also download a generated
backup key and safeguard it yourself.
If the backup key is the only encryption key for the Nasuni Filer, you cannot delete the backup key.
When recovering the Nasuni Filer using a backup key, indicate whether or not you need Nasuni to
provide an escrowed backup key on the second “Perform Disaster Recovery on existing Filer” page.
Then obtain your backup key, either from Nasuni or from your own safekeeping, and upload your
backup key on the “Upload Encryption Keys” page.
Nasuni Filer Administration Guide 8.0
354
Configuration Page
Firewall
Firewall
Edit
You can limit traffic to the Nasuni Filer user interface and the Nasuni Support SSH port, which provides
firewall protection.
Note: In addition to this protection, you can also configure separate access to CIFS shares,
NFS exports, and FTP/SFTP directories, as detailed in “Editing a CIFS Share” on
page 139, “Editing an NFS Export” on page 146, and “Editing FTP directories” on
page 158.
To configure firewall protection, follow these steps:
1. Click Configuration, then select Firewall from the list. The Firewall page appears.
Figure 11-76: Firewall page.
Nasuni Filer Administration Guide 8.0
355
Configuration Page
Firewall
2. In the Traffic Group area, to configure the firewall policy for each Traffic Group, click Edit
beside the Traffic Group. The Edit Firewall Policy dialog box appears.
Figure 11-77: Edit Firewall Policy dialog box.
a. From the Policy drop-down list, select one of the following choices:
Note: All policies permit outbound traffic. That traffic is fully controlled by the
configuration of the Nasuni Filer's local networks and gateways.
•
All Protocols Permitted: This policy allows all inbound traffic.
•
Deny All Incoming Connections: This policy allows no inbound traffic.
•
Client Protocols Permitted: This policy allows only CIFS, CIFS Web, NFS, FTP, and
iSCSI inbound traffic.
•
Mobile/Web Clients Permitted: This policy allows only Mobile Access or CIFS Web
inbound traffic, such as Web Access.
•
Custom Protocol Selection: This policy allows selected inbound traffic. You can select
one or more of the following inbound protocols:
•
Admin UI: Traffic to the user interface.
•
FTP: FTP inbound traffic.
•
ICMP Echo (Ping): Inbound ICMP Echo Request traffic.
•
iSCSI: iSCSI inbound traffic.
•
Mobile: Mobile Access inbound traffic.
•
NFS: NFS inbound traffic.
•
SFTP (SSH FTP): SSH FTP inbound traffic.
•
CIFS/SMB: CIFS/SMB inbound traffic.
•
SNMP: SNMP inbound traffic.
Nasuni Filer Administration Guide 8.0
356
Configuration Page
•
Firewall
SSH: SSH inbound traffic.
Warning: If you disable Mobile Access and CIFS/SMB Web inbound traffic and
enable Admin UI traffic, you might not be able to open the default URL of the
Nasuni Filer user interface. Normally, the default URL is redirected from port 80 to
port 8443, but this cannot happen when Mobile Access and CIFS Web inbound
traffic are disabled. Use this URL to access the Nasuni Filer user interface:
https://<your Nasuni Filer URL>:8443
b. Click Save to save your changes. Otherwise, click Cancel.
3. In the Filer GUI Hosts text box, enter a comma-separated list of IP addresses or subnet
addresses of hosts that you permit to access your Nasuni Filer user interface. If the text box is
blank, any host can access your Nasuni Filer user interface.
4. In the Support SSH Hosts text box, enter a comma-separated list of IP addresses or subnet
addresses of hosts that you permit to connect to your Nasuni Filer’s Support SSH port. If the
text box is blank, any host can access your Nasuni Filer’s Support SSH port.
Note: Setting this field does not prevent the use of the Nasuni Remote Support Service,
as detailed in “Remote Support Service” on page 281.
5. Click Save Firewall Settings to save your entries. The message “Updated firewall
configuration” appears.
Tip: If you configure the firewall in such a way that you cannot access the Nasuni Filer user
interface, you can reset the firewall using the console for the Nasuni Filer. For the Nasuni
Filer hardware appliance, use a keyboard and monitor attached to the hardware
appliance. For the Nasuni Filer virtual machine, use the virtual machine console window.
The console prompt appears.
Press Enter to access the Service menu. The login prompt appears. Enter the username
and password. The login username is service, and the default password is service.
The Service Menu appears.
Enter resetfirewall
The firewall resets.
Nasuni Filer Administration Guide 8.0
357
Configuration Page
Quota Settings
Quota Settings
Report
The Nasuni Filer can send email reports to administrators or to users about which directories are near
or over their quota. You can send email reports immediately, or schedule days and times to send email
reports.
For details about setting a directory quota, see “Setting Quota or Rule” on page 221. You must also
configure email settings in order to send quota email reports: see “Email Settings” on page 285. You
must also enable Capacity Alerts in order to send quota email reports: see “Adding Permission Groups”
on page 383.
A typical personal quota report looks like the following:
You are receiving this automated Storage Usage Report because at least
one directory is near or over its storage quota threshold of 90%. Your
storage administrator has associated this email address with the
directories listed below. If this is incorrect, please contact your
storage administrator.
This Storage Usage Report is for the storage controller: "filer-x"
This Storage Usage Report includes directories that are in the volume:
volume-1
Directory Path
Current
Storage
Limit
Current
Storage
Usage
Percent
Used
Email Address
/nmc
1.0 GB
923.21 MB
92%
user@company.com
/users
1.0 GB
126.31 MB
126%
user@company.com
Please consult with your storage administrator to either reduce the
amount of data stored in the directories listed above, or increase the
storage limit for those directories.
A typical Directory Quota Violation Report looks like the following:
You are receiving this Directory Quota Violation Report because one or
more directories is near or over its Directory quota threshold of 90%.
This email address is designated to receive Capacity Alerts. If this is
incorrect, you can change the Email Settings for this Nasuni Filer.
This Storage Usage Report is for the storage controller: "filer-x"
This Storage Usage Report includes directories that are in the volume:
volume-1
Directory Path
Current
Storage
Limit
Current
Storage
Usage
Percent
Used
Email Address
/nmc
1.0 GB
923.21 MB
92%
user@company.com
/users
1.0 GB
126.31 MB
126%
user@company.com
Nasuni Filer Administration Guide 8.0
358
Configuration Page
Quota Settings
Viewing quota report configuration
To view quota email report configuration, follow these steps:
1. Click Configuration, then select Quota Settings from the list. The Quota Settings page
appears.
Figure 11-78: Quota Settings page.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
A list of the currently configured quota email reports includes the days to send reports, the time
on those days to begin sending reports, and the types of reports to send at that time.
Adding a new quota report
To add a new quota email report, follow these steps:
1. Click Configuration, then select Quota Settings from the list. The Quota Settings page
appears.
Figure 11-79: Quota Settings page.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
Nasuni Filer Administration Guide 8.0
359
Configuration Page
Quota Settings
2. To add a new scheduled quota report, click Add Report. The Add Schedule Quota Report
dialog box appears.
Figure 11-80: Add Schedule Quota Report dialog box.
3. Select the days on which you want to send quota reports. To select or deselect all days, click
Select/Deselect all.
4. From the Activation Time drop-down list, select the time that you want to start sending quota
reports.
5. To send quota reports to administrators, select Administrative Report. The quota email reports
are sent to the addresses configured as described in “Email Settings” on page 285. The
administrator report includes all directories near or over their quota.
6. To send quota reports to users, select User Report. The quota email reports are sent to the
addresses configured as described in “Setting Quota or Rule” on page 221. The user report
includes only the user’s directories near or over their quota.
7. In the Report Threshold text box, enter a percentage of the configured directory quota. Quota
reports are sent when data nears or exceeds this percentage of the quota. To configure
directory quotas, see “Setting Quota or Rule” on page 221.
8. Click Save to save your changes. Otherwise, click Cancel.
Nasuni Filer Administration Guide 8.0
360
Configuration Page
Quota Settings
Sending a quota report (capacity report) now
You can send a quota report (capacity report) immediately, even if the quota report threshold is not
exceeded.
To send a quota report now, follow these steps:
1. On the Quota Settings page, click Send Quota Report Now. The Send Quota Report dialog
box appears.
Figure 11-81: Send Quota Report dialog box.
2. To send quota reports to administrators, select Administrative Report. The quota email reports
are sent to the addresses configured in “Email Settings” on page 285. The administrator report
is sent regardless of whether any directories are near or over their quota.
3. To send quota reports to users, select User Report. The quota email reports are sent to the
addresses configured in “Setting Quota or Rule” on page 221. The user report is sent regardless
of whether any directories are near or over their quota.
4. In the Report Threshold text box, enter a percentage of the configured directory quota. Quota
reports are sent regardless of whether any directories are near or over their quota. To configure
directory quotas, see “Setting Quota or Rule” on page 221.
5. Click Send to send the report. Otherwise, click Cancel.
Changing an existing quota report
To change an existing quota report, on the Quota Settings page, click Edit Report for that report. The
Edit Quota Report Schedule dialog box appears. Follow the steps as for “Adding a new quota report”
on page 359, starting with step 3.
Deleting a quota report
To delete an existing quota report, on the Quota Settings page, click Delete Report. The Delete
Scheduled Quota Report dialog box appears. To delete the quota report, click Delete Report.
Otherwise, click Cancel.
Nasuni Filer Administration Guide 8.0
361
Configuration Page
SSL Server and Client Certificates
SSL Server and Client Certificates
You can view the SSL CA-signed server certificates or self-signed certificates that you can use when
accessing the Nasuni Filer user interface. By default, the Nasuni Filer is preloaded with a self-signed
SSL certificate that is unique to the Nasuni Filer.
You can also generate a new Certificate Request to submit to a Certificate Authority (CA) for signing.
When you receive the signed certificate from the CA, you can associate the CA-signed certificate (and
optional certificate chain) with the request. After this is done, you can use that CA-signed certificate to
manage the Nasuni Filer.
Note: If something ever goes wrong with the certificates and you are unable to access the
Nasuni Filer user interface, use the service menu on the console of your hardware
appliance or virtual machine to reset the certificate to the default self-signed certificate.
See “Resetting an SSL Certificate” on page 376 for details.
Note: A notification occurs when the active SSL certificate is less than 30 days from expiring.
You can also upload an existing SSL server certificate. This can be in the form of an SSL key file, an
SSL key and certificate file, an SSL certificate, or an SSL certificate chain. You can then use that
uploaded certificate to manage the Nasuni Filer.
You can also copy, replace, save, and delete SSL server certificates and SSL certificate chains.
You can also view and upload client certificates. Client certificates are SSL Certificates that enable the
Nasuni Filer to verify the identity of services that it connects to. For example, you can upload a custom
CA certificate used by your company that the Nasuni Filer can use to validate LDAP servers.
Nasuni Filer Administration Guide 8.0
362
Configuration Page
SSL Server and Client Certificates
Viewing SSL CA-signed server certificates or self-signed server certificate
View
To view current SSL CA-signed certificates or self-signed certificate:
1. Click Configuration, then select SSL Certificates from the list. The SSL Certificates page
appears.
Figure 11-82: SSL Certificates page.
The current SSL certificates, self-signed certificates, and SSL certificate requests appear in the
list.
2. To view details of a certificate, click the hyperlink of the certificate. The Certificate Details box
appears.
Figure 11-83: Certificate Details box.
Nasuni Filer Administration Guide 8.0
363
Configuration Page
SSL Server and Client Certificates
The certificate information displayed includes the following:
•
Name: The name of the certificate.
•
Type: The type of certificate.
•
Subject: The string containing the subject of the certificate.
•
Issuer: The string containing the issuing party.
•
Signature type: The type of cryptographic signature of the certificate.
Note: The signature type Sha1WithRsaEncryption is being deprecated and should be
avoided, if possible.
•
Start Date: The date that the certificate becomes effective.
•
End Date: The date that the certificate is no longer in effect.
•
Common Name: The IP address or fully qualified domain name (FQDN) of the web server
that receives the SSL certificate.
•
Country Code: The two-letter ISO abbreviation for the country (for example, US for the
United States) where your organization's office is legally registered.
•
State/Province: The full name of the state or province where your organization's office is
located.
•
Locality Name: The full name of the city where your organization's office is located.
•
Organization: The name under which your organization is legally registered.
3. Click Close to close this box.
Nasuni Filer Administration Guide 8.0
364
Configuration Page
SSL Server and Client Certificates
Generating SSL CA-signed Certificates or a Self-Signed Certificate
Add
To generate a new SSL CA-signed certificate or a self-signed certificate:
1. Click Configuration, then select SSL Certificates from the list. The SSL Certificates page
appears.
Figure 11-84: SSL Certificates page.
Nasuni Filer Administration Guide 8.0
365
Configuration Page
SSL Server and Client Certificates
2. Click Generate Certificate. The Create SSL Certificate Request page appears.
Figure 11-85: Create SSL Certificate Request page.
3. In the Management Name text box, enter the name that you use to refer to this certificate.
4. In the Common Name text box, enter the fully qualified domain name (FQDN) or IP address that
you use to access the Nasuni Filer user interface. The optional but most common choice is the
Nasuni Filer's fully qualified domain name, which is automatically entered.
Note: This MUST match the way users connect to the Nasuni Filer.
5. In the Country Code text box, enter the two-letter country code, such as US.
6. In the State/Province Name text box, enter the name of your state or province, such as
Massachusetts.
7. In the Locality text box, enter the name of your city or town, such as Boston.
8. In the Organization Name text box, optionally enter the name of your organization, such as
Nasuni.
9. To create a self-signed certificate instead of a certificate request, select Self-Sign Certificate.
10. Click Save Certificate. If you selected Self-Sign Certificate, a self-signed certificate is created.
Otherwise, a certificate request is created.
Nasuni Filer Administration Guide 8.0
366
Configuration Page
SSL Server and Client Certificates
11. If you did not select Self-Sign Certificate, to download the certificate request .csr file, on the
SSL Certificates page, click Save Request File next to the name of the certificate request in
the list.
12. Submit this certificate request to a Certificate Authority (CA) for signing.
13. When you receive the signed certificate file, select Add Signed Certificate from the Actions
drop-down list next to the name of the certificate request in the list. The Add Certificate Files
dialog box appears.
Figure 11-86: Add Certificate Files dialog box.
14. Click Choose File next to Certificate File, then navigate to the PEM- and DER-encoded X.509
file or PKCS#7 certificate file.
15. Optionally, click Choose File next to Certificate Chain File, then navigate to the SSL certificate
chain file.
16. Click Save Certificate. The certificate is installed and becomes available in the list of
certificates on the SSL Certificates page.
Figure 11-87: SSL Certificates page.
Nasuni Filer Administration Guide 8.0
367
Configuration Page
SSL Server and Client Certificates
Copying Existing SSL Certificates
You can create a new SSL CA-signed certificate or self-signed certificate by copying an existing SSL
certificate. You might need to copy an SSL certificate as part of a manual process for recreating or
updating an SSL certificate.
To copy an SSL certificate:
1. Click Configuration, then select SSL Certificates from the list. The SSL Certificates page
appears.
Figure 11-88: SSL Certificates page.
2. For the SSL certificate that you want to copy, select Copy from the Actions drop-down list next
to the name of the certificate in the list. The Copy SSL Certificate dialog box appears.
Figure 11-89: Copy SSL Certificate dialog box.
3. In the New Management Name text box, enter the new name that you want to use to refer to
this SSL certificate. The default name is the name of the original SSL certificate with “(2)”
appended. All other SSL certificate parameters are copied from the original SSL certificate.
4. To create a self-signed certificate instead of a certificate request, select Self-Sign Certificate.
Nasuni Filer Administration Guide 8.0
368
Configuration Page
SSL Server and Client Certificates
5. Click Copy Certificate. If you selected Self-Sign Certificate, a self-signed certificate is
created. Otherwise, a certificate request is created.
6. If you did not select Self-Sign Certificate, to download the certificate request .csr file, on the
SSL Certificates page, click Save Request File next to the name of the certificate request in
the list.
7. Submit this certificate request to a Certificate Authority (CA) for signing.
8. When you receive the signed certificate file, select Add Signed Certificate from the Actions
drop-down list next to the name of the certificate request in the list. The Add Certificate Files
dialog box appears.
Figure 11-90: Add Certificate Files dialog box.
9. Click Choose File next to Certificate File, then navigate to the PEM- and DER-encoded X.509
file or PKCS#7 certificate file.
10. Optionally, click Choose File next to Certificate Chain File, then navigate to the SSL certificate
chain file.
11. Click Save Certificate. The certificate is installed and becomes available in the list of
certificates on the SSL Certificates page.
Nasuni Filer Administration Guide 8.0
369
Configuration Page
SSL Server and Client Certificates
Uploading SSL Certificates
Uploading
To upload an existing SSL certificate:
1. Click Configuration, then select SSL Certificates from the list. The SSL Certificates page
appears.
Figure 11-91: SSL Certificates page.
2. Click Upload Certificate. The Add Certificate Files page appears.
Figure 11-92: Add Certificate Files page.
Nasuni Filer Administration Guide 8.0
370
Configuration Page
SSL Server and Client Certificates
3. In the Certificate Name text box, enter the name that you use to refer to this certificate.
4. To add an SSL key file or SSL key and certificate bundle file, click Choose File next to Key File,
then navigate to the SSL key file or SSL key and certificate bundle file.
5. If an SSL certificate was not part of a bundle file in step 4, to add an SSL certificate, click
Choose File next to Certificate File, then navigate to the SSL certificate file.
6. If an SSL certificate chain was not part of a bundle file in step 4, to add an SSL certificate chain
file, click Choose File next to Certificate Chain File, then navigate to the SSL certificate chain
file.
7. Enter the Password, if required.
8. Click Save Certificate. The certificate is installed and becomes available in the list of
certificates on the SSL Certificates page.
Figure 11-93: SSL Certificates page.
Nasuni Filer Administration Guide 8.0
371
Configuration Page
SSL Server and Client Certificates
Replacing SSL Certificates or SSL Certificate Chains
You can replace an existing SSL certificate or SSL certificate chain. This might occur if you need an
SSL certificate chain file, or if you are replacing one SSL certificate with another one.
To replace an existing SSL certificate:
1. Click Configuration, then select SSL Certificates from the list. The SSL Certificates page
appears.
Figure 11-94: SSL Certificates page.
2. For the SSL certificate that you want to replace, select Replace Certificate/Chain from the
Actions drop-down list next to the name of the certificate in the list. The Add Certificate Files
dialog box appears.
Figure 11-95: Add Certificate Files dialog box.
3. Click Choose File next to Certificate File, then navigate to the PEM- and DER-encoded X.509
file or PKCS#7 certificate file.
Nasuni Filer Administration Guide 8.0
372
Configuration Page
SSL Server and Client Certificates
4. Optionally, click Choose File next to Certificate Chain File, then navigate to the SSL certificate
chain file.
5. Click Save Certificate. The existing certificate is replaced and appears in the list of certificates
on the SSL Certificates page.
Nasuni Filer Administration Guide 8.0
373
Configuration Page
SSL Server and Client Certificates
Setting SSL Certificates
Set
You can select which of several SSL certificates to set as the GUI certificate for the Nasuni Filer.
To set a new SSL certificate:
1. Click Configuration, then select SSL Certificates from the list. The SSL Certificates page
appears.
Figure 11-96: SSL Certificates page.
2. For the SSL certificate that you want to select, click Set as GUI Certificate. The Enable SSL
Certificate for Filer GUI dialog box appears.
Figure 11-97: Enable SSL Certificate for Filer GUI dialog box.
3. Enter a Username (case-sensitive) and Password (case-sensitive) that has permission to
perform this operation, then click Set GUI Certificate.
Your choice is set as the GUI certificate for the Nasuni Filer.
Nasuni Filer Administration Guide 8.0
374
Configuration Page
SSL Server and Client Certificates
Saving SSL Certificates
Delete
To download and save an SSL certificate:
1. Click Configuration, then select SSL Certificates from the list. The SSL Certificates page
appears.
Figure 11-98: SSL Certificates page.
2. From the Actions drop-down list next to the name of the certificate or certificate request that
you want to save, select “Save certificate as zip”. The certificate is downloaded and saved as
a zip file, in the way your browser handles downloads.
Nasuni Filer Administration Guide 8.0
375
Configuration Page
SSL Server and Client Certificates
Deleting SSL Certificates or Certificate Requests
Delete
Tip: You cannot delete the active SSL certificate.
To delete an SSL certificate or certificate request:
1. Click Configuration, then select SSL Certificates from the list. The SSL Certificates page
appears.
Figure 11-99: SSL Certificates page.
2. From the Actions drop-down list next to the name of the certificate or certificate request that
you want to delete, select Delete. The About to Delete SSL Certificate dialog box appears.
3. Click Delete Certificate.
The certificate or certificate request is deleted.
Resetting an SSL Certificate
If something ever goes wrong with the SSL certificates, and you are unable to access the Nasuni Filer
user interface, use the service menu on the console on your hardware appliance or virtual machine to
reset the certificate to the default self-signed certificate.
To reset the certificate, follow these steps:
1. On the console, log in to the service menu by pressing Enter and signing in. The default login
username is service, and the default password is service.
2. On the console, at the command-line prompt, type resetguicert and press Enter. The
message “Reset GUI SSL certificate to default” appears.
3. To confirm, at the command-line prompt, type yes. The message “GUI Certificate Reset”
appears.
Nasuni Filer Administration Guide 8.0
376
Configuration Page
SSL Server and Client Certificates
4. Re-try the Nasuni Filer user interface with the self-signed certificate.
Viewing SSL certificates
View
To view current SSL certificates:
1. Click Configuration, then select SSL Certificates from the list. The SSL Certificates page
appears. The Client Certificates pane is at the bottom of the page.
Figure 11-100: Client Certificates pane.
The current SSL certificates appear in the list.
The certificate information displayed includes the following:
•
Name: The name of the certificate.
•
Role: The role of the certificate, such as LDAP.
2. To view details of a certificate, click the hyperlink of the certificate. The Certificate Details box
appears.
Figure 11-101: Certificate Details box.
The certificate information displayed includes the following:
•
Name: The name of the certificate.
•
Type: The type of certificate.
•
Subject: The string containing the subject of the certificate.
•
Issuer: The string containing the issuing party.
•
Signature type: The type of cryptographic signature of the certificate.
Note: The signature type Sha1WithRsaEncryption is being deprecated and should be
avoided, if possible.
Nasuni Filer Administration Guide 8.0
377
Configuration Page
SSL Server and Client Certificates
•
Start Date: The date that the certificate becomes effective.
•
End Date: The date that the certificate is no longer in effect.
3. Click Close to close this box.
Uploading SSL certificates
Uploading
To upload an existing SSL certificate:
1. Click Configuration, then select SSL Certificates from the list. The SSL Certificates page
appears. The Client Certificates pane is at the bottom of the page.
Figure 11-102: Client Certificates pane.
2. Click Upload Client Certificate. The Add Client Certificate File page appears.
Figure 11-103: Add Client Certificate File page.
3. In the Certificate Name text box, enter the name that you use to refer to this certificate.
4. Click Choose File next to Certificate File, then navigate to the SSL certificate file.
5. To select this certificate as the default for authenticating with the primary LDAP server, select
Default Authentication certificate.
Nasuni Filer Administration Guide 8.0
378
Configuration Page
SSL Server and Client Certificates
6. Click Save Certificate. The certificate is installed and becomes available in the list of
certificates on the SSL Certificates page.
Figure 11-104: Client Certificates pane.
Deleting SSL certificates
Delete
Tip: You cannot delete the active SSL certificate.
To delete an SSL certificate:
1. Click Configuration, then select SSL Certificates from the list. The SSL Certificates page
appears. The Client Certificates pane is at the bottom of the page.
Figure 11-105: Client Certificates pane.
2. For the certificate that you want to delete, select Delete. The About to Delete SSL Certificate
dialog box appears.
3. Click Delete Certificate.
The certificate is deleted.
Nasuni Filer Administration Guide 8.0
379
Configuration Page
Users and Groups
Users and Groups
The Nasuni Filer provides role-based access control. You can define specific access permissions for
permission groups and users to perform actions within the Nasuni Filer user interface.
You can define up to 150 groups, each with permissions that you specify, such as Storage Access.
You can then define up to 150 users, and assign them to groups, from which users receive
permissions. The defined groups and users are for the local Nasuni Filer only.
Also, you can associate Active Directory domain groups or LDAP Directory Services domain groups
with a permission group.
Caution: When a Nasuni Filer goes under the control of the Nasuni Management
Console, the following processing occurs:
• Any existing local users and groups on the Nasuni Filer are replaced by the
users and groups of the NMC.
• When a Nasuni Filer is disconnected from the Nasuni Management Console,
the Nasuni Filer retains those users and groups that pertain to the Nasuni Filer.
