NMC Guide

Nasuni Management Console
Guide
Version 22.1
July 2022
Last modified: July 1, 2022
© 2022 Nasuni Corporation
All Rights Reserved
Document Information
Nasuni Management Console Guide
Version 22.1
July 2022
Copyright
Copyright © 2010-2022 Nasuni Corporation. All rights reserved.
Notice
The information in this document is subject to change without notice and does not
represent a commitment on the part of Nasuni Corporation (“Nasuni”). Software and
services described in this document are furnished under terms and conditions found at
www.nasuni.com/legal/. Software and services may be used only in accordance with such
terms. These terms are subject to change from time to time, so you should check our
website for the latest terms. This document contains the confidential and proprietary
information of Nasuni and may not be used or disclosed to any third party except as
specifically set forth in such terms and conditions and any confidentiality agreement in
place with Nasuni. No part of this manual may be reproduced in any form or by any
means, electronic or mechanical, including photocopying and recording, without the
express written permission of Nasuni. Licensed users may contact Nasuni for access to
additional copies.
Although Nasuni has attempted to ensure the accuracy of the content of this document, it
is possible that this document might contain technical inaccuracies, typos or other errors.
Nasuni assumes no liability for any error in this document and disclaims all damages that
might arise from the use of this document, whether direct, indirect, incidental,
consequential or otherwise, including, but not limited to loss of data or profits. Nasuni
provides this publication “as is” without warranty of any kind, either express or implied,
including, but not limited to implied warranties of merchantability or fitness for a particular
purpose.
Trademarks
NASUNI, the NASUNI logo, and UniFS are registered trademarks of Nasuni Corporation in the U.S. and other countries. All
other marks are the property of their respective owners.
Patents
Nasuni’s products are protected by the U.S. patents identified here. Nasuni’s products may also be covered by one or more
patents granted or pending in the U.S. and other countries.
Contacting Nasuni Corporation

Technical Support
Nasuni Corporation
One Marina Park Drive Online self-help resources, as well as 24x7x365 live Technical
Boston, MA 02210 Support, are available at www.nasuni.com/support.
+1.857.444.8500
https://www.nasuni.com
info@nasuni.com
Contents
Contents
Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Text Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Product Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Electronic Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Release Notes for Nasuni Documentation Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Chapter 5: The Nasuni Management Console . . . . . . . . . . . . . . . . . . . . . . . 19

Nasuni . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Placing Nasuni Edge Appliance under control of Nasuni Management Console 22
Key Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Chapter 6: Task Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Starting with the Nasuni Management Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Installing the Nasuni Management Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Creating new volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Managing the Nasuni Management Console . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Managing data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Providing data access to users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Downloading, restoring, and bringing data into cache . . . . . . . . . . . . . . . . . . . 28
Setting quotas on folders and volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Sharing data between Nasuni Edge Appliances . . . . . . . . . . . . . . . . . . . . . . . . 28
Adding data to volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Protecting data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Managing volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Nasuni Management Console Guide 22.1 3

Contents
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Handling encryption keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Role-based access control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
SSL certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Antivirus Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Ransomware Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Firewall protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Changing performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Actions only available on the Nasuni Edge Appliance . . . . . . . . . . . . . . . . . . . . . . . 35
Chapter 7: Installing the Nasuni Management Console . . . . . . . . . . . . . . . . 36

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Requirements for the Nasuni Management Console . . . . . . . . . . . . . . . . . . . . . . . . 36
NMC Sizing Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Installing the Nasuni Management Console Software . . . . . . . . . . . . . . . . . . . . . . . 37
Connecting with the Nasuni Management Console . . . . . . . . . . . . . . . . . . . . . . . . . 41
SSL Security Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Example using Mozilla Firefox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Example using Google Chrome . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Example using Microsoft Internet Explorer . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Nasuni Management Console Installation Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Chapter 8: Login Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Logging in to the Nasuni Management Console . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Resetting Administrative Account (Forgot password?) . . . . . . . . . . . . . . . . . . . . . . 55
Viewing the Nasuni Management Console Help . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Chapter 9: Common Screen Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Username . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Navigation Bar Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Viewing the Nasuni Management Console Help . . . . . . . . . . . . . . . . . . . . . . . . 57
Viewing the Nasuni Management Console Release Notes . . . . . . . . . . . . . . . . 58
Powering Down and Rebooting the Nasuni Management Console . . . . . . . . . . 59
Changing Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Logging Out of the Nasuni Management Console . . . . . . . . . . . . . . . . . . . . . . . 61
Other screen elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Pop-up Software Update Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Search text box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Time zone selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

Contents
NMC version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Sorting lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Action status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Chapter 10: Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

System Health . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Hardware Health . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Volumes Managed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Filers Managed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Capacity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Data Growth chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Network Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
File Types Written . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
File Sizes in Snapshots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Chapter 11: Volumes Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

Volumes page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Volumes Managed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Unified Storage Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
HTTPS Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Volume Health . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Data Not Yet Protected chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Data Growth chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Volume List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Volume details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Deleting a local volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Safe Delete of volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Disconnecting from a remote volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Take Snapshot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Monitoring snapshot processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Cancel Snapshot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Create Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Connect to (and Disconnect from) a Remote Volume . . . . . . . . . . . . . . . . . . . . . . 109
File System Browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Selecting Volume, Folder, or Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Actions with Selected Volume, Folder, or Files . . . . . . . . . . . . . . . . . . . . . . . . 122

Contents
Unprotected Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

Viewing unprotected files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
NFS Exports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Viewing exports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Creating exports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Editing exports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Editing host options for exports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Deleting exports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
FTP Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Viewing FTP directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Creating FTP directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Editing FTP directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Deleting FTP directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
SMB (CIFS) Shares . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Viewing shares . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Creating shares . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Web Access Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Editing shares . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
Deleting shares . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Auto Cached Folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Viewing folders that have Auto Cache enabled . . . . . . . . . . . . . . . . . . . . . . . . 186
Disabling Auto Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Cloud I/O . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Encryption Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Viewing encryption keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Adding encryption keys to a volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Enabling encryption keys for a volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Disabling encryption keys for a volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Name of volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Viewing volume names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Changing volume name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Pinned Folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Viewing and disabling pinned folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Quota . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Viewing volume quota setting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Editing volume quota . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Viewing and editing folder quotas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

Contents
Deleting folder quotas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209

Viewing folder quota rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
Editing folder quota rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
Deleting folder quota rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Remote Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Viewing remote access setting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Setting or editing remote access settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
Snapshot Directory Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Viewing snapshot directory access settings . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Editing snapshot directory access settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Snapshot retention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
Changing Snapshot Retention time interval . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
Restoring data protected by snapshot retention . . . . . . . . . . . . . . . . . . . . . . . 221
Viewing snapshot retention settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
Setting or editing snapshot retention settings . . . . . . . . . . . . . . . . . . . . . . . . . 222
Snapshot schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
Viewing snapshot schedules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Editing snapshot schedules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Global File Acceleration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Sync Schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
Scheduling Syncs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
Antivirus Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Viewing Anti-Malware settings (Antivirus Protection and Ransomware Detection) 239
Editing Anti-Malware settings (Antivirus Protection and Ransomware Detection) 239
Antivirus Violations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
Viewing antivirus violations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
Reviewing antivirus violations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
Ransomware Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
Important: BEFORE PUTTING NASUNI RANSOMWARE DETECTION INTO PRODUCTION
245
Viewing Anti-Malware Service settings (Antivirus Protection and Ransomware Detection) 246
Editing Anti-Malware Service settings (Antivirus Protection and Ransomware Detection) 247
File System Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
File Alert Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Viewing File Alert Service settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Editing File Alert Service settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Data Propagation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263

Contents
Chapter 12: Filers Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267

Filers page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
Filers Managed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
Connected Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Filer Health . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
Network Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
Mobile Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
Account Filers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Network Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Mobile Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
CPU Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Memory Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Filer Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
API Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
API Access key for external auditing using Varonis . . . . . . . . . . . . . . . . . . . . . 282
Automatic Software Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
Viewing automatic software update settings . . . . . . . . . . . . . . . . . . . . . . . . . . 284
Editing automatic software update settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
Cache Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
Viewing cache settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
Editing cache settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
CIFS Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
Viewing CIFS settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
Editing CIFS settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
FTP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
Viewing FTP settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
Editing FTP settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
Nasuni Edge Appliance Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
Viewing Nasuni Edge Appliance descriptions . . . . . . . . . . . . . . . . . . . . . . . . . 296
Editing the Nasuni Edge Appliance description . . . . . . . . . . . . . . . . . . . . . . . . 297
Disk Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
Viewing disk encryption status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
Editing the disk encryption status of the Nasuni Edge Appliance . . . . . . . . . . 299
Email Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
Encryption Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
Viewing encryption keys on Nasuni Edge Appliances . . . . . . . . . . . . . . . . . . . 304
Adding (importing or uploading) encryption keys to Nasuni Edge Appliances 305
Sending encryption keys to Nasuni Edge Appliances . . . . . . . . . . . . . . . . . . . 307

Contents
Escrowing Encryption Keys with Nasuni . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308

Deleting Encryption Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
Backup Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
Escrow Passphrase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
Global Locking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
Degrading Global File Lock to read locks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
Quality of Service (Bandwidth) Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
Viewing Quality of Service settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
Adding Quality of Service rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
Editing Quality of Service rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
Deleting Quality of Service rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
Quota Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
Viewing quota report schedules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
Sending a quota report manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
Adding quota report schedules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
Editing quota report schedules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
SNMP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
Viewing SNMP settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
Editing SNMP settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334
Syslog Export . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336
Viewing syslog export settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
Editing syslog export settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
Time Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
Viewing time zone and time source settings . . . . . . . . . . . . . . . . . . . . . . . . . . 340
Refreshing current times . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341
Editing time zone and time source settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 341
Web Access Branding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343
Mobile Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345
Viewing Mobile Access service settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
Editing Mobile Access service settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Generating Invitation Link for Mobile Access . . . . . . . . . . . . . . . . . . . . . . . . . . 348
Mobile Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
Viewing licenses for the Mobile Access service . . . . . . . . . . . . . . . . . . . . . . . . 350
Enabling Mobile Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
Disabling Mobile Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
Deleting Mobile Access licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
Refresh License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352
Refreshing license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352

Contents
Remote Support Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353

Viewing Remote Support Service settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353
Enabling and disabling Remote Support Service . . . . . . . . . . . . . . . . . . . . . . . 354
Send Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
Side Load . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356
Starting the Side Load process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357
Viewing and controlling the Side Load process . . . . . . . . . . . . . . . . . . . . . . . . 358
Audit Destinations Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360
Cache Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361
Viewing cache jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361
CIFS Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362
Viewing CIFS clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362
Disconnecting clients from a share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
Resetting the CIFS Authentication Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
Resetting All CIFS Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364
CIFS File Locks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
Viewing file locks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
Disconnecting file locks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366
FTP clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
Viewing FTP clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
Disconnecting FTP clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368
Filer Heuristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369
Data Growth chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
File Types Written . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
File Sizes in snapshots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
Viewing network settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
Pending Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376
Viewing pending updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376
Acknowledging pending updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376
Platform Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378
Viewing hardware and virtual machine information . . . . . . . . . . . . . . . . . . . . . 378
Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381
Viewing security settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381
Shared Link Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383
Viewing shared links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383
Deleting shared links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384
Shutdown and Reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385

Contents
Software Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388

Viewing Nasuni Edge Appliance software updates . . . . . . . . . . . . . . . . . . . . . 388
Updating Nasuni Edge Appliance software . . . . . . . . . . . . . . . . . . . . . . . . . . . 390
System Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392
SSL Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394
Viewing SSL certificate information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395
Chapter 13: Account Status Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396

Account Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396
Viewing account status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396
Refreshing license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397
Cloud Credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398
Viewing cloud credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399
Adding or editing cloud credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400
Copying cloud credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405
Deleting cloud credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407
Serial Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408
Viewing serial numbers and authorization codes . . . . . . . . . . . . . . . . . . . . . . . 408
Chapter 14: Console Settings Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409

Configuration Overview page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410
Automatic Software Updates for NMC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412
Viewing automatic software update settings for the NMC . . . . . . . . . . . . . . . . 412
Editing automatic software update settings for the NMC . . . . . . . . . . . . . . . . 413
Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414
Viewing description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414
Editing the description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414
Email Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415
SNMP Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417
Editing SNMP settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417
Syslog Export . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419
Editing console syslog export settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420
Time Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422
Setting time zone and time source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422
Directory Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423
About Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423
About LDAP Directory Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 424
Joining Nasuni Management Console (not previously joined) to a domain . . . 426

Contents
Considerations for a Read-Only Domain Controller (RODC) . . . . . . . . . . . . . . 436

Viewing information about Directory Services already configured . . . . . . . . . . 438
Editing LDAP Directory Services domain settings . . . . . . . . . . . . . . . . . . . . . . 440
Updating the keytab file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441
Editing Active Directory domain settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443
Editing Active Directory general settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444
Disconnecting an Edge Appliance from an Active Directory domain . . . . . . . . 445
Encryption Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446
Viewing encryption keys on the Nasuni Management Console . . . . . . . . . . . . 447
Uploading (importing or adding) encryption keys to the NMC . . . . . . . . . . . . . 449
Downloading the NMC’s generated encryption key . . . . . . . . . . . . . . . . . . . . . 451
Escrowing encryption keys with Nasuni . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452
Deleting Encryption Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453
NMC Escrow Passphrase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454
NMC API Access Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456
Viewing and revoking NMC API access keys . . . . . . . . . . . . . . . . . . . . . . . . . . 456
Session Timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457
Setting session timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457
SSL Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 458
Viewing SSL certificate information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 458
Copying SSL certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460
Generating SSL certificates or a self-signed certificate to the NMC . . . . . . . . 461
Uploading SSL Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463
Replacing SSL Certificates or SSL Certificate Chains . . . . . . . . . . . . . . . . . . . 466
Enabling SSL Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468
Downloading SSL Certificate Request Files . . . . . . . . . . . . . . . . . . . . . . . . . . . 469
Deleting SSL Certificates or Certificate Requests . . . . . . . . . . . . . . . . . . . . . . 470
Saving SSL Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471
Console Users and Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472
Viewing permission groups and users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472
Viewing Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474
Adding Native Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475
Editing Users and Changing User Passwords . . . . . . . . . . . . . . . . . . . . . . . . . 476
Linking Domain Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477
Deleting Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479
Viewing Permission Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480
Adding Permission Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480
Editing Permission Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484

Contents
Deleting Permission Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 485

Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486
Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487
Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 490
Software Update for NMC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 492
Remote Support Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494
Enabling and disabling Remote Support Service . . . . . . . . . . . . . . . . . . . . . . . 494
Send Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495
Chapter 15: Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 496

Retaining Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 496
Viewing Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 497
Acknowledging Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 499
Deleting Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 500
Downloading Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 500
Chapter 16: Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501

Recovering the Nasuni Management Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501
Appendix 17: Console Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 515

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 515
Using console commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 515
Changing device and network parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . 517
Changing static IP address and other network parameters . . . . . . . . . . . . . . . 520
Enabling DHCP Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 523
Viewing the MAC Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 524
Rebooting the NMC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 525
Appendix 18: Nasuni Terms of Service and License Agreement . . . . . . . . 526

Nasuni Corporation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 526
Appendix 19: Filtering Displays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 527
Appendix 20: Health Monitor Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . 528

Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 528
Status Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 528
Polling and Thresholds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 529
Monitors and Remediation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 529
Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 529
CPU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 529

Contents
Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 530

File Protocol Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 530
Nasuni Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 531
Disk Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 531
Internal File System Utilization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 531
Network Connectivity Checks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 532
Memory Fragmentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 532
Appendix 21: Case Sensitivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 533

Configuring case sensitivity for Windows systems with SMB/CIFS . . . . . . . . 533
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 533
Appendix 22: Volume Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 534
Appendix 23: Data Metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 537
Appendix 24: Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 538

Nasuni Edge Appliance and NMC Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . 538
Appendix 25: Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 559

Audience
Preface
Audience
This Guide is intended for the IT administrator or person responsible for managing Nasuni Management
Consoles using the Nasuni Management Console user interface.
Text Conventions
The following text conventions are used in this document:
Convention Description
1. Number Used to indicate a step in a procedure.
• Bullet Used for items in a list without any particular order.
Bold Used to give emphasis to a word.

Also used for named graphical elements.
Italics Used to represent options or parameters.

Also used for document names.
Underline Used for hyperlinks, such as links to Web sites.
Monospace Used to indicate pathnames, filenames, directory names,

typed information, and code.
The following types of text notes have special meanings:

Note: Special information or a helpful hint to help you work more efficiently. Without a Note, you
might lose precious time and get frustrated while trying to understand why something is
not working.
Important: Significant information you need to know, or a consequence that is not immediately
obvious.

Audience
Tip: A suggestion on how to do something. More than information, this is a hint to make things
easier or more productive for you.
Caution: If you do this, something negative, such as data loss or data unavailability, might
happen. Be careful.
Warning: If you do this, something negative, such as data loss or data unavailability, is
definitely going to happen. A Warning is the highest level of alert. Be extremely
careful.

Electronic Publications
Product Documentation
Electronic Publications
Extensive documentation is available for all aspects of installing, configuring, and operating the Nasuni
Edge Appliance (Filer). The latest version of each of the following documents is available in PDF format
at https://community.nasuni.com/s/documentation.
• Nasuni Edge Appliance Administration Guide: “The Manual”: Encyclopedic guide to managing
storage with a Nasuni Edge Appliance.
• Nasuni Management Console Guide: “The Other Manual”: Encyclopedic guide to managing
multiple Nasuni Edge Appliances.
• Best Practices Guide: Step-by-step instructions for planning, installing, configuring, operating,
and troubleshooting the Nasuni Edge Appliance and Nasuni Management Console.
• Hardware Getting Started Guides: To set up a Nasuni Edge Appliance on a Nasuni hardware
appliance:
• N1040r Hardware Appliance Getting Started Guide.
• N1040t Hardware Appliance Getting Started Guide.
• N2040 Hardware Appliance Getting Started Guide.
• Installing on Virtual Machines: For installing Nasuni on a virtual machine:
• On virtual machines within a corporate network: Installing on Google Cloud, Installing on
Hyper-V, Installing on Nutanix, and Installing on VMware.
• Installing on Microsoft Azure: For installing on Microsoft Azure.
• Installing on Amazon EC2: For installing on Amazon EC2.
• Nasuni Edge Appliance Initial Configuration Guide: For configuring and deploying the Nasuni
Edge Appliance after the initial installation on the hardware appliance or virtual machine.

Release Notes for Nasuni Documentation Set
Release Notes for Nasuni Documentation Set

Date (As Of) Changes
2022-06-13 Added details of hardlinks with Global File Lock, in Global File Lock, Administration
Guide, NMC Guide, and Best Practices Guide.
2022-05-12 Added details of NFS ports to Firewall and Port Requirements.
2022-04-22 Added details of support for Windows Previous Versions, in Administration Guide,
NMC Guide, and Best Practices Guide.
2022-03-04 Improved data migration and audit time information, in many documents.
2022-02-08 Added endpoints for Global File Acceleration to Firewall and Port Requirements.
2022-01-06 Updated supported operating systems, in many documents.

Chapter 5: The Nasuni Management Console
Nasuni
Nasuni® enables organizations to store, protect, synchronize, and collaborate on unstructured file data
across all locations. Built for the cloud and powered by UniFS, the world’s only global file system, the
Nasuni file data platform couples the performance of local file servers with the infinite scale of the cloud
to provide a global file-sharing platform at half the cost of traditional file infrastructures.
With Nasuni, you can consolidate Network Attached Storage (NAS), distributed file servers, backup,
disaster recovery, file archiving, multi-site file synchronization, and global file locking in one simple,
scalable solution.
Nasuni stores all files and metadata in private (on-premises) or public cloud object storage to provide
unlimited primary or archive file storage capacity, then intelligently caches just the active data on
lightweight Nasuni Edge Appliances to provide local, high-performance file access in any location.
Nasuni supports the leading third-party object storage services:
• Public cloud (aka BYOC) storage services Alibaba Cloud Object Storage Service (OSS), Amazon
Simple Storage Service (Amazon S3), Google Cloud Storage, IBM Cloud Object Storage,
Microsoft Azure Cloud Storage, Virtustream Storage Cloud, and Wasabi Hot Cloud Storage.
• Private cloud (on-premises) storage services Cloudian HyperStore, Dell EMC Elastic Cloud
Storage (ECS), Hitachi Content Platform (HCP), IBM Cloud Object Storage, NetApp
StorageGRID, Nutanix Objects, Pure Storage FlashBlade, Scality RING, and Quantum
ActiveScale.
Support for each of these cloud storage services is included with each Nasuni subscription. Multiple
cloud storage services can be used within a single Nasuni implementation, and a single Nasuni Edge
Appliance can connect to volumes in different cloud storage services. However, each volume can exist
only in a single cloud storage service.
Nasuni consists of several product components.
UniFS®
The UniFS® global file system is cloud-resident and downloadable software that serves as the
foundation of the Nasuni platform. UniFS is the first file system designed for private on-premises or
public cloud object storage. Unlike device-constrained file systems that cannot scale beyond their
single “box” or cluster, the unique ability for UniFS to live and scale within object storage means that
Nasuni has no limits on total capacity, file versions, file size, volume size, or number of locations.
Another unique quality of UniFS is the ability to extend on-premises and to cache only the actively used
files and metadata anywhere that high-performance file access is needed on Nasuni Edge Appliances.

The Nasuni Management Console Nasuni
It is this ability, combined with the ability to rapidly synchronize changes to files made on any Edge
Appliances with the authoritative master copies stored in cloud storage, that enables Microsoft Azure
storage, Amazon Simple Storage Service (Amazon S3), Dell EMC ECS, IBM Cloud Object, and other
public and private cloud object storage solutions to be used for high-performance file storage.
Nasuni Edge Appliances

Note: Nasuni Edge Appliances are sometimes referred to by the shorter name “Filers”.
Each Nasuni Edge Appliance performs two main tasks:
• Securely transmits files to cloud object storage where the authoritative copies of all files are
stored.
• Caches actively used files locally to provide high-performance file access, and to minimize
cloud egress charges in deployments where Nasuni is backed by public cloud storage.
A Nasuni Edge Appliance can be a virtual machine that runs on hypervisors including Amazon EC2,
Microsoft Azure, Microsoft Hyper-V, Nutanix AHV, and VMware ESXi. Or a Nasuni Edge Appliance can
be a Nasuni hardware appliance.
Just like traditional NAS controllers or file servers, Nasuni Edge Appliances support NFS, SMB (CIFS),
FTP/SFTP, and HTTP/ REST protocols. They are also fully integrated with Active Directory, LDAP,
Distributed File System (DFS), and Windows Previous Versions. However, the reach and capacity of
Nasuni Edge Appliances far exceed traditional NAS controllers, because the appliances store only
active files, and have the entire back-end capacity of cloud object storage at their disposal. All data is
deduplicated, compressed, and encrypted by the appliances before being transmitted to object
storage.
Each Nasuni Edge Appliance includes Nasuni Continuous File Versioning™ for data protection. This
advanced snapshot technology captures file changes as they occur, and transmits only those changes
to your third-party cloud storage system, so that the third-party cloud storage system always contains
the latest version of every file. It also provides highly granular file-level data protection that offers
improved recovery points and recovery times compared to traditional file backup, eliminating the need
for traditional backup hardware, software, media servers, and tape and disk media.
Each Nasuni Edge Appliance offers a Web-based interface that enables you to manage volumes and
performance. To manage many Edge Appliances, you use the Nasuni Management Console (NMC).
Nasuni Management Console (NMC)

The Nasuni Management Console (NMC) enables you to monitor and manage many Nasuni Edge
Appliances from one central Web-based interface. Using the Nasuni Management Console, you can
view the status of all of your Nasuni Edge Appliances, as well as configure their settings. Using the
Nasuni Management Console, you can also ensure consistent settings by applying changes to all
appliances with one operation.
Nasuni Orchestration Center (NOC)

The Nasuni Orchestration Center (NOC) is the set of cloud-based services that serves as the control
path for Nasuni, and is separate from the data path that writes data to and reads data from private or
public cloud object storage. The NOC orchestrates internal authentication, software updates, Nasuni

Global Volume Manager™, Nasuni Global File Lock™, credential management, support services, and
the dashboard for monitoring and reporting.
The NOC also ensures that organizations benefit by having a simple, safe, and secure way to share
data across any number of sites. Nasuni’s multi-site access capabilities include:
• Secure data distribution to remote office/branch office (ROBO).
• Remote offices forwarding data to a central point.
• Two-way synchronized read-write.
Nasuni’s multi-site access also eliminates costly and cumbersome replication schemes and slow WAN
optimizers.
Nasuni Global Volume Manager™
Nasuni Global Volume Manager ensures that changes from every location are synchronized with cloud
storage, then propagated from cloud storage to all other Edge Appliances that are caching the same
files, so that users are always working on the latest versions. Nasuni Global Volume Manager aligns the
changes from each Nasuni Edge Appliance based on date/time stamp, creating an infinite version
history of every file.
Nasuni Global File Lock™
Nasuni is designed to enable multiple appliances to connect to a single volume, so that users in
different locations can collaborate on the same shared files. Nasuni Global File Lock is software that
works with third-party cloud storage to ensure that only one user can write data at a time, minimizing
the possibility of version conflicts. Nasuni Global File Lock ensures that only one user in the world can
make file changes at any time, by controlling the transmission of data by multiple users to your third-
party cloud storage system to prevent overlap.
Analytics Connector
The Nasuni Analytics Connector enables you to turn unstructured data into big data. A consolidated
cloud-based file system enables you to export a temporary second copy of your file data, in native
object format, in a separate cloud storage account. You can then use this data with analytics software,
AI, machine learning, and other data recognition tools.
Using Analytics Connector, you can use any analytics service from AWS or Azure, regardless of which
cloud currently stores your Nasuni volume. Since file data has already been centralized in cloud
storage, the process is fast, capable of exporting 14–16 TBs of data per hour. You can specify file
types, specific paths, and more to refine the selection of data for analysis. Nasuni provides a cost
estimator tool to help organizations project the cloud costs of storing the selected data sets in native
object format in a separate cloud storage account. The Analytics Connector runs entirely in the chosen
cloud storage account, using securely stored customer keys.
Global File Acceleration

Combined with Nasuni’s global file system, the Nasuni Global File Acceleration (GFA) service
accelerates file synchronization to improve collaboration and optimize productivity across locations.
Global File Acceleration delivers more intelligent multi-site file synchronization that is based on real-
time user activity to prioritize when data gets propagated to Nasuni Edge Appliances at other sites, so
that users gain faster access to their shared data. The GFA service is available to Premium customers.

Individual Edge Appliances continuously send file system audit events (such as reads, writes, deletes,
and renames) to the cloud-based Global File Acceleration Cloud Controller. Individual Edge Appliances
also request recommendations from the GFA Cloud Controller on when to perform syncs and
snapshots (respectively known as “pull” and “push”) for the GFA enabled volume, based on near-real-
time analysis of file system audit events.
Using the Nasuni Management Console, you can manage Nasuni Edge Appliances even if they are not
presently connected. Any changes made propagate to the Nasuni Edge Appliance when it becomes
connected.
Note: Notifications and changes on Nasuni Edge Appliances can take up to 10 minutes to
appear in the Nasuni Management Console.
Tip: Certain functions can also be performed using the NMC API. For details, see NMC API.
Certain actions remain unique to each Nasuni Edge Appliance and are not available for control using
the Nasuni Management Console, including:
• Restoring files and folders.
• Network-specific configuration.
• Active Directory or LDAP configuration.
• Setting quotas and quota rules (but not quota reporting).
Placing Nasuni Edge Appliance under control of Nasuni Management Console

Caution: When a Nasuni Edge Appliance goes under the control of the Nasuni Management
Console, the following processing occurs:
• Any existing local users and groups on the Nasuni Edge Appliance are replaced by
the users and groups of the NMC.
• If any volumes have Safe Delete enabled, then any pending approvals of volume
deletion, and any pending volume deletions, are canceled. The number of “Approvals
Required” is also reset to 1. However, each volume’s Safe Delete setting remains
enabled.
• When a Nasuni Edge Appliance is disconnected from the Nasuni Management
Console, the Nasuni Edge Appliance retains those users and groups that pertain to the
Nasuni Edge Appliance.
Note: If a Nasuni Edge Appliance is under the control of the Nasuni Management Console, you
can return that Nasuni Edge Appliance to self-management mode at any time. In particular,
if a Nasuni Edge Appliance loses Internet connectivity with the Nasuni Management
Console, you can return that Nasuni Edge Appliance to self-management mode.
Note: If a Nasuni Edge Appliance is managed by the NMC, and the NMC is unable to contact or
manage the Nasuni Edge Appliance, and that Nasuni Edge Appliance is included in a
group's Filer Access Permissions list, when the Nasuni Edge Appliance becomes
managed by the NMC again, the Nasuni Edge Appliance receives an updated list of users
and groups. If any active Safe Delete requests were associated with any the users whose

permissions were discontinued, those requests and any associated approvals are
canceled.
To enable management by the Nasuni Management Console, follow these steps:
1. On the Edge Appliance user interface, click Services, then select Nasuni Management
Console from the list. The Nasuni Management Console page appears.
Figure 5-1: Nasuni Management Console page.

2. From the NMC Management is drop-down list, select either enabled or disabled.
Important: If a customer removes from NMC management an Edge Appliance that owns a
volume that Global File Acceleration (GFA) is active on, the following processing
occurs:
• The Global File Acceleration configuration for any volume owned by that Edge
Appliance is deleted from the NMC.
• When the Edge Appliances check in with the NMC, as they do on a periodic
basis, they sync to the NMC’s GFA configuration, of which there is now nothing
(GFA disabled) for that volume.
• The volume owned by that Edge Appliance reverts to the snapshot schedule
and sync schedule that have been set for that volume on all Edge Appliances.
• If the Edge Appliance that owns the volume is once again placed under the
management of the NMC, Global File Acceleration must be reconfigured for the
volume owned by that Edge Appliance.
3. Click Save. A confirmation message appears. A message also appears at the top of the screen.
Note: It can take up to ten minutes for the Nasuni Edge Appliance to appear on the Nasuni
Management Console user interface.

The Nasuni Management Console Key Terms
Key Terms
The following terms are helpful in understanding the Nasuni Edge Appliance:
• Nasuni Edge Appliance (Filer): The virtual or physical appliance in your data center that
integrates with your infrastructure via CIFS (SMB), NFS, FTP/SFTP, or HTTPS/REST protocols.
The Nasuni Edge Appliance can be mapped as a network drive.
• Nasuni Edge Appliance user interface: The Web-based graphical user interface with which
you configure and manage the Nasuni Edge Appliance. The Nasuni Edge Appliance user
interface is accessible with supported Web browsers including Mozilla Firefox, Internet
Explorer, Safari, and Google Chrome.
• Nasuni Management Console (NMC): The Web-accessible appliance with which you can
configure and manage multiple Nasuni Edge Appliances. The Nasuni Management Console is
accessible with supported Web browsers including Mozilla Firefox, Internet Explorer, Apple
Safari, and Google Chrome.
• Cloud storage: Internet-based, highly protected, unlimited storage.
• Volume: A set of files and directories (CIFS (SMB), NFS, and FTP/SFTP).
• Share/export: An access point to a folder on a volume that can be shared or exported on your
network. Access to a CIFS (SMB) share can be customized on a user-level or group-level basis.
You can create many shares or exports on a volume, for different purposes or audiences.
• Cache: The local storage of the Nasuni Edge Appliance. All data and metadata that is accessed
regularly is kept locally in the cache. If requested data is not locally resident, it is staged into the
cache and provided for the request.
• Snapshot: A snapshot is a complete picture of your volume at a specific point in time.
Snapshots offer data protection by enabling you to recover data deleted in error or to restore an
entire file system. After a snapshot has been taken and is sent to cloud storage, it is not
possible to modify that snapshot.
Terminology
The following terminology is useful in understanding Nasuni technology:
Alerts and messages: See “Notifications”, including “Notifications” on page 496.
Backup: See “Snapshots”, including “Snapshot schedule” on page 224 and “Snapshot retention” on
page 220.
Bandwidth: See “Quality of Service (QoS)”, including “Quality of Service (Bandwidth) Settings” on
page 317.
Local data: See “Cache”, including “Cache Settings” on page 287.
Maximum capacity: See “Quota”, including “Quota” on page 206.
Other Nasuni Edge Appliances: See “Remote Access”, including “Remote Access” on page 213.
Sets of data: See “Volumes”, including “Volumes page” on page 75.
Also, see “Glossary” on page 545.

Chapter 6: Task Overview
The Nasuni Management Console provides extensive information that enables you to monitor the
status of your data from a single application. In addition, you can use the Nasuni Management Console
to configure volumes, CIFS shares, NFS exports, and FTP/SFTP directories from a single application,
regardless of which Nasuni Edge Appliance they reside on. This makes it simpler and faster for you to
perform multiple, near-simultaneous configurations, while maintaining consistent settings. There can
be only one Nasuni Management Console for your account.
presently connected. Any configuration changes made will propagate to the Nasuni Edge Appliance
when it becomes connected.
Note: Notifications and changes on Nasuni Edge Appliances can take up to 10 minutes to
appear in the Nasuni Management Console.
Without the Nasuni Management Console, data management tasks require configuring volumes, CIFS
shares, NFS exports, and FTP/SFTP directories separately on each Nasuni Edge Appliance, which is
time-consuming and can lead to inconsistent settings.
This chapter presents an overview of some of the tasks that you can perform with the Nasuni
Management Console, along with links to further information.
Starting with the Nasuni Management Console
Installing the Nasuni Management Console

Installing and configuring the Nasuni Management Console on your virtual platform is a simple and
straightforward process.
• The Nasuni Management Console runs on your virtual platform. First, download and install the
software on your virtual platform. See “Installing the Nasuni Management Console Software” on
page 37.
• Run the Install Wizard, including entering serial number and authorization code, found under the
Account section of www.nasuni.com. See “Installing the Nasuni Management Console” on
page 36.
• After you install and configure the Nasuni Management Console, you can place Nasuni Edge
Appliances under the control of the Nasuni Management Console. See “Placing Nasuni Edge
Appliance under control of Nasuni Management Console” on page 22.

Task Overview Starting with the Nasuni Management Console
Creating new volumes

You use volumes to manage data. There are two types of volumes: local volumes that are “owned” by
the local Nasuni Edge Appliance, and remote volumes that belong to other Nasuni Edge Appliances. If
you do not already have a volume set up, you can create a new "owned" local volume.
Before creating a new "owned" local volume, ensure that you have the encryption keys you would like
to use. Nasuni recommends creating and uploading your own OpenPGP-compatible encryption keys
(“Adding (importing or uploading) encryption keys to Nasuni Edge Appliances” on page 305). All
uploaded encryption keys should be at least 2048 bits long.
For security reasons, encryption keys that you upload cannot be downloaded from the system.
Do NOT save encryption key files to a volume on a Nasuni Edge Appliance. You will NOT be able to use
these to recover data. This is NOT how to upload encryption keys to a Nasuni Edge Appliance.
• Otherwise, you can specify generating a new encryption key when you create the new volume.
Nasuni also recommends safeguarding your encryption keys yourself. You can download
generated keys for safeguarding (using the Nasuni Edge Appliance user interface). Alternatively,
you can escrow encryption keys with Nasuni (“Escrowing Encryption Keys with Nasuni” on
page 308).
Note: If you use the Nasuni Management Console to create a volume on a Nasuni Edge
Appliance, and specify generating a new encryption key for that volume, that new
encryption key is generated on the Nasuni Edge Appliance, not on the Nasuni
Management Console. The only way to download a Nasuni Edge Appliance encryption
key is by using the Nasuni Edge Appliance user interface.
Important: The time to generate an encryption key can vary widely, depending on the
hardware (real or virtual) that the Nasuni Edge Appliance is executing on.
Encryption keys are generated in the background, so as to not block use of the
Nasuni Edge Appliance during generation.
• To create a new "owned" local volume on a Nasuni Edge Appliance, see “Create Volume” on
page 100.
• You can create CIFS shares (“Creating shares” on page 166), NFS exports (“Creating exports”
on page 142), and FTP/SFTP directories (“Creating FTP directories” on page 154) for users to
access. You can check and edit the settings for CIFS shares (“Editing shares” on page 183),
NFS exports (“Editing exports” on page 146), and FTP/SFTP directories (“Editing FTP
directories” on page 161).
Managing the Nasuni Management Console

You have many options for configuring the Nasuni Management Console.
• You can configure the Nasuni Management Console to automatically download and install
software updates. prevent automatic software updates from occurring at inconvenient times,
you can specify the days and times for automatic software updates to occur, or prevent
automatic software updates entirely. See “Automatic Software Updates for NMC” on page 412.
Alternatively, you can manually update the Nasuni Management Console software. See
“Software Update for NMC” on page 492.

Task Overview Managing data
• You can view the status and expiration date of your subscription. See “Viewing account status”
on page 396. You can also refresh your subscription license. See “Refreshing license” on
page 397.
• The Notifications page lets you view and acknowledge Nasuni Management Console
notifications. See “Notifications” on page 496.
• You can configure email alerts, which are sent to your email account from the Nasuni
Management Console. You can select various types of alerts to receive. See “Email Settings” on
page 415.
• You can perform the disaster recovery procedure for a genuine emergency, or when moving the
Nasuni Management Console to another location. See “Recovery” on page 501.
Managing data
Providing data access to users

You can define which users can access which data.
• You can define a CIFS share, an NFS export, or an FTP/SFTP directory for each directory tree
(the directory itself and any files and directories it contains) in a volume. You can create many
shares, exports, or FTP/SFTP directories on a volume. See “Creating shares” on page 166,
“Creating exports” on page 142, and “Creating FTP directories” on page 154. You can check
and edit the settings for CIFS shares “Editing shares” on page 183), NFS exports (“Editing
exports” on page 146), and FTP/SFTP directories (“Editing FTP directories” on page 161).
For each share, export, or FTP/SFTP directory, you can define which volume and which
directory tree within the volume to share or export. You can specify Read-Only access. You can
limit which hosts can access the share, export, or directory.
For CIFS shares, you can use Windows Explorer to define user and group access to folders.
You can map network drives to CIFS shares in Windows, and mount CIFS shares or NFS
exports in Linux or UNIX. See the “Managing Data” chapter in the Nasuni Edge Appliance
Administration Guide.
You can access FTP/SFTP directories using the FTP/SFTP protocol.
• You can establish Web Access to CIFS shares. This enables users to access data using any
supported Web browser. See “Editing shares” on page 183.
Note: Web Access is not available with LDAP Directory Services security.
• You can establish Mobile Access to CIFS shares. This enables users to access data using
mobile devices, including iOS-based devices (such as iPhone and iPad) and Android phones.
See “Editing shares” on page 183.
You can specify details of the Mobile Service, such as adding another port for Mobile Access,
limiting how long users remain authenticated on mobile devices, limiting users to only one
mobile device, and limiting the types of mobile devices that can use Mobile Access. See
“Mobile Settings” on page 345.

You can enable, disable, and delete licenses for the Mobile Access service. See “Mobile
Licenses” on page 350.
Downloading, restoring, and bringing data into cache

You can select specific volumes, folders, and files. You can then download, restore, or bring the
selected data into the local cache of the Nasuni Edge Appliance.
• You can browse to volumes, folders, and files (“Browsing a Volume” on page 114).
• You can also search for data by folder or file name and date (“Searching for a Folder or File by
Name and Date” on page 118).
• You can bring folders and files into the local cache of a Nasuni Edge Appliance (“Bringing Data
into Cache of the Nasuni Edge Appliance” on page 123). To view unprotected files in the cache,
see “Unprotected Files” on page 139.
• You can download selected files (“Downloading Files” on page 135).
• You can restore folders and files (“Restoring Files or a Folder from a Snapshot” on page 136).
Setting quotas on folders and volumes

You can set quotas on the size of folders and volumes (“Setting Quota or Rule” on page 133).
Sharing data between Nasuni Edge Appliances

You share data between Nasuni Edge Appliances by using volumes. There are two types of volumes:
local volumes that are “owned” by the local Nasuni Edge Appliance, and remote volumes that belong to
other Nasuni Edge Appliances. If you do not already have a volume set up on the source Nasuni Edge
Appliance, you can create a new "owned" local volume (“Create Volume” on page 100).
Tip: Before adding data to a Nasuni Edge Appliance, it is a Best Practice to clean up historical
and orphaned SIDs. This can help prevent later difficulties with permissions. For more
details, see Permissions Best Practices.
Caution: If a file or directory is renamed (and its data and permissions remain unchanged) on two
different Edge Appliances that share the item’s volume, and both renames occur
before the snapshots on the two Edge Appliances, then only one of the renames is
effective, namely, the one with the latest snapshot.
This is not considered a merge conflict.
• Before creating a new "owned" local volume, ensure that you have the encryption keys you
would like to use. Nasuni recommends creating and uploading your own OpenPGP-compatible
encryption keys (“Adding (importing or uploading) encryption keys to Nasuni Edge Appliances”
on page 305). Otherwise, you can specify generating a new encryption key when you create the
new volume. Nasuni also recommends safeguarding your encryption keys yourself. You can
download generated keys for safeguarding (using the Nasuni Edge Appliance user interface).
Alternatively, you can escrow encryption keys with Nasuni (“Escrowing Encryption Keys with
Nasuni” on page 308).

Note: If you use the Nasuni Management Console to create a volume on a Nasuni Edge
Appliance, and specify generating a new encryption key for that volume, that new
Encryption keys are generated in the background, so as to not block use of the
Nasuni Edge Appliance during generation.
• To create a new "owned" local volume on the Nasuni Edge Appliance, see “Create Volume” on
page 100.
• Volumes are not shared by default. First, you need to enable Remote Access for the volume that
is sharing data. You can specify Read/Write or Read-Only access for the Nasuni Edge
Appliances that are receiving data. See “Setting or editing remote access settings” on
page 215.
• After the volume that is sharing data has Remote Access enabled, you connect the Nasuni Edge
Appliances that are receiving data to the volume that is sharing data. See “Connect to (and
Disconnect from) a Remote Volume” on page 109.
• End users access the data through CIFS shares, NFS exports, or FTP/SFTP directories of the
destination volume. You define CIFS shares (“Adding a New CIFS (SMB) Share to a Volume” on
page 155), NFS exports (“Adding an NFS Export to a Volume” on page 178), or FTP/SFTP
directories (“Adding FTP directories for a volume” on page 189) on the destination volume for
users to access. If you created a CIFS share, NFS export, or FTP/SFTP directory automatically
when you created a new volume, you can check and edit the settings for CIFS shares (“Editing a
SMB (CIFS) Share” on page 174), NFS exports (“Editing an NFS Export” on page 182), or FTP/
SFTP directories (“Editing FTP directories” on page 195).
Adding data to volumes

There are several ways to add data to volumes.
Tip: Before adding data to a Nasuni Edge Appliance, it is a Best Practice to clean up historical
and orphaned SIDs. This can help prevent later difficulties with permissions. For more
details, see Permissions Best Practices.
Tip: PST files: Microsoft Outlook Personal Storage (.pst) files are used to store information for
Microsoft Outlook email systems. These files contain a large quantity of different types of
information, and can grow very large: multi-GB .pst files are common.
Nasuni recommends that customers NOT store active Outlook .pst files with the Nasuni
Edge Appliance, for a number of reasons:
• Whenever a new email arrives, the entire .pst file is marked as unprotected, and the
entire very large file must then be uploaded to the cloud again with the next snapshot.
This can interfere with the handling of other files, and with data propagation.
• The multiple versions of .pst files can increase the cloud usage of such files for a volume.

• Microsoft also recommends NOT storing .pst files on networks: https://

docs.microsoft.com/en-US/outlook/troubleshoot/data-files/limits-using-pst-files-over-
lan-wan
To help ensure that .pst files are not stored with the Nasuni Edge Appliance, Nasuni
recommends that customers enable the File Alert Service and include patterns such as *.pst.
• You can access FTP/SFTP directories using the FTP/SFTP protocol.
• You can access CIFS shares from Windows, OS X, and Linux. You can mount NFS exports in
Linux or OS X. This enables users to add data to volumes using the file management capabilities
of Windows, Linux, and OS X operating systems.
• You can share data from other Nasuni Edge Appliances as described in “Sharing data between
Nasuni Edge Appliances” on page 28.
• You can define Web Access to CIFS shares. This enables users to add data to volumes using
any supported Web browser. See “Editing shares” on page 183.
• You can define Mobile Access to CIFS shares. This enables users to add data to volumes using
mobile devices, including iOS-based devices (such as iPhone and iPad) and Android phones.
See “Editing shares” on page 183.
You can specify details of the Mobile Service, such as adding another port for Mobile Access,
limiting how long users remain authenticated on mobile devices, limiting users to only one
mobile device, and limiting the types of mobile devices that can use Mobile Access. See
“Mobile Settings” on page 345.
You can enable, disable, and delete licenses for the Mobile Access service. See “Mobile
Licenses” on page 350.
Protecting data
A snapshot is a complete picture of your volume at a specific point in time. Snapshots offer data
protection by enabling you to recover past versions of a file or to restore an entire file system. You can
select when and how frequently to perform snapshots. For example, you can configure snapshots to
occur only at night when network usage is low.
• You can schedule snapshots for whenever suits your system best. See “Editing snapshot
schedules” on page 226.
• You can also take snapshots manually at any time. See “Take Snapshot” on page 99.
• For compliance purposes or your own best practices, you can specify to delete older snapshots
from cloud storage, based on a configured snapshot retention policy for a specific volume. See
“Setting or editing snapshot retention settings” on page 222.
Note: With each Nasuni snapshot, configuration information is included, in case it is necessary to
recover the Edge Appliance. The configuration information includes volume name, volume
GUID, share type, software version, last pushed version, retention type, and permissions
policy. The configuration bundle is encrypted in the same way that all the customer data is
encrypted.

Task Overview Security
If you receive an alert that such backup configurations have failed, this might be due to
intermittent network issues, or possibly due to DNS issues. If you see notifications that the
Edge Appliance has successfully completed a snapshot after the backup alert, then you
can safely ignore the alert.
Managing volumes
The Nasuni Management Console offers many options for managing volumes. See “Volumes Page” on
page 74.
• Volumes should have names that describe what data they contain and that users recognize.
You can change the name of a volume. See “Changing volume name” on page 195.
• You can monitor file statistics. See “File Sizes in Snapshots” on page 73, “File Sizes in
Snapshots” on page 73, and “Data Growth chart” on page 68.
• For CIFS and NFS volumes and FTP/SFTP directories, the volume quota (maximum capacity)
enables you to limit the amount of storage space for a volume, including snapshots, which helps
you to control your storage costs. You can change the volume quota. See “Quota” on page 206.
• You can delete volumes that are no longer needed. See “Deleting a local volume” on page 92.
Security
Tip: In the Nasuni model, customers provide their own cloud accounts for the storage of their
data. Customers should leverage their cloud provider's role-based access and identity
access management features as part of their overall security strategy. Such features can be
used to limit or prohibit administrative access to the cloud account, based on customer
policies.
Handling encryption keys

Encryption keys are used to encrypt your data in cloud storage. You can use the Nasuni Management
Console to manage encryption keys in several ways.
• You can view encryption keys and their settings by volume (“Viewing encryption keys” on
page 191), by Nasuni Edge Appliance (“Viewing encryption keys on Nasuni Edge Appliances”
on page 304), and on the Nasuni Management Console (“Viewing encryption keys on the Nasuni
Management Console” on page 447).
• Nasuni recommends creating and uploading your own OpenPGP-compatible encryption keys.
You can upload encryption keys to the Nasuni Management Console. For security reasons,
encryption keys that you upload cannot be downloaded from the system. See “Uploading
(importing or adding) encryption keys to the NMC” on page 449.
You can also upload encryption keys to specific Nasuni Edge Appliances. For security reasons,
encryption keys that you upload cannot be downloaded from the system. See “Adding
(importing or uploading) encryption keys to Nasuni Edge Appliances” on page 305.

Note: If an uploaded encryption key has an associated passphrase, that passphrase is

removed from the encryption key when it is uploaded. The Edge Appliance does not
need the passphrase in order to use the encryption key. However, if you do not escrow
this encryption key, if you ever perform a recovery procedure on the Edge Appliance,
you must provide that passphrase when you upload that encryption key during the
recovery procedure.
Alternatively, you can specify generating a new encryption key when you create a new volume.
• You can use specific uploaded encryption keys with specific volumes. As a first step, you can
send encryption keys that you uploaded on the NMC to the Nasuni Edge Appliances where
those volumes reside. See “Sending encryption keys to Nasuni Edge Appliances” on page 307.
The next step is to add specific encryption keys to specific volumes. See “Adding encryption
keys to a volume” on page 192.
The next step is to enable (or disable) specific encryption keys for specific volumes. See
“Enabling encryption keys for a volume” on page 193 or “Disabling encryption keys for a
volume” on page 194.
• Nasuni recommends safeguarding your encryption keys yourself. You can download generated
keys for safeguarding (using the Nasuni Edge Appliance user interface). See “Downloading the
NMC’s generated encryption key” on page 451.
Note: You cannot download any Nasuni Edge Appliance encryption key from a Nasuni
Management Console, because the Nasuni Edge Appliance never transmits any
encryption keys to a Nasuni Management Console. The Nasuni Management Console
is never in possession of any encryption key generated by a Nasuni Edge Appliance. In
particular, if you use the Nasuni Management Console to create a volume on a Nasuni
Edge Appliance, and specify generating a new encryption key for that volume, that new
Warning: Do NOT save encryption key files to a volume on a Nasuni Edge Appliance.
You will NOT be able to use these to recover data. This is NOT how to
upload encryption keys to a Nasuni Edge Appliance.
Alternatively, you can escrow uploaded encryption keys with Nasuni. See “Escrowing
encryption keys with Nasuni” on page 452.
Note: All automatically-generated encryption keys are automatically escrowed with Nasuni.
• You can delete encryption keys that are not necessary for disaster recovery purposes. See
“Deleting Encryption Keys” on page 453.

Role-based access control

Rather than managing the permissions for performing tasks individually for each person, it is simpler to
create groups that have specific combinations of permissions, then assign users to the appropriate
groups. You can define users and groups of users, then assign specific permissions to each group. You
can define up to 150 users and 150 groups.
• To control who can manage the Nasuni Management Console, you can assign users to either
the NMC Administrators group or to a new group that you create with the “Manage all aspects
of NMC (super user)” permission. See “Console Users and Groups” on page 472.
• To control who can perform actions on the Nasuni Management Console, you can define users
and groups of users, then assign specific permissions. See “Console Users and Groups” on
page 472.
• To control who can access specific Nasuni Edge Appliances, you can assign users to a new
group that you create for those Nasuni Edge Appliances. See “Console Users and Groups” on
page 472.
• To control who can access CIFS shares that have Active Directory or LDAP Directory Services
security, you can define users and groups of users, then assign specific permissions. See
“Editing shares” on page 183.
SSL certificates
The user interface of the Nasuni Management Console and the user interface of Nasuni Edge
Appliances are Web-based. In order to secure these Web sites, SSL certificates or self-signed
certificates are used.
• You can view or add SSL certificates or a self-signed certificate that you can use when
accessing the Nasuni Management Console user interface. See “SSL Certificates” on page 458.
• You can view the SSL certificates or self-signed certificate that you use when accessing Nasuni
Edge Appliances. See “SSL Certificates” on page 394.
Antivirus Protection
Nasuni offers the option of protecting data with antivirus scanning, and review of files flagged for
violations. Nasuni Edge Appliance Antivirus Protection uses the Clam AntiVirus (ClamAV®) open-
source antivirus engine. Synchronization with the ClamAV virus database occurs within four hours of an
update to that database. Customers can report false positives here.
You can enable or disable Antivirus Protection. See “Editing Anti-Malware settings (Antivirus Protection
and Ransomware Detection)” on page 239.
• You can review antivirus violations. See “Reviewing antivirus violations” on page 243.
Ransomware Detection
Nasuni offers protection against ransomware by identifying known ransomware patterns, and notifying
administrators of their presence.

Task Overview Changing performance
You can enable or disable Ransomware Detection. See “Editing Anti-Malware Service settings
(Antivirus Protection and Ransomware Detection)” on page 247.
Firewall protection
You can limit which network hosts connect to the Nasuni Management Console user interface and the
Nasuni Support SSH port, which provides firewall protection. See “Firewall” on page 486.
Changing performance
There are a number of settings that can affect the performance of the system.
• Quality of Service (QoS) settings specify the outbound bandwidth for moving snapshots from
the Nasuni Edge Appliance to cloud storage.
Tip: Nasuni recommends setting the Quality of Service to the limit of the total bandwidth, or
slightly higher (so that bandwidth is not being limited). If the Quality of Service is too low,
it can cause delays in propagation and snapshots.
Nasuni does not recommend setting the Quality of Service to Unlimited, because a
setting of Unlimited disables traffic shaping, which prioritizes and allocates bandwidth to
different types of traffic (such as user activity, snapshots, and merges), so that no traffic
is denied bandwidth.
Snapshots are slower during periods of lower bandwidth. Local user read/write operations are
not affected. Limiting the bandwidth of outbound data between specific hours can help
decrease network congestion. See “Quality of Service (Bandwidth) Settings” on page 317.
• On virtual platforms, you can change resources such as the number of processors applied to
the virtual machine as well as the contention for resources. See the installation guide for your
virtual machine platform at https://community.nasuni.com/s/documentation.
• The cache is the local storage of the Nasuni Edge Appliance. All data and metadata that are
accessed regularly are kept locally in the cache. By default, the amount of local cache space
reserved for new writes is managed automatically, using an advanced algorithm to optimize
cache usage. However, you can override the amount of local cache space reserved for new
writes in order to suit your company’s workload. Reserving a large portion of the cache for new
writes allows snapshots to complete more rapidly, but reduces the amount of data that is kept
locally. Reserving a small portion of the cache for new writes allows keeping more data locally,
but increases the time for completing snapshots. See “Cache Settings” on page 287. To view
unprotected files in the cache, see “Unprotected Files” on page 139.
On virtual platforms, you can also increase the size of the cache. See the installation guide for
your virtual machine platform at https://community.nasuni.com/s/documentation.
• Frequent snapshots increase the system load significantly. You can change when and how
frequently snapshots occur. See “Editing snapshot schedules” on page 226.

Task Overview Actions only available on the Nasuni Edge Appliance
• Pinning a folder means retaining a folder in the local cache at all times. This can improve
performance and reduce the time necessary to return accessed data to clients. See “Pinned
Folders” on page 197. To view unprotected files in the cache, see “Unprotected Files” on
page 139.
Important: The NMC API can be used to pin metadata in the cache, or to enable Auto Cache for
metadata.
Pinning metadata in the cache and enabling Auto Cache for metadata can affect the
amount of data in the cache, and the display of data in the cache. Also, bringing all
metadata into the cache adds time to the sync process and might affect user
performance. With no users on a dedicated appliance (for example, to change
permissions or perform searches), the effect on sync times due to syncing the entire
metadata tree would not affect any user-related snapshot or sync changes.
The NMC API can also be used to verify that these features have been configured for
a directory.
Because metadata-only pinning and Auto Cache pinning are currently possible only
with the NMC API, directories with such pinning enabled are not displayed in the File
Browser of the NMC and the Edge Appliance, nor on the NMC Pinned Folders and
NMC Auto Cached Folders pages.
Actions only available on the Nasuni Edge Appliance

There are certain actions that cannot be performed from within the Nasuni Management Console. You
must perform these actions using the specific Nasuni Edge Appliance’s user interface.
Affected item On Nasuni Edge Appliance

Action: Menu
Place Edge Appliance in NMC Enable: Services → Nasuni Management Console
control
Active Directory domain Join, Leave, Edit, View: Configuration → Directory Services
LDAP Directory Services Join, Leave, Edit, View: Configuration → Directory Services
domain
Administrative Users Set Administrative Users, Allocation Roundup Size, Support for
POSIX clients, Protocol Level: Configuration → General Settings
Network Edit: Configuration → Network Configuration
Charts, Status: Status → Network Status
Firewall Edit: Configuration → Firewall
SSL certificates Add, Delete, Set: Configuration → SSL Certificates
HTTPS proxy Edit: Configuration → HTTPS Proxy

Chapter 7: Installing the Nasuni Management
Console
Overview
This chapter explains how to install the Nasuni Management Console on your network.
Note: There can be at most one Nasuni Management Console per account.
Requirements for the Nasuni Management Console

The supported virtual platforms for the NMC include the following:
• Amazon EC2
• Microsoft Azure
• Nutanix AHV 20170830.151 and above
• VMware ESXi 6.7, 7.0
• Windows Server 2008 R2 SP1 Hyper-V
• Windows Server 2012 Hyper-V
NMC Sizing Guidelines

The NMC requires 16 GB of disk space.
Use the following CPU and memory guidelines to plan the sizing of the NMC. These guidelines are
based on the number of Edge Appliances managed by the NMC, since the NMC memory and CPU
utilization relate directly to the number of Edge Appliances managed.
Number of Edge Appliances CPUs Memory (GiB) Azure VM size AWS EC2
managed by NMC instance
Up to 50 2 16 Standard_E2s_v4 r5.large
Up to 100 4 16 Standard_D4s_v4 m5.xlarge
Up to 300* 8 32 Standard_D8s_v4 m5.2xlarge
*If managing more than 200 Edge Appliances, additional backend configuration is necessary for the
NMC. Contact Nasuni Support for assistance.

Installing the Nasuni Management Console Installing the Nasuni Management Console Software
Note: These values are based on CPU and memory utilization for a version 8.5 NMC. Earlier
versions of the NMC might require additional resources.
Important: These are general recommendations. Your specific situation might require further
resources.
Installing the Nasuni Management Console Software

The Nasuni Management Console runs as a virtual appliance on your network and is distributed as a
downloadable image. You need to register on the Nasuni Web site for a user account and password to
access the download page.
To download the Nasuni Management Console software from the Nasuni Web site, follow these steps:
1. Using your Web browser, log in to your Nasuni account at https://account.nasuni.com/account/
Click Downloads. The Downloads page appears.
Figure 7-1: Download page.

2. Select the appropriate format for your virtual environment from these choices:
• AMAZON EC2: Scroll down to the “Appliance AMIs on EC2” area, and follow the
instructions to continue installation using appliance AMIs.
• AZURE FORMAT: A .vhd file, appropriate for Microsoft Azure environments.
• GOOGLE CLOUD FORMAT: A disk.raw file contained in a .tar.gz file, appropriate for
Google Cloud environments.
• HYPER-V FORMAT: Hyper-V format is appropriate for Microsoft Hyper-V environments:
version 2012 and later, or pre-2012 (2008 R2 SP1).
• NUTANIX FORMAT: A .qcow2 file appropriate for Nutanix AHV environments.

• OVF FORMAT: OVF format is appropriate for VMware ESXi 6.7, 7.0, and above
environments.
3. From the drop-down list, select an available release for the Nasuni Management Console. The
list of available releases can change.
Figure 7-2: Sample release drop-down list.

Important: When performing a recovery procedure, unsupported upgrade paths are blocked.
However, the error message displayed during the procedure might incorrectly
state that you are attempting to update to an older version. To avoid this issue,
before beginning the recovery process, deploy a Nasuni version that
corresponds to the major version of the source appliance. For supported update
paths, see Compatibility and Support. In summary:
• Edge Appliance update paths:
8.8.3+ or 9.0.x or 9.3.x → 9.5.x → 9.7.x
• NMC update paths:
8.8.3+ or 9.0.x or 9.3.x → 21.2.x → 22.1
In addition, when updating to 9.7, for Edge Appliances with shared volumes, ensure
that all volumes are on version 9.5. The volume version is the lowest version among
all the connected Edge Appliances.
Note: If you are running a recovery procedure, select the same version family as your existing
Nasuni Management Console to ensure software compatibility. For example, if the
existing Nasuni Management Console is running version 21.1, you could select version
21.2 (which is in the same 21.1.x version family), but not version 22.1 (which is in a
different version family). If you need to use a different version than those offered,
contact Nasuni Customer Support.”
Tip: For update paths, see Compatibility and Support.
Note: You can perform the Recovery process to the same version of the software that you
were running, or to a newer version than you were running, but not to an older version.

Note: If you already have the software installation file, you do not have to download it again.
However, the software installation file must not be older than the version you are
recovering.
4. Save the Nasuni Management Console software .zip file to a location on your local drive.
5. Unzip the Nasuni Management Console software .zip file.
6. To install the Nasuni Management Console into VMware ESXi, use the vSphere Client to deploy
the NasuniNMC.ovf OVF template file. Power on the new Nasuni Management Console virtual
machine. Click the Console tab.
Alternatively, to install the Nasuni Management Console into Microsoft Hyper-V, use the Hyper-
V Manager to import the virtual machine. Start the new Nasuni Management Console virtual
machine. Right-click the Nasuni Management Console virtual machine, and select Connect
from the drop-down menu.
Alternatively, to install the Nasuni Management Console into Nutanix AHV, use the Prism Web
Console to import the virtual machine. Start the new Nasuni Management Console virtual
machine. Right-click the Nasuni Management Console virtual machine, and select Power On
from the drop-down menu. Unlike the installation of the Nasuni Edge Appliance, the installation
of the Nasuni Management Console requires only one virtual disk.
7. The Nasuni Management Console screen appears with a plain white bar on the bottom that
indicates the progress of the installation.
Figure 7-3: Nasuni Management Console installation progress screen.

8. After a few moments, the Nasuni Management Console console screen appears.
Figure 7-4: Nasuni Management Console console screen.

9. If DHCP is available on the network, make note of the IP address that appears on the console
screen.
If DHCP is not available, log into the console service screen by pressing Enter and signing in.
The default login username is service, and the default password is service. Enter
editnetwork. Enter the command: setall static. Enter a new IP address. Note the IP
address.
Note: For security, use the changepassword command to change the password for the
service console.
Note: For more information on console commands, see the Nasuni Edge Appliance Initial
Configuration Guide.
10. Make note of the initial IP address of your Nasuni Management Console.

Installing the Nasuni Management Console Connecting with the Nasuni Management Console
Connecting with the Nasuni Management Console

You should have an initial IP address from the installation of your Nasuni Management Console
software on a virtual machine. This IP address might be provided by the IT specialist who initially set up
the Nasuni Management Console software.
Open a Web browser and enter the IP address using this command:
https://<IP address>
where <IP address> is the IP address.

When you attempt to access the Nasuni Management Console Home page for the first time, a message
might appear indicating that the security certificate is not trusted. You can still access the Install Wizard
to proceed with the initial configuration procedure.
Continue with the next section, “SSL Security Certificate” on page 42.

Installing the Nasuni Management Console SSL Security Certificate
SSL Security Certificate

By default, the Nasuni Management Console is preloaded with a self-signed SSL certificate that is
unique to the Nasuni Management Console. For this reason, when you attempt to access the Nasuni
Management Console Home page for the first time, a message might appear indicating that the
security certificate is not trusted. You can still access the Install Wizard to proceed with the initial
configuration procedure.
Note: To add a new SSL certificate, see “SSL Certificates” on page 458.
Example using Mozilla Firefox

This is an example of what you might see using the Mozilla Firefox Web browser:
1. Open a Web browser and enter the IP address provided by the IT specialist who initially set up
the Nasuni Management Console. The “This Connection is Untrusted” page appears.
Figure 7-5: “This Connection is Untrusted” page.

2. Click “I Understand the Risks”. An expanded version of the “This Connection is Untrusted”
page appears.
Figure 7-6: “This Connection is Untrusted” page.

3. Click Add Exception. The Add Security Exception dialog box appears.
Figure 7-7: Add Security Exception dialog box.

4. Click Get Certificate.
5. Click Confirm Security Exception.
6. Open a Web browser and enter the IP address again.
7. Continue with “Nasuni Management Console Installation Wizard” on page 46.

Example using Google Chrome

This is an example of what you might see using the Google Chrome Web browser:
the Nasuni Management Console. The “Your connection is not private” page appears.
Figure 7-8: “Your connection is not private” page.

2. Click Advanced. The “Your connection is not private” Advanced pane appears.
Figure 7-9: “Your connection is not private” Advanced pane.

3. Click Proceed.

Example using Microsoft Internet Explorer

This is an example of what you might see using the Internet Explorer Web browser:
the Nasuni Management Console. The “There is a problem with this website's security
certificate.” page appears.
Figure 7-10: “There is a problem with this website's security certificate.” page.
2. Click Continue to this website.

Installing the Nasuni Management Console Nasuni Management Console Installation Wizard
Nasuni Management Console Installation Wizard

Important: Edge Appliances and the NMC must be configured with operational DNS servers and
a time server (internal or external) within your environment.
To install the Nasuni Management Console, follow these steps:
1. After you add a security certificate or proceed without adding a security certificate, the Install
Wizard — Network Configuration page appears.
Figure 7-11: Install Wizard — Network Configuration page.

a. In the Hostname or FQDN box, a default hostname for the Nasuni Management Console
appears. You can accept the default hostname or change it to another hostname. Provide this
name to users so that they can access the Nasuni Management Console. You can use ASCII
letters a through z, digits 0 through 9, and hyphens.

Note: The Nasuni Management Console attempts to register the hostname in the DNS
server, so that users can access this host by name.
To change this name later, see “Networking” on page 487.
b. From the Network Type drop-down list, select either Static, DHCP, or DHCP with Custom
DNS.
c. In the Network Device Settings area, enter values depending on your choice of Network
Type:
• DHCP (Dynamic Host Configuration Protocol) or DHCP with custom DNS: Provides a
network IP address for a host on an IP network automatically. The IP Address, Netmask,
Default Gateway, and MTU Value fields become unavailable.
• Static: If you select Static as a source, you must provide Network Device Settings. See
your IT administrator for assistance.
• Enter the static IP address in the IP Address text box.
• Enter a netmask address in the Netmask text box.
• Enter a default gateway address in the Default Gateway text box.
The gateway address must match a subnet of a defined static network.
• Enter the MTU value in the MTU Value text box. MTU settings above 1500 are
supported.
The maximum transmission unit (MTU) is the size (in bytes) of the largest protocol
data unit that the layer can pass onwards. A larger MTU brings greater efficiency,
because each packet carries more user data while protocol overheads, such as
headers, remain fixed; the resulting higher efficiency means a slight improvement in
the bulk protocol throughput. A larger MTU also means processing fewer packets for
the same amount of data. However, large packets can occupy a slow link for some
time, causing greater delays to following packets, and increasing lag and minimum
latency.
d. In the System Settings area, enter values depending on your choice of Network Type:
• DHCP (Dynamic Host Configuration Protocol): The Search Domain, Primary DNS Server,
and Secondary DNS Server fields become unavailable.
• Static or DHCP with custom DNS: If you select Static or DHCP with custom DNS as a
source, you must provide System Settings. See your IT administrator for assistance.
• Enter one or more local search domains in the Search Domain text box. If you enter
multiple search domains, make sure you include a space between each entry. You
must enter valid hostnames.
You can use search domains to avoid typing the complete address of domains that
you use frequently. The search domains that you enter are automatically appended
to names that you specify for purposes such as Active Directory configuration,
HTTPS proxy, and NTP server. For example, if you specify the search domain
“mycompany.com”, then typing “server1” for one of these purposes would connect
to “server1.mycompany.com”.
Note: There are no search domains for LDAP Directory Services.

• Enter the IP address for your primary DNS server in the Primary DNS server text
box. You must enter a valid hostname or IP address.
• Enter the IP address for your secondary DNS server in the Secondary DNS server
text box (if applicable). You must enter a valid hostname or IP address.
e. Click Continue to proceed.
2. The Install Wizard — Proxy Network Configuration page appears.
Figure 7-12: Install Wizard — Proxy Network Configuration page.

a. To enable proxy support, click Proxy Support: On (enabled) or Off (disabled).
b. In the Proxy Server text box, enter the hostname or IP address of a host running an HTTPS
proxy.
c. In the Port text box, enter the port number used by the HTTPS proxy server.
d. Optionally, enter a valid username (case-sensitive) for the proxy server in the User Name text
box and the password (case-sensitive) in the Password text box.
Caution: The Password cannot include the symbols “/” (slash) and “#” (pound sign).
e. Optionally, in the Do Not Proxy text box, enter a list of hostnames or IP addresses not to
proxy (one per line).
Tip: On Azure-based NMCs only, during an installation or recovery procedure, it is
necessary to connect with IP address 169.254.169.254 in order to obtain information
about the Azure VM instance. If you have configured an HTTPS proxy, this attempt
to connect can cause a delay of several minutes. To avoid this delay, add the IP
address 169.254.169.254 to the “Do Not Proxy” section of the HTTPS Proxy
configuration.

f. Click Continue. To return to the previous page to change parameters, click Back.
3. The Install Wizard — Review Network Settings page appears.
Figure 7-13: Install Wizard — Review Network Settings page.

To accept the network settings, click Continue. return to the previous page to change
parameters, click Back.
4. The Reconfiguring Network Settings page appears.
Figure 7-14: Configuring Network Settings page.

5. If a more recent version of the NMC software is available, a page appears to notify you. Click
Continue. A second page appears to notify you of the progress of the software update.

6. The Terms of Service and License Agreement page appears.
Figure 7-15: Terms of Service and License Agreement page.

You can print or download a copy of the Terms of Service and License Agreement by clicking
the appropriate button.
Select “I accept the Terms of Service”, then click Continue.
7. The Install Wizard — Authorization page appears.
Figure 7-16: Install Wizard — Authorization page.

Enter the NMC Serial Number and Authorization code, found under the Account section of
www.nasuni.com.
Click Continue to proceed.
Note: If you reuse an NMC Serial Number for a previously existing Nasuni Management
Console, you are asked if you want to perform a disaster recovery procedure on that
Nasuni Management Console. For details, see “Recovery” on page 501.
8. The Install Wizard — Confirm New NMC Install page appears.
Figure 7-17: Install Wizard — Confirm New NMC Install page.

To add the new Nasuni Management Console, type the words “Install New NMC” (without
the quotation marks) in the Confirmation text box, then click Continue.
9. The Install Wizard — Create Admin User page appears.
Figure 7-18: Install Wizard — Create Admin User page.

Create a Username (case-sensitive) and a Password (case-sensitive) for the administrative
user of this Nasuni Management Console.

Important: It is not supported for users in the Active Directory Protected Users security
group to log in to the NMC.
Important: You cannot use Active Directory passwords longer than 127 characters to log
in to the NMC.
An indicator of password strength appears. Although password strength is not enforced, you
should use strong passwords. This user automatically becomes a member of the NMC
Administrators group (see “Console Users and Groups” on page 472). Click Continue.
10. This completes the Install Wizard. The Setup Almost Complete page appears.
Figure 7-19: Setup Almost Complete page.

Follow instructions on this page for placing Nasuni Edge Appliances under the control of the
Nasuni Management Console. Click Check for Managed Filers.
Continue with “Logging in to the Nasuni Management Console” on page 53.

Chapter 8: Login Page
The Nasuni Management Console user interface presents you with a Login page, where you log in
using the username and password for the NMC administrative user.
You can log in and access the Nasuni Management Console user interface from any computer running
a supported Web browser, including Mozilla Firefox, Microsoft Internet Explorer, Apple Safari, and
Google Chrome.
At the top of the Login page, you can access online help (see “Viewing the Nasuni Management
Console Help” on page 57). You can also power down the system, if necessary (see “Powering Down
and Rebooting the Nasuni Management Console” on page 59).
Logging in to the Nasuni Management Console

After the Nasuni Management Console has been installed and registered on your network, you can log
in to the Web-based Nasuni Management Console user interface from any computer running a
supported Web browser, and perform management functions on Nasuni Edge Appliances.
See “Installing the Nasuni Management Console” for details about installing the product.
Important: For security reasons, if the IP address of your computer changes while you are
logged in to the UI, the system logs you out. You must then log back in to access the
UI. To disable this functionality, request Nasuni Support to disable the "Restrict
Session IP" feature.
Important: It is not supported for users in the Active Directory Protected Users security group to
log in to the NMC.
Warning: Too many unsuccessful login attempts disable the login for 5 minutes. If this
happens, wait 5 minutes, then log in with a correct username and password.
Tip: If you forget the password for the administrative user, see “Resetting Administrative
Account (Forgot password?)” on page 55.

Login Page Logging in to the Nasuni Management Console
To log in to the Nasuni Management Console, follow these steps:

1. Using your Web browser, open the specified IP address for the Nasuni Management Console
Home page. The IP address is provided during installation (see “Connecting with the Nasuni
Management Console” on page 41). The Nasuni Management Console Login page appears.
Figure 8-1: Nasuni Management Console Login page.

2. Type the username (case-sensitive) of the administrative user in the Username text box. The
administrative user account was set up in step 9 of “Nasuni Management Console Installation
Wizard” on page 46.
3. Type the password (case-sensitive) of the administrative user in the Password text box.
Important: You cannot use Active Directory passwords longer than 127 characters to log in
to the NMC.
4. Click Login.
• After you log in, the Nasuni Management Console Home page appears. See “Home Page”
on page 65 for details on the features of this page.
• After you log in, you can change the password, as detailed in “Changing Password” on
page 60.

Login Page Resetting Administrative Account (Forgot password?)
Resetting Administrative Account (Forgot password?)