There are two default groups, called Filer Administrators and File Restore. Users in the Filer
Administrators group receive full access to all aspects of the Nasuni Filer (super user). Users in the File
Restore group receive the ability to restore files and access versions. The Filer Administrators group
cannot be deleted.
There is one default user, created during installation or during an upgrade. The default user is assigned
to the Filer Administrators group. There is always at least one user in the Filer Administrators group.
Note: These permissions are only for performing actions within the Nasuni Filer user
interface. These permissions are completely independent of permissions for access to
data.
See www.nasuni.com/support/documentation for a worksheet for planning configurations.
Nasuni Filer Administration Guide 8.0
380
Configuration Page
Users and Groups
Viewing Permission Groups and Users
To view permission groups and users, follow these steps:
1. Click Configuration, then select Users/Groups from the drop-down list. The Filer Users and
Groups Overview page appears.
Figure 11-106: Filer Users and Groups Overview page.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
The information displayed includes the following:
•
Total Users: The total number of users, including Native Users and Domain Users. To view a
list of users, click Manage Users.
•
Native Users: The number of native users, namely, users explicitly defined and managed
using the Nasuni Filer or Nasuni Management Console. To view a list of users, click Manage
Users. To add a user, see “Adding Users” on page 389.
•
Domain Users: The number of domain users, namely, users automatically created because
they are members of an Active Directory or LDAP Directory Services domain group
associated with a permission group. To view a list of users, click Manage Users. To add a
permission group with an associated Active Directory or LDAP Directory Services domain
group, see “Adding Permission Groups” on page 383.
•
Users with Storage Access: The number of native users who are members of permission
groups that have Storage Access enabled. To view a list of users, click Manage Users. To
add a permission group that has Storage Access enabled, see “Adding Permission Groups”
on page 383.
•
Total Groups: The total number of permission groups, including Group Associations,
Groups Granting Access, and permission groups that do not have Group Associations or
Storage Access. To view a list of permission groups, click Manage Groups.
Nasuni Filer Administration Guide 8.0
381
Configuration Page
Users and Groups
•
Group Associations: The number of permission groups that have Active Directory or LDAP
Directory Services domain groups associated with them. To view a list of permission groups,
click Manage Groups.
•
Groups Granting Access: The number of permission groups that have Storage Access
enabled. To view a list of permission groups, click Manage Groups.
•
Groups without Members: The number of permission groups that do not have any
members. To view a list of permission groups, click Manage Groups.
2. On the Filer Users and Groups Overview page, clicking Manage Users opens the Filer Users
page.
Figure 11-107: Filer Users page.
A list of users appears. The information displayed for each user includes the following:
•
Username: The name of the user.
•
Type: The type of user: either Native or Domain. Native users are explicitly defined and
managed using the Nasuni Filer or Nasuni Management Console. Domain users are
automatically created because they are members of an Active Directory or LDAP Directory
Services domain group associated with a permission group.
•
Email: The email address of the user. Might be blank if no email address is entered. You can
change this by clicking Edit User.
•
Groups: The permission groups that the user belongs to. You can change this by clicking
Edit User.
•
Storage Access (For Native Users only): An indication of whether Storage Access is
enabled for any of the groups that the user belongs to: Yes (if Storage Access is enabled) or
No (if Storage Access is not enabled, or if user is a Domain User).
•
Actions: Available actions, such as Edit User and Delete User.
The Add User button is also available. See “Adding Users” on page 389 for details:
Nasuni Filer Administration Guide 8.0
382
Configuration Page
Users and Groups
3. On the Filer Users and Groups Overview page, clicking Manage Groups opens the Filer
Groups page.
Figure 11-108: Filer Groups page.
A list of permission groups appears. The information displayed for each permission group
includes the following:
•
Group: The name of the permission group. You can change this by clicking Edit Group.
•
Users: The number of users who belong to the permission group.
•
Permissions: The permissions defined for this permission group. You can change this by
clicking Edit Group.
•
Special: Either Domain Group Association, Storage Access Enabled, or blank. You can
change this by clicking Edit Group.
Note: Domain groups and the members of those groups always have storage access.
•
Actions: Available actions, such as Edit Group and Delete Group (if permission group has
no users).
The Add Group button is also available. See “Adding Permission Groups” on page 383 for
details:
Adding Permission Groups
Add
You can add up to 150 permission groups to which you can assign users. For each group, you can
specify exactly which actions the users in that group have permission to perform. You can associate
Active Directory or LDAP Directory Services domain groups with a permission group. You can also
assign which email alerts the group receives. To configure email alerts, see “Email Settings” on
page 285.
Note: Before you associate an Active Directory domain group with a permission group, you
must join the Nasuni Filer to the domain. See “Joining the Nasuni Filer to an Active
Directory domain (for Nasuni Filers running versions before 7.8)” on page 336.
Tip: Users who are members of groups that have the “Manage all aspects of Volumes”
permission, the “Manage all aspects of the Filer (super user)” permission, or the
“Manage Volume Settings (Can't add/delete)” permission can download files. To
control who can download files, manage these permissions accordingly. However,
Nasuni Filer Administration Guide 8.0
383
Configuration Page
Users and Groups
note that each of these permissions control other settings besides downloading files.
For details, see Appendix D, “Permissions,” on page 474.
To add a permission group, follow these steps:
1. Click Configuration, then select Users/Groups from the drop-down list. The Filer Users and
Groups Overview page appears.
Figure 11-109: Filer Users and Groups Overview page.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. On the Filer Users and Groups Overview page, click Manage Groups. The Filer Groups page
appears.
Figure 11-110: Filer Groups page.
Nasuni Filer Administration Guide 8.0
384
Configuration Page
Users and Groups
3. Click Add Group. If there are already 150 groups, you must delete an existing group before you
can add a new group. The Add New Group dialog box appears.
Figure 11-111: Add New Group dialog box.
4. In the Group Name text box, enter the name for this group. The Group Name can have up to 30
characters, including letters, digits, and symbols.
5. From the Access Type drop-down list, select the type of access from the following:
•
User Interface Access: This Access Type allows you to define permissions and, optionally,
any associations to Active Directory or LDAP Directory Services domain groups. For a full
list of displayed permissions and the operational permissions that they include, see
Appendix D, “Permissions,” on page 474.
a. From the Permissions list, select or clear the Nasuni Filer permissions that you want to
grant to the new group.
Nasuni Filer Administration Guide 8.0
385
Configuration Page
Users and Groups
Warning: Users with “Perform File Restores/Access Versions” permission have
the ability to access all files on the file server.
Tip: If you want this group to receive alert emails, you MUST select “Receive Filer
alert emails”.
Tip: Users with “Disconnect Users from Access Points” permission have the ability to
disconnect CIFS or NFS users individually, which is sometimes necessary when there
are locked files.
b. (Optional.) To link a domain group (Active Directory or LDAP Directory Services) to this
permission group, and allow members of that domain group to use their domain
credentials to access volumes on Nasuni Filers, the exact domain name and domain
group are necessary.
In the Group Association text box, enter any text from the domain name or the domain
group, and click Search. The Select Group dialog box appears. Click Search. From the
list of domain groups that include the search text, select the domain name and domain
group, then click Add Selected Group.
Alternatively, enter the exact domain name and domain group in the Group Association
text box.
Note: The list of available domain groups are from the domains previously joined to
the Nasuni Filer. See “Joining the Nasuni Filer to an Active Directory domain (for
Nasuni Filers running versions before 7.8)” on page 336.
Note: It is optional, but not necessary, to link groups granting User Interface access
to domain groups.
Note: Adding a domain group allows all users in that group to access the user
interface. You do not need to explicitly add those users. If the group membership
changes after the group is linked, the new members can still log in.
Note: If you use a Group Association, you cannot select Storage Access.
Note: Domain groups and the members of those groups always have storage access.
•
Storage Access: To grant data access to users in the new permission group.
Note: Storage Access does not grant any access to the Nasuni Filer user interface.
Note: If you select Storage Access, you cannot enter a Group Association.
6. (For User Interface Access only.) To receive all Nasuni Filer alerts to this group, select the
Receive All Alerts check box.
Tip: If you want this group to receive alert emails, you MUST select “Receive alert emails”
in step a on page 385.
Nasuni Filer Administration Guide 8.0
386
Configuration Page
Users and Groups
7. (For User Interface Access only.) If you do not select the Receive All Alerts check box, select
the particular alerts that you want sent to this group.
Tip: If you want this group to receive alert emails, you MUST select “Receive alert emails”
in step a on page 385.
The choices include the following:
•
Account Alerts: Alerts related to Nasuni.com account license issues, such as expiration
and capacity limits.
•
Appliance Alerts: Alerts that occur on the appliance.
•
Capacity Alerts: Alerts related to capacity, such as volume quotas, new quotas, and
account limits.
Note: If the licensed capacity is exceeded, you can still store more data temporarily. If
your total stored data nears or exceeds your licensed capacity, you receive warnings
to increase your licensed capacity.
Tip: To send quota reports, you must select Capacity Alerts.
•
Conflict Alerts: Notices that merge conflicts have occurred during a sync. See
“Synchronization (Merge) Conflicts” on page 206.
•
Data Migration Alerts: Alerts triggered due to data migration.
•
General Alerts: Alerts not in the other categories.
•
Safe Delete Alerts: Alerts about Safe Delete being enabled or disabled, or changes in the
status of a Safe Delete volume pending approval of delete or pending delete.
•
Snapshot Restore Alerts: When you restore data from a snapshot, this alert notifies you
when the restore is complete.
•
Software Updates: Notices that software updates are available.
•
Violation Alerts: Alerts about antivirus violations (infections). See “Antivirus Service” on
page 78.
8. (For User Interface Access only.) In the Extra Emails text box, enter one or more destination
email addresses for sending alerts to, separated by commas.
9. (For User Interface Access only.) In the Group Association text box, enter a domain group in
order to allow members of that domain group to log in. Enter a partial or complete group name,
Nasuni Filer Administration Guide 8.0
387
Configuration Page
then click Search
group name.
Users and Groups
. The Select Group dialog box appears, containing the partial or complete
Figure 11-112: Select Group dialog box.
A list of groups that match your search appears. Select the group, then click Add Selected
Group. The group appears in the Group Association text box.
10. To accept your selections, click Add Group.
The permission group is added with the selected permissions.
Editing Permission Groups
Edit
You can edit the features of existing groups.
To edit a permission group, follow the steps in “Adding Permission Groups” on page 383, except click
Edit Group instead of Add Group. The dialog box is named Edit Group, and you click Save Group at
the end. The group and its permissions are changed.
Deleting Permission Groups
Delete
Note: You cannot delete a permission group that has users. Before deleting a permission
group with users, edit each user to remove the permission group from the user.
Note: You cannot delete the Filer Administrators group.
To delete a permission group, follow these steps:
1. Click Configuration, then select Users/Groups from the drop-down list. The Filer Users and
Groups Overview page appears.
Figure 11-113: Filer Users and Groups Overview page.
Nasuni Filer Administration Guide 8.0
388
Configuration Page
Users and Groups
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. On the Filer Users and Groups Overview page, click Manage Groups. The Filer Groups page
appears.
Figure 11-114: Filer Groups page.
3. To delete a group, select the group, then click Delete Group.
4. The About to Delete Group dialog box appears. Click Delete Group.
The group is deleted.
Adding Users
You can add up to 150 users. For each user, you can specify which permission groups that user
belongs to. If this Nasuni Filer is joined to Active Directory or LDAP Directory Services, you can also
add domain users.
Note: Adding a domain group allows all Active Directory or LDAP Directory Services users in
that group to access the user interface. You do not need to explicitly add those users.
To add a user, follow these steps:
1. Click Configuration, then select Users/Groups from the drop-down list. The Filer Users and
Groups Overview page appears.
Figure 11-115: Filer Users and Groups Overview page.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
Nasuni Filer Administration Guide 8.0
389
Configuration Page
Users and Groups
2. On the Filer Users and Groups Overview page, click Manage Users. The Filer Users page
appears.
Figure 11-116: Filer Users page.
3. Click Add Native User. If there are already 150 users, you must delete an existing user before
you can add a new user. The Add Native User dialog box appears.
Figure 11-117: Add Native User dialog box.
a. In the Username text box, enter the name for this user. The Username can have up to 30
characters, including letters, digits, and the following symbols:
@
.
+
-
_
(at symbol, period, plus sign, minus sign, underline)
Nasuni Filer Administration Guide 8.0
390
Configuration Page
Users and Groups
b. In the Email text box, enter the email address for this user.
c. In the Password text box, enter the password for this user. Enter the same password in the
Password confirmation text box. An indicator of password strength appears. Although
password strength is not enforced, you should use strong passwords.
d. In the Groups list, for each of the permission groups, select or clear the check box for
granting membership to the permission group.
e. To accept your selections, click Add User.
The user is added with membership in the selected groups.
4. If the Nasuni Filer is joined to Active Directory or LDAP Directory Services, to add a domain
user, click Add Domain User. If there are already 150 users, you must delete an existing user
before you can add a new user. The Add Domain User dialog box appears.
Figure 11-118: Add Domain User dialog box.
Note: Adding a domain group allows all Active Directory or LDAP Directory Services users in
that group to access the user interface. You do not need to explicitly add those users.
You only need to add Active Directory or LDAP Directory Services users individually if
you do not want to grant access to the entire group.
a. In the Username text box, enter the name of a user in an Active Directory or LDAP domain.
For Active Directory domains, the Username must be NT-compatible. The Username can
have up to 30 characters, including letters, digits, and the following symbols:
@ . + - _ (at symbol, period, plus sign, minus sign, underline)
Nasuni Filer Administration Guide 8.0
391
Configuration Page
Users and Groups
To search for existing user names, enter a partial or complete user name, then click Search
. The Select User dialog box appears, containing the partial or complete user name.
Figure 11-119: Select User dialog box.
Click Search. If the search fails, a message appears. Otherwise, a list of users that match
your search appears. Select the user to define access for, then click Add Selected User.
The selected user appears in the Username text box.
b. In the Groups list, for each of the permission groups, select or clear the check box for
granting membership to the permission group.
c. To accept your selections, click Link User.
The user is added with membership in the selected groups.
Editing Users
You can edit the features of existing users.
To edit a user, follow the steps in “Adding Users” on page 389, except click Edit User instead of Add
User. The dialog box is named Edit User, and you click Save User at the end. The user and his or her
groups are changed.
Deleting Users
Note: You cannot delete the last user in the Filer Administrators group.
To delete a user, follow these steps:
1. Click Configuration, then select Users/Groups from the drop-down list. The Filer Users and
Groups Overview page appears.
Figure 11-120: Filer Users and Groups Overview page.
Nasuni Filer Administration Guide 8.0
392
Configuration Page
Users and Groups
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. On the Filer Users and Groups Overview page, click Manage Users. The Filer Users page
appears.
Figure 11-121: Filer Users page.
3. To delete a user, select the user, then click Delete User.
4. The About to Delete User dialog box appears. Click Delete User.
The user is deleted.
Nasuni Filer Administration Guide 8.0
393
Configuration Page
SNMP Monitoring
SNMP Monitoring
Enable
You can configure SNMP monitoring of Nasuni Filers.
The Nasuni Filer supports monitoring via the Simple Network Management Protocol (SNMP) v1, v2c,
and v3. The Nasuni Filer exposes the standard SNMPv1 MIB (management information base), as well
as the NASUNI-FILER-MIB, SNMPv2-MIB, HOST-RESOURCES-MIB, UCD-SNMP-MIB, UCD-DISKIOMIB, and IF-MIB. Both 32-bit and 64-bit SNMP network counters are supported. The SNMP server is
available on port 161.
Each of the displayed MIBs is a link. If you click a link, a page with that MIB information appears.
Data available in SNMP updates includes the following:
•
Network information, such as:
•
•
•
•
•
•
Inbound and outbound traffic by type and by port
Volume information, such as:
•
Size
•
Time of last snapshot
Local cache information, such as:
•
Total space
•
Used space
•
Free space
•
Unprotected data
•
Cache hit/miss rate
CPU performance information, such as:
•
Percent utilization
•
Load averages
Memory usage information, such as:
•
Memory utilization
•
Swap utilization
Disk performance information, such as:
•
Number of disk reads and writes per disk
•
Bytes read and written per disk
•
Client information, such as: Number of connected CIFS, iSCSI, and Mobile Access clients
•
Snapshot and sync information, such as:
•
•
Number of merge conflicts
•
Snapshot success (version) count per volume
•
Times for snapshots (start, end, delta) per volume
Traps information for anything that would generate an email alert
Nasuni Filer Administration Guide 8.0
394
Configuration Page
SNMP Monitoring
To configure SNMP monitoring:
1. Click Configuration, then select SNMP Monitoring from the list. The SNMP Monitoring
Settings page appears.
Figure 11-122: SNMP Monitoring Settings page.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. To enable SNMP v1 and v2c monitoring, select Enable v1,v2c Support.
If you enable SNMP v1 and v2c monitoring, in the Community Name text box, enter the SNMP
community name for the Nasuni Filer. The default community name is public. Changing the
community name from the default improves security.
3. To enable SNMP v3 monitoring, select Enable v3 Support.
If you enable SNMP v3 monitoring, enter a Username and Password for SNMP v3
authorization.
4. If you enable SNMP monitoring, in the System Location text box, enter the physical location of
the Nasuni Filer.
Nasuni Filer Administration Guide 8.0
395
Configuration Page
SNMP Monitoring
5. If you enable SNMP monitoring, in the System Contact text box, enter the contact information
of the person responsible for SNMP monitoring for the Nasuni Filer.
6. If you enable SNMP monitoring, in the Trap Addresses text box, enter a list of IP addresses or
hostnames listening for SNMP traps, separated by commas. If you do not want to listen for
SNMP traps, leave this blank.
If you enter any trap addresses, you can send a test trap by clicking Send Test Trap.
7. Click Save SNMP Settings. The SNMP monitoring settings are saved for this Nasuni Filer.
Nasuni Filer Administration Guide 8.0
396
Configuration Page
Web Access Branding
Web Access Branding
Edit
You can use the Web Access feature to access CIFS share data or NFS export data stored in the
Nasuni Filer using a Web browser. You can configure the Web Access display to include elements of
your organization’s branding, including logo and colors. For information on Web Access, see “Web
Access” on page 177. To enable Web Access, see at step s on page 132.
To configure Web Access branding:
1. Click Configuration, then select Web Access Branding from the list. The Web Access
Branding page appears.
Figure 11-123: Web Access Branding page.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. To include a logo on the Web Access display, click the Logo area and navigate to a logo
graphics file. The maximum file size is 500 KB.
3. To change the primary color, which is used for items including Shares, Settings, and Logout on
the Web Access display, click the Primary Color area and select a primary color.
4. To change the secondary color, which is used for items including Add Folder, Upload File, and
Sort on the Web Access display, click the Secondary Color area and select a secondary color.
5. To revert to the default logo, primary color, and secondary color, click Set Defaults.
Nasuni Filer Administration Guide 8.0
397
Configuration Page
Web Access Branding
6. Click Save. Your settings are saved.
Figure 11-124: Web Access Branding page with new logo and colors.
The Web Access page appears with the selected logo and colors.
Figure 11-125: Web Access page with branding.
Nasuni Filer Administration Guide 8.0
398
Configuration Page
Automatic Software Updates
Automatic Software Updates
Edit
You can configure the Nasuni Filer to automatically download and install updates. You can select which
day or days and the time on which to check for auto-updates. By default, this feature is disabled.
Tip: To prevent automatic software updates from occurring at inconvenient times, specify
the days and times for automatic software updates to occur. To prevent automatic
software updates entirely, deselect all days and times.
Tip: If this Nasuni Filer is joined to a Nasuni Management Console, update the Nasuni
Management Console software before updating the Nasuni Filer software.
Tip: The version of the Nasuni Filer software, such as 7.5, appears on the bottom right of
each page.
You can also manually update the Nasuni Filer as detailed in “Software Updates” on page 411.
See www.nasuni.com/support/documentation for a worksheet for planning configurations.
To configure automatic updates:
1. Click Configuration, then select Automatic Updates from the list. The Automatic Updates
Configuration page appears.
Figure 11-126: Automatic Updates Configuration page.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. Select the days on which you want to allow automatic updates. To select or deselect all days,
click Select/Deselect all.
3. From the Time drop-down list, select the time that you want an automatic update to start.
Tip: The time is the local time for the Nasuni Filer.
4. Click Save Update Configuration. Your settings are saved.
Nasuni Filer Administration Guide 8.0
399
Configuration Page
Cache Settings
Cache Settings
Edit
The cache performs two different, but related, tasks. First, the cache retains the data that users are
most likely to need. Second, the cache also temporarily contains new, incoming data that the Nasuni
Filer has not yet sent to permanent storage in the cloud.
By default, the Nasuni Filer automatically manages the amount of local cache space reserved for new,
incoming data, using an advanced algorithm to optimize cache usage. However, the administrator can
manually set the area of the cache reserved for new, incoming data. The area for new, incoming data
can be from 5 percent to 90 percent of the cache. The remainder of the cache retains the data locally
that users are most likely to need.
The larger the area for new, incoming data is, the less data the Nasuni Filer can retain locally, and the
more slowly users can access data. It might also be necessary for the Nasuni Filer to frequently retrieve
data from the cloud, which could delay access.
However, the larger the area for new, incoming data is, the larger the batches of new, incoming data
that the Nasuni Filer can send to permanent storage in the cloud, protecting that data from loss.
You can estimate the area necessary by examining data usage patterns. For example, if you have a 1
TB cache and must keep 200 GB of data locally, then you can set the area for new, incoming data as
high as 80 percent. On the other hand, if you rarely have more than 300 GB in a snapshot, then you can
set the area for new, incoming data as low as 30 percent, leaving 70 percent of the cache for local data.
By setting the amount of local cache space reserved for new, incoming data, you disable the automatic
management of this value.
To view unprotected files in the cache, see “Unprotected Files” on page 414.
Important: The Data Migration Service uses the cache. To ensure that the Data Migration
Service has enough space, set Cache Settings to 30 percent or greater. See
“Data Migration” on page 238.
Tip: Perform any necessary data migrations to the volume before enabling Remote Access.
Otherwise, data migration processing can impact the synchronization of remote
volumes. See “Data Migration” on page 238.
Nasuni Filer Administration Guide 8.0
400
Configuration Page
Cache Settings
To specify the amount of local cache space to reserve for new, incoming data, follow these steps:
1. Click Configuration, then select Cache Settings from the drop-down list. The Cache Settings
page appears.
Figure 11-127: Cache Settings page.
The size of the current cache is displayed.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
2. From the Select Percentage drop-down list, select either Automatic, or one of the available
percentages for new, incoming data.
3. To accept your selections, click Save Cache Settings.
The amount of local cache space to reserve for new, incoming data takes on the specified
value.
Nasuni Filer Administration Guide 8.0
401
Configuration Page
Cloud Credentials
Cloud Credentials
Configure
The Nasuni Filer offers the feature of using a customer-provided cloud storage account or a public
cloud storage account. Nasuni supports a variety of cloud storage platforms, including Microsoft Azure,
Amazon AWS S3, Cleversafe, IBM Cloud Object Storage, EMC ViPR/ECS, and EMC Atmos.
Important: You must create and maintain your own cloud storage account. Nasuni does not
have access to your cloud storage account.
Tip: You must configure cloud credentials before adding a volume that uses those cloud
credentials.
To view cloud credentials:
1. On the Nasuni Filer, click Configuration, then select Cloud Credentials from the menu. The
User Provided Cloud Credentials page displays a list of cloud credentials.
Figure 11-128: User Provided Cloud Credentials page.
The following information appears for each set of credentials in the list:
•
Name: The name of the set of credentials.
•
Provider: The cloud provider.
•
Used by: The volumes that use the cloud credentials.
•
Notes: Information provided by the user about the connection with the cloud provider.
•
Actions: Actions available for each set of credentials.
Tip: Be careful changing existing credentials. The connection between the Nasuni Filer and
the cloud storage provider could become invalid, causing loss of data access. Credential
editing is to update access after changes to the cloud storage parameters.
To configure cloud credentials:
1. On the Nasuni Filer, click Configuration, then select Cloud Credentials from the menu. The
User Provided Cloud Credentials page displays a list of cloud credentials.
Figure 11-129: User Provided Cloud Credentials page.
Nasuni Filer Administration Guide 8.0
402
Configuration Page
Cloud Credentials
The following information appears for each set of credentials in the list:
•
Name: The name of the set of credentials.
•
Provider: The cloud provider.
•
Used by: The volumes that use the cloud credentials.
•
Notes: Information provided by the user about the connection with the cloud provider.
•
Actions: Actions available for each set of credentials.
2. To add new credentials, click Add New Credentials and select the platform.
Alternatively, to edit existing credentials, click Edit for the credentials to edit. A page
appropriate to your selected platform appears. We show the page for Amazon S3 cloud
credentials as an example only.