If you have lost the password for the administrative account, this feature resets the administrative
account information for the Nasuni Management Console. No data is deleted and no configurations are
changed.
Important: It is not supported for users in the Active Directory Protected Users security group to
log in to the NMC.
Important: You cannot use Active Directory passwords longer than 127 characters to log in to
the NMC.
Note: This procedure does not deauthorize the Nasuni.com account, just the Nasuni
Management Console administrative account, which is independent of the Nasuni.com
account and specific to the Nasuni Management Console.
Important: For this procedure, you need the NMC Serial Number and Authorization code for this
Nasuni Management Console, found at https://account.nasuni.com/
account/serial_numbers/.
To reset the administrative account, follow these steps:
1. Click “Forgot password?” at the bottom of the Login page. The Reset Account page appears.
Figure 8-2: Reset Account page.

2. In the Nasuni Service Authorization area, enter the NMC Serial Number and Authorization
code for this Nasuni Management Console, found at https://account.nasuni.com/
account/serial_numbers/.

Login Page Viewing the Nasuni Management Console Help
Note: If you do not have the credentials for www.nasuni.com, you can perform a password
reset or contact Nasuni Technical Support.
3. In the New Administrative Account area, create a Username (case-sensitive) and a Password
(case-sensitive). An indicator of password strength appears. Password strength is enforced for
this action. You should use strong passwords.
in to the NMC.
4. Click Continue. The Nasuni Management Console user interface appears.
Viewing the Nasuni Management Console Help

The Nasuni Management Console Help is available at the top of the Login page.
Click Help to display the Help menu. Links to the following information are available:
• Link to Nasuni Management Console and Nasuni Edge Appliance documentation.
• Nasuni Management Console Release Notes. You can also view Release Notes.
• Link to Nasuni Terms of Service.
• Link to Privacy policy.
• Link to Service Level Agreement.
• Contact information for Nasuni Technical Support and Sales.

Chapter 9: Common Screen Elements
Several elements appear on all pages of the Nasuni Management Console user interface.
Username
In the navigation bar at the top of all pages, the name of the user who is logged in appears, along with
the time zone used for all displays.
Figure 9-1: Username logged in.
Navigation Bar Functions

The navigation bar of the Nasuni Management Console user interface displays the following standard
options:
• Help.
• Power .
• Change Password of the administrative user (under username).
• Logout (under username).
Viewing the Nasuni Management Console Help

The Nasuni Management Console Help is available on the navigation bar at the top of all pages.
Click Help to display the Help menu. Links to the following information are available:
• Link to Nasuni Management Console and Nasuni Edge Appliance documentation.
• Nasuni Management Console Release Notes. You can also view Release Notes.
• Link to Nasuni Terms of Service.
• Open Source Code.
• Link to Privacy policy.
• Link to Service Level Agreement.
• Contact information for Nasuni Technical Support and Sales.

Common Screen Elements Navigation Bar Functions
Viewing the Nasuni Management Console Release Notes

Release Notes contain the latest information about the latest version of the Nasuni Management
Console, as well as previous versions. You can also view Release Notes.
To view release notes, follow these steps:
1. Click Help on the navigation bar at the top of the page, then select Release Notes from the
menu. A dialog box appears with the latest release notes.
Figure 9-2: Release Notes dialog box.

2. Scroll down to review information about the Nasuni Management Console software release.
3. To close the release notes dialog box, click Close, or press the Esc key, or click the x at the top
of the dialog box.
Note: To ensure that you see the latest release notes, reload the page or refresh your
browser’s cache.

Powering Down and Rebooting the Nasuni Management Console

The Power option is located on the navigation bar at the top of all pages. When you power down the
Nasuni Management Console, the user is disconnected from the system. You can choose to shut down
the Nasuni Management Console immediately, or to shut down the Nasuni Management Console and
then reboot the Nasuni Management Console immediately. While the Nasuni Management Console is
off, you can still disconnect Nasuni Edge Appliances from the Nasuni Management Console to manage
them; all the data on the Nasuni Edge Appliances is fully accessible
Note: When a reboot is requested, a notification is logged that the reboot was requested and by
whom the reboot was requested.
Tip: If the NMC user interface is not available, you can reboot the NMC using console
commands. See “Rebooting the NMC” on page 525.
To power down the Nasuni Management Console, follow these steps:
1. Click Power on the navigation bar at the top of the page. The Shutdown/Reboot dialog box
appears.
Figure 9-3: Shutdown/Reboot dialog box.

Note: To exit and return to the previous page, click the x at the top of the page, or click
Cancel.
2. Change NMC Power State in the Confirmation Phrase text field.
Caution: You are about to power down the NMC.
3. In the Action area, to shut down the Nasuni Management Console immediately without
rebooting, select Shutdown immediately. Otherwise, to shut down the Nasuni Management
Console and then reboot the Nasuni Management Console immediately, select Reboot
immediately.
4. Click Shutdown.
The message “The system is shutting down. Click here to cancel the shutdown.” appears at the
top of the Home page.
5. To stop the shutdown, click the hyperlink marked “here”. You have 60 seconds to cancel the
shutdown.
The message “Shutdown canceled at user request.” appears at the top of the Home page.
The shutdown stops.

6. If you do not stop the shutdown, the Nasuni Management Console shuts down.
On the console, a series of shutdown messages appears, and the console automatically closes
down.
To restart, you can power on the Nasuni Management Console from your platform.
If you selected Reboot immediately, the Nasuni Management Console reboots immediately.
Changing Password
You can change the password for the Nasuni Management Console administrative account. The
Change Password option is available by clicking the user name on the navigation bar at the top of all
pages.
Note: Changes to the password of the administrative user are propagated to all Nasuni Edge
Appliances that are under the control of the Nasuni Management Console.
the NMC.
To change the password, follow these steps:
1. Click the user name on the navigation bar at the top of the page, then click Change Password
from the menu. The Change Password page appears.
Figure 9-4: Change Password page.

2. Enter the current password (case-sensitive) in the Old Password text box.
3. Enter the new password (case-sensitive) in the New Password text box. An indicator of
password strength appears. Password strength is enforced for this action. You should use
strong passwords.
in to the NMC.
4. Enter the new password (case-sensitive) again in the Password confirmation text box.
5. Click Save New Password.
The Home page appears and the message “Successfully updated user.” is displayed.

Common Screen Elements Other screen elements
Logging Out of the Nasuni Management Console

Logging out of the Nasuni Management Console does not affect any system operations such as
snapshots or file sharing access.
The Nasuni Management Console automatically logs off after 60 minutes of inactivity.
To log out, follow these steps:
1. Click the user name on the navigation bar at the top of the page, then click Logout.
You are logged out of the Nasuni Management Console.
2. The Login page appears. You can log back in when needed, as detailed in “Logging in to the
Nasuni Management Console” on page 53.
Other screen elements
Pop-up Software Update Notifications

If a new software update is available, a pop-up notification appears in the right margin. For example:
Figure 9-5: Software update notification.

You can acknowledge this notification by clicking the x. To clear notifications, see “Deleting
Notifications” on page 500.
You can update the Nasuni Management Console software from the hyperlink. See “Software Update
for NMC” on page 492 for more details.
Note: Nasuni does not recommend applying software updates during your normal business
hours, because this can disrupt access. Apply software updates during off-hours.
Search text box

If you cannot remember where a particular page of the Nasuni Management Console is located, you
can use the Search text box at the upper right to search for any text in a page title.
Figure 9-6: Search text box.

For example, searching for “CIFS” displays these pages.

Time zone selection

You can specify the time zone of all times displayed, including charts that display a date, notifications,
volumes, File Browser, versions, mobile licenses, pending updates, and account status.
To specify a particular time zone for all displays, in the navigation bar at the top of all pages, click the
name of the user who is logged in.
Figure 9-7: Username logged in.

Then click Time Zone. The Displayed Time Zone dialog box appears.
Figure 9-8: Displayed Time Zone dialog box.

Select a specific time zone from the Time Zone drop-down list, then click Submit.
Alternatively, to use the time zone of the Nasuni Management Console, click Use NMC Time Zone.
NMC version
The NMC version appears on the bottom right of each .
Figure 9-9: NMC version.

Nasuni released NMC version 21.2 in the second half of 2021, along with Edge Appliance version 9.5.
NMC supports the latest version and two older versions of the Edge Appliance (EA), as this table
shows:
Edge Appliance Version →

EA 9.5 EA 9.3 EA 9.0 EA 8.8
NMC Version ↓
NMC 21.2 YES YES YES NO
NMC 9.3 NO YES YES YES
NMC 9.0 NO NO YES YES
NMC 8.8 NO NO NO YES
The NMC notifies users when an Edge Appliance is either older than or newer than any supported
version. For example, “Filer boston_filer's software version (8.5) is older than supported by this NMC
(version 9.5). Unknown behavior may occur.”. This does not block management of the Edge Appliance.

However, using an unsupported Edge Appliance version with the NMC can lead to unknown behavior,
and Nasuni does not test unsupported versions.
If an Edge Appliance is either older than or newer than any supported version, the NMC displays a
notice on the Notifications page, the Filer Details page, and the Filers list.
Notifications
You can access notifications using the bell-shaped Notifications icon at the top right.
Figure 9-10: Notifications icon.

A number on the Notifications icon indicates the number of new, unacknowledged, urgent
notifications that require acknowledgment.
Figure 9-11: Number of new notifications.

To view notifications, click the Notifications icon. The Notifications pane appears.
Figure 9-12: Notifications pane.

Urgent notifications that require acknowledgment appear on the Notifications pane, based on the
state of your system. A number to the right of a notification indicates multiple occurrences of the same
notification. You can acknowledge a notification by clicking the x. To acknowledge all the urgent
notifications, click Acknowledge All.
To view all notifications, click View all Notifications. For details on notifications, see Chapter 15,
“Notifications,” on page 496.
Sorting lists
You can sort many lists of information alphabetically, numerically, or chronologically. To sort, click on
the heading of each column. To sort in the opposite direction, click on the heading of the column again.

Action status
On pages where you can perform actions, a Status column shows the status of the last action
performed. If the action is completed, a checkmark appears. If the action is not completed, a
rotating circle appears. If there is a problem with the attempted action, a caution symbol
appears. Hover the mouse over the symbol for more information.

Chapter 10: Home Page
The Nasuni Management Console Home page looks like this.
Figure 10-1: Home page.

The Home page appears after you log in to the Nasuni Management Console. The Home page displays
a dashboard with details about the state of the Nasuni Management Console and the Nasuni Edge
Appliances it manages.

Home Page System Health
The Home page also offers links to the Volumes, Filers, Account Status, Console Settings, and
Notifications pages. Additional information appears on these pages and the menus and items they
contain.
You can return to the Home page at any time by clicking the Nasuni logo in the top left corner.
System Health
In the System Health area, the following information appears:
• Number of Nasuni Edge Appliances offline (if any) and online. Clicking Filers offline opens the
Filers page. For details, see “Filers page” on page 268.
Note: If a Nasuni Edge Appliance goes offline, an email alert is sent, if configured.
• Number of antivirus violations. Clicking antivirus violations opens the Antivirus Violations
page. For details, see “Antivirus Violations” on page 242.
• Number of pending notifications. Clicking pending notifications opens the Notifications page.
For details, see “Notifications” on page 496.
• Number of currently available NMC software updates. Clicking NMC update available opens
the Software Update Available page. For details, see “Automatic Software Updates for NMC”
on page 412.
• Number of currently available Nasuni Edge Appliance software updates. Clicking Filer updates
available opens the Filer Software Updates page. For details, see “Automatic Software
Updates” on page 284.
• Number of volumes available. Clicking volumes available opens the Volumes page. For details,
see “Volumes page” on page 75.
• Number of setting sync errors, namely, requested changes to Nasuni Edge Appliances that have
failed for some reason. Clicking setting sync errors opens the Outstanding Settings Updates
Filers page. For details, see “Sync Schedule” on page 233.
Hardware Health
In the Hardware Health area, the following information appears:
• Status of power supply. If the status is Alert, you should investigate the situation.
• Status of RAID batteries. Clicking RAID batteries opens the Filer Platform/Hardware Settings
page. For details, see “Platform Settings” on page 378. If the status is Alert, you should
investigate the situation.
• Status of RAID arrays. Clicking RAID arrays opens the Filer Platform/Hardware Settings
• Status of RAID disks. Clicking RAID disk error opens the Filer Platform/Hardware Settings

Home Page Account
Account
The date that the current subscription license or trial license expires. Clicking valid through opens the
Account Status page. For details, see “Account Status” on page 396.
Tip: Nasuni monitors platform-specific limits on the number of supported concurrent
connections. When the number of concurrent connections reaches the “soft limit” for an
Edge Appliance, you receive a notification of how many connections remain, and a
suggestion to reduce the number of connections for that Edge Appliance, if possible. When
the number of concurrent connections reaches the “hard limit” for an Edge Appliance, you
receive a notification, and all new connections are denied for that Edge Appliance until the
number of connections decreases below the “hard limit” again.
Platform Soft Limit Hard Limit
N1040 3000 connections 4000 connections
N1050
N2040 3000 connections
5000 4000 connections
6000
Volumes Managed
In the Volumes Managed area, the following information appears:
• Total number of volumes managed. Clicking Volumes Managed opens the Volumes page. For
details, see “Volumes page” on page 75.
• Number of CIFS shares. Clicking CIFS Shares opens the Shares page. For details, see “SMB
(CIFS) Shares” on page 163.
• Number of NFS exports. Clicking NFS Exports opens the Exports page. For details, see “NFS
Exports” on page 141.
• Number of FTP/SFTP directories. Clicking FTP Directories opens the FTP Directories page.
For details, see “FTP Directories” on page 152.

Home Page Filers Managed
Filers Managed
In the Filers Managed area, the following information appears:
• Total number of Nasuni Edge Appliances managed. Clicking Filers Managed opens the Filers
page. For details, see “Filers page” on page 268.
• Number of unmanaged Nasuni Edge Appliances. Clicking Unmanaged opens the Filers page.
For details, see “Filers page” on page 268.
Capacity
In the Capacity area, the following information appears:
• Total amount of Accessible Capacity.
Tip: For a summary of available data metrics, see “Data Metrics” on page 537.
• Amount of Licensed Capacity.
Note: If the licensed capacity is exceeded, you can still store more data temporarily. If your
total stored data nears or exceeds your licensed capacity, you receive warnings to
increase your licensed capacity.
• Percentage of Licensed Capacity used.
• Amount of capacity not yet protected.
Data Growth chart

A chart of Data Growth appears on the Home page.
Figure 10-2: Data Growth chart: Licensed Data and Accessible Data.
This shows the amount of data on the vertical axis versus time along the horizontal axis, including the
following:

Home Page Data Growth chart
• Licensed Data. Licensed Data is sometimes also called “Licensed Capacity” or “Storage
Volume Limit”. Licensed Data is the amount of data storage that Nasuni is managing for the
customer, and that the customer is paying to store using the Nasuni service. Every customer
has a Licensed Data limit. No customer has unlimited storage. However, every customer has
unlimited versions of their data available. Since the Nasuni service is inherently unlimited, the
Licensed Data limit can easily be changed, as business needs change. Licensed Data should be
compared to data metrics such as “Now” data, which is current data and metadata in the cloud,
without the effects of compression or deduplication. The default Licensed Data for trial
accounts is 5 TB. To select or unselect Licensed data, click Licensed Data.
• Accessible Data. Accessible Data includes current data already protected in the cloud, as well
as current data in the cache that is not yet protected. For this reason, the volume data in the
cache that is not yet protected is generally less than the total accessible data, unless this
volume has not completed any snapshots. Accessible Data is current data only. Accessible
Data does not include previous versions or snapshots. Accessible Data does not include
metadata. Accessible Data does not reflect the effects of compression or deduplication. To
select or unselect accessible data, click Accessible Data.
• Cloud Usage. If the customer license includes public or private cloud providers, and if the
amount of data stored with public or private cloud providers is greater than zero, the Cloud
Usage data is also available. Cloud Usage data includes the size in the cloud of all data and
metadata protected in the cloud, for all versions, after encryption, compression, and
deduplication. Cloud Usage data does not include unprotected data in the cache.To select or
unselect Cloud Usage, click Cloud Usage.
Figure 10-3: Data Growth chart: Cloud Usage and Accessible Data.
The amount of data is shown in units such as MB, GB, and TB. The length of time is shown by year and
month.
Note: Nasuni Edge Appliances and the NMC display the size of data in base 10 units (including
MB = 1,000,000 bytes, GB = 1,000,000,000 bytes, and TB = 1,000,000,000,000 bytes).
In contrast, some platforms display the size of data in base 2 units (including MB =
1,048,576 bytes, GB = 1,073,741,824 bytes, and TB = 1,099,511,627,776 bytes).

Home Page Data Growth chart
For example, a file that Nasuni displays as 10 MB would be displayed by some platforms
as 9.53 MB.
metadata.
a directory.
Important: Time marker labels indicate the end of a time period. For example, the label 'Dec '19'
indicates the end of December 2019. Everything to the left of this label is before the
end of December 2019.
Figure 10-4: Left of time marker is before end of time period.

Everything to the right of this label is after the end of December 2019.
Figure 10-5: Right of time marker is after end of time period.

If you hover the mouse over any part of the chart, a label appears displaying details about the amount
of data at that date and time.
Figure 10-6: Details of data and time on Data Growth chart.

To zoom in on a specific range of displayed data, click the chart at the high end of the range you want,
then drag to the low end of the range you want, then release. The chart rescales to zoom in on the
selected range.
To reset the zoom to the default display, click Reset zoom.

Home Page Network Traffic
Network Traffic
A chart of the Network Traffic of the Nasuni Edge Appliances appears on the Home page.
Figure 10-7: Network Traffic chart.

Note: A more detailed chart of network traffic appears on the Filers page. See “Network Traffic”
on page 270.
This chart shows, for the most recent 24 hours, the rate of data received from cloud storage (Cloud
Received) and the rate of data transmitted to cloud storage (Cloud Transmit) along the vertical axis, in
units of bits/second, Kbits/second, or Mbits/second, depending on throughput. Time of day (UTC) is
along the horizontal axis.
On the Network Traffic chart, you can select which network activity to include or exclude by clicking
Cloud Transmit (for data transmitted to the cloud) or Cloud Receive (for data received from the cloud).
of network activity at that date and time.
Figure 10-8: Details of network traffic and time on Network Traffic chart.
selected range.

Home Page File Types Written
File Types Written

The File Types Written pie chart displays a comparison of the number of files of each file type written
to Nasuni Edge Appliances. This includes data already protected in the cloud, as well as data in the
cache that is not yet protected. It includes the capacity of every version of every file type. For example,
if you have 10 versions of the example.txt file, the capacity of all 10 versions is included in the Text file
type.
Figure 10-9: File Types Written chart.

The size of each pie slice represents the percentage of all the files written of that file type. If you hover
the mouse over one of the slices, it displays the name of the file type and the number of files of that file
type.
The File Types Written table displays the number of files written to Nasuni Edge Appliances for each
file extension.
Figure 10-10: File Types Written table.

The following information appears for each file type:
• Ext.: The extension of the file.
• Category: The type of file, such as Audio, Text, Raster Image, or Video.
• Count: The total number of files with that file extension on Nasuni Edge Appliances.
• Size: The total size of files with that file extension on Nasuni Edge Appliances.
Note: Nasuni’s display of size might differ from other indications of size, such as Windows
Explorer and other utilities. Typically, such utilities display only the size of the data
currently present in the local cache, while Nasuni displays the full size, regardless of
where the data is.

Home Page File Sizes in Snapshots
File Sizes in Snapshots

The File Sizes in Snapshots bar chart displays the number of files in snapshots in each size category.
Figure 10-11: File Sizes in Snapshots bar chart.

The size of the files is along the vertical axis and the number of files in each size category is along the
horizontal axis on a logarithmic scale. If you hover the mouse over one of the bars, it displays the name
of the size category and the number of files in that category.
The File Sizes in Snapshots table displays the number of files in snapshots in each size category.
Figure 10-12: File Sizes in Snapshots table.

Explorer and other utilities. Typically, such utilities display only the size of the data currently
present in the local cache, while Nasuni displays the full size, regardless of where the data
is.
The following information appears for each file size:
• Max Size: The maximum size of a file in that size category.
• Count: The total number of files in that size category.

Chapter 11: Volumes Page
There are two types of volumes: local volumes that are “owned” by the local Nasuni Edge Appliance,
and remote volumes that belong to other Nasuni Edge Appliances.
On the Volumes page, you can view, delete, disconnect, and take snapshots of volumes.
From the Volumes page, you can also perform the following actions:
• Create a new volume.
• Create, view, and edit connections between volumes.
• View, download, and bring into cache volumes and files.
• Enabling Auto Cache for folders. View and edit Auto Cached folders.
• View unprotected files currently in the cache of a volume.
• Create, view, edit, and delete NFS exports, FTP/SFTP directories, and CIFS shares.
• View and edit volume encryption key information.
• View and edit volume names.
• View and edit folder pinning settings. Pin folders in the cache.
• View and edit volume protocols.
• View and edit volume quotas.
• View and edit volume remote access settings.
• View and edit volume snapshot directory access and volume snapshot retention settings.
• View and edit volume snapshot and volume sync schedules.
• View and edit volume Antivirus Protection settings. View antivirus violations, and ignore or
delete flagged files.
• View and edit volume Ransomware Detection settings.
• View and configure file auditing.
• View and edit volume File Alert Service settings.
• View charts of the time taken for data propagation, and the age of the oldest data in the cache.

Volumes Page Volumes page
Volumes page
Click Volumes. The Volumes page displays a dashboard of volume information and a list of all
managed volumes.
Figure 11-1: Volumes page.
Volumes Managed
In the Volumes Managed area, the following information appears:
• Total number of Volumes Managed.
Note: Shared volumes that are not managed by the Nasuni Management Console might not
display or total correctly.
• Number of Multisite Volumes, namely, volumes that have Remote Access enabled. Clicking
Multisite Volumes opens the Volume Remote Access Setting page. For details, see “Remote
Access” on page 213.
Tip: For an Edge Appliance with new or changed volume configurations for remote volumes
with Read/Write permissions, it can initially take up to 20 minutes before these remote
volumes appear in the list of volumes. It takes time to fetch the necessary information for
the remote volumes.
• Number of Multisite Connections, namely, the volumes that are accessing volumes with Remote
Access enabled. Clicking Multisite Connections opens the Remotely Accessible Volumes
page. For details, see “Connect to (and Disconnect from) a Remote Volume” on page 109.

Unified Storage Access Points

Tip: This function can also be performed using the NMC API. For details, see NMC API.
In the Unified Storage Access Points area, the following information appears:
• Total number of Unified Storage Access Points, including CIFS shares, NFS exports, and FTP/
SFTP directories.
• Number of CIFS Shares. Clicking CIFS Shares opens the Shares page. For details, see “SMB
(CIFS) Shares” on page 163.
• Number of NFS Exports. Clicking NFS Exports opens the Exports page. For details, see “NFS
Exports” on page 141.
• Number of FTP Directories. Clicking FTP Directories opens the FTP Directories page. For
details, see “FTP Directories” on page 152.
HTTPS Access Points

In the HTTPS Access Points area, the following information appears:
• Total number of HTTPS Access Points, including Web Access points and Mobile Access points.
• Number of Web Access Points. Clicking Web Access Points opens the Shares page, where
you can enable or disable Web Access for CIFS shares. For details, see “Editing shares” on
page 183.
• Number of Mobile Access Points. Clicking Mobile Access Points opens the Shares page,
where you can enable or disable Mobile Access for CIFS shares. For details, see “Editing
shares” on page 183.
• Number of Mobile Connections. Clicking Mobile Connections opens the Mobile Licenses
page, where you can enable or disable individual Mobile Access licenses. For details, see
“Mobile Licenses” on page 350.
Volume Health
In the Volume Health area, the following information appears:
• Number of antivirus violations. Clicking antivirus violations opens the Antivirus Violations
page. For details, see “Antivirus Violations” on page 242.
• Number of volumes available. Clicking volumes available opens the Volumes page. For
details, see “Volumes page” on page 75.
If an attempt to read a volume from the cloud fails, an indication of Volume Unavailable (or
Volumes Unavailable) appears. This situation is generally temporary. If the Volume
Unavailable condition continues, investigate why the volume might be unavailable, such as
network issues.
failed for some reason. Clicking setting sync errors opens the Outstanding Settings Updates
To Filers page. For details, see “Pending Updates” on page 376.

Data Not Yet Protected chart

On the Volumes page, the Data Not Yet Protected chart appears.
Figure 11-2: Data Not Yet Protected chart.

Horizontal bars represent the amount of data not yet protected in all Nasuni Edge Appliances or in
volumes on a specific Nasuni Edge Appliance. From the drop-down list, select one of the following
choices:
• All Filers: Displays a bar graph of the amount of data not yet protected on each of the Nasuni
Edge Appliances under the control of the Nasuni Management Console. The Nasuni Edge
Appliances appear in order of decreasing amount of data not yet protected.
• specific Nasuni Edge Appliance: Displays a bar graph of the amount of data not yet protected
on each of the volumes on the selected Nasuni Edge Appliance. The volumes are in alphabetical
order.
If you hover the mouse over one of the bars, a label appears displaying details about the amount of
data not yet protected in that Nasuni Edge Appliance or volume.
Figure 11-3: Mouse hover over bar.

If there are any files with antivirus violations that are not yet protected, the total of files with antivirus
violations is displayed.
Data Growth chart

On the Volumes page, the Data Growth chart appears.
Figure 11-4: Data Growth chart: Licensed Data and Accessible Data.

From the drop-down list, select one of the following choices:

• All Volumes: Displays a graph of the total amount of data in all volumes vs. time.
• specific volume: Displays a graph of the amount of data in the selected volume vs. time.
This shows the amount of data on the vertical axis versus time along the horizontal axis, including the
following:
Figure 11-5: Data Growth chart: Cloud Usage and Accessible Data.
month.

as 9.53 MB.
metadata.
a directory.
Time marker labels indicate the end of a time period. For example, the label 'Dec '19' indicates the end
of December 2019. Everything to the left of this label is before the end of December 2019.
Figure 11-6: Left of time marker is before end of time period.

Everything to the right of this label is after the end of December 2019.
Figure 11-7: Right of time marker is after end of time period.

If you hover the mouse over one of the chart areas, a label appears displaying details about the amount
of data at that date at that time.
Figure 11-8: Mouse hover over chart.

selected range.
Volume List
The Volume List appears on the Volumes page.
Figure 11-9: Volume List.

From the Rows drop-down list, select the number of rows to display on the page. The fewer the
number of rows displayed, the faster the display appears.
If there is more than one page, use the left-facing and right-facing arrows to select which page of
values to display.
The following properties appear for each volume in the list of volumes:
Tip: Click the right-facing arrow beside each volume to reveal the volumes connected to
remotely accessible volumes. If there are more than 5 volumes connected to a remotely
accessible volume, only the first 5 appear. To view more, click More. To view all, click
“Show All”.
• Name: The name of the volume. For local volumes, you can edit this name and change it to a
customized name, if needed. See “Name of volume” on page 195 for details.
For details of the display of Safe Delete status, see “Details of Safe Delete status” on page 83.
Tip: Click the name of the volume to view the Volume Details page for that volume. See
“Volume details” on page 84.
Under each volume name:
• Remote Access status (CIFS and NFS volumes and FTP/SFTP directories only): The
setting of remote access to this volume: Remotely Accessible, if the volume is remotely
accessible. See “Setting or editing remote access settings” on page 215 for details.
• Permissions (local volumes connected to remote volumes only): The current permissions
for the remote volume: Read-Only or Read/Write. Local volumes that are connected to
remote volumes appear in a list under the remote volume.

• Pinned: Indicates whether the entire volume, namely, the root folder of the volume, is
pinned in the cache: Pinned, if volume folder is pinned. You can pin the volume folder to the
cache as detailed in “Pinned Folders” on page 197. To view unprotected files in the cache,
see “Unprotected Files” on page 139.
• Security Mode (CIFS volumes only): The security mode of the CIFS volume: Active
Directory, LDAP Directory Services, Publicly Available, or Unknown.
Note: If the permission of a remote volume is Disabled, the remote volume might not
display the correct Security for that volume.
• Filer: The name of the Nasuni Edge Appliance that the volume is on. For details, see “Filer
Details page” on page 275.
• Protocol: The protocol of the volume: CIFS, NFS, or FTP.
• Number of shares (CIFS), exports (NFS), or directories (FTP): For CIFS volumes, the total
number of shares. For details, see “SMB (CIFS) Shares” on page 163. For NFS volumes, the
total number of exports. For details, see “NFS Exports” on page 141. For FTP/SFTP
directories, the total number of FTP/SFTP directories. For details, see “FTP Directories” on
page 152
• Accessible Data: Accessible Data includes current data already protected in the cloud, as well
metadata. Accessible Data does not reflect the effects of compression or deduplication.
• not yet protected: The amount of data not yet protected.
• Last Snapshot: For a local volume, the date and time of the latest version of the data within this
volume in the cloud, that the NMC is aware of.
For a remote or shared volume, the date and time of the latest version of the data within this
volume in the cloud, that the Edge Appliance has synced to, and that the NMC is aware of.
If there are no snapshots yet, “No snapshots”.
For a more current representation of Edge Appliances on the NMC, click “Refresh Managed
Filers” on the Filers page. For details, see “Account Filers” on page 273.
If a snapshot is in progress and has not completed, the label “In progress” displays, along with
the percentage of the snapshot completed.
• Actions: Actions available for each managed volume.
• To initiate a snapshot, click Take Snapshot . A snapshot is initiated for the volume.
Note: With each Nasuni snapshot, configuration information is included, in case it is
necessary to recover the Edge Appliance. The configuration information includes
volume name, volume GUID, share type, software version, last pushed version,
retention type, and permissions policy. The configuration bundle is encrypted in the

same way that all the customer data is encrypted.

If you receive an alert that such backup configurations have failed, this might be
due to intermittent network issues, or possibly due to DNS issues. If you see
notifications that the Edge Appliance has successfully completed a snapshot after
the backup alert, then you can safely ignore the alert.
• To prioritize snapshots, click Prioritize Snapshot .
If you have more than one Nasuni Edge Appliance, sometimes you might want to ensure
that snapshots for one volume occur before snapshots for other volumes. This feature is
called Prioritized Snapshot (also called Fast-Track Push).
Note: The volume must have sharing enabled. That is, this volume must either be a
remote volume, or a local volume with Remote Access enabled.
The Prioritized Snapshot state forces this volume on this Nasuni Edge Appliance to be the
next volume to obtain the snapshot lock from nasuni.com. Essentially, this volume on this
Nasuni Edge Appliance jumps to the front of the queue for snapshot processing.
If no new data is placed on this volume on this Nasuni Edge Appliance, this state continues
until new data is placed on this volume on this Nasuni Edge Appliance, or until the expiration
time passes. This state continues until either the snapshot for this volume on this Nasuni
Edge Appliance completes, or until the expiration time passes. The expiration time is 24
hours.
During this state:
• If this volume is a local volume, no other volume on this Nasuni Edge Appliance can create
a snapshot.
• If this volume is a remote volume, no other Nasuni Edge Appliance can create a snapshot
for this volume.
If this becomes a concern, you can cancel Prioritized Snapshot for the volume.
To enable Prioritized Snapshot, click Prioritize Snapshot for the volume. As long as
another volume on this Nasuni Edge Appliance does not already have the Prioritized
Snapshot state, and another Nasuni Edge Appliance does not already have the Prioritized
Snapshot state for this volume, the Prioritize Snapshot dialog box appears. Click Prioritize
Snapshot. The state changes to a red . The snapshot is prioritized.
To cancel Prioritized Snapshot, click the red . The Prioritize Snapshot dialog box
appears. Click Cancel Prioritization. The state of the Prioritize Snapshot item changes to
black and white . The snapshot is no longer prioritized.
• To delete a local volume, click Delete . See “Deleting a local volume” on page 92.
Warning: Deleting a volume destroys all the volume’s data stored in the cache, as
well as data stored in cloud storage.
Other Nasuni Edge Appliances connected to the volume lose access to the
data in the volume.
• To disconnect a remote volume, click Disconnect . See “Disconnecting from a remote
volume” on page 98
Caution: Disconnecting a Nasuni Edge Appliance from a remotely accessible volume
causes all shares and exports of the remotely accessible volume to be deleted
from the Nasuni Edge Appliance.

Details of Safe Delete status

If Safe Delete is enabled for this volume, and if the deletion of the volume is awaiting approval by
volume-delete-capable administrators, the status “Pending Delete Approval” appears.
Figure 11-10: “Pending Delete Approval” status.

If Safe Delete is enabled for this volume, and if the deletion of the volume has been approved by
volume-delete-capable administrators, the status “Pending Delete” appears. To cancel a pending
deletion, see “Canceling volume deletion” on page 97. To revoke approval of a deletion, see “Revoking
approval of volume deletion” on page 97.
Tip: Volumes become Read-Only when they are either "Pending Delete Approval" or
"Pending Delete", and return to their initial state if a delete is canceled. Administrators
should notify the file system users that the volume is going to be deleted.

Volume details
In the Volume List, clicking the volume name opens the Volume Details page.
Figure 11-11: Volume Details page.

The Volume Details page displays a summary of information about the volume:
Safe Delete pending deletion
If Safe Delete is enabled for this volume, and if the Delete Volume key has been pressed for this
volume, the following message appears:
Figure 11-12: Pending Safe Delete message.

If the user is one of the volume-delete-capable administrators, and deletion has not occurred,
the “Cancel Delete” button appears.

Also, if the user is one of the volume-delete-capable administrators, but not the initiator of the
delete, and deletion has not been approved, the “Approve Delete” button appears.
Also, if the user is one of the volume-delete-capable administrators, but not the initiator of the
delete, and they have approved the deletion, the “Revoke Approval” button appears.
Also, if the user is the initiator of the delete and all approvals have been received, the “Delete
Immediately” button appears.
Data Growth chart:
This shows the amount of data on the vertical axis versus time along the horizontal axis,
including the following:
unlimited versions of their data available. Since the Nasuni service is inherently unlimited,
the Licensed Data limit can easily be changed, as business needs change. Licensed Data
should be compared to data metrics such as “Now” data, which is current data and
metadata in the cloud, without the effects of compression or deduplication. The default
Licensed Data for trial accounts is 5 TB. To select or unselect Licensed data, click Licensed
Data.
• Accessible Data. Accessible Data includes current data already protected in the cloud, as
well as current data in the cache that is not yet protected. For this reason, the volume data
in the cache that is not yet protected is generally less than the total accessible data, unless
this volume has not completed any snapshots. Accessible Data is current data only.
Accessible Data does not include previous versions or snapshots. Accessible Data does not
include metadata. Accessible Data does not reflect the effects of compression or
deduplication. To select or unselect accessible data, click Accessible Data.
deduplication. Cloud Usage data does not include unprotected data in the cache.To select
or unselect Cloud Usage, click Cloud Usage.
The amount of data is shown in units such as MB, GB, and TB. The length of time is shown by
year and month.
Note: Nasuni Edge Appliances and the NMC display the size of data in base 10 units
(including MB = 1,000,000 bytes, GB = 1,000,000,000 bytes, and TB =
1,000,000,000,000 bytes).

For example, a file that Nasuni displays as 10 MB would be displayed by some

platforms as 9.53 MB.
metadata.
a directory.
If you hover the mouse over one of the chart areas, a label appears displaying details about the
amount of data at that date at that time.
Figure 11-13: Mouse hover over chart.

Note: If remote volumes have different values, the overall value displays “Varies”.
To zoom in on a specific range of displayed data, click the chart at the high end of the range you
want, then drag to the low end of the range you want, then release. The chart rescales to zoom
in on the selected range.
In the Settings area:
• Name: The name of the local volume, or the local name of the remote volume. Clicking the
name opens the Volume Name page, with the Volume Name Settings dialog box selected.
For details, see “Name of volume” on page 195.
• Protocols: The protocols used for the volume: CIFS, NFS, or FTP. Clicking the protocol
opens the Volume Protocols page, with the Volume Protocol Settings dialog box
selected.
• Permissions Policy: (Not visible on remote volumes.) The permissions policy for the
protocols, from the following:
• NTFS Exclusive Mode:
• Default mode for CIFS (SMB) volumes on Nasuni Edge Appliances joined to Active
Directory.
• Produces full NTFS permissions support for CIFS (SMB) shares. This volume
permissions policy offers the greatest Windows and Mac client compatibility.
• Recommended for CIFS (SMB) volumes that do not require multiple protocols.
• Not Supported: NFS, FTP, LDAP authentication.

• Allows durable handles with SMB 2.0 and higher clients, which can then open a file
and survive a temporary connection loss (60 seconds or less).
Note: When Global Locking is enabled, support for SMB durable handles (allowing
clients to survive temporary connection loss) is disabled. Enabling Global
Locking anywhere on the volume disables durable handles. If durable handles is
disabled in this way, durable handles cannot be enabled again.
Caution: A CIFS NTFS Exclusive Mode volume cannot have multiple volume
protocols. If this CIFS volume must support multiple protocols, select NTFS
Compatible Mode.
Important: You cannot switch from NTFS Exclusive Mode to NTFS Compatible
Mode.
• NTFS Compatible Mode:
• Optional mode for CIFS (SMB) volumes on Nasuni Edge Appliances joined to Active
Directory.
• Provides a high level of Windows and Mac compatibility through the CIFS (SMB)
protocol, with some limitations.
• This mode is required for multiple protocol support that does NOT involve NFS, such
as CIFS (SMB) with FTP/SFTP, as well as CIFS (SMB).
NFS and FTP/SFTP protocols cannot see all NTFS permissions and do not obey all
access rules in NTFS permissions. NFS and FTP/SFTP protocols obey only the
POSIX access control list (ACL) component of inheritance rules.
• Not supported: NFS-only volumes, LDAP authentication.
• POSIX Mixed Mode:
• Default mode for CIFS (SMB) volumes on Nasuni Edge Appliances joined to LDAP.
Also available for Nasuni Appliances joined to Active Directory.
• Recommended for combined NFS and CIFS (SMB) volumes, and for combined CIFS
(SMB) and FTP/SFTP volumes. Also recommended for LDAP-authenticated CIFS
(SMB)-only volumes with Linux or Mac clients, with UNIX extensions enabled.
• More information:
• Access control lists (ACLs) are supported entirely through POSIX ACLs. Windows
clients receive mapping of POSIX ACLs to NTFS ACLs. However, the mappings
are not as complete as mappings done for NTFS Compatible Mode. NFS clients
cannot view the ACLs.
• The NFSv4 protocol automatically translates the underlying ACLs to NFSv4
ACLs. The common tools for managing POSIX ACLs are not supported on
NFSv4. To manage ACLs using NFSv4, you must use the NFSv4 ACL tools.
• UNIX/NFS Permissions Only Mode:
• Default mode for NFS volumes.
• Recommended for primary or heavy NFS use.
• Not available for CIFS (SMB) volumes. Not recommended for Windows users.
• Only supports traditional UNIX mode bits to control permissions (chmod).
• Windows can view permissions as access control lists (ACLs), but cannot add or
remove access control entries (ACEs).

• Unauthenticated Access Mode:

• Default mode for CIFS (SMB) volumes on Nasuni Edge Appliances that are not joined
to Active Directory or to LDAP. Also available for Nasuni Edge Appliances joined to
Active Directory or LDAP.
• Recommended for CIFS (SMB) Public-mode volumes. For CIFS (SMB) clients, this
mode acts as an open share. For all other protocols, this mode acts identically to
POSIX Mixed Mode.
Clicking the permissions policy opens the Volume Protocols page, with the Volume
Protocol Settings dialog box selected.
See “Changing Permissions Policy from NTFS Compatible to NTFS Exclusive” on page 204.
See “Enabling multiple volume protocols” on page 201.
• Provider: The name of the cloud provider for the volume.
• Region: The location of the cloud provider for the volume, if available.
• Storage Class (for Google Cloud Storage volumes only):
Figure 11-14: Storage Class.

The Storage Class, from the following:
• Standard: Best for data that is frequently accessed ("hot" data), or stored for only brief
periods of time.
• Nearline: Low-cost, highly durable storage service for storing infrequently accessed
data.
• Coldline: Very-low-cost, highly durable storage service for storing infrequently accessed
data.
• Archive: Lowest-cost, highly durable storage service for data archiving, online backup,
and disaster recovery.
For details, see Google Cloud Storage classes.
Tip: After the Storage Class is changed in the procedure “Changing the Storage Class
and Location Type of a Google Cloud bucket” on page 108, the original Storage
Class is still displayed on the Volume Overview page of the Edge Appliance UI and
on the Volume Details page of the NMC.
• Bucket (for volumes only): The bucket of storage that contains this volume.
• Vault (for IBM Cloud Object Storage volumes only): The name of the IBM Cloud Object
Storage vault.
• Encryption Keys: The Name and Enabled setting of the encryption keys for the volume. To
add, disable, or enable encryption keys, click the status. Clicking the status opens the
Volume Encryption Keys page, with the Edit Encryption Keys dialog box selected. For
details, see “Encryption Keys” on page 190.
• Shares (CIFS only), Exports (NFS only), or Directories (FTP): Total number of CIFS shares,
NFS exports, or FTP/SFTP directories, and number of Nasuni Edge Appliances. To add or
edit CIFS shares, NFS exports, or FTP/SFTP directories, click the status. For details, see
“SMB (CIFS) Shares” on page 163, “NFS Exports” on page 141, and “FTP Directories” on
page 152.

• Pinned Folders: Indicates whether any volume folder is pinned in the cache: Yes or No. To
view pinned folders, click the status. For details, see “Pinned Folders” on page 197. To view
• Auto Cached Folders: Indicates whether folders have Auto Cache (automatically bringing
data from other Nasuni Edge Appliances into the local cache immediately) enabled. To see
folders with Auto Cache enabled, click the status. For details, see “Enabling Auto Cache for
Folders” on page 125. To enable or disable Auto Cache for a volume, see “Scheduling
Syncs” on page 234.
Note: Auto Cache must be enabled for a volume before Auto Cache is enabled for a
folder in the volume.
• Quota: The quota (maximum capacity) configuration in GB, or “No Quota” if there is no
quota. To change the quota, click the status. For details, see “Quota” on page 206.
Note: If the licensed capacity is exceeded, you can still store more data temporarily. If
your total stored data nears or exceeds your licensed capacity, you receive
warnings to increase your licensed capacity.
• Safe Delete: Indicates whether the Safe Delete feature is Enabled or Disabled. To enable
or disable the Safe Delete feature, click the status. For details, see “Safe Delete of volumes”
on page 95.
In the Snapshots & Sync area:
• Snapshot Access: Indicates whether access to the snapshot directory for the volume is
Enabled or Disabled. To enable or disable snapshot directory access for a volume, click the
status. Clicking the status opens the Volume Snapshot Directory Access page, with the
Edit Snapshot Directory Access dialog box selected. For details, see “Snapshot Directory
Access” on page 217.
Tip: If both the SMB (CIFS) protocol and the NFS protocol are enabled on a volume, then
the .snapshot directory is not available.
• Snapshot Retention: The snapshot retention policy. To configure a snapshot retention
policy, click the status. Clicking the status opens the Volume Snapshot Retention page,
with the Snapshot Retention dialog box selected. For details, see “Snapshot retention” on
page 220.
Snapshot Schedule: The schedule for snapshots. If there is no schedule for snapshots,
indicates Disabled. To schedule snapshots, click the status. Clicking the status opens the
Volume Snapshot Schedule page, with the Snapshot Schedule dialog box selected. For
details, see “Snapshot schedule” on page 224.

If a volume has Global File Acceleration set as Active, and not Observation, the Snapshot
Schedule for the volume displays “Global File Accelerator”.
Figure 11-15: Volume managed by Global File Acceleration.

• Remote Access: The setting of remote access for this volume: Enabled or Disabled. If
Enabled, displays number of connections. To enable or disable remote access, click the
status. Clicking the status opens the Volume Remote Access Setting page, with the Edit
Volume Remote Access Settings dialog box selected. For details, see “Remote Access”
on page 213.
• Number of remote connections.
• Sync Schedule: The schedule of when the volume synchronizes data (“syncs”) from Nasuni,
merging local data with data from other Nasuni Edge Appliances connected to this volume.
If there is no schedule for syncs, indicates Disabled. To schedule syncs, click the status. For
details, see “Sync Schedule” on page 233.
If a volume has Global File Acceleration set as Active, and not Observation, the Sync
Schedule for the volume displays “Global File Accelerator”.
Figure 11-16: Volume managed by Global File Acceleration.

In the Volume Services area (CIFS and NFS volumes and FTP/SFTP directories only):
• Auditing: Indicates whether file system auditing for the volume is Enabled or Disabled. To
enable or disable file system auditing for a volume, click the status. Clicking the status
opens the Volume Auditing Settings page, with the Edit Volume Auditing Settings dialog
box selected. For details, see “File System Auditing” on page 250.
• File Alerts: Indicates whether the File Alert Service (automatically notifying you when files or
directories with particular names are written to the Nasuni Edge Appliance) is Enabled or
Disabled. If enabled, displays the number of patterns. To enable or disable the File Alert
Service, click the status. Clicking the status opens the Volume File Alert Service page, with
the Edit File Alert Service dialog box selected. For details, see “File Alert Service” on
page 259.
• Ransomware Detection: Indicates whether Ransomware Detection is Enabled or
Disabled. To enable or disable Ransomware Detection, click the status. Clicking the status
opens the Volume Anti-Malware Services page, with the Edit Anti-Malware Services
dialog box selected. For details, see “Ransomware Detection” on page 244.

• Antivirus Protection: Indicates whether Antivirus Protection is Enabled or Disabled. To

enable or disable Antivirus Protection, click the status. Clicking the status opens the Volume
Anti-Malware Services page, with the Edit Anti-Malware Services dialog box selected.
For details, see “Antivirus Protection” on page 237.
• Antivirus Violations (If Antivirus Protection enabled.): Displays the number of violations. To
view the list of Antivirus Violations, click the status. For details, see “Antivirus Violations” on
page 242.
If the Cloud Provider is a customer-provided cloud provider, the following appears in the
Cloud I/O area:
• Deduplication: Before sending data to the cloud, Nasuni breaks files into optimally-sized
chunks that are then deduplicated to improve performance. This displays the status for
deduplication: Enabled or Disabled. To enable or disable deduplication, click the status. For
more details, see “Cloud I/O” on page 188.
• Compression: Before sending data to the cloud, Nasuni breaks files into optimally-sized
chunks that are then compressed to improve performance. This displays the status for
compression: Enabled or Disabled. To enable or disable compression, click the status. For
more details, see “Cloud I/O” on page 188.
• Chunk Size: Before sending data to the cloud, Nasuni breaks files into optimally-sized
chunks to improve performance. This displays the size of the chunks. To change the chunk
size, click the value. For more details, see “Cloud I/O” on page 188.
If the Cloud Provider is a customer-provided cloud provider, the following appears in the
Credentials area (for details, see “Cloud Credentials” on page 398):
Figure 11-17: Credentials area (for Google Cloud Storage).

• Name: The name of the credentials.
• Hostname (for certain platforms): The hostname of the cloud provider.
• Account Name (for certain platforms): The name of the account on the cloud provider.
• Access Key (for certain platforms): The access key of the credentials of the account on the
cloud provider.
• Verify SSL (for certain platforms): Indicates whether the cloud provider verifies SSL
connections: Yes or No.
• Notes (for certain platforms): Any notes on the credentials of the cloud provider.

Deleting a local volume

You can delete a local "owned" volume.
When you schedule a volume for deletion, the volume is removed from the display immediately, but a
background process actually deletes the volume, and this can take some time to complete. For this
reason, you should never delete the associated bucket or container at the cloud storage provider: the
system could be left in an inconsistent state. The associated bucket or container is deleted as part of
the background process.
Also, you should not shut down the Edge Appliance virtual machine or hardware appliance until you
receive a notification that the volume was fully deleted. The notification is of the form “Volume delete
of <volume name> completed.” Similarly, if the background process does not complete
successfully, the NOC does not allow you to decommission the appliance. This is by design, in order to
ensure that the volume has been definitely deleted before decommissioning the appliance. For details
about decommissioning an Edge Appliance, see Decommissioning a Nasuni Edge Appliance or NMC.
Warning: Before deleting a volume, you must:
• Disconnect all remote Nasuni Edge Appliances connected to the volume.
• Disable remote access on the volume.
If this is not done, it might be possible for remote Nasuni Edge Appliances to write
data to the deleted volume for a short time (most likely for less than 10 minutes,
but possibly for much longer).
Data written to the deleted volume is not protected. This can result in data loss.
Warning: Deleting a volume destroys all the volume’s data stored in the cache, as well as
data stored in cloud storage.
Other Nasuni Edge Appliances connected to the volume lose access to the data in
the volume.
If Safe Delete is enabled for this volume, a specified number of volume-delete-capable administrators
must approve the deletion. To enable or disable Safe Delete, see “Safe Delete of volumes” on page 95.
If Safe Delete is enabled for this volume, after the “Delete Volume” button is clicked, the following
events are possible:
• Any of the volume-delete-capable administrators can click “Approve Delete” to approve the
deletion of the volume.
• If the required number of volume-delete-capable administrators approves the deletion, the
volume is scheduled for deletion.
• If any of the volume-delete-capable administrators clicks “Cancel Delete”, the volume’s
deletion is canceled.
• If any volume-delete-capable administrator who approved deletion clicks “Revoke Approval”,
their approval of the deletion is revoked.
Tip: Volumes become Read-Only when they are either "Pending Delete Approval" or "Pending
Delete", and return to their initial state if a delete is canceled. Administrators should notify
the file system users that the volume is going to be deleted.
Note: If a user clicks Delete Volume or Approve Delete for a volume that has Safe Delete
enabled, and the user's account is removed, any pending deletions and any pending
deletion approvals that they have made are canceled.

Note: For any volume that is either Pending Delete or Pending Delete Approval, the pending
deletions might be canceled after the volume's Nasuni Edge Appliance is recovered.
Before deleting a volume, complete the following prerequisites:
• If other Nasuni Edge Appliances are connected to the volume, disconnect them from the
volume. See “Connect to (and Disconnect from) a Remote Volume” on page 109 for details
about disconnecting from a volume.
• If the volume is configured for remote access by other Nasuni Edge Appliances, disable remote
access on the volume before deleting it. See “Remote Access” on page 213 for details.
• Administrators should notify the file system users that the volume is going to be deleted.
Note: Deleting a volume reduces the licensed capacity used; however, the background
delete operation can take time to process, depending on the number of files or blocks.
Notifications indicate when the volume deletion is complete.
To delete a local "owned" volume, follow these steps:
Caution: You cannot undo this procedure.
Warning: Deleting a volume destroys all the volume’s data stored in the cache, as well as
data stored in cloud storage.
Other Nasuni Edge Appliances connected to the volume lose access to the data in
the volume.
1. Click Delete . The Delete Volume dialog box appears.
Figure 11-18: Delete Volume dialog box.

2. Read any warnings that appear in the Delete Volume dialog box. Ensure that the prerequisites
mentioned above have been satisfied to avoid data loss.
3. Type Delete Volume in the Confirmation Phrase text box.

4. Click Delete Volume to schedule this volume for deletion.

If Safe Delete is enabled for this volume, the volume is not immediately scheduled for deletion.
Instead, the specified number of volume-delete-capable administrators must approve the
deletion before the volume is scheduled for deletion.
Tip: Volumes become Read-Only when they are in either the "Pending Delete Approval"
state or in the "Pending Delete" state, and return to their initial state if a delete is
canceled. Administrators should notify the file system users that the volume is going to
be deleted.
If notifications are enabled, a notification is created. If email alerts are enabled, an email alert is
sent. To enable Notifications, see “Notifications” on page 496. To enable email alerts, enable
“Safe Delete Alerts”.
If Safe Delete is enabled for this volume, volume-delete-capable administrators can approve the
deletion by clicking “Approve Delete”.
Alternatively, volume-delete-capable administrators can cancel the proposed delete by clicking
“Cancel Delete”.
After the final volume delete approval is received, the initiator of the delete can choose to click
“Delete Immediately” to immediately delete the volume. Otherwise, the volume is deleted
within 24 hours of receiving the final approval.
Tip: Volumes become Read-Only when they are either "Pending Delete Approval" or
"Pending Delete", and return to their initial state if a delete is canceled. Administrators
should notify the file system users that the volume is going to be deleted.
Alternatively, to exit this screen without deleting the volume, click the Close button.

Safe Delete of volumes

To help ensure that one administrator cannot delete a volume accidentally or by themselves, you can
specify how many administrators must approve deleting a volume. This feature is called “Safe Delete”.
Only if the specified number of administrators approves the deletion does the volume become
scheduled for deletion. Safe Delete settings are managed on a per-volume basis.
Tip: For further strategies to prevent accidental or deliberate deletion of volumes or cloud
storage buckets or containers, see Deletion Security.
An administrator with the ability to delete a volume, initiate a volume deletion, or approve a volume
deletion, is called a volume-delete-capable administrator, and includes administrators with any of these
permissions:
• Manage all aspects of the Nasuni Filer (super user)
• Manage all aspects of Volumes
• Add and Delete Volumes
Tip: Only administrators with the permission “Manage all aspects of the Nasuni Filer (super user)”
can enable or disable Safe Delete.
All actions related to Safe Delete are logged, including the following:
• Enable Safe Delete
• Disable Safe Delete
• Change required number of approvals
• Request volume delete
• Approval received
• Final approval granted
• Approval revoked
• Delete request canceled
If enabled, for each of these actions, a notification is created, and an email alert is sent. To enable
Notifications, see “Notifications” on page 496. To enable email alerts, enable “Safe Delete Alerts”.
In addition, once per day, a report is generated of all pending deletions, pending deletion approvals,
and volumes recently deleted through the automated Safe Delete cleanup process. This report includes
the state of volume pending deletion, which administrator initiated the pending deletion, and which
administrators have approved the pending deletion. You can receive this report if you are configured to
receive email alerts.
Enabling Safe Delete

To enable Safe Delete, follow this procedure:
1. Click Volumes, then click “Safe Delete”. The “Volume Safe Delete Setting” page appears.
2. Select volumes from the list to enable Safe Delete.

3. Click “Edit Volumes”. The “Volume Safe Delete Settings” dialog box appears.
Figure 11-19: Volume Safe Delete Settings dialog box.

4. To copy settings from another volume, click “Copy Settings” and select the volume from the
drop-down list.
5. To enable Safe Delete, set “Enable Safe Delete” to On.
Then, enter the number of “Approvals Required”. The number of “Approvals Required” must
be less than the number of volume-delete-capable administrators. For example, if the number of
volume-delete-capable administrators is 3, then the number of “Approvals Required” can be 1
or 2, because the volume delete initiator is not included in the number of volume-delete-capable
administrators available for approval.
6. Click Save.
The Safe Delete feature is enabled. If notifications are enabled, a notification is created. If email
alerts are enabled, an email alert is sent. To enable Notifications, see “Notifications” on
page 496. To enable email alerts, enable “Safe Delete Alerts”.
Note: If a user enables Safe Delete, and the user's account is removed, Safe Delete remains
enabled.
Disabling Safe Delete

To disable Safe Delete, follow this procedure:
1. Click Volumes, then click “Safe Delete”. The “Volume Safe Delete Setting” page appears.
2. Select volumes from the list to enable Safe Delete.

3. Click “Edit Volumes”. The “Volume Safe Delete Settings” dialog box appears.
Figure 11-20: Volume Safe Delete Settings dialog box.

4. To copy settings from another volume, click “Copy Settings” and select the volume from the
drop-down list.
5. To disable Safe Delete, set “Enable Safe Delete” to Off.
6. Click Save.
The Safe Delete feature is disabled. The Safe Delete feature is disabled and the number of
“Approvals Required” is reset to 1. If notifications are enabled, a notification is created. If email
alerts are enabled, an email alert is sent. To enable Notifications, see “Notifications” on
page 496. To enable email alerts, enable “Safe Delete Alerts”.
Canceling volume deletion

If Safe Delete is enabled for this volume, and if “Delete Volume” has been clicked, the volume is either
awaiting approval for deletion by volume-delete-capable administrators, or has already been approved
for deletion by volume-delete-capable administrators. In either case, any volume-delete-capable
administrator can cancel the proposed or pending deletion by clicking “Cancel Delete”. If notifications
are enabled, a notification is created. If email alerts are enabled, an email alert is sent. To enable
Notifications, see “Notifications” on page 496. To enable email alerts, enable “Safe Delete Alerts”.
Revoking approval of volume deletion

If Safe Delete is enabled for this volume, and if “Delete Volume” has been clicked, any volume-delete-
capable administrator who has approved the deletion can revoke their approval of the deletion by
clicking “Revoke Approval”. If notifications are enabled, a notification is created. If email alerts are
enabled, an email alert is sent. To enable Notifications, see “Notifications” on page 496. To enable
email alerts, enable “Safe Delete Alerts”.

Disconnecting from a remote volume

You can disconnect from a remote volume.
Caution: Disconnecting a Nasuni Edge Appliance from a remotely accessible volume causes all
shares and exports of the remotely accessible volume to be deleted from the Nasuni
Edge Appliance.
Caution: Disconnecting from a volume deletes any unprotected data in the cache. To protect
recently changed data, you can take an on-demand snapshot, then disconnect from
the volume. See “Take Snapshot” on page 99 for details.
Note: For volumes with a CIFS share, an NFS export, or an FTP/SFTP directory, you must
remove the share, export, or directory before you can disconnect from the volume. For
details on deleting a share, see “Deleting shares” on page 185. For details on deleting an
export, see “Deleting exports” on page 151. For details on deleting an FTP/SFTP directory,
see “Deleting FTP directories” on page 162
To disconnect from a remote volume, follow these steps:
1. Click Disconnect . The Disconnect Volume dialog box appears.
Figure 11-21: Disconnect Volume dialog box.

2. Type Disconnect Volume in the Confirmation Phrase text box.
3. Click Disconnect Volume to disconnect from the remote volume.
Caution: Disconnecting a Nasuni Edge Appliance from a remotely accessible volume causes
all shares and exports of the remotely accessible volume to be deleted from the
Caution: Disconnecting from a volume deletes any unprotected data in the cache. To protect
recently changed data, you can take an on-demand snapshot, then disconnect
from the volume. See “Take Snapshot” on page 99 for details.
Alternatively, to exit this screen without deleting the volume, click the Close button.

Take Snapshot
To take a snapshot of a volume, follow these steps:
1. For the volume that you want to take a snapshot of, click Take Snapshot .
A snapshot is scheduled for this volume.
Note: Because multiple Edge Appliances can share multiple volumes, snapshot handling
simplifies processing in these ways:
• On a given Edge Appliance, only one volume can perform a snapshot at a time.
• A volume that is shared on multiple Edge Appliances can only perform phase 2
(metadata) of a snapshot on one of the Edge Appliances at a time.
encrypted.
Monitoring snapshot processing

Each snapshot includes processing for the data and for the metadata.
For both data and metadata, the Notifications in the NMC or the Edge Appliance UI show when each
snapshot starts and when each snapshot completes. Each notification of a snapshot starting includes
the volume name and the version number. Each notification of a snapshot completing includes the
volume name, the version number, the number of objects succeeded, the number of objects failed, and
the number of objects skipped.
For the data, during a snapshot, the Volumes page of the NMC shows the current percent status
completion of a snapshot.
For the metadata, during a snapshot, the Volumes page of the NMC shows that the snapshot is in
progress.
Cancel Snapshot
After you click Take Snapshot, as described above, you can cancel that scheduled snapshot.
To cancel a snapshot of a volume, click Cancel .
If the snapshot for this volume can be canceled, the snapshot is canceled.
If the snapshot cannot be canceled, a message appears.

Volumes Page Create Volume
Create Volume
and remote volumes that belong to other Nasuni Edge Appliances. You can use the Create Volume
page to create a new CIFS or NFS "owned" local volume on any managed Nasuni Edge Appliance.
Tip: For Nasuni recommendations for volume configuration, see “Volume Configuration” on
page 534.
Tip: Before adding an "owned" local volume, configure the cloud credentials for this volume. To
configure cloud credentials, see “Cloud Credentials” on page 398.
Note: The default maximum number of volumes is 8.
If you want to upload (import) an OpenPGP-compatible encryption key to use with the new volume, you
must upload the encryption key before starting the volume creation process. (For security reasons,
encryption keys that you upload cannot be downloaded from the system.) See “Adding (importing or
uploading) encryption keys to Nasuni Edge Appliances” on page 305. All uploaded encryption keys
should be at least 2048 bits long.
Important: If you intend to use a new encryption key that Nasuni generates, that encryption key
is automatically escrowed with Nasuni. To recover encryption keys escrowed with
Nasuni, you must specify an escrow passphrase. Therefore, before creating a new
volume with an encryption key that Nasuni generates, you must specify an escrow
passphrase. See “Escrow Passphrase” on page 311.
Tip: See Worksheet for a worksheet for planning configurations.

To create a new CIFS or NFS "owned" local volume, follow these steps:
1. Click Volumes then click Create Volume from the menu in the left column. The Create Volume
page appears.
Figure 11-22: Create Volume page.

2. From the Target Filer drop-down list, select the managed Nasuni Edge Appliance where you
want to create the new volume.
3. From the Protocol drop-down list, select a network protocol on your network. This is the
protocol you use to access data on a volume.
page 534.
Tip: If you plan to enable both CIFS and NFS protocols for this volume, enable the NFS
protocol first, then add the CIFS protocol. Then select POSIX Mixed Mode as the
permissions policy. See “Protocols” on page 199.

Tip: For volumes supporting both Windows and Linux/UNIX clients, select CIFS (Windows
clients) and use a SMB client on Linux/UNIX.
Your choices are:
• CIFS (Windows clients): This protocol allows Windows users to share files across a
network. The CIFS protocol can be used on other operating systems besides Windows,
including UNIX, Linux, and macOS.
Tip: For Nasuni recommendations for volume configuration, see “Volume Configuration”
on page 534.
permissions policy.
• NFS (Unix clients): This protocol allows UNIX users to access and share file systems across
a computer network using UNIX and Linux.
on page 534.
Note: NFS volumes can only use the Optimized or Asynchronous modes of Global File
Lock.
Note: You can enable FTP/SFTP access to a SMB (CIFS) volume or an NFS volume after the
volume is created. See “Protocols” on page 199.
4. In the Volume Properties area, enter a human-readable name for the volume in the Name text
box, for example, “New York Office”. The name you enter is automatically applied as the
encryption key name in the Key Name text box.
Tip: The volume name must be fewer than 25 characters.
Important: Volumes on the same Edge Appliance must have unique names.
5. From the Cloud Provider drop-down list, select the cloud storage provider for this volume. The
choices for the back-end cloud storage component are part of each customer license.
6. From the Credentials drop-down list, select the cloud credentials for this volume. To configure
cloud credentials, see “Cloud Credentials” on page 398.
7. (For the Google Cloud Storage provider only.)
Figure 11-23: Storage Class.

For Nasuni versions before 9.3, see “Changing the Storage Class and Location Type of a
Google Cloud bucket” on page 108.
For Nasuni versions 9.3 and later, from the Storage Class drop-down list, select the desired
class of storage, from the following:
• Archive: Lowest-cost, highly durable storage service for data archiving, online backup, and
disaster recovery. Recommended for Nasuni Files for Google Cloud.

• Coldline: Very-low-cost, highly durable storage service for storing infrequently accessed
data.
• Nearline: Low-cost, highly durable storage service for storing infrequently accessed data.
• Standard: Best for data that is frequently accessed ("hot" data), or stored for only brief
periods of time.
For details, see Google Cloud Storage classes.
8. From the Region drop-down list, specify a region where you want to store your data.
You should store your data in a region that is near to your users and data centers, in order to
reduce data access latencies. The region you select should be remote from your other
operations for geographic redundancy and disaster recovery purposes. You should also
consider any compliance requirements for the location of data.
Note: Your data is protected with multiple copies in whichever region you choose.
Tip: For details on available regions, see Compatibility and Support and the following:
• For Amazon S3: https://docs.aws.amazon.com/general/latest/gr/
s3.html
• For Google Cloud Storage: https://cloud.google.com/about/locations
• For Microsoft Azure: https://azure.microsoft.com/en-us/global-
infrastructure/geographies/#geographies
Tip: For the Amazon S3 GovCloud cloud provider, use the region associated with the
hostname. For hostname s3.us-gov-east-1.amazonaws.com, select AWS
GovCloud (US-East). For hostname s3.us-gov-west-1.amazonaws.com, select
AWS GovCloud (US-West).
9. You can use an existing encryption key or create a new encryption key.
• To use an existing encryption key, select an encryption key from the Key drop-down list.
• To create a new encryption key, select Create New Key from the Key drop-down list, then
optionally enter a name for the new encryption key in the Key Name text box.
Important: If you intend to use a new encryption key that Nasuni generates, that
encryption key is automatically escrowed with Nasuni. To recover encryption
keys escrowed with Nasuni, you must specify an escrow passphrase.
Therefore, before creating a new volume with an encryption key that Nasuni
generates, you must specify an escrow passphrase. See “Escrow
Passphrase” on page 311.
Important: You can specify that you do not want Nasuni to generate any of your
encryption keys. This ensures that your data is encrypted only with
encryption keys that you upload. If you specify this, you must upload all the
encryption keys used. Specifically, when creating a volume, you cannot
select Create New Key as the source of the volume encryption key. If you
want to specify that Nasuni not generate encryption keys, request Nasuni
Support to disable key generation in your license.

Note: If you select Create New Key, the new encryption key is automatically escrowed for
you. To use your own encryption key, see “Adding encryption keys to a volume” on
page 192.
Encryption keys are generated in the background, so as to not block use of
the Nasuni Edge Appliance during generation.
Note: You cannot download any Nasuni Edge Appliance encryption key from a Nasuni
Management Console, because the Nasuni Edge Appliance never transmits any
encryption keys to a Nasuni Management Console. The Nasuni Management
Console is never in possession of any encryption key generated by a Nasuni Edge
Appliance. In particular, if you use the Nasuni Management Console to create a
volume on a Nasuni Edge Appliance, and specify generating a new encryption key
for that volume, that new encryption key is generated on the Nasuni Edge
Appliance, not on the Nasuni Management Console. The only way to download a
Nasuni Edge Appliance encryption key is by using the Nasuni Edge Appliance user
interface.
10. For CIFS and NFS volumes only, set the maximum volume capacity (in gigabytes) in the Quota
text box. A value of 0 (zero) or blank specifies an unlimited volume capacity (up to your licensed
capacity).
Quotas are applied after each successful snapshot. Nasuni recommends that you only increase
quotas rather than decrease them. A notification occurs when the volume reaches 90 percent of
the quota. Another notification occurs when the volume reaches the quota. If the volume is
shared, then the quota is compared to the sum of all Nasuni Edge Appliances connected to the
volume.
11. For CIFS and NFS volumes only, to automatically create a CIFS share or an NFS export for the
new volume, leave the Create a default Share/Export check box selected.
Tip: It is possible to create, update, and delete NFS exports using the NMC API.
12. For SMB (CIFS) volumes only, from the User Authentication drop-down list, select the method
for the Nasuni Edge Appliance to authenticate users connecting to SMB (CIFS) shares within
this volume.
page 534.
Note: “Authenticated Access” refers to either Active Directory or LDAP Directory Services.
Note: If the Nasuni Edge Appliance is configured for Active Directory authentication, but is
not joined to a domain, a message appears, indicating that the new volume is not
usable until the Nasuni Edge Appliance joins a domain, at which time you can choose
Active Directory, LDAP Directory Services, or Public authentication.
Tip: It is not possible to change the authentication mode of a volume after you create the
volume.
The following options are available:

• Authenticated Access: Refers to either Active Directory or LDAP Directory Services.

• Publicly Available to All Users: If the Edge Appliance is joined to Active Directory, in order
to create a share that does NOT require authentication, you must create a Publicly Available
volume, by selecting Publicly Available to All Users.
Note: If the Edge Appliance is NOT joined to Active Directory, the volume is created as
Publicly Available by default.
A default share is created that can then be edited to restrict access to only certain hosts.
Tip: To access the share from a Mac:
• Open Finder.
• Select Go > Connect to Server.
• Enter the IP address of the Edge Appliance or hostname/
• When prompted for credentials, select "Guest" and hit Connect.
Tip: To access the share from a Windows 10 computer:
• Because Windows 10 has the Guest account option disabled, you must make a
registry change in order to access the share. Open regedit and go to the following
path: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
LanmanWorkstation\Parameters". Change the value of
"AllowInsecureGuestAuth" from 0 to 1.
• Open Windows Explorer.
• In the address bar, enter the IP address of the Edge Appliance and the shares should
become available.
Note: If the Edge Appliance is NOT currently connected to Active Directory, and you
have never gone through the Directory Services wizard, when you attempt to join
this Edge Appliance to the Active Directory domain, it asks if you want to convert
any Publicly Available volumes to be secured under Active Directory.
If the Edge Appliance is already connected to Active Directory, and you want to
convert a Publicly Available volume to be secured under Active Directory, you must
perform a Recovery process (Recovery Guide), after which you must rejoin Active
Directory. It then prompts you to convert the Publicly Available volume.
If, at any point, you did go through the Directory Services wizard and failed to join
Active Directory, contact Nasuni Customer Support for assistance.
13. For CIFS volumes only, if the Nasuni Edge Appliance is configured for Active Directory or LDAP
Directory Services authentication, the CIFS-Specific Properties area appears. From the
Permissions Policy drop-down list, select one of the following.
on page 534.
Directory.

Compatible Mode.
Mode.
Directory.


POSIX Mixed Mode.
14. For CIFS volumes only, to specify that the volume should treat file and directory names as case-
sensitive, select “Case Sensitive”. The default is deselected, namely, case-insensitive. For
details on selecting case sensitivity, see “Case Sensitivity” on page 533.
Caution: A case-insensitive volume cannot have multiple volume protocols. If this volume
must support multiple protocols, select this checkbox to make the volume case-
sensitive.
Tip: For CIFS-only volumes, certain processing is optimized for volumes that treat file names
and directory names as case-insensitive (namely, volumes created with version 8.0 or
above, with the “Case Sensitive” option unselected).
However, for case-sensitive volumes, using case-sensitive paths on CIFS shares
improves performance for certain processing. See step 16 on page 174.
Important: On case-insensitive volumes, files whose UTF-8 casefolded file names contain
more than 255 characters are not supported.
Important: Clients such as Windows can sometimes give inconsistent results when dealing
with the case sensitivity of file names.
15. Click Create Volume.
The new volume appears in the list of volumes on the Volumes page.
A snapshot occurs automatically after the volume is created.
To add a share to a new CIFS volume, see “Creating shares” on page 166.
To add an export to a new NFS volume, see “Creating exports” on page 142.
To add an FTP/SFTP directory to a new CIFS or NFS volume, see “Creating FTP directories” on
page 154.

Changing the Storage Class and Location Type of a Google Cloud bucket
Nasuni customers might want to change the Storage Class and Location Type of a Google Cloud
bucket, to take advantage of pricing, availability, or other features.
In particular, customers using Nasuni Files for Google Cloud should change the Storage Class to
Archive Storage for the lowest pricing tier. For details on how Storage Class and Location Type
affect pricing, see the following Google information:
• Storage classes.
• Bucket locations.
• Cloud Storage pricing.
Note: To change the Storage Class and Location Type of a Google Cloud bucket, we transfer
data from the original bucket that Nasuni creates, to a temporary bucket; then from that
temporary bucket to a new bucket with the desired Storage Class and Location Type.
Tip: After the Storage Class is changed, the original Storage Class is still displayed on the
Volume Overview page of the Edge Appliance UI and on the Volume Details page of the
NMC.
For Nasuni versions 9.3 and later, see step 7 on page 102.
For Nasuni versions before 9.3, to change the Storage Class and Location Type of a Google Cloud
bucket, see the Google Cloud Storage Configuration Guide.

Volumes Page Connect to (and Disconnect from) a Remote Volume
Connect to (and Disconnect from) a Remote Volume

and remote volumes that belong to other Nasuni Edge Appliances. Remote access allows one or more
Nasuni Edge Appliances to connect, using Nasuni, to a volume owned by another Nasuni Edge
Appliance. After you enable remote access for a volume, and grant access permissions to the volume,
you can connect a Nasuni Edge Appliance to the remote volume. To enable remote access and grant
permissions on a volume, see “Remote Access” on page 213.
You can also disconnect an existing connection.
Tip: If the attempt to connect with a remote volume fails, try connecting again.
Tip: For an Edge Appliance with new or changed volume configurations for remote volumes with
Read/Write permissions, it can initially take up to 20 minutes before these remote volumes
appear in the list of volumes. It takes time to fetch the necessary information for the remote
volumes.
Note: If you connect to a remote volume that has multiple protocols defined (including CIFS,
NFS, and FTP), the volume inherits the same protocols as the original volume. If the
protocols for the remote volume change, the volume inherits the changed protocols. This
might take some time. You can refresh the volume connections in order to inherit the
changed protocols immediately.
Tip: Create and configure as many shares as possible for a volume before connecting other
Edge Appliances to that volume. Then, when other Edge Appliances connect to that
volume, they automatically inherit all of the share definitions that were specified on the
original volume. This only happens the first time that remote Edge Appliances connect to
the volume, so it is important to perform as much share creation and configuration as
possible before connecting to the volume.
Caution: Each share name on an Edge Appliance must be unique. In particular, share names
cannot differ only by case. When connecting remote volumes, each share name on all
connecting Edge Appliances must be similarly unique. You can view all share names
for an Edge Appliance on the CIFS Shares page, or on the Shares page on the NMC.
Caution: Edge Appliances joined to LDAP cannot share volumes with Edge Appliances joined to
Active Directory. Similarly, Edge Appliances joined to Active Directory cannot share
volumes with Edge Appliances joined to LDAP. If you want Edge Appliances to share
volumes, ensure that they are joined to the same directory service.

To connect to or disconnect from a remote volume, follow these steps:

1. Click Volumes, then click Connect Volume in the left-hand column. The Remotely Accessible
Volumes page displays a list of remotely accessible volumes on the managed Nasuni Edge
Appliances.
Figure 11-24: Remotely Accessible Volumes page.

If there is more than one page, use the left-facing and right-facing arrows to select which page
of values to display.
If there is more than one page, use the left-facing and right-facing arrows to select which page
of values to display.
The following information appears for each remotely accessible volume in the list:
• Name: The name of the remotely accessible volume.
• Owner: The name of the Nasuni Edge Appliance that owns this remotely accessible
volume.
• Protocol: The protocol of the remotely accessible volume: CIFS, NFS, or FTP.
display the correct Security Mode for that volume.
• Connected: A list of Nasuni Edge Appliances already connected to the remotely
accessible volume.
If more than one Nasuni Edge Appliance is connected to the remotely accessible
volume, the number of Nasuni Edge Appliances appears. To display a list of Nasuni
Edge Appliances connected to the remotely accessible volume, click this number. To
collapse the list, click collapse.
• Actions: Actions available for each remotely accessible volume.
2. To refresh the information about the list of remotely accessible volumes, click Refresh
Connections.

3. For the remotely accessible volume whose connections you want to change, click Edit
Connections. The Connect/Disconnect Volume dialog box appears.
Figure 11-25: Connect/Disconnect Volume dialog box.

A list of managed Nasuni Edge Appliances appears.
a. To connect a currently disconnected managed Nasuni Edge Appliance to the selected
remotely accessible volume, select the check box next to the managed Nasuni Edge
Appliance.
Note: To connect to a remote CIFS volume, the Nasuni Edge Appliance and the remote
CIFS volume must be in the same Active Directory or LDAP Directory Services
group.
Then, from the Storage Access drop-down list, select one of the following choices:
• Inherit storage access points: If the remotely accessible volume has shares or exports,
inherit those same shares or exports in the new volume.
• Create storage access points: To automatically create a new CIFS share or an NFS
export for the new volume.
• Skip creating storage access points: To postpone creating a new share or export for
the new volume. To later add a share to the new CIFS volume, see “Creating shares” on
page 166. To later add an export to the new NFS volume, see “Creating exports” on
page 142.

b. To disconnect a currently connected managed Nasuni Edge Appliance from the selected
remotely accessible volume, clear the check box next to the managed Nasuni Edge
Appliance.
Caution: Disconnecting a Nasuni Edge Appliance from a remotely accessible volume
causes all shares and exports of the remotely accessible volume to be deleted
from the Nasuni Edge Appliance.
c. In the Inherit Settings area, select or deselect the settings that you want to inherit from the
remotely accessible volume.
d. Click Save Connections to save the changes you made to connections to remotely
accessible volumes.
The new information appears in the list of remotely accessible volumes on the Remotely
Accessible Volumes page.

Volumes Page File System Browser
File System Browser

You can use the file system browser to perform a variety of tasks:
• Browse folders and files in volumes on Nasuni Edge Appliances.
• Search for folders and files by name.
• Filter results by date.
• Examine multiple versions of folders and files.
• Download folders and files.
Tip: The “Download File” button is disabled by default. Contact Support to make it available.
• Bring volumes, folders, and files into the cache of the Nasuni Edge Appliance.
• Enable Global File Lock for volumes.
• Pin folders in the cache.
• Enable Auto Cache for folders.
• Obtain handle and bucket information for a volume, for use with the Analytics Connector.
Note: The term “bucket” is used in the sense of a storage container for items in cloud
storage. Specific terms depend on the cloud storage provider.
• Create quotas for volumes and folders.
• Restore a file or folder for a CIFS or NFS volume or FTP/SFTP directory. You can do this, for
example, if data has been deleted erroneously. For details on restoring data in the event of a
disaster, see “Recovery” on page 501.
Note: Since the Nasuni Management Console does not access data directly, but through each
Nasuni Edge Appliance, accessing data or information might take time.
In order to access folders and files, ensure that you have performed these necessary tasks:
• Have configured at least one volume. For more information, see “Create Volume” on page 100.
• For CIFS and NFS volumes or FTP/SFTP directories, have shared or exported at least one
volume. For more information, see “Creating shares” on page 166 and “Creating exports” on
page 142.
• (Optional) Have configured a snapshot schedule to ensure that reliable, periodic snapshots of
the volume are taken. For more information, see “Editing snapshot schedules” on page 226.

Selecting Volume, Folder, or Files

You can select a volume, a folder, or one or more files. You can select by browsing or by searching.
Browsing a Volume
Browse
To browse folders and files in a volume, follow these steps:

1. Click File Browser. The File System Browser page appears.
Figure 11-26: File System Browser page.

2. From the Volume drop-down list, select a volume name.
Figure 11-27: Volume drop-down list.

The properties of the selected volume are displayed.
Figure 11-28: Volume properties.

The volume properties include:
• Volume: The name of the volume and Nasuni Edge Appliance.
• Content Size: The size of the volume and its contents. Content Size includes data already
protected in the cloud, but does not include data in the cache that is not yet protected.
Content Size data is current data only. Content Size data does include metadata. Content
Size does not reflect the effects of compression or deduplication.

Note: Nasuni’s display of size might differ from other indications of size, such as
Windows Explorer and other utilities. Typically, such utilities display only the size of
the data currently present in the local cache, while Nasuni displays the full size,
regardless of where the data is.
• Ownership: The owner of the volume.
• Cache Resident: (CIFS and NFS volumes and FTP/SFTP directories.) Indicates whether the
volume is currently in the cache of the Nasuni Edge Appliance (Yes) or not (No). To view
• Pinning: (For folders, including volumes.) Indicates whether the folder (including volumes) is
pinned in the cache (Enabled). To enable pinning for a folder (including volumes), see
“Pinning Folders in the Cache” on page 124. To view unprotected files in the cache, see
“Unprotected Files” on page 139.
• Global Locking: (For folders, including volumes.) Indicates whether Global File Lock is
enabled for the volume (Enabled). To enable Global File Lock for a volume, see “Global File
Lock” on page 127.
• Auto Cache: (For folders, including volumes.) Indicates whether Auto Cache (automatically
bringing data from other Nasuni Edge Appliances into the local cache immediately) is
enabled for the folder (including volumes). To enable Auto Cache for a folder (including
volumes), see “Enabling Auto Cache for Folders” on page 125.
• Handle: (For volumes.) The handle for the blob in cloud storage that represents the start of a
UniFS snapshot for a specified volume. For use by the Analytics Connector.
The Analytics Connector helps to provide direct access to file system data in a secure,
native (file or object) format that does not involve an Edge Appliance cache.
Currently, the Analytics Connector requires the handle of the blob in cloud storage that
represents the start of a UniFS snapshot for a specified volume, as well as the bucket or
container.
Note: The terms “bucket” and “container” are used in the sense of a storage container for
items in cloud storage. Specific terms depend on the cloud storage provider.
Tip: The Analytics Connector must be enabled in the customer license. To enable the
Analytics Connector, contact Support.
Tip: This function can also be performed using the NMC API. For details, see
http://docs.api.nasuni.com/nmc/api/1.1.0/index.html.
• Bucket: (For volumes.) The bucket for the blob in cloud storage that represents the start of a
UniFS snapshot for a specified volume. For use by the Analytics Connector.
Note: The term “bucket” is used in the sense of a storage container for items in cloud
• Container: (For volumes.) The container for the blob in cloud storage that represents the
start of a UniFS snapshot for a specified volume. For use by the Analytics Connector.

Note: The term “container” is used in the sense of a storage container for items in cloud
3. From the Filer drop-down list, select a Nasuni Edge Appliance for the selected volume.
Figure 11-29: Filer drop-down list.

The files and folders that reside on the selected volume on the selected Nasuni Edge Appliance
are displayed.
Figure 11-30: Files and folders on the volume.

4. From the list of files and folders you can select the following:
• One folder: select the folder you want. The selected folder is highlighted in the list.
The properties of the selected folder are displayed.
Figure 11-31: Folder properties.

The folder properties include:
• Location: The path to the folder.

• Content Size: The size of the folder and its contents. Content Size includes data already
protected in the cloud, but does not include data in the cache that is not yet protected.
Content Size data is current data only. Content Size data does include metadata.
Content Size does not reflect the effects of compression or deduplication.
Windows Explorer and other utilities. Typically, such utilities display only the
size of the data currently present in the local cache, while Nasuni displays the
full size, regardless of where the data is.
• Ownership: The owner of the folder.
• Cache Resident: (CIFS and NFS volumes and FTP/SFTP directories.) Indicates whether
the folder is currently in the cache of the Nasuni Edge Appliance (Yes) or not (No). To
view unprotected files in the cache, see “Unprotected Files” on page 139.
• Pinning: (For folders.) Indicates whether the folder is pinned in the cache (Enabled). To
enable pinning for a folder, see “Pinning Folders in the Cache” on page 124. To view
• Auto Cache: (For folders.) Indicates whether Auto Cache (automatically bringing data
from other Nasuni Edge Appliances into the local cache immediately) is enabled for the
folder. To enable Auto Cache for a folder, see “Enabling Auto Cache for Folders” on
page 125.
• Global Locking: (For folders.) Indicates whether Global File Lock is enabled for the
volume (“Enabled (inherited)”). To enable Global File Lock for a volume, see “Global File
Lock” on page 127.
• One file: select the file you want. The selected file is highlighted in the list.
The properties of the selected file are displayed.
Figure 11-32: File properties.

The file properties include:
• Location: The path to the file.
• Version: The version of the file.
• Version By: The Edge Appliance that was the origin of the snapshot containing this
version of the file.
• Size: The size of the file.
Windows Explorer and other utilities. Typically, such utilities display only the

size of the data currently present in the local cache, while Nasuni displays the
full size, regardless of where the data is.
• Ownership: The owner of the file.
• Cache Resident: (CIFS and NFS volumes and FTP/SFTP directories.) Indicates whether
the file is currently in the cache of the Nasuni Edge Appliance (Yes) or not (No). To view
• Lock Status: If Global File Lock is enabled for the volume, indicates whether the file is
Locked or Unlocked. To enable Global File Lock for a volume, see “Global File Lock” on
page 127. If locked by multiple Nasuni Edge Appliances, a list appears.
Figure 11-33: Locked by multiple Nasuni Edge Appliances.

You can now perform actions with the selected folder or file, as described in “Actions with Selected
Volume, Folder, or Files” on page 122.
You can also filter the current results by date, as described in “Filtering by Date” on page 118.
Filtering by Date
By default, the current contents of the volume are displayed. To select contents from another date and
time from available snapshots, follow these steps:
1. Navigate to a volume as described in “Browsing a Volume” on page 114.
2. Click the Version drop-down list. A calendar of available dates appears. Select the date, then
select the snapshot on that date. The folders and files from that snapshot appear.
Note: Some dates in the range of available dates do not have snapshots. When you click a
date with no snapshots, the message “There are no snapshots for the selected date.”
appears.
Folders and files from snapshots display the date and time of the version in addition to their
other properties.
3. Select a folder or file from the list. To select multiple individual items from snapshots, use
Ctrl+click. To select a range of items from snapshots, use Shift+click.
4. To select the current version of folders and files, click the Version drop-down list and select
Current Version.
You can now perform actions with the selected folder or files, as described in “Actions with
Selected Volume, Folder, or Files” on page 122.
Searching for a Folder or File by Name and Date

Search
In addition to browsing for folders and files, you can also search for a specific folder or file by name
within a snapshot, and then select it for further actions.

Caution: In most cases, snapshots are not in the cache of the Nasuni Edge Appliance, and must
be brought into the local cache of the Nasuni Edge Appliance to be searched. As a
result, snapshot searches can impact performance. Searching a large number of
snapshots proceeds better by using a Nasuni Edge Appliance that users are not using
heavily at the same time.
To search for a folder or file by name in a snapshot, follow these steps:
1. Navigate to a volume as described in “Browsing a Volume” on page 114. If you intend to restrict
the search to a specific directory, navigate to that directory.
Caution: The maximum length of a file name is 255 bytes.
In addition, the length of a path, including the file name, must be less than 4,000
bytes.
Since the UTF-8 representation of characters from some character sets can occupy
several bytes, the maximum number of characters that a file path or a file name
might contain can vary.
If a particular client has other limits, the smaller of the two limits applies.
2. Click Search . The Search Versions dialog box appears.
Figure 11-34: Search Versions dialog box.

3. The default is to search all directories. To limit the search to the currently selected directory (and
any subdirectories), select Search the Current Directory. Limiting the search can save time.

4. The default is to search all versions. To specify search dates, click the Date Range box. The
Date Range list appears.
Figure 11-35: Date Range list.

5. From the list, select one of these options for the search date:
• All Versions: Searches all snapshots regardless of date. This is the default.
Caution: Searching all snapshots can take a long time and add extra load to your Nasuni
Edge Appliance.
• Last 7 Days (if available): Searches only snapshots from the past 7 days, if there are any
available.
Caution: Searching large numbers of snapshots can take a long time and add extra load
to your Nasuni Edge Appliance.
• Last 30 Days (if available): Searches only snapshots from the past 30 days, if there are any
available.
• Custom Range: Opens the Custom Range pane for you to select a start date and an end
date within which to search snapshots.
Figure 11-36: Custom Range pane.

Navigate to the start date and the end date during which to search snapshots.
6. Enter all or part of the name of the folder or file to search for in the Query text box.

Note: You can use glob syntax wildcards when you specify the name, such as the following:
Wildcard Meaning Example
* Matches any number of *.mp3
any character. means any file name that ends with “mp3”.
? Matches any one test.mp?

character. means file names like “test.mp3” or “test.mp4”.
[sequence] Matches any character [A-Z]*.mp3

in the specified means file names that start with an upper-case
sequence. letter.
[!sequence] Matches any character [!A-Z]*.mp3

NOT in the specified means file names that do not start with an upper-
sequence. case letter.
The search matches the query text within a folder or file name. For example, searching for
“mount” finds items named “Mount”, “mounted”, “unmounted”, and “unmount”. The search
is not case-sensitive.
Optionally, you can specify searching for the exact name of the file (including the filename
extension) or folder by selecting the Exact Match check box. In this case, searching for
“mount” only finds items named “mount”. This search is also not case-sensitive.
7. Click Search. The Search Status results appear.
Figure 11-37: Search Status results.

To cancel a running search before it completes, click Stop Search.
8. After the search completes, click a folder or file to highlight it.
9. Click Navigate to Selected to navigate to the selected item.
bytes.

The folder or file you searched for is selected.

You can now perform actions with the selected folder or file, as described in “Actions with Selected
Volume, Folder, or Files” on page 122.
Actions with Selected Volume, Folder, or Files

After selecting a volume, folder or files, as described in “Selecting Volume, Folder, or Files” on
page 114, you can perform the following actions:
• Bring volume, folder, or files into the cache of the Nasuni Edge Appliance.
• Pin folders in the cache.
• Enable Global File Lock for volumes.
• Enable Auto Cache for folders.
• Create quotas for folders.
• Download folders and files.
• Determine the GUID of a volume.
• Determine the serial of an Edge Appliance.
• Restore a file or folder for a CIFS or NFS volume or FTP/SFTP directory.

Bringing Data into Cache of the Nasuni Edge Appliance

When a volume, folder, or file is selected that is not already in the cache of the Nasuni Edge Appliance,
you can bring that item into the cache.
Note: If the selected data is not already present in the Nasuni Edge Appliance’s cache, selecting
Bring into Cache begins the process of copying the selected data into the cache of the
Nasuni Edge Appliance. This process continues running in the background until all the
selected data is copied into the cache of the Nasuni Edge Appliance. If the size of the
selected data exceeds the available space in the cache of the Nasuni Edge Appliance, then
the Nasuni Edge Appliance releases already-protected data from the cache to make room
for the incoming data. This process affects network bandwidth until it has completed. If the
user requests any of the selected data while this process is running, the requested data is
copied into the cache of the Nasuni Edge Appliance immediately.
To view unprotected files in the cache, see “Unprotected Files” on page 139.
To bring data into the cache of the Nasuni Edge Appliance, follow these steps:
1. Select a volume, folder or file as described in “Selecting Volume, Folder, or Files” on page 114.
2. Click Bring into Cache. The Bring Into Cache dialog box appears. The dialog box is slightly
different with volumes, folders, and files.
Figure 11-38: Bring Volume Into Cache dialog box.

a. Information about the volume, folder or file is displayed, as well as the amount of space
currently available in the cache of the Nasuni Edge Appliance.
b. (For volume or folder only) To bring only the metadata of the volume or folder into the cache
of the Nasuni Edge Appliance, but not the data itself, select the Bring Metadata Only check
box.
c. Click Start Transfer.
This begins the process of copying data and metadata into the local cache of the Nasuni Edge
Appliance. When the process is complete, a notification indicates that the process is complete and,
if configured, an email indicates that the process is complete.

Pinning Folders in the Cache

Pin folder
Pinning a folder specifies that the folder and its contents must remain in the local cache at all times.
This can improve performance and reduce the time necessary to return accessed data to clients.
Warning: Enabling this feature means that the entire folder, and all the folder’s contents,
remain resident in the cache at all times. This reduces the available cache by the
size of the folder. If the amount of data pinned in the cache exceeds the size of the
cache, you cannot access data that is not in the cache. If this occurs, an Alert
notification is given.
Note: Pinning a folder does not bring the folder’s data into the cache. If the folder’s data is not
already present in the cache, you must specifically bring that data to the cache. To check
on whether data is resident in the cache, see “Browsing a Volume” on page 114. To bring
data to the cache, see “Bringing Data into Cache of the Nasuni Edge Appliance” on
page 123.
metadata.
a directory.
To view pinned folders, or disable pinning for a folder, see “Pinned Folders” on page 197.
See Worksheet for a worksheet for planning configurations.
To pin a folder in the cache, follow these steps:

2. Click Edit Cache Settings. The Folder Cache Settings dialog box appears.
Figure 11-39: Folder Cache Settings dialog box.

3. Select Enable Pinning.
4. Click Save Settings. Your changes are saved.
Otherwise, to close the dialog box without saving changes, click Close.
Enabling Auto Cache for Folders

Enable
“Auto Cache” attempts to bring into the local cache of the specified Nasuni Edge Appliance any
changes made to the specified folders by other Nasuni Edge Appliances. Without Auto Cache, any
such data is only brought into the local cache as it is accessed locally. With Auto Cache enabled, the
Nasuni Edge Appliance attempts to bring such data into the local cache during the scheduled syncs.
For Auto Cache to run on more than one Nasuni Edge Appliance, you must enable Auto Cache for each
Auto Cache must be enabled for a volume (on the Volume Sync Schedule screen) before Auto Cache is
enabled for a folder in the volume (on the File System Browser screen). You can only enable Auto
Cache for shared volumes.
Auto Cache is designed to run in the background with limited impact on the normal operation of the
Nasuni Edge Appliance. For this reason, Auto Cache is not designed to bring items into the cache
immediately. Also, other processes, such as snapshots, can interrupt the Auto Cache process so that it
takes longer. Multiple Auto Cache jobs are processed in parallel. More available CPUs and bandwidth
enable more parallel processing.
Auto Cache makes 3 attempts to bring a given item into the cache. After 3 attempts, Auto Cache skips
that item. If a user references that item, the Nasuni Edge Appliance again attempts to bring the item
into the cache.
Similarly, the queue for the items that Auto Cache attempts to bring into the cache is limited to 50,000
items. An item is a file or a directory. If there are more than 50,000 items, the items beyond 50,000 do
not fit on the queue and are not processed. However, if a user references one of those non-processed
items, the Nasuni Edge Appliance does attempt to bring the item into the cache.
If Auto Cache is enabled for directories that have Global File Lock enabled, then only the metadata is
brought into the cache during the next sync. The data itself is not brought into the cache until a user
accesses the file, because, if the user were to access the file at the same time that the file was brought
into the cache, then the user would have to wait even longer.

Tip: Because Auto Cache is not enabled by default, new data in the folder comes into the local
cache only when requested. Before enabling Auto Cache, ensure that all of the following
apply to your deployment:
• All the Nasuni Edge Appliances on which you plan to enable Auto Cache have caches
large enough to contain data from the other Nasuni Edge Appliances.
• All the data in the folder is relevant and appropriate for all other sites that access the
folder.
• Network access at each site is not adversely affected by automatically moving large
quantities of data.
Tip: Auto Cache should not be used during the initial transfer of data into a Nasuni Edge
Appliance or other large transfers of data.
Note: Before enabling Auto Cache for a folder, the folder’s volume must have Remote Access
enabled and Auto Cache enabled. For details, see “Setting or editing remote access
settings” on page 215 and “Scheduling Syncs” on page 234.
Note: Auto Cache is only available for shared or remote volumes.
Note: You can also enable Auto Cache for volumes. See “Scheduling Syncs” on page 234.
Note: If Auto Cache is enabled and you disable Auto Cache, any process bringing data into the
cache continues until complete.
Note: You can also disable Auto Cache for a folder using the Auto Cached Folders page. See
“Disabling Auto Cache” on page 187.
To enable Auto Cache for a folder, follow these steps:
2. Click Edit Cache Settings. The Folder Cache Settings dialog box appears.
Figure 11-40: Folder Cache Settings dialog box.

3. Select Enable Auto Cache.

Global File Lock

Lock
The purpose of the Global File Lock feature is to prevent conflicts when two or more users attempt to
change the same file on different Nasuni Edge Appliances. If you enable the Global File Lock feature for
a directory and its descendants, any files in that directory or its descendants can only be changed by
one user at a time. Any other users cannot change the same file at the same time.
Typically, when User X opens a file to change it, the application locks the file, preventing access by
User Y. Applications and platforms differ on specific behavior. User Y might receive the option of
opening a Read-Only copy of the file, opening a copy of the file with a different name, or receiving a
notice when User X closes the file. When User X does close the file, User Y can then access the file.
If Auto Cache is enabled for directories that have Global File Lock enabled, then only the metadata is
brought into the cache during the next sync. The data itself is not brought into the cache until a user
accesses the file, because, if the user were to access the file at the same time that the file was brought
into the cache, then the user would have to wait even longer.
page 534.
Caution: Nasuni recommends that you enable, disable, or reconfigure Global File Lock only
during off-hours, after ensuring that all affected files and directories are closed.
Caution: Disabling Global File Lock does not take effect immediately for files that still have
outstanding locks by one or more clients.
Tip: Enabling Global File Lock can have an impact on performance, depending on factors that
include network congestion, user load, and file sizes. If users do not typically collaborate on
the same file at the same time, it is unnecessary to enable Global File Lock.
Tip: To use Global File Lock, you must enable Global Locking in the customer license.
Caution: It is not recommended to move files between directories protected by Global File Lock
and directories not protected by Global File Lock. Data loss is possible.
Caution: If two Nasuni Edge Appliances both have Global File Lock enabled for the same folder,
and a file is deleted or removed in the folder on one of the Nasuni Edge Appliances, the
file might still be available on the other Nasuni Edge Appliance.
Note: Byte-range locking is not supported for items that have Global File Lock enabled.
Important: If an open file has Global File Lock enabled, and if that file is saved, then that file is
protected in the cloud outside of the regular snapshot, even if that file is still open.
However, if Antivirus Protection is enabled for that file, then that open file is not
immediately protected in the cloud. This is because Antivirus Protection must check
that file before that file can be moved to cloud storage. In this case, after Antivirus
Protection checks that file, and that file has no infections, then that file is protected
in the cloud.
If a file does have antivirus infections, and those infections are marked “Ignore”, then
the file experiences the usual Global File Lock processing.
For details of Global File Lock processing, see Global File Lock.
For details of Antivirus Protection processing, see Antivirus Service.

Tip: If Global File Lock is enabled for a volume that uses multiple protocols where hardlinks
might be present, it is highly recommended that the parent directory where Global File Lock
is enabled be exported as an “NFS Export” to applications that use multiple protocols. Note
that hardlinks can span multiple hierarchies where Global File Lock is enabled.
Figure 11-41: Export GFL parent directory as NFS Export.

Caution: Allowing NFS hardlinks to span hierarchies outside where Global File Lock is enabled
might result in data inconsistencies during file synchronization. This does not apply to
soft links such as symlinks.
Figure 11-42: Avoid NFS hardlinks outside GFL.

You can also manually break the locking of a file. This might become necessary if a user leaves a file
open and another user needs to open that file.
Warning: If you manually break the locking of a file, conflicts for the file might result.
Note: If a user continues using a file after the lock is manually broken, the file might become
locked again.
Restoring data protected by Global File Lock
Two types of data restore are possible: a “slow” data restore and a “fast” data restore. The differences
between the two types of restore include the following:
• Fast restore: A fast restore only needs to restore the metadata at the top level of the directory
structure. Any required data or metadata is brought into the cache only when actually accessed.
A fast restore can be extremely fast (a matter of minutes) for multiple TBs of data.
An Edge Appliance can generally perform a fast restore unless, for safety reasons, it must
perform a slow restore (see below).
For data safety reasons, a few features prevent performing a fast restore:
• Global File Lock: If Global File Lock is enabled on the data set being restored, the system
must perform a slow restore on the data protected by Global File Lock. You can disable
Global File Lock in order to perform a fast restore. For details, see below.
• Snapshot Retention: If Snapshot Retention is enabled, and versions are marked as time
boundaries, a fast restore cannot happen across these time boundaries, so that older
directories and files might require slow restore. You can disable Snapshot Retention in order
to perform a fast restore. For details, see “Snapshot retention” on page 220.
• Slow restore: If a fast restore is not possible, you can perform a slow restore. A slow restore
must download from cloud storage the full metadata and data for the version that you are
restoring. This can take a significant amount of time (possibly days or weeks) in order to restore
larger data sets. For this reason, if you need larger restores, try to do everything possible in
order to perform a fast restore.
If you intend to perform a slow restore, it is not necessary to disable Global File Lock or
Snapshot Retention.

Enabling (or disabling) Global File Lock

page 534.
Tip: To enable Global File Lock for a volume, you must enable Remote Access on this volume.
Note: When Global Locking is enabled, support for SMB durable handles (allowing clients to
survive temporary connection loss) is disabled. Enabling Global Locking anywhere on the
volume disables durable handles. If durable handles is disabled in this way, durable
handles cannot be enabled again.
Note: Byte-range locking is not supported for items that have Global File Lock enabled.
To enable Global File Lock for a folder (which can be a volume) and its descendants, follow these steps:
1. Select a folder as described in “Selecting Volume, Folder, or Files” on page 114.
2. Click Edit Global Locking Settings. The Global Locking Setting dialog box appears.
Figure 11-43: Global Locking Setting dialog box.

3. Select Enable Global Locking.

4. From the Locking Mode drop-down list, select one of the following locking modes.
page 534.
• Optimized: All locks are elevated to write locks that allow read. Only one Nasuni Edge
Appliance can have a lock on a file at a given time. Supported with both CIFS and NFS.
Recommended for most applications that don’t rely heavily on shared access modes.
Optimized locking gives the best performance, but lower protocol compatibility.
Note: NFS volumes support only Optimized mode locking.
• Advanced: Multiple Nasuni Edge Appliances can hold locks on a file at a given time, based
on the share access modes. Supported with CIFS only.
Recommended for applications that rely on shared access modes. Advanced locking
provides the highest Global File Lock compatibility, but might impact performance.
Caution: If you attempt to create a share on a directory on which Advanced Global File
Lock is enabled, all SMB-connected users will be disconnected and might need
to re-connect. Also, data reads and writes will be disrupted.
Caution: Not supported with NFS volumes or multiprotocol (CIFS and NFS) volumes. If
this volume must support multiple protocols, select Optimized mode or
Asynchronous mode.
Note: If Advanced locking is set on a directory, then any sub-directories that inherit the
Advanced setting do not have the option to “Edit Global Locking Settings”.
Tip: Not supported with NFS.
Tip: If the Advanced Global File Lock Mode is enabled for a CIFS folder, then Linux
clients might not be able to access all files.
• Asynchronous: Not a true locking mode. Recommended for special applications and use
cases that create all new files and that rely on Global File Lock to propagate information
about new files across other Nasuni Edge Appliances.
Note: The “Asynchronous” mode is only available if activated by the product license.
Tip: The parent directory of an “Asynchronous” directory cannot be “Advanced” mode.

Breaking Global File Lock

To break Global File Lock for a file, follow these steps:
1. Select the file as described in “Selecting Volume, Folder, or Files” on page 114.
2. Click Break Global Lock. The Break Global Lock dialog box appears.
Figure 11-44: Break Global Lock dialog box.

3. Click Break Lock. The lock for the file is released, allowing other users to open the file.
Otherwise, to close the dialog box without making changes, click Close.
Disabling Global Locking on customer license
If Global File Locking is not necessary, you can disable Global Locking on the customer license.
Tip: If any directories currently have Global File Lock enabled, then, before disabling Global
Locking in the customer license, you must disable Global File Lock on these directories.
To disable Global Locking on the customer license, contact Nasuni Support.

Setting Quota or Rule

Edit
You can set a quota on the contents of a volume or a folder. You can configure quota reports to be sent
to administrators or users when volumes or folders approach or exceed their quota.
To set a volume or folder quota, follow these steps:
1. Select a volume or folder as described in “Selecting Volume, Folder, or Files” on page 114.
2. Click Set Quota or Rule. The Set Quota or Rule dialog box appears.
Figure 11-45: Set Quota or Rule dialog box.

3. From the Quota Type drop-down list, select one of the following choices:
• Rule: Applies the specified Limit to any newly created subdirectories of the selected volume
or folder. To apply the specified Limit to existing subdirectories, see step 6 on page 134
below.
Important: Quotas cannot be nested. Quotas cannot be created anywhere in a directory
tree that already has a quota set in one of the parents. Quotas also cannot be
created on any parent directory when any of the subdirectories has a quota
already.
• Quota: Applies the specified Limit only to the selected volume or folder.
4. (Optional) To receive reports when the selected volume or folder is near or over its Limit, in the
Email text box, enter an email address.
Tip: If User Folders Support is enabled for the CIFS share that the directory is in, then the
email address of the directory owner is used automatically. This prevents the necessity
of manually entering hundreds of email addresses for multi-user systems. See step f on
page 175. However, if the email address is entered here, the entered email address
overrides looking up an email address from Directory Services.

5. In the Limit text box, enter or select the quota limit (in gigabytes or fractions of a gigabyte, such
as 6.8). The content size of uncompressed data is displayed to help you decide on a quota limit.
6. For the Rule quota type, to apply the same Limit to the data in any existing sub-directories of
the selected directory, select the Apply to existing sub-directories check box.
7. Click Save Quota to save your changes. Otherwise, click Cancel.
The quota is enabled as configured.

Downloading Files
Tip: The “Download File” button is disabled by default. Contact Support to make it available.
You can download one or more files to your local computer.
Tip: The default upper limit for downloading is 20 MB. Contact Support to change the upper
limit. However, increasing the upper limit can result in issues requiring assistance from
Support.
Tip: Although users with “Perform File Restores/Access Versions” permission have the ability to
access all files on the file server, the Download File button is not available.
Tip: Users who are members of groups that have the “Manage all aspects of Volumes”
permission or the “Manage all aspects of the Filer (super user)” permission can download
files. To control who can download files, manage these permissions accordingly. However,
note that each of these permissions control other settings besides downloading files. For
details, see Appendix 24, “Permissions,” on page 538.
Tip: Downloading large files from the NMC can take a long time.
To download one or more files, follow these steps:
1. Select one or more files as described in “Selecting Volume, Folder, or Files” on page 114.
2. Click Download File.
Downloading features depend on your Web browser. If the file is of a type that your Web
browser recognizes (such as a PDF file), the file might download and display directly in the
browser.
If the Web browser cannot directly display the file, navigate to a location where the file should
be saved.
bytes.
The selected files are downloaded to your local computer.

Restoring Files or a Folder from a Snapshot

You can restore a stored version of files or a folder from a snapshot. You might do this if a file or folder
was erroneously destroyed or corrupted, or if you need a previous version. You can restore the files or
folder to its original location, or to another location.
Note: If you rename a file or a folder that has a previous version, then the previous versions of the
newly renamed file or folder are no longer available. If the file or folder is renamed back to
the original name, then any previous versions of the file or folder become available again.
Important: If you specify one directory to restore to another directory, it puts the contents of the
original directory (not the original directory itself) in the target directory.
If you specify multiple directories to restore to another directory, it puts all of the
actual original directories under the target directory.
Important: Restoring a snapshot of a folder does not reset the folder to its exact condition when
the snapshot was completed. Instead, restoring a snapshot of a folder provides to
the folder any files that the snapshot contains, but that the folder does not currently
contain. Also, if the snapshot of the folder includes files that the folder does already
currently contain, restoring the snapshot of the folder preserves both versions of
each such file, and renames the restored version of each such file, so that there is no
conflict. Restoring a snapshot of a folder never removes any file that is already in the
folder.
To restore files or a folder from a snapshot, follow these steps:
1. Select files or a folder in a snapshot as described in “Selecting Volume, Folder, or Files” on
page 114.
Tip: You can tell that you have selected files or a folder in a snapshot if the Version displays a
date and not “Current Version.”
2. Click Restore Folder or Restore File. The Restore Folder or Restore File dialog box appears
Figure 11-46: Restore Folder dialog box.

3. Verify the selection in the Selection text box.

4. By default, the file or folder is restored to its original location. To restore the file or folder to
another path, click in the Destination box and navigate to the alternative path.
Caution: If the file or folder is restored to its original location, it replaces the file or folder of
the same name (if any) in that original location.
Important: If you specify one directory to restore to another directory, it puts the contents of
the original directory (not the original directory itself) in the target directory.
If you specify multiple directories to restore to another directory, it puts all of the
actual original directories under the target directory.
bytes.
5. To back up existing files before proceeding, select the Back Up Existing check box. If any files
that you selected to restore also exist in your volume, they are copied and retained. Backup files
are created with the preface “backupxxxx.” For example, “backup0001.Sales.doc”.
If Back Up Existing is not selected, the restore overwrites any files with the same name.
6. On the Restore Folder dialog box, in order to not impact existing directories, select Preserve
Existing Directories. This can help prevent impacting an existing directory with the same name
as a directory about to be restored. Also, by avoiding unnecessary processing, this can improve
performance.
7. To restore the selected files or folder to your system, click Restore File or Restore Folder.
Important: When restoring a folder, if you specify one directory to restore to another
directory, it puts the contents of the original directory (not the original directory
itself) in the target directory.
In contrast, if you specify multiple directories to restore to another directory, it
puts all of the actual original directories in the target directory.
The Restore in Progress pane appears.
Figure 11-47: Restore in Progress pane.

This pane includes the following:
• The number of folders processed.
• The number of files processed.
Note: Files and folders in the snapshots are not deleted or changed during the restore.
The restored files or folder appear in the specified folder.

Determining the GUID of a volume with File System Browser

You can determine the GUID of a volume by examining the URL of the NMC while selecting that volume
in File System Browser. The GUID is used for a number of purposes with the NMC API.
To determine the GUID of a volume, follow these steps:
1. Select the volume as described in “Selecting Volume, Folder, or Files” on page 114.
2. Examine the URL of the NMC in your Web browser.
For example, here is a sample URL of an NMC:
https://10.100.4.53/volumes/fsbrowser/?
volume=11dfd1db-5701-432a-b6a5-d25104397b80_10
&filer=3c4ec032-22d1-47ab-9119-9929481fdf08
The part of the URL after “volume=” and before “&filer=” is the volume GUID. In this
example, the volume GUID is 11dfd1db-5701-432a-b6a5-d25104397b80_10.
Determining the serial number of an Edge Appliance with File System Browser
You can determine the serial number of an Edge Appliance by examining the URL of the NMC while
selecting a volume of that Edge Appliance in File System Browser. The serial number of an Edge
Appliance is used for a number of purposes, such as installing and recovering Edge Appliances. You
can also determine the serial number of an Edge Appliance, as described in “Filer Details” on page 277
and in “Serial Numbers” on page 408.
To determine the serial number of an Edge Appliance with File System Browser, follow these steps:
1. Select a volume and Edge Appliance as described in “Selecting Volume, Folder, or Files” on
page 114.
2. Examine the URL of the NMC in your Web browser.
For example, here is a sample URL of an NMC:
https://10.100.4.53/volumes/fsbrowser/?volume=11dfd1db-5701-432a-b6a5-
d25104397b80_10
&filer=3c4ec032-22d1-47ab-9119-9929481fdf08
&version=now&path=tn__&selected=tn__
The part of the URL after “&filer=” and before the next ampersand “&” is the serial number of
the Edge Appliance. In this example, the serial number of the Edge Appliance is 3c4ec032-
22d1-47ab-9119-9929481fdf08.

Volumes Page Unprotected Files
Unprotected Files
You can view the current unprotected files in the cache for a volume. You can filter by file name, path,
size, and owner. A file is protected if a copy of the file has been saved to cloud storage.
Important: A file might not appear in this list if the file itself has been saved to the cloud, but the
snapshot processing for that file has not finished with the file’s metadata. The file is
not yet restorable, and the file cannot yet be propagated to another Edge Appliance.
Viewing unprotected files

To view files in the cache of a volume, follow these steps:
1. Click Volumes, then select Unprotected Files. The Unprotected Files page appears.
2. From the Filer drop-down list, select the Nasuni Edge Appliance whose volume you want to
view. From the Volume drop-down list, select the volume whose cache you want to view. A list
of files currently in the cache appears.
Figure 11-48: Unprotected Files page.

The following information appears for each unprotected file:
• Path: The path in the volume to the file in the cache.
• Unprotected Bytes: The size of each unprotected file.
Explorer and other utilities. Typically, such utilities display only the size of the data
currently present in the local cache, while Nasuni displays the full size, regardless of
where the data is.
• Owner: The owner of the unprotected file.
• Access Time: The date and time of the most recent access of the unprotected file.

Volumes Page Unprotected Files
3. Using the Filter text box, you can limit the display to items that match the criteria that you enter.
See “Filtering Displays” on page 527 for details.
Note: You cannot filter using any part of the path except the file name.
On this screen, the following field names are available:
• Path: Matches values in the file name of the Path field.
• Size: Matches values in the Unprotected Bytes field.
• Owner: Matches values in the Owner field.
• Name: Matches values in the file name in the Path field.
Note: If there are many files, it might take a little time to display the filtered results.
4. To move to the next page of unprotected files (if any), click the right arrow at the top of the
page.
5. To move to the previous page of unprotected files (if any), click the left arrow at the top of the
page.
6. To download a list of unprotected files as a CSV file, click Download CSV.

Volumes Page NFS Exports
NFS Exports
You can create, view, edit, and delete NFS exports from NFS volumes. NFSv3 is supported. NFSv4
encrypted connections are supported. Supported protocols appear on the Exports page.
Viewing exports
To view NFS exports from NFS volumes, follow these steps:
1. Click Volumes, then click Exports in the left-hand column. The Exports page displays a list of
exports from NFS volumes on managed Nasuni Edge Appliances.
Figure 11-49: Exports page.

The following information appears for each NFS export in the list:
• Volume: The NFS volume of the NFS export.
• Filer: The name of the Nasuni Edge Appliance with volumes that have NFS exports.
• Export Name: The name of the NFS export.
• Descriptive comment for the NFS export.
• Path: The path to the NFS export.
• Actions: Actions available for each NFS export.
• Protocols: The supported versions of the NFS protocol.
Filtering the Display

Using the Filter text box, you can limit the display to items that match the criteria that you enter. See
“Filtering Displays” on page 527 for details. On this screen, the following field names are available:
• volume: Matches values in the Volume field.
• filer: Matches values in the Filer field.
• name: Matches values in the Export Name field.
• path: Matches values in the Path field.
On this screen, the following conditions are available:
• readonly: Matches whether read-only access is enabled.

Creating exports
Tip: You can only add NFS exports to a volume that has the NFS protocol enabled. To create an
NFS volume, see “Create Volume” on page 100. To enable the NFS protocol for a volume,
see “Protocols” on page 199.
N1050
6000

To create a new NFS export, follow these steps:

1. On the Exports page, click Create Export. The Create Export page appears.
Figure 11-50: Create Export page.

a. From the Filer drop-down list, select the Nasuni Edge Appliance where you want to create
the new NFS export.
b. From the Volume drop-down list, select the NFS volume on the selected Nasuni Edge
Appliance where you want to create the new NFS export.
c. Click the Path text box and navigate to the directory you want to export.
In addition, the length of a path, including the file name, must be less than
4,000 bytes.
Since the UTF-8 representation of characters from some character sets can
occupy several bytes, the maximum number of characters that a file path or a
file name might contain can vary.
d. In the Name text box, enter a name for this export.
e. Optionally, enter a descriptive comment in the Comment text box.
f. In the Allowed Hosts text box, enter the hostname, or IP address with optional netmask, of
the host that is allowed to access the export folder on your network. If you leave this field
blank, all hosts on your network have access to the export without restrictions. Only a single
entry is allowed, however, the hostname can contain the * character as a wildcard.

g. From the Access Mode drop-down list, select an access mode. Your choices are:
• Normal Users Permitted (root_squash): All users who have User IDs (UIDs) greater
than zero can map to the NFS export. (Typically, users with a UID of zero (root user) are
forcibly mapped to the anonymous NFS UID.) This is the same as “root_squash” on
UNIX systems: it reduces the access rights for a remote superuser (root).
• All Users Permitted (no_root_squash): All users can map to the NFS export with their
normal UID. This is the same as “no_root_squash” on UNIX systems: it allows remote
root users to have root access.
• Anonymize All Users (all_squash): All users are forcibly mapped to the anonymous
NFS UID. This is the same as “all_squash” on UNIX systems: it converts all users to the
anonymous UID and GID.
h. If you want the export folder to be read-only for users on the network, select the Read Only
check box. This means that users can access the export, but only have read-only rights and
therefore cannot make changes to any of the files in the exported folder.
i. From the four drop-down lists, select any or all of the NFS Security Options that you prefer.
The options include the following:
• Traditional (sys): Use AUTH_SYS authentication. The user's UNIX user-id and group-ids
are passed in the clear on the network, unauthenticated by the NFS server. This is the
default.
• Authentication (krb5): krb5 uses Kerberos V5 instead of local UNIX UIDs and GIDs to
authenticate users.
• Integrity Protection (krb5i): krb5i uses Kerberos V5 for user authentication, and
performs integrity checking of NFS operations using secure checksums to prevent data
tampering.
• Privacy Protection (krb5p): krb5p uses Kerberos V5 for user authentication and
integrity checking, and encrypts NFS traffic to prevent traffic sniffing. This is the most
secure setting, but it also involves the most performance overhead.
j. From the Performance Tuning drop-down list, select the type of Performance Tuning. The
choices include the following:
• Default (sync): Replies to each NFS request only after all data has been stored to disk.
This is safer than async, but there is a delay between the store and the reply.
• No Write Delay (no_wdelay / sync): If NFS deduces a likelihood of a related storage
request arriving soon, then NFS’s optimization algorithm delays storage. This saves disk
writes and can speed performance. However, if NFS deduces incorrectly, this behavior
causes a delay in every request. The no_wdelay option eliminates the delay.
• Asynchronous Replies (async): Replies to requests before the data is stored to disk.
This improves performance, but results in lost data if the server goes down.
2. To accept your selections, click Create Export.
The export is created and appears in the list of exports. The export is available to clients under
/exports/<Directory name> and exposes the directory within the volume.

To mount an NFS export in Linux or UNIX, enter the following command:
mount -t nfs <IP address>:/nfs/<exportname> <target>
where:
• ip_address is the hostname or the IP address of the Nasuni Edge Appliance.
• exportname is the name of the NFS export on the Nasuni Edge Appliance.
• target is the name of the local directory.
Important: Make sure to include the '/nfs/' part of the command.
Note: The default options for the mount command should work. However, if this does
not work, use this version with explicit options:
mount -o tcp,nfsvers=3,timeo=600,rsize=16384,wsize=16384,hard
This version of the mount command includes these explicit options: TCP; 10-minute
timeout; read and write sizes of 16 KB; hard mount (soft mounts can corrupt data).
These values of rsize and wsize are recommended, but tune them for your system.
The result of the mount command is to mount the NFS export in the target directory. Users can
then add data to the NFS volume using copy commands.
Tip: You can place the mount command in a script that runs on login and mounts the
NFS export automatically.
Tip: Depending on the specific operating system, performing the mount might also
create a graphical icon of the NFS export that enables drag and drop and other GUI
actions.

Editing exports
To edit the selected export, follow these steps:
1. On the Exports page, click Edit . The Edit Export dialog box appears. F
Figure 11-51: Edit Export dialog box.

a. Optionally, enter a descriptive comment in the Comment text box.
b. In the Allowed Hosts text box, enter the hostname, or IP address with optional netmask, of
c. From the Access Mode drop-down list, select an access mode. Your choices are:

d. If you want the export folder to be read-only for users on the network, select the Read Only
e. From the Performance Tuning drop-down list, select the type of Performance Tuning. The
2. To accept your selections, click Update Export.
The export is changed and appears in the list of exports.
Alternatively, to exit this screen without changing the export, click Close.
Editing host options for exports

You can have multiple hosts for an export, each with different host options, including allowed hosts,
access mode, read only, and performance tuning.
To edit the selected export, follow these steps:
1. On the Exports page, click Edit Host Options . The NFS Host Options dialog box appears.
Figure 11-52: NFS Host Options dialog box.

The following information appears for each NFS export in the list:
• Host Specification: The hostname, or IP address with optional netmask, allowed to access
the NFS export.

• Read Only: Indication of whether the files and directories on the exported folder are read-
only (Yes) or not (No).
• Access Mode: The access mode, of the following:
• Performance Mode: The type of Performance Tuning, including the following:
• Actions: Actions available for each NFS export.

2. To add a new set of host options, click Add. The NFS Export: Host Options dialog box
appears.
Figure 11-53: NFS Export: Host Options dialog box.

a. In the Allowed Hosts text box, enter the hostname, or IP address with optional netmask, of
b. From the Access Mode drop-down list, select an access mode. Your choices are:
c. If you want the export folder to be read-only for users on the network, select the Read Only

d. From the Performance Tuning drop-down list, select the type of Performance Tuning. The
e. To accept your selections, click Save Options. The export is changed and appears in the list
of exports.
3. To edit an existing set of host options, click Edit for the host option. The NFS Export: Host
Options dialog box appears. Follow the steps in step 2 above.
4. To delete a set of host options, click Delete. The “Remove NFS Host Option?” dialog box
appears. Click Delete.
5. To save the complete list of host options, click Save.
The host options for the export are changed.
Alternatively, to exit this screen without changing the export, click Close.

Deleting exports
To delete the selected export, follow these steps:
1. On the Exports page, click Delete . The Delete Export dialog box appears.
Figure 11-54: Delete Export dialog box.

2. Verify that the correct export, volume, and Nasuni Edge Appliance appear.
3. Type Delete Export in the Confirmation Phrase text field.
4. Click Delete Export to delete the export.
Alternatively, to exit this screen without deleting the export, click Close.

Volumes Page FTP Directories
FTP Directories
You can create, view, edit, and delete FTP/SFTP directories for volumes that have the FTP/SFTP
protocol enabled. This enables you to allow FTP/SFTP access to directories and files without adding
new users.
Note: Nasuni supports SFTP, the SSH File Transfer Protocol. This is not the same as FTPS, the
File Transfer Protocol over SSL.
Tip: In order to access data using the FTP/SFTP protocol, the following steps are necessary:
1. Create a CIFS or NFS volume. See “Create Volume” on page 100.
2. Enable the FTP protocol on the volume. See “Enabling multiple volume protocols” on
page 201.
3. (Optional) Configure FTP/SFTP settings. See “Editing FTP settings” on page 294.
4. Add a new FTP/SFTP directory. See “Creating FTP directories” on page 154.
5. (Optional) Create a permission group that has storage access. See “Adding Permission
Groups” on page 394 in the Nasuni Edge Appliance Administration Guide.
6. (Optional) Create a user in a permission group that has storage access. See “Adding Users”
on page 401 in the Nasuni Edge Appliance Administration Guide. Active Directory and LDAP
users can log in for FTP access just as they do for CIFS access. Also, if anonymous access
is enabled, you don't need a specific group or user.
7. Access files using the FTP/SFTP protocol.
Viewing FTP directories

NMC API.
To view FTP/SFTP directories, follow these steps:
1. Click Volumes, then click FTP Directories in the left-hand column. The FTP Directories page
displays a list of FTP/SFTP directories for volumes that have the FTP protocol enabled on
managed Nasuni Edge Appliances.
Figure 11-55: FTP Directories page.

The following information appears for each FTP/SFTP directory in the list:
• Volume: The volume for the FTP/SFTP directory.

• Filer: The name of the Nasuni Edge Appliance with volumes that have FTP/SFTP directories.
• Name: The name of the FTP/SFTP directory.
• Descriptive comment for the FTP/SFTP directory.
• Path: The path to the FTP/SFTP directory.
• Actions: Actions available for each FTP/SFTP directory.
• Protocols: The supported versions of the FTP/SFTP protocol.

• name: Matches values in the Name field.
• anonymous: Matches whether anonymous access is enabled.

Creating FTP directories

Tip: You can only create FTP/SFTP directories for volumes that have the FTP protocol enabled.
To enable the FTP protocol for a volume, see “Enabling multiple volume protocols” on
page 201. To configure FTP/SFTP settings for this Nasuni Edge Appliance, see “Editing FTP
settings” on page 294.
N1050
6000

To create a new FTP/SFTP directory on a volume that has the FTP protocol enabled, follow these
steps:
1. On the FTP Directories page, click Create FTP Directory. The Create FTP Directory page
appears.
Figure 11-56: Create FTP Directory page.

2. From the Filer drop-down list, select the Nasuni Edge Appliance where you want to create the
new FTP/SFTP directory.
3. From the Volume drop-down list, select the volume on the selected Nasuni Edge Appliance
where you want to create the new FTP/SFTP directory.
4. Click the Path text box and navigate to the directory you want to access using FTP.
bytes.
5. In the Name text box, enter a name for this FTP/SFTP directory. The following characters are
not valid for FTP/SFTP directory names:
< > : " / \ | ? *
Tip: For Windows uses, see Naming Files, Paths, and Namespaces.
6. Optionally, enter a descriptive comment in the Comment text box.
7. From the Visibility drop-down list, select the visibility of the new FTP/SFTP directory. Your
choices are:
• Default: Every file is visible to the user. However, even if a file is visible to the user, the user
might not be able to access the file because of permissions.

• Hide Unreadable: Files that the user does not have permission to access are not visible to
the user.
• Invisible: No files are visible to the user. However, if a user has the filename of a file, and the
appropriate permission, the user can access the file.
8. If you want the FTP/SFTP directory to be read-only, select the Read Only check box. This
means that users can access the FTP/SFTP directory, but only have read-only rights and
therefore cannot make changes to any of the files or directories in the FTP/SFTP directory.
9. To control the permissions on new files in this FTP/SFTP directory, there are several choices,
which use umask settings to represent read, write, and execute permissions for the user, the
group, and others. Select one of the following choices from the Permissions on New Files
drop-down menu:
• No Extra Restrictions (Default): The owner, the group, and all others have all permissions
for all files in this FTP/SFTP directory. This is a umask setting of 000, which, for a requested
permission of 777, produces 777.
• Read-Only Others: The owner and the group have all permissions for all files in this FTP/
SFTP directory. Others can only read all files in this FTP/SFTP directory. This is a umask
setting of 002, which, for a requested permission of 777, produces 775.
• Read-Only Groups and Others: The owner has all permissions for all files in this FTP/SFTP
directory. The group and others can only read all files in this FTP/SFTP directory. This is a
umask setting of 022, which, for a requested permission of 777, produces 755.
• Restrict Others: The owner and the group have all permissions for all files in this FTP/SFTP
directory. Others have no permissions for all files in this FTP/SFTP directory. This is a umask
setting of 006, which, for a requested permission of 777, produces 771.
• Restrict Groups and Others: The owner has all permissions for all files in this FTP/SFTP
directory. The group and others have no permissions for all files in this FTP/SFTP directory.
This is a umask setting of 066, which, for a requested permission of 777, produces 711.
• Read-Only Groups, Restrict Others: The owner has all permissions for all files in this FTP/
SFTP directory. The group can only read all files in this FTP/SFTP directory. Others have no
permissions for all files in this FTP/SFTP directory. This is a umask setting of 026, which, for
a requested permission of 777, produces 751.
10. To control which hosts are allowed to connect to this FTP/SFTP directory, in the IP
Restrictions text box, enter a comma-separated list of the IP addresses or subnet addresses of
the hosts that are allowed to access this FTP/SFTP directory. If you leave this field blank, all
hosts on your network have access to this FTP/SFTP directory without restrictions.
Note: You cannot use IP Restrictions in conjunction with Allowed Users/Groups in step 11
on page 156.
11. To control the users and groups that have access to the FTP/SFTP directory, from the Allowed
Users/Groups drop-down list, select one of the following choices.
• Everyone: Allows all users and groups to access the FTP/SFTP directory.
• Anonymous Only: Allows only the anonymous user to access the FTP/SFTP directory. This
selection is only available if Anonymous is enabled, as in step 12 on page 159.

• Specific Users/Groups: Allows you to specify the users and groups that have access to
this FTP/SFTP directory. The Allowed Groups and Allowed Users areas appear.
Note: You cannot use Allowed Users/Groups in conjunction with IP Restrictions in step 10
on page 156.
Tip: A user can access the FTP/SFTP directory if the user is accessing the FTP/SFTP
directory from one of the allowed hosts and is either one of the allowed users or a
member of one of the allowed groups.
Tip: To specify users or groups, the users or groups must have Storage Access enabled. See
“Users and Groups” on page 391.
a. To add one group, follow these steps:
i. In the Allowed Groups area, click Add One. The Name search box appears.
Figure 11-57: Add One Name search box.

ii. Enter a partial or complete group name, then click Search . The Select Group dialog
box appears, containing the partial or complete group name.
Figure 11-58: Select Group dialog box.

iii. To control the range of the search, select one of the following:
• All: To search through all groups.
• Domain only: To search though domain groups only.
• Native only: To search through native groups only.

iv. Click Search. A list of groups that match your search appears. Select the group to define
access for, then click Add Selected Group. The selected group appears in the Allowed
Groups area.
Figure 11-59: Allowed Groups area.

b. To add more than one group, follow these steps:
i. In the Allowed Groups area, click Add Many. The Select Groups dialog box appears.
ii. In the Search text box, enter a partial or complete group name.
iv. Click Search. A list of groups that match your search appears.
v. Select the groups to define access for, then click Add Selected Groups. The selected
groups appear in the Allowed Groups area.
c. To delete a group from the Allowed Groups list, click Delete next to the group name. The
group is deleted from the list.
d. To add one user, follow these steps:
i. In the Allowed Users area, click Add One. The Name search box appears.

ii. Enter a partial or complete user name.
Tip: To specify a local user name (native to the Nasuni Edge Appliance), include the name
of the local Nasuni Edge Appliance in the query string.
iii. Click Search . The Select User dialog box appears, containing the partial or complete
user name.
Figure 11-61: Select User dialog box.

iv. To control the range of the search, select one of the following:
• All: To search through all users.
• Domain only: To search though domain users only.
• Native only: To search through native users only.
v. Click Search. A list of users that match your search appears. Select the user to define
access for, then click Add Selected User. The selected user appears in the Allowed
Users area.
Figure 11-62: Allowed Users area.

e. To add more than one user, follow these steps:
i. In the Allowed Users area, click Add Many. The Select Users dialog box appears.
ii. In the Search text box, enter a partial or complete user name.
iv. Click Search. A list of users that match your search appears.
v. Select the users to define access for, then click Add Selected Users. The selected users
appear in the Allowed Users area.
f. To delete a user from the Allowed Users list, click Delete next to the user name. The user is
deleted from the list.
12. To allow anonymous FTP/SFTP access, select the Anonymous check box.
Tip: If anonymous FTP/SFTP access is enabled, any user can access the FTP/SFTP directory.
13. To enable uploads using temporary files, select Temporary-File Uploads. If selected, file
uploads are performed in two steps, using a temporary file. This prevents issues such as
incomplete uploads and attempted file use before the upload is complete. This feature is
automatically enabled for anonymous uploads.
Since this feature prevents resuming failed uploads, deselect Temporary-File Uploads if you
want to be able to resume failed uploads.
14. To hide the actual owner and group of files in directory listings, select Hide Ownership in
Listings. If selected, all directory listings show “ftp” as the owner and the group.
This feature can enhance security. This feature might also be useful for clients that cannot parse
standard FTP directory listings.
15. To accept your selections, click Create FTP Directory.

The FTP/SFTP directory is created and appears in the list of FTP directories. The FTP/SFTP
directory is available to users.

Editing FTP directories

To edit the selected FTP/SFTP directory, follow these steps:
1. On the FTP Directories page, click Edit . The Edit FTP Directory dialog box appears.
Figure 11-63: Edit FTP Directory dialog box.

2. Continue with step 4 on page 155. When finished, click Update FTP Directory.
The FTP/SFTP directory is changed and appears in the list of FTP directories. The FTP/SFTP
directory is available to users.
Alternatively, to exit this screen without changing the FTP/SFTP directory, click Close.
Deleting FTP directories

To delete the selected FTP/SFTP directory, follow these steps:
1. On the FTP Directories page, click Delete . The Delete FTP Directory dialog box appears.
Figure 11-64: Delete FTP Directory dialog box.

2. Verify that the correct FTP/SFTP directory, volume, and Nasuni Edge Appliance appear.
3. Type Delete FTP Directory in the Confirmation Phrase text field.
4. Click Delete FTP Directory to delete the FTP/SFTP directory.
Alternatively, to exit this screen without deleting the FTP/SFTP directory, click Close.

Volumes Page SMB (CIFS) Shares
SMB (CIFS) Shares

You can create, view, edit, and delete CIFS shares from CIFS volumes.
Tip: You can obtain a list of the CIFS shares using the NMC API. For details, see NMC API.
SMB (CIFS) protocol support

Nasuni supports the following releases of SMB (CIFS):
SMB protocol version OS version when introduced Support
3.1.1 Windows 10, Server 2016 Yes: see features below
3.0.2 Windows 8.1, Server 2012 R2, Yes

macOS 10.10 (Yosemite)
3.0 Windows 8, Server 2012, Yes: see features below

macOS 10.10 (Yosemite)
2.1 Windows 7, Server 2008 R2 Yes
2.0 Windows Vista Yes: enabled by default
1.0/CIFS/SMBv1 Windows 3.1 Yes: disabled by default, can be enabled in

customer license by Support
Supported SMB Features

The current version of Nasuni (9.7) supports the following SMB features:
SMB signing: Signing is supported if negotiated by the client. There is no customer-facing setting to
require SMB signing for the server or share.
SMB encryption: Supported with SMB protocol version 3.0 and higher: AES-128-GCM. SMB
encryption can be set on the NMC and Edge Appliance to the following: Optional, Desired,
Required.
Note: Windows 7 clients do not support SMB encryption and cannot connect to shares with
SMB encryption set to Required.
Minimum Protocol Support: With version 8.7 and above, the minimum supported version of the SMB
protocol can be set. To set the minimum supported version of the SMB protocol, request
Nasuni Support to change the minimum supported version of the SMB protocol in your license.
Secure dialect negotiation: Secure dialect negotiation is introduced in SMB3 to protect against man-
in-the-middle attempt to downgrade dialect negotiation.
Re-authentication: On the client side, re-authentication normally occurs on expired sessions, but
implementations or applications may decide to re-authenticate Valid sessions if needed.
Hidden Shares ($): The "$" appended to the end of the share name means that it is a hidden share.
Leases: File, not directory. File leasing is an SMBv2/SMBv3-only feature that allows clients to
aggressively cache files locally, in addition to the caching allowed by SMBv1 oplocks.

Large MTU/Jumbo Frames: Nasuni supports 9000-byte MTUs for the Edge Appliance, although it is
not enabled by default. Customers can edit the MTU on the Network Configuration page.
Caution: With version 9.0 and above, you must specify the domain with the username in order to
authenticate, such as DOMAIN\username or username@DOMAIN.
Durable handles allow SMB 2.0 and higher clients to open a file and survive a temporary connection
loss (60 seconds or less). Durable handles are supported for volumes with NTFS Exclusive Permissions
Policy and cannot be used with Global File Lock.
Viewing shares
To view CIFS shares from CIFS volumes, follow these steps:
1. Click Volumes, then click Shares in the left-hand column. The Shares page displays a list of
shares from CIFS volumes on managed Nasuni Edge Appliances.
Figure 11-65: Shares page.

The following information appears for each CIFS share in the list:
• Volume: The CIFS volume of the CIFS share.
• Filer: The name of the Nasuni Edge Appliance where a CIFS share is located.
• Share Name: The name of the CIFS share.
• Descriptive comment for the CIFS share.
• Path: The path to the CIFS share.
• Security Mode (CIFS volumes only): The security mode of the CIFS share: Active Directory,
LDAP Directory Services, Publicly Available, or Unknown.
• Actions: Actions available for each CIFS share.

• Protocols: The supported versions of the CIFS or SMB protocol.

• name: Matches values in the Share Name field.
• aio: Matches whether Asynchronous I/O is enabled.
• authall: Matches whether Authenticate all Users is enabled.
• browsable: Matches whether Visible Share is enabled.
• browser_access: Matches whether Web Access is enabled.
• case_sensitive: Matches whether Case-Sensitive Paths is enabled.
• hide_unreadable: Matches whether Hide Unreadable Files is enabled.
• mobile: Matches whether Mobile Access is enabled.
• previous_versions: Matches whether Previous Versions is enabled.
• snapshot_dirs: Matches whether Snapshot Directory Access is enabled.

Creating shares
Caution: If you attempt to create a share on a directory on which Advanced Global File Lock is
enabled, all SMB-connected users will be disconnected and might need to re-connect.
Also, data reads and writes will be disrupted.
Tip: You can only add CIFS shares to a volume that has the CIFS protocol enabled. To create a
CIFS volume, see “Create Volume” on page 100. To enable the CIFS protocol for a volume,
see “Protocols” on page 199.
Tip: Hard links, junctions, and symbolic links (including Windows junctions and hard links) are not
supported with SMB (CIFS) shares.
Caution: With version 9.0 and above, you must specify the domain with the username in order to
authenticate, such as DOMAIN\username or username@DOMAIN.
Tip: Windows share permissions are not Nasuni share permissions. Setting permissions using
the “Share Permissions” tab in File Explorer or using the Shared Folders Microsoft
Management Console (MMC) is not supported. To set share permissions, use the
Authentication option in step 13 on page 170 below.
N1050
6000

To create a new CIFS share, follow these steps:

1. On the Shares page, click Create Share. The Create Share page appears.
Figure 11-66: Create Share page (top part).

2. From the Filer drop-down list, select the Nasuni Edge Appliance where you want to create the
new CIFS share.
3. From the Volume drop-down list, select the CIFS volume where you want to create the new
CIFS share.
4. Click the Folder text box and navigate to the folder you want to share.
bytes.
5. In the Name text box, enter a name for this SMB (CIFS) share.
Limitations on the SMB (CIFS) share name include the following:

• Length limited to 32 bytes. Since the Unicode representation of a character can occupy
several bytes, the maximum number of characters in a SMB (CIFS) share name can be less
than 32.
• The following characters are not valid for SMB (CIFS) share names:
< > : " / \ | ? *
• Do not use . (period or dot) at the beginning of the name of the SMB (CIFS) share.
• Do not use the $ character at the end of the name of the SMB (CIFS) share. Windows clients
interpret these SMB (CIFS) shares as hidden.
• Do not use “global” as an SMB (CIFS) share name. This is a reserved name.
Caution: Each share name on an Edge Appliance must be unique. In particular, share names
cannot differ only by case. When connecting remote volumes, each share name on
all connecting Edge Appliances must be similarly unique. You can view all share
names for an Edge Appliance on the CIFS Shares page, or on the Shares page on
the NMC.
If the Security of this Nasuni Edge Appliance is Directory Services, and if User Folders
Support is enabled, you can modify the name of the share to include the wildcard “%U” to
represent the user name. (See step f on page 175.) For example, the wildcard share name:
%U_share
for the user “paulm” becomes the share name:
paulm_share
If the share “%U_share” maps to the folder “/homes”, then, when the user maps
“paulm_share”, the resulting location is “/homes/paulm”. This can simplify creating multiple
shares for multiple users.
Note: The %U wildcard only produces lower-case user names, regardless of the case of the
actual original name.
Tip: You cannot create an internal link to folders created by using the "%U" wildcard in the
CIFS share name.
Important: If User Folders Support is enabled on a share, do not create a Shared Link Global
User.
Tip: For Windows uses, see Naming Files, Paths, and Namespaces.
bytes.
6. Optionally, enter a descriptive comment in the Comment text box.

7. If you want the share to be visible in the list of shares when users map the Nasuni Edge
Appliance, select the Visible Share check box. If the share is not visible, it does not appear in
the list of shares when users map the Nasuni Edge Appliance; however, if you know the share’s
name, you can still map the share directly.
8. If you want the share folder to be read-only for users on the network, select the Read Only
Share check box. This means that users can access the share, but only have read-only rights
and, therefore, cannot make changes to any of the files in the shared folder.
Important: If you select “Read Only Share”, and then select “Read-Write” as either the group
Access (step c on page 172) or the user Access (step g on page 173), then the
actual access for the group or user is Read-Write. The Read-Write access of the
group or user overrides the Read only setting of the share.
The Advanced Settings area contains additional settings.
Figure 11-67: Advanced Settings area.

9. In the Allowed Hosts text box, enter the hosts on your network that are allowed to access the
CIFS share folder. The hosts can be in the form of IP addresses, IP address/netmask values
(such as 150.203.15.0/255.255.255.0 in subnet mask format, or 150.203.15.0/24 in
CIDR notation format), or ranges of IP addresses (such as 150.203.*.*). If you leave this field

blank, all users on your network have access to the CIFS share without restrictions. Separate
entries with spaces.
10. In the Block files text box, enter the names of files or directories to make invisible and
inaccessible in the share. Enter one name per line. You can use wildcard characters, such as
“?” and “*”. Do not use the forward slash “/” character.
Note: Using this feature can break compatibility with some clients.
Tip: On a Nasuni Edge Appliance, non-empty directories that contain only blocked files
appear empty to a client, and might lead to unexpected behavior when attempting to
delete those directories. For example, if a directory contains only blocked files, and you
try to delete that directory, the directory is removed from view temporarily, but is not
deleted, and reappears upon refresh. In Windows, the Nasuni Edge Appliance sends the
error STATUS_DIRECTORY_NOT_EMPTY to report that the delete failed, but Windows
does not act on that error.
11. If the Security of this Nasuni Edge Appliance is Authenticated Access (meaning either Active
Directory or LDAP Directory Services), the Authentication, Groups, Users, and Asynchronous
I/O options appear. Otherwise, if the Security of this Nasuni Edge Appliance is Publicly
Available, the Authentication, Groups, Users, and Asynchronous I/O options do not appear.
12. To authenticate all users, from the Authentication drop-down list, select Authenticate all
Users.
13. Otherwise, to authenticate only specified groups and users, from the Authentication drop-
down list, select Authenticate only specified Groups and Users. This enables the Groups and
Users areas.
Tip: To specify users or groups, the users or groups must have Storage Access enabled. See
“Console Users and Groups” on page 472.
i. In the Groups area, click Add One. The Name search box appears.


iv. Click Search. A list of groups that match your search appears. Select the group to define
access for, then click Add Selected Group. The selected group appears in the Groups
area.
Figure 11-70: Groups area.

i. In the Groups area, click Add Many. The Select Groups dialog box appears.
v. Select the groups to define access for, then click Add Selected Groups. The selected
groups appear in the Groups area.

c. For each group in the Groups list, from the Access drop-down list, select either Read-Write,
Read-Only, or Deny.
Important: If you selected “Read Only Share” (step 8 on page 169), and now select
“Read-Write” as the group Access, then the actual access for the group is
Read-Write. The Read-Write access of the group overrides the Read Only
setting of the share.
d. To delete a group from the Groups list, click Delete next to the group name. The group is
e. To add one user, follow these steps:
i. In the Users area, click Add One. The Name search box appears.

Tip: To specify a local user name (native to the Nasuni Edge Appliance), include the
name of the local Nasuni Edge Appliance in the query string.
user name.

v. Click Search. A list of users that match your search appears. Select the user to define
access for, then click Add Selected User. The selected user appears in the Users area.
Figure 11-73: Users area.

f. To add more than one user, follow these steps:

i. In the Users area, click Add Many. The Select Users dialog box appears.
v. Select the users to define access for, then click Add Selected Users. The selected users
appear in the Users area.
g. For each user in the Users list, from the Access drop-down list, select either Read-Write,
Read-Only, or Deny.
Important: If you selected “Read Only Share” (step 8 on page 169), and now select
“Read-Write” as the user Access, then the actual access for the user is Read-
Write. The Read-Write access of the user overrides the Read Only setting of
the share.
h. To delete a user from the Users list, click Delete next to the user name. The user is deleted
from the list.
14. To hide files and folders that a user cannot access, leave the Hide Unreadable Files check box
selected. This option is selected by default.
15. To allow clients to view or restore files using the Previous Versions tab in Windows, select the
Enable Previous Versions check box. For details on using Windows Previous Versions, see
your Microsoft Windows documentation.
Caution: When Previous Versions is enabled on a share, certain operations on that share can
take longer than expected. Specifically, these operations include file upload to
web-based applications, such as Salesforce, Microsoft Office 365, or Microsoft
mail. Processing for these operations includes the following features:
• When the Previous Versions dialog is selected, it enumerates snapshots.
• If the required metadata is not present in the cache, it must be brought in from
cloud storage. This can make simple file access take longer than expected.
Microsoft is currently investigating the behavior of their Previous Versions dialog.
• To mitigate such performance issues, current best practice is to use separate
shares for operations involving previous versions. This can be configured by
following these steps:
• On the Nasuni Edge Appliance or the NMC, disable Previous Versions for the
original share.
• Create a second share identical to the first (perhaps named
“<ShareName>_Restore”).
• If a user must use Windows Previous Versions, instruct them to use the second
share.

16. (Available for case-sensitive volumes only.) To enable case sensitivity for file or folder names,
select the Case-Sensitive Paths check box. For details on selecting case sensitivity, see “Case
Sensitivity” on page 533.
Tip: For CIFS-only volumes, certain processing is optimized for volumes that treat file names
and directory names as case-insensitive (namely, volumes created with version 8.0 or
above, with the “Case Sensitive” option unselected). See step 14 on page 107.
However, for case-sensitive volumes, using case-sensitive paths on CIFS shares
improves performance for certain processing.
Important: Clients such as Windows can sometimes give inconsistent results when dealing
with the case sensitivity of file names.
Note: Even if case-sensitivity is not enabled, non-Windows clients such as Linux might still
treat the paths as case-sensitive.
17. To enable clients to access hidden snapshot directories within the share, select the Enable
Snapshot Directories check box. The volume must have Snapshot Directory Access
enabled. See “Snapshot Directory Access” on page 217.
Tip: If both the SMB (CIFS) protocol and the NFS protocol are enabled on a volume, then the
.snapshot directory is not available.
Note: Snapshot directory access can add a significant load to the Nasuni Edge Appliance.
Note: When Enable Snapshot Directories is enabled on a share, you cannot delete
directories from the client.
Note: The setting of Windows Previous Versions is independent of the setting of Snapshot
Directory Access.
Tip: If "Snapshot Directory Access" is enabled on a volume and “Enable Snapshot
Directories” is enabled on a CIFS share of that volume, then directories in that CIFS
share on that volume cannot be deleted.
18. If the Security of this Nasuni Edge Appliance is Directory Services, then User Folders Support
is available.
If enabled, for each user, the target folder path for the SMB (CIFS) share is automatically
appended with a folder named for the user. For example, the CIFS share “homes” that points to
the folder “/homes” mounted by the user “paulm” results in a mapping to “/homes/paulm”.
This can simplify setting up multiple CIFS shares for multiple users.
Tip: If you use this option, disabling case sensitivity is recommended.
Important: If User Folders Support is enabled on a share, do not create a Shared Link
Global User.
In addition, you can modify the name of the SMB (CIFS) share to include the wildcard “%U” to
represent the user name. For example, the wildcard CIFS share name:
%U_share
for the user “paulm” becomes the CIFS share name:
paulm_share

If the SMB (CIFS) share “%U_share” maps to the folder “/homes”, then, when the user maps
“paulm_share”, the resulting location is “/homes/paulm”.
4,000 bytes.
Tip: You cannot create an internal link to folders created by using the "%U" wildcard in
the CIFS share name.
Note: Even if Case-Sensitive Paths is not enabled, UNC paths accessed via User Folders
Support are case-sensitive.
To enable User Folders Support, follow these steps:
a. DO NOT enable User Folders Support when you first create a share. Create the share
first.
b. After creating a share, mount the share on the client, such as Microsoft Windows.
c. On the client, such as Microsoft Windows, in the mounted share, create all the user
folders.
d. Return to this screen for this share.
e. Edit the original share Name to include the wildcard “%U” to represent the user name.
f. Select Enabled from the User Folders Support drop-down list.
Each user then sees their login name as the share name, as a separate space from all
other users.
Otherwise, select Disabled from the User Folders Support drop-down list.
19. To enable access by mobile devices, such as iPhones and Android phones, select the Sync and
Mobile Access check box. For details on the Mobile Service, see “Mobile Settings” on
page 345 and “Mobile Licenses” on page 350. See Worksheet for a worksheet for planning
configurations.
Tip: Mobile Access must be enabled in the customer license before Mobile Access or Web
Access can be used with a Nasuni Edge Appliance.
20. To enable Web Access to files and folders, select the Web Access check box. The Web
Access Settings pane appears. Continue with specific instructions at “Web Access Settings”
on page 177.
Tip: Mobile Access must be enabled in the customer license before Mobile Access or Web
Access can be used with a Nasuni Edge Appliance.