Figure 11-130: Add Amazon S3 Credentials page.
Nasuni Filer Administration Guide 8.0
403
Configuration Page
Cloud Credentials
3. Enter the credentials for your platform.
For Amazon AWS S3, credentials include the following:
•
Name: A name for this set of credentials, which is used for display purposes.
•
Access Key ID: The Amazon AWS S3 Access Key ID for this set of credentials.
•
Secret Access Key: The Amazon AWS S3 Secret Access Key for this set of credentials.
•
Hostname: The hostname for the location of the cloud service provider. Use the default
setting: s3.amazonaws.com
•
Verify SSL Certificates: Use the default On setting.
•
Notes: Optional information to save.
For Microsoft Azure, credentials include the following:
•
Name: A name for this set of credentials, which is used for display purposes.
•
Account Name: The Microsoft Azure Storage Account Name for this set of credentials.
•
Primary Access Key: The Microsoft Azure Primary Access Key for this set of credentials.
•
Hostname: The hostname for the location of the cloud service provider. Use the default
setting: blob.core.windows.net
•
Verify SSL Certificates: Use the default On setting.
•
Notes: Optional information to save.
For Cleversafe/IBM Cloud Object Storage, credentials include the following:
•
Name: A name for this set of credentials, which is used for display purposes.
•
User: The Cleversafe/IBM Cloud Object Storage Username for this set of credentials. “Vault
Provisioner” access must be enabled.
•
Secret: The Cleversafe/IBM Cloud Object Storage Password for this set of credentials.
•
Hostname: dsNet Accesser IP address.
•
Verify SSL Certificates: For self-signed or default certificate: Off. For fully valid SSL
certificate: On.
•
Notes: Optional information to save.
For EMC ViPR or EMC ECS, credentials include the following:
•
Name: A name for this set of credentials, which is used for display purposes.
•
Access Key ID: The user name recognized by the EMC ViPR/ECS system for this set of
credentials.
•
Secret Access Key: The object data store key from the EMC ViPR/ECS UI for this set of
credentials.
•
Hostname: The hostname for the location of the cloud service provider.
Path-Based Addressing should be used with ViPR/ECS. If using a namespace, add it to the
end of the path: vipr1.yourco.com/mynamespace
•
Verify SSL Certificates: Use the appropriate verification setting for your EMC ViPR/ECS
system.
Nasuni Filer Administration Guide 8.0
404
Configuration Page
•
Cloud Credentials
Notes: Optional information to save.
For EMC Atmos, credentials include the following:
•
Name: A name for this set of credentials, which is used for display purposes.
•
SubTenant ID: The Atmos Subtenant ID.
•
UID: The UID you want to use for this Subtenant.
•
Shared Secret: Shared Secret for this UID.
•
Hostname: The URL or IP address to access the cloud. Preferred is a DNS name with all
appropriate DNS rules for load balancing and failover.
•
Verify SSL Certificates: For self-signed or default certificate: Should be Off. For fully valid
SSL certificate: Should be On.
•
Notes: Optional information to save.
4. Click Save Credentials. The configured credentials are saved.
At this point, you can begin adding volumes that use these cloud credentials to the Nasuni Filer.
Volume creation, volume connection, and credentials verification can each take up to 2 minutes.
Nasuni Filer Administration Guide 8.0
405
Configuration Page
Global Locking
Global Locking
Edit
This page enables you to configure certain aspects of global file locking. For details about global file
locking, see “Global File Locking” on page 227.
Tip: Use caution when making changes to global file locking, and discuss the possible
implications of changes beforehand with Nasuni Technical Support.
Note: The Nasuni Filer supports the use of byte-range locking for applications that benefit
from this feature. However, because of the impact on performance, byte-range locking
is disabled by default. If your applications require byte-range locking, contact Nasuni
Technical Support to enable byte-range locking.
If global file locking is enabled, and Internet connectivity issues prevent a Nasuni Filer from releasing
locks on certain files, local users can still read any files that are present in the local cache by degrading
the type of lock to a read lock. If a user is trying to access a file that is not present in the local cache,
and if the Nasuni Filer does have Internet access, you can also attempt to restore access to the file by
degrading the type of lock to a read lock. Enabling this feature causes all locks that are not read locks
to be denied. This effectively makes any directories that have global locks enabled into read-only
directories. Only enable this feature if file access is affected for an extended period of time.
To degrade global file locking to read locks, follow these steps:
1. Click Configuration, then select Global Locking from the drop-down list. The Global Locking
page appears.
Figure 11-131: Global Locking page.
Note: This page is available even if this Nasuni Filer is under Nasuni Management
Console control.
2. To degrade global file locking to read locks, select enabled from the Degrade to read locks
drop-down list.
3. To accept your selections, click Save Global Locking Setting.
The global file locking configuration is changed.
Nasuni Filer Administration Guide 8.0
406
Configuration Page
Changing User Password
Changing User Password
Edit
You can change the currently logged-in user account password to a new password.
To change the user account password:
1. Click Configuration, then select Change Password from the list. Alternatively, click the user
name at the top of the page, then select Change Password from the list. The Change User
Password page appears.
Figure 11-132: Change User Password page.
2. Enter your current password (case-sensitive) in the Old password text box.
3. Enter the new password (case-sensitive) you want associated with your user account in the
New password text box. An indicator of password strength appears. Password strength is
enforced for this action. You should use strong passwords.
4. Enter the new password (case-sensitive) again in the Confirm new password text box.
5. Click Save New Password.
You are taken to the Home page where the message “Password successfully changed” is
displayed.
Nasuni Filer Administration Guide 8.0
407
Chapter 12: Status Page
Status
The Status page provides information about the following:
•
Subscription status.
•
Updating the Nasuni Filer software to the latest release.
•
Status of jobs bringing data into the cache, such as Bring into Cache and Auto Cache.
•
Unprotected files currently in the cache.
•
Network status.
•
Platform status.
•
CIFS status.
•
iSCSI status.
•
NFS status.
•
FTP status.
•
File heuristics.
Note: The Status page, and all other pages of the Nasuni Filer user interface, might look
different to different users. Also, different menus and actions might be available for
different users. This is because different users are assigned different permissions,
based on their roles in the role-based access control system. See “Users and Groups”
on page 380 for details.
Note: If this Nasuni Filer is under the control of the Nasuni Management Console, menus and
menu choices might look different, because you use the Nasuni Management Console
to perform these tasks.
Nasuni Filer Administration Guide 8.0
408
Status Page
Subscription Status
Subscription Status
View
You can view your Nasuni subscription status and license information. Links to the Nasuni Terms of
Service and License Agreement, Privacy Policy, and Service Level Agreement are available on this
page.
To view your subscription status:
1. Click Status, then select Subscription Status from the list. The Subscription Status page
appears.
Figure 12-1: Subscription Status page.
If this is a trial subscription, the time left in the trial appears.
Figure 12-2: Time left in trial.
The following subscription information is displayed:
•
Account Name: Name of the account.
•
Subscription Mode: Standard, Trial, Manual, or Monthly.
•
Subscription Expires: The date on which the subscription expires.
•
Expires in: Time until the subscription expires.
•
Serial Number: The Serial Number for this subscription.
•
Usable Capacity: Total capacity licensed.
Note: If the licensed capacity is exceeded, you can still store more data temporarily. If
your total stored data nears or exceeds your licensed capacity, you receive warnings
to increase your licensed capacity.
•
Accessible Data: The amount of the usable capacity actually in use. Accessible Data
includes data already protected in the cloud, as well as data in the cache that is not yet
protected.
•
Max Volumes / Filer: Maximum number of volumes for each Nasuni Filer.
•
Max Filers: Maximum number of Nasuni Filers.
•
Max Remote Access Group Size: Maximum number of Nasuni Filers licensed to
simultaneously access a single volume. If this limit is exceeded, you receive a message and
you should contact Nasuni Technical Support.
Nasuni Filer Administration Guide 8.0
409
Status Page
•
Subscription Status
Max Remote Access Volumes: Maximum number of volumes that can be enabled for
remote access.
Refreshing Subscription License
Refresh
Click Refresh subscription license to reload the page with updated information, such as when you
purchase a Nasuni Filer or when the license changes. The message “Account refresh requested!”
appears. Click the x to close this message box. Licenses automatically refresh every 24 hours.
Nasuni Filer Administration Guide 8.0
410
Status Page
Software Updates
Software Updates
Updates
When a newer version of the Nasuni Filer software is available for installation, you can update the
software from the Status page. When you update your software, your Nasuni Filer is updated to the
newer version.
If updates are not available, a page appears telling you there are no updates at this time.
Caution: Updating the software disconnects all users currently using the Nasuni Filer.
The Nasuni Filer can take several minutes to reboot. The time to reboot can be longer if
one-time upgrade operations are necessary.
Note: Nasuni does not recommend applying software updates during your normal business
hours, because this can disrupt access. Apply software updates during off-hours.
Tip: Check the release notes of all releases between your current release and the most
recent release. See “Viewing the Nasuni Filer Release Notes” on page 29 for details.
Tip: If this Nasuni Filer is joined to a Nasuni Management Console, update the Nasuni
Management Console software before updating the Nasuni Filer software.
Tip: The version of the Nasuni Filer software, such as 7.5, appears on the bottom right of
each page.
Tip: You can configure the Nasuni FIler to apply updates automatically. For details, see
“Automatic Software Updates” on page 399.
To update to the latest release:
1. Click Status, then select Updates from the list. If an update is available, the Updates Are
Available page appears. Alternatively, if the Nasuni Filer is currently using the latest version of
the software, the No updates available page appears instead.
Figure 12-3: Updates Are Available page.
Note: If this Nasuni Filer is under Nasuni Management Console control, this page is not
available on the Nasuni Filer. Instead, use the Nasuni Management Console to view
information or perform actions.
Nasuni Filer Administration Guide 8.0
411
Status Page
Software Updates
2. To review the release notes, click the hyperlink “here” in the second sentence.
Note: Some software updates can take longer to apply than others. Refer to the release
notes before applying the update.
3. Click Update. The Update Confirmation page appears.
Figure 12-4: Update Confirmation page.
4. To confirm that you want to update the software, enter a Username (case-sensitive) and
Password (case-sensitive) that has permission to perform this operation.
5. To update to a newer version, click Apply Update. The Nasuni Filer downloads software
updates and reboots the Nasuni Filer.
Tip: To avoid any performance issues when updates occur, clear your browser’s cache.
6. After the upgrade and the reboot are complete, you are automatically redirected to the Nasuni
Filer's home page.
Optionally, you can click the hyperlink “here” to proceed to the Login page after rebooting is
complete.
7. Re-log in to the Nasuni Filer with your username (case-sensitive) and password (case-sensitive)
after the reboot is completed.
Nasuni Filer Administration Guide 8.0
412
Status Page
Cache Jobs
Cache Jobs
You can view the status of jobs that bring data or metadata into the cache, such as Bring into Cache
(see “Bringing Data into Cache of the Nasuni Filer” on page 87) and Auto Cache (see “Enabling Auto
Cache for Folders” on page 89). You can also cancel jobs that are unnecessary.
To view unprotected files in the cache, see “Unprotected Files” on page 414.
Viewing or cancelling cache jobs
To view or cancel cache jobs, follow these steps:
1. Click Status, then select Cache Jobs from the list. The Cache Job Status page displays a list
of cache jobs.
Figure 12-5: Cache Job Status page.
The following information appears for each cache job:
•
Volume: The name of the volume on which this cache job is occurring.
•
Path in Volume: The path in the volume to the data moving to the cache.
•
Type: The type of cache job, such as Manual (for Bring into Cache) or Auto (for Auto
Cache).
•
Data/Metadata: An indication whether data or metadata is moving to the cache.
•
Number of Items: The number of items to transfer.
•
Actions: Actions available for this cache job.
2. To cancel a running cache job in the list, click Cancel. A dialog box appears. Confirm that you
want to cancel the job.
The job is canceled.
Nasuni Filer Administration Guide 8.0
413
Status Page
Unprotected Files
Unprotected Files
You can view the current unprotected files in the cache for a volume. You can filter by file name, path,
size, and owner. A file is protected if a copy of the file has been saved to cloud storage.
Viewing unprotected files
To view files in the cache of a volume, follow these steps:
1. Click Status, then select Unprotected Files from the list. The Unprotected Files page
appears.
2. From the Volume drop-down list, select the volume whose cache you want to view. A list of files
currently in the cache appears.
Figure 12-6: Unprotected Files page.
The following information appears for each unprotected file:
•
Path: The path in the volume to the file in the cache.
•
Unprotected Bytes: The size of each unprotected file.
Note: Nasuni’s display of size might differ from other indications of size, such as
Windows Explorer and other utilities. Typically, such utilities display only the size of the
data currently present in the local cache, while Nasuni displays the full size, regardless of
where the data is.
•
Owner: The owner of the unprotected file.
•
Access Time: The date and time of the most recent access of the unprotected file.
Nasuni Filer Administration Guide 8.0
414
Status Page
Unprotected Files
3. Using the Filter text box, you can limit the display to items that match the criteria that you enter.
See “Filtering Displays” on page 464 for details.
Note: You cannot filter using any part of the path except the file name.
On this screen, the following field names are available:
•
Path: Matches values in the file name of the Path field.
•
Size: Matches values in the Unprotected Bytes field.
•
Owner: Matches values in the Owner field.
•
Name: Matches values in the file name in the Path field.
Note: If there are many files, it might take a little time to display the filtered results.
4. To move to the next page of unprotected files (if any), click the right arrow at the top of the
page.
5. To move to the previous page of unprotected files (if any), click the left arrow at the top of the
page.
6. To download a list of unprotected files as a CSV file, click Download CSV.
Nasuni Filer Administration Guide 8.0
415
Status Page
Network Status
Network Status
You can view current network information for the Nasuni Filer. To change the network configuration,
see “Network Configuration” on page 289.
Network Status
Status
To view the network status:
1. Click Status, then select Network Status from the list. The Network Status page appears.
Figure 12-7: Network Status page.
Note: Your display might look different from this. The number of entries depends upon
the number of configured networks.
Nasuni Filer Administration Guide 8.0
416
Status Page
Network Status
The following information is displayed:
•
Configured Networks: The number of configured networks. Clicking this link opens the
page for “Network Configuration” on page 289.
•
Traffic Groups: The traffic groups configured for this network. Three traffic groups are
available by default:
•
General: All traffic is in the General traffic group, unless explicitly assigned to the
Management or External traffic groups. The General traffic group is a dynamic traffic
group. The General traffic group is required in any configuration. At least one device
must be in the General traffic group.
•
Management: The Management traffic group is for customer support access, SSH
access, and user interface access to the Nasuni Filer. Traffic in the Management traffic
group is pulled from the General traffic group.
•
External: The External traffic group is for traffic such as cloud traffic, Nasuni API traffic,
and external traffic originating outside the LAN. Traffic in the External traffic group is
pulled from the General traffic group. If the External traffic group is configured, then all
Web, service, and cloud traffic goes through the External traffic group. If you have an
External traffic group, you must enter a gateway that is on the same subnet as your
External group devices.
You can add other traffic groups as needed. To configure traffic groups, see “Network
Configuration” on page 289.
•
Network Devices: The number of network devices.
•
Default Gateway: Default gateway of the network.
•
Hostname: The hostname of the Nasuni Filer. Clicking this link opens the page for “Network
Configuration” on page 289.
•
Network Proxy: The proxy server, if any. Clicking this link opens the page for “HTTPS Proxy
Configuration” on page 288.
•
DNS Information: Including the Search Domains hostnames and the Name Servers IP
addresses.
2. Optionally, you can change the network type and other network configuration parameters by
clicking the number of Configured Networks. The Network Configuration page appears. See
“Network Configuration” on page 289 for details on network configuration.
3. Optionally, you can change the hostname and other network configuration parameters by
clicking the Hostname. The Network Configuration page appears. See “Network
Configuration” on page 289 for details on network configuration.
4. Optionally, you can change the network proxy and other proxy settings by clicking the entry for
Network Proxy. The HTTPS Proxy Settings page appears. See “HTTPS Proxy Configuration”
on page 288 for details on proxy configuration.
Nasuni Filer Administration Guide 8.0
417
Status Page
Network Status
Traffic Groups
View
The Nasuni Filer supports multiple network interface cards (NICs), in order to segregate different types
of traffic and to bind specific Ethernet ports to a particular traffic group. Three traffic groups are
available by default:
•
General: All traffic is in the General traffic group, unless explicitly assigned to the Management
or External traffic groups. The General traffic group is a dynamic traffic group. The General
traffic group is required in any configuration. At least one device must be in the General traffic
group.
•
Management: The Management traffic group is for local customer support access using SSH,
and for user interface access to the Nasuni Filer. When the Management traffic group is defined,
local customer support access using SSH and user interface access to the Nasuni Filer are not
available from the General traffic group.
•
External: The External traffic group is for cloud traffic, Remote Support Service (if enabled), and
Nasuni API traffic. Traffic in the External traffic group is pulled from the General traffic group. If
you have an External traffic group, you must enter a gateway that is on the same subnet as your
External group devices.
To configure traffic groups, see “Network Configuration” on page 289. For more details on traffic
groups, see “About Traffic Groups” on page 289.
To view information on the Nasuni Filer’s traffic groups:
1. Click Status, then select Network Status from the list. The Network Status page appears,
including the list of Traffic Groups.
Figure 12-8: Network Status page, including list of Traffic Groups.
Note: Your display might look different from this. The number of entries depends upon
the number of physical ports.
For each traffic group, the following information is displayed:
•
Name: Name of the traffic group.
•
Device(s): The devices included in the traffic group.
•
Public IP Address (for Azure-based and EC2-based Nasuni Filers): The public IP address of
the device.
•
Type: The network type: Static or DHCP.
•
IP Address (for Azure-based and EC2-based Nasuni Filers, the Internal IP Address): The IP
address of the device. For Azure-based and EC2-based Nasuni Filers, if you're running other
machines on the EC2 or Azure platforms, you can communicate using the Internal IP
Address instead of the publicly accessible address.
•
Netmask: Subnet mask of the IP address.
Nasuni Filer Administration Guide 8.0
418
Status Page
•
Network Status
MTU: The MTU (maximum transmission unit) value indicates the maximum size of each
block of information that can be sent without the data becoming fragmented.
Physical Ports
To view information on the Nasuni Filer’s physical ports:
1. Click Status, then select Network Status from the list. The Network Status page appears,
including the list of Physical Ports.
Figure 12-9: Network Status page, including list of physical ports.
Note: Your display might look different from this. The number of entries depends upon
the number of physical ports.
The following information is displayed:
•
Name: Name of the port.
•
MAC: Media Access Control address (MAC address) of the port.
•
Carrier: Indicates whether the network interface card (NIC) senses a carrier signal on the
Ethernet cable: yes or no.
•
Speed: Speed of the port in Mbps.
•
Duplex: Type of duplex.
Nasuni Filer Administration Guide 8.0
419
Status Page
Network Status
Network Activity Charts
Charts
You can view charts of the network activity of the Nasuni Filer. The scale is in Kbits/second or Mbits/
second, depending on throughput.
Charts of Cloud Traffic and Local Traffic by Traffic Type
From the left-hand drop-down list, select Display Graphs by Traffic Type. This displays a chart of
Cloud Traffic and a chart of Local Traffic.
Figure 12-10: Network Activity charts.
You can select the time period of these charts by clicking the drop-down list on the right and selecting
one of the following time periods:
•
Previous Hour
•
Previous Day
On the Cloud Traffic chart (upper chart), you can select which network activity to include or exclude by
clicking Cloud Transmit (for data transmitted to the cloud by the Nasuni Filer), Cloud Receive (for data
received from the cloud by the Nasuni Filer), Mobile Transmit (for data transmitted to mobile devices
by the Nasuni Filer), or Mobile Receive (for data received from mobile devices by the Nasuni Filer)
under the Cloud Traffic chart.
On the Local Traffic chart, you can select which network activity to include or exclude by clicking UI
Transmit (for data transmitted to the user interface by the Nasuni Filer), UI Receive (for data received
from the user interface by the Nasuni Filer), Client Transmit (for data transmitted to the client by the
Nasuni Filer), Client Receive (for data received from the client by the Nasuni Filer), Migration Transmit
(for data transmitted to a data migration by the Nasuni Filer), or Migration Receive (for data received
from a data migration by the Nasuni Filer) under the Local Traffic chart.
Nasuni Filer Administration Guide 8.0
420
Status Page
Network Status
If you hover the mouse over any part of either chart, a label appears displaying details about the
amount of network activity at that date and time.
Figure 12-11: Details of network activity and time on Network Activity charts.
To zoom in on a specific range of displayed data, click the chart at the high end of the range you want,
then drag to the low end of the range you want, then release. The chart rescales to zoom in on the
selected range.
To reset the zoom to the default display, click Reset zoom.
Charts of Traffic by Device Layout
From the left-hand drop-down list, select Display Graphs by Device Layout. This displays a chart of
traffic received and transmitted by the Nasuni Filer as a whole.
Figure 12-12: Network Activity chart.
You can select the time period of this chart by clicking the drop-down list on the right and selecting one
of the following time periods:
•
Previous Hour.
•
Previous Day.
You can select which network activity to include or exclude by clicking Transmit (for data transmitted
by the Nasuni Filer) or Receive (for data received by the Nasuni Filer) under the chart.
If you hover the mouse over any part of either chart, a label appears displaying details about the
amount of network activity at that date and time.
Nasuni Filer Administration Guide 8.0
421
Status Page
Network Status
To zoom in on a specific range of displayed data, click the chart at the high end of the range you want,
then drag to the low end of the range you want, then release. The chart rescales to zoom in on the
selected range.
To reset the zoom to the default display, click Reset zoom.
Nasuni Filer Administration Guide 8.0
422
Status Page
Platform Status
Platform Status
Status
You can view the current status of the Nasuni Filer platform, including both virtual machines and
hardware appliances.
Viewing platform status
To view the current platform status:
1. Click Status, then select Platform Status from the list. The Platform Status page appears.
Figure 12-13: Platform Status page.
Note: Your display might look different from this. The number of entries depends upon
the number of configured arrays and disks.
Nasuni Filer Administration Guide 8.0
423
Status Page
Platform Status
The following information appears:
•
Hardware Model (hardware appliances only): The model of the hardware appliance.
•
Platform: The type of platform. For hardware appliances, this includes the model of
hardware appliance. For virtual machines, this includes the type of virtual platform.
•
CPUs: The number and speed (in GHz) of CPUs, as well as the number of CPU cores per
CPU.
•
CPU Model: The specific model of CPU.
•
System RAM: The total amount of system RAM in GiB.
•
BIOS Firmware Version (hardware appliances only): The version number of the BIOS
firmware.
Tip: You can update the firmware of Nasuni Filer hardware appliances using commands
from the Service menu of the console for the Nasuni Filer.
•
BMC Firmware Version (hardware appliances only): The version number of the hardware
appliance’s BMC (baseboard management controller) firmware.
Tip: You can update the firmware of Nasuni Filer hardware appliances using commands
from the Service menu of the console for the Nasuni Filer.
•
Serial Number (hardware appliances only): The serial number of the hardware appliance.
•
Power Supplies (hardware appliances only): The number of power supplies in the hardware
appliance.
•
Power Supply Status (hardware appliances only): The current status of the hardware
appliance power supplies. If the status is Alert, you should investigate the situation.
•
UPS Status (hardware appliances only): The current status of the hardware appliance’s
uninterruptible power supply (UPS). If the status is Alert, you should investigate the situation.
•
UPS Battery Status (hardware appliances only): The current status of the hardware
appliance’s uninterruptible power supply’s battery. If the status is Alert, you should
investigate the situation.
•
Inlet Temperature (hardware appliances only): The standby node inlet temperature in
Celsius and Fahrenheit.
•
Exhaust Temperature (hardware appliances only): The standby node exhaust temperature
in Celsius and Fahrenheit.
•
RAID Firmware Version (hardware appliances only): The version number of the hardware
appliance’s RAID firmware.
Tip: You can update the firmware of Nasuni Filer hardware appliances using commands
from the Service menu of the console for the Nasuni Filer.
•
RAID Battery (hardware appliances only): Status of the battery for the RAID array. If the
status is Alert, you should investigate the situation.
•
Full Disk Encryption (hardware appliances only): Status of Full Disk Encryption (FDE): Not
Available, Enabled, or Disabled. See “Full Disk Encryption (FDE) (hardware appliances only)”
on page 427.
Nasuni Filer Administration Guide 8.0
424
Status Page
Platform Status
2. For hardware appliances, click Identify System and the host system identification light blinks
for 120 seconds. This helps personnel to physically locate the Nasuni Filer hardware appliance
in the racks.