21. If the Security of this Nasuni Edge Appliance is Authenticated Access (meaning either Active
Directory or LDAP Directory Services), then Asynchronous I/O is available. This enables
concurrent read and write access to the share. To enable Asynchronous I/O, select Enable
Asynchronous I/O. Asynchronous I/O is enabled by default.
22. To enable support for the SMB2 protocol for macOS clients, select Enhanced Support for Mac
OS X. Enabling this can speed up performance for macOS clients.
23. To select handling of SMB encryption for CIFS clients, from the SMB Encryption drop-down
list, select one of the following options:
• Optional: It is optional for clients to use SMB encryption when connecting to the share.
SMB3 encryption is enabled if the client machine specifically requests it. This is the default.
• Desired: It is desired that clients use SMB encryption when connecting to the share. The
Nasuni Edge Appliance requests that the client machine use SMB3 encryption. If the client
supports SMB3 encryption, the connection is encrypted.
• Required: It is required that clients use SMB encryption when connecting to the share. All
clients must use SMB3 encryption. If a client does not support SMB3 encryption, the client
is not allowed to mount the CIFS share on the Nasuni Edge Appliance.
Note: This includes SMB3 encryption for Windows clients.
Note: SMB Signing is supported if negotiated by the client. There is no Nasuni setting to
require SMB signing for the server or the share.
Tip: SMB encryption enhances security and prevents snooping on client traffic. Windows
clients should use SMB3 encryption if it is enabled on the CIFS share that they are
connecting to.
24. To create the share, click Create Share. The share is created and appears in the list of CIFS
shares.

Web Access Settings

In the Web Access Settings pane, you can specify details about Shared Links.
A shared link is a secure, signed URL that points to a specific file or folder within Web Access. This can
be useful for providing a trusted partner or contractor with secure access to a folder or file that they do
not have credentials to access directly. For more details on shared links, see “Shared Links” on
page 220 in the Nasuni Edge Appliance Administration Guide. You can control how long until the
shared link expires, whether a password is required, and who is allowed to create shared links.
Because shared links are associated with the credentials of the sharing user, if the sharing user’s
password changes, the shared link might become invalid. In order to ensure that shared links remain
valid regardless of changes to the sharing user’s credentials, you can create a special Shared Link
Global User specifically to “own” shared links. This is especially useful in environments where users
must change their passwords regularly for security purposes.
page 534.
Note: To access data in an NFS export, you must enable the SMB (CIFS) protocol for the NFS
volume. See “Protocols” on page 199.
Note: You must enable Web Access for the SMB (CIFS) share that you want to access. For
details, see “Creating shares” on page 166 or “Editing shares” on page 183. Web
Access is not available with LDAP Directory Services security.
Tip: The user must have Active Directory or Storage Access permissions. See “Users and
Important: Existing shared links are not affected by changes to the shared link settings, or by
changes to the permissions of the user who created the link. In particular, if a user
creates a shared link, and later that user’s permissions change so that they can no
longer create shared links, the shared link they created is not affected.
User.
Note: The Shared Link Global User feature must be enabled in the customer license by Nasuni
Support. After the Shared Link Global User feature is enabled in the customer license, the
Edge Appliance license must be refreshed on the Edge Appliance: click
Account Status --> Refresh License. Then, if the Edge Appliance is managed by the NMC,
click Filers --> Refresh Managed Filers.
Tip: After a recovery, if any of the original source Nasuni Edge Appliance’s CIFS shares had
Shared Links defined, these links must be regenerated. Use Web Access to view links that
must be regenerated, and regenerate them.

N1050
6000
If Web Access is enabled, the Web Access Settings pane appears.
Figure 11-74: Web Access Settings pane.

To configure shared links, follow these steps:
1. To allow creating shared links, select Enable Shared Links.
2. If Shared Links are enabled, in the External Hostname text box, optionally enter an external
hostname that users can access for the shared links.
Tip: Nasuni recommends configuring the "External Hostname". The Shared Link mechanism
favors the "External Hostname" value over the Nasuni Edge Appliance's hostname.

Configuring the "External Hostname" field helps guarantee that publicly shared links are
accessible by outside users.
3. If shared links are enabled, in the Maximum Expiration text box, enter the maximum number of
days until a shared link expires. To specify that there is no limit to the time until expiration, enter
0 (zero).
changes to the permissions of the user who created the link. In particular, if a
user creates a shared link, and later that user’s permissions change so that they
can no longer create shared links, the shared link they created is not affected.
4. If shared links are enabled, to specify that any shared links must include a password, select
Require Password.
5. If shared links are enabled, to allow creating shared links that permit writing to directories,
select Allow Writable Shared Links to Directories.
6. If shared links are enabled, select either Allow all Users or Allow only specified Groups and
Users from the Shared Link Permissions drop-down list.
7. If shared links are enabled, and you selected Allow only specified Groups and Users, you can
specify the groups and users who can create shared links.
Note: If you specify groups and also specify users within the specified groups, the Access for
the specified users is given by this table:
If the group Access is and the user Access is: then the user’s actual Access
is:
Deny Deny Deny
Deny Read-Write Deny
Deny Read-Only Deny
Read-Write Deny Deny
Read-Write Read-Write Read-Write
Read-Write Read-Only Read-Write
Read-Only Deny Deny

If the group Access is and the user Access is: then the user’s actual Access
is:
Read-Only Read-Write Read-Write
Read-Only Read-Only Read-Only

If a user is not a member of a specified group, then the Access specification for the
user is not affected by the Access specification for the specified group.
Follow these steps:

i. In the Groups area, click Add One. The Domain\Name search box appears.



v. Select the group, then click Add Selected Group. The selected group appears in the
Groups area.
Figure 11-77: Groups area.

i. In the Groups area, click Add Many. The Select Groups dialog box appears.
v. Select the groups, then click Add Selected Groups. The selected groups appear in the
Groups area.
c. For each group in the Groups list, from the Access drop-down list, select either Read-Write,
Read-Only, or Deny.
d. To delete a group from the Groups list, click Delete next to the group name. The group is
e. To add one user, follow these steps:
i. In the Users area, click Add One. The Name search box appears.


user name.

v. Click Search. A list of users that match your search appears. Select the user, then click
Add Selected User. The selected user appears in the Users area.
Figure 11-80: Users area.

f. To add more than one user, follow these steps:
i. In the Users area, click Add Many. The Select Users dialog box appears.
Tip: To specify a local user name (native to the Nasuni Edge Appliance), include the
name of the local Nasuni Edge Appliance in the query string.
v. Select the users, then click Add Selected Users. The selected users appear in the Users
area.
g. For each user in the Users list, from the Access drop-down list, select either Read-Write,
Read-Only, or Deny.
h. To delete a user from the Users list, click Delete next to the user name. The user is deleted
from the list.

8. If shared links are enabled, to enable a Shared Link Global User, select “Enable Shared Link
Global User”.
By enabling a Shared Link Global User, any shared links are associated with the Shared Link
Global User, and not with a specific user. This helps ensure that shared links remain valid even
when the credentials for a specific user change.
User.
Note: The Shared Link Global User feature must be enabled in the customer license by
Nasuni Support. After the Shared Link Global User feature is enabled in the customer
license, the Edge Appliance license must be refreshed on the Edge Appliance: click
Account Status --> Refresh License. Then, if the Edge Appliance is managed by the
NMC, click Filers --> Refresh Managed Filers.
If you enable a Shared Link Global User, follow these steps:
a. In the Username text box, enter an NT-compatible name of a user in an Active Directory
domain.
Important: It is important that the password for this Shared Link Global User stay in sync
with the Active Directory user account password. Therefore, you should use
a dedicated service account for this Shared Link Global User, and this
account should be configured with the “password never expires” option.
b. In the Password text box, enter the password for this user.
If you are editing the configuration of an existing share, and do not want this previously
entered password to be changed, ensure that this text box is left blank.
9. Continue with the procedure at step 21 on page 176.
Tip: You can change the logo and the primary and secondary colors of the Web Access display
for branding purposes. See “Web Access Branding” on page 343.
Editing shares
Important: After you change any share setting, the currently connected CIFS/SMB clients do not
observe the change until they disconnect and create new sessions. You can
disconnect clients individually by clicking Disconnect for each one, or you can
disconnect all clients by clicking "Reset All Clients".

To edit the selected share, follow these steps:

1. On the Shares page, for the selected share, click Edit . The Edit Share dialog box appears.
Figure 11-81: Edit Share dialog box.

Follow the procedure in “Creating shares” on page 166, starting with step 4.
2. To accept your selections, click Update Share.
The share is changed and appears in the list of shares.
Alternatively, to exit this screen without changing the share, click Close.

Deleting shares
NMC API.
To delete a selected share, follow these steps:
1. On the Shares page, click Delete . The Delete Share dialog box appears.
Figure 11-82: Delete Share dialog box.

2. The share name appears in the dialog box. Confirm that the correct share is about to be
deleted.
3. Type Delete Share in the Confirmation Phrase text box.
4. Click Delete Share to delete the share.
Alternatively, to exit this screen without deleting the share, click the Close button.

Volumes Page Auto Cached Folders
Auto Cached Folders

You can view folders that have Auto Cache enabled.
If you enable the “Auto Cache” option for a folder, new data in that folder is brought into the local cache
immediately from other Nasuni Edge Appliances that are attached to this volume. Otherwise, new data
is brought into the local cache from other Nasuni Edge Appliances when that data is accessed next.
Note: Before enabling Auto Cache for a folder, the folder’s volume must have Remote Access
enabled and Auto Cache enabled. For details, see “Setting or editing remote access
settings” on page 215 and “Scheduling Syncs” on page 234.
Note: Auto Cache is only available for shared or remote volumes.
Note: You can also enable Auto Cache for volumes. See “Scheduling Syncs” on page 234.
Tip: To enable or disable Auto cache for a folder, see “Enabling Auto Cache for Folders” on
page 125.
Viewing folders that have Auto Cache enabled

To view folders that have Auto Cache enabled, follow these steps:
1. Click Auto Cached Folders. The Auto Cached Folders page displays a list of folders that have
Auto Cache enabled on managed Nasuni Edge Appliances.
Figure 11-83: Auto Cached Folders page.

2. Click the right-facing arrow beside each folder to reveal the folders that have Auto Cache
enabled for each Nasuni Edge Appliance for that folder. To reveal the folders that have Auto
Cache enabled of all Nasuni Edge Appliances, click Expand All. To collapse the display of the
folders that have Auto Cache enabled of all Nasuni Edge Appliances, click Collapse All.
The following information appears for each folder that has Auto Cache enabled in the list:
• Name: The name of the folder that has Auto Cache enabled.
• Filer: The names or number of Nasuni Edge Appliances that access the folder that has Auto
Cache enabled.
• Volume Auto Cache: Indicates whether Auto Cache is enabled or disabled for the volume:
Enabled or Disabled.
• Path: The path to the folder that has Auto Cache enabled.

Volumes Page Auto Cached Folders
Disabling Auto Cache

To disable Auto Cache for a folder, follow these steps:
1. Click Auto Cached Folders. The Auto Cached Folders page displays a list of folders that have
Auto Cache enabled on managed Nasuni Edge Appliances.
Figure 11-84: Auto Cached Folders page.

2. Click the right-facing arrow beside each folder to reveal the folders that have Auto Cache
enabled for each Nasuni Edge Appliance for that folder. To reveal the folders that have Auto
Cache enabled for all Nasuni Edge Appliances, click Expand All. To collapse the display of the
folders that have Auto Cache enabled for all Nasuni Edge Appliances, click Collapse All.
3. For the folder where you want to disable Auto Cache, click Disable. The Disable Folder Setting
dialog box appears.
Figure 11-85: Disable Folder Setting page.

4. Verify that the information is correct, then click Disable Folder Setting.
Auto Cache is disabled for the folder.

Volumes Page Cloud I/O
Cloud I/O
If the Cloud Provider is a customer-provided cloud provider, the Volume Cloud I/O page is available.
Before sending data to the cloud, Nasuni breaks files into optimally-sized pieces for transport between
the on-premises cache and cloud storage. This not only disguises the actual sizes of files, but also
improves performance. These chunks are then deduplicated, compressed, and encrypted.
If the file is smaller than 1 GiB, the default chunk size is 1 MiB. If the file is 1 GiB or larger, and the
appliance has less than 16 GiB of RAM, the default chunk size is 2 MiB. If the file is 1 GiB or larger, and
the appliance has 16 GiB of RAM or more, the default chunk size is 10 MiB.
For customer-provided clouds, if directed by Nasuni Support, you can adjust the chunk size, or enable
or disable Nasuni's compression and deduplication, using the Cloud I/O area of the Volume Overview
page (Nasuni Edge Appliance) or the Volume Cloud I/O page (NMC). If you do manually change the
chunk size, the variable chunk size mentioned above no longer operates. You can restore the variable
chunk size mentioned above by leaving the Chunk Size field blank and then clicking Save.
To enable or disable Nasuni's compression and deduplication, or to adjust the chunk size, follow these
steps:
1. Click Volumes, then click Cloud I/O in the left-hand column. The Volume Cloud I/O page
displays a list of volumes on managed Nasuni Edge Appliances on customer-provided cloud
providers.
Figure 11-86: Volume Cloud I/O page.

The following information appears for each volume in the list:
• Name: The name of the volume.
• Filer: The name of the Nasuni Edge Appliance where this volume is located.
• Deduplication: The status for deduplication: Enabled or Disabled.
• Compression: The status for compression: Enabled or Disabled.
• Chunk Size: The size of the chunks.
• Actions: Actions available for each volume.

Volumes Page Cloud I/O
2. To enable or disable deduplication, enable or disable compression, or change the chunk size,
click Edit . The Change Volume Cloud I/O dialog box appears.
Figure 11-87: Change Volume Cloud I/O dialog box.

3. Select or deselect deduplication and compression.
4. Enter the chunk size, and select the units from the drop-down menu. To use the default chunk
size, leave the text box blank.
Warning: Contact Nasuni Support before changing the chunk size.
5. Click Save to save your settings.

Volumes Page Encryption Keys
Encryption Keys
Note: For details of encryption key management, see Encryption Key Best Practices.
You can view, add, enable, and disable volume encryption keys on the Volume Encryption Keys page.
You can view, upload, send, escrow, and delete encryption keys on the Filer Encryption Keys page.
You can view, upload, escrow, and delete encryption keys on the Console Settings Encryption Keys
page.
Note: You can upload OpenPGP-compatible encryption keys to the Nasuni Management
Console. (For security reasons, encryption keys that you upload cannot be downloaded
from the system.) See “Uploading (importing or adding) encryption keys to the NMC” on
page 449.
Note: If an uploaded encryption key has an associated passphrase, that passphrase is removed
from the encryption key when it is uploaded. The Edge Appliance does not need the
passphrase in order to use the encryption key. However, if you do not escrow this
encryption key, if you ever perform a recovery procedure on the Edge Appliance, you must
provide that passphrase when you upload that encryption key during the recovery
procedure.
Note: You can send encryption keys from the Nasuni Management Console to Nasuni Edge
Appliances. See “Sending encryption keys to Nasuni Edge Appliances” on page 307.
Warning: Do NOT save encryption key files to a volume on a Nasuni Edge Appliance. You
will NOT be able to use these to recover data. This is NOT how to upload
encryption keys to a Nasuni Edge Appliance.
All data on a volume is encrypted using one or more OpenPGP-compatible encryption keys before
being sent to cloud storage. Volumes may be encrypted with one or more encryption keys, and
encryption keys may be used for any number of volumes.
There are several actions you can perform on encryption keys, including adding new encryption keys,
enabling or disabling encryption keys, escrowing encryption keys with Nasuni, and, under certain
circumstances, deleting encryption keys.
All uploaded encryption keys should be at least 2048 bits long.
You will NOT be able to use these to recover data. This is NOT how to upload
encryption keys to a Nasuni Edge Appliance. To upload encryption keys to a
Nasuni Edge Appliance, use the Encryption Keys page.
At least one encryption key must be enabled for a volume, but several encryption keys can be enabled
at the same time. When multiple encryption keys are enabled, all of the encryption keys enabled at the
time are used to encrypt the data. Any of the encryption keys enabled at the time a piece of data is
encrypted can be used to later decrypt the data. Only the encryption keys enabled when the data was
written can decrypt that data. An encryption key that was enabled after the data was written cannot
decrypt any data that was written before that key was enabled.
There are several reasons you might want to disable an encryption key, such as, when someone with
access to the encryption key leaves the company, or if your enterprise has a policy of rotating
encryption keys periodically. When you disable an encryption key, no future data is encrypted with that
encryption key. However, all data previously encrypted by that disabled encryption key remains

encrypted by that disabled encryption key. For this reason, before you disable an encryption key, you
should consider establishing a snapshot retention policy that removes the data that was encrypted with
the disabled encryption key. Because volumes must have at least one encryption key associated with
them, in practice you add a new encryption key to a volume first, and then disable the existing
encryption key.
You can delete encryption keys, but only in the case where they are not being used by any volumes.
You cannot modify encryption keys stored on the system. For security reasons, encryption keys that
you upload cannot be downloaded from the system. You can only download encryption keys that the
Nasuni Edge Appliance has generated internally.
You can escrow your encryption keys with Nasuni (or a trusted third party), or store your own
encryption keys. Before you can escrow your encryption keys with Nasuni, you must create an escrow
passphrase, in case you need these escrowed encryption keys when you perform a recovery
procedure.
You can specify that you do not want Nasuni to generate any of your encryption keys. This ensures that
your data is encrypted only with encryption keys that you upload. If you specify this, you must upload
all the encryption keys used. Specifically, when creating a volume, you cannot select Create New Key
as the source of the volume encryption key. For security reasons, encryption keys that you upload
cannot be downloaded from the system. If you want to specify that Nasuni not generate encryption
keys, request Nasuni Support to disable key generation in your license.
Similarly, you can specify that you do not want Nasuni to escrow encryption keys. If you specify this,
you must manage your own encryption keys, because Nasuni does not manage them. If you specify
this, you can still have Nasuni generate encryption keys, and those generated encryption keys are still
automatically escrowed, because all generated encryption keys are automatically escrowed. If you
want to specify that Nasuni not escrow encryption keys, request Nasuni Support to disable key escrow
in your license.
To ensure that none of your encrypted keys is escrowed with Nasuni, you must specify both that
Nasuni not generate encryption keys and that Nasuni not escrow encryption keys.
Viewing encryption keys

Note: The list of encryption keys on the Volumes page only shows encryption keys that are in use
by a volume. If you upload encryption keys to a Nasuni Edge Appliance, but do not use the
encryption keys on a volume, the encryption keys do not appear on this page. However,
such encryption keys do appear on the list of encryption keys on the Filers page. See
“Viewing encryption keys on Nasuni Edge Appliances” on page 304.

To view encryption keys, follow these steps:

1. Click Volumes, then click Encryption Keys in the left-hand column. The Volume Encryption
Keys page displays a list of volume encryption keys on managed Nasuni Edge Appliances.
Figure 11-88: Volume Encryption Keys page.

The following information appears for each encryption key in the list:
• Name: The name of the volume with the encryption key.
• Encryption Keys: The names of the encryption keys for this volume.
• Fingerprint: The fingerprint is a cryptographic hash of the encryption key.
• State: The state of this encryption key: Enabled or Disabled.
Adding encryption keys to a volume

To add encryption keys to a volume, follow these steps:
1. On the Volume Encryption Keys page, for the selected volume, click Edit . The Edit
Encryption Keys dialog box appears.
Figure 11-89: Edit Encryption Keys dialog box.

2. To add an existing encryption key to this volume, click Add Keys. The Add Encryption Keys
dialog box appears
Figure 11-90: Add Encryption Keys dialog box.

In this dialog box, you can view information about each of the encryption keys currently
available to use, including the encryption key Name, Fingerprint, and Key ID. The fingerprint is
a cryptographic hash of the encryption key. The key ID is a shorter version of the fingerprint of
the encryption key, generally including just the last 8 digits.
3. Select the encryption keys to add to this volume.
4. Click Add Encryption Keys. The selected encryption keys are added to this volume. The
encryption keys appear in the list of encryption keys on the Volume Encryption Keys page.
Enabling encryption keys for a volume

To enable encryption keys for a volume, follow these steps:

2. To enable an encryption key for this volume, click Enable.

3. Click Save Encryption Keys. The selected encryption key is enabled for this volume. The
encryption key appears in the list of encryption keys on the Volume Encryption Keys page with
the state Enabled.
Alternatively, to exit the dialog box without enabling the selected encryption key, click Close.
Disabling encryption keys for a volume

To disable encryption keys for a volume, follow these steps:

2. To disable an encryption key for this volume, click Disable.
3. Click Save Encryption Keys. The selected encryption key is disabled for this volume. The
encryption key appears in the list of encryption keys on the Volume Encryption Keys page with
the state Disabled.
Alternatively, to exit the dialog box without disabling the selected encryption key, click Close.

Volumes Page Name of volume
Name of volume
You can view or change the name of a volume.
Note: If a snapshot is in progress when you attempt to rename a volume, you receive a message
to retry after the snapshot is complete.
Viewing volume names

To view volume names, follow these steps:
1. Click Name. The Volume Name page displays a list of volume names.
Figure 11-93: Volume Name page.

The following information appears for each volume name in the list:
Changing volume name

To rename a volume, follow these steps:
1. On the Volume Name page, select a volume, then click Edit . The Volume Name Settings
dialog box appears.
Figure 11-94: Volume Name Settings dialog box.

2. Enter the new name for the volume in the Volume Name text box.
3. Click Save Name. The volume name is changed. The volume appears in the list on the Volume
Name page.

Volumes Page Name of volume
Alternatively, to exit the dialog box without changing the volume name, click Close.

Volumes Page Pinned Folders
Pinned Folders
You can view pinned folders.
Pinning a folder ensures that a folder's contents must remain in the local cache at all times. This can
improve performance and reduce the time necessary to return accessed data to clients.
Note: Enabling this feature means that the entire folder remains resident in the cache at all times.
This reduces the available cache by the size of the folder. If too much cache space is taken
up by pinned folders, an Alert notification is given.
Note: Pinning a folder does not bring the folder’s data into the cache. If the folder’s data is not
already present in the cache, you must specifically bring that data to the cache. You can
use the File Browser to bring data to the cache. See “Bringing Data into Cache of the
Nasuni Edge Appliance” on page 123.
Note: To enable or disabling pinning for a folder, see “Pinning Folders in the Cache” on
page 124.
metadata.
a directory.
Viewing and disabling pinned folders


Volumes Page Pinned Folders
To view or disable pinned folders, follow these steps:

1. Click Pinned Folders. The Pinned Folders page displays a list of pinned folders on managed
Nasuni Edge Appliances.
Figure 11-95: Pinned Folders page.

2. Click the right-facing arrow beside each folder to reveal the pinned folders for each Nasuni Edge
Appliance for that folder. To reveal the pinned folders of all Nasuni Edge Appliances, click
Expand All. To collapse the display of the pinned folders of all Nasuni Edge Appliances, click
Collapse All.
The following information appears for each pinned folder in the list:
• Name: The name of the pinned folder.
• Filer: The names or number of Nasuni Edge Appliances that access the pinned folder.
• Path: The path to the pinned folder, or “Entire Volume” if the entire volume is pinned.
3. To disable pinning for a folder, click Disable for that folder. The folder is no longer pinned.

Volumes Page Protocols
Protocols
You can assign CIFS, NFS, and FTP/SFTP protocols to existing CIFS and NFS volumes. This enables
you to allow access to data using multiple protocols. This might be helpful for simplifying access by
users or applications.
page 534.
Tip: If you plan to enable both CIFS and NFS protocols for this volume, enable the NFS protocol
first, then add the CIFS protocol. Then select POSIX Mixed Mode as the permissions policy.
Note: Multiprotocol (CIFS and NFS) volumes only support the Optimized mode of Global File
Lock.
Note: If a volume has Remote Access enabled and other volumes connect to this volume, the
connected volumes inherit the same protocols as this volume. If these protocols change,
the connected volumes inherit the changed protocols. This can take some time. You can
refresh the volume connections in order to inherit the changed protocols immediately.
page 201.
Viewing volume protocols

To view the protocols that are enabled for volumes, follow these steps:
1. Click Protocols. The Volume Protocols page displays a list of volume names.
Figure 11-96: Volume Protocols page.

The following information appears for each volume name in the list:
• Protocols: The protocols enabled for the volume.
• Permissions Policy: The permissions policy for the selected protocols, out of the following:
Directory.
Compatible Mode.
Mode.
Directory.

POSIX Mixed Mode.
Enabling multiple volume protocols

page 534.
Tip: CIFS volumes that have the Advanced mode of Global File Lock enabled cannot enable the
NFS protocol.
To enable CIFS, NFS, or FTP/SFTP protocols for a CIFS or NFS volume, follow these steps:

2. For the selected volume, click Edit . The Volume Protocol Settings dialog box appears.
Figure 11-98: Volume Protocol Settings dialog box.

The currently enabled protocols for the volume are selected.
3. To enable another protocol, select that protocol also.
Tip: CIFS volumes that have the Advanced mode of Global File Lock enabled cannot enable
the NFS protocol.
permissions policy.
Warning: After enabling a protocol, you cannot disable that protocol.
4. From the Volume Permissions Policy drop-down list, select one of the following:
Directory.
Compatible Mode.
Mode.


Directory.
POSIX Mixed Mode.

5. Click Save Protocol Settings. The Confirm Volume Protocols Update dialog box appears.
Figure 11-99: Confirm Volume Protocols Update dialog box.

6. Type Enable Protocol in the Confirmation Phrase text field.
7. Click Confirm.
The selected protocol is enabled, and the selected volume permissions policy is enabled.
Alternatively, to exit the dialog box without changing the volume protocol settings, click Close.
Tip: To add a CIFS share to a volume, see “Creating shares” on page 166. To add an NFS export
to a volume, see “Creating exports” on page 142. To add an FTP/SFTP directory to a
volume, see “Creating FTP directories” on page 154.
Changing Permissions Policy from NTFS Compatible to NTFS Exclusive

Note: You cannot convert multiple-protocol volumes from NTFS Compatible mode to NTFS
Exclusive mode. For example, if NFS protocol or FTP/SFTP protocol is enabled for a
volume, converting the volume from NTFS Compatible mode to NTFS Exclusive mode is
not possible.
Note: Converting a volume from NTFS Compatible mode to NTFS Exclusive mode is only
possible on Edge Appliances running version 8.5 or higher.
Tip: When converting a volume from NTFS Compatible mode to NTFS Exclusive mode, SMB
(CIFS) connections are interrupted and must be reconnected.
To change Permissions Policy from NTFS Compatible to NTFS Exclusive, follow these steps:

2. For the selected volume with NTFS Compatible Mode for its Permissions Policy, click Edit .
The Volume Protocol Settings dialog box appears.
Figure 11-101: Volume Protocol Settings dialog box.

The currently enabled protocols for the volume are selected.
3. From the Volume Permissions Policy drop-down list, select NTFS Exclusive Mode.
4. Click Save Protocol Settings. The Confirm Volume Protocols Update dialog box appears.
Figure 11-102: Confirm Volume Protocols Update dialog box.

5. Enter the Username and Password for a user who has the credentials for this operation.
6. Click Confirm.
The selected volume permissions policy is enabled.
Alternatively, to exit the dialog box without changing the volume protocol settings, click Close.

Volumes Page Quota
Quota
You can view or change the quota (maximum capacity) of volumes. You can also view or change quota
rules and quotas for folders.
For CIFS and NFS volumes and FTP/SFTP directories, the volume quota (maximum capacity) enables
you to limit the amount of storage space for a volume, including snapshots, which helps you to control
your storage costs. Unlimited storage space is available. However, the volume is limited to your
licensed capacity. Nasuni recommends that you only increase volume quotas rather than decrease
them.
Note: A notification occurs when the volume reaches 90 percent of the volume quota. Another
notification occurs when the volume reaches the volume quota. If the volume is shared,
then the volume quota is compared to the sum of all Nasuni Edge Appliances connected
to the volume.
Note: You can also set Directory Quotas on folders. See “Setting Quota or Rule” on page 133.
You can schedule the resulting quota reports here: “Quota Reports” on page 324.
Viewing volume quota setting

To view the volume quota settings, follow these steps:
1. Click Quota. The Volume Quota page displays a list of volumes on managed Nasuni Edge
Appliances.
Figure 11-103: Volume Quota page.

• Filer: The Nasuni Edge Appliance that owns the volume.
• Quota: The volume quota setting in GB, or “Unlimited” to the limit of licensed capacity.

Volumes Page Quota
Editing volume quota

To edit volume quota, follow these steps:
1. On the Volume Quota page, select the volumes in the list whose volume quota setting you want
to edit.
2. Click Edit Volumes. The Volume Quota Settings dialog box appears.
Figure 11-104: Volume Quota Settings dialog box.

3. To copy settings from another volume, select the volume from the Copy Settings drop-down
list. The settings from that volume appear in the dialog box.
4. In the Volume Quota text box, enter the volume quota for the selected volumes (in gigabytes).
“0 GB” means unlimited, to the limit of licensed capacity.
5. Click Save Quota. The volume quota settings are changed. The volume appears in the list on
the Volume Quota page.
Alternatively, to exit the dialog box without changing the volume quota settings, click Close.
Viewing and editing folder quotas

A folder quota applies the specified limit only to the selected folder.
To view the folder quota rules, follow these steps:
1. Click Quota Folders. The Volume Quota Folders page displays a list of volumes on managed
Figure 11-105: Volume Quota Folders page.

• Volume: The name of the volume.

Volumes Page Quota

• Path: The full path to the folder with the quota.
• Email: The email address to use for alerts for this quota.
• Limit: The limit for the quota.
• Usage: The current storage usage for the folder, and the percentage of the quota.
2. To edit a folder quota, click Edit. The Edit Quota Settings dialog box appears.
Figure 11-106: Edit Quota Settings dialog box.

Tip: To change the quota type, you must first delete the existing quota.
below.
already.

Volumes Page Quota
6. For the Rule quota type, to apply the same Limit to the data in any existing sub-directories of
the selected directory, select the Apply to existing sub-directories check box.
7. Click Save Quota. The volume quota settings are changed. The volume appears in the list on
Deleting folder quotas

To delete a folder quota, follow these steps:
1. Click Quota Folders. The Volume Quota Folders page displays a list of volumes on managed
Figure 11-107: Volume Quota Folders page.

• Path: The full path to the folder with the quota.
• Email: The email address to use for alerts for this quota.
• Limit: The limit for the quota.
• Usage: The current storage usage for the folder, and the percentage of the quota.
2. For the folder quota that you want to delete, click Delete . The Delete Quota Settings
dialog box appears. Click Delete Quota. The quota is deleted.

Volumes Page Quota
Viewing folder quota rules

A folder quota rule applies the specified limit to any newly created subdirectories of the selected
volume or folder.
To view the folder quota rules, follow these steps:
1. Click Quota Rules. The Volume Quota Rules page displays a list of volumes on managed
Figure 11-108: Volume Quota Rules page.

• Path: The full path to the folder with the quota rule.
• Email: The email address to use for alerts for this quota rule.
• Limit: The limit for the quota rule.

Editing folder quota rules

To edit a folder quota rule, follow these steps:
1. Click Quota Rules. The Volume Quota Rules page displays a list of volumes on managed Nasuni
Edge Appliances.


Volumes Page Quota

2. For the rule to edit, click Edit. The Edit Quota Settings dialog box appears.
Figure 11-110: Edit Quota Settings dialog box.

Tip: To change the quota type, you must first delete the existing quota.
below.
already.

Volumes Page Quota
6. Click Save Rule. The volume quota rule settings are changed. The volume appears in the list on
Alternatively, to exit the dialog box without changing the settings, click Close.
Deleting folder quota rules

To delete a folder quota rule, follow these steps:
1. Click Quota Rules. The Volume Quota Rules page displays a list of volumes on managed Nasuni
Edge Appliances.

2. For the quota rule that you want to delete, click Delete . The Delete Quota Rule dialog box
appears. Click Delete Rule. The quota rule is deleted.

Volumes Page Remote Access
Remote Access
and remote volumes that belong to other Nasuni Edge Appliances. Remote access allows one or more
Nasuni Edge Appliances to connect, using Nasuni, to a volume associated with another Nasuni Edge
Appliance. You can view or change the remote access setting of volumes.
You can enable or disable access to a CIFS or NFS volume or FTP/SFTP directory by your remote
offices attached to your Nasuni.com account. If remote access to a volume or FTP/SFTP directory is
enabled, you can select permissions for remote access to this volume.
Tip: Perform any necessary data ingestions to the volume before enabling Remote Access.
Otherwise, data ingestion processing can impact the synchronization of remote volumes.
Tip: When you create a volume on an Edge Appliance, it is a best practice to create and
configure as many shares as possible before connecting other Edge Appliances to that
volume.
Then, when other Edge Appliances connect to that volume, they automatically inherit all of
the share definitions that were specified on the original volume. This only happens the first
time that remote Edge Appliances connect to the volume, so it is important to perform as
much share creation and configuration as possible before connecting to the volume.
Tip: For an Edge Appliance with new or changed volume configurations for remote volumes with
Read/Write permissions, it can initially take up to 20 minutes before these remote volumes
appear in the list of volumes. It takes time to fetch the necessary information for the remote
volumes.

Viewing remote access setting

To view the remote access settings, follow these steps:
1. Click Remote Access. The Volume Remote Access Setting page displays a list of CIFS and NFS
volumes on managed Nasuni Edge Appliances.
Figure 11-112: Volume Remote Access Setting page.

• Permissions (if currently remotely accessible): The current permissions for the remotely
accessible volume: Read-Only, Read/Write, or Custom.
• Enabled: The remote access setting of the volume: Enabled (remotely accessible) or
Disabled (not remotely accessible).

Setting or editing remote access settings

To set or edit remote access settings, follow these steps:
1. On the Volume Remote Access Setting page, select the volumes in the list whose remote
access settings you want to edit.
2. Click Edit Volumes. The Edit Volume Remote Access Settings dialog box appears.
Figure 11-113: Edit Volume Remote Access Settings dialog box.

4. Click Enabled to set On (volume is remotely accessible) or Off (volume is not remotely
accessible).
5. If access to this volume is enabled, from the Remote Access Permissions drop-down list, select
either Read Only, Read/Write, or Custom.
• Read Only: All other Nasuni Edge Appliances on this account can view the data on the
selected volume, but cannot change that data.
• Read/Write: All other Nasuni Edge Appliances on this account can view the data on the
selected volume, and can also change that data.
• Custom: You specify the access for each other Nasuni Edge Appliance on this account
separately.
Note: If you choose Custom, new Nasuni Edge Appliances on this account cannot
access the volume until you explicitly provide the type of access.
If you select Custom remote access permissions, then you use the Custom Remote
Access Permissions list of other Nasuni Edge Appliances on your account.

For each other Nasuni Edge Appliance on this account, select the drop-down list beside the
name of the Nasuni Edge Appliance and select either Read/Write, Read Only, or Disabled.
• Read/Write: This Nasuni Edge Appliance can view the data on the selected volume, and
can also change that data.
• Read Only: This Nasuni Edge Appliance can view the data on the selected volume, but
cannot change that data.
• Disabled: The specified Edge Appliance (“Filer”) is not allowed to make new
connections to the volume. The Disabled setting does not disconnect the selected
volume from any Edge Appliance that has already been connected.
Note: If the Permission is Disabled, the remote volume might not display the correct
Security for that volume.
If the Edge Appliance had been connected to the volume before the permission was set
to Disabled, users are still able to read from the volume and write to the volume.
However, unprotected data of an Edge Appliance with remote access permission of
Disabled is never included in snapshots to the volume.
Important: Do not change the Disabled remote access permission for an Edge
Appliance that is currently connected. Disconnect the Edge Appliance
before setting the remote access permission to Disabled.
6. Click Save Remote Access Settings. The volume remote access settings are changed. The
volume appears in the list on the Volume Remote Access Setting page.
Alternatively, to exit the dialog box without changing the volume remote access settings, click
Close.

Volumes Page Snapshot Directory Access
Snapshot Directory Access

You can enable access to the snapshot directory to permit browsing the snapshot history and viewing
the files and directories for NFS exports, CIFS shares, and FTP/SFTP directories.
Note: Snapshot directory access can add a significant load to the Nasuni Edge Appliance.
Note: To monitor snapshots, see “Monitoring snapshot processing” on page 99.
Note: With volumes on which the CIFS protocol has been enabled, for snapshot directory
access to operate, snapshot directory access must also be enabled for the CIFS share. For
details, see step 17 on page 174.
Tip: If "Snapshot Directory Access" is enabled on a volume and “Enable Snapshot Directories” is
enabled on a CIFS share of that volume, then directories in that CIFS share on that volume
cannot be deleted.
Viewing snapshot directory access settings

To view the snapshot directory access settings, follow these steps:
1. Click Snapshot Access. The Volume Snapshot Directory Access page displays a list of volumes
on managed Nasuni Edge Appliances.
Figure 11-114: Volume Snapshot Directory Access page.

2. Click the right-facing arrow beside each volume to reveal the snapshot directory access setting
for each Nasuni Edge Appliance for that volume. To reveal the settings for all volumes of all
Nasuni Edge Appliances, click Expand All. To collapse the display of the settings for all
volumes of all Nasuni Edge Appliances, click Collapse All.
• Snapshot Directory Access: The snapshot directory access setting: Enabled or Disabled.

Editing snapshot directory access settings

To enable access to the snapshot directory for a volume, follow these steps:
1. On the Volume Snapshot Directory Access page, select the volumes in the list whose snapshot
directory access settings you want to edit.
2. Click Edit Volumes. The Edit Snapshot Directory Access dialog box appears.
Figure 11-115: Edit Snapshot Directory Access dialog box.

4. To enable access to the snapshot directory, set Enable Snapshot Directory Access to On.
5. Click Save. The snapshot directory access settings are changed. The volume appears in the list
on the Volume Snapshot Directory Access page.
Alternatively, to exit the dialog box without changing the snapshot directory access settings,
click Close.
Snapshots within .snapshot directories

The previous versions that are available for Windows Previous Versions depend on the snapshots
within the .snapshot directories.
By default, the snapshots available include the following 35 snapshots, if they exist:
• The 4 most recent snapshots, 15 minutes apart.
• The 10 most recent hourly snapshots, by hour.
• The 7 most recent daily snapshots, by day.
• The 4 most recent weekly snapshots, by week.
• The 10 most recent monthly snapshots, by month.
Alternatively, the snapshots available can include the following 45 snapshots, if they exist:
• The most recent 10 snapshots.
• The most recent 12 hourly snapshots, by hour.
• The most recent 7 daily snapshots, by day.
• The most recent 4 weekly snapshots, by week.

• The most recent 12 monthly snapshots, by month.

To use this alternative arrangement of snapshots, request Nasuni Support to configure the sampling
policy feature.

Volumes Page Snapshot retention
Snapshot retention
You can view or change the snapshot retention setting of volumes.
A snapshot is a complete picture of the files and folders in your file system at a specific point in time.
Using snapshots, the Nasuni Edge Appliance can identify new or changed data. Snapshots offer data
protection by enabling you to recover a file deleted in error or to restore an entire file system. After a
snapshot has been taken and is sent to cloud storage, it is not possible to modify that snapshot.
By default, all snapshots are retained. However, for compliance purposes or your own best practices,
you can specify to delete older snapshots from cloud storage.
Caution: For security purposes, when a snapshot is removed, it is permanently deleted from
cloud storage and cannot be recovered.
You can specify to delete older snapshots from cloud storage, based on a configured policy for a
specific "owned" local volume. Snapshot retention policies are configured on the volume level.
Snapshot retention policies also work on shared volumes.
Tip: Snapshot Retention can remove previous snapshots only if snapshots are currently
occurring regularly.
Important: As long as a file is included in any snapshot within your snapshot retention policy,
that file is not removed. However, if you delete a file, and none of the retained
snapshots includes that file, the file is removed.
Tip: Changes to the Snapshot Retention setting go into effect when the next snapshot occurs. It
is normal to temporarily see more snapshots than the Snapshot Retention setting would
suggest.
Tip: Set a snapshot retention policy for any volumes used for backup.
Important: For the purposes of time-based snapshot retention:
• One year is defined as 31,556,926 seconds.
• One month is defined as 2,629,743 seconds.
• One day is defined as 86,400 seconds.
Changing Snapshot Retention time interval

If you are retaining snapshots for a given time, you can change the time interval that you are retaining
the snapshots for.
Changing from longer interval to shorter interval
When changing from a longer retention time interval (such as 1 year) to a shorter retention time interval
(such as 1 month), snapshots that are between 1 month and 1 year become eligible for removal after 1
month.
Changing from shorter interval to longer interval
Similarly, when changing from a shorter retention time interval (such as 1 month) to a longer retention
time interval (such as 1 year), snapshots that are between 1 month and 1 year become eligible for
removal after 1 year.

Restoring data protected by snapshot retention

Two types of data restore are possible: a “slow” data restore and a “fast” data restore. The differences
between the two types of restore include the following:
• Fast restore: A fast restore only needs to restore the metadata at the top level of the directory
structure. Any required data or metadata is brought into the cache only when actually accessed.
A fast restore can be extremely fast (a matter of minutes) for multiple TBs of data.
An Edge Appliance can generally perform a fast restore unless, for safety reasons, it must
perform a slow restore (see below).
For data safety reasons, a few features prevent performing a fast restore:
• Global File Lock: If Global File Lock is enabled on the data set being restored, the system
must perform a slow restore on the data protected by Global File Lock. You can disable
Global File Lock in order to perform a fast restore. For details, see “Global File Lock” on
page 127.
• Snapshot Retention: If Snapshot Retention is enabled, and versions are marked as time
boundaries, a fast restore cannot happen across these time boundaries, so that older
directories and files might require slow restore. You can disable Snapshot Retention in order
to perform a fast restore. For details, see “Editing snapshot directory access settings” on
page 218.
• Slow restore: If a fast restore is not possible, you can perform a slow restore. A slow restore
must download from cloud storage the full metadata and data for the version that you are
restoring. This can take a significant amount of time (possibly days or weeks) in order to restore
larger data sets. For this reason, if you need larger restores, try to do everything possible in
order to perform a fast restore.
If you intend to perform a slow restore, it is not necessary to disable Global File Lock or
Snapshot Retention.

Viewing snapshot retention settings

To view the snapshot retention settings, follow these steps:
1. Click Snapshot Retention. The Volume Snapshot Retention page displays a list of volumes
on managed Nasuni Edge Appliances.
Figure 11-116: Volume Snapshot Retention page.

• Retention: The snapshot retention setting, such as the following:
• All Snapshots: Retains all snapshots indefinitely.
• [a set number of] snapshots: A specific number of snapshots to retain.
• Snapshots within [a given time]: The number of Years, Months, or Days for which you
want to retain snapshots.
Setting or editing snapshot retention settings

Tip: Snapshot retention can remove previous snapshots only if snapshots are currently occurring
regularly.
To set or edit snapshot retention settings, follow these steps:
1. On the Volume Snapshot Retention page, select the volumes in the list whose snapshot
retention settings you want to edit.
2. Click Edit Volumes. The Snapshot Retention dialog box appears.
Figure 11-117: Snapshot Retention dialog box.

4. From the Retain drop-down list, select a retention policy option:
• All Snapshots: (This is the default setting.) Retains all snapshots indefinitely. If you require
deleting older snapshots for compliance or other reasons, do not select this option.
• Set Number of Snapshots: (This option is not available if the selected volume has Remote
Access enabled.) Enter the Number of the most recent snapshots to retain, from 1 to 1
billion (1,000,000,000).
For example, if you choose to keep 100 snapshots, then the 100 most recent snapshots are
retained, and the rest are deleted automatically.
Figure 11-118: Snapshot Retention by number.

Warning: You cannot select “a set number of snapshots” if the volume has Remote
Access enabled.
• Snapshots Within a Range: Enter the number of Years, Months, and Days for which you
want to retain snapshots.
For example, if you choose to keep two months’ worth of snapshots, then snapshots that
were taken before then are deleted automatically.
Figure 11-119: Snapshot Retention by time.

Important: For the purposes of time-based snapshot retention:
• One year is defined as 31,556,926 seconds.
• One month is defined as 2,629,743 seconds.
• One day is defined as 86,400 seconds.
5. Click Save Retention. The snapshot retention settings are changed. The volume appears in the
list on the Volume Snapshot Retention page.
Alternatively, to exit the dialog box without changing the settings, click Close.

Volumes Page Snapshot schedule
Snapshot schedule
You can view or change the snapshot schedule of volumes.
Using snapshots, the Nasuni Edge Appliance can identify new or changed data. Snapshots offer data
Note: Because multiple Edge Appliances can share multiple volumes, snapshot handling
simplifies processing in these ways:
• On a given Edge Appliance, only one volume can perform a snapshot at a time.
• A volume that is shared on multiple Edge Appliances can only perform phase 2
(metadata) of a snapshot on one of the Edge Appliances at a time.
encrypted.
Tip: If you receive a message of the type “Unable to inherit all folder settings on
volume: settings could not be applied during the mount operation.”,
verify your folder settings to determine if they should be recreated, updated, or deleted.
With snapshots, you can find, view, and restore past versions of your files quickly. You can restore a
single file, a directory, or an entire volume.
The Nasuni Edge Appliance captures complete snapshots of files at regular intervals and stores all
snapshots in cloud storage to protect your files. You can select which days of the week on which to
perform snapshots. You can also select at what time of day to start and stop creating snapshots. You
can also set the frequency for creating snapshots. If the volume does not have Remote Access
enabled, your choices are 1, 2, 4, 8, 12, or 24 hours between snapshots. If the volume does have
Remote Access enabled, your choices are 1, 5, 10, 15, 25, or 30 minutes, or 1, 2, 4, 8, 12, or 24 hours
between snapshots. For example, you can configure snapshots to not occur during the day and only
push new and changed data at night when network usage is low.
Warning: Frequent snapshots increase the system load significantly.
Tip: On volumes with Global File Lock enabled, we recommend increasing the snapshot
frequency and the synchronization frequency of the volume.
If the normal snapshot and synchronization frequency of the volume are decreased, new
files take longer to propagate, because new files depend on snapshot and synchronization
to propagate.
See “Quality of Service (Bandwidth) Settings” on page 317 to configure outbound bandwidth limits.


Nasuni Global File Acceleration (GFA) can automatically accelerate file synchronization, helping
customers to improve file sharing collaboration and optimize workforce productivity. You can configure
Global File Acceleration with the NMC. See “Global File Acceleration” on page 228.
Viewing snapshot schedules

To view the snapshot schedules, follow these steps:
1. Click Snapshot Schedule. The Volume Snapshot Schedule page displays a list of volumes on
Figure 11-120: Volume Snapshot Schedule page.

2. Click the right-facing arrow beside each volume to reveal the snapshot schedule setting for
each Nasuni Edge Appliance for that volume. To reveal the settings for all volumes of all Nasuni
Edge Appliances, click Expand All. To collapse the display of the settings for all volumes of all
Nasuni Edge Appliances, click Collapse All.
• Filer: The names or number of Nasuni Edge Appliances that access the volume.
• Schedule: If snapshots are enabled, the days of the week on which snapshots are
scheduled. Otherwise, “Disabled”.
• Time: If snapshots are enabled, the time during which snapshots are scheduled.
Otherwise, blank.
• Frequency: If snapshots are enabled, the frequency of performing snapshots during the
scheduled time. Otherwise, “--”.

If a volume has Global File Acceleration set as Active, and not as Observation, the
Frequency for the volume displays “GFA Active”. See “Global File Acceleration” on
page 228.
Figure 11-121: Schedule for volume managed by Global File Acceleration.
Editing snapshot schedules

Tip: You can edit the snapshot schedules of volumes that have Global File Acceleration set as
Active. If the Edge Appliance cannot communicate with the GFA Cloud Service, the Edge
Appliance falls back to the original time-based snapshot/sync schedule. Fallback uses the
specified days and hours. The frequency becomes once per hour. See “Global File
Acceleration” on page 228.
To edit snapshot schedules, follow these steps:
1. On the Volume Snapshot Schedule page, select the volume and Nasuni Edge Appliance
combinations in the list whose snapshot schedules you want to edit.
2. Click Edit Volumes. If Global File Acceleration is not Active, the Snapshot Schedule dialog
box appears.
Figure 11-122: Snapshot Schedule dialog box.

If Global File Acceleration is Active, the Global File Acceleration Enablement Window dialog
box appears.
Figure 11-123: Global File Acceleration Enablement Window dialog box.

4. To select or deselect all days for snapshots to occur, click Select/Deselect All.
5. Select the days for snapshots to occur (for example, Sunday, Wednesday, and Saturday).
6. To specify snapshots 24 hours a day, select the All Day check box.
7. If you do not select All Day, select the time to start initiating snapshots from the Start drop-
down list.
8. If you do not select All Day, select the time to stop initiating snapshots from the Stop drop-
down list. The Stop time indicates the time after which snapshots are no longer scheduled, not
the time at which all snapshots stop running. If a snapshot is already running when the Stop
time is reached, the snapshot continues. Also, if there are any snapshots in the queue behind
the currently running snapshot, those snapshots also run.
9. If Global File Acceleration is Active, then Global File Acceleration manages the frequency of
snapshots.
If Global File Acceleration is not Active, select the frequency for snapshots from the Frequency
drop-down list. If the volume does not have Remote Access enabled, your choices are 1, 2, 4, 8,
12, or 24 hours. If the volume does have Remote Access enabled, your choices are 1, 5, 10, 15,
25, or 30 minutes, or 1, 2, 4, 8, 12, or 24 hours.
Note: Volumes that do not have remote access enabled only have Frequency options of
hours, not minutes. For snapshots more frequent than 1 per hour, enable remote
access for the volume.
10. Click Save Schedule. The snapshot schedules are changed. The volume appears in the list on
the Volume Snapshot Schedule page.
Alternatively, to exit the dialog box without changing the snapshot schedules, click Close.

Global File Acceleration

Nasuni Global File Acceleration (GFA), a component of the Nasuni® cloud file storage platform,
accelerates file synchronization across cloud regions or on-premises locations, helping customers to
improve file sharing collaboration and optimize workforce productivity.
Global File Acceleration delivers more intelligent multi-site file synchronization that is based on real-
time user activity to prioritize when data gets propagated to Nasuni Edge Appliances at other sites, so
that users gain faster access to their shared data. This intelligence ensures that customers benefit from
consistent file synchronization speeds, even in large-scale, multi-site deployments. The GFA service is
available to Nasuni Premium edition customers.
For details, see Global File Acceleration.
You can configure Global File Acceleration for a volume using the NMC. The following considerations
are important:
 Global File Acceleration must be enabled in the customer license.
 Only NMC super-users (Manage all aspects of NMC) can configure Global File Acceleration.
 Customers can only configure volumes for Global File Acceleration if the volume’s owning
Edge Appliance is running version 9.5 or later. Also, any Edge Appliance accessing such
volumes must also be running version 9.5 or later.
 Global File Acceleration is only available for shared volumes (namely, volumes that have
remote access enabled).
 Only one volume can be configured for Global File Acceleration at a time. Enabling GFA on
volume B, while GFA is already active on volume A, disables GFA on volume A. Volume A then
reverts to using the configured snapshot schedule and sync schedule.
 You can edit the snapshot schedules of volumes that have Global File Acceleration set as
Active. If the Edge Appliance cannot communicate with the GFA Cloud Service, the Edge
Appliance falls back to the original time-based snapshot/sync schedule. Fallback uses the
specified days and hours. The frequency becomes once per hour.
Important: If a customer removes from NMC management an Edge Appliance that owns a
volume that Global File Acceleration (GFA) is active on, the following processing
occurs:
• The Global File Acceleration configuration for any volume owned by that Edge
Appliance is deleted from the NMC.
• When the Edge Appliances check in with the NMC, as they do on a periodic basis,
they sync to the NMC’s GFA configuration, of which there is now nothing (GFA
disabled) for that volume.
• The volume owned by that Edge Appliance reverts to the snapshot schedule and
sync schedule that have been set for that volume on all Edge Appliances.
• If the Edge Appliance that owns the volume is once again placed under the
management of the NMC, Global File Acceleration must be reconfigured for the
volume owned by that Edge Appliance.

To configure Global File Acceleration for a volume, follow these steps:

1. On the Volume Snapshot Schedule page, click Global File Acceleration. The GFA
Configurations dialog box appears.
Figure 11-124: GFA Configurations dialog box.

2. From the Volume drop-down list, select the volume to configure Global File Acceleration for.
Tip: Customers can only configure volumes for Global File Acceleration if the volume’s
owning Edge Appliance is running version 9.5 or later. Also, any Edge Appliance
accessing such volumes must also be running version 9.5 or later.
Global File Acceleration is only available for remotely shared volumes.
Only one volume can be configured for Global File Acceleration at a time.
3. Select the Mode from the following:
• Active: Activates Global File Acceleration for the selected volume. Global File Acceleration
manages the volumes snapshot schedule.
Tip: Only one volume can be configured for Global File Acceleration at a time.
• Observation: Enables Global File Acceleration in observation mode, but still uses the
selected volume’s snapshot schedule.
• Disabled: Disables Global File Acceleration for the selected volume.
4. From the Profile drop-down list, select the type of data propagation that you want to prioritize,
from the following choices:
• Protection Only: Assign all weight to write activity and no weight at all to reads.
• Favor Protection: Assign a positive weight to writes and a negative weight to reads.
• Equal Protection and Collaboration: Assign equal weight to writes and reads.
• Favor Collaboration: Assign a negative weight to writes and a positive weight to reads.
• Collaboration Only: Assign no weight to write activity and all weight to reads.
where:

• “Protection” refers to Write activity such as creating, writing, and deleting files and
directories.
• “Collaboration” refers to Write activity that has subsequent Read activity (reading files
and directories) on other appliances.
• A positive weight is a multiplier greater than 1.0.
• A negative weight is a multiplier lesser than 1.0. There is no weight or multiplier equal to
0.
5. To save this configuration, click Save Configuration.
The configuration is saved.
If a volume has been set as Active, Global File Acceleration begins managing the selected volume’s
snapshot schedule. Also, the Schedule for the volume displays “GFA Active”.

If a volume has been set as Observation, Global File Acceleration begins observation mode. Also,
the Schedule for the volume displays “GFA Observation”.
GFA Telemetry API

The GFA Telemetry API enables you to obtain metrics about GFA performance.
For more details of the GFA Telemetry API, see GFA Telemetry API.
The GFA Telemetry API returns four different types of metrics:
• Volume Information: GFA information about the volume, including the GFA mode (“active”,
“observation”, or “off”), the GFA scoring profile, and the time-to-protect value (in minutes).
Output to the client once every 15 minutes.
• Example:
{
"metric_type": "volume_info",
"mode": "Active",
"profile": "collaboration-moderate",
"time_to_protect": "33",
"timestamp": "2022-03-08T03:43:43Z",
"version": 1,
"volume_guid": "e1486b21-cdab-4136-aca6-31901cf594bd_3",

"volume_title": "Marketing-F1"
}
• Edge Appliance Information: GFA information about the Edge Appliance (aka “Filer”), including
the last time it checked into GFA, the last read and write events reported, and the oldest
unprotected data. Reported to the client every 15 minutes for each Edge Appliance for the
volume.
• Example:
{
"filer_guid": "0dd5244f-6a9e-4acb-a85d-9ed994baf5b0",
"filer_title": "cor-nasuni-005-DFS-W-IN",
"last_checkin": 2,
"metric_type": "filer_info",
"oldest_unprotected_data": 2083,
"timestamp": "2022-03-08T03:43:43Z",
"version": 1,
"volume_title": "Active"
}
• Propagation Information: Information about each GFA propagation value calculated for the
volume, including the type of propagation (“collab” or “protect”), the amount of time in seconds
the propagation took, and how much data was protected. Reported to the client with every
request, if there is new propagation data since the last request.
• Example:
{
"data_protected": 195,
"filer_guid": "8722ce0e-04f5-42b2-8c3f-f90b1381248a",
"filer_title": "cor-nasuni-028-DFS-SC-US",
"kind": "protect",
"metric_type": "propagation",
"prop_seconds": 516,
"timestamp": "2022-03-08T03:29:55Z",
"version": 1,
}

• Lock Information: Information about volume lock acquisitions and releases by an Edge
Appliance in the volume. Reported to the client with every request, if there are new lock events
since the last request.
• Example:
{
"filer_guid": "210be74a-1f29-486c-ae27-39baf114b9d1",
"filer_title": "cil-nasu-003",
"lock_phase": "P2",
"lock_state": "REJECTED",
"metric_type": "lock_event",
"timestamp": "2022-03-08T03:28:54Z",
"version": 1,
}
Not every metric type is returned with each request. Multiple metrics of the same type might be
returned from a single request. Likewise, the order of the metrics returned is not guaranteed; in
particular, there is no guarantee that they are ordered by time.

Volumes Page Sync Schedule
Sync Schedule
You can schedule when, and with what frequency, the selected volumes synchronize data (“syncs”)
from Nasuni, merging local data with any new or changed data from other Nasuni Edge Appliances
connected to the selected volumes. This helps to ensure that everyone in your organization is using the
most current data.
If you enable the “Auto Cache” option, data from other Nasuni Edge Appliances that are attached to the
selected volumes is brought into the local caches of the selected volumes immediately. Otherwise, data
from other Nasuni Edge Appliances that are attached to the selected volumes is brought into their local
caches when that data is accessed next.
Note: Because Auto Cache is not enabled by default, new data in the selected volumes comes
into their local caches only when requested. If you plan on enabling Auto Cache, ensure
that all of the following apply to your deployment:
• All the Nasuni Edge Appliances in your organization have caches large enough to
contain data from the other Nasuni Edge Appliances.
• All the data in the volume is relevant and appropriate for all other sites that access the
volume.
• Network access at each site is not adversely affected by automatically moving large
quantities of data.
Auto Cache should not be used during the initial transfer of data into a Nasuni Edge Appliance,
or during other large transfers of data.
You can select which days of the week on which to sync data. You can also select at what time of day
to start and stop syncing data. You can set the frequency for syncing data to be every 1, 5, 10, 25, or
30 minutes, or every 1, 2, 4, 8, 12, or 24 hours for each volume. For example, you can configure syncs
to not occur during the day and only sync data at night when network usage is low.
Warning: If you have directories with tens of thousands of files but few changes during each
snapshot, or large files that require multiple snapshots, frequent syncs can
increase the system load significantly.
Tip: If Global File Acceleration is Active for any volume, this message appears: Volume is under
Global File Acceleration control. Schedules are only used as a backup to the GFA service.
Tip: On volumes with Global File Lock enabled, we recommend increasing the snapshot
frequency and the synchronization frequency of the volume.
If the normal snapshot and synchronization frequency of the volume are decreased, new
files take longer to propagate, because new files depend on snapshot and synchronization
to propagate.
Tip: If you receive a message of the type “Unable to inherit all folder settings on
volume: settings could not be applied during the mount operation.”,
verify your folder settings to determine if they should be recreated, updated, or deleted.
See “Quality of Service (Bandwidth) Settings” on page 317 to configure outbound bandwidth limits.

Scheduling Syncs
To schedule syncs, follow these steps:
1. Click Volumes, then select Sync Schedule from the menu in the left column. The Volume Sync
Schedule page displays a list of volumes on managed Nasuni Edge Appliances.
Figure 11-126: Volume Sync Schedule page.

• Filer: The name or number of Nasuni Edge Appliances that contain the volume.
• Schedule: If syncs are enabled, the days and times that syncs are scheduled. If syncs are
disabled, the label Disabled.
If a volume has Global File Acceleration set as Active, and not as Observation, the
Schedule for the volume displays “GFA Active”. See “Global File Acceleration” on
page 228.

• Frequency: If syncs are enabled, the frequency of syncs appears. If syncs are disabled, the
symbol “--” appears.
• Auto Cache: Whether Auto Cache is allowed or disabled: Allowed or Disabled.
If Auto Cache is allowed, the Minimum File Size is displayed, if specified.
2. Select the volumes whose sync schedules you want to change.

3. Click Edit Volumes. The Sync Schedule dialog box appears.
Figure 11-128: Sync Schedule dialog box.

Tip: If Global File Acceleration is Active for the selected volume, this message appears:
Volume is under Global File Acceleration control. Schedules are only used as a backup
to the GFA service.
5. To select or deselect all days for syncs to occur, click Select/Deselect All.
6. Select the days for syncs to occur (for example, Sunday to Saturday).
7. To specify syncs all day, select the All Day check box.
Alternatively, select the time to start syncs from the Start drop-down list. Select the time to stop
syncs from the Stop drop-down list.
8. Select the frequency for syncs to occur from the Frequency drop-down list. Your choices are 1,
5, 10, 25, 30 minutes, or 1, 2, 4, 8, 12, or 24 hours.
9. To enable Auto Cache (automatically bringing data from other Nasuni Edge Appliances into the
local cache immediately), select the Auto Cache check box. Alternatively, to disable Auto
Cache, clear the Auto Cache check box.
Note: If Auto Cache is enabled and you disable Auto Cache, any process bringing data into
the cache continues until complete.

10. If Auto Cache is enabled, you can specify bringing only files greater than or equal to a specified
size into the cache automatically. Enter the minimum size (in whole numbers) in the Auto Cache
Minimum File Size text box, then select the correct units from the drop-down list.
11. Click Save Schedule. The sync schedule is changed for the selected volumes.
Alternatively, to exit the dialog box without changing the sync schedule settings, click Close.

Volumes Page Antivirus Protection
Antivirus Protection
You can view or change the Antivirus Protection setting of volumes.
Antivirus Protection provides protection against viruses and other malware by scanning every new or
modified file. The entire file is scanned, not just the changed part. Files are scanned when included in a
snapshot, but not during Global File Lock processing. If a scanned file is infected, the authorized
administrator has the option to ignore the infection. If a file has no antivirus violations, that file is
allowed to be part of a snapshot and to be protected in cloud storage. If a file does have an antivirus
violation, but the authorized administrator deliberately ignores the violation, that file is also allowed to
be part of a snapshot and to be protected in cloud storage. However, if a file does have an antivirus
violation, and the authorized administrator does not ignore the violation, that file is not allowed to be
part of a snapshot and is not protected in cloud storage.
You can enable or disable Antivirus Protection at the volume level.
The Antivirus Protection setting is inherited by connecting Nasuni Edge Appliances. For example, if the
Boston Nasuni Edge Appliance enables Antivirus Protection for a volume, and the London Nasuni Edge
Appliance connects to that volume, then Antivirus Protection is also enabled for that volume on the
London Nasuni Edge Appliance. In such a case, there might be a brief time lag before the London
Nasuni Edge Appliance inherits that setting.
Important: If you use Antivirus Protection, Nasuni recommends at least 8 GB of memory for
most implementations. Due to other factors, more memory might be necessary.
Nasuni Edge Appliance Antivirus Protection uses the Clam AntiVirus (ClamAV®) open-source antivirus
engine. The Nasuni Edge Appliance updates antivirus definition files multiple times daily.
Synchronization with the ClamAV virus database occurs within four hours of an update to that
database. Customers can report false positives here.
Nasuni Antivirus Protection scans files and container files (such as .zip files). Antivirus Protection does
not detect malware in the following circumstances:
• Encrypted or password-protected files or container files.
• Files or container files larger than 25 MB.
• Container files that contain any file larger than 25 MB.
• Container files where the combined size of the container file itself, plus the size of all the
contained files, is larger than 100 MB.
For details, see Nasuni Antivirus Service. See Worksheet for a worksheet for planning configurations.
Note: Antivirus Protection can be enabled or disabled in the customer license by Nasuni
Support. The default is that Antivirus Protection is enabled in the customer license.
Tip: To administer settings of Antivirus Protection, you must have the "Manage anti-malware
settings" permission.
Important: Using Antivirus Protection has the following effects on performance and data
propagation:
• Because files must be scanned before they are moved to cloud storage, this can
slightly delay data propagation and file synchronization.
• Using Antivirus Protection generally has a low impact on performance, because
files are scanned in batch. However, since files do not proceed to cloud storage until

they are scanned, this can delay data propagation and file synchronization until after
the scheduled scan occurs.
• Using “Check files immediately” has a higher impact on performance, because
each file is checked individually when it is closed, rather than as part of a batch of
files. Such scans do not have to wait until scheduled times.
Tip: To receive notifications of violations, and emails, if email is enabled, you must ensure that
Violation Alerts is selected for the user’s group.
Note: Antivirus violations are displayed in the Nasuni Edge Appliance or Nasuni Management
Console, and are also logged to the .nasuni/av_violations/ folder of the volume. In
the Antivirus log file, each violation entry is of the form:
<DATE> <TIME> <TIMEZONE> New AV violation: <SIGNATURE> found: <PATH>
Example:
2018-09-08 14:32:33 GMT New AV violation: EicarSignature found: /ei.txt
Tip: To access the hidden .nasuni directory on an SMB share, you must be an administrative
user.
Because the .nasuni directory is located in the root directory of the volume, in order to
access the .nasuni directory, you must create a share that includes the root directory of
the volume.
In addition, this hidden directory must be visible on the client machine. For example, in
Windows, “Show Hidden Files, folders, and drives” must be enabled, and “Hide protected
operating system files” must be disabled.
Alternatively, you can use the File System Browser to view the .nasuni directory and its
contents. On the File System Browser page, select the volume, click the gear icon, then
select “Show Hidden Files”.
in the cloud.

Viewing Anti-Malware settings (Antivirus Protection and Ransomware Detection)

To view Anti-Malware settings (Antivirus Protection and Ransomware Detection), follow these steps:
1. Click Anti-Malware Services. The Volume Anti-Malware Services page displays a list of CIFS
and NFS volumes and FTP/SFTP directories on managed Nasuni Edge Appliances.
Figure 11-129: Volume Anti-Malware Services page.

• Ransomware Detection: For each volume and Edge Appliance, an indication of whether
Ransomware Detection is Enabled or Disabled.
Note: Nasuni Ransomware Detection is a feature of the Nasuni Ransomware Protection
add-on service. If you do not have the Nasuni Ransomware Protection add-on
service, this column does not appear. To discuss how to purchase and enable the
add-on, contact your Nasuni account team.
• Antivirus Protection: For each volume and Edge Appliance, an indication of whether
Antivirus Protection is Enabled or Disabled.
• Antivirus Schedule: If Antivirus Protection is enabled, the days of the week and the time
during which to perform Antivirus Protection. If Antivirus Protection is disabled, displays “--
”.
• Antivirus Frequency: If Antivirus Protection is enabled, the frequency of performing
Antivirus Protection during the scheduled time. If Antivirus Protection is disabled, displays “-
-”.
Editing Anti-Malware settings (Antivirus Protection and Ransomware Detection)

To edit Anti-Malware settings (Antivirus Protection and Ransomware Detection), follow these steps:
1. On the Volume Anti-Malware Services page, select the volumes in the list whose Ransomware
Detection settings you want to edit.

2. Click Edit Volumes. The Edit Anti-Malware Services dialog box appears.
Figure 11-130: Edit Anti-Malware Services dialog box.

4. To enable Ransomware Detection, set the Enabled setting to On. To disable Ransomware
Detection, set the Enabled setting to Off.
Ransomware Detection can only be enabled on Edge Appliances running version 9.7 or later.
Ransomware Detection can only be enabled on volumes whose owning Edge Appliance is
running version 9.7 or later.
Note: Nasuni Ransomware Detection is a feature of the Nasuni Ransomware Protection add-
on service. If you do not have the Nasuni Ransomware Protection add-on service, this
option does not appear. To discuss how to purchase and enable the add-on, contact
your Nasuni account team.
5. To enable Antivirus Protection, set the Enabled setting to On. To disable the Antivirus
Protection, set the Enabled setting to Off.
If you select On, then configure the Antivirus Protection by performing these steps:
a. To select or deselect all days for Antivirus Protection scanning to occur, click Select/
Deselect All.
b. Select the Days for Antivirus Protection scanning to occur (for example, Sunday to Saturday).

c. For volumes on which the CIFS protocol has been enabled only, to check files as they are
written to the Nasuni Edge Appliance, in addition to the specified Antivirus Protection
schedule, select the Check files immediately check box. Otherwise, clear the Check files
immediately check box.
Note: Enabling “Check files immediately” can have a small effect on performance.
d. To specify scanning 24 hours a day, select the 24 Hours/Day check box.
Alternatively, select the hour to start scanning from the Start drop-down list. Select the hour
to stop scanning from the Stop drop-down list.
e. Select the frequency for Antivirus Protection scanning to occur from the Frequency drop-
down list.
If the volume does not have Remote Access enabled, your choices are 1, 2, 4, 8, 12, or 24
hours.
If the volume does have Remote Access enabled, your choices are 1, 5, 10, 25, or 30 minutes,
or 1, 2, 4, 8, 12, or 24 hours.
Note: Volumes that do not have Remote Access enabled only have Frequency options of
hours, not minutes. For Antivirus Protection scanning more frequent than every 1
hour, enable Remote Access for the volume.
Note: In addition to the specified scanning schedule, a scan is performed automatically
with every snapshot.
6. Click Save. The Ransomware Protection and Antivirus Protection settings are changed. The
volume appears in the list on the Volume Anti-Malware Services page.
Alternatively, to exit the dialog box without changing the Ransomware Protection and Antivirus
Protection settings, click Close.

Volumes Page Antivirus Violations
Antivirus Violations
You can view or review the antivirus violations of volumes.
If Antivirus Protection finds any files infected with a virus or other malware, that information is
displayed.
If a scanned file is infected, the authorized administrator has the option to ignore the infection. If a file
has no antivirus violations, that file is allowed to be part of a snapshot and to be protected in cloud
storage. If a file does have an antivirus violation, but the authorized administrator deliberately ignores
the violation, that file is also allowed to be part of a snapshot and to be protected in cloud storage.
However, if a file does have an antivirus violation, and the authorized administrator does not ignore the
violation, that file is not allowed to be part of a snapshot and is not protected in cloud storage.
Nasuni Edge Appliance Antivirus Protection uses the Clam AntiVirus (ClamAV®) open-source antivirus
engine. Synchronization with the ClamAV virus database occurs within four hours of an update to that
database. Customers can report false positives here.
Viewing antivirus violations

To view the antivirus violations, follow these steps:
1. Click Antivirus Violations. The Volume Antivirus Violations page displays a list of CIFS and
NFS volumes and FTP/SFTP directories on managed Nasuni Edge Appliances that have
antivirus violations.
Figure 11-131: Volume Antivirus Violations page.

• Filepath: The path to the file with the antivirus violation.
• Virus Name: The virus that was detected.

Volumes Page Antivirus Violations

“Filtering Displays” on page 527 for details.
On this screen, the following field names are available:
• filepath: Matches values in the Filepath field.
• virus: Matches values in the Virus Name field.
Reviewing antivirus violations

If a scanned file is infected, the authorized administrator has the option to ignore the infection. If a file
has no antivirus violations, that file is allowed to be part of a snapshot and to be protected in cloud
storage. If a file does have an antivirus violation, but the authorized administrator deliberately ignores
the violation, that file is also allowed to be part of a snapshot and to be protected in cloud storage.
However, if a file does have an antivirus violation, and the authorized administrator does not ignore the
violation, that file is not allowed to be part of a snapshot and is not protected in cloud storage.
To review antivirus violations, follow these steps:
1. On the Antivirus Violations page, select the volumes in the list whose antivirus violations you
want to edit.
2. For each file in the list, click either Ignore or Delete .
To ignore a detected infection and permit the infected file to enter cloud storage, click Ignore.
The Ignore Infected File dialog box appears. Click Ignore Infected Files. The infected file is
permitted to enter cloud storage.
Note: The Nasuni Management Console records the name of the authorized administrator
who authorizes ignoring the infected file, also in the .nasuni/av_violations/
folder of the volume.
Alternatively, to delete the infected file and prevent the infected file from entering cloud storage,
click Delete . The Delete Infected File dialog box appears. Click Delete Infected Files.
The infected file is deleted.