3. For hardware appliances, to update the hardware appliance status information on this page,
click Refresh information. The message “Requesting sensor data from system. This can take a
few moments” appears. Click the x to close the message.
Note: Hardware appliance status is automatically updated every 10 minutes.
4. For hardware appliances with FDE enabled, to change the FDE password, click Change FDE
Password. Enter the new FDE password, then click Save.
RAID Arrays (hardware appliances only)
For hardware appliances, on the Platform Status page, information about RAID Arrays appears.
Figure 12-14: RAID Arrays information.
Note: Your display might look different from this. The number of entries depends upon the
number of configured arrays and disks.
The following RAID array information is displayed:
•
For each array:
•
Total Size: Total size of the RAID array.
•
RAID Level/Type: Level of the RAID array, or type of array, such as SSD.
•
Status: Status of the RAID array. If the status is Alert, you should investigate the situation.
Nasuni Filer Administration Guide 8.0
425
Status Page
Platform Status
RAID Disks (hardware appliances only)
For hardware appliances, on the Platform Status page, information about RAID Disks appears.
Figure 12-15: RAID Disks information.
Note: Your display might look different from this. The number of entries depends upon the
number of configured arrays and disks.
The following RAID disk information is displayed:
•
For each disk:
•
Location: Location of the disk in the hardware appliance.
•
Size: Size of the disk.
•
Hardware ID: The hardware identification number of the disk.
•
FDE: Status of Full Disk Encryption (FDE) for the disk. A locked lock icon
indicates that
FDE is enabled: the disk is encrypted. An unlocked lock icon
indicates that FDE is
available, but not enabled: the disk is not encrypted. See “Full Disk Encryption (FDE)
(hardware appliances only)” on page 427.
•
Status: Status of the disk. If the status is Alert, you should investigate the situation.
•
Actions: Available actions for the disk.
Before physically removing a disk from the RAID array, click Remove. The disk is logically removed
from the RAID array. You can then physically remove the disk from the RAID array.
Nasuni Filer Administration Guide 8.0
426
Status Page
Platform Status
Full Disk Encryption (FDE) (hardware appliances only)
The goal of Full-Disk Encryption is to provide encryption for data at rest in the Nasuni Filer. While good
physical security can protect access to data in the Nasuni Filer in a data center, data can also leave the
data center through drive replacements, due to theft or failure. Encryption of data at rest makes sure
that no data can leave the Nasuni Filer by someone removing a drive and the drive remaining useable.
Nasuni includes self-encrypting drives (SEDs) in Nasuni Filer hardware appliances, NF-400 and above.
SEDs allow for hardware-based encryption of data at rest with little or no performance impact over
non-SEDs. The encryption must be “turned on”; otherwise, SEDs behave just like non-SEDs. Nasuni
does not enable the Full Disk Encryption feature for clients. Clients enable the Full Disk Encryption
feature themselves when they configure the feature.
Tip: Full Disk Encryption must be made available in the client license before encrypting
SEDs. Full Disk Encryption is available in the client license by default.
Warning: After Full Disk Encryption is enabled, it cannot be disabled.
On the Platform Status page, if Full Disk Encryption has been made available in the license, an
indicator shows that the Nasuni Filer is in one of these states:
•
An unlocked lock icon
encrypted.
•
A locked lock icon
indicates that FDE is available, but not enabled: the disk is not
indicates that FDE is enabled: the disk is encrypted.
Clients must provide a password when encrypting the Nasuni Filer and are responsible for keeping that
password for possible, but unlikely, future use. Nasuni does not provide passwords or escrow them for
clients for this feature. The password requirements are:

8 to 32 characters.

Must contain at least one uppercase letter. Case-sensitive.

Must contain at least one lowercase letter. Case-sensitive.

Must contain at least one number.

Must contain at least one non-alphanumeric character (such as < > @ +). The space character
is not permitted.
An SED and a non-SED are interchangeable when the SED encryption is not enabled. However, a
secured SED cannot be used in place of a non-SED.
Nasuni Filer Administration Guide 8.0
427
Status Page
Platform Status
Enabling Full Disk Encryption
Warning: After Full Disk Encryption is enabled, it cannot be disabled.
To enable Full Disk Encryption, follow these steps:
1. Click Enable Full Disk Encryption. The Enable Full Disk Encryption dialog box appears.
Figure 12-16: Enable Full Disk Encryption dialog box.
2. Enter the Password with which to encrypt the SEDs, and verify the password.
Warning: You must record the password securely. Nasuni cannot escrow or recover the
password.
3. Click Save.
Full Disk Encryption is enabled for the SEDs.
Nasuni Filer Administration Guide 8.0
428
Status Page
Platform Status
Changing the Full Disk Encryption Password
To change the Full Disk Encryption password, follow these steps:
1. Click Change FDE Password. The Change Full Disk Encryption Password dialog box
appears.
Figure 12-17: Change Full Disk Encryption Password dialog box.
2. Enter the Current Password.
3. Enter the New Password with which to encrypt the SEDs, and verify the password.
Warning: You must record the password securely. Nasuni cannot escrow or recover the
password.
4. Click Save.
The password for Full Disk Encryption changes.
CPU Activity
On the Platform Status page, a chart of CPU activity vs. time appears.
Figure 12-18: CPU Activity.
The graph displays the CPU activity (in percent) vs. time of day, for the total number of CPUs available
on the platform. If you hover the mouse over any part of the chart, a label appears displaying details
about the CPU activity at that date and time.
To select the time scale, from the drop-down list, select either Previous Hour or Previous Day.
Nasuni Filer Administration Guide 8.0
429
Status Page
Platform Status
Memory Usage
On the Platform Status page, a chart of memory usage vs. time appears.
Figure 12-19: Memory Usage.
The graph displays the memory usage (in GB or similar units) vs. time of day. If you hover the mouse
over any part of the chart, a label appears displaying details about the memory usage at that date and
time.
To select the time scale, from the drop-down list, select either Previous Hour or Previous Day.
Nasuni Filer Administration Guide 8.0
430
Status Page
System Alerts
System Alerts
Edit
You can configure the Nasuni Filer to issue alerts for the following conditions:
•
CPU usage exceeds a specified threshold for more than a specified time.
•
Memory usage exceeds a specified threshold for more than a specified time.
•
Snapshots do not occur for more than a specified time.
To view charts of CPU activity and memory usage, see “CPU Activity” on page 429 and “Memory
Usage” on page 430.
Tip: For a user to receive email alerts for CPU usage or memory usage, the user must be a
member of a group that has Appliance Alerts selected. See “Adding Permission Groups”
on page 383.
For a user to receive email alerts for snapshots, the user must be a member of a group
that has General Alerts selected. See “Adding Permission Groups” on page 383.
To configure system alerts, follow these steps:
1. Click Status, then select System Alerts from the list. The System Alerts page appears.
Figure 12-20: System Alerts page.
The following information is displayed:
•
CPU Alert: The alarm is issued if the CPU usage exceeds the specified Threshold for the
specified Duration.
•
Memory Usage Alert: The alarm is issued if the memory usage exceeds the specified
Threshold for the specified Duration.
•
Snapshot Alert: The alarm is issued if the volume has no snapshots for the specified
Duration.
2. To set a CPU usage alert, select the Enabled switch to On. Enter a Threshold as a percentage
of CPU usage. Enter a Duration, in minutes. The alarm is issued if the CPU usage exceeds the
specified Threshold for the specified Duration.
3. To set a memory usage alert, select the Enabled switch to On. Enter a Threshold as a
percentage of memory usage. Enter a Duration, in minutes. The alarm is issued if the memory
usage exceeds the specified Threshold for the specified Duration.
4. To set a snapshot alert, select the Enabled switch to On. Enter a Duration, in hours. The alarm
is issued if the volume has no snapshots for the specified Duration.
Nasuni Filer Administration Guide 8.0
431
Status Page
System Alerts
5. Click Save Alerts.
Nasuni Filer Administration Guide 8.0
432
Status Page
CIFS Status
CIFS Status
CIFS Shares
You can view the status of CIFS shares, as well as the status of clients connected to the Nasuni Filer
through CIFS file sharing.
To view CIFS status:
1. Click Status, then select CIFS Status from the list. The CIFS Shares page appears.
Figure 12-21: CIFS Shares page.
The following information is displayed (all columns are sortable):
•
Protocol version: The supported versions of the CIFS or SMB protocol. See “Configuring
CIFS settings” on page 308 for details on the protocol level.
•
CIFS Shares: A table displays, for each CIFS share:
•
Volume: The volume of the CIFS share. Clicking this link opens either the CIFS Shares
page for this volume (see “Viewing a CIFS Share” on page 124), if this Nasuni Filer is not
under the control of the Nasuni Management Console, or the Home page (see “Home
Page” on page 36), if this Nasuni Filer is under the control of the Nasuni Management
Console.
•
Path in Volume: The path in the volume to the CIFS share.
•
Share Name: The name of the CIFS share. Clicking this link opens either the Add CIFS
Share / Edit Settings page for this volume (see “Editing a CIFS Share” on page 139), if
this Nasuni Filer is not under the control of the Nasuni Management Console, or the
Home page (see “Home Page” on page 36), if this Nasuni Filer is under the control of the
Nasuni Management Console.
Nasuni Filer Administration Guide 8.0
433
Status Page
•
•
CIFS Status
CIFS Client Status: A table displays, for each client connected to the Nasuni Filer through
CIFS file sharing:
•
Share: The name of the CIFS share.
•
User: The name of the connected user.
•
Client: The hostname or IP address of the client.
•
Client Name: The name of the client.
•
Disconnect button: Click Disconnect to disconnect this client from the share. See
“Disconnecting a Single CIFS Client” on page 437.
Open Files & Locks: A table displays, for each open file or lock:
•
Share: The name of the CIFS share.
•
Path: The path in the share to each open file or file lock.
•
Type: The type of open file or lock, such as RDWR, RDONLY, or WRONLY.
•
User: The name of the connected user.
•
Client: The hostname or IP address of the client.
•
Client Name: The name of the client.
•
Disconnect button: Click Disconnect to disconnect this client from the share. See
“Disconnecting a Single CIFS Client” on page 437.
Nasuni Filer Administration Guide 8.0
434
Status Page
CIFS Status
Resetting the CIFS Authentication Cache
Reset authentication cache
You can reset the CIFS authentication cache to clear all CIFS shares for Nasuni Filer users. You might
reset the CIFS authentication cache if instructed by Nasuni Support, or if users are not appearing in a
group they are assigned to via Active Directory or LDAP Directory Services.
To reset the CIFS authentication cache:
1. Click Status, then select CIFS Status from the list. The CIFS Shares page appears.
Figure 12-22: CIFS Shares page.
2. Click Reset CIFS Auth Cache. The Reset CIFS Auth Cache dialog box appears.
Figure 12-23: Reset CIFS Auth Cache dialog box.
3. Click Reset Auth Cache. This flushes all the cached CIFS authentication data.
Nasuni Filer Administration Guide 8.0
435
Status Page
CIFS Status
Resetting All CIFS Clients
Reset clients
You can reset all CIFS clients connected to the Nasuni Filer. You might reset all CIFS clients if
instructed by Nasuni Support, or to remove clients.
Note: Some CIFS clients automatically re-connect to CIFS shares and can then re-appear in
the listing even after the connection is reset.
To reset all CIFS clients:
1. Click Status, then select CIFS Status from the list. The CIFS Shares page appears.
Figure 12-24: CIFS Shares page.
2. Click Reset All Clients. The Reset All Clients dialog box appears.
Figure 12-25: Reset All Clients dialog box.
3. Click Reset Clients. The message “All client connections were reset” appears. Click x to close
the message box.
Note: Some CIFS clients automatically re-connect to CIFS shares and can then re-appear in
the listing even after the connection is reset.
Nasuni Filer Administration Guide 8.0
436
Status Page
CIFS Status
Disconnecting a Single CIFS Client
Disconnect client
You can disconnect a single CIFS client connected to the Nasuni Filer.
Note: Some CIFS clients automatically re-connect to CIFS shares and can then re-appear in
the listing even after disconnecting them.
To disconnect a single CIFS client:
1. Click Status, then select CIFS Status from the list. The CIFS Shares page appears.
Figure 12-26: CIFS Shares page.
2. Select a client from the list of clients, then click Disconnect. The Disconnect Client dialog box
appears.
3. Click Disconnect Client.
The client is disconnected. The message “Client connection was reset” appears. Click x to
close the message box.
Nasuni Filer Administration Guide 8.0
437
Status Page
iSCSI Status
iSCSI Status
Status
You can view the status of iSCSI targets and iSCSI initiators.
To view the iSCSI status:
1. Click Status, then select iSCSI Status from the list. The iSCSI Status page appears.
Figure 12-27: iSCSI Status page.
The following information is displayed:
• iSCSI Targets: A table displays, for each iSCSI target:
•
Volume: The name of the iSCSI volume. Clicking this link opens either the iSCSI
Settings page for this volume (see “Changing iSCSI Settings” on page 72), if this Nasuni
Filer is not under the control of the Nasuni Management Console, or the Home page
(see “Home Page” on page 36), if this Nasuni Filer is under the control of the Nasuni
Management Console.
•
Target IQN: The target IQN (iSCSI Qualified Name). Clicking this link opens either the
iSCSI Settings page for this volume (see “Changing iSCSI Settings” on page 72), if this
Nasuni Filer is not under the control of the Nasuni Management Console, or the Home
page (see “Home Page” on page 36), if this Nasuni Filer is under the control of the
Nasuni Management Console.
•
LUN Size: The size of the iSCSI LUN (logical unit number).
Note: Nasuni’s display of size might differ from other indications of size, such as
Windows Explorer and other utilities. Typically, such utilities display only the size of
the data currently present in the local cache, while Nasuni displays the full size,
regardless of where the data is.
•
iSCSI Initiator Status: A table displays, for each iSCSI initiator connected to the Nasuni
Filer through the iSCSI protocol, the Initiator IQN, the Initiator Hostname, and the Initiator IP
Address, as well as the Target IQN and the Target Volume.
The iSCSI Qualified Name includes these fields:
•
iqn.
•
Date that the naming authority took ownership of the domain, in yyyy-mm format.
Nasuni Filer Administration Guide 8.0
438
Status Page
iSCSI Status
•
“.” followed by the reversed domain name of the authority, such as com.nasuni.
• “:” followed by a storage target name specified by the naming authority.
Example: iqn.2008-11.com.nasuni:filer.nasuni.net:51
Nasuni Filer Administration Guide 8.0
439
Status Page
NFS Status
NFS Status
Status
You can view the status of NFS exports, as well as the status of clients connected to the Nasuni Filer
through NFS file exporting. Not all Nasuni Filers support NFSv4. NFSv4 encrypted connections are
supported. Supported protocols appear on the NFS Status page.
To view NFS status:
1. Click Status, then select NFS Status from the list. The NFS Exports page appears.
Figure 12-28: NFS Exports page.
The following information is displayed:
•
Protocol version: The supported versions of the NFS protocol.
•
NFS Exports: A table displays, for each NFS export:
•
Volume: The volume of the NFS export. Clicking this link opens either the NFS Exports
page for this volume (see “Viewing an NFS Export” on page 142), if this Nasuni Filer is
not under the control of the Nasuni Management Console, or the Home page (see
“Home Page” on page 36), if this Nasuni Filer is under the control of the Nasuni
Management Console.
•
Path: The path in the volume to the NFS export.
•
Export Name: The name of the NFS export. Clicking this link opens either the Add NFS
Export / Edit Settings page for this volume (see “Editing an NFS Export” on page 146),
if this Nasuni Filer is not under the control of the Nasuni Management Console, or the
Home page (see “Home Page” on page 36), if this Nasuni Filer is under the control of the
Nasuni Management Console.
Nasuni Filer Administration Guide 8.0
440
Status Page
FTP Status
FTP Status
You can view FTP/SFTP directories for volumes that have the FTP/SFTP protocol enabled. You can
also view the status of FTP/SFTP clients.
Tip: In order to access data using the FTP/SFTP protocol, the following steps are necessary:
• Create a volume. See “Adding a Volume” on page 51.
• Enable the FTP protocol on the volume. See “Enabling multiple volume protocols” on
page 161.
• (Optional) Configure FTP settings. See “Configuring FTP settings” on page 306.
• Add a new FTP/SFTP directory. See “Adding FTP directories for a volume” on
page 153.
• (Optional) Create a permission group that has storage access. See “Adding
Permission Groups” on page 383.
• (Optional) Create a user in a permission group that has storage access. See “Adding
Users” on page 389.
• Access files using the FTP/SFTP protocol. See “Accessing data using the FTP/SFTP
protocol” on page 167.
Viewing FTP directories and FTP clients
To view FTP/SFTP directories, follow these steps:
1. Click Status, then select FTP Status from the list. The FTP Directories page displays a list of
FTP/SFTP directories for volumes that have the FTP protocol enabled. A list of any FTP/SFTP
clients also appears.
Figure 12-29: FTP Directories page.
The following information is displayed:
•
Protocol version: The supported versions of the FTP/SFTP protocol.
Nasuni Filer Administration Guide 8.0
441
Status Page
•
•
FTP Status
FTP Directories: A table displays, for each FTP/SFTP directory, the following:
•
Volume: The volume for the FTP/SFTP directory. Clicking this link opens either the FTP
Directories page for this volume (see “Viewing FTP directories” on page 152), if this
Nasuni Filer is not under the control of the Nasuni Management Console, or the Home
page (see “Home Page” on page 36), if this Nasuni Filer is under the control of the
Nasuni Management Console.
•
Path: The path to the FTP/SFTP directory.
•
Directory Name: The name of the FTP/SFTP directory. Clicking this link opens either the
Add FTP Directory / Edit Settings page for this volume (see “Editing FTP directories”
on page 158), if this Nasuni Filer is not under the control of the Nasuni Management
Console, or the Home page (see “Home Page” on page 36), if this Nasuni Filer is under
the control of the Nasuni Management Console.
FTP Client Status: A table displays, for each FTP/SFTP client, the following:
•
FTP Type: The type of FTP/SFTP client: FTP or SFTP.
•
Host: The host of the FTP/SFTP client.
•
User: The name of the user using the FTP/SFTP client. This user must belong to a
permission group that has Storage Access enabled. See “Users and Groups” on
page 380.
Disconnecting FTP clients
To disconnect an FTP/SFTP client, follow these steps:
1. Click Status, then select FTP Status from the list. The FTP Directories page displays a list of
FTP/SFTP clients.
Figure 12-30: FTP Directories page.
2. Select a client from the list of clients, then click Disconnect. The Disconnect Client dialog box
appears.
3. Click Disconnect Client.
The client is disconnected. The message “Client was disconnected from the Filer” appears.
Click x to close the message box.
Nasuni Filer Administration Guide 8.0
442
Status Page
File Heuristics
File Heuristics
Chart
You can view the number of each type of file and the number of each size of file stored using the Nasuni
Filer. These metrics can be useful for planning storage.
To view file metrics:
1. Click Status, then select File Heuristics from the list. The File Heuristics Information page
appears.
Figure 12-31: File Heuristics Information page.
This page displays charts and tables of File Types in snapshots and File Sizes in snapshots.
Nasuni Filer Administration Guide 8.0
443
Status Page
File Heuristics
File Types in snapshots
On the top left side of the page is a pie chart displaying the percentage of files in the most
common categories. Files are categorized by extension. For example, the Text category
includes files with the extensions .doc, .rtf, and .txt. If you hover the mouse over one of the pie
sections, it displays the name of the category, the percentage of that category, some of the
extensions included in that category, and the number of files in that category.
On the top right side of the page is a table displaying the number of files with the most frequent
file extensions. You can sort this table by clicking Extension, Category, or Count. Statistics
appear for the most frequent 50 extensions.
File Sizes in snapshots
On the bottom left side of the page is a bar chart displaying the number of files in each size
category, with the size of the files along the horizontal axis and the number of files in each size
category along the vertical axis. If you hover the mouse over one of the bars, it displays the
name of the size category and the number of files in that category. From the drop-down list, you
can select either a Logarithmic Scale or a Numeric Scale for the vertical axis of the bar chart.
On the bottom right side of the page is a table displaying the number of files in each of the size
categories. You can sort this table by clicking Max Size or Count.
Note: Nasuni’s display of size might differ from other indications of size, such as Windows
Explorer and other utilities. Typically, such utilities display only the size of the data
currently present in the local cache, while Nasuni displays the full size, regardless of
where the data is.
Nasuni Filer Administration Guide 8.0
444
Chapter 13: Notifications
Notifications
Notifications are Nasuni Filer messages.
You might receive the following types of notifications:
•
Info: The system has performed an action, or has changed its state, in such a way that the user
might be interested, but that does not require action or attention.
•
Warning: Something unusual has happened, but the user need not take action.
•
Error: Something unusual or incorrect has occurred, and the user should take notice and try to
resolve the situation, if possible. Errors generate email messages to the user, if the user has set
up email. See “Email Settings” on page 285 for details.
•
Alert: Something unusual or incorrect has occurred, and the user should take notice and try to
resolve the situation, if possible, or contact Nasuni for assistance, if necessary. Alerts generate
emails to the user, if the user has set up email. See “Email Settings” on page 285 for details.
Examples of alert notifications are:
•
Software update available.
•
Account issues.
•
Local cache issues.
•
Evaluation period expired.
Note: The Notifications page, and all other pages of the Nasuni Filer user interface, might
look different to different users. Also, different menus and actions might be available for
different users. This is because different users are assigned different permissions,
based on their roles in the role-based access control system. See “Users and Groups”
on page 380 for details.
Retaining Notifications
Notifications are retained according to the following rules:
•
Review of notifications occurs daily on the NMC and weekly on the Nasuni Filer.
•
Info-level notifications are removed after 7 days.
•
Acknowledged notifications of any level are removed after 14 days.
•
Only the most recent 50,000 Info-level notifications per Nasuni Filer are retained.
Nasuni Filer Administration Guide 8.0
445
Notifications
Viewing Notifications
Viewing Notifications
Urgent notifications that require acknowledgment appear on the Notifications pane. You can view and
filter all notifications using the Notifications pane.
To view notifications, follow these steps:
1. Click the megaphone-shaped Notifications icon at the top right of any page. The Notifications
pane appears.
Figure 13-1: Notifications pane.
Urgent notifications that require acknowledgment appear on the Notifications pane, based on
the state of your system. A number to the right of a notification indicates multiple occurrences of
the same notification. You can acknowledge a notification by clicking the x. To acknowledge all
the urgent notifications, click Acknowledge All.
2. Click View all Notifications. The Notifications page appears and displays a list of notifications.
Figure 13-2: Notifications page.
The following information appears for each notification in the list:
•
Severity: The severity of the notification, including Info, Warning, Alert, and Error. For details
on the definitions of these notifications, see page 445.
•
Date: The date and time of the notification.
•
Message: The text of the notification.
Acknowledged notifications display a checkmark to the right of their severity.
At the top of the list is a count of the number of entries shown and the total number of entries.
Nasuni Filer Administration Guide 8.0
446
Notifications
Viewing Notifications
3. You can select whether to view acknowledged notifications, unacknowledged notifications, or
all notifications, as follows:
•
All: To view all notifications, including acknowledged notifications, select All. All
notifications are listed.
•
No: To view only notifications that have not been acknowledged, select No. Only
unacknowledged notifications are listed.
•
Yes: To view only acknowledged notifications, select Yes. Only acknowledged notifications
are listed.
4. To include Alert notifications, select Alert.
5. To include Error notifications, select Error.
6. To include Warning notifications, select Warning.
7. To include Info notifications, select Info.
Tip: Info notifications can safely be ignored.
8. To automatically refresh the Notifications page, select Enable Auto Refresh.
9. To move to the next page of notifications (if any), click the right arrow at the top of the page.
10. To move to the previous page of notifications (if any), click the left arrow at the top of the page.
11. To download notifications as a CSV file, click Download CSV.
Filtering the Display
Filter
Using the Filter text box, you can limit the display to items that match the criteria that you enter. See
“Filtering Displays” on page 464 for details. On this screen, the following field names are available:
•
priority: Matches values in the Severity field.
•
message: Matches values in the Message field.
Note: If there are many notifications, it might take a little time to display the filtered
results.
Nasuni Filer Administration Guide 8.0
447
Notifications
Acknowledging Notifications
Acknowledging Notifications
Acknowledge
You can acknowledge notifications.
Acknowledging notifications marks them as read, but leaves them in place for further use. By contrast,
deleting notifications removes them entirely. When you acknowledge notifications, you are no longer
prompted to view them.
To acknowledge notifications, follow these steps:
1. List and filter notifications as described in “Viewing Notifications” on page 446.
2. Select the notifications that you want to acknowledge.
To select all notifications on the page, select the check box to the left of the Severity heading. If
there is more than one page of notifications, a message appears detailing how many
notifications are selected and the total number of notifications matching the current criteria.