Volumes Page Ransomware Detection
Ransomware Detection
The Ransomware Detection settings implement Nasuni Edge Detection. You can view or change the
Edge Detection setting of volumes.
Nasuni provides unmatched recovery capabilities for customers impacted by ransomware attacks as
part of its base platform. Nasuni Edge Detection extends these built-in capabilities by identifying
ransomware attacks on files anywhere within your Nasuni environment, and alerting administrators
about ransomware attacks before they cause significant damage. This enables you to identify the
impacted files and culprit users, so you can recover smarter and even faster without having to pay
ransom.
Edge Detection includes the following processing:
• Regularly updates known ransomware patterns used for detection.
The Nasuni list of known ransomware file extensions is at https://r3.api.nasuni.com/
ext_blocklist.json.
• Reads creation and renaming events, and analyzes their paths.
• Emits an immediate notification if an attack is underway. You receive one notification when the
attack is first recorded; you do not receive a notification for each affected file. You also receive
two reminder alerts during the same day, until the attack summary is cleared.
• Logs individual pattern violations to .nasuni.
• Sends a summary notification twice per day, which includes the attack signature (such as
*.wannacry), the target volume, the number of violations detected so far, and the timestamp
of first detection.
Tip: You can avoid false positives by requesting Support to add particular file extensions to a
safelist.
You can enable or disable Edge Detection at the volume level.
For details, see Nasuni Ransomware Protection. See Worksheet for a worksheet for planning
configurations.
Note: Nasuni Edge Detection is a feature of the Nasuni Ransomware Protection add-on service.
If you do not see the feature, contact your Nasuni account team to discuss how to
purchase and enable the add-on.
Antivirus Protection must also be enabled in the customer license by Nasuni Support. The
default is that Antivirus Protection is enabled in the customer license.
Note: Some ransomware file extensions may be considered vulgar. Nasuni believes in giving the
most accurate information to its users, so does show the full extension.
Important: To enable Edge Detection, you must open port 443 to the FQDN
r3.api.nasuni.com in order to get ransomware detection definition files.
Tip: To administer settings of Edge Detection, you must have the "Manage Anti-Malware
Settings" permission.
Tip: To receive notifications of violations, you must have the “Manage all aspects of the Filer
(super user)” or “Manage Notifications” permissions, and the appropriate “Filer Access”
permissions.

To receive emails of violations, if email is enabled, you must also ensure that Violation Alerts
is selected for the user’s group.
Note: Ransomware pattern violations are logged to a CSV file in the
.nasuni/ransomware_violations/ folder of the volume.
In the log file, each violation entry includes the following: event timestamp, event type,
path, client SID, and client IP.
The event types include 4 (AUDIT_RENAME: Rename) and 10 (AUDIT_MKNOD: New File).
Tip: To access the hidden .nasuni directory on an SMB share, you must be an administrative
user.
the volume.
Important: BEFORE PUTTING NASUNI RANSOMWARE DETECTION INTO PRODUCTION

Nasuni Ransomware Detection is an aggressive system of detecting ransomware and alerting you to
the possibility of a ransomware attack. In particular, Nasuni Ransomware Detection tends to err on the
side of safety and caution when examining incoming files and comparing files to known ransomware
signatures, in order to improve the likelihood of detecting an actual ransomware attack. Because there
is some overlap between your organization’s ordinary file extensions and known ransomware
signatures, it is likely that your organization’s ordinary files might trigger Nasuni Ransomware
Detection. This is called a “false positive”.
In order to use Nasuni Ransomware Detection most effectively in your environment, you can balance
your knowledge of what is normal about your organization’s environment with what Nasuni
Ransomware Detection reports. The following considerations are important:
1. When you first enable Nasuni Ransomware Detection, you should expect to receive notifications
of possible ransomware. This does not necessarily indicate the presence of actual ransomware
in your system. Instead, this is far more likely an indication that some of your organization’s
ordinary file extensions happen to match some known ransomware signatures. Recognizing
these ordinary file extensions is an important part of establishing what is the “normal” state of
your system.
2. When you do receive these first ransomware notifications, you should examine them closely.
The ransomware violations are logged to a CSV file in the
.nasuni/ransomware_violations/ folder of the volume.
• You must be an administrative user.

• Because the .nasuni directory is located in the root directory of the volume, in order to
the volume.
• In Windows, “Show Hidden Files, folders, and drives” must be enabled.
• In Windows, “Hide protected operating system files” must be disabled.
Find and open this CSV file. It includes a list of suspicious files. Examine the extensions of these
files.
a. Are these typical extensions of ordinary files used in your organization? If so, this is an
example of a false positive, and a good indication of the type of file that you can typically
ignore in future notifications.
b. Are these unusual extensions for your organization? If so, this can indicate the possibility of
an actual ransomware attack, and further investigation is necessary. For example, if only one
or a few files have such an unusual extension, it is still probably not a ransomware attack,
since ransomware attacks typically affect many files on a system.
3. After a few days or weeks of examining ransomware notifications, you should have a good idea
of the types of extensions that you can safely ignore. You should also have an idea of the
number of ransomware violations that you can expect per day. Receiving many more than your
usual daily number of ransomware violations can also indicate an actual ransomware attack.
4. When you have identified ordinary file extensions that seem to routinely trigger ransomware
notifications, you can decide how best to manage these false positives.
For example, you can request Nasuni Support to add these known false positive file extensions
to the safelist for this volume. This ensures that you do not receive notifications for files that
match these extensions.
However, if you do so, you risk the possibility of a genuine ransomware attack that happens to
use those particular file extensions. That is a decision that must be made carefully. You might
well decide to continue to allow Nasuni Ransomware Detection to flag these file extensions, and
provide the most complete protection possible.
Viewing Anti-Malware Service settings (Antivirus Protection and Ransomware Detection)

To view the Anti-Malware Service settings (Antivirus Protection and Ransomware Detection), follow
these steps:
1. Click Anti-Malware Services. The Volume Anti-Malware Services page displays a list of CIFS
and NFS volumes and FTP/SFTP directories on managed Nasuni Edge Appliances.
Figure 11-132: Volume Anti-Malware Services page.



• Ransomware Detection: For each volume and Edge Appliance, an indication of whether
Ransomware Detection is Enabled or Disabled.
Note: Nasuni Ransomware Detection is a feature of the Nasuni Ransomware Protection
add-on service. If you do not have the Nasuni Ransomware Protection add-on
service, this column does not appear. To discuss how to purchase and enable the
add-on, contact your Nasuni account team.
• Antivirus Protection: For each volume and Edge Appliance, an indication of whether
Antivirus Protection is Enabled or Disabled.
• Antivirus Schedule: If Antivirus Protection is enabled, the days of the week and the time
during which to perform Antivirus Protection. If Antivirus Protection is disabled, displays “--
”.
• Antivirus Frequency: If Antivirus Protection is enabled, the frequency of performing
Antivirus Protection during the scheduled time. If Antivirus Protection is disabled, displays “-
-”.
Editing Anti-Malware Service settings (Antivirus Protection and Ransomware Detection)

To edit Anti-Malware Service settings (Antivirus Protection and Ransomware Detection), follow these
steps:
1. On the Volume Anti-Malware Services page, select the volumes in the list whose Ransomware
Detection settings you want to edit.

2. Click Edit Volumes. The Edit Anti-Malware Services dialog box appears.
Figure 11-133: Edit Anti-Malware Services dialog box.

4. To enable Ransomware Detection, set the Enabled setting to On. To disable Ransomware
Detection, set the Enabled setting to Off.
Ransomware Detection can only be enabled on Edge Appliances running version 9.7 or later.
Ransomware Detection can only be enabled on volumes whose owning Edge Appliance is
running version 9.7 or later.
Note: Nasuni Ransomware Detection is a feature of the Nasuni Ransomware Protection add-
on service. If you do not have the Nasuni Ransomware Protection add-on service, this
option does not appear. To discuss how to purchase and enable the add-on, contact
your Nasuni account team.
5. To enable Antivirus Protection, set the Enabled setting to On. To disable the Antivirus
Protection, set the Enabled setting to Off.
If you select On, then configure the Antivirus Protection by performing these steps:
a. To select or deselect all days for Antivirus Protection scanning to occur, click Select/
Deselect All.
b. Select the Days for Antivirus Protection scanning to occur (for example, Sunday to Saturday).

c. For volumes on which the CIFS protocol has been enabled only, to check files as they are
written to the Nasuni Edge Appliance, in addition to the specified Antivirus Protection
schedule, select the Check files immediately check box. Otherwise, clear the Check files
immediately check box.
Note: Enabling “Check files immediately” can have a small effect on performance.
d. To specify scanning 24 hours a day, select the 24 Hours/Day check box.
Alternatively, select the hour to start scanning from the Start drop-down list. Select the hour
to stop scanning from the Stop drop-down list.
e. Select the frequency for Antivirus Protection scanning to occur from the Frequency drop-
down list.
If the volume does not have Remote Access enabled, your choices are 1, 2, 4, 8, 12, or 24
hours.
If the volume does have Remote Access enabled, your choices are 1, 5, 10, 25, or 30 minutes,
or 1, 2, 4, 8, 12, or 24 hours.
Note: Volumes that do not have Remote Access enabled only have Frequency options of
hours, not minutes. For Antivirus Protection scanning more frequent than every 1
hour, enable Remote Access for the volume.
Note: In addition to the specified scanning schedule, a scan is performed automatically
with every snapshot.
6. Click Save. The Ransomware Protection and Antivirus Protection settings are changed. The
volume appears in the list on the Volume Anti-Malware Services page.
Alternatively, to exit the dialog box without changing the Ransomware Protection and Antivirus
Protection settings, click Close.

Volumes Page File System Auditing
File System Auditing

Take
You can configure extensive file system auditing and logging of operations for volumes.
As an alternative to Nasuni’s own auditing options, Nasuni also supports auditing by Varonis and other
external auditing services. For Varonis versions before 8.5, to complete configuration of the Varonis
application to use Nasuni auditing events, you must provide a Nasuni API access key. Events created
by the Nasuni Edge Appliance propagate to the Varonis monitoring infrastructure. For details of the
Varonis configuration, see “Varonis Configuration” on page 257. For more details on specifying audit
destinations, see “Audit Destinations Status” on page 360.
As an alternative to Nasuni’s own auditing options, Nasuni also supports output to an Advanced
Message Queuing Protocol (AMQP) server of an external auditing service.
Important: If using external auditing (such as Varonis), open port 5671 outbound from the Edge
Appliance to the configured audit endpoint.
Port 5671 is used for AMQP with SSL. Nasuni does not support AMQP without SSL.
Syslog Export enables you to direct Nasuni notifications and file auditing messages to your syslog
server. For more details, see “Syslog Export” on page 336.
Tip: The NMC API can be used to configure auditing, including configuring AMQP destinations
for audit messages (such as for Varonis or RabbitMQ).
Tip: Auditing volume events such as Create, Delete, Rename, and Security can aid in recovering
from ransomware attacks.
Note: Enabling file system auditing generally affects performance less than 5–10 percent. The
effect is greater if auditing writes. The effect is less if using solid-state drives (SSD), rather
than hard disk drives (HDD). We do not recommend auditing additional events for these
purposes, because that can consume system resources unnecessarily.
Note: It is possible that occasionally a specified operation might not be audited and logged,
such as when a Nasuni Edge Appliance reboots or restarts. Also, if events occur faster
than the auditing, a “Lost Events” entry is made in the log file.
Note: If you remove a destination that a volume is using for Varonis or AMQP auditing, auditing
becomes disabled for that volume.
Tip: Log files take up space. To reduce the amount of space necessary for log files, you can: limit
the number of event categories to audit, limit which volumes to audit, use filters to reduce
the directories or files to audit, and limit the log file retention period.
To configure file system auditing for a volume, follow these steps:
1. Click Volumes, then click Auditing. The Volume Auditing Settings page appears.
Figure 11-134: Volume Auditing Settings page.

A list of volumes appears. Each volume is on a Nasuni Edge Appliance that has the file system
auditing feature.
2. Click the right-facing arrow beside each volume to reveal the file system auditing setting for
each Nasuni Edge Appliance for that volume. To reveal the settings for all volumes of all Nasuni
Edge Appliances, click Expand All. To collapse the display of the settings for all volumes of all
Nasuni Edge Appliances, click Collapse All.
The following information appears for each volume and Nasuni Edge Appliance combination in
the list:
• Output Type: The type of output for the auditing information, which can be one of the
following:
• CSV: For output to local auditing log files. Auditing log files are written to the
.nasuni\audit\<filerdescription>\<yyyymmdd> directory, where
filerdescription is the description of the Nasuni Edge Appliance and yyyymmdd is
the date of the log file.
Tip: To access the hidden .nasuni directory on an SMB share, you must be a CIFS
administrative user. To specify a CIFS administrative user, on the Nasuni Edge
Appliance, select General Settings from the Configuration menu, then specify an
Administrative User.
Because the .nasuni directory is located in the root directory of the volume, in
order to access the .nasuni directory, you must create a share that includes
the root directory of the volume.
In addition, this hidden directory must be visible on the client machine. For
example, in Windows, “Show Hidden Files, folders, and drives” must be enabled,
and “Hide protected operating system files” must be disabled.
Alternatively, you can use the File System Browser to view the .nasuni
directory and its contents. On the File System Browser page, select the volume,
click the gear icon, then select “Show Hidden Files”.
• AMQP: For output for an Advanced Message Queuing Protocol (AMQP) server of an
external auditing service.
• Varonis: For external auditing by Varonis.
• Enabled: The auditing setting of the volume: Yes (auditing enabled) or No (auditing not
enabled).

3. To change the settings for file auditing, on the Volume Auditing Settings page, select the
volumes in the list whose file system auditing setting you want to edit, then click Edit Volumes.
The Edit Volume Auditing Settings dialog box appears.
Figure 11-135: Top portion of Edit Volume Auditing Settings dialog box.
Tip: No changes on this page are saved until you click Save Auditing Settings.
5. If this volume has Varonis auditing selected, the content on this page is unavailable, except for
the “Revert control to NMC” button. To revert control of auditing to the NMC, click “Revert
control to NMC”.
6. To enable file system auditing for this volume, select Auditing Enabled.
Important: When you enable file system auditing for this volume, auditing log files are written
to the .nasuni\audit\<filerdescription>\<yyyymmdd> directory,
where filerdescription is the description of the Nasuni Edge Appliance and
yyyymmdd is the date of the log file. For details on log files, see “File Alert
Service” on page 259.
administrative user. To specify a CIFS administrative user, on the Nasuni Edge
Appliance, select General Settings from the Configuration menu, then specify an

Administrative User.
access the .nasuni directory, you must create a share that includes the root directory
of the volume.
Windows, “Show Hidden Files, folders, and drives” must be enabled, and “Hide
protected operating system files” must be disabled.
Alternatively, you can use the File System Browser to view the .nasuni directory and
its contents. On the File System Browser page, select the volume, click the gear icon,
then select “Show Hidden Files”.
7. In the Event Types area, select the operations to include in file system auditing, from these
choices:
• Create: Operations that create files, directories, or links.
• Delete: Operations that delete files or directories.
• Rename: Operations that rename files or directories.
• Close: Operations that close files.
• Security: Changes to file or directory ownership or permission.
• Metadata: Changes to update time and extended attributes.
• Write: Operations that write or truncate files.
• Read: Operations that read files or directories.
Note: Some event types generate a greater load and result in greater traffic.
8. To delete log files older than a specified number of days, select Prune Audit Logs and enter a
number greater than zero in Days to Keep. The default is 90 days. If Prune Audit Logs is not
selected, or if Days to Keep is zero, audit logs are not deleted.
Note: Audit logs are retained for 90 days by default. Customers can decide how long to keep
the audit logs, based on their specific requirements or compliance considerations.
Also, audit logs are included in snapshots, so that, if an older audit log is needed that
has already been pruned, the audit log can be restored from snapshots, like any other
user file.

9. The Filtering area is available.
Figure 11-136: Bottom portion of Edit Volume Auditing Settings dialog box.
10. In the Filtering area, to audit operations only for specified directories or files, select Exclude by
Default and enter the specific directories or files to include in the Include Patterns text box.
Separate the patterns with a comma or by placing a pattern on a new line. You can use glob
syntax wildcards when you specify each pattern, such as the following:
* Matches any number of *.mp3
? Matches any one test.mp?

[sequence] Matches any character [A-Z]*.mp3

sequence. letter.
[!sequence] Matches any character [!A-Z]*.mp3

NOT in the specified means file names that do not start with an upper-
11. To audit operations for directories or files in the Include Patterns text box, even if those
directories or files are logically part of the entries in the Exclude Patterns text box, select
Include List Takes Priority.
12. To include specified directories or files in audit operations, such as *.tmp files, enter the
specific directories or files to include in the Include Patterns text box. Separate the patterns
with a comma or by placing a pattern on a new line. You can use glob syntax wildcards when
you specify each pattern, as described in step 10.

13. To exclude specified directories or files from audit operations, such as *.tmp files, enter the
specific directories or files to exclude in the Exclude Patterns text box. Separate the patterns
with a comma or by placing a pattern on a new line. You can use glob syntax wildcards when
you specify each pattern, as described in step 10.
14. The “Syslog Export for Audit Events” area appears near the bottom of the page.
Figure 11-137: “Syslog Export for Audit Events” area.

To send Auditing messages for this volume to syslog, as well as to the specified output, select
“Send Audit messages to syslog”. For more details, see “Syslog Export” on page 336.
15. Click Save Auditing Patterns.
The specified operations for the specified directories and files are audited and written in log files for
later use.
Log file location and format

Log files are written to the .nasuni\audit\<description>\<yyyymmdd> directory, where
description is the description of a Nasuni Edge Appliance and yyyymmdd is the date of the log file.
Note: If this is a shared volume, entries from multiple Nasuni Edge Appliances may appear in the
same <description> directory.
Tip: To access the hidden .nasuni directory on an SMB share, you must be an
administrative user.
access the .nasuni directory, you must create a share that includes the root directory
of the volume.
Windows, “Show Hidden Files, folders, and drives” must be enabled, and “Hide
protected operating system files” must be disabled.
Alternatively, you can use the File System Browser to view the .nasuni directory and
its contents. On the File System Browser page, select the volume, click the gear icon,
then select “Show Hidden Files”.
Log file names are in the format audit-<timestamp>.csv, where timestamp is the local hours,
minutes, seconds, and microseconds of the log file. A sample log file name is audit-10-07-57-
494069.csv, which indicates a time of 10:07:57.494069.
Note: You cannot access the log files from the Nasuni Management Console or from a Nasuni
Edge Appliance. You must mount the volume and access the appropriate directory.
Each line of the log file is a record for a single audited operation. Each record includes the following
information, if available, separated by commas.

Here is a sample log file record:

2013-09-19 22:48:39.697221,Read,Read Directory,/.snapshot,,FOREST1\
jjones,FOREST1\domain users,S-1-5-21-4239937795-3974351056-
921346076-1113,files,CIFS,10.10.10.10,
• Timestamp (UTC) of the audited operation, such as “2013-09-19 22:48:39.697221” in the

example above.
• Category of the operation, from the Event Types above, such as “Read” in the example above.
• Event type as a subtype of the category, such as the following:
• Create: Create Directory or Create File.
• Delete: Delete Directory or Delete File.
• Read: Read Directory or Read File, such as “Read Directory” in the example above.
• Security: Change Owner, Change Permissions, Set ACL, or Set DOS Attribute.
• Write: Truncate File or Write to File.
• Path/from of the item, such as “/.snapshot” in the example above.
• New path/to of the item (if appropriate), such as “” in the example above.
• User of the item (if appropriate), such as “FOREST1\jjones” in the example above.
• Group of the user (if appropriate), such as “FOREST1\domain users” in the example above.
• SID (for Active Directory) of the CIFS (SMB) item (if appropriate), such as “S-1-5-21-
4239937795-3974351056-921346076-1113” in the example above.
• Share name for the item (for CIFS (SMB) volumes only, if appropriate), such as “files” in the
example above.
• Volume type of the item: CIFS (SMB), NFS, FTP, or Internal, such as “CIFS” in the example
above. Internal refers to events that are generated by internal processes that don’t use the
external protocols.
• Client IP address that caused the event (for CIFS (SMB) volumes only, if appropriate), such as
“10.10.10.10” in the example above.
• Snapshot timestamp (UTC), if event occurred on an item in a snapshot, such as “” in the
example above.
Each log file contains at most 100,000 records. For additional records, a new log file is created.
Note: It is possible that occasionally a specified operation might not be audited and logged,
such as when a Nasuni Edge Appliance reboots or restarts. Also, if events occur faster
than the auditing, a “Lost Events” entry is made in the log file.

Varonis Configuration
Nasuni can use an external auditing service, such as Varonis.
Important: If using external auditing (such as Varonis), open port 5671 outbound from the Edge
Appliance to the configured audit endpoint.
Port 5671 is used for AMQP with SSL. Nasuni does not support AMQP without SSL.
Important: After initially configuring Varonis to monitor your volumes, if you connect a monitored
volume to a new Edge Appliance, you must configure the new Edge Appliance to
send audit events to Varonis. For assistance with updating the configuration, contact
Varonis Support.
Tip: For Varonis versions before 8.5, to complete configuration of the Varonis application to use
Nasuni auditing events, you must provide a Nasuni API access key.
For Varonis versions after 8.5, the configuration of the AMQP destination and audit policy is
managed using the NMC API.
When specifying a file server on the File Server Wizard of the Varonis Management Console, for
example:
• Select Common from the left-hand menu.
• Enter the name or IP address of the Nasuni Edge Appliance as the “File server name”.
• Select Nasuni from the “File server type” drop-down list. Alternatively, if you click “Detect File
Server Type”, Nasuni is chosen.
• After selecting Nasuni as the “File server type”, the “Nasuni Management API Settings” pane
appears.
• Enter the Nasuni API Access Key Name (from the Filers → API Keys page) as the “Access
key name”. For details about the Nasuni access key, see “API Access key for external
auditing using Varonis” on page 282.
• Enter the Nasuni API Access Key Passcode (from the Filers → API Keys page) as the
“Access key passcode”. For details about the Nasuni access key, see “API Access key for
external auditing using Varonis” on page 282.
When specifying shares on the File Server Wizard of the Varonis Management Console, for example:
• Select Shares from the left-hand menu.
• The unhidden CIFS shares of the Nasuni Edge Appliance appear in the “Available Shares”
area.
• To move a share to the “Registered Shares” area, select the share, then click the down
arrow.

• In the “Registered Shares” area, you can perform the following:

• Enable whether to collect Events on the share.
• Enable whether to crawl/monitor the share.
• In the Automatic Detection area, you can perform the following:
• Specify what to do with new shares, by selecting “Automatically detect shares” to be
either Never, “Detect and notify”, “Detect and Monitor”, or “Detect, Monitor, and
Notify”.
• Specify the frequency of notification by selecting Notify to be Always or Once.

Volumes Page File Alert Service
File Alert Service

You can view or change the File Alert Service setting of volumes.
The File Alert Service monitors the names of files and directories that are written to the Nasuni Edge
Appliance, looking for names that match patterns that you specify. This can be valuable in tracking
certain special files, such as files or directories whose names contain text like “HIPAA”.
You can use wildcards to specify each pattern. For example, if you specify *.mp3, the File Alert Service
monitors whenever any files whose names end in .mp3 are written to the Nasuni Edge Appliance.
Note: File alerts configured here apply only to the local Nasuni Edge Appliance, and not to any
other Nasuni Edge Appliance. To enable file alerts on other Nasuni Edge Appliances in a
multi-site configuration, you must configure the other Nasuni Edge Appliances individually.
To administer file alerts consistently on multiple Nasuni Edge Appliances, use the Nasuni
Management Console.
Tip: PST files: Microsoft Outlook Personal Storage (.pst) files are used to store information for
Microsoft Outlook email systems. These files contain a large quantity of different types of
information, and can grow very large: multi-GB .pst files are common.
Nasuni recommends that customers NOT store active Outlook .pst files with the Nasuni
Edge Appliance, for a number of reasons:
• Whenever a new email arrives, the entire .pst file is marked as unprotected, and the
entire very large file must then be uploaded to the cloud again with the next snapshot.
This can interfere with the handling of other files, and with data propagation.
• The multiple versions of .pst files can increase the cloud usage of such files for a volume.
• Microsoft also recommends NOT storing .pst files on networks: https://
docs.microsoft.com/en-US/outlook/troubleshoot/data-files/limits-using-pst-files-over-
lan-wan
To help ensure that .pst files are not stored with the Nasuni Edge Appliance, Nasuni
recommends that customers enable the File Alert Service and include patterns such as *.pst.
When enabled, each time that a snapshot completes, the File Alert Service runs. If the names of any
files or directories match any of the specified patterns, the result is recorded in the file alert logs in
the .nasuni/file_alerts directory. It might take 1-2 hours for the result to appear in the file alert
logs.
administrative user. To specify a CIFS administrative user, on the Nasuni Edge Appliance,
select General Settings from the Configuration menu, then specify an Administrative User.
the volume.

In addition, if the names of any files or directories match any of the specified patterns, an alert (no more
than one per day) is generated in the Notifications system. If you have configured email settings, you
receive an email (no more than one per day) when names of files or directories match one of the
patterns. To configure email settings, see “Email Settings” on page 289. It might take 24-48 hours for
the alert to be sent.
Note: If a match is detected, you receive no more than one alert per day. The alert contains the
path to a complete log file containing all detected matches.
Tip: Alerts do not occur for empty files.
Tip: Receiving the results of the File Alert Service involves several features:
• Enable the Alerts permission for a group: Console Settings → Users/Groups → Manage
Groups → Edit → Violation Alerts. See “Console Users and Groups” on page 472.
• Enable File Alerts on the volume: Described below.
• To receive emails, configure email for user: Console Settings → Users/Groups → Manage
Users → Edit → Email. See “Console Users and Groups” on page 472.
Caution: While individual file alerts do not require significant processing, specifying hundreds or
thousands of file alert patterns can have consequences, including the following:
• Matching file or directory names are recorded in log files in the .nasuni/file_alerts
directory. For large numbers of file alert patterns, the processing necessary to match
patterns and update log files can affect the resources available for other tasks.
• Conflicts can occur on the log files themselves, because multiple Edge Appliances
might register near-simultaneous file alerts.
• Log files must be manually deleted from the file_alerts directory. This is not an
automated process.
• A large number of files in a directory can cause delays in snapshots each time new
files are added that must be checked.
• Matching file or directory names can trigger alerts in the Notifications system, and
emails. For large numbers of file alert patterns, this process can affect processing.
• These effects are exacerbated when ingesting large amounts of data.

Viewing File Alert Service settings

To view the File Alert Service settings, follow these steps:
1. Click File Alert Service. The Volume File Alert Service page displays a list of volumes on
Figure 11-138: Volume File Alert Service page.

2. Click the right-facing arrow beside each volume to reveal the File Alert Service setting for each
Nasuni Edge Appliance for that volume. To reveal the settings for all volumes of all Nasuni Edge
Appliances, click Expand All. To collapse the display of the settings for all volumes of all Nasuni
Edge Appliances, click Collapse All.
• Enabled: The File Alert Service setting: Enabled (File Alert Service running) or Disabled (File
Alert Service not running).
• File/Directory Patterns: The specific patterns of file names or directory names that the File
Alert Service is looking for.
Editing File Alert Service settings

To edit File Alert Service settings, follow these steps:
1. On the Volume File Alert Service page, select the volume and Nasuni Edge Appliance
combinations in the list whose File Alert Service settings you want to edit.

2. Click Edit Volumes. The Edit File Alert Service dialog box appears.
Figure 11-139: Edit File Alert Service dialog box.

4. To enable the File Alert Service, set the Enabled setting to On. To disable the File Alert Service,
set the Enabled setting to Off.
5. If the File Alert Service is enabled, enter name patterns in the File/Directory Patterns text box.
Enter one name pattern per line. You can use wildcards when you specify each pattern:
* Matching any number of *.mp3
? Matching any one test.mp?

[sequence] Matching any character [A-Z]*.mp3

sequence. letter.
[!sequence] Matching any character [!A-Z]*.mp3

not in the specified means file names that do not start with an upper-
6. Click Save. The File Alert Service settings are changed. The volume appears in the list on the
Volume File Alert Service page.
Alternatively, to exit the dialog box without changing the File Alert Service settings, click Close.

Volumes Page Data Propagation
Data Propagation
You can view a chart of how long it takes data in shared volumes to propagate from the source Nasuni
Edge Appliance to any remote Nasuni Edge Appliances. You can also view a chart of the age of the
oldest data or metadata in the cache. Two charts are available:
• Data Propagation Time (DPT) chart: The Data Propagation Time chart shows the time taken
for a version of a file or folder to propagate on the vertical axis, and the time span on the
horizontal axis.
The time to propagate is measured from the start of the snapshot on the source Nasuni Edge
Appliance to the completion of synchronization on destination Nasuni Edge Appliances.
Figure 11-140: Data Propagation Time (DPT) chart.
This chart can be useful to investigate how long it takes data to propagate from a source Edge
Appliance to destination Edge Appliances. You can use this to get a general idea about how
long it takes data to propagate, or to investigate specific situations involving data propagation.
By adjusting the time scale, you can examine the time to propagate on specific dates (within the
last 30 days) or at specific times.
Using the “Max and Avg” perspective, you can see cumulative data propagation times across
all Edge Appliances. Using the “Per Filer” perspective, you can see data propagation times to
the specified destination Edge Appliances.
The time span and resolution on the horizontal axis is one of the following:
• 30 days of data, at once-per-day resolution (default);
• 1 day, at once-per-hour resolution;
• 1 hour, showing every snapshot.
Tip: The Data Propagation Time chart is only available for volumes that are shared by two or
more Nasuni Edge Appliances that are running version 8.4 or later.
The Data Propagation Time chart is available in two perspectives:
• Max and Avg (default): Displays the maximum time (and the average time) taken for any
snapshot of a file or folder completed during a given day or hour to be synced to other
Nasuni Edge Appliances on the vertical axis, and the time span on the horizontal axis. For
the 1-hour time span, the chart shows the maximum time (and the average time) taken for a
particular version of a file or folder to be synced to other Nasuni Edge Appliances on the

vertical axis, and the time span on the horizontal axis.

With the Max and Avg perspective, you can select and deselect the display of the maximum
value by clicking the Max chart legend. Similarly, you can select and deselect the display of
the average value by clicking the Avg chart legend.
• Per Filer: Displays the maximum value for any selected Nasuni Edge Appliances connected
to the selected volume, as well as the average value for any selected Nasuni Edge
Appliances connected to the selected volume.
With the Per Filer perspective, you can select which Nasuni Edge Appliances to display
data for from the Filers drop-down list.
With the Per Filer perspective, you can select and deselect the display of the maximum and
average value for each Nasuni Edge Appliance by clicking the appropriate chart legend.
• Age of Oldest Unprotected Data (OUD) chart: The Age of Oldest Unprotected Data chart
displays on the vertical axis the age of the oldest unprotected data or metadata in the cache,
and the time of observation on the horizontal axis.
Figure 11-141: Age of Oldest Unprotected Data (OUD) chart.
This chart can be useful to examine how unprotected data moves from the cache to cloud
storage. You can use this to get a general idea about how long data remains in the cache before
moving to cloud storage, or to investigate specific situations involving data moving to cloud
storage.
By adjusting the time scale, you can examine the oldest data on specific dates (within the last
30 days) or at specific times.
Using the “Max and Avg” perspective, you can see the oldest unprotected data in the cache for
all Nasuni Edge Appliances connected to the selected volume. Using the “Per Filer”
perspective, you can see the oldest unprotected data in the cache for specified Edge
Appliances connected to the selected volume.
The time of observation and resolution on the horizontal axis is one of the following:
• 30 days of data, at once-per-day resolution (default);
• 1 day, at once-per-hour resolution;
• for Per Filer perspective, 1 hour, showing every OUD observation.

The Age of Oldest Unprotected Data chart is available in two perspectives:

• Max and Avg (default): Displays the age of the oldest unprotected data or metadata in the
cache for all the Nasuni Edge Appliances connected to the selected volume.
With the Max and Avg perspective, you can select and deselect the display of the value by
clicking the Max chart legend.
• Per Filer: Displays the age of the oldest unprotected data or metadata in the cache for any
selected Nasuni Edge Appliances connected to the selected volume.
With the Per Filer perspective, you can select which Nasuni Edge Appliances to display
data for from the Filers drop-down list.
With the Per Filer perspective, you can select and deselect the display of the value for each
Nasuni Edge Appliance by clicking the appropriate chart legend.
Tip: Square points represent the age of the oldest unprotected data just before a snapshot is
taken. Triangular points represent the age of the oldest unprotected data just after a
snapshot. Circular points represent a periodic report of the age of the oldest unprotected
data.
To change from one time span to the next finer time span, click any point on either chart. To change
from one time span to the next less fine time span, click Zoom Out.
To view data propagation displays, follow these steps:
1. Click Data Propagation. The Data Propagation page displays the Data Propagation Time
chart and the Age of Oldest Unprotected Data chart.
Figure 11-142: Data Propagation page.

2. From the Volume drop-down list, select the volume whose data propagation display you want
to see. The charts reflect the selected volume.
3. From the Perspective drop-down list, select the perspective of the display you want to see,
from the following:
• Max and Avg, as described above.
• Per Filer, as described above.
4. If the Per Filer perspective is selected, select which Nasuni Edge Appliances to display data for
from the Filers drop-down list. You can select up to 5 Nasuni Edge Appliances.
5. To change from one time span to the next finer time span, click any point on either chart. To
change from one time span to the next less fine time span, click Zoom Out.
6. You can display different combinations of Nasuni Edge Appliances and maximum and average
values by clicking the appropriate chart legends.

Chapter 12: Filers Page
On the Filers page, you can view managed Nasuni Edge Appliances. You can also perform the
following actions:
• Set API access keys.
• Schedule automatic software updates.
• Configure cache settings.
• Change CIFS and FTP/SFTP settings.
• Change the description of managed Nasuni Edge Appliances.
• Configure full disk encryption for disks that have this feature available.
• Configure email settings.
• Manage encryption keys for managed Nasuni Edge Appliances.
• Set the escrow passphrase for managed Nasuni Edge Appliances.
• Configure Global File Lock.
• Schedule of Quality of Service (inbound and outbound bandwidth).
• Schedule when to send quota reports.
• Configure SNMP settings.
• Configure syslog export.
• Configure time servers.
• Configure Web Access branding.
• Manage mobile access to data.
• Refresh the Nasuni Edge Appliance license.
• Configure remote support settings.
• Send diagnostic information to Nasuni.
• Manage Side Load processing.
• View the status of jobs to move data into the cache.
• Review the status of CIFS shares, shared links, and FTP/SFTP directories on managed Nasuni
Edge Appliances.
• File heuristics for all Nasuni Edge Appliances or selected Nasuni Edge Appliances.
• Review pending updates to Nasuni Edge Appliances.
• Review the platform settings and status of managed Nasuni Edge Appliances.

Filers Page Filers page
• Apply software updates to managed Nasuni Edge Appliances.

• Review security settings and network settings for managed Nasuni Edge Appliances.
• View and manage shared links.
• Shut down and reboot managed Nasuni Edge Appliances.
• Review SSL certificates for managed Nasuni Edge Appliances.
Filers page
Click Filers. The Filers page displays a dashboard of Nasuni Edge Appliance information and a list of
all Nasuni Edge Appliances in the account.
Figure 12-1: Filers page.
Filers Managed
In the Filers Managed area, the following information appears:
• Total number of Nasuni Edge Appliances managed in the account. Only Nasuni Edge
Appliances that the user has access to are included.
• Total number of unmanaged Nasuni Edge Appliances in the account. Only Nasuni Edge
Note: If configured, an email notification is sent when a new Nasuni Edge Appliance is
deployed, whether the new Nasuni Edge Appliance is managed or unmanaged.

• Number of Nasuni Edge Appliances that have Remote Support enabled. Only Nasuni Edge
Clicking Enabled Remote Support opens the Remote Support Service page. For details, see
“Remote Support Service” on page 353.
• Number of Nasuni Edge Appliances that have active Remote Support connections in progress.
Only Nasuni Edge Appliances that the user has access to are included.
Clicking Active Support Session opens the Remote Support Service page. For details, see
“Remote Support Service” on page 353.
Connected Clients
N1050
6000
In the Connected Clients area, the following information appears:

• Total number of connected clients, including CIFS clients and Mobile Access clients.
• Number of CIFS clients. Clicking CIFS Clients opens the Filer CIFS Clients page. For details,
see “CIFS Clients” on page 362.
• Number of Mobile Access clients, including iOS and Android clients. Clicking iOS or Android
opens the Mobile Licenses page. For details, see “Mobile Licenses” on page 350.

Filer Health
In the Filer Health area in the upper right, the following information appears:
• Number of Nasuni Edge Appliances offline, if any.
• Number of unhealthy Nasuni Edge Appliances, if any.
• Number of warnings for Nasuni Edge Appliances, if any.
• Number of hardware errors, if any. Clicking hardware error opens the Filer Platform/
Hardware Settings page. For details, see “Platform Settings” on page 378.
failed for some reason, if any. Clicking setting sync error opens the Outstanding Settings
Updates Filers page. For details, see “Pending Updates” on page 376.
• Number of Nasuni Edge Appliance updates available, if any. Clicking Filer updates opens the
Filer Software Updates page. For details, see “Software Updates” on page 388.
Tip: This area does not update automatically. To update the display, refresh the browser page.
Network Traffic
You can view a chart of the network traffic of the Nasuni Edge Appliances vs. time. This chart shows
data received from and transmitted to cloud storage, Mobile Access clients, the user interface, and
clients. The scale is in Kbits/second or Mbits/second, depending on throughput. Only Nasuni Edge
The Network Traffic chart looks like this:
Figure 12-2: Network Traffic chart.

Different colors represent types of network traffic. From the drop-down list, select one of the following
choices:
• All Filers: Displays network traffic for all Nasuni Edge Appliances under the control of the
Nasuni Management Console.
• specific Nasuni Edge Appliance: Displays network traffic for the selected Nasuni Edge
Appliance. Only Nasuni Edge Appliances that the user has access to are included.

any or all of the following:
• Cloud Transmit: for data transmitted to the cloud by the Nasuni Edge Appliance.
• Cloud Receive: for data received from the cloud by the Nasuni Edge Appliance.
• Mobile Transmit: for data transmitted to mobile devices by the Nasuni Edge Appliance.
• Mobile Receive: for data received from mobile devices by the Nasuni Edge Appliance.
• UI Transmit: for data transmitted to the user interface by the Nasuni Edge Appliance.
• UI Receive: for data received from the user interface by the Nasuni Edge Appliance.
• Client Transmit: for data transmitted to the client by the Nasuni Edge Appliance.
• Client Receive: for data received from the client by the Nasuni Edge Appliance.
Figure 12-3: Details of network traffic on Network Traffic chart.

selected range.
Mobile Usage
You can view a chart of Mobile Access usage vs. time. This chart shows the number of iOS and
Android users.
The Mobile Usage chart looks like this:
Figure 12-4: Mobile Usage chart.

Different colors represent types Mobile Access clients. From the drop-down list, select one of the
following choices:
• All Filers: Displays Mobile Access usage for all Nasuni Edge Appliances under the control of the
• specific Nasuni Edge Appliance: Displays Mobile Access usage for the selected Nasuni Edge
Appliance.
On the Mobile Usage chart, you can select which Mobile Access clients to include or exclude by
clicking iOS or Android.
If you hover the mouse over any part of the chart, a label appears displaying details about the number
of Mobile Access clients at that date and time.
Figure 12-5: Details of Mobile Access clients on Mobile Usage chart.

selected range.

Account Filers
A list appears of the Nasuni Edge Appliances in this account.
Figure 12-6: List of Nasuni Edge Appliances in this account.

Tip: Only Nasuni Edge Appliances that the user has access to are included.
Tip: After performing a disaster recovery on a Nasuni Edge Appliance, refresh this list by clicking
Refresh Managed Filers.
N1050
6000
NMC API.
The following properties appear for each Nasuni Edge Appliance in the list of Nasuni Edge Appliances:

• Filer: The name of the Nasuni Edge Appliance.

If the Nasuni Edge Appliance is off-line, the label “Filer Offline” appears.
If the Nasuni Edge Appliance is not managed by the Nasuni Management Console, the label
“Filer Not Managed” appears.
Clicking the name of the Nasuni Edge Appliance opens the Filer Details page. See “Filer Details
page” on page 275.
• Filer Version: The currently running version of the Nasuni Edge Appliance software. If updates
to new versions of the Nasuni Edge Appliance software are available, the label “Updates
Available” appears. To schedule automatic updates, see “Automatic Software Updates” on
page 284. manually update software, see “Software Updates” on page 388.
• Platform: The hardware appliance or virtual machine platform that the Nasuni Edge Appliance
runs on.
• Uptime: The amount of time that the Nasuni Edge Appliance has been running, in days, hours,
and minutes.
• Health: The overall health of the Edge Appliance. “Healthy”, if there are no unhealthy
conditions. “Warning”, if there are any warning conditions that are not in the unhealthy state.
“Unhealthy”, if there are any unhealthy conditions. For more details, see “Health Monitor” on
page 280.
Tip: After addressing an unhealthy condition of an Edge Appliance, you can refresh this list
by clicking Refresh Managed Filers.
• Status: The current status of the Edge Appliance configuration. A checkmark indicates that the
NMC is up to date with the Edge Appliance configuration. If the status is pending, then the NMC
is waiting for an update of the Edge Appliance configuration. If there are errors, then there might
be an issue with the Edge Appliance configuration.

Filer Details page

Clicking the name of a Nasuni Edge Appliance opens the Filer Details page.
Figure 12-7: Filer Details page.

Network Traffic
You can view a chart of the network traffic of the Nasuni Edge Appliance vs. time. This chart shows
data received from and transmitted to cloud storage, Mobile Access clients, the user interface, and
clients. The scale is in Kbits/second or Mbits/second, depending on throughput.
any or all of the following:
• Cloud Transmit: for data transmitted to the cloud by the Nasuni Edge Appliance.
• Cloud Receive: for data received from the cloud by the Nasuni Edge Appliance.
• Mobile Transmit: for data transmitted to mobile devices by the Nasuni Edge Appliance.
• Mobile Receive: for data received from mobile devices by the Nasuni Edge Appliance.
• UI Transmit: for data transmitted to the user interface by the Nasuni Edge Appliance.
• UI Receive: for data received from the user interface by the Nasuni Edge Appliance.
• Client Transmit: for data transmitted to the client by the Nasuni Edge Appliance.
• Client Receive: for data received from the client by the Nasuni Edge Appliance.
Figure 12-8: Details of network traffic on Network Traffic chart.

selected range.
Mobile Usage
You can view a chart of Mobile Access usage vs. time. This chart shows the number of iOS and
Android users.
On the Mobile Usage chart, you can select which Mobile Access clients to include or exclude by
clicking iOS or Android.
If you hover the mouse over any part of the chart, a label appears displaying details about the number
of Mobile Access clients at that date and time.
Figure 12-9: Details of Mobile Access clients on Mobile Usage chart.

selected range.

CPU Activity
You can view a chart of CPU activity vs. time. This chart shows the percentage usage of the CPU.
If you hover the mouse over any part of the chart, a label appears displaying details about the CPU
activity at that date and time.
Figure 12-10: Details on CPU activity chart.
Memory Usage
You can view a chart of memory usage vs. time. This chart shows the amount of memory used in units
such as GiB.
as 9.53 MB.
Tip: Due to the way Memory Usage is calculated, the display can show spikes that do not reflect
the actual values. Refreshing the display can remove these spikes.
If you hover the mouse over any part of the chart, a label appears displaying details about the memory
usage at that date and time.
Figure 12-11: Details on Memory Usage chart.
Filer Details
The Filer Details page displays a summary of information about the Nasuni Edge Appliance:
• In the Settings area:
• Description: Description of this Nasuni Edge Appliance. Clicking the description opens the
Filer Description page, with the Description Settings dialog box selected. For details, see
“Nasuni Edge Appliance Description” on page 296.
• Serial Number: Serial number of this Nasuni Edge Appliance, which is used to recover a
• Automatic Updates: The schedule to automatically update the software for this Nasuni
Edge Appliance. Clicking the schedule opens the Filer Automatic Software Update
Settings page, with the Automatic Updates dialog box selected. For details, see
“Automatic Software Updates” on page 284.

• Cache Settings: The minimum and maximum amount of local cache space reserved for
new, incoming data on this Nasuni Edge Appliance. The percentage of the cache to reserve
for new, incoming data also appears, or, if the percentage is managed automatically, the
label “Automatic” appears. Clicking the setting opens the Filer Cache Settings page, with
the Cache Settings dialog box selected. For details, see “Cache Settings” on page 287.
• Encryption Keys: Number of encryption keys in use on this Nasuni Edge Appliance.
Clicking this setting opens the Filer Encryption Keys page. For details, see “Encryption
Keys” on page 302.
• Quality of Service: Number of Quality of Service rules for this Nasuni Edge Appliance.
Clicking this setting opens the Filer Quality of Service page, with the Quality of Service
Settings dialog box selected. For details, see “Quality of Service (Bandwidth) Settings” on
page 317.
• SNMP Settings: An indicator of whether SNMP settings are enabled for this Nasuni Edge
Appliance. Clicking this setting opens the Filer SNMP Settings page, with the SNMP
Settings dialog box selected. For details, see “SNMP Settings” on page 331.
• Time Configuration: The time zone and number of time servers for this Nasuni Edge
Appliance. Clicking this setting opens the Filer Time Configuration page, with the
Timezone Settings dialog box selected. For details, see “Time Configuration” on page 340.
• In the Services area:
• Mobile Settings: Mobile Access settings for this Nasuni Edge Appliance, including
expiration, single device setting, and allowed devices. Clicking this setting opens the Mobile
Service Settings page, with the Edit Mobile Service Settings dialog box selected. For
details, see “Mobile Settings” on page 345.
• Mobile Licenses: Mobile licenses for this Nasuni Edge Appliance. Clicking this setting
opens the Mobile Licenses page. For details, see “Mobile Licenses” on page 350.
• Remote Support: Remote Support status for this Nasuni Edge Appliance. Clicking this
setting opens the Remote Support Service page, with the Edit Remote Support Service
dialog box selected. For details, see “Remote Support Service” on page 353.
• In the Status area:
• Software updates: Software updates available for this Nasuni Edge Appliance. Clicking this
setting opens the Filer Software Updates page, with the Update Filer dialog box selected.
For details, see “Software Updates” on page 388.
• Uptime: Uptime for this Nasuni Edge Appliance.
• Security Mode: Security mode for this Nasuni Edge Appliance: Active Directory, LDAP
Directory Services, Publicly Available, or Unknown. Clicking this setting opens the Filer
Security Settings page. For details, see “Security Settings” on page 381.
• SSL Certificate: SSL certificate settings for this Nasuni Edge Appliance. Clicking this
setting opens the SSL Certificates page. For details, see “SSL Certificates” on page 394.
• CIFS: Number of CIFS shares, clients, and locks for this Nasuni Edge Appliance. Clicking
this setting opens the Shares page. For details, see “SMB (CIFS) Shares” on page 163.
• NFS: Number of NFS exports for this Nasuni Edge Appliance. Clicking this setting opens the
Exports page. For details, see “NFS Exports” on page 141.

• FTP: Number of FTP/SFTP directories for this Nasuni Edge Appliance. Clicking this setting
opens the Filer FTP Status page. For details, see “FTP clients” on page 367.
• In the Platform area:
• Filer Version: The version of the Nasuni Edge Appliance software, such as 9.3, and the
version of the Nasuni Edge Appliance base operating system, such as OS7.
• Platform: Type of platform for this Nasuni Edge Appliance. For details, see “Platform
Settings” on page 378.
• CPUs: Number of CPUs for this Nasuni Edge Appliance. For details, see “Platform Settings”
on page 378.
• Memory: Memory for this Nasuni Edge Appliance. For details, see “Platform Settings” on
page 378.
• Disk Cache: Size of disk cache, and percentage of cache used, for this Nasuni Edge
Appliance. For details, see “Platform Settings” on page 378.
• Ambient Temperature (for Nasuni Edge Appliance hardware appliances only): The ambient
temperature in Celsius and Fahrenheit.
• Exhaust Temperature (for Nasuni Edge Appliance hardware appliances only): The exhaust
• Inlet Temperature (for Nasuni Edge Appliance hardware appliances only): The inlet
• Power Supplies (for Nasuni Edge Appliance hardware appliances only): The status of the
power supplies. If the status is Alert, you should investigate the situation.
• RAID Arrays (for Nasuni Edge Appliance hardware appliances only): Number of RAID arrays
and status of the RAID arrays. If the status is Alert, you should investigate the situation.
• RAID Disks (for Nasuni Edge Appliance hardware appliances only): Number of disks and
status of the disks. If the status is Alert, you should investigate the situation.
• In the Network area:
• Hostname: Hostname of this Nasuni Edge Appliance. For details, see “Network” on
page 373.
• IP Addresses: IP addresses for this Nasuni Edge Appliance. Clicking this setting opens the
Nasuni Edge Appliance user interface. For details, see “Network” on page 373.
• Default Gateway: Default gateway for this Nasuni Edge Appliance. For details, see
“Network” on page 373.
• DNS Servers: DNS servers for this Nasuni Edge Appliance. For details, see “Network” on
page 373.
• Search Domains: Search domains for this Nasuni Edge Appliance. For details, see
“Network” on page 373.

Health Monitor
Health Monitor is a feature for monitoring a number of Edge Appliance conditions. Health Monitor
conditions can be helpful in troubleshooting issues with Edge Appliances. The monitored results are
displayed in the Health area here.
Figure 12-12: Health results.

Note: Some of the conditions have two thresholds. If such a condition exceeds one threshold,
that results in a “Warning” indication. If that condition then exceeds the other threshold,
that results in an “Unhealthy” indication.
Tip: You can also monitor hardware conditions using iDRAC. See iDRAC Configuration.
The overall health of the Edge Appliance is displayed on the Filers page.
Tip: For details of Health Monitor polling intervals, thresholds, and remediation, see Appendix
20, “Health Monitor Overview,” on page 528.
Tip: If any Health condition is displayed as “Unhealthy”, you can view detailed information and
any recommendations by hovering over the “Unhealthy” indicator. Alternatively, clicking
“View Recommendations” opens the Health Monitor Current Status dialog box which
displays detailed information and any recommendations.
Figure 12-13: Health Monitor Current Status dialog box.

In the Health area, the following items are displayed:

• CPU: “Unhealthy”, if the CPU utilization is above 95 percent for an extended period of time.
“Warning”, if the CPU utilization is above 90 percent for an extended period of time. Otherwise,
“Healthy”.
• Directory Services: “Unhealthy”, if this Edge Appliance has failed connecting to Active
Directory several times in a row. Otherwise, “Healthy”.
• Disk (for Nasuni Edge Appliance hardware appliances only): “Unhealthy”, if any of the following
conditions is true for this Edge Appliance:
• This Edge Appliance is reporting disk I/O errors.
• This Edge Appliance is reporting a SMART disk error.
Otherwise, “Healthy”.
• Filesystem: “Unhealthy”, if any of the following conditions is true for this Edge Appliance:
• The local filesystem (/, /var, /var/nasuni, or /boot mount points) for the Nasuni OS is
getting full.
• The cache is severely fragmented.
• Memory: “Unhealthy”, if available memory for this Edge Appliance is below 5 percent for an
extended period of time. “Warning”, if available memory for this Edge Appliance is below 10
percent for an extended period of time. Otherwise, “Healthy”.
• NFS: “Unhealthy”, if one or more NFS exports might not be available for this Edge Appliance for
an extended period of time. Otherwise, “Healthy”.
• Network: “Unhealthy”, if any of the following conditions is true for this Edge Appliance:
• This Edge Appliance is having trouble connecting to cloud storage for an extended period of
time.
• This Edge Appliance is having connectivity problems reaching the Nasuni Operations Center
(NOC) for an extended period of time.
• This Edge Appliance is unable to connect to the Global File Lock servers for an extended
period of time.
• This Edge Appliance is unable to connect to the NMC message queuing service for an
extended period of time. NMC management of this Edge Appliance might be impacted.
• Services: “Unhealthy”, if any of the following conditions is true for this Edge Appliance:
• The UniFS filesystem process is not available for an extended period of time.
• One or more Nasuni services are not responding for an extended period of time.

Filers Page API Keys
API Keys
Certain programs external to the Nasuni Edge Appliance require a Nasuni API access key for
configuration purposes.
API Access key for external auditing using Varonis

Nasuni can use an external auditing service, such as Varonis. To complete configuration of the Varonis
application to use Nasuni auditing events, you must provide a Nasuni API access key. For details of the
Varonis configuration, see “Varonis Configuration” on page 257. For more details, see “Audit
Destinations Status” on page 360.
To obtain an API Access Key and Passcode, follow these steps:
1. Click Filers and select API Keys from the menu on the left. The Filer API Access Key Settings
page appears.
Figure 12-14: Filer API Access Key Settings page.

2. Click New API Key. The Add API Access Key dialog box appears.
Figure 12-15: Add API Access Key dialog box.

3. From the Filer drop-down list, select the Nasuni Edge Appliance.
4. In the Name text box, enter a name for this API key. Use a name that is meaningful to you, such
as “varonis_key”.
5. Click Add API Key. The Nasuni Edge Appliance generates a Key Passcode for this key. A
message appears that includes the Key Passcode.
6. Copy and store the Key Passcode.
7. The new key appears in the API Access Keys list.

Filers Page API Keys
8. To regenerate the Key Passcode, click Edit .

9. To delete this key, click Delete Key .

Filers Page Automatic Software Updates
Automatic Software Updates

You can view and edit settings for automatic software updates for the Nasuni Edge Appliances on the
Filer Automatic Software Update Settings page.
You can configure managed Nasuni Edge Appliances to automatically download and install software
updates on selected days and times. This feature is disabled by default.
Warning: Do not attempt to restore from a virtual machine snapshot or backup.
Tip: To prevent automatic software updates from occurring at inconvenient times, specify the
days and times for automatic software updates to occur. To prevent automatic software
updates entirely, clear all days and times.
Important: The version of the Nasuni Management Console must support the version of the
Nasuni Edge Appliance that the Nasuni Management Console is to manage. If a
Nasuni Edge Appliance is joined to a Nasuni Management Console, update the
Nasuni Management Console software before updating the Nasuni Edge Appliance
software.
For details, see “NMC version” on page 62.
Tip: If updating the Edge Appliance software from a version before 9.0 to version 9.0 and later,
for NFS volumes and multiprotocol (CIFS and NFS) volumes that are using the Advanced
mode of Global File Lock, change the mode of Global File Lock before performing the
update. NFS volumes and multiprotocol (CIFS and NFS) volumes do not support the
Advanced mode of Global File Lock for version 9.0 and later.
You can also manually update the Nasuni Edge Appliance software, as detailed in “Software Updates”
on page 388.
Viewing automatic software update settings

To view automatic software update settings, follow these steps:
1. Click Filers, then click Automatic Updates in the left-hand column. The Filer Automatic
Software Update Settings page displays a list of Nasuni Edge Appliances.
Figure 12-16: Filer Automatic Software Update Settings page.

The following information appears for each Nasuni Edge Appliance in the list:
• Description: The description of the Nasuni Edge Appliance. You can change the
description, as detailed in “Nasuni Edge Appliance Description” on page 296.
• Days: The days of the week on which to look for automatic software updates. If no days are
selected to look for automatic software updates, the label “Disabled” appears.

• Hour: The time at which to look for automatic software updates on the selected days.
Editing automatic software update settings

software.
To edit automatic software update settings, follow these steps:
1. On the Filer Automatic Software Update Settings page, select the Nasuni Edge Appliances in
the list whose automatic software update settings you want to edit.
2. Click Edit Filers. The Automatic Updates dialog box appears.
Figure 12-17: Automatic Updates dialog box.

3. To copy the automatic software update settings from a Nasuni Edge Appliance, select the
Nasuni Edge Appliance from the Copy Settings drop-down list. The automatic software update
settings of the selected Nasuni Edge Appliance appear in the Automatic Updates dialog box.
4. Select the days to look for automatic software updates (for example, Sunday, Tuesday, and
Thursday) in the Days area.
Tip: To prevent automatic software updates entirely, clear all days.
5. From the Time drop-down list, select the time on the selected day to look for automatic
software updates.
Tip: The time is the local time for the Nasuni Edge Appliance.
6. Click Save Update Schedule. The automatic software update settings are changed. The
Nasuni Edge Appliances appear in the list on the Filer Automatic Software Update Settings
page.
Alternatively, to exit the dialog box without changing the automatic software update settings,
click Close.


Filers Page Cache Settings
Cache Settings
On the Filer Cache Settings page, you can view and edit the settings for the local cache space
reserved for new writes.
The cache performs two different, but related, tasks. First, the cache retains the data that users are
most likely to need. Second, the cache also temporarily contains new, incoming data that the Nasuni
Edge Appliance has not yet sent to permanent storage in the cloud.
By default, the Nasuni Edge Appliance automatically manages the amount of local cache space
reserved for new, incoming data, using an advanced algorithm to optimize cache usage. However, the
administrator can manually set the area of the cache reserved for new, incoming data. The area for
new, incoming data can be from 5 percent to 90 percent of the cache. The remainder of the cache
retains the data locally that users are most likely to need.
The larger the area for new, incoming data is, the less data the Nasuni Edge Appliance can retain
locally, and the more slowly users can access data. It might also be necessary for the Nasuni Edge
Appliance to frequently retrieve data from the cloud, which could delay access.
However, the larger the area for new, incoming data is, the larger the batches of new, incoming data
that the Nasuni Edge Appliance can send to permanent storage in the cloud, protecting that data from
loss.
You can estimate the area necessary for each use by examining data usage patterns. For example, if
you have a 1 TB cache and must keep 200 GB of data locally, then you can set the area for new,
incoming data as high as 80 percent. On the other hand, if you rarely have more than 300 GB in a
snapshot, then you can set the area for new, incoming data as low as 30 percent, leaving 70 percent of
the cache for retaining data locally.
By setting the amount of local cache space reserved for new, incoming data, you disable the automatic
management of this value.
Viewing cache settings

To view the amount of local cache space reserved for new, incoming data, follow these steps:
1. Click Filers, then click Cache Settings in the left-hand column. The Filer Cache Settings page
displays a list of managed Nasuni Edge Appliances.
Figure 12-18: Filer Cache Settings page.


• Minimum Value: The minimum value of space to reserve for new, incoming data, in percent.
• Maximum Value: The maximum value of space to reserve for new, incoming data, in
percent.
• Reserved: The amount of space reserved for new, incoming data in the cache, in percent. If
the amount of space reserved for new, incoming data is managed automatically by the
Nasuni Edge Appliance, the label “Automatic” appears.

Editing cache settings

To edit cache settings, follow these steps:
1. On the Filer Cache Settings page, select the Nasuni Edge Appliances in the list whose cache
settings you want to edit.
2. Click Edit Filers. The Cache Settings dialog box appears.
Figure 12-19: Cache Settings dialog box.

3. To copy the cache settings from a Nasuni Edge Appliance, select the Nasuni Edge Appliance
from the Copy Settings drop-down list. The cache settings of the selected Nasuni Edge
Appliance appear in the Cache Settings dialog box.
4. From the Reserved drop-down list, select the percentage of the cache to reserve for new data.
Alternatively, to enable the Nasuni Edge Appliances to manage the reserved cache space
themselves, select Automatic.
5. Click Save Cache Settings. The cache settings are changed. The Nasuni Edge Appliances
appear in the list on the Filer Cache Settings page.
Alternatively, to exit the dialog box without changing the cache settings, click Close.

Filers Page CIFS Settings
CIFS Settings
You can view and configure CIFS settings for Nasuni Edge Appliances. These advanced features of the
CIFS interface apply to all volumes on a Nasuni Edge Appliance.
Viewing CIFS settings

To view CIFS settings, follow these steps:
1. Click Filers, then click CIFS Settings in the left-hand column. The Filer CIFS Settings page
displays a list of Nasuni Edge Appliances.
Figure 12-20: Filer CIFS Settings page.

The following information appears for each Nasuni Edge Appliance:
• Description: The description of the Nasuni Edge Appliance.
• Allocation Roundup Size: Value to round up file sizes on disk. The default is to be disabled.
• Protocol Level: The maximum version of the CIFS/SMB protocol that the server negotiates
with the client.
• Enhanced Support for POSIX Clients: Whether to allow clients to use Portable Operating
System Interface (POSIX) semantics: Yes (allow) or No (do not allow). If not enabled, POSIX
clients can still connect. However, they do not have the full range of file server operations.

Editing CIFS settings

To edit CIFS settings, follow these steps:
1. On the Filer CIFS Settings page, select the Nasuni Edge Appliances to change, then click Edit
Filers. The CIFS Settings dialog box appears.
Figure 12-21: CIFS Settings dialog box.

2. To copy the settings from a Nasuni Edge Appliance, select the Nasuni Edge Appliance from the
Copy Settings drop-down list. The settings of the selected Nasuni Edge Appliance appear in
the dialog box.
3. From the Allocation Roundup Size drop-down list, select the allocation roundup size. The
default is to be disabled.
4. From the Protocol Level drop-down list, select the maximum version of the CIFS/SMB protocol
that the server negotiates with the client. This is the highest level that the Nasuni Edge
Appliance supports. The client can negotiate a lower version, if necessary. The choices include
the following:
• CIFS: Common Internet File System protocol, also called SMB 1.0. SMB 1.0 is disabled by
default. To enable SMB 1.0, contact Nasuni Support.
• CIFS & SMB2: Server Message Block version 2.0. SMB 2.0 offers improved performance
over SMB 1.0.
• CIFS & SMB3: Server Message Block version 3.0. SMB 3.0 offers improved performance
and security over SMB 2.0.
Tip: Best practice is to select “CIFS & SMB3”. Using SMB3 can improve performance.
5. To allow clients to use Portable Operating System Interface (POSIX) semantics, select the
Enhanced Support for POSIX Clients check box (selected by default). If you clear this option,
POSIX clients can still connect. However, they do not have the full range of file server
operations.

6. To not allow anonymous connections, select Restrict Anonymous. When selected, users
cannot log into CIFS without entering a username and password.
Tip: If “Restrict Anonymous” is not set, anonymous connections are allowed, and users can
log into CIFS without entering a valid username and password.
If “Restrict Anonymous” is set, anonymous connections are not allowed, and users must
enter a valid username and password to log into CIFS. In particular, users cannot
discover shares, cannot discover or list sessions, and cannot discover or list users and
groups. Additional restriction options can be configured by contacting Support.
7. To save your settings, click Save CIFS Settings. Otherwise, click Close.
Note: Changing these settings only affects new CIFS/SMB clients. You must disconnect or
reset an existing client's connection to use the new settings.

Filers Page FTP Settings
FTP Settings
You can view and configure FTP/SFTP settings for Nasuni Edge Appliances. These advanced features
of the FTP protocol apply to all volumes on a Nasuni Edge Appliance.
page 201.
Viewing FTP settings

To view FTP/SFTP settings, follow these steps:
1. Click Filers, then click FTP Settings in the left-hand column. The Filer FTP Settings page
displays a list of Nasuni Edge Appliances.
Figure 12-22: Filer FTP Settings page.

The following information appears for each Nasuni Edge Appliance:
• Masquerade Address: IP address (not DNS hostname) presented to client, instead of local
server’s IP address or DNS hostname.
• Idle Login Timeout: Time in seconds to wait before closing an idle connection. Zero (0)
means never close an idle connection.
• Anonymous Access Username: Username that the user must log in with in order to access
any FTP/SFTP directory anonymously. Default: anonymous.

• Anonymous Access Group: Group associated with the Anonymous Access Username.
Editing FTP settings

To edit FTP/SFTP settings, follow these steps:
1. On the Filer FTP Settings page, select the Nasuni Edge Appliances to change, then click Edit
Filers. The FTP Settings dialog box appears.
Figure 12-23: FTP Settings dialog box.

the dialog box.
3. Optionally, in the Masquerade Address text box, type an IP address or DNS hostname to
present to the client instead of the local server's IP address or DNS hostname.
4. Optionally, in the Idle Login Timeout text box, type the time in seconds to wait before closing
an idle connection. Zero (0) means never close an idle connection.
5. Optionally, in the Anonymous Access Username text box, type the username that the user
must log in with in order to access any FTP/SFTP directory anonymously. Default: anonymous.
The username is case sensitive.

6. Optionally, in the Anonymous Access Group text box, type the group associated with the
Anonymous Access Username.
7. Click Save FTP Settings to save your settings. Otherwise, click Close.

Filers Page Nasuni Edge Appliance Description
Nasuni Edge Appliance Description

You can view and change Nasuni Edge Appliance descriptions on the Filer Description page.
You can change the name of the Nasuni Edge Appliance from the name assigned when you installed it.
The name can be up to 140 characters in length.
This name is used as a descriptive name for the Nasuni Edge Appliance when you log in to your
account at www.nasuni.com or perform a disaster recovery.
Caution: Avoid using characters that systems, such as Active Directory, specify as disallowed,
including period (.), backslash (\), forward slash (/), colon (:), asterisk (*), question mark
(?), quotation mark ("), less than sign (<), greater than sign (>), and vertical bar (|). Errors
can occur for Nasuni Edge Appliances whose names include such characters. For
example, it might not be possible to configure the Nasuni Edge Appliance for Active
Directory access. You can change the name of the Nasuni Edge Appliance to avoid
such characters.
Viewing Nasuni Edge Appliance descriptions

To view Nasuni Edge Appliance descriptions, follow these steps:
1. Click Filers, then click Description in the left-hand column. The Filer Description page
Figure 12-24: Filer Description page.


Filers Page Nasuni Edge Appliance Description
Editing the Nasuni Edge Appliance description

To edit the selected Nasuni Edge Appliance description, follow these steps:
1. On the Filer Description page, click Edit . The Description Settings dialog box appears.
Figure 12-25: Description Settings dialog box.

2. Enter a new description in the Filer Description text box. The description can be up to 140
characters in length.
Caution: Avoid using characters that systems, such as Active Directory, specify as
disallowed, including period (.), backslash (\), forward slash (/), colon (:), asterisk (*),
question mark (?), quotation mark ("), less than sign (<), greater than sign (>), and
vertical bar (|). Errors can occur for Nasuni Edge Appliances whose names include
such characters. For example, it might not be possible to configure the Nasuni
Edge Appliance for Active Directory access.
3. To accept your, click Save Description. The description is changed and appears in the list of
Alternatively, to exit this screen without changing the description, click Close.

Filers Page Disk Encryption
Disk Encryption
You can view and change the disk encryption settings for Nasuni Edge Appliances. If Full Disk
Encryption is available for a Nasuni Edge Appliance, you can enable disk encryption. If disk encryption
is enabled, you can change the encryption password.
Warning: After Full Disk Encryption is enabled, it cannot be disabled.
Viewing disk encryption status

To view the status of disk encryption for Nasuni Edge Appliances, follow these steps:
1. Click Filers, then click Disk Encryption in the left-hand column. The Full Disk Encryption page
Figure 12-26: Full Disk Encryption page.

• Full Disk Encryption: The status of disk encryption for the Nasuni Edge Appliance: Not
Available, Not Enabled, or Enabled.

Editing the disk encryption status of the Nasuni Edge Appliance

Warning: After Full Disk Encryption is enabled, it cannot be disabled.
To enable disk encryption, follow these steps:
1. To enable disk encryption: On the Full Disk Encryption page, for a Nasuni Edge Appliance that
has the status of Not Enabled, click Edit . The Enable Full Disk Encryption dialog box
appears.
Figure 12-27: Enable Full Disk Encryption dialog box.

Enter a password for the disk, and verify the password.

2. To change the password for a disk with disk encryption enabled: On the Full Disk Encryption
page, for a Nasuni Edge Appliance that has the status of Enabled, click Edit . The Change
Full Disk Encryption Password dialog box appears.
Figure 12-28: Change Full Disk Encryption Password dialog box.

Enter the current password, then enter a new password for the disk, and verify the password.
Click Save.

Filers Page Email Settings
Email Settings
Clicking the Email Settings link opens the Filer & Console Email Settings page. See “Email Settings”
on page 415.

Filers Page Encryption Keys
Encryption Keys
You can view, upload, send, escrow, and delete encryption keys on the Filer Encryption Keys page.
You can also select backup keys. You can view, add, enable, and disable volume encryption keys on
the Volume Encryption Keys page. You can view, upload, escrow, and delete encryption keys on the
Console Settings Encryption Keys page.
The Nasuni Edge Appliance automatically encrypts your data at your premises using the OpenPGP
encryption protocol, with the default encryption of 256-bit Advanced Encryption Standard (AES-256).
The data remains encrypted in cloud storage.
You can generate your own encryption keys using any OpenPGP-compatible program, such as
Gpg4win, GPGTools, and OpenPGP Studio. For details, see Generating Encryption Keys. You can then
add (import or upload) the encryption key to the Nasuni Management Console. (For security reasons,
encryption keys that you upload cannot be downloaded from the system.) The encryption key is used
to encrypt your data before it is sent to cloud storage and decrypt data when it is read back.
procedure.
You can send existing encryption keys to Nasuni Edge Appliances. You can escrow your encryption
keys with Nasuni.

encryption key.
procedure.
in your license.
Note: To add an encryption key to a volume, see “Adding encryption keys to a volume”.

Viewing encryption keys on Nasuni Edge Appliances

To view encryption keys on Nasuni Edge Appliances, follow these steps:
1. Click Filers, then click Encryption Keys in the left-hand column. The Filer Encryption Keys
page displays a list of encryption keys on managed Nasuni Edge Appliances.
Figure 12-29: Filer Encryption Keys page.

• Name: The name of the encryption key.
• Algorithm: The algorithm of the encryption key, such as RSA.
• Length: The length of the encryption key, in bits.
• Key ID: The key ID is a shorter version of the fingerprint of the encryption key, generally
including just the last 8 digits.
• Filer: The name of the Nasuni Edge Appliance where this encryption key is located.
• Escrowed by Nasuni: Whether this encryption key is escrowed by Nasuni: Yes (encryption
key is escrowed by Nasuni) or No (encryption key is not escrowed by Nasuni).
• Actions: Actions available for each encryption key.

Adding (importing or uploading) encryption keys to Nasuni Edge Appliances

You can add (import or upload) encryption keys to Nasuni Edge Appliances.
You can generate your own encryption keys using any OpenPGP-compatible program, such as
Gpg4win, GPGTools, and OpenPGP Studio. For details, see Generating Encryption Keys. You can then
add (import or upload) the encryption key to the Nasuni Management Console. The encryption key is
used to encrypt your data before it is sent to cloud storage and decrypt data when it is read back. The
Nasuni Edge Appliance accepts multiple encryption algorithms for encryption keys.
Important: For security reasons, encryption keys that you upload cannot be downloaded from
the system.
procedure.
Important: Before you can escrow your encryption keys with Nasuni, you must create an
escrow passphrase, in case you need these escrowed encryption keys when you
perform a recovery procedure. See “Escrow Passphrase” on page 311.
Important: Imported encryption keys are not automatically escrowed. You MUST SAVE all
imported encryption keys to another location outside the Nasuni Edge Appliance, so
that they are available if needed for disaster recovery. All encryption keys associated
with a volume must be recovered as part of the disaster recovery process. To
escrow encryption keys with Nasuni, see “Escrowing Encryption Keys with Nasuni”
on page 308.

To add (import or upload) encryption keys to Nasuni Edge Appliances, follow these steps:
1. On the Filer Encryption Keys page, click Upload Encryption Keys. The Import Key(s) dialog
box appears.
Figure 12-30: Import Key(s) dialog box.

2. Select the managed Nasuni Edge Appliances to which you want to upload the encryption key.
3. Click Choose File, then navigate to the encryption key file. This file should be OpenPGP-
compatible.
bytes.
4. If an encryption key passphrase is needed, enter the encryption key passphrase in the Key
Passphrase text box.
recovery procedure.
5. Click Import Key. The encryption key is imported to the selected Nasuni Edge Appliances.
Alternatively, to exit this screen without importing any encryption keys, click Close.

Sending encryption keys to Nasuni Edge Appliances

You can send existing encryption keys from the Nasuni Management Console to Nasuni Edge
Appliances.
Tip: To use an encryption key from one Edge Appliance on other Edge Appliances, first obtain a
file containing the desired encryption key. If the key was generated internally by the Edge
Appliance, download the encryption key from the original Edge Appliance to a file, using the
"Download Generated Keys" button on the Encryption Keys page. After obtaining a file
containing the encryption key, upload the encryption key to the NMC, using the procedure
in “Uploading (importing or adding) encryption keys to the NMC” on page 449. Then you
can send the uploaded encryption key to other Edge Appliances.
Important: Encryption keys are not automatically escrowed. You MUST SAVE all encryption keys
to another location outside the Nasuni Edge Appliance, so that they are available if
needed for disaster recovery. All encryption keys associated with a volume must be
recovered as part of the disaster recovery process. To escrow encryption keys with
Nasuni, see “Escrowing Encryption Keys with Nasuni” on page 308.
To send encryption keys to Nasuni Edge Appliances, follow these steps:
1. On the Filer Encryption Keys page, click Send NMC Keys. The Send NMC Key(s) dialog box
appears.
Figure 12-31: Send NMC Key(s) dialog box.

2. Select the managed Nasuni Edge Appliances to which you want to send the encryption keys.
3. Select the encryption keys that you want to send to the selected Nasuni Edge Appliances.
4. Click Send Key(s). The selected encryption keys are sent to the selected Nasuni Edge
Appliances.
Alternatively, to exit this screen without sending any encryption keys, click Close.