Figure 13-3: Selected Notifications message.
To select all the notifications matching the current criteria, click the Select all message.
To clear the selection, click Clear selection.
3. Click Acknowledge. The Acknowledge Notifications dialog box appears.
Figure 13-4: Acknowledge Notifications dialog box.
4. Click Acknowledge Notifications. The selected notifications are acknowledged.
Alternatively, to exit this screen without acknowledging any notifications, click the Close button.
Downloading Notifications
Download
You can download notifications to a comma-separated values (CSV) file for further analysis or retention.
To download notifications as a CSV file, on the Notifications page, click Download CSV. The
notifications are downloaded and saved as a CSV file, according to the configuration of your browser.
Nasuni Filer Administration Guide 8.0
448
Notifications
Deleting Notifications
Deleting Notifications
Delete
You can delete notifications.
Deleting notifications removes them from the list entirely. When you delete notifications, you are no
longer prompted to view them.
Tip: There are often many notifications such as “Snapshot not needed”, “Antivirus scan
started”, “Updated the Nasuni Filer product license key”, and “Snapshot for volume ...
has been scheduled”. Unless the Nasuni Management Console is experiencing problems
in these areas, you can usually delete all notifications of this kind.
To delete notifications, follow these steps:
1. List and filter notifications as described in “Viewing Notifications” on page 446.
2. Select the notifications that you want to delete.
To select all notifications on the page, select the check box to the left of the Severity heading. If
there is more than one page of notifications, a message appears detailing how many
notifications are selected and the total number of notifications matching the current criteria.
Figure 13-5: Selected Notifications message.
To select all the notifications matching the current criteria, click the Select all message.
To clear the selection, click Clear selection.
3. Click Delete
. The Delete Notifications dialog box appears.
Figure 13-6: Delete Notifications dialog box.
4. Click Delete Notifications. The selected notifications are deleted from the list.
Alternatively, to exit this screen without deleting any notifications, click the Close button.
Nasuni Filer Administration Guide 8.0
449
Chapter 14: Recovery
The Nasuni Filer Recovery Guide contains the complete procedure for recovering your data. This
section is a summary of suggestions before you recover your data with the Nasuni Filer.
There are a number of reasons for performing a recovery of a Nasuni Filer, including:
•
Changing virtual machine platforms (VMware, Microsoft Hyper-V, Microsoft Azure, Amazon
EC2).
•
Nasuni Hardware Appliance or virtual machine hardware refresh.
•
Moving data around the world.
•
Human error.
•
Hardware and software failures.
•
True disaster.
With Nasuni’s data services, your data is safely stored offsite in industry-leading data centers. Nasuni’s
system of automatic, scheduled snapshots protects your data, with no need for additional backups.
Snapshots provide a full recovery image of your data, as frequently as every minute. This data is
available at any time to any location.
You can rapidly get access to your data. To recover the data stored on your Nasuni Filer, you follow the
simple steps of downloading the virtual machine again from Nasuni.com, installing the product, and
then completing the recovery process. If you have your encryption keys, the whole procedure takes
about 15 minutes for a total recovery.
Side Load and Recovery
The Recovery process enables you to recover the Nasuni Filer after a true disaster, such as the loss of
a data center. However, most of the time, customers perform the Recovery process in order to change
from one platform to another.
In such a situation, there is already an operational Nasuni Filer that contains active data in its cache.
Performing the Recovery process results in a new Nasuni Filer that has an empty cache. The customer
must then manually re-populate the new cache with data, which requires considerable inbound
bandwidth from the cloud, and which can take days, weeks, or even months to complete.
The Side Load feature enables you to transfer cache data directly from the original source
decommissioned Nasuni Filer to the new destination Nasuni Filer. For more details, see “Side Load” on
page 268.
To view unprotected files in the cache, see “Unprotected Files” on page 414.
Nasuni Filer Administration Guide 8.0
450
Recovery
Before Recovering Data with the Nasuni Filer
Before Recovering Data with the Nasuni Filer
The Nasuni Filer Recovery Guide contains the complete procedure for recovering your data. This
section is a summary of suggestions before you recover your data with the Nasuni Filer.
Important: To perform a recovery procedure, one of the following must be true:
•
The original source Nasuni Filer must have at least one local volume, and at least one
snapshot of the local volume must have completed.
•
A backup key must have been generated. For more details, see “Backup Keys” on
page 353.
Warning: If the original source Nasuni Filer has any data in the cache that has not yet
been protected in cloud storage, performing a recovery procedure can cause
that data to be lost. Before proceeding, perform a manual snapshot (see “Take
a Snapshot Now” on page 61) and ensure that there is no data in the cache
(see “New Data in Cache Chart” on page 39).
Important: Internet connectivity (HTTPS port 443) to the new destination Nasuni Filer is a
prerequisite for setting up the Nasuni Filer, or to update software during the
installation.
Tip: Download your generated encryption keys to a safe location before shutting down the
original source Nasuni Filer or performing a recovery procedure on the original source
Nasuni Filer. See “Downloading (Exporting) Generated Encryption Keys” on page 349
for details.
Warning: Do NOT save encryption key files to a volume on a Nasuni Filer. You will NOT
be able to use these to recover data. This is NOT how to upload encryption
keys to a Nasuni Filer. To upload encryption keys to a Nasuni Filer, see
“Adding (Importing or Uploading) Encryption Keys” on page 348.
Note: If you were using a hardware appliance, notify Nasuni Technical Support to request a
replacement appliance at support@nasuni.com. You can then continue with the
following procedure, which allows you to install and operate a virtual appliance to
access your data.
Note: Downloading and executing the installation program for the virtual appliance is
contingent upon the virtual platform you are using.
Note: For any volume that is either Pending Delete or Pending Delete Approval, the pending
deletions might be cancelled after the volume's Nasuni Filer is recovered.
Tip: Only the Admin user can perform the Side Load process.
Tip: To perform the Side Load procedure, the original source Nasuni Filer must be:
•
Running;
•
Decommissioned;
•
Using release 7.0 or above.
Nasuni Filer Administration Guide 8.0
451
Recovery
Preparing the Original Source Nasuni Filer (if available)
Preparing the Original Source Nasuni Filer (if available)
The Nasuni Filer Recovery Guide contains the complete procedure for recovering your data. This
section is a summary of steps for preparing the original source Nasuni Filer (if available):
1. Verify that the original source Nasuni Filer is installed and properly configured on your network.
2. Verify that the original source Nasuni Filer has at least one local volume, and that at least one
snapshot on the original source Nasuni Filer has successfully completed on a local volume.
Alternatively, verify that a backup key has been generated. For more details, see “Backup Keys”
on page 353.
3. If performing the Side Load procedure, verify that the original source Nasuni Filer is running and
not yet decommissioned by using a Web browser to navigate to the hostname or IP address of
the Nasuni Filer. The Nasuni Filer should appear and not display the “Filer Decommissioned”
message.
4. On the original source Nasuni Filer, record the information for volumes for later verification.
5. If running the Side Load procedure, record the hostname or IP address of the original source
Nasuni Filer. Also, record the username and password of an administrative user on the original
source Nasuni Filer.
6. Remove the original source Nasuni Filer from control of the Nasuni Management Console
(NMC).
7. On the original source Nasuni Filer, download any generated encryption keys.
Warning: You MUST have the encryption keys for the original source Nasuni Filer in
order to recover the Nasuni Filer.
8. If you escrowed any encryption keys with Nasuni, contact Nasuni Technical Support.
Warning: You MUST have the encryption keys for the original source Nasuni Filer in
order to recover the Nasuni Filer.
9. If the original source Nasuni Filer was under the control of the Nasuni Management Console
(NMC), download the encryption keys for the NMC.
10. Obtain the Serial Number and Authorization Code for the original source Nasuni Filer. You use
these in step 4 on page 454.
11. If you have defined data migrations that you want to use after the recovery, record information
about the data migrations.
12. Perform snapshots on all volumes.
Tip: This process can take considerable time, depending on the size of the cache and the
amount of changed and new data in the cache.
Warning: If all snapshots have not completed, some data might not be protected in
the cloud.
Nasuni Filer Administration Guide 8.0
452
Recovery
Preparing the Original Source Nasuni Filer (if available)
13. Perform the preparedr procedure on the original source Nasuni Filer.
Warning: During the preparedr command procedure, the volumes on the original
source Nasuni Filer are set to read-only and any necessary final snapshots are
performed. This processing temporarily impacts access to data on this Nasuni Filer.
14. If performing a Side Load procedure using the original source Nasuni Filer, DO NOT shut down
the Nasuni Filer.
15. If NOT performing a Side Load procedure, perform a shutdown of the original source Nasuni
Filer.
Nasuni Filer Administration Guide 8.0
453
Recovery
Recovering Data with the Nasuni Filer
Recovering Data with the Nasuni Filer
The Nasuni Filer Recovery Guide contains the complete procedure for recovering your data. This
section is a summary of steps for recovering your data:
1. If you have not already done so, obtain the Serial Number and Authorization Code for the
original source Nasuni Filer. You use these in step 5 on page 454. There are several ways to
obtain the Serial Number and Authorization Code:
•
You can obtain the Serial Number and Authorization Code for the original source Nasuni
Filer on the Account Serial Numbers page of the Nasuni Management Console.
•
Otherwise, if you have the credentials to log in to your Nasuni.com account (https://
account.nasuni.com/account/login/), you can obtain the Serial Number and Authorization
Code for the original source Nasuni FIler there.
•
Otherwise, if you do not have these credentials, obtain the Serial Number and Authorization
Code for the original source Nasuni FIler from the person who has the credentials.
2. Download the Nasuni Filer software appropriate for your platform from your Nasuni account
Web site (https://account.nasuni.com/). Regardless of which version of the Nasuni Filer
software that you used originally, you can download the latest version.
Note: You can perform the recovery process to the same version of the software that you
were running, or to a newer version than you were running, but not to an older
version.
3. Launch the Nasuni Filer install program for your platform.
4. Follow the setup wizard. After you have configured your network using the setup wizard, open
the specific URL to continue. The “Enter your serial number and authorization code” wizard
page appears.
Figure 14-1: “Enter your serial number and authorization code” wizard page.
5. Enter the Filer Serial Number and Authorization code for this Nasuni Filer, found under the
Account section of www.nasuni.com, or on the Account Status page of the Nasuni
Nasuni Filer Administration Guide 8.0
454
Recovery
Recovering Data with the Nasuni Filer
Management Console. To recover a prior installation, such as during recovery, choose the
Nasuni Filer Serial Number of the prior installation. Click Continue to proceed.
Note: If the administrative account for this Nasuni Filer was reset (such as, for a forgotten
password), and this Nasuni Filer was under the control of the Nasuni Management
Console, and if you are using the Filer Serial Number for that prior installation, you
must wait 1 hour from the time that you reset the administrative account for the
Nasuni Filer before entering the Filer Serial Number and Authorization code and
clicking Continue.
6. The Perform Disaster Recovery on existing Filer page appears.
Figure 14-2: Perform Disaster Recovery on existing Filer page.
Enter “Perform Disaster Recovery” without the quotation marks in the Confirmation text
box, then click Continue to proceed.
Note: After performing this step, the original source Nasuni Filer is decommissioned.
Nasuni Filer Administration Guide 8.0
455
Recovery
Recovering Data with the Nasuni Filer
7. The second Perform Disaster Recovery on existing Filer page appears.
Figure 14-3: Second Perform Disaster Recovery on existing Filer page.
•
If you escrowed your encryption keys (including backup key) with Nasuni, and you need
Nasuni to de-escrow your encryption keys, select Yes from the drop-down list. Contact
Nasuni to receive your encryption keys, then enter your recovered encryption keys and click
Continue.
Important: If you have previously escrowed your encryption keys with Nasuni, and you
use these escrowed encryption keys as part of the recovery process, you
MUST re-escrow those encryption keys with Nasuni if you want those
encryption keys to continue to be escrowed with Nasuni. After the recovery is
complete, the Nasuni Filer treats all encryption keys as if they were not
created by this Nasuni Filer. For details, see, “Escrowing Encryption Keys
with Nasuni” on page 350.
•
Otherwise, select No from the drop-down list, then click Continue.
8. If you selected No, the Upload Encryption Keys page appears.
Figure 14-4: Upload Encryption Keys page.
Click Choose File to navigate to your encryption key file (including backup key file), enter the
Key Passphrase if necessary, then click Upload Key(s).
If several encryption key files are necessary, this page could appear several times.
Nasuni Filer Administration Guide 8.0
456
Recovery
Recovering Data with the Nasuni Filer
All uploaded encryption keys should be at least 2048 bits long.
9. The “Ready to perform disaster recovery!” page appears.
Figure 14-5: “Ready to perform disaster recovery!” page.
Click Continue. Recovery of the Nasuni Filer begins.
10. After recovery, the Filer Recovery Complete page appears.
Figure 14-6: Filer Recovery Complete page.
Nasuni Filer Administration Guide 8.0
457
Recovery
Recovering Data with the Nasuni Filer
11. Click Continue. The Accept the Terms of Service and License Agreement page appears.
Figure 14-7: “Accept the Terms of Service and License Agreement” page.
•
You can print or download a copy of the Terms of Service and License Agreement by
clicking the appropriate icon.
•
Select I accept the Terms of Service, then click Continue.
Nasuni Filer Administration Guide 8.0
458
Recovery
Recovering Data with the Nasuni Filer
12. The “Enter a username and password for Administration of this Filer” page appears.
Figure 14-8: “Enter a username and password for Administration of this Filer” page.
Set up an administrator for the new destination Nasuni Filer by creating a Username (casesensitive) and a Password (case-sensitive). An indicator of password strength appears.
Although password strength is not enforced, you should use strong passwords. Click Continue.
13. The recovery and restoration process is complete. The Configuration Complete page appears.
Figure 14-9: Configuration Complete page.
You can reboot the Nasuni Filer, or click the link “here” to proceed directly to the Login page.
Note: When a reboot is requested, a notification is logged that the reboot was requested
and by whom the reboot was requested.
Nasuni Filer Administration Guide 8.0
459
Recovery
Recovering Data with the Nasuni Filer
14. The Nasuni Filer becomes available in a few moments. The Login page appears.
Figure 14-10: Nasuni Filer Login page.
Log in to the Nasuni Filer with your Username (case-sensitive) and Password (case-sensitive).
Click Log in.
Important: If the previous Nasuni Filer was in Active Directory mode, you must re-join
Active Directory to maintain ACL support. Similarly, if the previous Nasuni
Filer was in LDAP, you must re-join LDAP.
With the new instance of the Nasuni Filer running, you have regained access to your volumes
and data. You can access volumes and data using the CIFS shares, NFS exports, or FTP
directories that you created. Folders and files are available.
Important: If this Nasuni Filer used a CIFS migration source to perform data migrations,
you might need to manually reconnect to that CIFS migration source. See
“Configuring a CIFS Migration Source” on page 239.
Tip: If this Nasuni Filer previously accessed a volume with custom permissions for
Remote Access, you must explicitly set those permissions for this Nasuni Filer.
Important: If you have previously escrowed your encryption keys with Nasuni, and you
used these escrowed encryption keys as part of the recovery process, you
MUST re-escrow those encryption keys with Nasuni if you want those
encryption keys to continue to be escrowed with Nasuni. After the recovery is
complete, the Nasuni Filer treats all encryption keys as if they were not
created by this Nasuni Filer. For details, see, “Escrowing Encryption Keys
with Nasuni” on page 350.
Tip: A best practice for Nasuni Filers is to join an Active Directory or LDAP domain as
soon as recovery is complete. If the previous Nasuni Filer was in Active Directory or
LDAP mode, re-join Active Directory or LDAP by clicking ‘Save Settings’. If the
previous Nasuni Filer has not previously joined any domain, see “Joining a Nasuni Filer
(that has not previously joined any domain) to a domain (for Nasuni Filers running
versions before 7.8)” on page 336.
Nasuni Filer Administration Guide 8.0
460
Recovery
Recovering Data with the Nasuni Filer
Tip: If this Nasuni Filer was under the control of the Nasuni Management Console, return
it to the control of the Nasuni Management Console. Click Services, then select
Nasuni Management Console from the list. From the “NMC Management is” dropdown list, select enabled, then click Save.
Tip: If this Nasuni Filer previously connected to a remote volume, you must manually reconnect to the remote volume after recovery.
Tip: If the previous Nasuni Filer had Remote Support enabled, you must disable, then
enable, Remote Support. See “Remote Support Service” on page 281.
Tip: If the previous Nasuni Filer had “Enhanced Support for Mac OS X” enabled for a
share, you must re-enable “Enhanced Support for Mac OS X”. See “Adding a New
CIFS Share to a Volume” on page 125.
At this point, you can consider using the Side Load process to transfer data to the cache. For more
details, see “Side Load” on page 268.
If any of the Nasuni Filer’s CIFS shares had Shared Links defined, these links must be regenerated. Use
Web Access to view links that must be regenerated, and regenerate them. See “Shared Links” on
page 179 and “Web Access” on page 177.
The items requiring regeneration look like this:
Figure 14-11: Shared item requiring regeneration.
Nasuni Filer Administration Guide 8.0
461
Recovery
Performing the Side Load process
Performing the Side Load process
The Nasuni Filer Recovery Guide contains the complete procedure for performing the side load
process. This section is a summary of steps for performing the side load process.
Important: You can only perform the Side Load procedure as part of the entire Recovery
procedure.
In particular, before performing the Side Load procedure, you must perform the
procedure “Preparing the Original Source Nasuni Filer (if available)” on page 452,
which includes running the preparedr command on the console of the original
source Nasuni Filer, as described in step 13 on page 453.
Also, before performing the Side Load procedure, you must perform the
procedure “Recovering Data with the Nasuni Filer” on page 454, which includes
the original source Nasuni Filer becoming decommissioned, as described in
step 6 on page 455.
Tip: Only one Side Load process is permitted at a time for each Nasuni Filer.
Tip: Only the Admin user can perform the Side Load process.
Tip: The original source Nasuni Filer must be:
•
Running;
•
Decommissioned;
•
Using release 7.0 or above.
Warning: If the total data available on the original source Nasuni Filer exceeds the
available cache space on the new destination Nasuni Filer, you receive a
warning message and notification.
You can configure Notifications to notify you by email when the Side Load process completes.
On the new destination Nasuni Filer, click Services, then select Side Load from the list. The Side Load
page appears.
Enter the host address of the original source Nasuni Filer, the administrator username for the specified
original source Nasuni Filer, and the password for the specified Admin Username for the specified
original source Nasuni Filer. Then click Connect and Start. When the Side Load process completes,
the Complete label appears on the bar graph.
Tip: Record any information you want to retain from the screen before clicking Done.
Other Steps
After completing the recovery procedure, you can verify the volumes on the new destination Nasuni
Filer.
When you are satisfied that the original source Nasuni Filer is no longer necessary, you can shut down
the original source Nasuni Filer, if it has not been shut down already.
Nasuni Filer Administration Guide 8.0
462
Appendix A: Nasuni Terms of Service
and License Agreement
Nasuni Corporation
The Terms of Service and License Agreement for the Nasuni Filer is located at:
http://www.nasuni.com/legal/
Nasuni Filer Administration Guide 8.0
463
Appendix B: Filtering Displays
Filtering the Display
On some pages, you can limit the display to items that match the criteria that you enter. In the Filter
text box, type the criteria, then click Apply Filter. Here are guidelines for using the Filter text box:
•
Use spaces to separate criteria. The filter matches ALL of the criteria entered.
•
You can enter letters and numerals, not case-sensitive.
•
You can enter the following special ASCII symbols:
! @ $ % ^ (caret) * = ( ) [ ] { } < > / ?
| (vertical bar) _ (underscore) ‘ (accent) ~ (tilde) : (colon) , (comma) . (period)
•
Do not use the following ASCII symbols to filter:
# & + ; (semicolon) ‘ (single quote) “ (double quote)
•
You can enter a lowercase field name, followed by a colon, followed by a value. The field names
vary depending on the screen.
•
You can enter a lowercase condition, followed by a colon, followed by a Boolean value. The
conditions vary depending on the screen.
•
You can enter a minus sign (-) to negate any criterion.
Examples:
files Matches any item that contains “files” in any field.
f!|@$ Matches any item that contains “f!|@$” in any field.
volume:files Matches any item that contains “files” in the Volume field.
readonly:true Matches any item that has Read Only enabled.
volume:files readonly:true Matches any item that contains “files” in the Volume field
AND that has Read Only enabled.
-readonly:true Matches any item that DOES NOT have Read Only enabled.
Nasuni Filer Administration Guide 8.0
464
DNS Configuration
Appendix C: DNS Configuration
Configuring the DNS for Mobile Access or Desktop Sync
To simplify user login to your Nasuni Filers, the administrator can configure the company DNS server
entry to include the host and port necessary for Mobile Access or Desktop Sync. When the user logs
into the Nasuni mobile application using their company email address and password, the application
retrieves the host and port from the DNS to complete the login.
We present the general method of configuring the DNS, as well as considerations for using Microsoft
Windows DNS Manager and third-party DNS configuration software.
Overview of configuring the DNS
The DNS includes records for locating and identifying computer services and devices with the
underlying network protocols. You can find general DNS help and information on sites such as
https://support.dnsimple.com/categories/dns/.
Mobile Access and Desktop Sync are looking for the following record types:

A record.

SRV record.

TXT record.

PTR record. If your ISP does not allow you to make a PTR record, you can make another TXT
record, as described below.
In addition, if you do not have direct access to register a service, you might need to contact your ISP to
register the "_nasunifiler" service.
You probably also have an SOA record created to define your domain. If using an ISP, your ISP
probably created this SOA record for you.
A record type
For the A (Address) record type, the record is generally of the form:
<target> A <ip-address>
where:
<target> is the fully qualified domain name (FQDN) of the target host, as in the SRV record.
<ip-address> is the IP address of the target.
Nasuni Filer Administration Guide 8.0
465
DNS Configuration
You probably already have an A record for your Nasuni Filer that maps your Nasuni Filer’s fully qualified
domain name (FQDN) to the IP address. Below is an example of how it might look:
myfiler.domainname.com. IN A 192.168.100.100
Note: Your ISP might or might not add the period at the end of the fully qualified domain
name.
SRV record type
The SRV (Service) record is used to discover a service. In the case of Mobile Access or Desktop Sync,
this is the "_nasunifiler" service.
For the SRV record type, the record is generally of the form:
<service-instance>._nasunifiler._tcp SRV <priority> <weight> <port>
<target>.
where:
<service-instance> is the name that you give to the Mobile Access or Desktop Sync
service you are offering. This is called the service instance name. This is the instance of the
_nasunifiler._tcp service that the SRV record links to. The same service instance
name is used in the PTR record.
_nasunifiler._tcp is the symbolic service name and the TCP protocol name, respectively,
and must not be changed.
<priority> is used for advanced prioritization of multiple servers, otherwise set this to 0. This
specifies the relative priority of this target, from 0 through 65535. Lowest number is highest
priority. Priority and weight are only relevant when there is more than one SRV record with
the same instance.
<weight> is also used for advanced prioritization of multiple servers, otherwise set this to 0.
This represents the weight, which is used when there is more than one target with the same
instance and with the same priority, from 0 through 65535. Higher number means greater
weight and greater probability. 0 indicates no weighting should be applied. Priority and
weight are only relevant when there is more than one SRV record with the same instance.
Note: Nasuni Mobile follows the DNS Service Discovery standard (RFC 6763) for priority
and weight, and properly handles complex configurations with multiple Nasuni Filers
using various priorities and weights. If you need assistance in setting up such a
configuration, contact Nasuni Support.
<port> is the TCP port number where the Nasuni Filer is reachable. Usually: 443.
<target> is the fully qualified domain name (FQDN) of the target host. This must match the A
record. Does not have to be in the same domain as the SRV record.
Note: Your ISP might or might not add the period at the end of the fully qualified domain
name.
An example of the SRV record is:
mymobile._nasunifiler._tcp SRV 0 0 443 myfiler.domainname.com.
Nasuni Filer Administration Guide 8.0
466
DNS Configuration
TXT record type
The TXT (Text) record is used to associate some arbitrary and unformatted text with a name.
For the TXT record type, the record should be of the form:
<service-instance>._nasunifiler._tcp TXT "txtvers=1"
"companyfullname=<companyname>"
where:
<service-instance> is the name that you give to the Mobile Access or Desktop Sync
service you are offering. This is called the service instance name. This is the instance of the
_nasunifiler._tcp service that the SRV record links to. The same service instance
name is used in the PTR record.
_nasunifiler._tcp is the symbolic service name and the TCP protocol name, respectively,
and must not be changed.
<companyname> is the name of the company (optional).
Note: The "txtvers=1" parameter is necessary.