Escrowing Encryption Keys with Nasuni

You can escrow your encryption keys with Nasuni.
Escrowing an encryption key with Nasuni means that you can, at any time, request the encryption key
during a disaster recovery from Nasuni. Your key is protected on Nasuni servers using the same
security practices that we use for all keys escrowed with Nasuni.
Note: You can specify that you do not want Nasuni to escrow encryption keys. If you specify this,
you must manage your own encryption keys, because Nasuni does not manage them. If
you specify this, you can still have Nasuni generate encryption keys, and those generated
encryption keys are still automatically escrowed, because all generated encryption keys
are automatically escrowed. If you want to specify to not escrow encryption keys, contact
Nasuni Support.
Important: Before you can escrow your encryption keys with Nasuni, you must create an escrow
passphrase, in case you need these escrowed encryption keys when you perform a
recovery procedure. See “Escrow Passphrase” on page 311.
To escrow encryption keys with Nasuni, follow these steps:
1. For the encryption key that you want to escrow with Nasuni, on the Filer Encryption Keys
page, click Escrow Key with Nasuni . The Escrow Encryption Key dialog box appears.
Figure 12-32: Escrow Encryption Key dialog box.

2. Escrow Encryption Key in the Confirmation Phrase text field.
Caution: You are about to permanently escrow your encryption key with the Nasuni
Corporation. This process is irreversible.
3. Click Escrow Key. Your encryption key is escrowed with Nasuni. The information on the Filer
Encryption Keys page updates to reflect this change.
Alternatively, to exit this screen without escrowing any encryption keys, click Close.

Deleting Encryption Keys

You can delete encryption keys, as long as the encryption key is not currently assigned to a volume and
never has been assigned to a volume. Encryption keys that were once assigned to a volume, but are
now disabled, might be needed for disaster recovery procedures and so cannot be deleted.
To delete an encryption key, follow these steps:
1. For the encryption key that you want to delete, on the Filer Encryption Keys page, click Delete
Key . The Delete Encryption Key dialog box appears.
Figure 12-33: Delete Encryption Key dialog box.

2. Delete Encryption Key in the Confirmation Phrase text field.
Caution: You are about to permanently delete this encryption key. This process is
irreversible.
3. Click Delete Key. Your encryption key is deleted. The Filer Encryption Keys page updates to
reflect this change.
Alternatively, to exit this screen without deleting any encryption keys, click Close.

Backup Keys
A backup key is a type of encryption key that is used to ensure that it is possible to recover a Nasuni
Edge Appliance that has no owned volumes. Without a backup key, it is not possible to recover a
Nasuni Edge Appliance that has no owned volumes.
If a Nasuni Edge Appliance has no owned volumes and no backup key, after 2 days, the following
notification is sent: “Because this Edge Appliance has no volumes or backup keys, you cannot
currently perform a disaster recovery on this Edge Appliance. On the Encryption Keys page, you can
generate a backup key to enable disaster recovery.”
For Edge Appliances before version 9.3, you can generate a Backup Key using the Nasuni Edge
Appliance user interface.
If the backup key is the only encryption key for the Nasuni Edge Appliance, you cannot delete the
backup key.
When recovering the Nasuni Edge Appliance using a backup key, indicate whether or not you need
Nasuni to provide an escrowed backup key on the second “Perform Disaster Recovery on existing
Edge Appliance” page. Then obtain your backup key, either from Nasuni or from your own
safekeeping, and upload your backup key on the “Upload Encryption Keys” page.

Filers Page Escrow Passphrase
Escrow Passphrase
To perform a recovery procedure on an Edge Appliance, you MUST have all of the encryption keys for
ALL volumes owned by that Edge Appliance in order to successfully regain access to your data. This
means that, if Nasuni is escrowing any of your encryption keys, one of the following must occur:
• You must have created an escrow passphrase.
• You must have all of your encryption keys available, including the encryption keys escrowed
with Nasuni.
• You must contact Nasuni and verify your identity so that Nasuni can issue a special recovery
key.
The escrow passphrase must contain only ASCII printable characters (no Unicode) and cannot exceed
511 characters.
You can create an escrow passphrase on the Nasuni Edge Appliance, on the NMC, or using the NMC
API.
To create an escrow passphrase on the NMC, follow these steps:
1. Click Filers, then select Escrow Passphrase from the list. The Filer Escrow Passphrase page
appears.
Figure 12-34: Filer Escrow Passphrase page.

2. Select the Nasuni Edge Appliances to set the escrow passphrase for, then click Edit Filers. The
Set Escrow Passphrase dialog box appears.
Figure 12-35: Set Escrow Passphrase dialog box.

3. Enter the Escrow Passphrase. The passphrase must contain only ASCII printable characters
(no Unicode) and cannot exceed 511 characters.
An indication of the strength of the passphrase is displayed.
4. Confirm the escrow passphrase by entering it again.
5. Click Set Passphrase.

Filers Page Escrow Passphrase
The escrow passphrase is created.

Important: Keep this escrow passphrase in a secure place. You use the escrow passphrase
when performing a recovery procedure for the Nasuni Edge Appliance.
Tip: If the escrow passphrase is lost, contact Nasuni Support and complete a lost passphrase
form. Nasuni provides a recovery key. The recovery key is not the escrow passphrase:
Nasuni does not know your escrow passphrase and cannot provide it.

Filers Page Global Locking
Global Locking
Edit
This page enables you to configure certain aspects of Global File Lock. For details about Global File
Lock, see “Global File Lock” on page 127.
page 534.
Tip: Use caution when making changes to Global File Lock, and discuss the possible
implications of changes beforehand with Nasuni Technical Support.
Caution: It is not recommended to move files between directories protected by Global File Lock
and directories not protected by Global File Lock. Data loss is possible.
survive temporary connection loss) is disabled.
Caution: If you move a directory from a parent directory that does not have Global File Lock
enabled, to another parent directory that does have Global File Lock enabled, the new
directory is created in the destination parent directory, the data is moved to the new
directory, and the original directory is deleted from the source parent directory.
Snapshots of the moved directory from before the move are retained in the source
parent directory.
Global File Lock is automatically enabled for the new directory. This default behavior
can be changed so that Global File Lock is not automatically enabled for the moved
directory. Nasuni Support can configure this setting.

Tip: If Global File Lock is enabled for a volume that uses multiple protocols where hardlinks
might be present, it is highly recommended that the parent directory where Global File Lock
is enabled be exported as an “NFS Export” to applications that use multiple protocols. Note
that hardlinks can span multiple hierarchies where Global File Lock is enabled.
Figure 12-36: Export GFL parent directory as NFS Export.

Caution: Allowing NFS hardlinks to span hierarchies outside where Global File Lock is enabled
might result in data inconsistencies during file synchronization. This does not apply to
soft links such as symlinks.
Figure 12-37: Avoid NFS hardlinks outside GFL.

in the cloud.
If Global File Lock is enabled, and Internet connectivity issues prevent a Nasuni Edge Appliance from
releasing locks on certain files, local users can still read any files that are present in the local cache by
degrading the type of lock to a read lock.
If a user is trying to access a file that is not present in the local cache, and if the Nasuni Edge Appliance
does have Internet access, you can also attempt to restore access to the file by degrading the type of
lock to a read lock. Enabling this feature causes all locks that are not read locks to be denied. This
effectively makes any directories that have global locks enabled into read-only directories.
To continue working on a file, the user should copy the file to their local client.
After connectivity is restored, set “Degrade to read locks” back to “disabled”.
After connectivity is restored and “Degrade to read locks” has been set back to “disabled”, the user
should copy the file back to the Edge Appliance.
Tip: Only enable this feature if file access is affected for an extended period of time.
You can perform this procedure using either the Nasuni Edge Appliance user interface or the Nasuni
Management Console (NMC).
Degrading Global File Lock to read locks

To degrade Global File Lock to read locks, follow these steps:
1. Click Filers, then select Global Locking. The Filer Global Locking Settings page appears.
Figure 12-38: Filer Global Locking Settings page.

2. Select the Nasuni Edge Appliances to degrade to read locks, then click Edit Filers. The Global
Locking Settings dialog box appears.
Figure 12-39: Global Locking Settings dialog box.

the dialog box.
4. To degrade Global File Lock to read locks, select enabled from the Degrade to read locks
drop-down list.
5. To accept your selections, click Save Global Locking Settings.
The Global File Lock configuration is changed.
After connectivity is restored, set “Degrade to read locks” back to “disabled”.
Disabling Global Locking on customer license

If Global File Locking is not necessary, you can disable Global Locking on the customer license.
Tip: If any directories currently have Global File Lock enabled, then, before disabling Global
Locking in the customer license, you must disable Global File Lock on these directories.
To disable Global Locking on the customer license, contact Nasuni Support.

Filers Page Quality of Service (Bandwidth) Settings
Quality of Service (Bandwidth) Settings

Quality of Service (QoS) settings specify the inbound and outbound bandwidth configuration for moving
data to and from the Nasuni Edge Appliance, such as moving snapshots to cloud storage. The default
inbound Quality of Service is unlimited. The default outbound Quality of Service is 10 megabits per
second. However, Nasuni does not recommend keeping those bandwidths. The IT administrator or
person responsible for managing Nasuni Edge Appliances can change the bandwidth of inbound and
outbound data as needed.
Tip: Nasuni recommends setting the Quality of Service to the limit of the total bandwidth, or
slightly higher (so that bandwidth is not being limited). If the Quality of Service is too low, it
can cause delays in propagation and snapshots.
Nasuni does not recommend setting the Quality of Service to Unlimited, because a setting
of Unlimited disables traffic shaping, which prioritizes and allocates bandwidth to different
types of traffic (such as user activity, snapshots, and merges), so that no traffic is denied
bandwidth.
Note: When you create one or more Quality of Service rules, the default Quality of Service
bandwidth becomes unlimited during any time that is not defined by a rule.
Note: If the inbound Quality of Service is too low, and data must be obtained from cloud storage,
data access might be affected.
Note: If the outbound Quality of Service is large or unlimited, and the inbound Quality of Service
is small, the limited inbound bandwidth for return packets (such as acknowledgements)
might affect the outbound bandwidth.
You can also create additional Quality of Service (QoS) rules. A Nasuni Edge Appliance can have a
maximum of 12 rules. You can set the bandwidth of inbound and outbound data for specific days and
between specific hours. For example, if you specify 10 megabits per second outbound for Monday
through Friday from 8:00 AM to 3:00 PM, then the Nasuni Edge Appliance configures the outbound
bandwidth to a maximum of 10 megabits per second during that period, but does not limit the
bandwidth used outside that period. Snapshots are slower during the limited bandwidth period. Local
user read/write operations are not affected.
Limiting the bandwidth of inbound and outbound data between specific hours can help decrease
network congestion. For instance, if you configure snapshots to occur every hour and limit the
outbound bandwidth to 2 megabits per second, a large snapshot completes at a slower rate, but with
no impact on your network speeds.
Note: When you create one or more Quality of Service rules, the default Quality of Service
bandwidth becomes unlimited during any time that is not defined by a rule.

Viewing Quality of Service settings

To view the Quality of Service settings, follow these steps:
1. Click Quality of Service. The Filer Quality of Service page displays a list of managed Nasuni
Edge Appliances.
Figure 12-40: Filer Quality of Service page.

• Days: The days of the week for which Quality of Service rules are scheduled. If no rules have
been enabled, the label “--” appears.
• Time: The time span during which Quality of Service rules are scheduled. If no rules have
been enabled, the label “--” appears.
• Outbound Limit: The limit on outbound bandwidth during specified times on specified days.
Tip: Nasuni recommends setting the Quality of Service to the limit of the total bandwidth,
or slightly higher (so that bandwidth is not being limited). If the Quality of Service is
too low, it can cause delays in propagation and snapshots.
setting of Unlimited disables traffic shaping, which prioritizes and allocates
bandwidth to different types of traffic (such as user activity, snapshots, and merges),
so that no traffic is denied bandwidth.
• Inbound Limit: The limit on inbound bandwidth during specified times on specified days.

Adding Quality of Service rules

To edit Quality of Service rules, follow these steps:
1. On the Filer Quality of Service page, select the Nasuni Edge Appliances in the list to which you
want to add Quality of Service rules.
2. Click Edit Filers. The Quality of Service Settings dialog box appears.
Figure 12-41: Quality of Service Settings dialog box.

Warning: When you edit the Quality of Service rules of multiple Nasuni Edge Appliances,
any existing rules are removed and replaced with the rules saved here. To
retain the current rules of one of the Nasuni Edge Appliances, select that
Nasuni Edge Appliance from the Copy Settings drop-down list.
3. To copy the Quality of Service settings from a Nasuni Edge Appliance, select the Nasuni Edge
Appliance from the Copy Settings drop-down list. The Quality of Service settings of the
selected Nasuni Edge Appliance appear in the Quality of Service Settings dialog box.
4. Click Add Rule. The Add Rule dialog box appears.
Figure 12-42: Add Rule dialog box.

Note: You cannot have a rule that applies to the same day and hour as another rule.
a. Select the days to limit the bandwidth (for example, Sunday, Tuesday, and Thursday).
b. To specify limiting the bandwidth 24 hours a day, select the All Day check box.
Otherwise, select the hour to start limiting the bandwidth from the Start drop-down list.
Select the hour to stop limiting the bandwidth from the Stop drop-down list.
c. Enter the Outbound Limit value, and select the units from the drop-down list. Use 0 (zero) to
specify no limit.
d. Enter the Inbound Limit value, and select the units from the drop-down list. Use 0 (zero) to
specify no limit.
e. Click Add Rule. The new rule is added to the Quality of Service.
Alternatively, to exit the dialog box without adding the new rule, click Close.
5. Click Save Rules. The Quality of Service rules are changed. The Nasuni Edge Appliance
appears in the list on the Quality of Service page.
Alternatively, to exit the dialog box without changing the Quality of Service rules, click Close.

Editing Quality of Service rules

To edit Quality of Service rules, follow these steps:
1. On the Filer Quality of Service page, select the Nasuni Edge Appliances in the list whose
Quality of Service rules you want to edit.

3. To copy the Quality of Service settings from a Nasuni Edge Appliance, select the Nasuni Edge
Appliance from the Copy Settings drop-down list. The Quality of Service settings of the
selected Nasuni Edge Appliance appear in the Quality of Service Settings dialog box.
4. To edit an existing rule, click Edit . The Edit Rule dialog box appears.
Figure 12-44: Edit Rule dialog box.

Note: You cannot have a rule that applies to the same day and hour as another rule.
a. Select the days to limit the bandwidth (for example, Sunday, Tuesday, and Thursday).

b. To specify limiting the bandwidth 24 hours a day, select the All Day check box.
Otherwise, select the hour to start limiting the bandwidth from the Start drop-down list.
Select the hour to stop limiting the bandwidth from the Stop drop-down list.
c. Enter the Outbound Limit value, and select the units from the drop-down list. Use 0 (zero) to
specify no limit.
d. Enter the Inbound Limit value, and select the units from the drop-down list. Use 0 (zero) to
specify no limit.
e. Click Update Rule. The rule is changed.
Alternatively, to exit the dialog box without changing the rule, click Close.
Deleting Quality of Service rules

To delete Quality of Service rules, follow these steps:
1. On the Filer Quality of Service page, select the Nasuni Edge Appliances in the list whose
Quality of Service rules you want to delete.

3. To delete an existing rule, click Delete . The rule is deleted.


Filers Page Quota Reports
Quota Reports
You can view and configure the schedule of when to send quota reports. You can also manually initiate
sending a quota report.
Using the Nasuni Edge Appliance user interface, you can set a quota on the contents of a directory and
the subdirectories of a directory. You can configure an email address to receive reports when the
selected directory is near or over its limit. You can also set the quota limit. The email reports can go to
administrators or to users or both. To send quota email reports, you must also enable email (see “Email
Settings” on page 415) and Capacity Alerts (see “Adding Permission Groups” on page 480).
A typical personal quota report looks like the following:
You are receiving this automated Storage Usage Report because at least one
directory is near or over its storage quota threshold of 90%. Your storage
administrator has associated this email address with the directories
listed below. If this is incorrect, please contact your storage
administrator.
This Storage Usage Report is for the storage controller: "filer-x"
This Storage Usage Report includes directories that are in the volume:
volume-1
Current Current
Percent
Directory Path Storage Storage Email Address
Used
Limit Usage
/nmc 1.0 GB 923.21 MB 92% user@company.com

/users 1.0 GB 126.31 MB 126% user@company.com
Please consult with your storage administrator to either reduce the amount
of data stored in the directories listed above, or increase the storage
limit for those directories.
A typical Directory Quota Violation Report looks like the following:
You are receiving this Directory Quota Violation Report because one or
more directories is near or over its Directory quota threshold of 90%.
This email address is designated to receive Capacity Alerts. If this is
incorrect, you can change the Email Settings for this Nasuni Edge
Appliance.
This Storage Usage Report is for the storage controller: "filer-x"

This Storage Usage Report includes directories that are in the volume:
volume-1
Current Current
Percent
Directory Path Storage Storage Email Address
Used
Limit Usage
/nmc 1.0 GB 923.21 MB 92% user@company.com

/users 1.0 GB 126.31 MB 126% user@company.com
Viewing quota report schedules

To view the quota report schedules, follow these steps:
1. Click Quota Reports. The Quota Report Schedule page displays a list of managed Nasuni
Edge Appliances.
Figure 12-46: Quota Report Schedule page.

• Days: The days of the week for which quota reports are scheduled. If no quota reports are
scheduled, the label “No Schedules” appears.
• Activation Time: The time for which quota reports are scheduled.
• Report Types: The types of reports scheduled.
• Threshold: The percentage threshold for generating a quota report.

Sending a quota report manually

You can send a quota report immediately, even if the quota report threshold is not exceeded. To send
quota email reports, you must also enable email and Capacity Alerts. See “Email Settings” on page 415
and “Adding Permission Groups” on page 480.
To manually send a quota report, follow these steps:
1. On the Quota Report Schedule page, select the Nasuni Edge Appliances in the list for which
you want to manually send a quota report.
2. Click Send Quota Report. The Send Quota Report dialog box appears.
Figure 12-47: Send Quota Report dialog box.

3. To send administrative reports, set Administrative Report to On. Administrative reports are
sent regardless of whether any directories are near or over their quota.
4. To send user reports, set User Report to On. User reports are sent regardless of whether any
directories are near or over their quota.
5. In the Report Threshold text box, enter the percentage of the limit at which to send the report.
Quota reports are sent regardless of whether any directories are near or over their quota.
6. Click Send Quota Report. The quota report is sent.
Alternatively, to exit the dialog box without sending a quota report, click Close.

Adding quota report schedules

To edit quota report schedules, follow these steps:
1. On the Quota Report Schedule page, select the Nasuni Edge Appliances in the list for which
you want to add a quota report schedule.
2. Click Edit Filers. The Volume Quota Report Settings dialog box appears.
Figure 12-48: Volume Quota Report Settings dialog box.

The Days, Activation Time, Reports setting, and Threshold appear for each quota report in the
list.
3. To copy the quota report settings from a Nasuni Edge Appliance, select the Nasuni Edge
Appliance from the Copy Settings drop-down list. The quota report settings of the selected
Nasuni Edge Appliance appear in the dialog box.
4. To add a schedule, click Add Schedule. The Add Schedule Quota Report dialog box appears.
Figure 12-49: Add Schedule Quota Report dialog box.

5. Select the days to send quota reports (for example, Sunday, Tuesday, and Thursday). To select
or deselect all days, click Select/Deselect All.

6. Select the hour to start sending quota reports from the Activation Time drop-down list.
7. To send administrative reports, select Administrative Report. Administrative reports include all
Directory Quota Violations for all directories near or over their quota.
8. To send user reports, select User Report. User reports include individual Directory Quota
Violations sent to the owner of the directory for the user’s directories near or over their quota.
For example, if you enter 95, a report is sent when the data exceeds 95 percent of the limit.
10. Click Add Report. The new quota report schedule is added.
Alternatively, to exit the dialog box without adding the quota report schedule, click Close.
11. On the Volume Quota Report Settings dialog box, click Save Schedules. The quota report
schedules are saved. The Nasuni Edge Appliance appears in the list on the Quota Report
Schedule page.
Alternatively, to exit the dialog box without saving the quota report schedules, click Close.

Editing quota report schedules

To edit quota report schedules, follow these steps:
1. On the Quota Report Schedule page, select the Nasuni Edge Appliances in the list whose
quota report schedule you want to edit.
2. Click Edit Filers. The Volume Quota Report Settings dialog box appears.
Figure 12-50: Volume Quota Report Settings dialog box.

The Days, Activation Time, Reports setting, and Threshold appear for each quota report in the
list.
3. To copy the quota report settings from a Nasuni Edge Appliance, select the Nasuni Edge
Appliance from the Copy Settings drop-down list. The quota report settings of the selected
4. To edit a schedule, click Edit for the schedule. The Edit Schedule Quota Report dialog box
appears.
Figure 12-51: Edit Schedule Quota Report dialog box.

5. Select the days to send quota reports (for example, Sunday, Tuesday, and Thursday). To select
or deselect all days, click Select/Deselect All.
6. Select the hour to start sending quota reports from the Activation Time drop-down list.
7. To send administrative reports, select Administrative Report. Administrative reports include all
Directory Quota Violations for all directories near or over their quota.
8. To send user reports, select User Report. User reports include individual Directory Quota
Violations sent to the owner of the directory for the user’s directories near or over their quota.
For example, if you enter 95, a report is sent when the data exceeds 95 percent of the limit.
10. Click Update Schedule. The quota report schedule is updated.
Alternatively, to exit the dialog box without updating the quota report schedule, click Close.
11. On the Volume Quota Report Settings dialog box, click Save Schedules. The quota report
schedules are saved. The Nasuni Edge Appliance appears in the list on the Quota Report
Schedule page.
Alternatively, to exit the dialog box without saving the quota report schedules, click Close.

Filers Page SNMP Settings
SNMP Settings
You can configure SNMP monitoring of Nasuni Edge Appliances, for network monitoring, and with
third-party products that collect and report log data, such as Splunk.
Nasuni provides two ways to configure SNMP monitoring:
• You can enable SNMP traps, which send information to destinations that you provide.
• You can use apps that can pull SNMP information, using the definitions in the NASUNI-FILER-
MIB.
You can configure either or both.
The Nasuni Edge Appliance supports monitoring via the Simple Network Management Protocol (SNMP)
v1, v2c, and v3. The Nasuni Edge Appliance exposes the standard SNMPv1 MIB (management
information base), as well as the NASUNI-FILER-MIB, SNMPv2-MIB, HOST-RESOURCES-MIB, UCD-
SNMP-MIB, UCD-DISKIO-MIB, and IF-MIB. Both 32-bit and 64-bit SNMP network counters are
supported.
Each of the displayed MIBs is a link. If you click a link, a page with that MIB information appears.
As the SNMP agent, Nasuni receives requests on UDP port 161 from the third-party SNMP manager
that is used for system monitoring. Nasuni sends agent responses back to the source port on the third-
party SNMP manager. The third-party SNMP manager receives notifications (including Traps and
InformRequests) on SNMP destination port 162. You cannot change port 161 or port 162.
Important: Data is updated at most once per minute. Some values, such as
filerTotalUnprotectedData, might take 20 minutes or longer to be updated.
Note: Nasuni automatically provides the EngineID value.
Data available in SNMP updates includes the following:
• Network information, such as:
• Inbound and outbound traffic by type and by port
• Volume information, such as:
• Size
• TIme of last snapshot
• Local cache information, such as:
• Total space, used space, and free space
• Unprotected data
• Cache hit/miss rate
• CPU performance information, such as:
• Percent utilization
• Load averages
• Memory usage information, such as:
• Memory utilization

• Swap utilization
• Disk performance information, such as:
• Number of disk reads and writes per disk
• Bytes read and written per disk
• Client information, such as: Number of connected CIFS, and Mobile Access clients
• Snapshot and sync information, such as:
• Number of Merge Conflicts
• Snapshot success (version) count per volume
• Times for Snapshots (start, end, delta) per volume
• Traps information for anything that would generate an email alert
The following are some useful SNMP metrics:

• From UCD-SNMP-MIB:
• memAvailReal: The amount of real/physical memory currently unused or available.
• memTotalFree: The total amount of memory free or available for use on this host. This
value typically covers both real memory and swap space or virtual memory.
• ssCpuRawIdle: The number of 'ticks' (typically .01 seconds) spent idle.
• From HOST-RESOURCES-MIB:
• hrSWRunPerfCPU: The number of centi-seconds of the total system's CPU resources
consumed by this process. Note that, on a multi-processor system, this value may
increment by more than one centi-second in one centi-second of real (wall clock) time.
Viewing SNMP settings

To view SNMP settings, follow these steps:
1. Click Filers, then click SNMP Settings in the left-hand column. The Filer SNMP Settings page
Figure 12-52: Filer SNMP Settings page.

• SNMP V1, V2C: Indication of whether SNMP v1,v2c is enabled for this Nasuni Edge
Appliance: Enabled or Disabled.

• Community Name: If SNMP v1,v2c is enabled, the Community Name parameter from
the SNMP settings.
• SNMP V3: Indication of whether SNMP v3 is enabled for this Nasuni Edge Appliance:
Enabled or Disabled.
• Trap Addresses: If SNMP is enabled, a list of IP addresses or hostnames listening for
SNMP traps.
• System Info: If SNMP is enabled, additional information appears.
• Location: The System Location parameter from the SNMP settings. If SNMP monitoring
is disabled, the label “--” appears.
• Contact: The System Contact parameter from the SNMP settings. If SNMP monitoring
is disabled, the label “--” appears.

Editing SNMP settings

To edit SNMP settings, follow these steps:
1. On the Filer SNMP Settings page, select the Nasuni Edge Appliances in the list whose SNMP
settings you want to edit.
2. Click Edit Filers. The SNMP Settings dialog box appears.
Figure 12-53: SNMP Settings dialog box.

3. To copy the SNMP settings from a Nasuni Edge Appliance, select the Nasuni Edge Appliance
from the Copy Settings drop-down list. The SNMP settings of the selected Nasuni Edge
Appliance appear in the SNMP Settings dialog box.
4. To enable SNMP v1,v2c monitoring, click Enable v1,v2c Support. Selecting On enables SNMP
v1,v2c monitoring. Selecting Off disables SNMP monitoring.
If you enable SNMP v1,v2c monitoring, in the Community Name text box, enter the SNMP
community name for the Nasuni Edge Appliance. The default community name is public.
Changing the community name from the default improves security.

5. To enable SNMP v3 monitoring, click Enable v3 Support. Selecting On enables SNMP v3

monitoring. Selecting Off disables SNMP monitoring.
If you enable SNMP v3 monitoring, enter a Username and Password for SNMP v3
authorization.
6. If you enable SNMP monitoring, in the System Location text box, enter the physical location of
the Nasuni Edge Appliance.
7. If you enable SNMP monitoring, in the System Contact text box, enter the contact information
of the person responsible for SNMP monitoring for the Nasuni Edge Appliance.
8. If you enable SNMP monitoring, in the Trap Addresses text box, enter a list of IP addresses or
hostnames listening for SNMP traps, separated by commas. With SNMP traps, Nasuni sends
the information to the provided destinations.
If you do not want to listen for SNMP traps, leave this blank. For example, if you use apps that
can pull SNMP information, you do not use traps, but you can use the definitions in the
NASUNI-FILER-MIB with your app.
If you enter any trap addresses, you can send a test trap by clicking Send Test Trap.
9. Click Save SNMP Settings. The SNMP settings are changed. The Nasuni Edge Appliances
appear in the list on the Filer SNMP Settings page.
Alternatively, to exit the dialog box without changing the SNMP settings, click Close.

Filers Page Syslog Export
Syslog Export
Syslog Export enables you to direct Nasuni notifications and file auditing messages to your syslog
servers. Tools that work with syslog, such as Splunk, can then process, store, and report on these
messages. The syslog protocol is used to convey event notification messages. It also provides a
message format that allows vendor-specific extensions to be provided in a structured way. Syslog
Export supports UDP protocol.
You can also direct NMC console notifications to your syslog servers. See “Syslog Export” on
page 419.
Tip: Because each Edge Appliance sends syslog messages directly to the specified syslog
servers, ensure that the appropriate port is open between each Edge Appliance and the
syslog servers. This is usually UDP port 514.
A standard syslog message (based on the RFC 5424 specification) uses the following format:
<PRIORITY>VERSION TIMESTAMP HOSTNAME APPLICATION
PROCID MESSAGEID [STRUCTURED_DATA] MESSAGE
where:
Segment Data Type Expected values
Priority Numerical Priority is a combination of the numerical Facility

value and the numerical Severity value, such that:
Priority = 8 * Facility + Severity
The Facility value is a numerical logging
component associated with the message:
16 (Local0) through 23 (Local7).
Severity values are one of the following:
1 (Alert = Nasuni Alert),
2 (Critical = Nasuni Critical),
3 (Error = Nasuni Error),
4 (Warning = Nasuni Warning),
5 (Notice = Nasuni Admin), or
6 (Info = Nasuni Info).
Version Numerical Version of syslog messaging.
Timestamp String timestamp Timestamp, in ISO 8601 format.
Hostname String FQDN hostname or IP address.
Application String Device or Application that triggered the message.

Default of “Edge Appliance” or “NMC”.
Process ID Arbitrary String or ID to improve log aggregation grouping.

Message ID String Message IDs allow aggregators to filter messages

and typically indicate messages of the same
semantics/format.
Structured Data Structured Data Elements (Not currently used. A ‘-’ appears instead.)
Unique data elements consisting of well-known
key-value pairs within a set of brackets.
Message Unicode UTF-8 String Message data.
Viewing syslog export settings

To view syslog export settings, follow these steps:
1. Click Filers, then click Syslog Export Settings in the left-hand column. The Filer Syslog
Export Settings page displays a list of managed Nasuni Edge Appliances.
Figure 12-54: Filer Syslog Export Settings page.

• Auditing: Whether it is Enabled or Disabled to send auditing events to syslog servers.
• Audit Facility: If it is Enabled to send auditing events to syslog servers, the facility to use for
the auditing messages.
• Notifications: Whether it is Enabled or Disabled to send Notification messages to syslog
servers.
• Notification Facility: If it is Enabled to send Notification messages to syslog servers, the
facility to use for the Notification messages.
Editing syslog export settings

To edit syslog export settings, follow these steps:
1. On the Filer Syslog Export Settings page, select the Nasuni Edge Appliances in the list whose
syslog export settings you want to edit.

2. Click Edit Filers. The Filer Syslog Export Settings dialog box appears.
Figure 12-55: Filer Syslog Export Settings dialog box.

3. To copy the syslog export settings from a Nasuni Edge Appliance, select the Nasuni Edge
Appliance from the Copy Settings drop-down list. The syslog export settings of the selected
4. In the Servers text box, enter a comma-separated list of hosts (and, optionally, ports) to receive
syslog events, in host[:port] format. You can specify the hosts as either host names or IP
addresses: both are valid.
If you intend using a different port than the default port 514, specify that port here.
5. To send auditing events to syslog Servers, set “Send Auditing messages” to On.
6. From the Logging Facility drop-down list, select the facility to use for the auditing messages.
7. From the “Log level for Audit messages” drop-down list, select the log level to use for auditing
messages. For example, if 'Info' is selected, all audit messages will be sent at level 'Info.'
8. To send Notification messages to syslog Servers, set “Send Notification messages” to On.
9. From the Logging Facility drop-down list, select the facility to use for Notification messages.

10. From the “Lowest Log Level” drop-down list, select the lowest Notification level to send. Each
Notification level includes all the Notifications in the levels above it in the drop-down list. For
example, the ‘Info’ level includes all the other levels, but the ‘Alert’ level includes only alerts.
11. To send test messages to the currently listed Servers for all selected Nasuni Edge Appliances,
click “Send Test Messages”. A test message is sent to all listed Servers. If Notifications are on,
the messages use the selected Notification level and facility. If Audit is on, but Notifications are
off, the messages use the ‘Audit’ level and facility. If neither is on, the messages are sent with
the selected Notification facility at ‘Info’ level. Sending test messages does not save the
configuration.
12. Click Save Settings. Your settings are saved. The Nasuni Edge Appliances appear in the list on
the Filer Syslog Export Settings page.
Alternatively, to exit the dialog box without changing the syslog export settings, click Close.

Filers Page Time Configuration
Time Configuration
You can set the time zone and time server for the Nasuni Edge Appliance, which are necessary for
notifications and file sharing purposes. The time zone setting you select should be for the region where
the Nasuni Edge Appliance is located. For example, use “US/Eastern” if you are located in the eastern
part of the United States.
Viewing time zone and time source settings

To view time zone and time source settings, follow these steps:
1. Click Filers, then click Time Configuration in the left-hand column. The Filer Time
Configuration page displays a list of managed Nasuni Edge Appliances.
Figure 12-56: Filer Time Configuration page.

• Time Zone: The major world time zone where the Nasuni Edge Appliance is located.
• NTP Servers: The NTP time servers from which the Nasuni Edge Appliance obtains time
information.
• Current Time: The current date and time of the Nasuni Edge Appliance.
Since it can take a while to update the current date and time for every Nasuni Edge
Appliance, this does not happen automatically. An indication appears of the last time the
current time was updated. To refresh the current time for one or more Nasuni Edge
Appliances, see “Refreshing current times” on page 341.
• Current Time (timezone): The current date and time of the Nasuni Edge Appliance in the
current time zone.

Refreshing current times

Since it can take a while to update the current date and time for every Nasuni Edge Appliance, this
does not happen automatically. An indication appears of the last time the current time was updated.
To refresh the current time for one or more Nasuni Edge Appliances, follow these steps:
1. On the Filer Time Configuration page, select the Nasuni Edge Appliances in the list whose
current time you want to refresh.
2. Click Refresh Current Time. The current time of the selected Nasuni Edge Appliances is
refreshed.
Editing time zone and time source settings

Caution: Editing the Edge Appliance time configuration (time zone or time servers) disconnects
and resets all currently connected SMB clients for the selected Edge Appliance, and
can restart the Edge Appliance. This restart helps to ensure proper authentication.
To edit time zone and time source settings, follow these steps:
1. On the Filer Time Configuration page, select the Nasuni Edge Appliances in the list whose
time zone and time source settings you want to edit.
2. Click Edit Filers. The Timezone Settings dialog box appears.
Figure 12-57: Timezone Settings dialog box.

3. To copy the time zone and time source settings from a Nasuni Edge Appliance, select the
Nasuni Edge Appliance from the Copy Settings drop-down list. The time zone and time source
settings of the selected Nasuni Edge Appliance appear in the dialog box.
4. From the Time Zone drop-down list, select a time zone.
5. In the Time Server text box, enter the names of one or more valid Network Time Protocol (NTP)
servers, separated by commas. By default, all Nasuni Edge Appliances are set to use Nasuni's
NTP server, time.nasuni.com, to set the time daily. If you cannot open port 123 in your firewall to
access time.nasuni.com, you should change to an internal NTP server.
You can also specify using NTP services from Active Directory domain controllers, and from
other domain controllers.

6. Click Save Timezone. The time zone and time source settings are changed. The Nasuni Edge
Appliances appear in the list on the Filer Time Configuration page.
Alternatively, to exit the dialog box without changing the time zone and time source settings,
click Close.

Filers Page Web Access Branding
Web Access Branding

Edit
You can use the Web Access feature to access CIFS share data or NFS export data stored in the
Nasuni Edge Appliance using a Web browser. You can configure the Web Access display to include
elements of your organization’s branding, including logo and colors. For information on Web Access,
see “Web Access” on page 214. To enable Web Access, see at step 20 on page 175.
To configure Web Access branding, follow these steps:
1. Click Filers, then select Web Access Branding from the list on the left-hand side. The Web
Access Branding page displays a list of managed Nasuni Edge Appliances.
Figure 12-58: Web Access Branding page.

• Logo: The logo on the Web Access display.
• Primary Color: The primary color, which is used for items including Shares, Settings, and
Logout on the Web Access display.
• Secondary Color: The secondary color, which is used for items including Add Folder,
Upload File, and Sort on the Web Access display.
2. On the Web Access Branding page, select the Nasuni Edge Appliances in the list whose Web
Access branding you want to edit.
3. Click Edit Filers. The Web Access Branding dialog box appears.
Figure 12-59: Web Access Branding dialog box.

4. To copy the Web Access branding settings from a Nasuni Edge Appliance, select the Nasuni
Edge Appliance from the Copy Settings drop-down list. The Web Access branding settings of
the selected Nasuni Edge Appliance appear in the dialog box.

Filers Page Web Access Branding
5. To include a logo on the Web Access display, click the Logo area and navigate to a logo
graphics file. The maximum file size is 500 KB.
bytes.
6. To change the primary color, which is used for items including Shares, Settings, and Logout on
the Web Access display, click the Primary Color area and select a primary color.
7. To change the secondary color, which is used for items including Add Folder, Upload File, and
Sort on the Web Access display, click the Secondary Color area and select a secondary color.
8. To revert to the default logo, primary color, and secondary color, click Set Defaults.
9. Click Save Rules. Your settings are saved.
Figure 12-60: Web Access Branding dialog box with new logo and colors.
The Web Access page appears with the selected logo and colors.
Figure 12-61: Web Access page with branding.

Filers Page Mobile Settings
Mobile Settings
You can view and edit the settings for the Mobile Access service.
The Nasuni Mobile Access service enables you to access folders and files from mobile devices,
including iOS-based devices (such as iPhone and iPad) and Android phones. Nasuni Mobile Access is
available for volumes on which the CIFS protocol has been enabled, but not for NFS volumes.
page 534.
N1050
6000

Viewing Mobile Access service settings

To view Mobile Access service settings, follow these steps:
1. Click Filers, then click Mobile Settings in the left-hand column. The Mobile Service Settings
page displays a list of managed Nasuni Edge Appliances.
Figure 12-62: Mobile Service Settings page.

• Additional Mobile API Port: If configured, any additional port for Mobile Access.
• Session Expiration: Time limit on how long users remain authenticated on mobile devices,
or Unlimited.
• Limit to a Single Device: Whether users are limited to a single mobile device: Yes (limited)
or No (not limited).
• Allowed Devices: If enabled, list of mobile devices permitted to access data: Android or
iOS.
• Actions: Actions available for each Nasuni Edge Appliance.

Editing Mobile Access service settings

To edit Mobile Access service settings, follow these steps:
1. On the Mobile Service Settings page, select the Nasuni Edge Appliances in the list whose
Mobile Access service settings you want to edit.
2. Click Edit Filers. The Edit Mobile Service Settings dialog box appears.
Figure 12-63: Edit Mobile Service Settings dialog box.

3. To add another port for Mobile Access, enter the port number in the Additional API port text
box. The port number must be between 1 and 65535, inclusive. Leave blank to disable an
additional port.
4. To limit how long users remain authenticated on mobile devices, enter the maximum length of
time in hours in the Session Expiration text field. To allow unlimited session time, enter 0 (zero).
5. To limit users to only one mobile device, select Limit to a single device.
6. To limit the types of mobile devices that can use Mobile Access, select any combination of the
following Allowed Devices:
• Android: To allow Android devices to use Mobile Access.
• iOS: To allow iOS devices to use Mobile Access.
• Linux: To allow Linux systems to use Mobile Access.
• OS X: To allow OS X systems to use Mobile Access.
• Windows: To allow Windows systems to use Mobile Access.
Warning: If you are editing multiple Edge Appliances, ensure that the correct Allowed
Devices are selected before clicking Save Settings. Otherwise, the devices are
set to the default settings.

7. Click Save Settings. The Mobile Access service settings are changed. The Nasuni Edge
Appliances appear in the list on the Mobile Service Settings page.
Alternatively, to exit the dialog box without changing the Mobile Access service settings, click
Close.
Generating Invitation Link for Mobile Access

You can generate an invitation link that you can send to users. When they access the invitation link on
their mobile device, Mobile Access is installed on their mobile device. This link can also include the
hostname or IP address, the port number, and the username. This can simplify the process of
connecting them to your Nasuni Edge Appliances using Mobile Access.
To generate an invitation link for Mobile Access, follow these steps:
1. On the Mobile Service Settings page, click Invitation Link next to the Nasuni Edge Appliance.
The Generate Invitation Link dialog box appears.
Figure 12-64: Generate Invitation Link dialog box.

2. In the Host text box, enter the host that Mobile Access users should use.
3. In the Port text box, enter the port that Mobile Access users should use.
To require VPN access, use the internal hostname or IP address, and port 443.
To provide direct external access, use the external hostname or IP address and port.
4. To generate an invitation link, click Generate.

5. The Generate Invitation Link dialog box appears again, showing the invitation link.
Figure 12-65: Invitation Link.

6. Copy the displayed link, to use in email messages to users and other purposes.
7. Click Close to close the dialog box.

Filers Page Mobile Licenses
Mobile Licenses
You can view, enable, disable, and delete licenses for the Mobile Access service.
Viewing licenses for the Mobile Access service

To view licenses for the Mobile Access service, follow these steps:
1. Click Filers, then click Mobile Licenses in the left-hand column. The Mobile Licenses page
displays a list of Mobile Access users for managed Nasuni Edge Appliances.
Figure 12-66: Mobile Licenses page.

The following information appears for each user in the list:
• Username: The username of the Mobile Access service user.
• Filer: The name of the Nasuni Edge Appliance for the Mobile Access service.
• Device: The type of mobile device the user has, including Android, iPad, iPod Touch, and
iPhone.
• Device ID: The unique Device ID of this mobile device.
• Logged In: Whether this mobile device is currently logged in.
• Enabled: Whether Mobile Access is enabled for the user: Enabled or Disabled.
• Auth Time: The date and time that the user was authorized for Mobile Access.

• username: Matches values in the Username field.
• device: Matches values in the Device field.

Filers Page Mobile Licenses
Enabling Mobile Access

Enabling a mobile device allows access by the mobile device.
To enable Mobile Access, follow these steps:
1. On the Mobile Licenses page, select the users in the list whose Mobile Access you want to
enable.
2. Click Enable. The Enable Mobile Licenses dialog box appears.
3. Click Enable Mobile Licenses. Mobile Access is enabled for the selected users. The Mobile
Access service settings are changed on the Mobile Service Settings page.
Alternatively, to exit the dialog box without enabling Mobile Access, click Close.
Disabling Mobile Access

Disabling a mobile device blocks access and, on the next attempt at access, clears the mobile device’s
cache of any cached files.
To disable Mobile Access, follow these steps:
1. On the Mobile Licenses page, select the users in the list whose Mobile Access you want to
disable.
2. Click Disable. The Disable Mobile Licenses dialog box appears.
3. Click Disable Mobile Licenses. Mobile Access is disabled for the selected users. The Mobile
Alternatively, to exit the dialog box without disabling Mobile Access, click Close.
Deleting Mobile Access licenses

Deleting a mobile device removes the mobile device from the list, but does not block future access.
Instead, the user must login again the next time they run the Nasuni Application.
To delete Mobile Access licenses, follow these steps:
1. On the Mobile Licenses page, select the users in the list whose Mobile Access licenses you
want to delete.
2. Click Delete . The Delete Mobile Licenses dialog box appears.
3. Click Delete Mobile Licenses. The selected Mobile Access licenses are deleted. The Mobile
Alternatively, to exit the dialog box without deleting Mobile Access licenses, click Close.

Filers Page Refresh License
Refresh License
You can refresh the subscription license of Nasuni Edge Appliances. This is ordinarily unnecessary,
unless the license has changed in some way.
Refreshing license
To refresh the subscription license, follow these steps:
1. Click Filers, then click Refresh License in the left-hand column. The Refresh Subscription
License page displays a list of managed Nasuni Edge Appliances.
Figure 12-67: Refresh Subscription License page.

2. Select the Nasuni Edge Appliances in the list whose license you want to refresh.
3. Click Update Filers. The Refresh Subscription License dialog box appears.
Figure 12-68: Refresh Subscription License dialog box.

4. To refresh the license of selected Nasuni Edge Appliances, click Refresh License.
Alternatively, to exit the dialog box without refreshing the license, click Close.

Filers Page Remote Support Service
Remote Support Service

You can view and edit Remote Support Service settings.
The Remote Support Service allows authorized Nasuni Technical Support personnel to remotely and
securely access your Nasuni Edge Appliance. This can help Nasuni Technical Support to diagnose and
resolve any issues with your Nasuni Edge Appliance quickly and proactively. No changes to your
corporate firewalls are necessary.
This service is disabled by default and is strictly opt-in. You can enable or disable this service at any
time. You can also enable this service for a specific period of time. Enabling this service allows Nasuni
to offer a higher level of service and support.
Tip: If you need technical assistance, contact Nasuni Technical Support and inform them if you
have enabled Remote Support Service.
Note: You receive a notification whenever the Remote Support Service is enabled or disabled.
Note: If the Remote Support Service is enabled, you can change the Timeout value without
stopping and restarting the Remote Support Service.
Viewing Remote Support Service settings

To view Remote Support Service settings, follow these steps:
1. Click Filers, then click Remote Support in the left-hand column. The Remote Support Service
Figure 12-69: Remote Support Service page.

• Remote Support Service: Whether the Remote Support Service is enabled for the Nasuni
Edge Appliance: Currently Enabled or Currently Disabled.
• Timeout: If the Remote Support Service is enabled, the amount of time until the Remote
Support Service becomes disabled. If the Remote Support Service is disabled, the label “No
timeout, unlimited” appears.
• Nasuni Connected: If the Remote Support Service is currently enabled, whether Nasuni
Technical Support is connected to the Nasuni Edge Appliance: Yes (is connected) or No (is
not connected).

Filers Page Remote Support Service
Enabling and disabling Remote Support Service

To enable or disable the Remote Support Service, follow these steps:
1. On the Remote Support Service page, select the Nasuni Edge Appliances in the list that you
want to enable or disable Remote Support Service for.
2. Click Edit Filers. The Edit Remote Support Service dialog box appears.
Figure 12-70: Edit Remote Support Service dialog box.

3. To enable the Remote Support Service, click Enable Remote Support Service. Selecting On
enables the Remote Support Service. Selecting Off disables the Remote Support Service.
4. If Enable Remote Support is On, the Timeout text box becomes available. Enter the length of
time, in minutes, that you want to permit the Remote Support Service access to be enabled.
Enter 0 (zero) to allow access for an indefinite amount of time.
5. Click Save Settings. The Remote Support Service settings are changed. The Nasuni Edge
Appliances appear in the list on the Remote Support Service page. If the Remote Support
Service is enabled with a nonzero Timeout time, a countdown begins.
Alternatively, to exit the dialog box without changing the Remote Support Service settings, click
Close.

Filers Page Send Diagnostics
Send Diagnostics
If you experience problems that you cannot resolve, you can send diagnostic information to Nasuni
Technical Support for troubleshooting purposes.
Note: Local diagnostic information is automatically sent when needed, so there is typically no
need to do this, unless instructed to by Nasuni Technical Support. Using Send Diagnostics
includes more information than the automatic diagnostic information.
To send diagnostic information, follow these steps:
1. Click Filers, then select Send Diagnostics from the menu. The Send Diagnostics page
Figure 12-71: Send Diagnostics page.

2. Click Send Diagnostics. Diagnostic information is sent to Nasuni and the informational
notification “Successfully sent alerts to nasuni.com support team” is sent.

Filers Page Side Load
Side Load
Nasuni supports a Disaster Recovery (DR) process that enables you to recover the Nasuni Edge
Appliance after a true disaster, such as the loss of a data center. However, most of the time, clients
perform the Disaster Recovery process in order to upgrade from one piece of hardware to another.
In such a situation, there is a working Nasuni Edge Appliance in their data center that contains active
data in the cache. Performing the Disaster Recovery process results in a new Nasuni Edge Appliance
that has an empty cache. The client often then re-populates the new cache with data, which can require
considerable inbound bandwidth from the cloud, and which can take days, weeks, or even months to
complete.
The Side Load feature enables you to transfer cache data directly from the source Nasuni Edge
Appliance to the new Nasuni Edge Appliance. The source Nasuni Edge Appliance must already be
decommissioned.
Tip: You cannot perform the Side Load procedure apart from performing the Disaster Recovery
procedure.
Tip: Only one Side Load process is permitted at a time for each Nasuni Edge Appliance.
Tip: Only the Admin user can perform the Side Load process.
Tip: The source Nasuni Edge Appliance must be:
• Running;
• Decommissioned;
• Using release 7.0 or above.
Tip: Any Quality of Service (QoS) limits to bandwidth do not pertain to the Side Load process.
The Side Load process uses all the available bandwidth to copy data.
You can configure Notifications to notify you by email when the Side Load process completes.

Starting the Side Load process

To start the Side Load process from a source Nasuni Edge Appliance to a destination Nasuni Edge
Appliance, follow these steps:
1. Click Filers, then click Side Loads in the left-hand column. The Side Loads page displays a list
of Side Load processes for managed Nasuni Edge Appliances.
Figure 12-72: Side Loads page.

2. Click Add Side Load. The Add Side Load dialog box appears.
Figure 12-73: Add Side Load page.

3. From the Destination Filer drop-down box, select the Nasuni Edge Appliance that is the source
of the data for the
4. In the Host Address text box, enter the host address of the source. The source Nasuni Edge
Appliance must already be decommissioned.
5. In the Username text box, enter the username for the specified source Nasuni Edge Appliance.
The source Nasuni Edge Appliance must already be decommissioned.

6. In the Password text box, enter the password for the specified Username for the specified
source Nasuni Edge Appliance. The source Nasuni Edge Appliance must already be
decommissioned.
7. Click Connect and Start.
A connection is established with the data of the source Nasuni Edge Appliance. Data begins
moving to the destination Nasuni Edge Appliance.
After the data transfer starts, you can view the progress of the Side Load process.
8. When the Side Load process completes, the Complete label appears.
Tip: Record any information you want to retain from the screen.
Viewing and controlling the Side Load process

To view or control the progress of the Side Load process, follow these steps:
1. Click Filers, then click Side Loads in the left-hand column. The Side Loads page displays a list
of Side Load processes for managed Nasuni Edge Appliances.
Figure 12-74: Side Loads page.

The following information appears for each Side Load process in the list:
• Destination Filer: The Nasuni Edge Appliance whose cache you want to move data to.
• Source Decommissioned Filer: The host address of the source Nasuni Edge Appliance.
The source Nasuni Edge Appliance must already be decommissioned.
• Progress: A bar graph indicating the progress of the Side Load process. The percentage of
the Side Load process that is complete appears. If the Side Load process is running, the
Running label appears. If the Side Load process is paused, the Paused label appears. In
addition, the following information appears:
• Data Processed: The amount of data processed (in KB, MB, GB, or TB) and the total
amount of data to process (in KB, MB, GB, or TB).
1,000,000,000,000 bytes).

In contrast, some platforms display the size of data in base 2 units (including
MB = 1,048,576 bytes, GB = 1,073,741,824 bytes, and TB = 1,099,511,627,776
bytes).
• Est. Rate: The estimated rate of data transfer (in KB/S, MB/S, GB/S, or TB/S).
• Est. Time Remaining: The estimated time until the Side Load process is complete.
• Actions: Actions available for each Side Load process.
2. To pause a running Side Load process, click Pause. The Side Load process pauses indefinitely.
The bar graph label changes to Paused.
To continue with the Side Load process after a pause, click Resume. The Side Load process
continues. The bar graph label changes to Running.
3. To cancel the Side Load process, click Cancel. The Cancel Side Load dialog box appears.
Figure 12-75: Cancel Side Load dialog box.

To cancel the Side Load process, click Cancel Side Load. If the Side Load process is canceled,
the bar graph label changes to Canceled.
4. When the Side Load process completes, the Complete label appears on the bar graph.

Filers Page Audit Destinations Status
Audit Destinations Status

Nasuni can use an external auditing service, such as Varonis. To complete configuration of the Varonis
application to use Nasuni auditing events, you must provide a Nasuni API access key. For details, see
“API Keys” on page 282.
If auditing is being handled by an external service, such as Varonis, the status is available on the Audit
Destinations Status page.
To view the Audit Destinations Status, follow these steps:
1. Click Filers, then click Audit Destinations in the left-hand column. The Audit Destinations
Status page displays a list of audit destinations.
Figure 12-76: Audit Destinations Status page.

The following information appears for each Nasuni Edge Appliance with an external audit
destination:
• Filer: The name of the Nasuni Edge Appliance with the external audit destination.
• Type: The type of auditing service, including Varonis.
• Destination Name: The name of the server of the external auditing service, such as the
Varonis server.
• Connection: The status of the current connection, such as Connected, Connecting, Re-
connecting, or Down.
Details of the current status of the connection include the following:
• Host: IP address or hostname of the server of the external auditing service, such as the
Varonis server.
• Connection established: Date and time (UTC) when the current connection was
established.
• Connection uptime: Length of time of the current connection.
• Latest update at: Date and time (UTC) of the latest update from the current connection.

Filers Page Cache Jobs
Cache Jobs
You can view the status of jobs that bring data or metadata into the cache, such as Bring into Cache
(see “Bringing Data into Cache of the Nasuni Edge Appliance” on page 123) and Auto Cache (see
“Enabling Auto Cache for Folders” on page 125). You can also cancel jobs that are unnecessary.
Viewing cache jobs

To view cache jobs, follow these steps:
1. Click Filers, then click Cache Jobs in the left-hand column. The Filer Cache Jobs page
displays a list of cache jobs.
Figure 12-77: Filer Cache Jobs page.

The following information appears for each cache job:
• Filer: The name of the Nasuni Edge Appliance where this cache job is occurring.
• Volume: The name of the volume on which this cache job is occurring.
• Path in Volume: The path in the volume to the data moving to the cache.
• Type: The type of cache job, such as Manual (for Bring into Cache) or Auto (for Auto
Cache).
• Data/Metadata: An indication whether data or metadata is moving to the cache.
• Number of Items: The number of items to transfer.
• Actions: Actions available for this cache job.
• Status: The status of this cache job.
2. To cancel a running cache job in the list, click Cancel. A dialog box appears. Confirm that you
want to cancel the job.
The job is canceled.

Filers Page CIFS Clients
CIFS Clients
You can view the status of Nasuni Edge Appliance CIFS clients. You can also disconnect the CIFS
client, reset CIFS clients, and reset the CIFS authorization cache.
Viewing CIFS clients

To view CIFS clients, follow these steps:
1. Click Filers, then click CIFS Clients in the left-hand column. The Filer CIFS Clients page
appears.
Figure 12-78: Filer CIFS Clients page.

The following information appears for each CIFS client:
• Share: Name of the CIFS share.
• User: The name of the connected user.
• Client: The hostname or IP address of the client.
• Client Name: The name of the client.
• Actions: Actions available for each CIFS client.

Disconnecting clients from a share

You can disconnect a CIFS client connected to a CIFS share of the Nasuni Edge Appliance.
Note: Some CIFS clients automatically re-connect to CIFS shares and can then re-appear in the
listing even after disconnecting them.
To disconnect a CIFS client:
1. On the Filer CIFS Clients page, click Disconnect . The Disconnect Client dialog box
appears.
Figure 12-79: Disconnect Client dialog box.

2. Click Disconnect Client to disconnect the CIFS client from the share.
Alternatively, to exit this screen without disconnecting the client, click Close.
Resetting the CIFS Authentication Cache

Reset authentication cache
You can reset the CIFS authentication cache to clear all CIFS shares for Nasuni Edge Appliance users.
You might reset the CIFS authentication cache if instructed by Nasuni Support, or if users are not
appearing in a group they are assigned to via Active Directory or LDAP Directory Services.
To reset the CIFS authentication cache, follow these steps:
1. On the Filer CIFS Clients page, click Reset CIFS Auth Cache. The Reset CIFS Auth Cache
dialog box appears.
2. Select the Nasuni Edge Appliances whose CIFS authentication cache you want to reset. Then
click Reset Auth Cache.
This flushes all the cached CIFS authentication data. Alternatively, to not reset the CIFS authentication
cache, click Close.

Resetting All CIFS Clients

Reset clients
You can reset all CIFS clients connected to the Nasuni Edge Appliance. You might reset all CIFS clients
if instructed by Nasuni Support, or to remove clients.
To reset all CIFS clients, follow these steps:
1. On the Filer CIFS Clients page, click Reset All Clients. The Reset All Clients dialog box
appears.
2. Select the Nasuni Edge Appliances whose CIFS clients you want to reset. Then click Reset
Clients.
This resets all CIFS clients for the selected Nasuni Edge Appliances. Alternatively, to not reset all CIFS
clients, click Close.
Note: Some CIFS clients automatically re-connect to CIFS shares and can then re-appear in the
listing even after the connection is reset.

Filers Page CIFS File Locks
CIFS File Locks

You can view the status of CIFS file locks.
Note: If the Edge Appliance is managed by the NMC, CIFS locks are sent from the Edge
Appliance to the NMC every 5 minutes. The information sent to the NMC includes the
share name, the file path, the read/write type, the locking user, the client IP address, and
the hostname.
Viewing file locks

To view file locks, follow these steps:
1. Click Filers, then click CIFS File Locks in the left-hand column. The Filer CIFS File Locks page
appears.
Figure 12-80: Filer CIFS File Locks page.

The following information appears for each CIFS client:
• Share: Name of the CIFS share.
• Path: The path in the share to each file lock.
• Type: The type of file lock, such as RDONLY, RDWR, or WRONLY.
• User: The name of the connected user.
• Client Name: The name of the client.
• Actions: Actions available for each CIFS client.

• client: Matches values in the Client field.
• clientname: Matches values in the Client Name field.
• share: Matches values in the Share field.
• user: Matches values in the User field.

Filers Page CIFS File Locks

• type: Matches values in the Type field.
Disconnecting file locks

You can disconnect existing CIFS file locks.
To disconnect a CIFS file lock, click Disconnect for the CIFS file lock that you want to disconnect.

Filers Page FTP clients
FTP clients
You can view the status of FTP/SFTP clients.
page 201.
Viewing FTP clients

To view FTP/SFTP clients, follow these steps:
1. Click Filers, then click FTP in the left-hand column. The Filer FTP Clients page displays a list of
Figure 12-81: Filer FTP Clients page.

The following information appears for each managed Nasuni Edge Appliance:
• Protocol: The protocol of the client: FTP or SFTP.
• User: The user name of the user with access to the client.

Filers Page FTP clients

• protocol: Matches values in the Protocol field.
• client: Matches values in the Client field.
• user: Matches values in the User field.
Disconnecting FTP clients

To disconnect FTP/SFTP clients, follow these steps:
1. Click Filers, then click FTP in the left-hand column. The Filer FTP Clients page displays a list of
Figure 12-82: Filer FTP Clients page.

2. For the FTP/SFTP client that you want to disconnect, click Disconnect . The Disconnect
Client dialog box appears.
3. To disconnect the client, click Disconnect Client. Otherwise, click Close.

Filers Page Filer Heuristics
Filer Heuristics
Chart
For all Nasuni Edge Appliances, or for each Nasuni Edge Appliance, you can view the number of each
type of file and the number of each size of file stored. These metrics can be useful for planning storage.
Metrics are updated after each snapshot by an Edge Appliance.
To view file metrics:
1. Click Filers, then select Heuristics from the list. The Filer Heuristics page appears.
Figure 12-83: Filer Heuristics page.

This page displays charts and tables of File Types in snapshots and File Sizes in snapshots.

2. From the Filer drop-down list, select All Filers or the specific Nasuni Edge Appliance you want
heuristics for.
Data Growth chart

A chart of Data Growth appears. This chart shows the amount of data on the vertical axis versus time
along the horizontal axis, including the following:
• Licensed data. Licensed Data is sometimes also called “Licensed Capacity” or “Storage
month.
as 9.53 MB.
metadata.

a directory.
Important: If you hover the mouse over any part of the chart, a label appears displaying details
about the amount of data at that date and time.
Figure 12-84: Details of data and time on Data Growth chart.

selected range.
File Types Written

On the left side of the page is a pie chart displaying the percentage of files in the most common
categories. Files are categorized by extension. For example, the Text category includes files with the
extensions .doc, .rtf, and .txt. If you hover the mouse over one of the pie sections, it displays the name
of the category and the number of files in that category. This includes data already protected in the
cloud, as well as data in the cache that is not yet protected. It includes the capacity of every version of
every file type. For example, if you have 10 versions of the example.txt file, the capacity of all 10
versions is included in the Text file type.
Below the pie chart is a table displaying the number of files with the most frequent file extensions. You
can sort this table by clicking EXT., CATEGORY, COUNT, or SIZE. Statistics appear for the most
frequent 50 extensions.
File Sizes in snapshots

On the right side of the page is a bar chart displaying the number of files in each size category, with the
size of the files along the vertical axis and the number of files in each size category along the horizontal
axis. If you hover the mouse over one of the bars, it displays the name of the size category and the
number of files in that category.
On the bottom right side of the page is a table displaying the number of files in each of the size
categories. You can sort this table by clicking MAX SIZE or COUNT.
Explorer and other utilities. Typically, such utilities display only the size of the data currently

present in the local cache, while Nasuni displays the full size, regardless of where the data
is.

Filers Page Network
Network
You can view network settings of Nasuni Edge Appliances.
The network address configuration is initially set during installation of the Nasuni Edge Appliance.
However, you can change network settings as required, with the Nasuni Edge Appliance user interface.
Viewing network settings

To view network settings, follow these steps:
1. Click Filers, then click Network Settings in the left-hand column. The Filer Network Settings
Figure 12-85: Filer Network Settings page.

• Hostname: The hostname of the Nasuni Edge Appliance.
• IP Addresses: The IP addresses of the Nasuni Edge Appliance. Clicking the link opens a
new window with the Nasuni Edge Appliance user interface.
• Default Gateway: The IP address of the default gateway of the Nasuni Edge Appliance.
• DNS Servers: The IP addresses of the DNS servers of the Nasuni Edge Appliance.
• Search Domains: The search domains for the Nasuni Edge Appliance.
• Details: Additional information about the network, including the following:
• Network: Number of groups and number of NICs (network interface cards). Clicking
Group or NIC opens the Network Details box.
• Firewall: Link to the Firewall Settings dialog box.
• Proxy: Whether an HTTPS proxy server is enabled: Enabled or Disabled.

Filers Page Network
2. For the selected Nasuni Edge Appliance, in the Details column, click Group or NIC to open the
Network Details dialog box.
Figure 12-86: Network Details dialog box.

The following information appears for each traffic group:
• Name: Name of the traffic group.
• Devices: The devices included in the traffic group.
• Type: The network type: Static or DHCP.
• IP Address: The IP address in IPv4 (Internet Protocol version 4) dotted decimal format. For
Azure-based and EC2-based Nasuni Edge Appliances, this is the Internal IP Address. If
you're running other machines on the EC2 or Azure platforms, you can communicate using
the Internal IP Address instead of the publicly accessible address.
• Netmask: Subnet mask of the IP address.
• MTU: The MTU (maximum transmission unit) value indicates the maximum size of each
block of information that can be sent without the data becoming fragmented.
The following information appears for each physical port:
• Port: Name of the port.
• MAC Address: Media Access Control address (MAC address) of the port.
Note: MAC addresses might not display as expected. The MAC address of the bonding
device is taken from its first secondary device. This MAC address is then passed to
all following secondary devices, and persists, even if the first secondary device is
removed, until the bonding device is brought down or reconfigured.
• Carrier: Indicates whether the network interface card (NIC) senses a carrier signal on the
Ethernet cable: yes or no.
• Speed: Speed of the port.
• Duplex: Type of duplex.
Click Close to close the dialog box.

Filers Page Network
3. For the selected Nasuni Edge Appliance, in the Details column, click View Details link to open
the Firewall Settings dialog box.
Figure 12-87: Firewall Settings dialog box.

The following information appears:
• Allowed GUI Hosts: A list of IP addresses or subnet addresses of hosts that you permit to
access your Nasuni Edge Appliance user interface. If any host can access your Nasuni Edge
Appliance user interface, the label “Any Host” appears.
• Allowed SSH Hosts: A list of IP addresses or subnet addresses of hosts that you permit to
access your Nasuni Edge Appliance’s Support SSH port. If any host can access your Nasuni
Edge Appliance’s Support SSH port, the label “Any Host” appears.
The following information appears for each traffic group:
• Traffic Group: Name of the traffic group.
• Policy: The access policy for the traffic group.
• Allowed Protocols: The protocols allowed for the traffic group.
Click Close to close the dialog box.

Filers Page Pending Updates
Pending Updates
You can view pending updates to Nasuni Edge Appliances. You can acknowledge warnings about
pending updates.
Tip: If there are errors in adding cloud credentials, an error status shows for the “Add New
Credentials” item on the “Outstanding Settings Updates to Filers” page. You can
acknowledge the error, and try entering the credentials again. See “Adding or editing cloud
credentials” on page 400.
Viewing pending updates

To view pending updates, follow these steps:
1. Click Filers, then click Pending Updates in the left-hand column. The Outstanding Settings
Updates to Filers page displays a list of pending updates.
Figure 12-88: Outstanding Settings Updates Filers page.

The following information appears for each pending update:
• Setting Change: The setting whose change is pending.
• Filer: The name of the Nasuni Edge Appliance where this change is pending.
• Initiated By: The user who initiated this pending change.
• Sent Time: The date and time when the change was initiated.
• Status: The status of the pending update. If there is a problem with the attempted action, a
caution symbol appears. Hover the mouse over the symbol for more information.
Acknowledging pending updates

To acknowledge pending updates, follow these steps:
1. On the Outstanding Settings Updates Filers page, for the pending update you want to
acknowledge, hover the mouse over the Status symbol. A message appears.
Figure 12-89: Sample message.

Filers Page Pending Updates
2. To acknowledge the message and remove the pending update from the list, click
Acknowledge. The pending update is removed from the list.
Alternatively, to exit the message without acknowledging the message or removing the pending
update, move the mouse away from the Status symbol. The message no longer appears.

Filers Page Platform Settings
Platform Settings
You can view the status and settings of Nasuni Edge Appliances running on virtual machines as well as
Nasuni Edge Appliance hardware appliance.
N1050
6000
Viewing hardware and virtual machine information

To view hardware and platform information, follow these steps:
1. Click Filers, then click Platform in the left-hand column. The Filer Platform Details page
Figure 12-90: Filer Platform Details page.

The following information appears for each managed Nasuni Edge Appliance on a virtual
platform:
• Platform: The virtual or hardware platform of the Nasuni Edge Appliance, such as Nutanix
AHV, Microsoft Hyper-V, VMware, or NF-200.
• CPU Model: The specific model of CPU.
• HW Serial (for Nasuni Edge Appliance hardware appliances only): The serial number of
the hardware appliance.
• BIOS Firmware (for Nasuni Edge Appliance hardware appliances only): The version
number of the BIOS firmware.
Tip: You can update the firmware of Nasuni Edge Appliance hardware appliances
using commands from the Service menu of the console for the Nasuni Edge
Appliance.
• BMC Firmware (for Nasuni Edge Appliance hardware appliances only): The version
number of the hardware appliance’s BMC (baseboard management controller) firmware.
Appliance.
Note: When you update the iDRAC (BMC) firmware, the old iDRAC (BMC) version
might still be displayed on the Nasuni Console, on the Edge Appliance UI, and
on the NMC. It is possible, but not necessary, to force the correct version to
display by rebooting the Edge Appliance. The iDRAC UI always shows the
correct version.
• CPU: The CPU frequency in GHz.
• sockets: The number of CPU sockets.
• cores: The number of CPU processors.
• Memory: The amount of available RAM in GiB.
1,000,000,000,000 bytes).
• Cache: The size of the local cache.

• Sensors (for Nasuni Edge Appliance hardware appliances only): Sensor information for the
platform.
• Power Supplies: The status of the power supplies. If the status is Alert, you should
• Ambient Temp (for Nasuni Edge Appliance hardware appliances only): The ambient
• Exhaust Temp (for Nasuni Edge Appliance hardware appliances only): The exhaust
• Inlet Temp (for Nasuni Edge Appliance hardware appliances only): The inlet temperature
in Celsius and Fahrenheit.
• RAID (for Nasuni Edge Appliance hardware appliances only): RAID information for Nasuni
Edge Appliance hardware appliances only.
• Battery: Status of the battery for the RAID array. If the status is Alert, you should
• Arrays: Number of RAID arrays and status of the RAID arrays. If the status is Alert, you
should investigate the situation.
• Disks: Number of disks and status of the disks. If the status is Alert, you should
If you click the Disks display, the Raid Disks dialog box displays all the disks in the
RAID array, with the status of each disk.
Figure 12-91: Raid Disks dialog box.

• Firmware: The version number of the hardware appliance’s RAID firmware.
Appliance.
• FDE: If Full Disk Encryption is enabled in the client license for a Nasuni Edge Appliance,
the status of Full Disk Encryption appears: Enabled or Not Enabled.

Filers Page Security Settings
Security Settings
You can view security settings for Nasuni Edge Appliances.
The Security mode controls who can access CIFS files and folders that the Nasuni Edge Appliance is
managing.
The following security modes are available:
• Publicly Available: (Default) The Publicly Available mode gives access to CIFS shares to all
network users. You can configure write access and specific client access.
• Active Directory: Active Directory provides a connection to an existing Windows Active
Directory server, so you can control CIFS share access based on the users and groups that an
Active Directory server manages.
to the NMC.
Note: Limits on domains, groups, users, objects, and other items are the same as the limits
of Active Directory. See Active Directory Maximum Limits - Scalability for details.
• LDAP Directory Services: LDAP Directory Services provides authentication using LDAP
domains and Kerberos security.
Important: You cannot enable both Active Directory and LDAP Directory Services for a Nasuni
Edge Appliance.
Tip: For detailed procedures for LDAP with Apple OpenDirectory, Oracle Enterprise Directory
Server (Oracle DS), and FreeIPA, see the LDAP Best Practices Guide.
Viewing security settings

To view security settings, follow these steps:
1. Click Filers, then click Security Settings in the left-hand column. The Filer Security Settings
Figure 12-92: Filer Security Settings page.


Filers Page Security Settings
• Security Mode: The security mode of the Nasuni Edge Appliance: Active Directory, LDAP
Directory Services, Publicly Available, or Unknown.
• Source Domains (Active Directory or LDAP Directory Services only): The source domains
for Active Directory or LDAP Directory Services.
• NT Name (Active Directory only): The NT Name of the Active Directory domain.
• Enabled (Active Directory only): Whether the Active Directory domain is enabled: Yes (is
enabled) or No (is not enabled).
• Provider (LDAP Directory Services only): The Directory Services Provider that matches
your LDAP and Kerberos servers, such as FreeIPA, Generic LDAP/Kerberos, or Apple
OpenDirectory.
• LDAP Servers (LDAP Directory Services only): The IP addresses or hostnames of the
LDAP servers for the Nasuni Edge Appliance to connect to.
• KDCs (LDAP Directory Services only): The IP addresses or hostnames of the Kerberos
Key Distribution Center (KDC) servers for the Nasuni Edge Appliance to connect to.
• Currently joined: Whether the Nasuni Edge Appliance is currently joined to the Active
Directory or LDAP Directory Services primary domain: Yes (is joined) or No (is not joined).

Filers Page Shared Link Status
Shared Link Status

You can view the status of shared links.
A shared link is a secure, signed URL that points to a specific file or folder within Web Access. This can
be useful for providing a trusted partner or contractor with secure access to a folder or file that they do
not have credentials to access directly. For more details on shared links, see “Shared Links” on
page 220 in the Nasuni Edge Appliance Administration Guide.
You can control how long until the shared link expires, whether a password is required, and who is
allowed to create shared links. To enable and configure shared links within Web Access, see “Web
Access Settings” on page 177.
Tip: If the creator of a shared link no longer has access to the file or directory that is the object
of the shared link, then that shared link is no longer displayed in Web Access for that
creator. The shared link is still visible on the Edge Appliance (on the Shared Links page, if
you log in with appropriate privileges) and on the NMC (on the Filer Shared Links page, if
you log in with appropriate privileges).
changes to the permissions of the user who created the link. In particular, if a user
creates a shared link, and later that user’s permissions change so that they can no
longer create shared links, the shared link they created is not affected.
Viewing shared links

To view shared links, follow these steps:
1. Click Filers, then click Shared Links in the left-hand column. The Filer Shared Links page
displays a list of shared links for managed Nasuni Edge Appliances.
Figure 12-93: Filer Shared Links page.

The following information appears for each shared link:
• Path: The path that the shared link refers to on the volume on the Nasuni Edge Appliance.
• Key: The key that signs the URL of the shared link.
• Share: The CIFS share that the shared link refers to.
• Type: The type of item that the shared link refers to, such as File or Directory.
• Create Time: The date and time that the shared link was created.

Filers Page Shared Link Status
• Expires: The date and time that the shared link expires on. You can change this using Web
Access.
• Writable: For a directory, indicates whether the shared link permits writing data to the
directory: Yes or No. You can change this by editing the CIFS share.
• Password Protected: Indicates whether a password must be entered to use the shared
link: Yes or No. You can change this by editing the CIFS share.
• Username: The username for Web Access.
• Links: If Shared Link Global User is enabled, a link to the shared link is available.
Deleting shared links

Deleting a shared link ends access using that shared link immediately. You can delete a shared link at
any time.
To delete shared links, follow these steps:
1. On the Filer Shared Links page, select the shared links that you want to delete.
2. Click Delete . The Delete Shared Links dialog box appears.
3. Click Delete Shared Links. The selected shared links are deleted. The list of shared links
changes on the Filer Shared Links page.
Alternatively, to exit the dialog box without deleting shared links, click Close.

Filers Page Shutdown and Reboot
Shutdown and Reboot

You can shut down and reboot Nasuni Edge Appliances.
When you shut down the Nasuni Edge Appliance, all users are disconnected from the system, and data
is not accessible during the shutdown process. You can choose to shut down the Nasuni Edge
Appliance immediately, or to perform a snapshot before shutting down.
Tip: Consider performing a snapshot before shutting down the Nasuni Edge Appliance.
Note: When a reboot is requested, a notification is logged that the reboot was requested and by
whom the reboot was requested.
To shut down a Nasuni Edge Appliance, follow these steps:
1. Click Filers, then select Shutdown & Reboot from the menu. The Shutdown and Reboot page
Figure 12-94: Shutdown and Reboot page.


2. Click Shutdown/Reboot. The Initiate Shutdown/Reboot dialog box appears.
Figure 12-95: Initiate Shutdown/Reboot dialog box.

3. Enter a Username (case-sensitive) and Password (case-sensitive) that has permission to
perform this operation.
4. Select one of the following options:
• Perform snapshot before shutting down: Performs a snapshot before shutting down. This
ensures that data is fully protected in cloud storage before shutting down. However, this
process can take considerable time, depending on the size of the cache and the amount of
changed and new data in the cache.
Note: With each Nasuni snapshot, configuration information is included, in case it is
necessary to recover the Edge Appliance. The configuration information includes
volume name, volume GUID, share type, software version, last pushed version,
retention type, and permissions policy. The configuration bundle is encrypted in the
same way that all the customer data is encrypted.
If you receive an alert that such backup configurations have failed, this might be
due to intermittent network issues, or possibly due to DNS issues. If you see
notifications that the Edge Appliance has successfully completed a snapshot after
the backup alert, then you can safely ignore the alert.
Tip: On the Microsoft Azure virtual platform, virtual machines that have been shut down
continue to incur compute charges. To avoid these charges, use the Azure
Management Portal at
https://portal.azure.com/ to stop or delete the virtual machines.

• Shut down immediately: (Default) Shuts down the Nasuni Edge Appliance without
performing a snapshot. Data that has not already been captured by a snapshot is not
protected in cloud storage. However, data in the cache is not lost. A message notifies you
that the system is shutting down. If you change your mind, you have 60 seconds to cancel
the shutdown.
Tip: On the Microsoft Azure virtual platform, virtual machines that have been shut down
continue to incur compute charges. To avoid these charges, use the Azure
Management Portal at
https://portal.azure.com/ to stop or delete the virtual machines.
• Reboot immediately: Reboots the Nasuni Edge Appliance without performing a snapshot.
5. Click Update. The selected Nasuni Edge Appliances shut down or reboot, as specified.
Alternatively, to exit the dialog box without shutdown or reboot, click Close.

Filers Page Software Updates
Software Updates
You can view the currently available Nasuni Edge Appliance software updates, and update the
software.
When a newer version of the Nasuni Edge Appliance software is available for installation, you can
update the software from the Nasuni Management Console. When you update your software, your
Nasuni Edge Appliance is updated to the newer version.
software.
Caution: Updating the software disconnects all users currently using the Nasuni Edge
Appliance. The system can take several minutes to reboot. The time to reboot can be
longer if one-time upgrade operations are necessary.
hours, because this can disrupt access. Apply software updates at night or on weekends.
Tip: Review the release notes of all releases between your current release and the most recent
release. See “Viewing the Nasuni Management Console Release Notes” on page 58 for
details. You can also view Release Notes.
Tip: You can configure the Nasuni Edge Appliance to apply updates automatically. For details,
see “Automatic Software Updates” on page 284.
Viewing Nasuni Edge Appliance software updates

To view Nasuni Edge Appliance software updates, follow these steps:
1. Click Filers, then click Software Updates in the left-hand column. The Filer Software Updates
Figure 12-96: Filer Software Updates page.

• Current Version: The current version of the software running on the Nasuni Edge Appliance.
If an update is available, the label “Update Available” appears.
• Available Version: The highest currently available version of the Nasuni Edge Appliance
software. If the highest currently available version of the Nasuni Edge Appliance software is
already running on the Nasuni Edge Appliance, the label “No updates available” appears.
2. To force a check for available software updates, click Check for Updates. A check for updates
is done for all Nasuni Edge Appliances in the list.

Updating Nasuni Edge Appliance software

software.
To update the Nasuni Edge Appliance software, follow these steps:
1. On the Filer Software Updates page, select the Nasuni Edge Appliances in the list whose
software you want to update.
2. Click Update Filers. The Update Filer dialog box appears.
Figure 12-97: Update Filer dialog box.

3. Update Filer in the Confirmation Phrase text field.
4. Click Update Filer. The software on the selected Nasuni Edge Appliances is updated. The
Nasuni Edge Appliances appear in the list on the Filer Software Updates page.
Alternatively, to exit the dialog box without updating the software, click Close.


Filers Page System Alerts
System Alerts
Edit
You can configure Nasuni Edge Appliances to issue alerts for the following conditions:
• Snapshots do not occur for more than a specified time.
• For Edge Appliances before version 8.8: CPU usage exceeds a specified threshold for more
than a specified time.
Note: For Edge Appliances at version 8.8 or later, CPU status is part of “Health Monitor” on
page 280.
• For Edge Appliances before version 8.8: Memory usage exceeds a specified threshold for more
than a specified time.
Note: For Edge Appliances at version 8.8 or later, memory status is part of “Health Monitor”
on page 280.
To view charts of CPU activity and memory usage, see “CPU Activity” on page 277 and “Memory
Usage” on page 277.
To configure alerts, follow these steps:
1. Click Filers, then select System Alerts from the list on the left-hand side. The Filer System
Alerts page displays a list of managed Nasuni Edge Appliances.
Figure 12-98: Filer System Alerts page.

• Enabled Alerts: The alerts that are enabled for that Nasuni Edge Appliance. These include
the following:
• Snapshot Alert: The alarm is issued if the volume has no snapshots for the specified
Duration.
• (For Edge Appliances before version 8.8) CPU Alert: The alarm is issued if the CPU
usage exceeds the specified Threshold for the specified Duration.
Note: For Edge Appliances at version 8.8 or later, CPU status is part of “Health
Monitor” on page 280.
• (For Edge Appliances before version 8.8) Memory Usage Alert: The alarm is issued if
the memory usage exceeds the specified Threshold for the specified Duration.
Note: For Edge Appliances at version 8.8 or later, CPU status is part of “Health
Monitor” on page 280.

Filers Page System Alerts
• (For Edge Appliances before version 8.8) Threshold: For CPU Alerts and Memory Usage
Alerts, the threshold for the alert.
Note: For Edge Appliances at version 8.8 or later, CPU status and memory status are part
of “Health Monitor” on page 280.
• Duration: The duration of the alert condition.
2. On the Filer System Alerts page, select the Nasuni Edge Appliances in the list whose alerts you
want to configure.
3. Click Edit Items. The System Alerts dialog box appears.
Figure 12-99: System Alerts dialog box (for Edge Appliances before version 8.8).
4. To copy the System Alerts settings from a Nasuni Edge Appliance, select the Nasuni Edge
Appliance from the Copy Settings drop-down list. The System Alerts settings of the selected
5. To set a snapshot alert, set the Enabled switch to On. Enter a Duration, in days. The alarm is
issued if the volume has no snapshots for the specified Duration.
6. (For Edge Appliances before version 8.8) To set a CPU usage alert, set the Enabled switch to
On. Enter a Threshold as a percentage of CPU usage. Enter a Duration, in minutes. The alarm
is issued if the CPU usage exceeds the specified Threshold for the specified Duration.
7. (For Edge Appliances before version 8.8) To set a memory usage alert, set the Enabled switch to
On. Enter a Threshold as a percentage of memory usage. Enter a Duration, in minutes. The
alarm is issued if the memory usage exceeds the specified Threshold for the specified Duration.
8. Click Save Alerts.

Filers Page SSL Certificates
SSL Certificates
You can view information about SSL certificates.
By default, the Nasuni Edge Appliance is preloaded with a self-signed SSL certificate that is unique to
the Nasuni Edge Appliance.
You can also use other SSL certificates to manage the Nasuni Edge Appliance.
Tip: For managing SSL certificates for Nasuni Edge Appliances, you must use the Nasuni Edge
Appliance UI. For details, see the “SSL Server and Client Certificates” section of the
Configuration Page chapter of the Edge Appliance Administration Guide for instructions on
how to perform these tasks:
• View SSL CA-signed server certificates or self-signed server certificates.
• Generate SSL CA-signed server certificates and self-signed server certificates.
• Copy existing SSL server certificates.
• Upload SSL server certificates.
• Replace SSL server certificates and SSL server certificate chains.
• Set SSL server certificates.
• Download or save an SSL server certificate.
• Delete SSL server certificates or certificate requests.
• Reset an SSL certificate.
• View SSL client certificates.
• Upload SSL client certificates.
• Delete SSL client certificates.
Note: If something ever goes wrong with the certificates and you are unable to access the
Nasuni Edge Appliance user interface, use the service menu console on your hardware
appliance or virtual machine to enter the resetguicert command to reset the certificate
to the default self-signed certificate.

Filers Page SSL Certificates
Viewing SSL certificate information

To view SSL certificate information, follow these steps:
1. Click Filers, then click SSL Certificates in the left-hand column. The SSL Certificates page
Figure 12-100: SSL Certificates page.

• SSL Certificates: A list of the SSL certificates of the Nasuni Edge Appliance. Each SSL
certificate is labeled either “Currently in use by the Filer web-based user interface.” or “Can
be enabled for use by the Filer web-based user interface.”.

Chapter 13: Account Status Page
Account Status
On the Account Status page, you can view account information and refresh the license.
You can also view serial numbers and authorization codes for Nasuni Edge Appliances.
You can also view, configure, change, and delete cloud credentials for Nasuni Edge Appliances.
Viewing account status

Click Account Status. The Account Status page displays information about the account.
Figure 13-1: Account Status page.

In the Account area, the following information appears:
• Account: Name of the account.
• Serial Number: The serial number for this subscription.
• Subscription: Subscription mode, such as Standard, Trial, Manual, or Monthly.
• Expires: The date on which the subscription expires, and how long until that date.
In the Filers area, the following information appears:
• Max Filers: Maximum number of Nasuni Edge Appliances allowed for this subscription.
• Max Volumes: Maximum number of volumes for each Nasuni Edge Appliance allowed for this
subscription.

Account Status Page Account Status
In the Remote Access area, the following information appears:

• Max Volumes: For this subscription, the maximum number of shared volumes for remote
access allowed across all Edge Appliances.
• Max Group Size: For this subscription, the maximum number of Edge Appliances allowed to
connect to a shared volume for remote access.
In the Storage area, the following information appears:
• Capacity: Total capacity licensed.
Note: If the licensed capacity is exceeded, you can still store more data temporarily. If your
total stored data nears or exceeds your licensed capacity, you receive warnings to
increase your licensed capacity.
• Used: The amount of the usable capacity actually in use.
This is also called “Now” data, which does not include data not yet protected, includes the
current version only, does not include previous versions, and represents the size of data before
encryption, compression, and deduplication. For more detail, see Nasuni Data Metrics.
• Available: The amount of the usable capacity still available for use.
• Estimated Cloud Usage: If the customer license includes public or private cloud providers, and
if the amount of data stored with public or private cloud providers is greater than zero, the Cloud
deduplication. Cloud Usage data does not include unprotected data in the cache.
Refreshing license
Licenses automatically refresh every 24 hours. However, you can manually refresh the license by
clicking Refresh License.
The message “Successfully updated license.” appears. Click the x to close this message box.

Account Status Page Cloud Credentials
Cloud Credentials
Nasuni enables customers to execute a multi-cloud IT strategy and select the most appropriate object
storage for their business by offering support for the leading private and public cloud (aka BYOC)
storage platforms, including Amazon Simple Storage Service (Amazon S3), Dell EMC Elastic Cloud
Storage (ECS), Google Cloud Storage, Hitachi Content Platform (HCP), IBM Cloud Object Storage, and
Microsoft Azure Storage.
Cloud credentials define the connection between the Nasuni Edge Appliance and the cloud storage
provider. They generally consist of the location of the cloud storage provider, as well as access keys
and identification.
Important: You must create and maintain your own cloud storage account. Nasuni does not
have access to your cloud storage account.
Tip: In the Nasuni model, customers provide their own cloud accounts for the storage of their
data. Customers should leverage their cloud provider's role-based access and identity
access management features as part of their overall security strategy. Such features can be
used to limit or prohibit administrative access to the cloud account, based on customer
policies.
Tip: You must configure cloud credentials before adding a volume that uses those cloud
credentials.
Tip: If you have a requirement to change Cloud Credentials on a regular basis, use the following
procedure, preferably outside office hours:
• Obtain new credentials. Credentials typically consist of a pair of values, such as Access
Key ID and Secret Access Key, Account Name and Primary Access Key, or User and
Secret.
• On the Cloud Credentials page, edit the cloud credentials to use the new credentials.
• The change in cloud credentials is registered on the next snapshot that contains
unprotected data.
Manually performing a snapshot also causes the change in cloud credentials to be
registered, even if there is no unprotected data for the volume.
• After each Edge Appliance has performed such a snapshot, the original credentials can
be retired with the cloud provider.
Warning: Do not retire the original credentials with the cloud provider until you
are certain that they are no longer necessary. Otherwise, data might
become unavailable.

Viewing cloud credentials

To view cloud credentials:
1. On the Account Status page, click Cloud Credentials. The Cloud Credentials page displays a list
of cloud credentials.
Figure 13-2: Cloud Credentials page.

The following information appears for each set of credentials in the list:
• Name: The name of the set of credentials.
• Filer: The names of the Nasuni Edge Appliances that use these credentials.
• Volumes: The names of the volumes that use these credentials.
• Cloud: The cloud provider.
• Actions: Actions available for each set of credentials.

Adding or editing cloud credentials

To add or edit cloud credentials:

2. To add new credentials, click Add New Credentials and select the platform.
Alternatively, to edit existing credentials, click Edit for the credentials to edit.
Tip: Be careful changing existing credentials. The connection between the Nasuni Edge
Appliance and the cloud storage provider could become invalid, causing loss of data
access. Credential editing is to update access after changes to the cloud storage
parameters.

3. A page appropriate to your selected platform appears. We show the page for Hitachi Content
Platform (HCP) cloud credentials as an example only.
Figure 13-4: Add Hitachi Content Platform (HCP) Credentials page.

4. Enter the credentials for your platform.
For Amazon Simple Storage Service (Amazon S3), credentials include the following:
Tip: For Amazon S3 GovCloud, see next section below.
• Name: A name for this set of credentials, which is used for display purposes.
• Access Key ID: The Amazon S3 Access Key ID for this set of credentials.
• Secret Access Key: The Amazon S3 Secret Access Key for this set of credentials.

• Hostname: The hostname for the location of the cloud service provider. Use the default
setting: s3.amazonaws.com
For the following regions, use the specified hostnames:
Location Code Hostname
Africa (Cape Town) af-south-1 s3.af-south-1.amazonaws.com
Asia Pacific (Hong Kong) ap-east-1 s3.ap-east-1.amazonaws.com
Europe (Milan) eu-south-1 s3.eu-south-1.amazonaws.com
Middle East (Bahrain) me-south-1 s3.me-south-1.amazonaws.com
Tip: To use one of these regions, ensure that the region is enabled in the customer
Amazon S3 account. For details, see Setting permissions to enable accounts for
upcoming AWS Regions.
• Verify SSL Certificates: For self-signed certificates, certificates generated with a private
root CA, or a default certificate: Off. For fully valid SSL certificate: On.
• Notes: Optional information to save.
For Amazon S3 GovCloud, credentials include the following:

Tip: For Amazon S3, see previous section above.
• Access Key ID: The Amazon S3 Access Key ID for this set of credentials.
• Secret Access Key: The Amazon S3 Secret Access Key for this set of credentials.
• Hostname: The hostname for the location of the cloud service provider.
For the GovCloud East region, use s3.us-gov-east-1.amazonaws.com
For the GovCloud West region, use s3.us-gov-west-1.amazonaws.com
For Google Cloud Storage, credentials include the following:

• Access Key ID: The Google Cloud Storage Access Key ID for this set of credentials.
• Secret Access Key: The Google Cloud Storage Secret Access Key for this set of
credentials.
• Hostname: The hostname for the location of the cloud service provider. The default
hostname is storage.googleapis.com
• Verify SSL Certificates: Use the default On setting.

For Microsoft Azure, credentials include the following:

Tip: For Microsoft Azure Gov Cloud, see next section below.
• Account Name: The Microsoft Azure Storage Account Name for this set of credentials.
• Primary Access Key: The Microsoft Azure Primary Access Key for this set of credentials.
• Hostname: The hostname for the location of the cloud service provider. Use the default
setting: blob.core.windows.net
For Microsoft Azure Gov Cloud, credentials include the following:

• Account Name: The Microsoft Azure Storage Account Name for this set of credentials.
• Primary Access Key: The Microsoft Azure Primary Access Key for this set of credentials.
• Hostname: The hostname for the location of the cloud service provider. Use:
blob.core.usgovcloudapi.net
For IBM Cloud Object Storage, credentials include the following:

• User: The IBM Cloud Object Storage Username for this set of credentials. “Vault
Provisioner” access must be enabled.
• Secret: The IBM Cloud Object Storage Password for this set of credentials.
• Hostname: The dsNet Accesser IP address.
For Dell EMC Elastic Cloud Storage (ECS), credentials include the following:
• Access Key ID: The user name recognized by the Dell EMC Elastic Cloud Storage (ECS)
system for this set of credentials.

• Secret Access Key: The object data store key from the Dell EMC Elastic Cloud Storage
(ECS) UI for this set of credentials.
• Hostname: The hostname for the location of the cloud service provider.
Path-Based Addressing should be used with ViPR/ECS. If using a namespace, add it to the
end of the path: vipr1.yourco.com/mynamespace
For Hitachi Content Platform (HCP), credentials include the following:

• Access Key ID: The Base64-encoded username for your user account for the Hitachi
Content Platform (HCP) system for this set of credentials. This is the left-hand part of the
authorization token.
• Secret Access Key: The object data store key from the Hitachi Content Platform (HCP) UI
for this set of credentials. This is the right-hand part of the authorization token.
• Hostname: The public endpoint URL of the region supplied by your public cloud (aka
BYOC) storage provider.
5. For all types of credentials, select the Nasuni Edge Appliances that you want the credentials to
be available on.
6. Click Save Credentials.
The credentials are saved under the provided name. You can now use these credentials to add new
volumes on the customer-provided cloud providers.
If there are any errors in adding the credentials, an error status shows for the “Add New Credentials”
item on the “Outstanding Settings Updates to Filers” page. See “Pending Updates” on page 376.
You can acknowledge the error, and try entering the credentials again.
At this point, you can begin adding volumes to the Nasuni Edge Appliance. Volume creation, volume
connection and credentials verification can each take up to 2 minutes.

Copying cloud credentials

You can copy cloud credentials from one Edge Appliance to other Edge Appliances.
To copy cloud credentials:
1. On the Account Status page, click Cloud Credentials. The Cloud Credentials page displays a
list of cloud credentials.

2. To copy cloud credentials, click Copy for the set of credentials to copy. The "Copy
Credentials" dialog box appears. (We show the page for Google Cloud Storage for illustration
purposes.)
Figure 13-6: "Copy Google Cloud Storage Credentials" dialog box.

3. Optionally, modify the parameters such as Access Key ID, Secret Access Key, Hostname,
Verify SSL Certificates, or Notes. (We show the parameters for Google Cloud Storage for
illustration purposes.)
4. Select the Edge Appliances to copy this set of cloud credentials to.
5. Click Save Credentials.
The cloud credentials are copied to the specified Edge Appliances.

Deleting cloud credentials

To delete cloud credentials:

2. To delete cloud credentials, click Delete .The Delete Credentials box appears.
Figure 13-8: Delete Credentials box.

3. Verify the name of the cloud credentials to be deleted.
4. Delete Credential in the Confirmation Phrase text box.
5. Click Delete Credentials.
The specified cloud credentials are deleted.

Account Status Page Serial Numbers
Serial Numbers
On the Serial Numbers page, you can view and obtain the serial numbers associated with your Nasuni
account for Nasuni Edge Appliances and the NMC. You need serial numbers and authorization codes
to install or recover Nasuni Edge Appliances.
Viewing serial numbers and authorization codes

On the Account Status page, click Serial Numbers. The Serial Numbers page displays serial
numbers and authorization codes.
Figure 13-9: Serial Numbers page.

• Serial Number: The serial number.
• Auth Code: The 6-letter authorization code.
• Actions: Actions available for this serial number. You can refresh the Auth Code by clicking
Refresh.
• Type: The type of serial number: Nasuni Edge Appliance or NMC.
• Description: The description of the Nasuni Edge Appliance or NMC for this serial number.
• Version: The version of the Nasuni Edge Appliance or NMC for this serial number.

Chapter 14: Console Settings Page
On the Console Settings page, you can view an overview of the configuration of the Nasuni
Management Console.
From the Console Settings page, you can also perform the following actions:
• Schedule automatic updates of the Nasuni Management Console software.
• Change the description of the Nasuni Management Console.
• Configure email settings for Nasuni Edge Appliances and the Nasuni Management Console.
• Configure SNMP settings for the Nasuni Management Console.
• Configure console syslog export settings for the Nasuni Management Console.
• Configure time servers for the Nasuni Management Console.
• Configure Directory Services for Active Directory and LDAP Directory Services.
• Manage encryption keys.
• Manage NMC API access keys.
• Review SSL certificates for the Nasuni Management Console.
• Manage users and groups for the Nasuni Management Console.
• Configure the firewall for the Nasuni Management Console.
• Configure network settings for the Nasuni Management Console.
• Configure proxy server settings for the Nasuni Management Console.
• Update the Nasuni Management Console software.
• Configure remote support settings for the Nasuni Management Console.
• Send diagnostic information to Nasuni Technical Support about the Nasuni Management
Console.

Console Settings Page Configuration Overview page
Configuration Overview page

Click Console Settings. The Configuration Overview page displays.
Figure 14-1: Configuration Overview page.

This page serves as a dashboard for the status of the Nasuni Management Console.
In the Console Settings area, the following information appears:
• Description: The description of the Nasuni Management Console.
• Automatic Updates: The days of the week and the time on which to look for automatic
software updates. If no days are selected to look for automatic software updates, then
automatic software updates are disabled.
• Email Settings: If email alerts are enabled, indicates destination email addresses to which to
send alerts. If email alerts are configured but not enabled, the status is “Email alerts configured
but disabled”. If email alerts are not configured, the status is “Email alerts not configured”.
• SNMP Monitoring: Indicates whether SNMP monitoring is enabled or disabled.
• Time Zone: The configured time zone.
• Time Servers: The configured Network Time Protocol (NTP) servers.
To change any of these settings, click the setting. The appropriate page opens.
In the Users & Security area, the following information appears:

• Encryption Keys: The number of encryption keys currently in use.
• SSL Certificates: The number of SSL certificates available.
• Users / Groups: The number of permission groups and users defined.

Console Settings Page Configuration Overview page
In the Network area, the following information appears:

• Hostname: The hostname for the Nasuni Management Console.
• IP Address: The IP address, plus an indication of the type of IP address: either Static or DHCP.
• Firewall Allowed Hosts: The hosts that you permit to access your Nasuni Management
Console user interface.
• Proxy: If proxy server is enabled, indicates the proxy server. If proxy server is not enabled, the
status is “Proxy disabled”.
In the Services & Support area, the following information appears:

• Software Update: Indicates any available software updates.
• Remote Support: If Remote Support is enabled with no time limit, indicates “The service is
running”. If Remote Support is enabled with a time limit, gives the time until the service shuts
down. If Remote Support is not enabled, indicates “The service is not running”.
• Uptime: The length of time this Nasuni Management Console has been running.

Console Settings Page Automatic Software Updates for NMC
Automatic Software Updates for NMC

You can schedule automatic software updates for the Nasuni Management Console on the Console
Automatic Updates page. This feature is disabled by default.
Important: The version of the Nasuni Management Console must be equal to or greater than the
version of the Nasuni Edge Appliance that the Nasuni Management Console is to
manage. If a Nasuni Edge Appliance is joined to a Nasuni Management Console,
update the Nasuni Management Console software before updating the Nasuni Edge
Appliance software.
Tip: To prevent automatic software updates from occurring at inconvenient times, specify the
days and times for automatic software updates to occur. To prevent automatic software
updates entirely, clear all days and times.
Note: Updating the Nasuni Management Console software does not affect Nasuni Edge
Appliances or access to data.
You can also manually update the Nasuni Management Console software, as detailed in “Software
Update for NMC” on page 492.
Viewing automatic software update settings for the NMC

To view automatic software update settings for the Nasuni Management Console, follow these steps:
1. Click Console Settings, then click Automatic Updates in the left-hand column. The Console
Automatic Updates page displays the current schedule for automatic updates of the software
for the Nasuni Management Console.
Figure 14-2: Console Automatic Updates page.

• Days: The days of the week on which to look for automatic software updates. If no days are
selected to look for automatic software updates, then automatic software updates are
disabled.
• Time: The time at which to look for automatic software updates on the selected days.

Console Settings Page Automatic Software Updates for NMC
Editing automatic software update settings for the NMC

To edit automatic software update settings for the Nasuni Management Console, follow these steps:
1. On the Console Automatic Updates page, select the days to look for automatic software
updates (for example, Sunday, Tuesday, and Thursday).
2. From the Time drop-down list, select the time on the selected days to look for automatic
software updates.
3. Click Save Schedule. The automatic software update settings for the Nasuni Management
Console are changed.

Console Settings Page Description
Description
You can view and change the description of the Nasuni Management Console on the Console
Description page.
You can change the name of the Nasuni Management Console from the name assigned when you
installed it. The name can be up to 255 characters in length.
Caution: Avoid using characters that systems, such as Active Directory, specify as disallowed,
including period (.), backslash (\), forward slash (/), colon (:), asterisk (*), question mark
(?), quotation mark ("), less than sign (<), greater than sign (>), and vertical bar (|). Errors
can occur for a Nasuni Management Console whose name includes such characters.
For example, it might not be possible to configure the Nasuni Management Console for
Active Directory access.
Viewing description
To view description, follow these steps:
1. Click Console Settings, then click Description in the left-hand column. The Console
Description page displays the description of the Nasuni Management Console.
Figure 14-3: Console Description page.

• Description: The description of the Nasuni Management Console.
Editing the description

To edit the description of the Nasuni Management Console, follow these steps:
1. On the Console Description page, enter a new description in the Description text box.
Caution: Avoid using characters that systems, such as Active Directory, specify as
disallowed, including period (.), backslash (\), forward slash (/), colon (:), asterisk (*),
question mark (?), quotation mark ("), less than sign (<), greater than sign (>), and
vertical bar (|). Errors can occur for a Nasuni Management Console whose name
includes such characters. For example, it might not be possible to configure the
Nasuni Management Console for Active Directory access.
2. To accept your selections, click Save Description. The description is changed.

Console Settings Page Email Settings
Email Settings
You can configure email alerts, which are sent to your email account from the Nasuni Management
Console. Email configurations apply to Nasuni Edge Appliances under the control of the Nasuni
Management Console. The alert messages you receive can also be viewed on the Notifications page.
To select which alerts to receive, see “Adding Permission Groups” on page 480.
Note: Nasuni Edge Appliances managed by the NMC send emails using this configuration.
Emails are sent by the NMC. No emails are sent directly by managed Nasuni Edge
Appliances.
To configure email settings:
1. Click Console Settings, then select Email Settings in the left-hand column. The Filer &
Console Email Settings page appears.
Figure 14-4: Filer & Console Email Settings page.

2. To enable email notifications, set Enable Email to On. To disable email notifications, set Enable
Email to Off.

Console Settings Page Email Settings
3. To send a test email with these settings when you click Save Settings, select the Test Settings
check box.
4. Enter a source email address in the From name text box. You can use this source email
address to filter emails or ensure that it does not go into a spam folder.
5. In the Test Email Recipient text box, enter a destination email address, to which to send alerts.
6. Specify the SMTP server in the SMTP server text box. For example, mail.mycompany.net.
When sending an email alert, Nasuni logs into the specified SMTP server using the specified
credentials and sends the email from the source email address.
7. Specify the SMTP port number in the SMTP port text box. If you do not specify a value, the
default port 25 is used.
8. Optionally, enter a login name (for example, an email account) in the Login text box (case-
sensitive) if your email server requires it. For example, name@mycompany.com. Optionally,
enter a password (case-sensitive) in the Password text box if your email server requires it.
9. If you require TLS security, select the Require TLS check box.
If this check box is selected, and the email server does not support TLS security, the Nasuni
Edge Appliance does not use the server.
If the check box is not selected, TLS security is still used by default if the email server supports
it.
10. To test your settings and then save your settings, click Save Settings. If Test Settings is
selected, a test message is sent to the specified email address for confirmation purposes.

Console Settings Page SNMP Monitoring
SNMP Monitoring
You can configure SNMP monitoring of the Nasuni Management Console.
The Nasuni Edge Appliance supports monitoring via the Simple Network Management Protocol (SNMP)
v1, v2c, and v3. The Nasuni Edge Appliance exposes the standard SNMPv1 MIB (management
information base), as well as the NASUNI-FILER-MIB, SNMPv2-MIB, HOST-RESOURCES-MIB, UCD-
SNMP-MIB, UCD-DISKIO-MIB, and IF-MIB. Both 32-bit and 64-bit SNMP network counters are
supported. Each of the displayed MIBs is a link. If you click a link, a page with that MIB information
appears.
As the SNMP agent, Nasuni receives requests on UDP port 161 from the third-party SNMP manager
that is used for system monitoring. Nasuni sends agent responses back to the source port on the third-
party SNMP manager. The third-party SNMP manager receives notifications (including Traps and
InformRequests) on SNMP destination port 162. You cannot change port 161 or port 162.
Note: Nasuni automatically provides the EngineID value.
Editing SNMP settings

To edit SNMP settings, follow these steps:
1. Click Console Settings, then click SNMP Monitoring in the left-hand column. The Console
SNMP Monitoring page appears.
Figure 14-5: Console SNMP Monitoring page.

Console Settings Page SNMP Monitoring
2. To enable SNMP v1,v2c monitoring, click Enable v1,v2c Support. Selecting On enables SNMP
v1,v2c monitoring. Selecting Off disables SNMP monitoring.
If you enable SNMP v1,v2c monitoring, in the Community Name text box, enter the SNMP
community name for the Nasuni Management Console. The default community name is
public. Changing the community name from the default improves security.
3. To enable SNMP v3 monitoring, click Enable v3 Support. Selecting On enables SNMP v3
monitoring. Selecting Off disables SNMP monitoring.
If you enable SNMP v3 monitoring, enter a Username and Password for SNMP v3
authorization.
4. If you enable SNMP monitoring, in the System Location text box, enter the physical location of
the Nasuni Management Console.
5. If you enable SNMP monitoring, in the System Contact text box, enter the contact information
of the person responsible for SNMP monitoring for the Nasuni Management Console.
6. Click Save SNMP Settings. The SNMP settings are changed.

Console Settings Page Syslog Export
Syslog Export
Syslog Export enables you to direct NMC console notifications to your syslog servers. Tools that work
with syslog can then process, store, and report on these messages. The syslog protocol is used to
convey event notification messages. It also provides a message format that allows vendor-specific
extensions to be provided in a structured way. Syslog Export supports UDP protocol. For more details,
see “Syslog Export” on page 336.
Tip: Because each Edge Appliance sends syslog messages directly to the specified syslog
servers, ensure that the appropriate port is open between each Edge Appliance and the
syslog servers. This is usually UDP port 514.
A standard syslog message (based on the RFC 5424 specification) uses the following format:
<PRIORITY>VERSION TIMESTAMP HOSTNAME APPLICATION
PROCID MESSAGEID [STRUCTURED_DATA] MESSAGE
where:
Priority Numerical Priority is a combination of the numerical Facility

value and the numerical Severity value, such that:
Priority = 8 * Facility + Severity
The Facility value is a numerical logging
component associated with the message:
16 (Local0) through 23 (Local7).
Severity values are one of the following:
1 (Alert = Nasuni Alert),
2 (Critical = Nasuni Critical),
3 (Error = Nasuni Error),
4 (Warning = Nasuni Warning),
5 (Notice = Nasuni Admin), or
6 (Info = Nasuni Info).
Version Numerical Version of syslog messaging.
Timestamp String timestamp Timestamp, in ISO 8601 format.
Hostname String FQDN hostname or IP address.
Application String Device or Application that triggered the message.

Default of “Edge Appliance” or “NMC”.
Process ID Arbitrary String or ID to improve log aggregation grouping.
Message ID String Message IDs allow aggregators to filter messages

and typically indicate messages of the same
semantics/format.

Structured Data Structured Data Elements (Not currently used. A ‘-’ appears instead.)
Unique data elements consisting of well-known
key-value pairs within a set of brackets.
Message Unicode UTF-8 String Message data.
Editing console syslog export settings

To edit console syslog export settings, follow these steps:
1. Click Console Settings, then click Console Syslog Export Settings in the left-hand column.
The Console Syslog Export Settings page appears.
Figure 14-6: Console Syslog Export Settings page.

2. In the Servers text box, enter a comma-separated list of hosts (and, optionally, ports) to receive
syslog events, in host[:port] format.
3. To send console Notification messages to syslog Servers, set “Send Notification messages”
to On.
4. From the Logging Facility drop-down list, select the facility to use for console Notification
messages.
5. From the “Lowest Log Level” drop-down list, select the lowest Notification level to send. Each
Notification level includes all the Notifications in the levels above it in the drop-down list. For
example, the ‘Info’ level includes all the other levels, but the ‘Alert’ level includes only alerts.
6. To send test messages to the currently listed Servers, click “Send Test Messages”. A test
message is sent to all listed Servers. If Notifications are on, the messages use the selected
Notification level and facility. If Audit is on, but Notifications are off, the messages use the
‘Audit’ level and facility. If neither is on, the messages are sent with the selected Notification
facility at ‘Info’ level.
Sending test messages does not save the configuration.

7. Click Save Settings. Your settings are saved.

Console Settings Page Time Configuration
Time Configuration
You can set the time zone and time server for the Nasuni Management Console, which are necessary
for notifications and file sharing purposes. The time zone setting you select should be for the region
where the Nasuni Management Console is located. For example, use “US/Eastern” if you are located in
the eastern part of the United States.
Setting time zone and time source

Caution: Editing the Edge Appliance time configuration (time zone or time servers) disconnects
and resets all currently connected SMB clients for the selected Edge Appliance.
To set time zone and time source for the Nasuni Management Console, follow these steps:
1. Click Console Settings, then click Time Configuration in the left-hand column. The Console
Time Configuration page appears.
Figure 14-7: Console Time Configuration page.

• Current Time: The current date and time of the Nasuni Management Console.
2. From the Time Zone drop-down list, select a time zone.
3. In the Time Server text box, enter the names of one or more valid Network Time Protocol (NTP)
servers, separated by commas. By default, all Nasuni Edge Appliances are set to use Nasuni's
NTP server, time.nasuni.com, to set the time daily. If you cannot open port 123 in your firewall to
access time.nasuni.com, you should change to an internal NTP server.
4. Click Save Timezone. The time zone and time source settings are changed.

Console Settings Page Directory Services
Directory Services
The Nasuni Management Console supports Directory Services using either Active Directory or LDAP
(Lightweight Directory Access Protocol) with Kerberos for authentication.
page 534.
Edge Appliance.
Important: To connect an Edge Appliance to a shared volume owned by another Edge
Appliance, the following must be true:
• The Edge Appliance must join the same domain as the owning Edge Appliance.
• The domain configuration for the Edge Appliance must match the domain
configuration for the owning Edge Appliance.
Tip: You can configure users and groups so that users have access to data even if domain
connectivity fails. For details, see Appendix E, “Ensuring user access to data if domain
connection lost,” on page 515.
You can associate an Active Directory or LDAP Directory Services domain group with a permission
group. This enables you to log in using Active Directory or LDAP Directory Services credentials. See
“Adding Permission Groups” on page 480.
About Active Directory

page 534.
Microsoft's Active Directory (AD) service is capable of providing security across multiple domains or
forests through domain and forest trust relationships. The trusts established between domains allow or
deny users access to resources outside their native domain. After you establish the correct trust
relationships among your Active Directory servers, you can enable access and permissions for users
and groups within the trusted domains. Configuration of trusts between domains is outside the scope
of this document.
Tip: Nasuni also supports the “Identity Management for UNIX” role service for Active Directory.
This feature allows UNIX-style user and group identities to be stored in Active Directory, and
can synchronize identity management across CIFS (SMB) and NFS.
If your organization requires this functionality:
• During the initial engagement, inform Nasuni Professional Services of your needs.
• Configure Active Directory in consultation with Nasuni Professional Services or Nasuni
Support.

• Request Nasuni Support to configure the Edge Appliance for Active Directory Unix
Extensions (RFC 2307).
The Nasuni Edge Appliance can join one Windows Active Directory domain server and access its users
and groups. These users and groups can only be edited through Active Directory tools.
Note: Limits on domains, groups, users, objects, and other items are the same as the limits of
Active Directory. See Active Directory Maximum Limits - Scalability for details.
Important: If joining an Active Directory domain, members of the Active Directory "Protected
Users" security group cannot be used to join the domain. This is due to the login
restrictions for members of that security group. Nasuni recommends using a Domain
Admin account that is not a part of the “Protected Users” group to join Active
Directory.
The Nasuni Management Console joins one domain, called the primary domain. If the client’s
environment has valid, active trust relationships between the primary domain and other domains, the
Nasuni Management Console attempts to discover those domains automatically. You can then select
which of the non-primary domains to allow to access the Nasuni Management Console.
the NMC.
The Nasuni Management Console offers support for trusted domains of multiple Active Directory
servers. This can simplify enabling access and permissions for users and groups within trusted
domains. To use trusted domains of multiple Active Directory servers, you must establish the correct
trust relationships among your Active Directory servers.
There are two aspects to trusted domain support: authentication and sharing. The authentication
aspect allows a user to access a Nasuni Management Console's resources in a different domain. The
sharing aspect enables systems in different domains to access the same data.
About LDAP Directory Services

page 534.
As an alternative to Microsoft Active Directory, some organizations prefer to use their own LDAP and
Kerberos services. This is often the case for organizations that rely heavily on UNIX-style clients, such
as Linux or macOS. The LDAP protocol is used for identifying users and other resources. The Kerberos
protocol is used for authentication. In lieu of joining a domain, the Nasuni Management Console
requires a Kerberos keytab file, which contains encryption keys associated with network services
(service principal names).
Tip: LDAP Directory Services must be enabled in the client license before joining an LDAP
domain. Active Directory is enabled by default.

Note: The Nasuni Management Console requires the use of Kerberos for secure authentication,
and does not support storing passwords in LDAP.
Edge Appliance.

Joining Nasuni Management Console (not previously joined) to a domain

Join
Edge Appliance.
restrictions for members of that security group. Nasuni recommends using a Domain
Admin account that is not a part of the “Protected Users” group to join Active
Directory.
Important: To connect an Edge Appliance to a shared volume owned by another Edge
Appliance, the following must be true:
• The Edge Appliance must join the same domain as the owning Edge Appliance.
• The domain configuration for the Edge Appliance must match the domain
configuration for the owning Edge Appliance.

If the Nasuni Management Console has not previously joined any Active Directory domain or LDAP
Directory Services domain before, follow these steps:
1. Click Console Settings, then select Directory Services from the list. On the Console
Directory Services page, the Type should be Disabled, and the Connection Status should be
DISABLED.
Figure 14-8: Console Directory Services page.

2. To join an Active Directory domain, follow the procedure below.
Otherwise, to join an LDAP Directory Services domain, skip to step 3 on page 432.
Important: You cannot enable both Active Directory and LDAP Directory Services for a
to the NMC.

Caution: Avoid using characters in the description (or name) that systems, such as Active
Directory, specify as disallowed, including period (.), backslash (\), forward slash (/),
colon (:), asterisk (*), question mark (?), quotation mark ("), less than sign (<), greater
than sign (>), and vertical bar (|). Errors can occur for a Nasuni Management
Console whose name includes such characters. For example, it might not be
possible to configure the Nasuni Management Console for Active Directory access.
Important: In order to link an Active Directory domain group to a permission group, the
“Group type” of the Active Directory domain group must be “Security”. If the
“Group type” of the Active Directory domain group is “Distribution”, users within
the Active Directory domain group are not able to log in.
restrictions for members of that security group. Nasuni recommends using a
Domain Admin account that is not a part of the “Protected Users” group to join
Active Directory.
Note: Limits on domains, groups, users, objects, and other items are the same as the limits
of Active Directory. See Active Directory Maximum Limits - Scalability for details.
a. If joining a Read-Only Domain Controller (RODC), see “Considerations for a Read-Only
Domain Controller (RODC)” on page 436.
b. In the Domain text box, enter the fully qualified Active Directory domain name that you want
the Nasuni Management Console to join, in lower-case letters, such as,
subdomain.domain.com. The Nasuni Management Console joins this domain to
authenticate users from the Active Directory server.
c. Leave Auto Detect selected. If Auto Detect is selected, the wizard attempts to retrieve
pertinent information using DNS.
Note: For Auto Detect to work, the DNS must be configured to refer to directory service
settings.
If, after you click Continue (step j on page 429), the wizard is unsuccessful in automatically
detecting configuration information, deselect Auto Detect. The Directory Service Type
drop-down list becomes available.
d. To automatically alter the system’s hostname so that it is part of the domain to be joined,
select Alter System Hostname. For example, if joining a Nasuni Management Console (such
as nmc) to a domain (such as domain.com), Nasuni recommends using the fully qualified
domain name with the hostname to form the new hostname (such as nmc.domain.com).
Alternatively, if you know that the hostname is correct for this domain, deselect Alter System
Hostname.
e. If Auto Detect is deselected, the Directory Service Type drop-down list becomes available.
From the drop-down list, select Active Directory.
f. (Optional) In the Workgroup text box, enter a local Windows NT-compatible workgroup
name (15 characters maximum) in which the Nasuni Management Console can be accessed.
To use the default workgroup for the domain, leave this field blank. Some domains need this
value if the name cannot be automatically determined.

Tip: This value cannot be changed after the Nasuni Management Console joins the
domain.
g. (Optional) In the Domain Controller text box, enter the fully qualified domain name of the
primary domain controller. For example, DomainControllerName.domain.com.
Entering a Domain Controller name forces the Nasuni Management Console to use only
that domain controller. However, leaving the Domain Controller text box blank causes the
Nasuni Management Console to use the primary domain controller on the join, and also
allows for domain controller failover. Unless you want only one specific domain controller to
be used, leave the Domain Controller text box blank.
In particular, if you want support for trusted domains of multiple Active Directory servers,
leave the Domain Controller text box blank.
h. (Optional) In the Computer OU text box, enter a domain organization unit in which the Nasuni
Management Console is placed. The computer’s container is the default location. If you leave
this value blank, the Nasuni Management Console is placed in a default location.
domain.
i. (Optional) To use Network Time Protocol (NTP) services provided by domain controllers,
select NTP from Domain Controllers. If no NTP services are available from domain
controllers, the current NTP server is used. See “Time Configuration” on page 422.
domain.
j. Click Continue. The wizard attempts to look up domain information in the DNS. If successful,
the wizard returns to this page, enters the information found, and deselects Auto Detect. You
can then enter or change any information.
k. If the message appears that Auto Detect was successful, verify any values that Auto Detect
added, deselect Auto Detect if still selected, then click Continue.
l. The Confirm/Authenticate Directory Service dialog box appears.
Figure 14-9: Confirm/Authenticate Directory Service dialog box.

Enter the user name and password of a user who is authorized to join this Nasuni
Management Console to the specified domain. Click Submit.
m. The wizard attempts to configure for the specified domain. If successful, the Enable
Domains tab is selected.
Figure 14-10: Enable Domains tab.

A list of available domains appears. From this list, select the domains that you want the
Nasuni Management Console to access.
Click Continue.
n. The wizard attempts to enable the selected domains. If successful, the “Complete the
Configuration” tab is selected.
Figure 14-11: “Complete the Configuration” tab.

Verify the configuration values, then click Finish.

o. The wizard attempts to complete the configuration. If successful, the Console Directory
Services page appears.

The newly joined domain appears in the Domain Settings list.
To configure directory services settings, see “Directory Services” on page 423.
p. To update the list of trusted domains that the Nasuni Management Console is aware of, click
Update Domains. This adds new trusted domains, as well as changes to existing domains
that the Nasuni Management Console is aware of.
This button does not remove decommissioned domains that had previously been discovered.

3. Alternatively, to join an LDAP Directory Services domain, follow the procedure below.
Tip: LDAP Directory Services must be enabled in the client license before joining an LDAP
domain. Active Directory is enabled by default.
Important: You cannot enable both Active Directory and LDAP Directory Services for a
Important: Before configuring LDAP Directory Services, ensure that SSL client certificates
have been uploaded. See “Uploading SSL Certificates” on page 463.
Important: We recommend the use of indexes for uidNumber and gidNumber attributes. If
your LDAP Directory Server can look up records based on uidNumber and
gidNumber quickly without an index, this is also sufficient.
a. In the Domain text box, enter the fully qualified LDAP Directory Services domain name that
you want the Nasuni Management Console to join, in lower-case letters, such as,
subdomain.domain.com. The Nasuni Management Console joins this domain to
authenticate users from the LDAP Directory Services server.
b. Leave Auto Detect selected. If Auto Detect is selected, the wizard attempts to retrieve
pertinent information using DNS. If the wizard detects an LDAP Directory Services domain, it
also tries to detect the type of domain (FreeIPA, Apple Open Directory, or Generic).
Note: For Auto Detect to work, the DNS must be configured to refer to directory service
settings.
If, after clicking Continue (step g on page 434), the wizard is unsuccessful in automatically
detecting configuration information, deselect Auto Detect. The Directory Service Type
drop-down list becomes available.
c. To automatically alter the system’s hostname so that it is part of the domain to be joined,
select Alter System Hostname. For example, if joining a Nasuni Management Console (such
as nmc) to a domain (such as domain.com), Nasuni recommends using the fully qualified
domain name with the hostname to form the new hostname (such as nmc.domain.com).
Alternatively, if you know that the hostname is correct for this domain, deselect Alter System
Hostname.
d. If Auto Detect is deselected, the Directory Service Type drop-down list becomes available.
From the drop-down list, select LDAP Directory Services.
e. If the directory services provider has not already been selected, from the Directory Services
Provider drop-down list, select the provider that matches your LDAP and Kerberos servers.
Options include FreeIPA, Generic LDAP/Kerberos, and Apple OpenDirectory. By
selecting the appropriate provider, the wizard selects various connection parameters. The
following steps detail the Generic LDAP/Kerberos option where the wizard does not
assume any connection settings.
Note: Some of the following fields are optional, depending on the choice of Directory
Services Provider.

i. In the LDAP Servers text box, enter a list of the IP addresses or hostnames of the LDAP
servers for the Nasuni Management Console to connect to, separated by commas. Use
lower-case letters.
To use DNS to retrieve information, leave this text box blank.
ii. In the Kerberos KDC Servers text box, enter a list of the IP addresses or hostnames of
the Kerberos Key Distribution Center (KDC) servers for the Nasuni Management Console
to connect to, separated by commas. Use lower-case letters.
iii. From the LDAP ID Schema drop-down list, select the LDAP ID schema to use: RFC2307
or RFC2307bis.
iv. In the LDAP User Search Base text box, enter an LDAP DN (distinguished name) that
indicates a subtree that contains users.
v. In the LDAP Group Search Base text box, enter an LDAP DN (distinguished name) that
indicates a subtree that contains groups.
vi. In the LDAP User Name Attribute text box, enter the LDAP user name attribute.
vii. In the LDAP Group Name Attribute text box, enter the LDAP group name attribute.
viii. In the LDAP Netgroup Search Base text box, enter an LDAP DN (distinguished name)
that indicates a subtree that contains netgroups.
ix. In the LDAP Bind DN text box, enter an LDAP DN (distinguished name) to use instead of
an anonymous bind.
x. In the LDAP Bind Password text box, enter a password to use to bind with DN.
xi. In the Minimum Supported ID text box, enter the minimum user or group ID to map to
To have Auto Detect find this, leave blank.
xii. In the Maximum Supported ID text box, enter the maximum user or group ID to map to
To have Auto Detect find this, leave blank.
xiii. Click Continue. The wizard attempts to look up domain information in DNS. If successful,
the wizard returns to this page, enters the information found, and deselects Auto Detect.
You can then enter or change any information.

f. The Confirm/Authenticate Directory Service dialog box appears.
Figure 14-13: Confirm/Authenticate Directory Service dialog box.

If necessary, enter the user name and password of a directory user who is authorized to join
this Nasuni Management Console to the specified domain. Click Submit.
g. Click Continue. The wizard attempts to look up domain information in the DNS. If successful,
the wizard returns to this page, enters the information found, and deselects Auto Detect. You
can then enter or change any information.
Figure 14-14: Directory Services page.

h. If the message appears that Auto Detect was successful, verify any values that Auto Detect
added, deselect Auto Detect if still selected, then click Continue.
i. The wizard checks the provided information before proceeding to the Keytab step. If the
wizard is successful in checking the LDAP domain and other information, the wizard
highlights the Keytab step.

j. From the Keytab Source drop-down list, select the source of the Kerberos keytab for the
Nasuni Management Console from the following choices:
• If you select a server, enter the Username, Password, and Repeat Password, then
click Continue.
• If you select to upload a keytab file, click Browse to navigate to the file, then click
Continue.
4,000 bytes.
k. The wizard checks the provided keytab information before proceeding to the Volume
Selection step. If the wizard is successful in obtaining the Kerberos keytab information, the
“Complete the Configuration” tab is selected.
Verify the configuration values, then click Continue.
l. The wizard attempts to complete the configuration. If successful, the Console Directory

The newly joined domain appears in the Domain Settings list.
To configure directory services settings, see “Directory Services” on page 423.

Considerations for a Read-Only Domain Controller (RODC)

If there is a Read-Only Domain Controller (RODC) in your Active Directory environment, certain
considerations are necessary before joining the domain.
To use a Read-Only Domain Controller in your Active Directory environment, follow these steps:
1. Before joining a Read-Only Domain Controller, first join a Read-Write Domain Controller (RWDC)
in your Active Directory environment. See step b on page 428.
This procedure includes entering, in the Domain Controller text box, the fully qualified domain
name of the Read-Write Domain Controller (RWDC). See step h on page 429.
2. Identify the Read-Only Domain Controllers in your Active Directory environment.
3. Each Read-Only Domain Controller has a unique ID that includes the string ‘krbtgt’ and an ID
number. This ID number must be less than 32768. To determine the ID, run this PowerShell
command:
Repadmin /showattr <WritableDC> <DNDP> /subtree

/filter:"(&(objectclass=computer)(msDS-Krbtgtlink=*))"
/atts:msDS-krbtgtlink
where WritableDC is the hostname of a writable domain controller (RWDC)

and DNDP is the distinguished name of the domain partition, such as dc=domain,dc=com
This command provides a list of Read-Only Domain Controllers with their associated UIDs for
the KRBTGT account.
a. If the number is above 32768, you must redeploy the Read-Only Domain Controller.
b. If you have access to the Windows Server 2016 Active Directory Administrative Center, you
pre-configure the Read-Only Domain Controller with a number less than 32768. You can then
use this Read-Only Domain Controller.
c. If you are using Windows Server 2012 Active Directory Administrative Center, the number is
assigned randomly. The number must be less than 32768.
4. Add the Nasuni Management Console computer object to the Password Replication Policy by
following these steps:
a. Log in to the Read-Write Domain Controller that was joined in step 1 on page 436.
b. Open Server Manager → Tools → Active Directory Users and Computers. The “Active
Directory Users and Computers” application opens.
c. In the left-hand pane, select “Domain Controllers“. A list of domain controllers appears,
including Read-Only Domain Controllers.
d. From the list of domain controllers, right-click the Read-Only Domain Controller, then select
Properties from the drop-down list.
e. Click the “Password Replication Policy” tab. A list of current groups, users, and computers
appears.
f. Double-click “Allowed RODC Password Replication Group“. The “Allowed RODC
Password Replication Group Properties” dialog box appears.

g. Click the Members tab. A list of members appears.

h. Click Add.
i. Add the Nasuni Management Console computer object as a member.
j. Click OK.
5. Remove the Read-Write Domain Controller, using these steps:
a. Click Configuration, then select Directory Services from the list. The Directory Services
page appears.
Figure 14-16: Directory Services page for Active Directory.

b. Ensure that the Domain Controller text box is blank.
c. Ensure that “Rejoin Active Directory” is set to Off before performing the following step.
d. Click Submit.
Important: By default, Nasuni changes the computer object password every 7-10 days. After
you complete this procedure, contact Support to disable the password change
policy.
This completes the procedure for handling a Read-Only Domain Controller (RODC) in your Active
Directory environment.

Viewing information about Directory Services already configured

View
To view information about Directory Services, follow these steps:

1. Click Console Settings, then select Directory Services from the list. The Console Directory
Figure 14-17: Console Directory Services page for Active Directory.

For Active Directory, information on this page includes the following:
• Type: Type of authentication, such as Publicly Available, Active Directory, and LDAP
Directory Services.
• Connection Status: The current status of the connection.
ENABLED indicates that the connection has been configured successfully.
DISABLED indicates that the connection has not been configured successfully.
HEALTHY indicates that the connection is successful.
UNHEALTHY indicates that the connection is not successful.
• Domain Settings: A list of domains appears, displaying the following information:
• Domain: The IP address or the hostname of the domain.
• Type: The type of Active Directory domain: Primary or Child.
• NT Name: The local Windows NT-compatible workgroup name of the Active Directory
domain.
• Status: The status of the domain: Enabled or Disabled.
2. For Active Directory, to update the list of trusted domains that the Nasuni Management Console
is aware of, click Update Domains. This adds new trusted domains, as well as changes to
existing domains that the Nasuni Management Console is aware of.

3. For LDAP Directory Services, the Console Directory Services page looks like this.
Figure 14-18: Console Directory Services page for LDAP Directory Services.
For LDAP Directory Services, information on this page includes the following:
• Type: Type of authentication, such as Publicly Available, Active Directory, and LDAP
Directory Services.
• Connection Status: The current status of the connection.
ENABLED indicates that the connection has been configured successfully.
DISABLED indicates that the connection has not been configured successfully.
HEALTHY indicates that the connection is successful.
UNHEALTHY indicates that the connection is not successful.
• Domain Settings: A list of domains appears, displaying the following information:
• Domain: The IP address or the hostname of the domain.
• Details: Details about the Directory Services entry, including the following:
• Provider: The Directory Services provider.
• LDAP Servers: The IP address or the hostname of the servers that service the
domain.
• KDCs: The IP address or the hostname of the Kerberos Key Distribution Centers
(KDC) that supply session tickets and temporary session keys.
• Status: The status of the domain: Enabled or Disabled.
• Keytab Contents: The contents of the keytab file used to authenticate to the KDC, including
the following information:
• Service Type: The service type and the IP address or the hostname of the host that is
offering it.
• Realm: The IP address or the hostname of the server hosting the application.

Editing LDAP Directory Services domain settings

Configure
To edit settings for the LDAP Directory Services domain, follow these steps:
2. For the domain whose information you want to edit, click Edit. The Edit Domain dialog box
appears.
Figure 14-20: Edit Domain dialog box.

Note: The fields available depend on the Directory Services Provider selected.
3. In the LDAP Servers text box, enter a list of the IP addresses or hostnames of the LDAP servers
for the Nasuni Management Console to connect to, separated by commas. Use lower-case

letters.
4. In the Kerberos KDC Servers text box, enter a list of the IP addresses or hostnames of the
Kerberos Key Distribution Center (KDC) servers for the Nasuni Management Console to connect
to, separated by commas. Use lower-case letters.
5. Click Save. The information is applied to the selected domain.
Updating the keytab file

Update
The Kerberos keytab file contains encryption keys associated with services (the service principal
names) located on servers hosting Kerberos-enabled protocols.
To update the keytab file, follow these steps:

2. Click Update Keytab. The Update Keytab dialog box appears.
Figure 14-22: Update Keytab dialog box.

3. From the Keytab Source drop-down list, select the source of the Kerberos keytab for the
• If you select a server, enter the Username, Password, and Repeat Password, then click
Submit.
• If you select to upload a keytab file, click Choose File to navigate to the file, then click
Submit.
4,000 bytes.
The keytab file is updated.

Editing Active Directory domain settings

Edit
To edit settings for an Active Directory domain, follow these steps:

2. To update the list of trusted domains that the Nasuni Management Console is aware of, click
Update Domains. This adds new trusted domains, as well as changes to existing domains that
the Nasuni Management Console is aware of.
3. For the domain whose information you want to edit, click Edit. The Edit Domain dialog box
appears.
Figure 14-24: Edit Domain dialog box.

4. To enable or disable resources in the Active Directory domain accessing the Nasuni
Management Console, select or deselect Enable Source.
Tip: The Primary domain cannot be disabled.
5. Click Save. The information is applied to the selected domain.

Editing Active Directory general settings

Edit
To edit settings for Active Directory, follow these steps:

2. To update the list of trusted domains that the Nasuni Management Console is aware of, click
Update Domains. This adds new trusted domains, as well as changes to existing domains that
the Nasuni Management Console is aware of.
3. (Optional) In the Domain Controller text box, enter the fully qualified domain name of the
primary domain controller. For example, DomainControllerName.domain.com.
Entering a Domain Controller name forces the Nasuni Management Console to use only that
domain controller. However, leaving the Domain Controller text box blank causes the Nasuni
Management Console to use the primary domain controller on the join, and also allows for
domain controller failover. Unless you want only one specific domain controller to be used,
leave the Domain Controller text box blank.
In particular, if you want support for trusted domains of multiple Active Directory servers, leave
the Domain Controller text box blank.
4. To rejoin Active Directory after leaving Active Directory, select Rejoin Active Directory.
5. Click Submit. The information is applied to the selected domain.

Disconnecting an Edge Appliance from an Active Directory domain

To disconnect an Edge Appliance from an Active Directory domain, you must first perform the
procedure “Deleting Active Directory domain configuration” on page 376 of the Edge Appliance
Administration Guide. If you are unable to perform this procedure, or if you cannot disconnect the Edge
Appliance from the Active Directory domain after performing the procedure, contact Nasuni Support.
After disconnecting an Edge Appliance from an Active Directory domain, the Edge Appliance can then
join another Active Directory domain, or rejoin the original Active Directory domain.

Console Settings Page Encryption Keys
Encryption Keys
You can view, upload, escrow, and delete encryption keys on the Console Settings Encryption Keys
page. The encryption keys that you upload to the Nasuni Management Console can then be sent to
Nasuni Edge Appliances to use with volumes. You can view, add, enable, and disable volume
encryption keys on the Volume Encryption Keys page. You can view, upload, send, escrow, and
delete encryption keys on the Filer Encryption Keys page.
The Nasuni Edge Appliance automatically encrypts your data at your premises using the OpenPGP
encryption protocol, with 256-bit Advanced Encryption Standard (AES-256) encryption as the default
encryption. The data remains encrypted in cloud storage.
You can generate your own encryption keys using any OpenPGP-compatible program, such as GnuPG
or Gpg4win. You can then add (import or upload) the encryption key to the Nasuni Management
Console. (For security reasons, encryption keys that you upload cannot be downloaded from the
system.) The encryption key is used to encrypt your data before it is sent to cloud storage and decrypt
data when it is read back. The Nasuni Edge Appliance accepts multiple encryption algorithms for
encryption keys.
procedure.

encryption key.
procedure.
in your license.
Note: To add an encryption key to a volume, see “Adding encryption keys to a volume”.
Viewing encryption keys on the Nasuni Management Console

To view encryption keys on the Nasuni Management Console, follow these steps:
1. Click Console Settings, then click Encryption Keys in the left-hand column. The Encryption
Keys page displays a list of encryption keys on the Nasuni Management Console.
Figure 14-26: Encryption Keys page.


• Name: The name of the encryption key.

• Algorithm: The algorithm of the encryption key, such as RSA.
• Length: The length of the encryption key, in bits.
• Key ID: The key ID is a shorter version of the fingerprint of the encryption key, generally
including just the last 8 digits.
• Escrowed by Nasuni: Whether this encryption key is escrowed by Nasuni: Yes (encryption
key is escrowed by Nasuni) or No (encryption key is not escrowed by Nasuni).
• Actions: Actions available for each encryption key.

Uploading (importing or adding) encryption keys to the NMC

You can upload (import or add) encryption keys to the Nasuni Management Console.
You can generate your own encryption keys using any OpenPGP-compatible program, such as GnuPG
or Gpg4win. You can then add (import or upload) the encryption key to the Nasuni Management
Console. The encryption key is used to encrypt your data before it is sent to cloud storage and decrypt
data when it is read back. The Nasuni Edge Appliance accepts multiple encryption algorithms for
encryption keys.
Important: For security reasons, encryption keys that you upload cannot be downloaded from
the system.
procedure.
Important: Imported encryption keys are not automatically escrowed. You MUST SAVE all
imported encryption keys to another location outside the Nasuni Management
Console, so that they are available if needed for disaster recovery. All encryption
keys associated with a volume must be recovered as part of the disaster recovery
process. To escrow encryption keys with Nasuni, see “Escrowing encryption keys
with Nasuni” on page 452.
To upload (import or add) encryption keys to the Nasuni Management Console, follow these steps:
1. On the Encryption Keys page, click Upload Encryption Keys. The Import Key(s) dialog box
appears.
Figure 14-27: Import Key(s) dialog box.

2. Click Choose File, then navigate to the encryption key file. This file should be OpenPGP-
compatible.

bytes.
3. If an encryption key passphrase is needed, enter the encryption key passphrase in the Key
Passphrase text box.
recovery procedure.
4. Click Import Key. The encryption key is imported to the Nasuni Management Console.
Alternatively, to exit this screen without importing any encryption keys, click the Close button.

Downloading the NMC’s generated encryption key

You can download the Nasuni Management Console’s automatically-generated encryption key.
When a new Nasuni Management Console is created, it needs an encryption key to encrypt the
configuration information that it backs up regularly, in case the Nasuni Management Console ever
needs to be recovered. The Nasuni Management Console can generate its own encryption key for this
purpose. However, if you upload an encryption key to the Nasuni Management Console before it
generates its own encryption key, it uses the encryption key that you uploaded, and does not generate
its own encryption key.
If the Nasuni Management Console does generate its own encryption key, this generated encryption
key is the only encryption key that can ever be downloaded from a Nasuni Management Console.
Important: The time to generate an encryption key can vary widely, depending on the hardware
(real or virtual) that the Nasuni Edge Appliance is executing on. Encryption keys are
generated in the background, so as to not block use of the Nasuni Edge Appliance
during generation.
If you perform a disaster recovery procedure on a Nasuni Management Console, during which you
upload that generated encryption key to the Nasuni Management Console, then you can no longer
download that encryption key, because downloading uploaded encryption keys is never permitted. As
a result, a Nasuni Management Console might have one encryption key available for download,
because that generated encryption key has never been uploaded to the Nasuni Management Console.
Alternatively, a Nasuni Management Console might not have any encryption key available to download,
either because there was no generated encryption key or because that generated encryption key was
uploaded at some time to the Nasuni Management Console as part of the disaster recovery process.
You cannot download any Nasuni Edge Appliance encryption key from a Nasuni Management Console,
because the Nasuni Edge Appliance never transmits any encryption keys to a Nasuni Management
Console. The Nasuni Management Console is never in possession of any encryption key generated by
a Nasuni Edge Appliance. In particular, if you use the Nasuni Management Console to create a volume
on a Nasuni Edge Appliance, and specify generating a new encryption key for that volume, that new
encryption key is generated on the Nasuni Edge Appliance, not on the Nasuni Management Console.
The only way to download a Nasuni Edge Appliance encryption key is by using the Nasuni Edge
Appliance user interface.
There are other encryption keys present on the Nasuni Management Console that a Nasuni Edge
Appliance might use. However, these encryption keys have been uploaded to the Nasuni Management
Console, and are not eligible for downloading.
Important: Automatically-generated encryption keys are automatically escrowed with Nasuni.
However, Nasuni recommends that you safeguard all of your own encryption keys.
To download the Nasuni Management Console’s generated encryption key, follow these steps:
1. If the Nasuni Management Console’s generated encryption key is available for download, on the
Encryption Keys page, click Download Generated Key .
2. The generated encryption key is saved in the form of a .pgp file. Safeguard this encryption key
file.

Escrowing encryption keys with Nasuni

You can escrow your encryption keys with Nasuni.
Escrowing an encryption key with Nasuni means that you can, at any time, request the encryption key
during a disaster recovery from Nasuni. Your key is protected on Nasuni servers using the same
security practices that we use for all keys escrowed with Nasuni.
To escrow encryption keys with Nasuni, follow these steps:
1. For the encryption key that you want to escrow with Nasuni, on the Encryption Keys page, click
Escrow Key . The Escrow Encryption Key dialog box appears.
Figure 14-28: Escrow Encryption Key dialog box.

2. Escrow Encryption Key in the Confirmation Phrase text field.
Caution: You are about to permanently escrow your encryption key with the Nasuni
Corporation. This process is irreversible.
3. Click Escrow Key. Your encryption key is escrowed with Nasuni. The information in the
encryption key list updates to reflect this change.
Alternatively, to exit this screen without escrowing any encryption keys, click the Close button.

Deleting Encryption Keys

You can delete encryption keys from the Nasuni Management Console, as long as the encryption key is
not currently assigned to a volume and never has been assigned to a volume. Encryption keys that
were once assigned to a volume, but are now disabled, might be needed for disaster recovery
procedures and so cannot be deleted.
To delete an encryption key from the Nasuni Management Console, follow these steps:
1. For the encryption key that you want to delete, on the Encryption Keys page, click Delete Key
. The Delete Encryption Key dialog box appears.
Figure 14-29: Delete Encryption Key dialog box.

2. Delete Encryption Key in the Confirmation Phrase text field.
Caution: You are about to permanently delete this encryption key. This process is
irreversible.
3. Click Delete Key. Your encryption key is deleted. The list of encryption keys updates to reflect
this change.
Alternatively, to exit this screen without deleting any encryption keys, click the Close button.

NMC Escrow Passphrase

To perform a recovery procedure on the NMC, you MUST have at least one of the encryption keys for
the NMC. This means that, if Nasuni is escrowing this encryption key, one of the following must occur:
• You must have created an escrow passphrase.
• You must have this encryption key available.
• You must contact Nasuni and verify your identity so that Nasuni can issue a special recovery
key.
The escrow passphrase must contain only ASCII printable characters (no Unicode) and cannot exceed
511 characters.
To create an escrow passphrase for the NMC, follow these steps:
1. Click Console Settings, then click Encryption Keys in the left-hand column. The Encryption
Keys page displays a list of encryption keys on the Nasuni Management Console.

2. Click Set NMC Escrow Passphrase. The Set Escrow Passphrase dialog box appears.
Figure 14-31: Set Escrow Passphrase dialog box.

3. Enter the Escrow Passphrase for the NMC. The passphrase must contain only ASCII printable
characters (no Unicode) and cannot exceed 511 characters.
An indication of the strength of the passphrase is displayed.
4. Confirm the NMC escrow passphrase by entering it again.
5. Click Set Passphrase.
The NMC escrow passphrase is created.

Important: Keep this NMC escrow passphrase in a secure place. You use the escrow
passphrase when performing a recovery procedure for the NMC.
Tip: If the escrow passphrase is lost, contact Nasuni Support and complete a lost passphrase
form. Nasuni provides a recovery key. The recovery key is not the escrow passphrase:
Nasuni does not know your escrow passphrase and cannot provide it.

Console Settings Page NMC API Access Keys
NMC API Access Keys

The NMC API enables customers to perform a variety of actions. For more details, see NMC API.
Users are granted access to the API via the "Enable NMC API Access" group permission. You can view
and revoke leased keys/tokens for the NMC API.
Viewing and revoking NMC API access keys

To view and optionally revoke NMC API access keys, follow these steps:
1. Click Console Settings, then click NMC API Keys in the left-hand column. The NMC API
Access Keys page appears.
Figure 14-32: NMC API Access Keys page.

You can filter the list of NMC API access keys, using the Filter text box.
The following information appears for each NMC API access key:
• User: The username of the user of the NMC API access key.
• Created: The date and time that the NMC API access key was created.
• Expires: The date and time that the NMC API access key expires.
• Actions: Available actions for the NMC API access key.
2. To revoke an NMC API access key, click Revoke beside the NMC API access key user. The
Revoke NMC API Access Key dialog box appears.
Figure 14-33: Revoke NMC API Access Key dialog box.

To revoke the NMC API access key, click Revoke Key. The selected NMC API access key is
revoked.
Otherwise, click Close.

Console Settings Page Session Timeout
Session Timeout
You can configure the session timeout, namely, the time of inactivity that must occur before the Nasuni
Management Console requires you to log in again. The default is 60 minutes.
Setting session timeout

Session timeout is managed by Azure
To set the session timeout, follow these steps:

1. Click Console Settings, then click Session Timeout in the left-hand column. The Console
Session Timeout page appears.
Figure 14-34: Console Session Timeout page.

2. In the Idle Timeout text box, enter the time, in minutes, of inactivity that must occur before the
Nasuni Management Console requires you to log in again. The minimum time is 5 minutes, and
the maximum time is 1440 minutes (24 hours).
3. To save these settings, click Save Settings.

Console Settings Page SSL Certificates
SSL Certificates
You can view, generate, upload, copy, replace, and delete SSL certificates.
You can view the SSL certificates or self-signed certificate that you can use when accessing the Nasuni
Management Console user interface.
You can also create a new SSL certificate, by generating a new Certificate Request to submit to a
Certificate Authority (CA) for signing. When you receive the signed SSL certificate from the CA, you can
associate the SSL certificate (and optional certificate chain) with the request. After this is done, you can
use that new SSL certificate to manage the Nasuni Management Console.
Viewing SSL certificate information

To view SSL certificate information, follow these steps:
1. Click Console Settings, then click SSL Certificates in the left-hand column. The Console SSL
Certificates page displays a list of SSL certificates for the Nasuni Management Console.
Figure 14-35: Console SSL Certificates page.

The following information appears for each SSL certificate:
• Name: The name of the certificate. Click View Details for detailed information about this
SSL certificate.
• End Date: The date that the SSL certificate is valid until.
• Actions: Available actions for the SSL certificate.

2. To view details of an existing SSL certificate, click View Details. The Certificate Details box
appears.
Figure 14-36: Certificate Details box.

The certificate information displayed includes the following:
• Name: The name of the certificate.
• Type: The type of certificate.
• Subject: The string containing the subject of the certificate.
• Issuer: The string containing the issuing party.
• Signature type: The type of cryptographic signature of the certificate.
Note: The signature type Sha1WithRsaEncryption is being deprecated and should be
avoided, if possible.
• Start Date: The date that the certificate becomes effective.
• End Date: The date that the certificate is no longer in effect.
• Common Name: The IP address or fully qualified domain name (FQDN) of the web server
that receives the SSL certificate.
• Country Code: The two-letter ISO abbreviation for the country (for example, US for the
United States) where your organization's office is legally registered.
• State/Province: The full name of the state or province where your organization's office is
located.
• Locality Name: The full name of the city where your organization's office is located.
• Organization: The name under which your organization is legally registered.
3. Click Close to close this box.

Copying SSL certificate

You might need to copy an SSL certificate as part of a manual process for recreating or updating an
SSL certificate.
To copy an SSL certificate, follow these steps:

2. To copy an existing SSL certificate, select Copy from the Actions drop-down list next to the
name of the certificate in the list. The Copy Certificate dialog box appears.
Figure 14-38: Copy Certificate dialog box.

3. In the New Management Name text box, enter a new name for the certificate.
4. To create a self-signed certificate instead of a certificate request, select Self-Sign Certificate.
Click Copy Certificate. A duplicate certificate is created. If you selected Self-Sign Certificate,
a duplicate self-signed certificate is created.
Alternatively, to exit this screen without copying any certificates, click the Close button.

Generating SSL certificates or a self-signed certificate to the NMC

To generate a new SSL certificate or a self-signed certificate to the Nasuni Management Console,
follow these steps:
1. On the Console SSL Certificates page, click Generate Certificate. The Create Certificate Signing
Request page appears.
Figure 14-39: Create Certificate Signing Request page.

2. In the Management Name text box, enter the name that you use to refer to this certificate.
3. In the Common Name text box, enter the fully qualified domain name or IP address that you
use to access the Nasuni Management Console user interface. The optional but most common
choice is the Nasuni Management Console's fully-qualified domain name.
Note: This MUST match the way users connect to the Nasuni Management Console.
4. In the Country Code text box, enter the two-letter country code, such as US.
5. In the State/Province Name text box, enter the name of the state or province, such as
Massachusetts.
6. In the Locality text box, enter the name of the city or town, such as Boston.
7. In the Organization Name text box, optionally enter the name of your organization, such as
Nasuni.

8. To create a self-signed certificate instead of a certificate request, select Self-Sign Certificate.

9. Click Save Request. A certificate request is created. If you selected Self-Sign Certificate, a
self-signed certificate is created. Alternatively, to exit this screen without adding any
certificates, click the Close button.
10. If you did not select Self-Sign Certificate, download the certificate request .csr file, on the
SSL Certificates page, by clicking Save Request File next to the name of the certificate
request in the list.
11. Submit this certificate request to a Certificate Authority (CA) for signing.
12. When you receive the signed certificate file, click Add Signed Certificate next to the name of
the certificate request in the list. The Add Certificate Files dialog box appears.
Figure 14-40: Add Certificate Files dialog box.