Here is an example TXT record:
myfiler._nasunifiler._tcp TXT "txtvers=1" "companyfullname=My Company"
PTR record type
A PTR (pointer) record provides a pointer to a canonical name. If you are using an ISP that does not
allow you to add a PTR record, you can add a TXT record as a replacement. Below we describe both
ways to do this.
Adding as a PTR Record
For the PTR record type, the record should be of the form:
_nasunifiler._tcp PTR <service-instance>._nasunifiler._tcp.mydomain.com
where:
<service-instance> is the name that you give to the Mobile Access or Desktop Sync
service you are offering. This is called the service instance name. This is the instance of the
_nasunifiler._tcp service that the SRV record links to. The same service instance
name is used in the PTR record.
_nasunifiler._tcp is the symbolic service name and the TCP protocol name, respectively,
and must not be changed.
mydomain.com is the domain name, if not specified globally.
Here is an example PTR record:
_nasunifiler._tcp PTR myfiler._nasunifiler._tcp.domainname.com
Adding as a TXT Record
Use this if you are not allowed to add a PTR record. Otherwise, see above.
For the TXT record type, the record should be of the form:
_nasunifiler._tcp.mydomain.com. TXT
"PTR-V1=<service-instance>._nasunifiler._tcp.mydomain.com."
Nasuni Filer Administration Guide 8.0
467
DNS Configuration
where:
_nasunifiler._tcp is the symbolic service name and the TCP protocol name, respectively,
and must not be changed.
mydomain.com is the domain name, if not specified globally.
Note: Your ISP might or might not add the period at the end of the domain name.
<service-instance> is the name that you give to the Mobile Access or Desktop Sync
service you are offering. This is called the service instance name. This is the instance of the
_nasunifiler._tcp service that the SRV record links to. The same service instance
name is used in the PTR record.
Here is an example TXT record:
_nasunifiler._tcp.mydomainname.com. TXT
"PTR-V1=mymobile._nasunifiler._tcp.mydomainname.com."
Nasuni Filer Administration Guide 8.0
468
DNS Configuration
Microsoft Windows DNS Manager
To use the Microsoft Windows DNS Manager to configure the DNS, follow these steps:
1. The screen for configuring the A record looks like this:
Figure C-1: A record.
a. In the Host text box, specify the DNS name of the target host, as in the SRV record.
The Fully qualified domain name (FQDN) text box might be automatically populated,
using the domain name.
b. In the IP address text box, enter the IP address of the target.
Note: The “Update associated pointer (PTR) record” setting is for reverse lookup
configurations, not for this DNS procedure.
c. In the Time to live (TTL) text box, enter the TTL (time to live) as days, hours, minutes, and
seconds.
d. Click OK.
Nasuni Filer Administration Guide 8.0
469
DNS Configuration
2. The screen for configuring the PTR record looks like this:
Figure C-2: PTR record.
a. In the Host IP Address text box, specify both the Nasuni Filer service and the TCP
protocol:
_nasunifiler._tcp
The Windows DNS Manager might move the protocol to the Fully qualified domain
name (FQDN) text box.
The Fully qualified domain name (FQDN) text box might be automatically
populated, using the domain name.
b. In the Host name text box, enter the name of the instance of the _nasunifiler._tcp
service that the SRV record links to.
Your entry is automatically appended with the Nasuni Filer service, the TCP protocol, and
the domain.
Whatever you enter here appears in the Mobile Access or Desktop Sync app: you can use
the actual host name of the Nasuni Filer, or a name that users might recognize more
easily.
Important: For some implementations, the PTR record MUST end with a period (.),
while, for other implementations, the PTR record MUST NOT end with a period. It is
suggested to omit the period and test the configuration. If the configuration does not
work, try adding the period.
Nasuni Filer Administration Guide 8.0
470
DNS Configuration
c. In the Time to live (TTL) text box, enter the TTL (time to live) as days, hours, minutes, and
seconds.
d. Click OK.
3. The screen for configuring the SRV record looks like this:
Figure C-3: SRV record.
a. The Domain text box might be populated automatically using the domain name. If not,
enter the domain name.
b. In the Service text box, enter the name of the instance of the _nasunifiler._tcp
service, as in the PTR record, then append the Nasuni Filer service:
._nasunifiler
c. In the Protocol text box, enter the protocol:
_tcp
d. In the Priority text box, enter the priority, as discussed above.
e. In the Weight text box, enter the weight, as discussed above.
f.
In the Port number text box, enter the port.
Nasuni Filer Administration Guide 8.0
471
DNS Configuration
g. In the Host offering this service text box, enter the actual host name of the Nasuni Filer,
as a fully qualified domain name.
Important: For some implementations, the SRV record MUST end with a period (.),
while, for other implementations, the SRV record MUST NOT end with a period. It is
suggested to add the period and test the configuration. If the configuration does not
work, try omitting the period.
h. In the Time to live (TTL) text box, enter the TTL (time to live) as days, hours, minutes, and
seconds.
i.
Click OK.
4. The screen for configuring the TXT record looks like this:
Figure C-4: TXT record.
a. In the Record name text box, enter the name of the instance of the
_nasunifiler._tcp service, as in the PTR record, then append the Nasuni Filer
service and protocol:
._nasunifiler_tcp
The Fully qualified domain name (FQDN) text box might be automatically
populated, using the domain name.
b. In the Text text box, you must enter the text:
”txtvers=1”
Nasuni Filer Administration Guide 8.0
472
DNS Configuration
Any other text entries, such as the company name, are optional.
c. In the Time to live (TTL) text box, enter the TTL (time to live) as days, hours, minutes, and
seconds.
d. Click OK.
Using third-party DNS configuration software
If you are using third-party software to configure DNS, ensure that the following is defined as a service:
_nasunifiler
Although you might not be able to specify other records, you might be able to specify the TXT record to
define a PTR record. For example, the following TXT record specifies a PTR record:
_nasunifiler._tcp.mydomainname.com. TXT
"PTR-V1=mymobile._nasunifiler._tcp.mydomainname.com."
Nasuni Filer Administration Guide 8.0
473
Nasuni Filer and NMC Permissions
Appendix D: Permissions
Nasuni Filer and NMC Permissions
This Appendix shows the displayed permissions and the operational permissions that they include. To
set permissions, see “Adding Permission Groups” on page 383 and “Editing Permission Groups” on
page 388.
For the Nasuni Management Console, the available displayed permissions include the following
operational permissions:
NMC Displayed Permission
Operational Permissions Included
Manage all aspects of NMC (super user)
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage Automatic Updates
Manage updating NMC
Nasuni Filer Administration Guide 8.0
all pending messages for Nasuni Filer
refresh for Nasuni Filer
NMC account status
NMC description
NMC diagnostic settings
NMC email settings
NMC encryption keys
NMC network settings
NMC notifications
NMC license refresh
NMC remote support
NMC session
NMC shutdown
NMC SMB settings
NMC SNMP settings
NMC software updates
NMC SSL settings
NMC time settings
updating NMC
NMC users and groups
NMC notifications only
474
Nasuni Filer and NMC Permissions
NMC Displayed Permission (Continued)
Operational Permissions Included (Continued)
Manage Network Settings
Manage NMC network settings
Manage NMC SNMP settings
Manage NMC time settings
Manage Notifications
Manage NMC email settings
Manage NMC notifications
Manage NMC notifications only
Manage Security Settings
Manage
Manage
Manage
Manage
Shutdown or Reboot NMC
Manage NMC shutdown
Nasuni Filer Administration Guide 8.0
NMC
NMC
NMC
NMC
encryption keys
session
SMB settings
SSL settings
475
Nasuni Filer and NMC Permissions
For the Nasuni Filer, the available displayed permissions include the following operational permissions:
Nasuni Filer Displayed Permission
Manage all aspects of the Nasuni Filer
(super user)
Nasuni Filer Administration Guide 8.0
Operational Permissions Included
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
all pending messages for Nasuni Filer
API keys
branding
cache jobs
cache settings
CIFS client page
CIFS client settings
connection status settings
credential settings
data migration settings
description
diagnostic settings
encryption keys
File System Browser
FTP client page
FTP settings
global locking settings
hardware settings
iSCSI settings
Mobile Access
network settings
NFS settings
NMC encryption keys
NMC notifications
notifications
Quality of Service settings
quotas
refresh license settings
remote support settings
shared links
shutdown settings
Side Load settings
SNMP settings
SSL settings
taking volume snapshot
time configuration
update settings
volume antivirus settings
volume audit settings
volume Auto Cache settings
476
Nasuni Filer and NMC Permissions
Nasuni Filer Displayed Permission (Continued)
Operational Permissions Included (Continued)
Manage all aspects of the Nasuni Filer
(super user)
(continued)
Manage volume cloud I/O settings
Manage volume creation settings
Manage volume deletion settings
Manage volume download settings
Manage volume encryption keys
Manage volume exports
Manage volume file alerts
Manage volume FTP directories
Manage volume global lock settings
Manage volume iSCSI settings
Manage volume name
Manage volume pinning
Manage volume protocols
Manage volume quotas
Manage volume remote access settings
Manage volume restore settings (to item’s
current location)
Manage volume shares
Manage volume snapshot access
Manage volume snapshot retention
Manage volume snapshot schedule
Manage volume sync schedule
View heuristic page
Add and Delete Volumes
Manage volume creation settings
Manage volume deletion settings
Disconnect Users from Access Points
Manage connection status settings
Manage Antivirus Service
Manage volume antivirus settings
Manage Data Migration Service
Manage data migration settings
Manage File System Browser
Manage File Alerts Service
Manage volume file alerts
Manage Folder Quotas
Manage quotas
Manage File System Browser
Manage volume quotas
Nasuni Filer Administration Guide 8.0
477
Nasuni Filer and NMC Permissions
Nasuni Filer Displayed Permission (Continued)
Operational Permissions Included (Continued)
Manage Multi Site Settings/Connections
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
SSL settings
volume antivirus settings
volume exports
volume file alerts
volume FTP directories
volume iSCSI settings
volume name
volume pinning
volume protocols
volume remote access settings
volume shares
volume snapshot access
volume snapshot schedule
volume sync schedule
Manage Network Settings
Manage
Manage
Manage
Manage
network settings
Quality of Service settings
SNMP settings
time configuration
Manage Notifications
Manage NMC notifications
Manage notifications
Manage Security/Encryption Keys
Manage
Manage
Manage
Manage
Manage
encryption keys
Mobile Access
NMC encryption keys
SSL settings
volume encryption keys
Manage Shares, Exports, FTP and iSCSI
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
CIFS client page
connection status settings
File System Browser
FTP settings
iSCSI settings
NFS settings
time configuration
volume exports
volume FTP directories
volume iSCSI settings
volume shares
Manage Volume Auditing Settings
Manage volume audit settings
Nasuni Filer Administration Guide 8.0
478
Nasuni Filer and NMC Permissions
Nasuni Filer Displayed Permission (Continued)
Operational Permissions Included (Continued)
Manage Volume Security Settings
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
encryption keys
NMC encryption keys
volume antivirus settings
volume encryption keys
volume exports
volume file alerts
volume FTP directories
volume shares
Manage Volume Settings (Can't add/
delete)
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
File System Browser
quotas
taking volume snapshot
volume antivirus settings
volume audit settings
volume Auto Cache settings
volume cloud I/O settings
volume download settings
volume encryption keys
volume exports
volume file alerts
volume FTP directories
volume global lock settings
volume iSCSI settings
volume name
volume pinning
volume protocols
volume quotas
volume remote access settings
volume shares
volume snapshot access
volume snapshot retention
volume snapshot schedule
volume sync schedule
Manage/Apply Nasuni Filer Updates
Manage update settings
Modify Snapshot Retention
Manage volume snapshot access
Manage volume snapshot retention
Manage volume snapshot schedule
Nasuni Filer Administration Guide 8.0
479
Nasuni Filer and NMC Permissions
Nasuni Filer Displayed Permission (Continued)
Operational Permissions Included (Continued)
Manage all aspects of Volumes
Manage File System Browser
Manage quotas
Manage taking volume snapshot
Manage volume antivirus settings
Manage volume audit settings
Manage volume Auto Cache settings Manage
volume cloud I/O settings
Manage volume creation settings
Manage volume deletion settings
Manage volume download settings
Manage volume encryption keys
Manage volume exports
Manage volume file alerts
Manage volume FTP directories
Manage volume global lock settings
Manage volume iSCSI settings
Manage volume name
Manage volume pinning
Manage volume protocols
Manage volume quotas
Manage volume remote access settings
Manage volume shares
Manage volume snapshot access
Manage volume snapshot retention
Manage volume snapshot schedule
Manage volume sync schedule
Perform File Restores/Access Versions
Manage volume Auto Cache settings
Manage File System Browser
Manage volume restore settings (to item’s
current location)
Perform Restores to Any Location
Manage volume Auto Cache settings
Manage File System Browser
Manage volume restore settings (to any
location)
Shutdown or Reboot the Nasuni Filer
Manage shutdown settings
Nasuni Filer Administration Guide 8.0
480
Appendix E: Glossary
The following terms are useful in understanding the Nasuni Filer.
A
Access Control List (ACL)
An access control list (ACL) is a list of permissions attached to an object. An ACL specifies which users
or system processes are granted access to objects, as well as what operations are allowed on given
objects.
ACL (Access Control List)
See “Access Control List (ACL)” on page 481.
Active Directory (AD)
Microsoft Active Directory (AD) is a directory service for Windows domain networks. It is part of most
Windows Server operating systems. Microsoft Active Directory enables administrators to assign
policies, deploy software, and apply critical updates to an organization. Active Directory stores its
information and settings in a central database.
AD (Active Directory)
See “Active Directory (AD)” on page 481.
Advanced Encryption Standard (AES)
The Advanced Encryption Standard (AES) is a specification for the encryption of electronic data. It has
been adopted by the U.S. government and is used worldwide. AES is approved by the National
Security Agency (NSA) for top secret information.
Advanced Message Queuing Protocol (AMQP)
The Advanced Message Queuing Protocol (AMQP) is an open standard for passing business messages
between applications or organizations. It connects systems, feeds business processes with the
information they need, and reliably transmits onward the instructions that achieve their goals.
AES (Advanced Encryption Standard)
See “Advanced Encryption Standard (AES)” on page 481.
AMQP (Advanced Message Queuing Protocol)
See “Advanced Message Queuing Protocol (AMQP)” on page 481.
Nasuni Filer Administration Guide 8.0
481
Glossary
Antivirus (AV)
The Antivirus Service provides protection against viruses and other malware in files on a volume. The
Antivirus Service scans every new or modified file for the presence of viruses and other malware. If a
scanned file is found to be infected, the authorized administrator has the option to ignore the infection.
Only files with no detected malware, or infected files that the authorized administrator deliberately
ignores, are allowed into cloud storage. The Nasuni Filer Antivirus Service uses the Clam AntiVirus
(ClamAV®) open-source antivirus engine.
Authorization Code
A 6-character code used in conjunction with a Serial Number to validate an installation. Authorization
Codes are good for one use; one successful use causes an authorization code to be changed
automatically. Generating a new authorization code for a serial number does not cause a Nasuni Filer or
NMC that uses that serial number to stop working. The authorization code is only used once during
initial setup of a new or recovered Nasuni Filer or NMC. Because an Authorization Code is only used
once, an administrator can safely issue it to a user in order to install a single Nasuni Filer or NMC
without revealing Nasuni account credentials. To obtain an Authorization code for a Serial Number, visit
https://account.nasuni.com/account/serial_numbers/, or the Account Status page of the Nasuni
Management Console.
Auto Cache or autocache or autofault
A feature that immediately brings new data into the local cache from other Nasuni Filers that are
attached to a volume. Otherwise, new data is brought into the local cache from other Nasuni Filers
when that data is accessed next.
AV (Antivirus)
See “Antivirus (AV)” on page 482.
B
bucket
A bucket is a logical unit of storage in object storage services, such as Amazon Web Services (AWS)
Simple Storage Solution (S3), EMC ECS, and EMC ViPR. Buckets can be thought of as containers that
are used to store objects, which consist of data and metadata.
byte-range locking
Byte-range locking is a form of global file locking that applies to locking a collection of bytes within a
file, rather than the entire file. Certain applications benefit from byte-range locking.
Nasuni Filer Administration Guide 8.0
482
Glossary
C
cache
A cache is a computer component that stores data locally so that future requests for that data can be
served faster. While all data and metadata are stored in cloud storage, data that requires regular access
is kept locally. This includes files that are re-written and data that is read often. If the requested data
does not reside locally, it is staged into the cache and provided for the request.
cache miss
If requested data does not reside in the local cache, and must be staged into the cache for the request,
this is called a “cache miss”.
Challenge-Handshake Authentication Protocol (CHAP)
A protocol that authenticates a user or network host to an authenticating entity.
CHAP (Challenge-Handshake Authentication Protocol)
See “Challenge-Handshake Authentication Protocol (CHAP)” on page 483.
chunks
Before sending data to the cloud, Nasuni breaks files into optimally-sized pieces for transport between
the on-premises cache and cloud storage. This not only disguises the actual sizes of files, but also
improves performance. These chunks are then deduplicated, compressed, and encrypted.
CIFS (Common Internet File Service)
A standard protocol that allows Windows users to share files across a network.
ClamAV (Clam antivirus)
See “Antivirus (AV)” on page 482.
copy-on-write (COW) disk
The copy-on-write (COW) disk is used during the snapshot process. If any writes to the Nasuni Filer
occur during a snapshot, the previous data from the cache disk is copied to the COW disk, and the new
data is written to the cache disk. Hence, the term “copy-on-write”. This allows new writes to take place
at any time, even during the snapshot process.
COW (copy-on-write) disk
See “copy-on-write (COW) disk” on page 483.
D
DAS (Direct Attached Storage)
See “Direct Attached Storage (DAS)” on page 484.
Nasuni Filer Administration Guide 8.0
483
Glossary
data
Data is transmittable and storable computer information. Nasuni handles data in the form of files,
including text, images, audio, and video.
Direct Attached Storage (DAS)
Direct-attached storage (DAS) is computer storage that is directly attached to one computer or server
and is not, without special support, directly accessible to other ones. The main alternatives to directattached storage are network-attached storage (NAS) and a storage area network (SAN).
directory quota
A limit on the amount of data in a directory. You can configure that quota reports are sent to
administrators or users when directories near or exceed their quota.
Directory Services
Services, including authentication, provided by Active Directory or LDAP.
Dynamic Host Configuration Protocol (DHCP)
Dynamic Host Configuration Protocol (DHCP) is a network configuration protocol that provides a
network IP address for a host on an IP network automatically.
E
encryption
The Nasuni Filer encrypts data sent to cloud storage using the OpenPGP standard, with AES-256 as
the default encryption.
eviction
Data that has been copied from the Nasuni Filer to cloud storage, and that is rarely used again, is
eventually removed (“evicted”) from the Nasuni Filer’s cache to free up space for new data. If one of
these evicted files is later requested for reads or writes, the Nasuni Filer retrieves the file from cloud
storage and puts it back into the cache automatically.
export
A directory on a server volume that a client on your network can access.
F
faulting
If requested data does not reside in the local cache, it is staged into the cache and provided for the
request. This is informally called “faulting”.
Nasuni Filer Administration Guide 8.0
484
Glossary
file system
A method for storing and organizing computer files and the data that they contain in order to make it
easy to find and access them.
file transfer protocol (FTP)
File Transfer Protocol (FTP) is a standard network protocol used to transfer files from one host to
another host over a TCP-based network, such as the Internet.
firewall
You can configure inbound traffic to the Nasuni Filer user interface and the Nasuni Support SSH port,
which provides firewall protection.
FTP (file transfer protocol)
See “file transfer protocol (FTP)” on page 485.
G
GB/GiB
GB is an abbreviation of gigabyte, meaning 1,000,000,000 bytes. Usually used to refer to hard disk
capacity.
GiB is an abbreviation of gibibyte, meaning 230 (1,073,741,824) bytes. Usually used to refer to RAM
memory.
global file locking
The purpose of the global file locking feature is to prevent conflicts when two or more users attempt to
change the same file on different Nasuni Filers. If you enable the global file locking feature for a
directory and its descendants, any files in that directory or its descendants can only be changed by one
user at a time. Any other users cannot change the same file at the same time.
You can also manually break the locking of a file. This might become necessary if a user leaves a file
open and another user needs to open that file.
I
initiator
An initiator functions as an iSCSI client. An iSCSI initiator sends SCSI commands over an IP network.
instance
The Nasuni Filer is either a hardware appliance or virtual machine. An instance refers to a single virtual
machine that provides virtualization of the Nasuni Filer software.
Nasuni Filer Administration Guide 8.0
485
Glossary
Internet Small Computer System Interface (iSCSI)
An Internet Protocol (IP)-based storage networking standard for linking data storage facilities. By
carrying SCSI commands over IP networks, iSCSI facilitates transferring data over intranets and
managing storage over long distances. The protocol allows clients (called initiators) to send SCSI
commands (CDBs) to SCSI storage devices (targets) on remote servers. iSCSI is a Storage Area
Network (SAN) protocol.
IQN (iSCSI Qualified Name)
See “iSCSI Qualified Name (IQN)” on page 486.
iSCSI (Internet Small Computer System Interface)
See “Internet Small Computer System Interface (iSCSI)” on page 486.
iSCSI Qualified Name (IQN)
The iSCSI Qualified Name includes these fields:

iqn.

date that the naming authority took ownership of the domain, in yyyy-mm format.

reversed domain name of the authority, such as com.nasuni.

“:” followed by a storage target name specified by the naming authority.
Example: iqn.2008-11.com.nasuni:filer.nasuni.net:51
K
Kerberos
Kerberos is a computer network authentication protocol that works on the basis of 'tickets' to allow
nodes communicating over a non-secure network to prove their identity to one another in a secure
manner. It provides mutual authentication: both the user and the server verify each other's identity.
Kerberos protocol messages are protected against eavesdropping and replay attacks. Kerberos builds
on symmetric key cryptography and requires a trusted third party, and optionally may use public-key
cryptography during certain phases of authentication. Kerberos uses UDP port 88 by default.
L
LDAP (Lightweight Directory Access Protocol)
LDAP is an open, vendor-neutral, industry-standard application protocol for accessing and maintaining
distributed directory information services over an Internet Protocol (IP) network. Directory services
allow sharing information about users, systems, networks, services, and applications throughout the
network. A common use of LDAP is to provide a central place to store usernames and passwords. This
allows applications and services to connect to the LDAP server to validate users.
Nasuni Filer Administration Guide 8.0
486
Glossary
K
Kerberos
Kerberos is a network protocol that is used to authenticate users. After a client has correctly
authenticated with a Kerberos server, the client is issued a ticket that allows the client to access the
requested service as long as it is within a Kerberos realm (domain). A Kerberos keytab file contains
encryption keys associated with services (the service principal names) located on servers hosting
Kerberos-enabled protocols.
K
Kerberos
Kerberos is a computer network authentication protocol that works on the basis of 'tickets' to allow
nodes communicating over a non-secure network to prove their identity to one another in a secure
manner. It provides mutual authentication: both the user and the server verify each other's identity.
Kerberos protocol messages are protected against eavesdropping and replay attacks. Kerberos builds
on symmetric key cryptography and requires a trusted third party, and optionally may use public-key
cryptography during certain phases of authentication. Kerberos uses UDP port 88 by default.
L
LDAP (Lightweight Directory Access Protocol)
LDAP is an open, vendor-neutral, industry-standard application protocol for accessing and maintaining
distributed directory information services over an Internet Protocol (IP) network. Directory services
allow sharing information about users, systems, networks, services, and applications throughout the
network. A common use of LDAP is to provide a central place to store usernames and passwords. This
allows applications and services to connect to the LDAP server to validate users.
L
LDAP (Lightweight Directory Access Protocol)
See “Lightweight Directory Access Protocol (LDAP)” on page 487.
least recently used (LRU)
When the cache starts getting too full, the Nasuni Filer releases the least recently used (LRU) data first,
using a sophisticated algorithm. This helps to ensure that the most recently used data, and the data
most likely to be used, remains in the cache.
Lightweight Directory Access Protocol (LDAP)
LDAP is a network protocol that is used to identify users. After a user is authenticated with Kerberos
and has a valid ticket, the information from the ticket is used to look up additional details on that user
from a directory server using the LDAP protocol.
Nasuni Filer Administration Guide 8.0
487
Glossary
Linux
Linux is a family of free and open-source software operating systems built around the Linux kernel.
Typically, Linux is packaged in a form known as a Linux distribution (or distro for short) for both
desktop and server use.
LRU (least recently used)
See “least recently used (LRU)” on page 487.
K
Kerberos
Kerberos is a computer network authentication protocol that works on the basis of 'tickets' to allow
nodes communicating over a non-secure network to prove their identity to one another in a secure
manner. It provides mutual authentication: both the user and the server verify each other's identity.