13. Click Choose File next to Certificate File, then navigate to the PEM-encoded X.509 or PKCS#7
certificate file.
bytes.
14. Optionally, click Choose File next to Certificate Chain File, then navigate to the certificate
chain file.
bytes.

15. Click Save Certificate. The certificate is installed and becomes available in the list of
certificates on the Console SSL Certificates page.
Alternatively, to exit this screen without adding a certificate, click the Close button.
Uploading SSL Certificates

Uploading
To upload an existing SSL certificate:


2. Click Upload Certificate. The Add Certificate Files page appears.
Figure 14-42: Add Certificate Files page.

3. In the Certificate Name text box, enter the name that you use to refer to this SSL certificate.
4. To add an SSL key file or SSL key and certificate bundle file, click Choose File next to Key File,
then navigate to the SSL key file or SSL key and certificate bundle file.
bytes.
5. If an SSL certificate was not part of the bundle file in step 4, to add an SSL certificate, click
Choose File next to Certificate File, then navigate to the SSL certificate file.
bytes.

6. If an SSL certificate chain was not part of the bundle file in step 4, to add an SSL certificate
chain file, click Choose File next to Certificate Chain File, then navigate to the SSL certificate
chain file.
bytes.
7. Enter the Password, if required.
8. Click Save Certificate. The certificate is installed and becomes available in the list of
certificates on the Console SSL Certificates page.

Replacing SSL Certificates or SSL Certificate Chains

You can replace an existing SSL certificate or SSL certificate chain. This might occur if you need an
SSL certificate chain file, or if you are replacing one SSL certificate with another one.
To replace an existing SSL certificate:

2. For the SSL certificate that you want to replace, select Replace Signed Certificate/Chain from
the Actions drop-down list next to the name of the certificate in the list. The Add Certificate
Files dialog box appears.
Figure 14-45: Add Certificate Files dialog box.

3. Click Choose File next to Certificate File, then navigate to the PEM- and DER-encoded X.509
file or PKCS#7 certificate file.
bytes.

4. Optionally, click Choose File next to Certificate Chain File, then navigate to the SSL certificate
chain file.
bytes.
5. Click Save Certificate. The existing certificate is replaced and appears in the list of certificates
on the Console SSL Certificates page.

Enabling SSL Certificates

Set
You can select which of several SSL certificates to enable as the SSL certificate for the NMC.
To enable a new SSL certificate:

2. For the SSL certificate that you want to select, click Enable Certificate. The Enable SSL
Certificate for NMC dialog box appears.
Figure 14-47: Enable SSL Certificate for NMC dialog box.

3. Enter a Username (case-sensitive) and Password (case-sensitive) that has permission to
perform this operation, then click Enable Certificate. Your changes are saved.

Downloading SSL Certificate Request Files

Delete
To download an SSL certificate request file:


2. From the Actions drop-down list next to the name of the certificate or certificate request that
you want to save, select Download. The SSL certificate request file is downloaded and saved,
in the way your browser handles downloads.

Deleting SSL Certificates or Certificate Requests

Tip: You cannot delete the active SSL certificate.
To delete an SSL certificate or certificate request, follow these steps:

2. For the SSL certificate that you want to delete, select Delete from the Actions drop-down list
next to the name of the certificate in the list. The About to Delete Certificate dialog box
appears.
3. Click Delete Certificate. The certificate or certificate request is deleted.
Alternatively, to exit this screen without deleting a certificate, click the Cancel button.

Saving SSL Certificates

Delete
To download and save an SSL certificate:


2. From the Actions drop-down list next to the name of the certificate or certificate request that
you want to save, select “Save certificate as zip”. The certificate is downloaded and saved as
a zip file, in the way your browser handles downloads.

Console Settings Page Console Users and Groups
Console Users and Groups

The Nasuni Edge Appliance and the Nasuni Management Console provide role-based access control.
You can define specific access permissions for groups and users to perform actions within the Nasuni
Edge Appliance and the Nasuni Management Console user interfaces. You can define up to 150 users
and 150 groups.
On the Nasuni Management Console, there is a default group, called NMC Administrators. NMC
Administrators access grants full access to all aspects of the Nasuni Management Console (super
user). The NMC Administrators group cannot be deleted.
Viewing permission groups and users

To view permission groups and users, follow these steps:
1. Click Console Settings, then select Users/Groups in the left-hand column. The Console Users
and Groups Overview page appears.
Figure 14-51: Console Users and Groups Overview page.

The information displayed includes the following:
• Total Users: The total number of users, including Native Users and Domain Users. To view a
list of users, click the displayed value or click Manage Users.
• Native Users: The number of native users, namely, users explicitly defined and managed
using the Nasuni Management Console. To view a list of users, click the displayed value or
click Manage Users. To add a user, see “Adding Native Users” on page 475.
• Domain Users: The number of domain users, namely, users automatically created because
they are members of an Active Directory or LDAP Directory Services domain group
associated with a permission group. To view a list of users, click the displayed value or click
Manage Users. To add a permission group with an associated Active Directory or LDAP
Directory Services domain group, see “Adding Permission Groups” on page 480.

• Users with Storage Access: The number of native users who are members of permission
groups that have Storage Access enabled. To view a list of users, click the displayed value
or click Manage Users. To add a permission group that has Storage Access enabled, see
“Adding Permission Groups” on page 480.
• Total Groups: The total number of permission groups, including Groups with Domain
Associations, Groups with Storage Access, and permission groups that do not have Group
Associations or Storage Access. To view a list of permission groups, click the displayed
value or click Manage Groups.
• Groups with Domain Associations: The number of permission groups that have Active
Directory or LDAP Directory Services domain groups associated with them. To view a list of
permission groups, click the displayed value or click Manage Groups.
• Groups with Storage Access: The number of permission groups that have Storage Access
enabled. To view a list of permission groups, click the displayed value or click Manage
Groups.
• Groups without Members: The number of permission groups that do not have any
members. To view a list of permission groups, click the displayed value or click Manage
Groups.
In the Filer Status area, the following properties appear for each Nasuni Edge Appliance:
• Description: The name of each Nasuni Edge Appliance.
• Users with Access: The users that have access to that Nasuni Edge Appliance.
• Groups with Access: The permission groups that have access to that Nasuni Edge
Appliance.

Viewing Users
You can view existing users.
To view users, follow these steps:
1. On the Console Users and Groups Overview page, click Manage Users. The Console Users
page appears.
Figure 14-52: Console Users page.

The following properties appear for each user:
• Username: The username of the Nasuni Management Console user. You can change this
by clicking Edit .
• Type: The type of user: either Native or Domain. Native users are explicitly defined and
managed using the Nasuni Management Console. Domain users are automatically created
because they are members of an Active Directory or LDAP Directory Services domain group
associated with a permission group.
• Email: The email address of the Nasuni Management Console user. Might be blank if no
email address is entered. You can change this by clicking Edit .
• Groups: Permission groups to which the Nasuni Management Console user belongs. You
can change this by clicking Edit .
• Storage Access (For Native Users only): An indication of whether Storage Access is
enabled for any of the groups that the user belongs to: Yes (if Storage Access is enabled) or
No (if Storage Access is not enabled, or if user is a Domain User).
2. To add a user, click Add Native User.
3. To link a domain user, click Add Domain User.

Adding Native Users

You can add native users, which you then assign to permission groups. For each user, you can specify
to which permission groups that user belongs.
To add a native user, follow these steps:
page appears.

2. On the Console Users page, click Add Native User. The Add Native User dialog box appears.
Figure 14-54: Add Native User dialog box.

3. In the Username text box, enter the name for this user. The Username can have up to 30
characters, including letters, digits, and the following symbols:
@ . + - _ (at symbol, period, plus sign, minus sign, underline)

4. In the Email text box, enter the email address for this user.
5. In the Password text box, enter the password for this user.
in to the NMC.
Enter the same password in the Password confirmation text box. An indicator of password
strength appears. Although password strength is not enforced, you should use strong
passwords.
6. In the Groups list, for each of the groups, select or clear the check box for granting membership
to the group.
7. To accept your selections, click Add User. The user is added with membership in the selected
groups.
Alternatively, to exit the dialog box without adding a user, click Close.
Editing Users and Changing User Passwords

You can edit the features of existing users, including editing the password of existing users.
To edit a user, follow the steps in “Adding Native Users” on page 475, except click Edit instead of
Add User. The dialog box is named Edit User.
To change a user password, in the New Password text box, enter a new password for this user.
to the NMC.
Enter the same password in the Password confirmation text box. An indicator of password strength
appears. Although password strength is not enforced, you should use strong passwords.
Click Save User at the end. The user and his or her groups are changed.

Linking Domain Users

You can add a single Domain User, which links the Nasuni Management Console to the account
credentials for an Active Directory or LDAP Directory Services domain. For each user, you can specify
to which permission groups that user belongs.
Note: Adding a domain group allows all Active Directory or LDAP Directory Services users in that
group to access the user interface. You do not need to explicitly add those users. You only
need to add Active Directory or LDAP Directory Services users individually if you do not
want to grant access to the entire group.
Tip: If you plan to link many Domain Users, set up a Group Association with a Domain Group in
order to automatically create Domain Users upon login. See step 10 of “Adding Permission
Groups” on page 480.
Important: In order to link an Active Directory domain group to a permission group, the “Group
type” of the Active Directory domain group must be “Security”. If the “Group type”
of the Active Directory domain group is “Distribution”, users within the Active
Directory domain group are not able to log in.
To link a Domain User, follow these steps:
page appears.

2. On the Console Users page, click Add Domain User. The Add Domain User dialog box
appears.
Figure 14-56: Add Domain User dialog box.

3. To link a member of an Active Directory domain group, and allow that member to use their
domain credentials to access volumes on Nasuni Edge Appliances, the exact NT-compatible
name of a user in an Active Directory domain is necessary.
In the Username text box, enter any text from the member’s NT-compatible user name, and
click Search. The Select User dialog box appears. Click Search. From the list of members that
include the search text, select the member, then click Add Selected User.
Alternatively, enter the exact NT-compatible user name in the Username text box.
4. In the Groups list, for each of the groups, select or clear the check box for granting membership
to the group.
5. To accept your selections, click Link User. The user is linked with membership in the selected
groups.
Alternatively, to exit the dialog box without linking a user, click Close.

Deleting Users
Note: You cannot delete the last user in the Filer Administrators group.
To delete a user, follow these steps:
page appears.

2. For the user that you want to delete, click Delete . The About to Delete User dialog box
appears.
3. Click Delete User. The user is deleted.
Alternatively, to exit the dialog box without deleting a user, click Cancel.
Note: If a user enables Safe Delete, and the user's account is removed, Safe Delete remains
enabled.

Viewing Permission Groups

You can view existing permission groups.
To view permission groups, follow these steps:
1. On the Console Users and Groups Overview page, click Manage Groups. The Console Groups
page appears.
Figure 14-58: Console Groups page.

The following properties appear for each permission group:
• Group: The name of the permission group. You can change this by clicking Edit .
• Users: The number of users in each permission group.
• Permissions: The permissions that each permission group has. You can change this by
clicking Edit .
• Special: Either Domain Group Association, Storage Access Enabled, or blank. You can
change this by clicking Edit .
2. To add a group, click Add Group.
Adding Permission Groups

You can add permission groups to which you can assign users. For each group, you can specify
exactly which actions the users in that group have permission to perform. You can associate Active
Directory or LDAP Directory Services domain groups with a permission group. You can select which
email alerts each group receives. To configure email, see “Email Settings” on page 415.
Note: Before you associate an Active Directory domain group with a permission group, you must
join the Nasuni Management Console to the domain.
Tip: Users who are members of groups that have the “Manage all aspects of Volumes”
permission, the “Manage all aspects of the Filer (super user)” permission, or the “Manage
Volume Settings (Can't add/delete)” permission can download files. To control who can
download files, manage these permissions accordingly. However, note that each of these
permissions control other settings besides downloading files. For details, see Appendix 24,
“Permissions,” on page 538.

To add a permission group, follow these steps:

1. On the Console Users and Groups Overview page, click Manage Groups, then click Add
Group. The Add Group dialog box appears.
Figure 14-59: Add Group dialog box.

2. In the Group Name text box, enter the name for this group. The Group Name can have up to 30
characters, including letters, digits, and symbols.
3. From the Access Type drop-down list, select the type of access from the following:
• Storage Access: To grant data access to users in this permission group.
Note: If you select Storage Access, you cannot enter a Group Association.

• User Interface Access: This Access Type allows you to define NMC permissions, Nasuni
Edge Appliance permissions, Nasuni Edge Appliance access, and, optionally, any
associations to Active Directory or LDAP Directory Services domain groups.
4. In the NMC Permissions list, select or clear the Nasuni Management Console permissions that
you want to grant to the new group. For a full list of displayed NMC permissions and the
operational permissions that they include, see Appendix 24, “Permissions,” on page 538.
Tip: If you want this group to receive alert emails, you MUST select “Receive alert
emails”.
5. To gain access to the NMC API, you must select the "Enable NMC API Access" permission for
this group.
Important: In addition to selecting the "Enable NMC API Access" permission for this
group, NMC API users must also select the corresponding NMC permission
for the action that they are performing with the NMC API. For example,
setting folder quotas with the NMC API requires the "Manage Folder Quotas"
NMC permission. Users must first authenticate to the NMC to obtain a token,
and then can use that token to access subsequent API endpoints.
6. In the Filer Permissions list, select or clear the Nasuni Edge Appliance permissions that you
want to grant to the new group. For a full list of displayed Nasuni Edge Appliance permissions
and the operational permissions that they include, see Appendix 24, “Permissions,” on
page 538.
Warning: Users with “Perform File Restores/Access Versions” permission have the
ability to access all files on the file server.
Tip: If you want a group to NOT BE ABLE TO add volumes, delete volumes, or enable
downloading, select “Manage Volume Settings”.
If you want a group to BE ABLE TO add volumes, delete volumes, or enable
downloading, select "Manage all aspects of Volumes". This permission also includes
all the other permissions of “Manage Volume Settings”.
For details of the many permissions that these permissions include, see Appendix
24, “Permissions,” on page 538.
Tip: Selecting the “Manage all aspects of the Filer (super user)” permission automatically
selects all other permissions, even though those other permissions are not selected
on the screen. To specify permissions at a more granular level, do not select the
“Manage all aspects of the Filer (super user)” permission, and instead select
combinations of individual permissions.
Tip: Users with “Disconnect Users from Access Points” permission have the ability to
disconnect CIFS or NFS users individually, which is sometimes necessary when
there are locked files.
7. In the Email Subscriptions area, select which alerts to receive.
Tip: If you want this group to receive alert emails, you MUST select “Receive alert emails”
in step 4 on page 482.

a. To receive alerts about all available Nasuni Edge Appliance conditions to the configured email
address, select the Receive All Alerts check box.
b. If you do not select the Receive All Alerts check box, but you want to receive alerts about
specific Nasuni Edge Appliance conditions, in the Email Subscriptions area, select the
specific alerts about Nasuni Edge Appliance conditions that you want sent to the configured
email account.
The choices include the following:
• Appliance Alerts: Alerts that occur on the appliance.
• Conflict Alerts: Notices that merge conflicts have occurred during a sync.
• General Alerts: Alerts not in the other categories.
• Safe Delete Alerts: Alerts related to Safe Delete events. For more information, see “Safe
Delete of volumes” on page 95.
• Software Updates: Notices that software updates are available.
• Account Alerts: Alerts related to Nasuni.com account license issues, such as expiration
and capacity limits.
• Capacity Alerts: Alerts related to capacity, such as volume quotas, new quotas, and
account limits.
Note: If the licensed capacity is exceeded, you can still store more data temporarily. If
your total stored data nears or exceeds your licensed capacity, you receive
warnings to increase your licensed capacity.
Tip: To receive quota reports, you must enable Capacity Alerts.
• Hardware Alerts: Alerts related to hardware events.
• Snapshot Restore Alerts: When you restore data from a snapshot, this alert notifies you
when the restore is complete.
• Violation Alerts: Alerts about antivirus violations (infections) and ransomware detection
violations. See “Editing Anti-Malware settings (Antivirus Protection and Ransomware
Detection)” on page 239.
Tip: To receive notifications of violations, you must have the “Manage all aspects of
the Filer (super user)” or “Manage Notifications” permissions, and the
appropriate “Filer Access” permissions.
8. In the Extra Emails text box, enter one or more destination email addresses for sending alerts
to, separated by commas.
9. In the Filer Access list, select or clear the Nasuni Edge Appliances to which you want to grant
access by the new group.
10. (Optional.) To link a domain group (Active Directory or LDAP Directory Services) to this
permission group, and allow members of that domain group to use their domain credentials to
access volumes on Nasuni Edge Appliances, the exact domain name and domain group are
necessary.
In the Group Association text box, enter any text from the domain name or the domain group,

and click Search. The Select Group dialog box appears. Click Search. From the list of domain
groups that include the search text, select the domain name and domain group, then click Add
Selected Group.
Alternatively, enter the exact domain name and domain group in the Group Association text
box.
Important: In order to link an Active Directory domain group to a permission group, the
“Group type” of the Active Directory domain group must be “Security”. If the
“Group type” of the Active Directory domain group is “Distribution”, users
within the Active Directory domain group are not able to log in.
Note: It is not necessary for a permission group to be linked to a domain group.
Note: Adding a domain group allows all users in that group to access the user
interface. You do not need to explicitly add those users. If the group
membership changes after the group is linked, the new members can still log
in.
Note: If you use a Group Association, you cannot select Storage Access.
Note: The list of available domain groups are from the domains previously joined to
Note: Domain groups and the members of those groups always have storage access.
11. To accept your selections, click Add Group. The group is added with the selected permissions.
Alternatively, to exit the dialog box without adding a group, click Close.
Editing Permission Groups

You can edit the features of existing groups.
To edit a permission group, follow the steps in “Adding Permission Groups” on page 480, except click
Edit instead of Add Group. The dialog box is named Edit Group, and you click Save Group at the
end. The group and its permissions are changed.

Deleting Permission Groups

Note: You cannot delete the NMC Administrators group.
To delete a permission group, follow these steps:
1. On the Console Users and Groups Overview page, click Manage Groups. The Console Groups
page appears.
Figure 14-60: Console Groups page.

1. For the group that you want to delete, click Delete
The About to Delete Group dialog box appears.
2. Click Delete Group. The group is deleted.
Alternatively, to exit the dialog box without deleting a group, click Cancel.

Console Settings Page Firewall
Firewall
You can limit which network hosts can connect to the Nasuni Management Console user interface and
the Nasuni Support SSH port. This is similar to firewall protection.
Note: In addition to this protection, you can also configure separate access to shares, exports,
and FTP/SFTP directories, as detailed in “Editing shares” on page 183, “Editing exports”
on page 146, and “Editing FTP directories” on page 161.
To configure firewall protection for the Nasuni Management Console, follow these steps:
1. Click Console Settings, then select Firewall in the left-hand column. The Console Firewall
Configuration page appears.
Figure 14-61: Console Firewall Configuration page.

2. In the UI Hosts text box, enter a comma-separated list of IP addresses or subnet addresses of
hosts that you permit to access your Nasuni Management Console user interface. If the text box
is blank, any host can access your Nasuni Management Console user interface.
3. In the Support SSH Hosts text box, enter a comma-separated list of IP addresses or subnet
addresses of hosts that you permit to connect to your Nasuni Management Console’s Support
SSH port. If the text box is blank, any host can access your Nasuni Management Console’s
Support SSH port.
Note: Setting this field does not prevent the use of the Nasuni Remote Support Service, as
detailed in “Remote Support Service” on page 494.
4. Click Save Firewall Settings to save your entries.
Tip: If you configure the firewall in such a way that you cannot access the Nasuni Management
Console user interface, you can reset the firewall using the console for the Nasuni
Management Console.
Press Enter to access the Service menu. The login prompt appears. Enter the username and
password. The login username is service, and the default password is service. The
Service Menu appears.
Enter resetfirewall
The firewall resets.

Console Settings Page Networking
Networking
To configure network settings for the Nasuni Management Console, follow these steps:
1. Click Console Settings, then select Networking in the left-hand column. The Console Network
Figure 14-62: Console Network Configuration page.

2. In the Hostname box, enter a hostname for the Nasuni Management Console. The name that
you enter is the name you provide to users so they can access the Nasuni Management
Console. You can use ASCII letters a through z, digits 0 through 9, and hyphens.

Tip: After you change the Hostname of the NMC, you should delete the Active Directory
computer object with that Hostname.
3. From the Network Type drop-down list, select one of the following:
• DHCP (Dynamic Host Configuration Protocol): Provides a network IP address for a host on
an IP network automatically. The Network Device Settings and System Settings areas
become unavailable.
• DHCP with custom DNS: Provides a network IP address for a host on an IP network
automatically. The Network Device Settings area becomes unavailable. Enter the following
information:
• Enter one or more local search domains in the Search Domain text box, each separated
by a space. You must enter valid hostnames.
You can use search domains to avoid typing the complete address of domains that you
use frequently. The search domains that you enter are automatically appended to names
that you specify for purposes such as Active Directory configuration, HTTPS proxy, and
NTP server. For example, if you specify the search domain “mycompany.com”, then
typing “server1” for one of these purposes would connect to
“server1.mycompany.com”.
Note: There are no search domains for LDAP.
• Enter the IP address for your primary DNS server in the Primary DNS server text box.
You must enter a valid hostname or IP address.
• Enter the IP address for your secondary DNS server in the Secondary DNS server text
box (if applicable). You must enter a valid hostname or IP address.
• Static: You must provide Network Device Settings and System Settings. See your IT
administrator for assistance. Enter the following information:
• Enter the static IP address in the IP Address text box. The address of a static device
must not already be present on the network. The Nasuni Management Console verifies
this and displays an error if a collision is detected.
The gateway address must match a subnet of a defined static network. If the External traffic
group is being used, the default gateway address must match that subnet exactly.
supported.
The maximum transmission unit (MTU) is the size (in bytes) of the largest protocol data unit
that the layer can pass onwards. A larger MTU brings greater efficiency, because each
packet carries more user data, while protocol overheads, such as headers, remain fixed; the
resulting higher efficiency means a slight improvement in the bulk protocol throughput. A
larger MTU also means processing fewer packets for the same amount of data. However,
large packets can occupy a slow link for some time, causing greater delays to following
packets, and increasing lag and minimum latency.

• Enter one or more local search domains in the Search Domain text box, each separated
by a space. You must enter valid hostnames.
4. To save your entries, click Save Network Settings.
The Confirm Network Changes dialog box appears.
Figure 14-63: Confirm Network Changes dialog box.

5. Update Network Configuration in the Confirmation Phrase text box.
6. Click Confirm Change.
The network configuration is saved.

Console Settings Page Proxy
Proxy
You can configure the Nasuni Management Console to use a proxy server, if needed. All HTTPS traffic
goes through the proxy server that you specify. See Firewall Best Practices for details of HTTPS traffic,
which includes:
• Storage traffic.
• Global File Lock server traffic.
• Antivirus definition files.
• Nasuni Management Console Administrative Access.
• Web Access.
• Mobile Access.
• NOC traffic.
Note: When you enable or disable the HTTPS proxy, the Nasuni Management Console cannot
update any Nasuni Edge Appliance settings for about 2 minutes.
Note: Nasuni only supports HTTPS proxies. SOCKS proxies are not supported.
Tip: On Azure-based NMCs only, during an installation or recovery procedure, it is necessary to
connect with IP address 169.254.169.254 in order to obtain information about the Azure VM
instance. If you have configured an HTTPS proxy, this attempt to connect can cause a delay
of several minutes. To avoid this delay, add the IP address 169.254.169.254 to the “Do Not
Proxy” section of the HTTPS Proxy configuration.
To configure the HTTPS Proxy, follow these steps:
1. Click Console Settings, then select Proxy in the left-hand column. The Console Proxy
Figure 14-64: Console Proxy Configuration page.

Console Settings Page Proxy
2. To enable proxy support, click Proxy Support: On (enabled) or Off (disabled).

3. In the Proxy Server text box, enter the hostname or IP address of a host running an HTTPS
proxy.
Tip: If you use a hostname with a round-robin DNS configuration (that is, with multiple A
records associated with the HTTPS proxy server's hostname), this might affect the
classification of HTTPS traffic.
4. In the Port text box, enter the port number used by the HTTPS proxy server.
5. Optionally, enter a valid username (case-sensitive) as configured by the proxy server in the User
Name text box and the password (case-sensitive) in the Password text box.
6. Optionally, in the Do Not Proxy text box, enter a list of hostnames or IP addresses not to proxy
(one per line).
Tip: On Azure-based NMCs only, during an installation or recovery procedure, it is necessary
to connect with IP address 169.254.169.254 in order to obtain information about the
Azure VM instance. If you have configured an HTTPS proxy, this attempt to connect can
cause a delay of several minutes. To avoid this delay, add the IP address
169.254.169.254 to the “Do Not Proxy” section of the HTTPS Proxy configuration.
7. To save your settings, click Save Proxy Settings.

Console Settings Page Software Update for NMC
Software Update for NMC

When a newer version of the Nasuni Management Console software is available, you can install the new
software.
If updates are not available, a page appears telling you there are no updates at this time.
Important: The version of the Nasuni Management Console must be equal to or greater than the
version of the Nasuni Edge Appliance that the Nasuni Management Console is to
manage. If a Nasuni Edge Appliance is joined to a Nasuni Management Console,
update the Nasuni Management Console software before updating the Nasuni Edge
Appliance software.
Caution: Updating the software disconnects all users currently using the Nasuni Management
Console. The system can take several minutes to reboot. The time to reboot can be
longer if one-time upgrade operations are necessary.
hours, because this can disrupt access. Apply software updates at night or on weekends.
Tip: Review the release notes of all releases between your current release and the most recent
release. You can also view Release Notes.
Note: Updating the Nasuni Management Console software does not affect Nasuni Edge
Appliances or access to data.
To update to the latest release, follow these steps:
1. Click Console Settings, then select Software Update in the left-hand column. If an update is
available, the Software Update Available page appears.
Figure 14-65: Software Update Available page.

2. To review the release notes, click the hyperlink “Release Notes are available“. You can also view
Release Notes.

Console Settings Page Software Update for NMC
Note: Some software updates can take longer to apply than others. Refer to the release
notes before applying the update.
3. Update NMC in the Confirmation Phrase text field.
4. Click Update Console Software. The Nasuni Management Console downloads software
updates and reboots the system.
Tip: To avoid any performance issues when updates occur, clear your browser’s cache.
5. After the reboot completes, re-log in to the Nasuni Management Console with your username
(case-sensitive) and password (case-sensitive).
in to the NMC.

Console Settings Page Remote Support Service

You can view and edit Remote Support Service settings.
securely access your Nasuni Management Console. This can help Nasuni Technical Support to
diagnose and resolve any issues with your Nasuni Management Console quickly and proactively. No
changes to your corporate firewalls are necessary.
This service is disabled by default and is strictly opt-in. You can enable or disable this service at any
time. You can also enable this service for a specific period of time. Enabling this service allows Nasuni
to offer a higher level of service and support.
Tip: If you need technical assistance, contact Nasuni Technical Support and inform them if you
have enabled Remote Support Service.
You receive a notification whenever the Remote Support Service is enabled or disabled.
Enabling and disabling Remote Support Service

To enable or disable the Remote Support Service, follow these steps:
1. Click Console Settings, then select Remote Support in the left-hand column. The Remote
Support Service page appears.
Figure 14-66: Remote Support Service page.

2. To enable the Remote Support Service, click Enable Remote Support. Selecting On enables
the Remote Support Service.
3. If Enable Remote Support is On, the Timeout text box becomes available. Enter the length of
time, in minutes, that you want to permit the Remote Support Service access to be enabled.
Enter 0 (zero) to allow access for an indefinite amount of time.
Click Enable Remote Support. The Remote Support Service settings are changed. If you
enable the Remote Support Service with a nonzero Timeout time, a countdown begins.
4. If the Remote Support Service is enabled, to disable the Remote Support Service, click Disable
Remote Support. The Remote Support Service settings are changed.

Console Settings Page Send Diagnostics
Send Diagnostics
If you experience problems that you cannot resolve, you can send diagnostic information to Nasuni
Technical Support for troubleshooting purposes.
Note: Local diagnostic information is automatically sent when needed, so there is typically no
need to do this, unless instructed by Nasuni Technical Support. Using Send Diagnostics
includes more information than the automatic diagnostic information.
To send diagnostic information, follow these steps:
1. Click Console Settings, then select Send Diagnostics from the menu. The Send Diagnostic
Information to Nasuni page appears.
Figure 14-67: Send Diagnostics page.

2. Send Diagnostic Information in the Confirmation Phrase text field.
3. Click Send Diagnostics. Diagnostic information is sent to Nasuni and the informational
notification “Successfully sent alerts to nasuni.com support team” is sent.

Chapter 15: Notifications
Notifications are Nasuni Management Console messages.

You might receive the following types of notifications:
• Admin: The system administrator has performed an action.
• Info: The system has performed an action, or has changed its state, in such a way that the user
might be interested, but that does not require action or attention.
• Warning: Something unusual has happened, but the user need not take action.
• Error: Something unusual or incorrect has occurred, and the user should take notice and try to
resolve the situation, if possible. Errors generate email messages to the user, if the user has set
up email. See “Email Settings” on page 415 for details.
• Alert: Something unusual or incorrect has occurred, and the user should take notice and try to
resolve the situation, if possible, or contact Nasuni for assistance, if necessary. Alerts generate
emails to the user, if the user has set up email. For details, see “Email Settings” on page 415.
Examples of alert notifications are:
• Software update available.
• Account issues.
• Local cache issues.
• Evaluation period expired.
Retaining Notifications
Notifications are retained according to the following rules:
• Review of notifications occurs daily on the NMC and weekly on the Nasuni Edge Appliance.
• Info-level notifications are removed after 7 days.
• Acknowledged notifications of any level are removed after 14 days.
• Only the most recent 50,000 Info-level notifications per Nasuni Edge Appliance are retained.

Notifications Viewing Notifications
Viewing Notifications
Notifications that require acknowledgment appear on the Notifications pane. You can view and filter all
notifications using the Notifications page.
To view notifications, follow these steps:
1. Click the bell-shaped Notifications icon at the top right of any page. The Notifications pane
appears.
Figure 15-1: Notifications pane.

Notifications that require acknowledgment appear on the Notifications pane, based on the
state of your system. A number to the right of a notification indicates multiple occurrences of the
same notification. You can acknowledge a notification by clicking the x. To acknowledge all the
displayed notifications, click Acknowledge All.
2. Click View all Notifications. The Notifications page displays a list of notifications.
Figure 15-2: Notifications page.

The following information appears for each notification in the list:
• Severity: The severity of the notification, including Admin, Info, Warning, Error, and Alert.
• Admin: The system administrator has performed an action.
• Info: The system has performed an action, or has changed its state, in such a way that
the user might be interested, but that does not require action or attention.
• Warning: Something unusual has happened, but the user need not take action.

Notifications Viewing Notifications
• Error: Something unusual or incorrect has occurred, and the user should take notice
and try to resolve the situation, if possible. Errors generate email messages to the
user, if the user has set up email. See “Email Settings” on page 415 for details.
• Alert: Something unusual or incorrect has occurred, and the user should take notice
and try to resolve the situation, if possible, or contact Nasuni for assistance, if
necessary. Alerts generate emails to the user, if the user has set up email. For details,
see “Email Settings” on page 415. Examples of alert notifications are:
• Software update available.
• Account issues.
• Local cache issues.
• Evaluation period expired.
• Date: The date and time of the notification.
• Origin: The Nasuni Edge Appliance that the notification occurred on.
• Message: The text of the notification.
Note: It can take up to 10 minutes for the notifications of a managed Nasuni Edge Appliance
to appear on the Notifications page of the Nasuni Management Console.
Acknowledged notifications display a checkmark to the right of their severity.
At the top of the list is a count of the number of entries shown and the total number of entries.
3. You can select whether to view acknowledged notifications, unacknowledged notifications, or
all notifications, as follows:
• All: To view all notifications, including acknowledged notifications, select All. All
notifications are listed.
• No: To view only notifications that have not been acknowledged, select No. Only
unacknowledged notifications are listed.
• Yes: To view only acknowledged notifications, select Yes. Only acknowledged notifications
are listed.
4. To include Alert notifications, select Alert.
5. To include Error notifications, select Error.
6. To include Warning notifications, select Warning.
7. To include Info notifications, select Info.
Tip: Info notifications can safely be ignored.
8. To automatically refresh the Notifications page, select Enable Auto Refresh.
9. To move to the next page of notifications (if any), click the right arrow at the top of the page.
10. To move to the previous page of notifications (if any), click the left arrow at the top of the page.
11. To download notifications as a CSV file, click Download CSV.

Notifications Acknowledging Notifications

• priority: Matches values in the Severity field.
• filer: Matches values in the Origin field.
• message: Matches values in the Message field.
Note: If there are many notifications, it might take a little time to display the filtered results.
Acknowledging Notifications
You can acknowledge notifications.
Acknowledging notifications marks them as read, but leaves them in place for further use. By contrast,
deleting notifications removes them entirely. When you acknowledge notifications, you are no longer
prompted to view them.
To acknowledge notifications, follow these steps:
1. List and filter notifications as described in “Viewing Notifications” on page 497.
2. Select the notifications that you want to acknowledge.
To select all notifications on the page, select the check box to the left of the Severity heading. If
there is more than one page of notifications, a message appears detailing how many
notifications are selected and the total number of notifications matching the current criteria.
Figure 15-3: Selected Notifications message.

To select all the notifications matching the current criteria, click the Select all message.
To clear the selection, click Clear selection.
3. Click Acknowledge. The Acknowledge Notifications dialog box appears.
Figure 15-4: Acknowledge Notifications dialog box.

4. Click Acknowledge Notifications. The selected notifications are acknowledged.
Alternatively, to exit this screen without acknowledging any notifications, click the Close button.

Notifications Deleting Notifications
Deleting Notifications
You can delete notifications.
Deleting notifications removes them from the list entirely. When you delete notifications, you are no
longer prompted to view them.
Tip: There are often many notifications such as “Snapshot not needed”, “Antivirus scan started”,
“Updated the Nasuni Edge Appliance product license key”, and “Snapshot for volume ...
has been scheduled”. Unless the Nasuni Management Console is experiencing problems in
these areas, you can usually delete all notifications of this kind.
To delete notifications, follow these steps:
1. List and filter notifications as described in “Viewing Notifications” on page 497.
2. Select the notifications that you want to delete:
To select all notifications on the page, select the check box to the left of the Severity heading. If
there is more than one page of notifications, a message appears detailing how many
notifications are selected and the total number of notifications matching the current criteria.
Figure 15-5: Selected Notifications message.

To select all the notifications matching the current criteria, click the Select all message.
To clear the selection, click Clear selection.
3. Click Delete . The Delete Notifications dialog box appears.
Figure 15-6: Delete Notifications dialog box.

4. Click Delete Notifications. The selected notifications are deleted from the list.
Alternatively, to exit this screen without deleting any notifications, click the Close button.
Downloading Notifications
Download
You can download notifications to a comma-separated values (CSV) file for further analysis or retention.
To download notifications as a CSV file, on the Notifications page, click Download CSV. The
notifications are downloaded and saved as a CSV file, according to the configuration of your browser.

Chapter 16: Recovery
There are a number of reasons for performing a recovery:

• Hardware failures.
• Software failures.
• Power outages.
• Human error.
• Changing storage platforms.
• Moving data around the world.
• True natural disaster.
Performing a recovery procedure on the Nasuni Management Console does not affect any of your
Nasuni Edge Appliances or access to your data.
Recovering the Nasuni Management Console

The NMC Recovery Guide contains the complete procedure for recovering the Nasuni Management
Console in the event of a disaster or planned transition. This section is a summary of suggestions
before you recover the Nasuni Management Console.
Note: Downloading and executing the installation program for the virtual appliance is contingent
upon the virtual platform you are using.
To recover the Nasuni Management Console, follow these steps:
1. Safeguard at least one of the encryption keys for the Nasuni Management Console. See
“Encryption Keys” on page 446.
2. Obtain the serial number and authorization code for the Nasuni Management Console. You use
these in step 10. If you have the credentials to log in to your Nasuni.com account (https://
account.nasuni.com/account/login/), you can obtain the serial number and authorization code
there. If you don’t have these credentials, obtain the serial number and authorization code from
the person who has the credentials.
3. Download the Nasuni Management Console software appropriate for your platform. For details,
see “Installing the Nasuni Management Console Software” on page 37.
Note: You can perform the recovery process to the same version of the software that you
were running, or to a newer version than you were running, but not to an older version.
4. Install the Nasuni Management Console software for your platform.

Recovery Recovering the Nasuni Management Console
5. After you obtain the initial IP address, open the specific URL to continue. The Install Wizard —
Network Configuration page appears.
Figure 16-1: Install Wizard — Network Configuration page.

a. In the Hostname box, a default hostname for the Nasuni Management Console appears. You
can accept the default hostname or change it to a customized hostname. The name that you
enter is the name you provide to users so they can access the Nasuni Management Console.
You can use ASCII letters a through z, digits 0 through 9, and hyphens.
To change this name later, see “Networking” on page 487.
b. From the Network Type drop-down list, select either Static or DHCP.
If you select DHCP (Dynamic Host Configuration Protocol), the IP Address, Netmask,
Default Gateway, and MTU Value fields become unavailable.

If you select Static, you must provide Network Device Settings and System Settings. See
your IT administrator for assistance.
If you select Static as a source, enter the following information:
• Enter the static IP address in the IP Address text box.
The gateway address must match a subnet of a defined static network.
supported.
The maximum transmission unit (MTU) is the size (in bytes) of the largest protocol data unit
that the layer can pass onwards. A larger MTU brings greater efficiency, because each
packet carries more user data while protocol overheads, such as headers, remain fixed; the
resulting higher efficiency means a slight improvement in the bulk protocol throughput. A
larger MTU also means processing fewer packets for the same amount of data. However,
large packets can occupy a slow link for some time, causing greater delays to following
packets, and increasing lag and minimum latency.
c. In the System Settings area:
If you selected DHCP (Dynamic Host Configuration Protocol), the Search Domain, Primary
DNS Server, and Secondary DNS Server fields become unavailable.
If you select Static as a source, enter the following information:
• Enter one or more local search domains in the Search Domain text box. If you enter
multiple search domains, make sure you include a space between each entry. You must
enter valid hostnames.
d. Click Continue to proceed.

6. The Install Wizard — Proxy Network Configuration page appears.
Figure 16-2: Install Wizard — Proxy Network Configuration page.

a. To enable proxy support, click Proxy Support: On (enabled) or Off (disabled).
b. In the Proxy Server text box, enter the hostname or IP address of a host running an HTTPS
proxy.
c. In the Port text box, enter the port number used by the HTTPS proxy server.
d. Optionally, enter a valid username (case-sensitive) as configured by the proxy server in the
User Name text box and the password (case-sensitive) in the Password text box.
e. Optionally, in the Do Not Proxy text box, enter a list of hostnames or IP addresses not to
proxy (one per line).
Tip: On Azure-based NMCs only, during an installation or recovery procedure, it is
necessary to connect with IP address 169.254.169.254 in order to obtain information
about the Azure VM instance. If you have configured an HTTPS proxy, this attempt
to connect can cause a delay of several minutes. To avoid this delay, add the IP
address 169.254.169.254 to the “Do Not Proxy” section of the HTTPS Proxy
configuration.
f. Click Continue. To return to the previous page to change parameters, click Back.

7. The Install Wizard — Review Network Settings page appears.
Figure 16-3: Install Wizard — Review Network Settings page.

To accept the network settings, click Continue. return to the previous page to change
parameters, click Back.
8. The Reconfiguring Network Settings page appears.
Figure 16-4: Configuring Network Settings page.

9. The Terms of Service and License Agreement page appears.
Figure 16-5: Terms of Service and License Agreement page.

You can print or download a copy of the Terms of Service and License Agreement by clicking
the appropriate icon.
Select “I accept the Terms of Service”, then click Continue.
10. The Install Wizard — Authorization page appears.
Figure 16-6: Install Wizard — Authorization page.

Enter the NMC Serial Number and Authorization code, found under the Account section of
www.nasuni.com. Click Continue to proceed.

11. The Install Wizard — Confirm NMC Recovery page appears.
Figure 16-7: Install Wizard — Confirm NMC Recovery page.

Note: If the “Confirm New NMC” page appears instead of the “Confirm NMC Recovery”
page, contact Nasuni Technical Support.
Enter “Perform Disaster Recovery” in the Confirmation text box, then click Continue to
proceed.
12. The Install Wizard — Disaster Recovery page appears.
Figure 16-8: Install Wizard — Disaster Recovery page.

Note: Only one of the NMC encryption keys is necessary for this step.
• If you escrowed any of your encryption keys (including the backup key) with Nasuni, and you
intend to use your escrow passphrase to de-escrow your escrowed encryption keys,
perform the following steps:

a. Select “Yes - Escrow Passphrase” from the drop-down list.

Tip: You can select Yes even if you also have non-escrowed encryption keys, which
you provide separately.
Tip: For details about the escrow passphrase, see “Escrow Passphrase” on
page 311.
b. The Escrow Passphrase text box becomes available.
Figure 16-9: Escrow Passphrase text box.

c. If you set an encryption key escrow passphrase and you have the passphrase, enter the
passphrase.
Alternatively, if you do not have an encryption key escrow passphrase available: Contact
Nasuni Support to verify your identity and obtain your one-time recovery key. Then
perform step 12 on page 507 again.
page 311.
d. Click Continue.
e. Continue with step 14 on page 511.
Important: If you have previously escrowed your encryption keys with Nasuni, and you
use these escrowed encryption keys as part of the recovery process, you
MUST re-escrow those encryption keys with Nasuni if you want those
encryption keys to continue to be escrowed with Nasuni. After the recovery is
complete, the Nasuni Edge Appliance treats all encryption keys as if they
were not created by this Nasuni Edge Appliance. For details, see, “Escrowing
Encryption Keys with Nasuni” on page 308.
• If you escrowed any of your encryption keys (including the backup key) with Nasuni, and you
intend to have Nasuni de-escrow your escrowed encryption keys, perform the following
steps:
a. Select “Yes - Recovery Key” from the drop-down list.
Tip: You can select Yes even if you also have non-escrowed encryption keys, which
you provide separately.

b. The Recovery Key text box becomes available.
Figure 16-10: Recovery Key text box.

c. Contact Nasuni Support to verify your identity and obtain your one-time recovery key.
Then enter the recovery key.
page 311.
d. Read the text and then click the Acknowledgement box.
e. Click Continue.
f. Continue with step 14 on page 511.
Important: If you have previously escrowed your encryption keys with Nasuni, and you
use these escrowed encryption keys as part of the recovery process, you
MUST re-escrow those encryption keys with Nasuni if you want those
encryption keys to continue to be escrowed with Nasuni. After the recovery is
complete, the Nasuni Edge Appliance treats all encryption keys as if they
were not created by this Nasuni Edge Appliance. For details, see, “Escrowing
Encryption Keys with Nasuni” on page 308.
• Otherwise, select No from the drop-down list, then click Continue.
This means that either you do not have any encryption keys escrowed with Nasuni at all, or
that you do have encryption keys escrowed with Nasuni, but you intend to provide your
escrowed encryption keys yourself.

13. If you selected No, the Install Wizard — Upload Encryption Keys page appears.
Figure 16-11: Install Wizard — Upload Encryption Keys page.

Click Choose File to navigate to your encryption key file, enter the Key Passphrase if
necessary, then click Upload Key(s). All uploaded encryption keys should be at least 2048 bits
long.
bytes.
Important: For security reasons, encryption keys that you upload cannot be downloaded
from the system.
recovery procedure.
Important: It is possible that not all encryption keys are uploaded as part of the recovery.
After the recovery process is complete, the Encryption Keys page indicates

which encryption keys were not uploaded. Uploading these encryption keys is
optional.

14. The Install Wizard - About to Recover page appears.
Figure 16-13: Install Wizard - About to Recover page.

Click Continue. Recovery of the Nasuni Management Console begins.
15. After recovery, the Install Wizard - Recovery Complete page appears.
Figure 16-14: Install Wizard - Recovery Complete page.

16. The Install Wizard — Create Admin User page appears.
Figure 16-15: Install Wizard — Create Admin User page.

Create a Username (case-sensitive) and a Password (case-sensitive) for the administration of
this Nasuni Management Console.
in to the NMC.
An indicator of password strength appears. Although password strength is not enforced, you
should use strong passwords. Click Continue.
17. The Rebooting page appears.
Figure 16-16: Rebooting page.

It can take several minutes for this process to complete.

18. The Login page appears.
Figure 16-17: Login page.

Log in to the Nasuni Management Console with your Username (case-sensitive) and Password
(case-sensitive). Click Log in.
in to the NMC.

19. The Nasuni Management Console Home page appears.
Figure 16-18: Nasuni Management Console Home page.

A message appears confirming that the recovery process is complete.
Important: After the recovery, it might be necessary to reconfigure the firewall, networking,
proxy, time zone, and time server settings.

Appendix 17: Console Commands
Overview
You can change network settings, such as the IP address of the Nasuni Management Console, using
commands on the console. You might want to change the IP address if, for example, you do not want
to use the initial default IP address or if the current IP address is not valid. Also, if you make an entry
error when setting network parameters, you can correct it using the IP address configuration
commands in this section.
Using console commands

Console commands enable you to obtain information about the network configuration, and modify
values of the network configuration.
To access console commands, follow these steps:
1. Access the console for the Nasuni Management Console. For the Nasuni Management Console
virtual machine, use the virtual machine console window. The console prompt appears.
Figure 17-1: Console prompt.

Console Commands Using console commands
2. Press Enter to access the Service menu. The login prompt appears. Enter the username and
password. The login username is service, and the default password is service. The Service
Menu appears.
Figure 17-2: Service Menu.

Note: For security, use the changepassword command to change the password for the
service console.
3. To see a list of available commands, enter help at the prompt. To see details about each
command, enter help <command>.
Figure 17-3: List of available commands.

4. To access commands to change the network configuration, enter editnetwork at the prompt.
The network prompt appears.
Figure 17-4: Network prompt.

5. To see a list of available editnetwork commands, enter help at the prompt. To see details about
each editnetwork command, enter help <command>.
Figure 17-5: List of available editnetwork commands.

6. To exit the editnetwork commands, enter close.
7. To exit the console commands, enter quit.
Important: After making any network changes, you must use the Nasuni Management
Console to enter those settings so that the Nasuni Management Console is
consistent with the platform. This applies to all network changes.

Console Commands Changing device and network parameters
Changing device and network parameters

You can use console commands to change network device and system parameters such as the
network device IP address, netmask, and MTU, as well as the system hostname, default gateway, DNS
servers, and search domains.
Important: After making any network changes, you must use the Nasuni Management Console
to enter those settings so that the Nasuni Management Console is consistent with
the platform. This applies to all changes.
To change device and network parameters at the console, follow these steps:

Menu appears.

3. Enter editnetwork at the prompt. The network prompt appears.

4. To use DHCP settings for the device and the system, enter the following command:
setall dhcp
Press Enter. The setall dhcp command runs:
Figure 17-9: setall dhcp command.

The device and the system use DHCP settings. Continue with step 15 on page 519.
5. To use static settings for the device and the system, enter the following command:
setall static
Press Enter. The setall static command runs:
Figure 17-10: setall static command.

6. To change the IP address, enter a new IP address and press Enter. To leave the current IP
address unchanged, press Enter.
7. To change the netmask, enter a netmask and press Enter. To leave the current netmask
unchanged, press Enter.

8. To change the MTU, enter an MTU and press Enter. To leave the current MTU unchanged,
press Enter.
The maximum transmission unit (MTU) is the size (in bytes) of the largest protocol data unit that
the layer can pass onwards. A larger MTU brings greater efficiency, because each packet
carries more user data while protocol overheads, such as headers, remain fixed; the resulting
higher efficiency means a slight improvement in the bulk protocol throughput. A larger MTU also
means processing fewer packets for the same amount of data. However, large packets can
occupy a slow link for some time, causing greater delays to following packets, and increasing
lag and minimum latency.
9. To change any of the above values, enter yes. Use step 6, step 7, and step 8 to change the
values.
Alternatively, to leave values unchanged, enter No or press Enter.
10. To change the hostname, enter a new hostname and press Enter. To leave the current
hostname unchanged, press Enter.
11. To change the default gateway, enter a default gateway and press Enter. To leave the current
default gateway unchanged, press Enter.
12. To change the DNS server, enter one or two DNS servers separated by spaces and press Enter.
To leave the current DNS server unchanged, press Enter.
13. To change the search domain, enter one or more search domains separated by spaces and
press Enter. To leave the current search domain unchanged, press Enter.
14. To change any of the above values, enter yes. Use step 10, step 11, step 12, and step 13 to
change the values.
Alternatively, to leave values unchanged, enter No.
15. To save your values, enter save.
18. On the Nasuni Management Console, enter any changed settings so that the Nasuni
Management Console is consistent with the platform.

Console Commands Changing static IP address and other network parameters
Changing static IP address and other network parameters

You can use console commands to change network parameters such as the static IP address,
netmask, MTU, hostname, default gateway, DNS servers, and search domains.
the platform. This applies to all network changes.
To change the static IP address and other network parameters at the console, follow these steps:

Menu appears.


4. Enter the following command:
setaddr static
Press Enter. The setaddr static command runs:
Figure 17-14: setaddr static command.

5. To change the IP address, enter a new IP address and press Enter. To leave the current IP
address unchanged, press Enter.
6. To change the netmask, enter a netmask and press Enter. To leave the current netmask
unchanged, press Enter.
7. To change the MTU, enter an MTU and press Enter. To leave the current MTU unchanged,
press Enter.
The maximum transmission unit (MTU) is the size (in bytes) of the largest protocol data unit that
the layer can pass onwards. A larger MTU brings greater efficiency, because each packet
carries more user data while protocol overheads, such as headers, remain fixed; the resulting
higher efficiency means a slight improvement in the bulk protocol throughput. A larger MTU also
means processing fewer packets for the same amount of data. However, large packets can
occupy a slow link for some time, causing greater delays to following packets, and increasing
lag and minimum latency.
8. To change values, enter yes. The entered values are changed.
setsystem static
Press Enter. The setsystem static command runs:
Figure 17-15: setsystem static command.

10. To change the hostname, enter a new hostname and press Enter. To leave the current
hostname unchanged, press Enter.
11. To change the default gateway, enter a default gateway and press Enter. To leave the current
default gateway unchanged, press Enter.
12. To change the DNS server, enter one or two DNS servers separated by spaces and press Enter.
To leave the current DNS server unchanged, press Enter.
13. To change the search domain, enter one or more search domains separated by spaces and
press Enter. To leave the current search domain unchanged, press Enter.
14. To change values, enter yes. The entered values are changed.
15. To save your network parameter values, enter save.

Console Commands Enabling DHCP Networking
Enabling DHCP Networking

the platform. This applies to all network changes.
To enable DHCP networking, follow these steps:

Menu appears.


setaddr dhcp
Press Enter. The setaddr dhcp command runs.

5. Enter yes to enable DHCP networking.

Console Commands Viewing the MAC Address

Viewing the MAC Address

You can also use console commands to view the MAC address.
Note: MAC addresses might not display as expected. The MAC address of the bonding device is
taken from its first secondary device. This MAC address is then passed to all following
secondary devices, and persists, even if the first secondary device is removed, until the
bonding device is brought down or reconfigured.
To view the MAC address, follow these steps:
1. Access the console for the Nasuni Management Console. The console prompt appears.

Menu appears.

showmac

Console Commands Rebooting the NMC
4. Press Enter. The showmac command runs.
Figure 17-21: showmac command.

You can view the MAC address for each network interface card.
Rebooting the NMC

You can also use console commands to reboot the NMC.
To reboot the NMC, follow these steps:
1. Access the console for the Nasuni Management Console. The console prompt appears.

Menu appears.

reboot
4. Press Enter. The NMC reboots.

Appendix 18: Nasuni Terms of Service and License
Agreement
Nasuni Corporation
The Terms of Service and License Agreement for the Nasuni Edge Appliance is located at:
http://www.nasuni.com/legal/

Appendix 19: Filtering Displays

On some pages, you can limit the display to items that match the criteria that you enter. In the Filter
text box, type the criteria, then click Apply Filter. Here are guidelines for using the Filter text box:
• Use spaces to separate criteria. The filter matches ALL of the criteria entered.
• You can enter letters and numerals, not case-sensitive.
• You can enter the following special ASCII symbols:
! @ $ % ^ (caret) * = ( ) [ ] { } < > / ?
| (vertical bar) _ (underscore) ‘ (accent) ~ (tilde) : (colon) , (comma) . (period)
• Do not use the following ASCII symbols to filter:
# & + ; (semicolon) ‘ (single quote) “ (double quote)
• You can enter a lowercase field name, followed by a colon, followed by a value. The field names
vary depending on the screen.
• You can enter a lowercase condition, followed by a colon, followed by a Boolean value. The
conditions vary depending on the screen.
• You can enter a minus sign (-) to negate any criterion.
Examples:
files Matches any item that contains “files” in any field.
f!|@$ Matches any item that contains “f!|@$” in any field.
volume:files Matches any item that contains “files” in the Volume field.
readonly:true Matches any item that has Read Only enabled.
volume:files readonly:true Matches any item that contains “files” in the Volume field
AND that has Read Only enabled.
-readonly:true Matches any item that DOES NOT have Read Only enabled.

Appendix 20: Health Monitor Overview
The Health Monitor service was introduced in the 8.8 release of the NMC and Edge Appliance. After the
NMC is upgraded to 8.8, the Health Monitor status is available for Edge Appliances running version 8.8
or higher.
Status
Health Monitor status for Edge Appliances is available from the NMC Filers Overview page and NMC
Filer Details page along with recommended remediation steps. Further, warning and error messages
are available via NMC notifications and the NMC API and, if configured, can be sent as email alerts,
syslog, and SNMP traps.
The NMC Filers Overview “Health” column shows an aggregate of Health Monitor check status and
reports the highest severity check status as the current Health Monitor status for the Edge Appliance.
For example, if all checks are healthy, “Healthy” is displayed in the Filers Overview page. If one check is
in an unhealthy state but all other checks are healthy, “Unhealthy” is displayed for the Edge Appliance.
Tip: If any Health condition is displayed as “Unhealthy”, you can view detailed information and
any recommendations by hovering over the “Unhealthy” indicator. Alternatively, clicking
“View Recommendations” opens the Health Monitor Current Status dialog box which
displays detailed information and any recommendations.
Status Types
• Unhealthy: The check is unhealthy. Edge Appliance functionality is likely to be degraded.
• Warning: The check is approaching and unhealthy state. Not all checks include a warning
status.
• Healthy: The check is reporting no errors.
• “ - ”: The Edge Appliance Health Monitor status is “Unknown”. The “Unknown” status is
reported for pre-8.8 Edge Appliances.

Polling and Thresholds
Polling and Thresholds

Each Health Monitor check has an associated default polling interval and default polling threshold.
Polling interval corresponds to the number of minutes between polling. Polling threshold corresponds
to the number of consecutive checks matching the conditions for the associated status that must be
met before the check status changes. Consider the following example:
Polling Interval: 1 minute
Polling Threshold: 30
Expected result: Status for the associated check is polled every minute. If the condition associated
with the “Warning” or “Unhealthy” state is matched for 30 consecutive polling events, the associated
status is triggered.
The polling interval and polling threshold for each Health Monitor check use default values that cannot
currently be adjusted using the NMC UI. Back-end configuration options allow Nasuni Customer
Support to customize these values if required.
Monitors and Remediation

Memory
If Edge Appliance memory usage exceeds 90 percent, the "Warning" status is triggered. If memory
usage exceeds 95 percent, the "Unhealthy" status is triggered.
Polling Threshold: 30 consecutive
Remediation - Consider adding memory if possible or contact Nasuni Customer Support.
CPU
If CPU usage exceeds 90 percent (average across cores), the "Warning" status is triggered. If CPU
usage exceeds 95 percent (average across cores), the "Unhealthy" status is triggered.
Remediation - Add CPUs if possible or contact Nasuni Customer Support.

Active Directory
If the Edge Appliance is joined to Active Directory and the Nasuni Edge Appliance AD health polling job
fails five times consecutively, the "Unhealthy" status is triggered.
Polling Interval: 5 minutes
Remediation - Confirm that the Edge Appliance can contact the Active Directory Domain and confirm
that the AD domain controllers for the site are online. Attempt to use the Edge Appliance Management
UI to rejoin the Edge Appliance to AD. If that fails, open a case with Nasuni Customer Support.
File Protocol Access

Health Monitor attempts to periodically check NFS Exports and CIFS shares. If these checks fail, the
"Unhealthy" status is triggered. While the Edge Appliance Health Monitor details and remediation
messages do not list the name of the specific “Unhealthy” NFS Export or CIFS share, the NMC
notifications do list the specific “Unhealthy” Exports or CIFS shares.
Remediation - Remediation includes the following:
• Check NMC notifications to obtain the names of unhealthy NFS Exports or CIFS shares. A
notification is raised for each NFS Export or CIFS share that is inaccessible.
• Confirm that the configured Nasuni volume path referenced for the NFS Export or CIFS share is
valid. If the path has been renamed or moved, the NFS Export or CIFS share could potentially
be unavailable.
• Manually test NFS or CIFS connectivity from a client.
• If the Edge Appliance is joined to Active Directory and notifications indicate that many or all
CIFS shares are unavailable on an Edge Appliance, it may indicate the health check process
lacks permission to check the status of the CIFS share.
Two configurations could cause this issue:
• Using the Windows MMC for “Shared Folders” or “Computer Management: Shared” folders
properties to edit share permissions for a share is not supported by Nasuni and could remove
the permissions of the health check process depends on to check CIFS share health. Rather
than using the Windows MMC interface for shares to edit share permissions, you should use the
built-in Nasuni share Authentication option to control the users and groups that can access
shares. If using the Windows MMC to edit share permissions is a requirement, ensure that the
Active Directory Machine account for the Edge Appliance has at least read access to all Nasuni
shares in the MMC.
• Customers that have implemented ID mapping based on RFC2307 Active Directory Unix
attributes need to ensure that the Active Directory Machine account for the Edge Appliance has
a defined UID and GID in Active Directory.

Nasuni Services
Nasuni Services - If a critical Nasuni service is not running, the "Unhealthy" status is triggered.
Most Services
UnityFS local file system process

Remediation - Contact Nasuni Technical Support.
Disk Errors
If the system's io_error_cnt is more than 0, the "Unhealthy" status is triggered. If SMART reports an
error (only relevant for hardware Edge Appliances), the “Unhealthy” status is triggered.
Polling Threshold: 1 event
Remediation - Contact Nasuni Customer Support. A disk may need to be replaced.
Internal File System Utilization

If the Nasuni filesystem is using more than 80 percent of available space, the "Warning" status is
triggered. If any filesystem is using more than 90 percent of available space, the "Unhealthy" status is
triggered.
Note: Cache and Copy on Write (COW) disk utilization are not included in the Health Monitor file
system utilization checks.
Remediation - High internal file system utilization could indicate a problem with key Nasuni processes
and if the internal file system fills, processes could fail. Contact Nasuni Customer Support.

Network Connectivity Checks
Polling Group 1
• Nasuni NMC messaging queues - If a call fails, the "Unhealthy" status is triggered.
• Global File Lock - Checks if connection to the Global File Lock server endpoint is functional. If a
call fails, the "Unhealthy" status is triggered.
Polling Group 2
• Nasuni Orchestration Center (NOC) - If a call fails, the "Unhealthy" status is triggered.
• Object Storage - Checks if each of the volumes can connect to the cloud. If a call fails for any
volume, the "Unhealthy" status is triggered.
Remediation - Confirm network routing and connectivity between the Edge Appliance and network
end points. The Nasuni Service Console running on the Edge Appliance offers built-in network utilities
for traceroute and ping.
Memory Fragmentation
Checks for excessive memory fragmentation and supports both “Warning” and “Unhealthy” thresholds.
Memory fragmentation events are not currently visible in the Filer Overview or Filer Details page,
although “Warning” and “Unhealthy” messages are logged to NMC notifications. Memory
fragmentation can impact Edge Appliance performance or could cause operations to fail.
Remediation - Reboot the Edge Appliance to temporarily resolve memory fragmentation. If the errors
continue, or if you observe slow performance on spinning media drives, contact Nasuni Customer
Support.

Appendix 21: Case Sensitivity
Configuring case sensitivity for Windows systems with SMB/CIFS

On Windows systems that do NOT require case sensitivity for any reason, Nasuni strongly suggests
configuring case sensitivity as follows:
• Specify the volume to NOT be case-sensitive. This is the default configuration of volumes.
• For the volume’s Permissions Policy, select NTFS Exclusive.
Note: Most Windows applications are not case-sensitive.
If case sensitivity is REQUIRED, such as for SMB/CIFS volumes that also have NFS protocol enabled,
configure case sensitivity as follows:
• Specify the volume to be case-sensitive. This is not the default configuration of volumes, and
must be specified for the volume. To specify the volume to be case-sensitive, on the “Add New
Volume” page (Edge Appliance) or on the “Create Volume” page (NMC), select “Case
Sensitive”.
• Specify the share to use “Case-Sensitive Paths”.
• For the volume’s Permissions Policy, select POSIX Mixed Mode.
On Windows systems, if some applications require case sensitivity and other applications require not
being case sensitive on the same volume, configure case sensitivity as follows:
• Specify the volume to be case-sensitive. This is not the default configuration of volumes, and
must be specified for the volume. To specify the volume to be case-sensitive, on the “Add New
Volume” page (Edge Appliance) or on the “Create Volume” page (NMC), select “Case
Sensitive”.
• Specify one share on the volume to use “Case-Sensitive Paths”. The case-sensitive
applications can use this share.
• Specify another share on the volume to NOT use “Case-Sensitive Paths”. The applications that
are not case-sensitive can use this share.
• For the volume’s Permissions Policy, select NTFS Exclusive.
Note: Most Windows applications are not case-sensitive.

Appendix 22: Volume Configuration
The following table contains Nasuni recommendations for configuring volumes, based on the objectives for the volume. Configuration
includes consideration of the following:
 Original volume protocol
 Additional volume protocol, if any
 Authentication
 Volume Permissions Policy
 Case Sensitivity
Important: Before joining Edge Appliance to Active Directory, contact Nasuni Support to ensure optimal configuration.
Objective of Original Additional Set Set Set Case Options Unsupported

volume volume volume Authentication Permissions Sensitivity available features
protocol protocol to … Policy to … to … include: include:
SMB clients only SMB (CIFS) None Active Directory NTFS No Durable NFS. FTP.
(Microsoft Exclusive handles (with LDAP. Multiple
Windows clients, SMB 2.0+ and volume
macOS clients) GFL disabled). protocols.
(no NFS, no FTP) Web Access. Switching from
Mobile Access. NTFS
Exclusive to
Global File
NTFS
Lock Advanced
Compatible.
and Optimized
mode.

SMB clients + FTP SMB (CIFS) FTP Active Directory NTFS Yes (Case FTP. Web NFS.
(Microsoft Compatible sensitivity Access. Mobile LDAP
Windows clients, or POSIX required to Access. Global
macOS clients) add FTP) File Lock:
Advanced and
Optimized
mode. Switch
from NTFS
Compatible to
NTFS
Exclusive.
NFS clients (UNIX NFS None Active Directory POSIX Yes (cannot FTP. CIFS (SMB)
or Linux clients) be changed) Global File volumes.
Lock: Web Access.
Optimized Mobile Access.
mode.
NFS + SMB NFS SMB (CIFS) Active Directory POSIX Yes (cannot FTP. LDAP.
Clients: IDs (translated to be changed) Web Access.
mapped between NTFS) Mobile Access.
SMB/NFS using
Global File
AD Unix
Lock:
Extensions
Optimized
(Microsoft
mode
Windows clients,
macOS clients,
UNIX or Linux
clients)

NFS + SMB Basic SMB (CIFS) NFS Active Directory NTFS Yes (Case FTP. NFS-only
InterOp: no ID Compatible sensitivity Web Access. volumes.
mapping + POSIX required to Mobile Access. LDAP
(Microsoft add NFS authentication.
Global File
Windows clients, and FTP
Lock:
macOS clients, protocols)
Optimized
UNIX or Linux
mode.
clients)
Can switch
from NTFS
Compatible to
NTFS
Exclusive.

Appendix 23: Data Metrics
The following data metrics are presented and discussed.
Metric name Scope of Actual Current Uncompressed Deduplicated Includes Includes Includes Includes
data data data or or compressed or not previous unprotected protected metadata
or not all data versions / data in data in
snapshots cache cloud
Accessible Account data Actual Current Uncompressed Not No Yes Yes No
Data deduplicated
Cloud Usage Account data Actual All Compressed Deduplicated Yes No Yes Yes
Content Size Volumes, Actual Current Uncompressed Not No No Yes Yes
directories, deduplicated
and files in
File System
Browser
“Now” or Account data Actual Current Uncompressed Not No No Yes Yes
Data Growth deduplicated
Licensed Account data Licensed Current Uncompressed Not No No Yes Yes

Data = limit to deduplicated
data
“Licensed
Capacity” =
“Storage
Volume
Limit”

Appendix 24: Permissions
Nasuni Edge Appliance and NMC Permissions

This Appendix shows the displayed permissions and the operational permissions that they include. To
set permissions, see “Adding Permission Groups” on page 480 and “Editing Permission Groups” on
page 484.
For the Nasuni Management Console, the available displayed permissions include the following
operational permissions:
NMC Displayed Permission Operational Permissions Included
Manage all aspects of NMC (super user) Manage all pending messages for Nasuni Edge
Appliance
Manage refresh for Nasuni Edge Appliance
Manage NMC account status
Manage NMC description
Manage NMC diagnostic settings
Manage NMC email settings
Manage NMC encryption keys
Manage NMC network settings
Manage NMC notifications
Manage NMC license refresh
Manage NMC remote support
Manage NMC session
Manage NMC shutdown
Manage NMC SMB settings
Manage NMC SNMP settings
Manage NMC software updates
Manage NMC SSL settings
Manage NMC time settings
Manage updating NMC
Manage NMC users and groups
Manage NMC notifications only
Manage Automatic Updates Manage updating NMC

NMC Displayed Permission (Continued) Operational Permissions Included (Continued)
Manage Network Settings Manage NMC network settings

Manage NMC SNMP settings
Manage NMC time settings
Manage Notifications Manage NMC email settings

Manage NMC notifications only
Manage Security Settings Manage NMC encryption keys

Manage NMC session
Manage NMC SMB settings
Manage NMC SSL settings
Shutdown or Reboot NMC Manage NMC shutdown

For the Nasuni Edge Appliance, the available displayed permissions include the following operational
permissions:
Nasuni Edge Appliance Displayed Permission Operational Permissions Included
Manage all aspects of the Filer (super user) Manage all pending messages for Nasuni Edge
Appliance
Manage API access keys
Manage branding
Manage cache jobs
Manage cache settings
Manage CIFS (SMB) client page
Manage CIFS (SMB) client settings
Manage connection status settings
Manage credential settings
Manage description
Manage diagnostic settings
Manage encryption keys
Manage File System Browser
Manage FTP client page
Manage FTP settings
Manage global locking settings
Manage hardware settings
Manage Mobile Access
Manage network settings
Manage NFS settings
Manage notifications
Manage Quality of Service settings
Manage quotas
Manage refresh license settings
Manage remote support settings
Manage shared links
Manage shutdown settings
Manage Side Load settings
Manage SNMP settings
Manage SSL settings
Manage taking volume snapshot
Manage time configuration
Manage update settings
Manage Anti-Malware Services
Manage volume audit settings
Manage volume Auto Cache settings

Nasuni Edge Appliance Displayed Permission Operational Permissions Included (Continued)
Manage all aspects of the Filer (super user) Manage volume cloud I/O settings
(continued) Manage volume creation settings
Manage volume deletion settings
Manage volume download settings
Manage volume encryption keys
Manage volume exports
Manage volume file alerts
Manage volume FTP directories
Manage volume global lock settings
Manage volume name
Manage volume pinning
Manage volume protocols
Manage volume quotas
Manage volume remote access settings
Manage volume restore settings (to item’s
current location)
Manage volume shares
Manage volume snapshot access
Manage volume snapshot retention
Manage volume snapshot schedule
Manage volume sync schedule
View heuristic page
Add and Delete Volumes Manage volume creation settings

Disconnect Users from Access Points Manage connection status settings
Manage Anti-Malware Services Manage Anti-Malware Services
Manage File Alerts Service Manage volume file alerts
Manage Folder Quotas Manage quotas


Manage Multi Site Settings/Connections Manage SSL settings

Manage volume name
Manage Network Settings Manage network settings

Manage Quality of Service settings
Manage SNMP settings
Manage Notifications Manage NMC notifications

Manage notifications
Manage Security/Encryption Keys Manage encryption keys

Manage Mobile Access
Manage SSL settings
Manage Shares, Exports, and FTP Manage CIFS (SMB) client page
Manage connection status settings
Manage FTP settings
Manage NFS settings
Manage Volume Auditing Settings Manage volume audit settings

Manage Volume Security Settings Manage encryption keys

Manage Volume Settings (Can't add/ Manage File System Browser

delete) Manage quotas
Manage volume cloud I/O settings
Manage volume name
Manage/Apply Nasuni Edge Appliance Manage update settings

Updates
Modify Snapshot Retention Manage volume snapshot access


Manage all aspects of Volumes Manage File System Browser

Manage quotas
Manage volume cloud I/O settings
Manage volume creation settings
Manage volume download settings
Manage volume name
Perform File Restores/Access Versions Manage volume Auto Cache settings

Manage volume restore settings (to item’s
current location)
Perform Restores to Any Location Manage volume Auto Cache settings

Manage volume restore settings (to any
location)
Shutdown or Reboot the Nasuni Edge Manage shutdown settings

Appliance

Glossary
Appendix 25: Glossary
The following terms are useful in understanding the Nasuni Edge Appliance (Nasuni Filer).
A
Accessible Data
Accessible Data includes current data already protected in the cloud, as well as current data in the
cache that is not yet protected. For this reason, the volume data in the cache that is not yet protected is
generally less than the total accessible data, unless this volume has not completed any snapshots.
Accessible Data is current data only. Accessible Data does not include previous versions or snapshots.
Accessible Data does not include metadata. Accessible Data does not reflect the effects of
compression or deduplication.
Access Control List (ACL)

An access control list (ACL) is a list of permissions attached to an object. An ACL specifies which users
or system processes are granted access to objects, as well as what operations are allowed on given
objects.
ACL (Access Control List)

See “Access Control List (ACL)” on page 545.
Active Directory (AD)

Microsoft Active Directory (AD) is a directory service for Windows domain networks. It is part of most
Windows Server operating systems. Microsoft Active Directory enables administrators to assign
policies, deploy software, and apply critical updates to an organization. Active Directory stores its
information and settings in a central database.
AD (Active Directory)
See “Active Directory (AD)” on page 545.
Advanced Encryption Standard (AES)

The Advanced Encryption Standard (AES) is a specification for the encryption of electronic data. It has
been adopted by the U.S. government and is used worldwide. AES is approved by the National
Security Agency (NSA) for top secret information.

Glossary
Advanced Message Queuing Protocol (AMQP)

The Advanced Message Queuing Protocol (AMQP) is an open standard for passing business messages
between applications or organizations. It connects systems, feeds business processes with the
information they need, and reliably transmits onward the instructions that achieve their goals.
AES (Advanced Encryption Standard)

See “Advanced Encryption Standard (AES)” on page 545.
AMQP (Advanced Message Queuing Protocol)

See “Advanced Message Queuing Protocol (AMQP)” on page 546.
Analytics Connector
The Nasuni Analytics Connector enables you to export a temporary second copy of your file data, in
native object format, in a separate cloud storage account. You can then use this data with analytics
software, AI, machine learning, and other data recognition tools.
Antivirus (AV)
Antivirus Protection provides protection against viruses and other malware in files on a volume.
Antivirus Protection scans every new or modified file for the presence of viruses and other malware. If a
scanned file is found to be infected, the authorized administrator has the option to ignore the infection.
Only files with no detected malware, or infected files that the authorized administrator deliberately
ignores, are allowed into cloud storage. Nasuni Edge Appliance Antivirus Protection uses the Clam
AntiVirus (ClamAV®) open-source antivirus engine.
Authorization Code
A 6-character code used in conjunction with a Serial Number to validate an installation. Authorization
Codes are good for one use; one successful use causes an authorization code to be changed
automatically. Generating a new authorization code for a serial number does not cause a Nasuni Edge
Appliance or NMC that uses that serial number to stop working. The authorization code is only used
once during initial setup of a new or recovered Nasuni Edge Appliance or NMC. Because an
Authorization Code is only used once, an administrator can safely issue it to a user in order to install a
single Nasuni Edge Appliance or NMC without revealing Nasuni account credentials. To obtain an
Authorization code for a Serial Number, visit https://account.nasuni.com/account/serial_numbers/, or
the Account Status page of the Nasuni Management Console.
Auto