Kerberos protocol messages are protected against eavesdropping and replay attacks. Kerberos builds
on symmetric key cryptography and requires a trusted third party, and optionally may use public-key
cryptography during certain phases of authentication. Kerberos uses UDP port 88 by default.
L
LDAP (Lightweight Directory Access Protocol)
LDAP is an open, vendor-neutral, industry-standard application protocol for accessing and maintaining
distributed directory information services over an Internet Protocol (IP) network. Directory services
allow sharing information about users, systems, networks, services, and applications throughout the
network. A common use of LDAP is to provide a central place to store usernames and passwords. This
allows applications and services to connect to the LDAP server to validate users.
M
management information base (MIB)
A database for managing entities in a network, such as with the Simple Network Management Protocol
(SNMP).
maximum transmission unit (MTU)
The maximum transmission unit (MTU) is the size (in bytes) of the largest protocol data unit that the
layer can pass onwards. A larger MTU brings greater efficiency, because each packet carries more user
data while protocol overheads, such as headers, remain fixed; the resulting higher efficiency means a
slight improvement in the bulk protocol throughput. A larger MTU also means processing fewer packets
for the same amount of data. However, large packets can occupy a slow link for some time, causing
greater delays to following packets, and increasing lag and minimum latency. MTU settings should not
exceed 1500.
Nasuni Filer Administration Guide 8.0
488
Glossary
MB/MiB
MB is an abbreviation of megabyte, meaning 1,000,000 bytes. Usually used to refer to hard disk
capacity.
MiB is an abbreviation of mebibyte, meaning 220 (1,048,576) bytes. Usually used to refer to RAM
memory.
metadata
Data about data. Metadata describes how and when and by whom a particular set of data was
collected, and how the data is formatted.
MIB (management information base)
See “management information base (MIB)” on page 488.
MTU (maximum transmission unit)
See “maximum transmission unit (MTU)” on page 488.
N
NAS (Network Attached Storage)
See “Network Attached Storage (NAS)” on page 490.
Nasuni Filer
The Nasuni Filer is a storage controller that runs in your data center and provides primary storage with
built-in backup and offsite protection. The Nasuni Filer is available as both a hardware appliance and a
virtual machine. The Nasuni Filer can be used instead of, or in combination with, traditional file servers.
It fully supports Windows CIFS Shares as well as Active Directory and LDAP or LDAP Directory
Services. A single volume in a Nasuni Filer has unlimited capacity, due to the integration of its caching
algorithms with provisioning.
Nasuni Filer user interface (UI)
The Web-based user interface to the Nasuni Filer.
Nasuni Management Console (NMC)
The Nasuni Management Console enables you to monitor and manage many Nasuni Filers from one
central application. Using the Nasuni Management Console, you can view the status of all of your
managed Nasuni Filers, as well as configure their settings. With the Nasuni Management Console, you
can ensure consistent settings on all your Nasuni Filers.
Using the Nasuni Management Console, you can manage Nasuni Filers even if they are not presently
connected. Any configuration changes made will propagate to the Nasuni Filer when it becomes
connected.
Nasuni Filer Administration Guide 8.0
489
Glossary
Nasuni's cloud storage
The secure unlimited online storage provided through the Nasuni Filer.
Network Attached Storage (NAS)
Network-attached storage (NAS) is file-level computer data storage connected to a computer network.
NAS devices are a convenient method of sharing files among multiple computers. NAS systems
typically provide access to files using network file sharing protocols such as NFS, SMB/CIFS, or AFP.
Network File System (NFS)
A protocol and file system for accessing and sharing files across a computer network using UNIX and
Linux.
Network Operations Center (NOC)
Nasuni’s Network Operations Center (NOC) provides a variety of behind-the-scenes services that make
the Nasuni Service possible. These services include security patches, component updates, system
scaling, performance tuning, response time monitoring and analysis, optimization, staging and
deployment of new software, support of new Nasuni Filer functionality, single sign on management,
cloud provisioning, cloud monitoring, account management, and customer support.
NFS (Network File System)
See “Network Attached Storage (NAS)” on page 490.
NMC (Nasuni Management Console)
See “Nasuni Management Console (NMC)” on page 489.
NOC (Network Operations Center)
See “Network Operations Center (NOC)” on page 490.
O
object store
An object store, or object storage, is a data storage architecture that manages data as objects. File
systems manage data as a file hierarchy, and block storage manages data as blocks within sectors and
tracks. Each object typically includes the data itself, metadata about the data, and a globally unique
identifier.
offsite data protection
Storing copies of critical data away from the original data centers to protect this information from
natural disasters and accidental or malicious modification.
on-demand provisioning
The Nasuni Filer simplifies provisioning by offering instant provisioning in increments as small as 1 TB.
Nasuni Filer Administration Guide 8.0
490
Glossary
P
pinning
Pinning a folder specifies that the folder and its contents must remain in the local cache at all times.
This can improve performance and reduce the time necessary to return accessed data to clients. This
reduces the available cache by the size of the folder. Pinning a folder does not bring the folder’s data
into the cache. All iSCSI (SAN) volume data is already pinned in the cache, so it is not necessary to pin
iSCSI volumes.
proxy
A server that acts as an intermediary for requests from clients seeking resources from other servers.
pruning
Pruning is the process of removing unneeded data. For example, you can specify removing log files
older than a certain number of days. Similarly, you can specify snapshot retention for a set number of
snapshots or for a set amount of time: the unwanted snapshots are removed.
Q
QoS (Quality of Service)
See “Quality of Service (QoS)” on page 491.
Quality of Service (QoS)
Quality of Service (QoS) settings indicate the inbound and outbound bandwidth limits of the Nasuni
Filer for data moving to or from the Nasuni Filer, such as transmitting snapshots to cloud storage.
quota
A limit on the amount of usable storage space on a volume.
R
Remote Support Service
The Remote Support Service allows authorized Nasuni Technical Support personnel to remotely and
securely access your Nasuni Filer. This can help Nasuni Technical Support to diagnose and resolve any
issues with your Nasuni Filer quickly and proactively. No changes to your corporate firewalls are
necessary. This service is disabled by default and is strictly opt-in.
S
SAN (Storage Area Network)
See “Storage Area Network (SAN)” on page 492.
Nasuni Filer Administration Guide 8.0
491
Glossary
Serial Number
A unique 32-digit hexadecimal number associated with your account for use with Nasuni Filer and
Nasuni Management Console (NMC) installations. Each account has multiple Serial Numbers. Unused
Serial Numbers may be used to set up a new Nasuni Filer or an NMC. Serial Numbers already in use
may be used to recover existing Nasuni Filers or your existing NMC. Serial Numbers are used in
conjunction with Authorization Codes. To obtain a Serial Number, visit https://account.nasuni.com/
account/serial_numbers/.
share
A folder on a volume that can be shared on your network. Access to a share can be customized on a
user or group-level basis.
Side Load
As part of the recovery process, the Side Load feature enables you to transfer cache data directly from
the original source decommissioned Nasuni Filer to the new destination Nasuni Filer. This saves the
time and bandwidth necessary to manually re-populate the new cache with data.
Simple Network Management Protocol) (SNMP)
An Internet-standard protocol for managing devices on IP networks.
snapshot
An instantaneous, non-changing, read-only image of a volume. Snapshots let you view any past version
of the file system and restore all or part of the version quickly.
A snapshot is a complete picture of the files and folders in your file system at a specific point in time.
With snapshots, the Nasuni Filer can identify new or changed data. Snapshots offer data protection by
enabling you to recover a file deleted in error or to restore an entire file system. After a snapshot has
been taken and is sent to cloud storage, it is not possible to modify that snapshot.
SNMP (Simple Network Management Protocol)
See “Simple Network Management Protocol) (SNMP)” on page 492.
Storage Area Network (SAN)
An architecture to attach remote computer storage devices (such as disk arrays, tape libraries, and
optical jukeboxes) to servers in such a way that the devices appear as locally attached to the operating
system.
sync
You can schedule when, and with what frequency, the selected volume updates data (“syncs”) from
Nasuni, merging your local data with any new or changed data from other Nasuni Filers connected to
this volume. This helps to ensure that everyone in your organization is using the most current data.
Nasuni Filer Administration Guide 8.0
492
Glossary
T
target
A storage resource located on an iSCSI server. A target is a storage server instance.
U
UI (Nasuni Filer user interface)
See “Nasuni Filer user interface (UI)” on page 489.
UniFS
UniFS is Nasuni’s cloud-native global file system, storing all files, file versions, and metadata in your
preferred private or public cloud object store. UniFS is the first file system designed to have its inode
structure reside in the cloud. UniFS enables the Nasuni platform to inherit the virtually unlimited
capacity, durability, and georedundancy of the cloud object stores.
Unix
Unix is a family of multitasking, multiuser computer operating systems that derive from the original
AT&T Unix.
V
versioning
The Nasuni Filer provides the versioning necessary to eliminate the need for separate backup and
restore procedures.
virtual machine (VM)
A virtual machine is a tightly isolated software container that can run its own operating systems and
applications as if it were a physical computer. A virtual machine behaves exactly like a physical
computer and contains its own virtual (software-based) CPU, RAM, hard disk, and network interface
card (NIC).
virtualization
Virtualization lets you run multiple virtual machines on a single physical machine, sharing the resources
of that single computer across multiple environments. Different virtual machines can run different
operating systems and multiple applications on the same physical computer.
VM (virtual machine)
See “virtual machine (VM)” on page 493.
Nasuni Filer Administration Guide 8.0
493
Glossary
volume
A set of files and directories. A volume can consist of multiple shares. With the Nasuni Filer, each
volume can be stored in cloud storage.
Nasuni Filer Administration Guide 8.0
494
Index
0-9
123 (port)
Network Time Protocol (NTP) 304
161 (port)
SNMP monitoring 394
25 (port)
SMTP port 286
443 466
443 (port)
mobile access 186, 277
VPN for mobile access 186
Web Access 177
8443 (port)
user interface 177
A
access
group 128, 129, 130, 136, 137, 138, 155, 156, 157,
344
Read Only 103, 104, 145, 149, 247, 248
Read-Only 127, 129, 130, 137, 138
read-only 154, 234, 235
read-write 103, 104, 129, 130, 137, 138, 246
snapshot 113, 131, 232
user 129, 130, 137, 138, 144, 149, 156, 157
access control lists (ACLs) 47, 56, 65, 161
Access Key ID 404
accessing
iSCSI volume
Windows 170, 171
accessing data
FTP protocol 167
Nasuni Filer Administration Guide 8.0
account
name 409
status 409
user 33, 407
account alerts 387
acknowledging
alert 448
ACL 460
ACLs 48, 57, 66, 162
ACLs (access control lists) 47, 56, 65, 161
acronyms
list of 481
Active Directory 1, 208, 297, 311, 325, 335, 460
administrative user 309
Directory Services 484
domain
editing 330, 331, 332, 333
for time 304
joining domain 311, 313, 335, 336
leaving domain 339
password 339
permission 309
security 311
configuring 311, 335
security mode 311
server 311
domain name 314
time server 304
trusted domains 312, 315, 331, 335
username 339
Active Directory domain
editing 338
joining 311, 313, 335, 336
leaving 339
name 338
viewing 337
workgroup name 327, 338
495
Index
adding
data
to volume 11, 12, 51, 110, 164, 167, 169, 170,
173, 178, 195, 204, 238
encryption key
to volume 95
export 143
FTP directory 153
NFS export 143
permission
group 383, 388
share 125
share folder 125
user
permission 389, 391, 392
volume 51
Administration Guide xvi
administrative user
Active Directory 309
AES-256 346
alert
acknowledging 448
CPU usage 431
definition 445
email 387
examples of 445
memory usage 431
message panel 28, 34, 446
notification 33, 34, 445
snapshot 431
types of 387
all_squash
UNIX 144, 149
Amazon AWS S3 1, 402, 404
Amazon EC2 2
Amazon S3 403
AMQP 82, 86
Android 185, 273, 274
limiting mobile access to 274
anonymous bind 321
anonymous FTP access 155, 158, 307
antivirus
alerts 387
Clam AntiVirus 15, 78
disabling 78, 79
enabling 78, 79
infected files 80
log file 78
reviewing infected files 80
scheduling 79
service 78
violations 78, 81
Nasuni Filer Administration Guide 8.0
antivirus service
status 79, 80
Apple Open Directory 320
Apple Safari 3, 22
appliance alerts 387
asynchronous I/O 132
Atmos 1, 402
attachment
Mobile Access 192, 196
audio
Web Access
preview 182
auditing 82
file system 82
log file 83, 87
pruning 84
Varonis 64, 82, 85, 86, 340
volume 82
Authenticated Access 56
authenticating user 128
authentication
LDAP 1, 325
Authorization Code 8, 24, 452, 454
Auto Cache
cache jobs 413
enabling for folders 225
enabling for volumes 105
folder 105, 120, 214, 215, 216, 225
Auto Refresh 447
automatic updates 399
AWS
Amazon AWS S3 1, 402
Azure 402
Microsoft 2
B
back-end cloud storage 1
backup
before restoring 230
backup key 353, 451, 452, 456
bandwidth limit
central configuration 342
base operating system
version 27
BIOS
firmware version 424
BMC
firmware version 424
branding
Web Access 134, 177, 397
breaking
file lock 207, 216, 227, 228
496
Index
Bring into Cache 220, 221, 413
browsing
snapshot 232, 235, 236
byte-range locking 227, 406
C
cache 3, 5
bringing data into 220
cache jobs 413
capacity 6
files
viewing 414
folder pinned 66, 118, 224
space
reserved 15, 400, 401
status 6, 43
viewing 414
viewing contents 414
volume pinned 16, 48, 49, 55, 59, 69, 73
cache jobs 413
cancelling 413
viewing 413
Cache Resident 213, 215
Cache Settings 238, 400
cancelling
cache jobs 413
capacity
cache 6
Capacity Alerts 387
capacity alerts 387
capacity exceeded
warning 64, 74, 387, 409
carrier 419
signal 419
case-insensitive 47, 49, 50, 55, 59, 63, 160
case-sensitive 47, 49, 50, 55, 59, 63, 160
Case-Sensitive Paths 131
case-sensitivity 131, 173
central configuration
bandwidth limit 342
policies 342
Sync path 342
Nasuni Filer Administration Guide 8.0
certificate
file 367, 369
name 364, 366, 368, 371, 377, 378
self-signed 14, 362, 363, 365
SSL 362, 363, 377
copying 368
generating 365
replacing 372
setting 374
uploading 370
viewing 363
Certificate Authority 367, 369
certificate request 366, 369
file 367, 369
name 367, 369
Challenge-Handshake Authentication Protocol
CHAP 55
changing
data migration schedule 262
iSCSI
setting 72, 73
password 33, 407
Quality of Service rule 301
quota
volume 13, 74
volume
quota 13, 74
CHAP
Challenge-Handshake Authentication Protocol 55
password 55
username 55
chart
data growth 38, 70
Local Traffic 40
local traffic 420
network activity 40, 420
new data in cache 39
Chrome 3, 22
chunks 64, 65, 69, 100
compression 65, 69, 100
deduplication 64, 69, 100
encryption 100
size 100
CIFS 54, 311, 335
configuring data migration 243
data migration source 239
enabling 161
Mac OS X 54
protocol 47, 49, 54, 59, 65
share 47, 48, 49, 50, 59, 63, 141, 151
snapshot access 113, 131, 232
volume 52
497
Index
CIFS migration
password 240
username 240
CIFS share
deleting 141
editing 139
status 433
CIFS/SMB protocol 47, 56, 65, 162
Clam AntiVirus 15, 78
ClamAV 15, 78
Cleversafe 1, 63, 100, 402, 404
vault 63
client
disconnecting 436, 437
FTP 442
Linux 278
OS X 278
resetting 435, 436, 437
status 434, 440
Windows 278
cloud credentials 402, 403
Cloud I/O 100
cloud provider 402
volume 52, 63, 68
cloud service provider 404
cloud storage account 402
cloud storage platforms 402
Cloud Traffic chart
chart
Cloud Traffic 40, 420
compliance
and snapshot retention 116
compression 1, 5, 346
chunks 100
configuration
central configuration policies 342
Configuration page 283
configuring
data migration 238
CIFS 243
NFS 251
conflict alerts 387
conflicts
merge 206, 207, 208
synchronization 206, 207, 208
connecting
to remote volume 58
Nasuni Filer Administration Guide 8.0
console 357
default login 376
message 32
password 376
rebooting 32
resetting certificate 362, 376
shutdown 32
username 376
copying
migration 244, 252
SSL certificate 368
copy-on-write disk 107
count
CPUs 424
COW disk 107
CPU
count 424
CPU activity 429
CPU Usage
threshold 431
CPU usage
alert 431
creating
data migration source
CIFS 239
NFS 241
export
automatically 54
folder
mobile access 198
password 459
share
automatically 54
username 459
volume 51
credentials 454
csv
Web Access
preview 182
custom permission
remote access 104
customer license 1, 52
customer-provided clouds 100
D
data
adding
to volume 11, 12, 51, 110, 164, 167, 169, 170,
173, 178, 195, 204, 238
data growth
chart 38, 70
498
Index
Data Growth chart
volume 38, 70
data migration 237
alerts 387
CIFS 243
configuring 238
CIFS 243
NFS 251
creating source
CIFS 239
NFS 241
deleting 266
editing 257
error
log 267
error message 248, 254
log 263, 267
name 42, 244, 252
NFS 251
permission 238, 240
removing
procedure 266
rerunning 265
schedule
changing 262
deleting 262
scheduling 258
by day and time 258
by hours or minutes 260
frequency 260, 261
source
deleting 265
disconnecting 265
status 42, 249, 255, 263, 264
to volume 12, 238
view log 263, 267
viewing schedule 262
Data Migration Service 238, 400
decommissioned 268, 269, 450, 455, 462
deduplication 1, 5
chunks 100
default
login
console 376
default share
files 125
delete
link 198
safe delete 97
Nasuni Filer Administration Guide 8.0
deleting 141, 151
CIFS share 141
data migration procedure 266
data migration schedule 262
data migration source 265
encryption key 352
FTP directory 159
NFS 141, 151
NFS export 151
notification 449
notifications 449
permission
group 388
Quality of Service rule 303
share 141
snapshot 13, 115, 211
SSL certificate 376, 379
user
permission 392, 393
volume 121, 122
Deny 129, 130, 137, 138
description 287
Desktop Client 132, 202
OS X 202
Windows 202
destination folder
data migration 245
details for volume 46
device
mobile access 185, 273
DHCP 296, 297, 418
network type 296
diagnostics 282
password 282
sending to Nasuni Support 282
username 282
directory
destination 253, 255
FTP 152, 441
viewing 152, 441
quota 13, 358
directory quota 75
deleting 75
editing 75
rule 75
setting 221
viewing 75
Directory Services 126, 131, 222, 325, 484
Active Directory 126, 131, 222, 484
LDAP 126, 131, 222, 484
disabling
encryption key 93
pinning 118
499
Index
disaster recovery 265, 450
disconnecting
client 436, 437
data migration source 265
from volume 209
FTP client 442
remote volume 209
DNS
mobile access 186, 277, 465
DNS configuration
Mobile Access 465
Sync 465, 466, 467, 468, 470
document
Web Access
preview 182
domain
Active Directory
editing 330, 331, 332, 333
joining 311, 313, 335, 336
LDAP 327
domain controllers
Network Time Protocol services 315
domain groups 382
domain name 314, 339, 366, 467, 468, 471
Active Directory 314
LDAP Directory Services 319, 320
domain users 381, 382
Download
Mobile Access 191
download
files 212
folders 212
Web Access 179
downloading
encryption key 349
file 223
notifications 415, 447, 448
software
Nasuni.com account 454
Web Access 182
dsNet Accesser 404
duplex 419
E
EC2
Amazon 2
Echo Request 356
edit
link 197
Nasuni Filer Administration Guide 8.0
editing
Active Directory domain 338
CIFS share 139
configuring data migration 257
FTP directory 158
NFS export 146
permission
group 388
user
permission 392
editing volume name 71
email
alert 387
configuring 285
Nasuni ii
Nasuni Support ii
quota 13, 358
setting 10, 285
EMC 1, 402
EMC Atmos 1, 100, 402
EMC ECS 100, 404
EMC ViPR 1, 100, 402, 404
enable
Web Access 132
enabling 90
encryption key 90, 91
multiple protocols 161
snapshot access 113
encryption key 90, 346
adding 95, 348
adding to volume 95
creating volume 53
deleting 352
disabling 93
downloading 349
enabling 91
escrowing 350
exporting 349
file 53, 349
recovery 456
fingerprint 347
generating 348
importing 348
information 347
key ID 347
password 92, 94, 96, 351, 352
recovery 456
status 64, 69, 90, 91, 93, 95
uploading 348
username 92, 94, 96, 351, 352
volume 64, 69
encryption keys
uploading 53, 90, 346, 348, 457
500
Index
error
data migration
log 267
definition 445
log
data migration 267
error message
during data migration 248, 254
escrowing
encryption key 350
with Nasuni 346, 349, 350
with third party 349
expiration
subscription 409
Explorer 3, 22
export 3
adding 143
creating
automatically 54
creating automatically 54, 60
editing 146
migration source 238, 241
mounting 173, 176
name 144, 440
Read Only 145, 149
status 438, 440
exporting
encryption key 349
external hostname 134
External traffic group 289, 417, 418
F
Fast-Track Push 67, 117
favorite
mobile access 192, 199
FDE 427
Nasuni Filer Administration Guide 8.0
file
certificate 367, 369
certificate request 367, 369
deleting 115
downloading 212
encryption key 53, 349
file
recovery 456
excluding 248, 254
File Sizes chart 444
File Types chart 444
global locking 5, 67, 78, 107, 207, 212, 214, 215,
216, 220, 227, 228
hiding 131
lock
breaking 228
locking 227
log
data migration 263, 267
mirroring 248, 254
name
case-sensitive 131
overwriting 248, 254, 255
owner 215, 246
path 215
permission 240, 246, 248
previous version 131
restoring 13, 212, 220, 236
searching 217
searching for 212, 217
size
number 443
synchronization conflict log 206, 207
File Alert Service 76
file alert service
status 76
File Browser page 211
file heuristics 443
file information
mobile access 190
file lock
CIFS 434
file locking 5, 67, 78, 107, 207, 214, 215, 216, 227, 228
breaking 207, 216, 227, 228
byte-range locking 227, 406
File Sizes chart 444
file sizes in snapshot 443, 444
file statistics 443
file system 5
auditing 82
file system browser 212
file system metadata 5
501
Index
file type
number 443
File Types chart 444
file types in snapshot 443, 444
file version 5
Filer Administrator 22, 165
password 23
username 23
files
cache
viewing 414
viewing
cache 414
filtering
by criteria 464
notifications 447
fingerprint
encryption key 347
Firefox 3, 22
firewall policy
traffic group 356
firmware
BIOS 424
BMC 424
RAID 424
folder
access 127, 144, 149, 169, 173, 176
Auto Cache 105, 120, 214, 215, 216, 225
destination 249
downloading 212
excluding from data migration 248, 254
global locking 214, 215, 216
hiding 131
name
case-sensitive 131
owner 215
path 214
pinning 214, 215, 216
pinning in cache 118, 224
restoring 13, 212, 220, 230
searching 217
searching for 212, 217
forgot password 24
FreeIPA 320
frequency
data migration
scheduling 260, 261
scheduling
data migration 260, 261
snapshot 108
Nasuni Filer Administration Guide 8.0
FTP 47, 56, 65, 152, 158, 162, 441
anonymous access 155, 158, 307
client 442
disconnecting 442
enabling 161
settings 306
FTP directories 48, 49
FTP directory 152, 441
adding 153
deleting 159
editing 158
viewing 152, 441
FTP protocol 24, 49, 59, 65, 163, 164, 167, 306
Full Disk Encryption
password 428, 429
Full-Disk Encryption 427
G
gateway
traffic group 297
general alerts 387
General traffic group 289, 417, 418
generating
SSL certificate 365
Generic LDAP domain 320
gidNumber 319
global file locking 5, 67, 78, 107, 207, 212, 214, 215,
216, 220, 227, 228, 406
breaking 207, 216, 227, 228
byte-range locking 227, 406
disabling 406
enabling 227
global locking 227, 406
byte-range locking 227, 406
folder 214, 215, 216
global name 63
Glossary 481
GnuPG 348
Google Chrome 3, 22
group
access 128, 129, 130, 136, 137, 138, 155, 156, 157,
344
permission 247, 380, 383, 384, 385, 388, 389, 391,
392
adding 383, 388
deleting 388
editing 388
viewing 381
group associations 381, 382, 383, 386
Groups Granting Access 382
502
Index
H
hard links 173, 227
hardware appliance
console 362, 376
cores per CPU 423
CPU frequency 423
CPU model 423
CPUs 423
locating 425
power supplies 423
power supply
status 424
RAM 423
replacing after disaster 451
serial number 423
status 423
temperature 423
Hardware Getting Started Guide xv
hardware status 423
Help 25, 28
help 28
hiding
file 131
folder 131
hiding ownership 158
FTP 158
Home page 36
host options
NFS 148, 149, 150
NFS export 148
hostname 144, 149, 239, 241, 288, 294
external 134
HTTP/REST protocol 1
HTTPS
for time 304
HTTPS proxy 297
HTTPS proxy server
port 288
hypervisor 7
I
IBM Cloud Object 100
IBM Cloud Object Storage 1, 63, 402, 404
ICMP 356
Echo 356
ping 356
Identity Management for UNIX 311, 335
image
Web Access
preview 182
Nasuni Filer Administration Guide 8.0
infected
antivirus 80
information
volume 63, 68
informational notification
definition 445
Initial Configuration Guide xvi
initial memory allocation 7
Installing the Nasuni Filer on the Azure Platform xv
Installing the Nasuni Filer on the EC2 Platform xv
Installing the Nasuni Filer on Virtual Platforms xv
internal link 179
Internet Explorer 3, 22
iOS 185, 273, 274
limiting mobile access to 274
IP address 55, 73, 127, 144, 149, 155, 169, 239, 241,
288, 296, 297, 298, 418
primary DNS server 297
public 418
secondary DNS server 297
iPad 185, 273
iPhone 185, 273
IQN 438
iSCSI
LUN 438
protocol 47, 54, 65
security 55, 73
setting
changing 72, 73
target 54
volume
accessing
Windows 170, 171
adding 55
iSCSI Initiator 170
iSCSI Qualified Name 438
J
joining
Active Directory domain 311, 313, 336
domain 311, 313, 335, 336
LDAP Directory Services domain 311, 313
K
KDC 321, 326, 328
Kerberos 173, 312
Key Distribution Center 321, 326, 328
key ID
encryption key 347
key terms 3
503
Index
keys
uploading 53, 90, 346, 348, 457
keytab 312
file 326
keytab file 329
L
LDAP 1, 10, 48, 56, 57, 66, 152, 162, 167, 306, 325,
460
bind DN 321
bind password 321
Directory Services 484
domain 325, 326, 327
schema 326
security 312
security mode 312
server 312, 321, 326, 328
LDAP certificate 377
LDAP Directory Services 10, 12, 14, 23, 56, 66, 128,
132, 173, 177, 208, 308, 309, 325, 489
domain 327
joining domain 311, 313, 335, 336
server
domain name 319, 320
LDAP Directory Services domain
joining 311, 313, 335, 336
LDAP domain 8
leaving
Active Directory domain 339
license 7, 409, 463
licensed capacity 54, 64, 74, 409
exceeding 64, 74, 387, 409
link
delete 198
edit 197
regenerate 198
remove 198
shared
Mobile Access 192, 197
Web Access 134
update 197
Linux 164, 176
CIFS 54
client 278
mobile access 274
NFS 54
Linux client 173
list
remote volume 58
local
volume 46
Nasuni Filer Administration Guide 8.0
local name
remote volume 49, 59
local storage
status 43
local time status 44
Local Traffic chart 40
local traffic chart 420
local volume
changing 49
lock
breaking 207, 216, 227, 228
locking
byte-range locking 227, 406
file 5, 67, 78, 107, 207, 212, 214, 215, 216, 220, 227,
228
log
data migration 263, 267
data migration status 263, 267
merge conflict 207
log file
auditing 83, 87
pruning 84
login
console
default 376
password 22
username 22
Login page 22
logo
Web Access 397
Logout 32
logout 32
LUN Size 68, 438
LUN size 47
M
MAC address 419
Mac OS X
CIFS 54
SMB2 protocol 132
Management traffic group 289, 417, 418
mapping drive
share 169
Maximum Expiration 134
maximum transmission unit 296
maximum volumes
trial mode 51
Media Access Control address 419
memory allocation 7
initial 7
minimum 7
recommended 7
504
Index
memory usage 430
alert 431
threshold 431
merge
synchronization 110, 206
merge conflict log 207
message
console 32
panel 33, 34
alert 28, 34, 446
shutdown 32
status 26
synchronization conflict 206, 207
test 286
messages
notifications 445
metadata 3, 5, 15, 413
file system 5
volume 5
Microsoft Azure 2, 100, 402, 404
Microsoft Excel
Web Access
preview 182
Microsoft PowerPoint
Web Access
preview 182
Microsoft Word
Web Access
preview 182
migration
copying 244, 252
log 263, 267
name 42, 244, 252
status 42, 249, 255, 263, 264
minimum memory allocation 7
Mobile Access
DNS configuration 465
Download 191
shared link 192, 197
View File 191
Nasuni Filer Administration Guide 8.0
mobile access 185, 202
additional port 274
configuring 274, 276
creating folder 198
device 185, 273
DNS 186, 277, 465
favorite 192, 199
file information 190
invitation link 276
limiting device type 274
limiting time 274
limiting to one device 274
Nasuni Application 185, 186, 188, 273, 276
port 443 186
service 273
uploading 195
Wi-Fi 201
monitoring
SNMP
Nasuni Management Console 394
mounting
export 173, 176
share 173
mov
Web Access
preview 182
Mozilla Firefox 3, 22
mp3
Web Access
preview 182
mp4
Web Access
preview 182
MTU 296
multiple protocols 55, 160
enabling 161
viewing 160
505
Index
N
name
account 409
Active Directory domain 338
certificate 364, 366, 368, 371, 377, 378
certificate request 367, 369
data migration 42, 244, 252
export 144, 440
global 63
local for remote volume 60
Nasuni Filer 26, 207
changing 287
port 419
share 126, 239, 433
volume 42, 44, 47, 49, 52, 58, 63, 68, 71, 442
editing 71
setting 52
Windows workgroup 309, 315
Nasuni Application
mobile access 185, 186, 188, 273, 276
Nasuni corporate Web site 26, 184
Nasuni Desktop Client 132, 202, 273, 278
Nasuni Filer 3
name 26, 207
changing 287
Nasuni Filer user interface 3
Nasuni Management Console 3, 237, 279
disabling 279
enabling 279
Nasuni Management Console Guide xvi
Nasuni Management Console Quick Start Guide xvi
Nasuni.com account
downloading software 454
remote access 48, 102, 205
Native User 173
native users 381, 382
netmask 127, 144, 149, 296, 418
network
configuration
password 298, 374
username 298, 374
setup 293
status 416
network activity
chart 40, 420
network devices 417
Network Time Protocol
for time 304
NTP 297
port 123 304
services from domain controllers 315
Nasuni Filer Administration Guide 8.0
network type 418
DHCP 296
static 296, 297
New data in Cache
volume 39
new data in cache
chart 39
NFS 54, 311, 335
configuring data migration 251
data migration source 241
deleting 141, 151
enabling 161
export 48, 49, 59
host options 148, 149, 150
protocol 47, 49, 54, 59, 65
snapshot access 113, 232
VMware 175
volume 52
NFS export
deleting 151
editing 146
status 438, 440
NFS protocol 47, 56, 65, 162
NFSv4 48, 57, 66, 162, 440
NFSv4 ACL 48, 57, 66, 162
NFSv4 protocol 48, 57, 66, 162, 440
NMC
Nasuni Management Console 3
no_root_squash
UNIX 144, 149
nocase 173
notification 28, 446
alert 445
deleting 449
near quota 54, 64, 74
sorting
by date 447
by severity 447
by text 447
types of 445
Notifications 28
notifications
deleting 449
downloading 415, 447, 448
filtering 447
retaining 445
viewing 28, 446
Notifications page 9
NTFS 47, 56, 65, 162
NTFS Compatible Mode 47, 56, 65, 162
NTFS Exclusive Mode 48, 56, 65, 162
506
Index
NTP
for time 304
Network Time Protocol 297
time server 297
O
on-demand snapshot 61
open file 434
Open Office
Web Access
preview 182
OpenPGP 53, 346, 348, 349, 484
operating system
version 27
OS X 278
client 5, 278, 311
mobile access 274
SMB2 protocol 132
OS7 7, 182
overwriting
during restore 230
not by sync 206
preventing during data migration 245, 248, 254
owned by 63
P
password 23
Active Directory 339
changing 33, 407
CHAP 55
CIFS migration 240
console 376
creating 459
diagnostics 282
encryption key 92, 94, 96, 351, 352
Filer Administrator 23
forgot 24
Full Disk Encryption 428, 429
login 22
network
configuration 298, 374
shutdown 31
software update 412
strength 33, 391, 407, 459
volume
deleting 122
disconnect 209
path
Mobile Access
entering 190
Nasuni Filer Administration Guide 8.0
pausing
Side Load 271
PDF
Web Access
preview 182
permission
Active Directory 309
custom
remote access 104
file 246, 248
for data migration 238, 240
group 247, 380, 383, 384, 385, 388, 389, 391, 392
adding 383, 388
default 380
deleting 388
editing 388
viewing 381
remote access 103
remote volume 49, 50, 59
user 247, 380, 383, 389, 390, 391, 392, 393
adding 389, 391, 392
default 380
deleting 392, 393
editing 392
permission set 246, 248
adding 246
label 246
selecting 248
permissions 474, 476
Windows 165
PGP 348
physical ports
carrier 419
duplex 419
MAC address 419
name 419
speed 419
status 419
ping 356
pinned folder
viewing 118
pinning
disabling 118
folder 214, 215, 216
folder in cache 66, 118, 224
volume in cache 16, 48, 49, 55, 59, 69, 73, 118, 224
507
Index
port
123
Network Time Protocol (NTP) 304
161
SNMP monitoring 394
25
SMTP port 286
443
mobile access 186, 277
VPN for mobile access 186
Web Access 177
carrier 419
duplex 419
HTTPS proxy server 288
MAC address 419
name 419
physical 419
speed 419
port 8443 177
POSIX 47, 56, 65, 162, 311
POSIX ACL 48, 57, 66, 162
POSIX client 311
POSIX Mixed Mode 48, 57, 66, 162
power 25, 28, 31, 32
power supply
status 424
preparedr 453
preparedr command 268, 462
presentation
Web Access
preview 182
Preview 7
preview
Web Access 182
previous version
file 131
previous versions
Mobile Access
restoring 193
viewing 191, 193
Primary Access Key 404
primary DNS 297
primary DNS server
IP address 297
primary domain 335
Prioritized Snapshot 67, 117
priority 466
privacy policy 25, 28
properties
volume 63, 68
Nasuni Filer Administration Guide 8.0
protocol
CIFS 54
FTP 306
iSCSI 54
NFS 54
SMB 310, 433, 440, 441
SMB2 310, 433, 440, 441
SMB3 310, 433, 440, 441
SMBv2 310, 433, 440, 441
SMBv3 310, 433, 440, 441
volume 47, 49, 59, 65, 69
protocols
multiple 55, 160
proxy server
HTTPS 288
PTR record 467
Q
QoS
Quality of Service 299
Quality of Service 43
changing rule 301
deleting rule 303
rule 301, 303
scheduling 299, 301
quota 74, 212
changing 74
directory 13, 75, 221, 358
email 13, 358
notification near 54, 64, 74
report 13, 358
status 74
threshold 358, 360, 361
volume
setting 13, 54, 74
quota limit 222
quota report 221
adding new 359
deleting 361
editing 361
scheduling 360
sending now 361
viewing 359
quota reports 387
508
Index
R
RAID
array 425
disk 426
firmware version 424
level 425
RAID array
rebuilding 43
ransomware xix, 82
Read Only 49, 50, 59
Read Only access 103, 104, 145, 149, 247, 248
Read/Write 49, 50, 59
Read-Only access 127, 129, 130, 137, 138
read-only access 154, 234, 235
read-write access 103, 104, 129, 130, 137, 138, 246
rebooting 32
after software update 411
console 32
recommended memory allocation 7
recovery 53, 287
during trial mode 349, 451
encryption key 54, 348, 349, 350, 451, 456
file 456
procedure 450
snapshot 450
refreshing subscription license 410
regenerate
link 198
regenerating
shared link 461
region 53, 63, 304
Release Notes 29
viewing 29, 412
remote
volume 46, 49, 58, 59
remote access 58, 102, 104, 205
connecting
to volume 58
disabling 102
disconnecting
volume 209
enabling 102, 205
maximum group size 409
maximum volumes 410
Nasuni.com account 48, 102, 205
permission 103
custom 104
remote and local connections 205
setting 102
snapshot frequency 109
status 66, 102
Remote Access Type 66
Remote Support Service 281
Nasuni Filer Administration Guide 8.0
remote volume 60, 206, 207
changing 48
connecting to 58
disconnecting 209
list 58
local name 49, 59
local name for 60
maximum number 410
remove
link 198
removing
data migration
procedure 266
removing alert from Home page 448
renaming
volume 71
replacing
SSL certificate 372
report
quota 13, 358
rerunning
data migration 265
data migration procedure 265
resetting
CIFS authentication cache 435
client 435, 436, 437
SSL certificate 376
resetting certificate
console 362, 376
restoring
backup before 230
file 13, 212, 220, 236
folder 13, 212, 220, 230
folder from snapshot 230
restoring file or folder
snapshot 212, 230, 231
retention
snapshot 67, 69, 90, 116, 346
RFC 2307 311, 335
RFC2307 321, 326
RFC2307bis 321, 326
rich text format
Web Access
preview 182
role-based access control 36, 45, 211, 237, 284, 380,
408, 445
root_squash
UNIX 144, 149
S
S3
Amazon AWS S3 1, 402
509
Index
Safari 3, 22
Safe Delete
alerts 387
safe delete 97
alerts 97
and recovery 451
approving 123
canceling 123
canceling deletion 123
deleting volume 121
disabling 98
enabling 97
immediately deleting 123
report 97
revoking approval 123
status 64
volume-delete-capable administrator 97
saving
SSL certificate 375
scheduling
antivirus 79
data migration 258
by day and time 258
by hours or minutes 260
Quality of Service 299, 301
quota report 360
snapshot 12, 67, 69, 107, 108, 211
sync 67
schema
LDAP 326
search
for files 212
for folders 212
searching
file and folder for restore 217
snapshot 217
searching for
file 217
folder 217
username 247
secondary DNS 297
secondary DNS server
IP address 297
Secret Access Key 404
security
Active Directory 311
configuring 311, 335
iSCSI 55, 73
LDAP 312
security mode
Active Directory 311, 335
LDAP 312
security setting 346
Nasuni Filer Administration Guide 8.0
SED 427
self-encrypting drive 427
self-signed certificate 14, 362, 363, 365
sending quota report now 361
Serial Number 8, 24, 409, 455
serial number 452, 454
server
Active Directory 311
LDAP 312
Service Level Agreement 25, 28
setting
name
volume 52
remote access 102
SSL certificate 374
volume
name 52
settings
FTP 306
setup wizard 454
SFTP 1, 5, 47, 56, 65, 162
share 3
access 127
adding 125
creating 125
automatically 54, 60
default 125
deleting 141, 151
editing 139
mapping network drive 169
migration source 238
mounting 173
name 126, 239, 433
Read-Only 127
status 433
viewing 124
visible 127
volume and 3
shared directory 143
shared folder 124, 125, 142
adding 125
shared link 132, 134, 135, 136, 138, 179
Mobile Access 192, 197
regenerating 461
Shared Secret 405
shutdown 25, 28, 31, 32
console 32
message 32
password 31
username 31, 412
shutdown option 31
shutdown window 31, 32
shutting down Nasuni Filer 31
510
Index
Side Load 268, 270, 450, 461
pausing 271
signature type 364, 377
size
volume 44, 47, 49, 59, 63
SMB 310, 311, 335
SMB encryption 132
SMB protocol 47, 56, 65, 162, 310, 433, 440, 441
SMB2 310
SMB2 protocol 310, 433, 440, 441
SMB3 encryption 133
SMB3 protocol 310, 433, 440, 441
SMBv2 protocol 310, 433, 440, 441
SMBv3 protocol 310, 433, 440, 441
SMTP
port 25 286
snapshot 5, 452
access 67, 131, 232
enabling 113
status 113
alert 431
and Quality of Service 43
and quota 13, 54, 74
available 235
before disconnecting from remote volume 209
before shutdown 31, 32
browsing CIFS 232, 235, 236
definition 3
deleting 13, 115, 211
detail 5, 15, 107, 211, 299
enabling access 113
file sizes in 443, 444
file types in 443, 444
frequency 108
immediate 61
initial 5
message 26
most recent for volume 44
on-demand 61
prioritized 117
priority 117
recovery 450
restoring file or folder 212, 230, 231
restoring folder and file 230
retention 67, 69, 90, 116, 346
status 115
scheduling 12, 61, 67, 69, 107, 108, 211
status 108
searching 217
searching for file 217
status 42
taking 61
Nasuni Filer Administration Guide 8.0
snapshot access 113, 131, 232
status 113
snapshot directories 235
Snapshot Directory Access 67, 113, 131, 232
snapshot restore alerts 387
snapshot retention
and compliance 116
status 115
snapshot retention policy 13, 115, 211
snapshot scheduling
status 108
SNMP
monitoring
Nasuni Filer 394
Nasuni Management Console 394
port 161 394
trap 396
v1 395
v2c 395
v3 395
software
version 27, 399, 411
software update 411
software updates 387
source folder
data migration 245
Spanning Tree 289
speed
port 419
spreadsheet
Web Access
preview 182
SRV record 466
SSL 285
SSL certificate 362, 363, 377
copying 368
deleting 376, 379
generating 365
replacing 372
resetting 376
saving 375
setting 374
uploading 370
viewing 363
static 418
network type 296, 297
511
Index
status
account 409
antivirus service 79, 80
cache 6, 43
CIFS share 433
client 434, 440
data migration 42, 249, 255, 263, 264
data migration log 263, 267
encryption key 64, 69, 90, 91, 93, 95
file alert service 76
hardware appliance 423
refresh 425
local storage 43
message 26
network 416
NFS export 438, 440
physical ports 419
power supply 424
quota 74
remote access 66, 102
snapshot 42
snapshot access 113
snapshot retention 115
snapshot scheduling 108
subscription 409
sync scheduling 111
virtual machine status 423
volume 44
Status page 408
Storage Access 173, 381, 382, 386
storage controller 3
subnet mask 418
subscription
expiration date 409
status 409
SubTenant ID 405
super user 474
superuser 144, 149
switch 290
switch port access 289
switch ports 289
Sync
DNS configuration 465, 466, 467, 468, 470
sync
conflict 206
scheduling 67, 111
status 111
volume 110
Sync path
central configuration 342
synchronization conflict 206
file name 208
message 206, 207
Nasuni Filer Administration Guide 8.0
T
taking
snapshot 61
TCP 466
terms of service 25, 28
test
message 286
Test Email Recipient 286
text
Web Access
preview 182
text conventions xiv
Third-Party Licensing Guide xvi
threshold
CPU Usage 431
memory usage 431
quota 358, 360, 361
time
from Active Directory 304
from HTTPS 304
from Network Time Protocol 304
from NTP 304
local time status 44
time server
Active Directory
server 304
time.nasuni.com 44, 304
time services
from domain controllers 315
time to live 469, 471, 472, 473
time.nasuni.com
time server 44, 304
traffic group 289, 417, 418
adding 294
configuring 296
deleting 295
editing 295
External 289, 417, 418
firewall policy 356
gateway 297
General 289, 417, 418
Management 289, 417, 418
managing 294
selecting 295
trap
SNMP 396
trial mode 7
ending 7
expiration 409
maximum volumes 51
recovery 349, 451
upgrading 7
trunk access 289
512
Index
trusted domains
Active Directory 312, 315, 331, 335
TTL 469, 471, 472, 473
U
uidNumber 319
Unauthenticated Access Mode 48, 57, 66, 162
UNIX 47, 56, 65, 161, 164, 176, 311, 335
all_squash 144, 149
CIFS 54
NFS 54
no_root_squash 144, 149
root_squash 144, 149
UNIX client 54
UNIX/NFS Permissions Only Mode 47, 56, 65, 161
unprotected files 5, 6, 15, 39, 43, 48, 66, 120, 215, 216,
220, 394, 400, 408, 413, 414, 415
unsynchronized data 5
update
link 197
password 412
updating
software 411
upgrading
from trial mode 7
upload
Web Access 178
uploading
encryption key 348
encryption keys 53, 90, 346, 348, 457
mobile access 195
SSL certificate 370
UPS
battery
status 424
status 424
URL
Web Access 177
usage metrics 443
user
access 129, 130, 137, 138, 144, 149, 156, 157
authenticating 128
domain 381
native 381
permission 247, 380, 383, 389, 390, 391, 392, 393
adding 389, 391, 392
deleting 392, 393
editing 392
user account 33, 407
User Folders Support 131
and directory quota 75, 222
Nasuni Filer Administration Guide 8.0
username 23
Active Directory 339
CHAP 55
CIFS migration 240
console 376
creating 459
diagnostics 282
encryption key 92, 94, 96, 351, 352
Filer Administrator 23
for shutdown 31, 412
login 22
network
configuration 298, 374
searching for 247
viewing 26
volume
deleting 122
disconnect 209
Using Multiple Protocols xvi
V
Varonis 82
auditing 64, 82, 85, 86, 340
configuration 87
vault
Cleversafe 63
Vault Provisioner 404
version
and snapshot 12, 107, 211
base operating system 27
file 131
Nasuni Filer software 27, 399, 411
Release Notes 29
software
Nasuni Filer 27, 399, 411
version history 5
volume 5
video
Web Access
preview 182
View File
Mobile Access 191
513
Index
viewing
Active Directory domain 337
cache 414
cache jobs 413
data migration
schedule 262
directory
FTP 152, 441
files
cache 414
FTP directory 152, 441
multiple protocols 160
notifications 28, 446
permission
group 381
pinned folder 118
Release Notes 29, 412
share 124
SSL certificate 363
username 26
violation alerts 387
violations
antivirus 81
ViPR 1, 402
virtual machine
cores per CPU 423
CPU frequency 423
CPU model 423
CPUs 423
RAM 423
status 423
virtual machine platform 7
virtual machine status 423
virus
Clam AntiVirus 15, 78
VM 7
VMware
NFS 175
Nasuni Filer Administration Guide 8.0
514
Index
volume
adding 51
data 11, 12, 51, 110, 164, 167, 169, 170, 173,
178, 195, 204, 238
adding CIFS share 125
adding encryption key 95
adding NFS export 143
auditing for 82
browsing 213
CIFS 52
cloud provider 52, 63, 68
creating 51
data
adding 11, 12, 51, 110, 164, 167, 169, 170, 173,
178, 195, 204, 238
detail 70
Data Growth chart 38, 70
data migration to 12, 238, 243, 251
definition 3
deleting 121, 122
password 122
safe delete 121
username 122
details 46
disabling remote access 102
disconnect
password 209
username 209
enabling
remote access 102
snapshot access 113
encryption key 64, 69
disabling 93
enabling 90
export
creating 54
information 63, 68
local 46
changing 49
local name for remote volume 60
maximum number 409
metadata 5
name 42, 44, 47, 49, 52, 58, 63, 68, 71, 442
editing 71
setting 52
New Data in Cache 39
NFS 52
pinning in cache 16, 118, 224
properties 63, 68
protocol 47, 49, 59, 65, 69
CIFS 54
iSCSI 54
NFS 54
Nasuni Filer Administration Guide 8.0
protocols 160, 161
quota 54, 74
setting 13, 54, 74
remote 46, 49, 58, 59
changing 48
renaming 71
restoring folder 230
share 3
creating 54
size 44, 47, 49, 59, 63
snapshot
taking 61
status 44
data migration 42
snapshot 42
sync 110
version history 5
Volume Cloud I/O 100
volume-delete-capable administrator
safe delete 97
VPN for mobile access
port 443 186
VSS Hardware Provider 340
W
warning
capacity exceeded 64, 74, 387, 409
definition 445
wav
Web Access
preview 182
Web Access 7, 177, 182
branding 134, 177, 397
configuring 134
download 179
downloading 182
enable 132
internal link 179
logo 397
port 443 177
preview 182
settings 134
shared link 134, 179
upload 178
URL 177
Web browsers 3
weight 466
Wi-Fi
mobile access 201
wildcard
data migration
excluding files 248, 254
515
Index
wildcard “%U” 126, 132
Windows 164, 170, 171
client 278
iSCSI volume
accessing 170, 171
mobile access 274
permissions 165
snapshot access 131, 232
Windows client 54, 310
Windows Explorer 164, 171
Windows Previous Versions 1, 131
Windows workgroup
name 309, 315
wizard
setup 454
workgroup name
Active Directory domain 327, 338
Nasuni Filer Administration Guide 8.0
516
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising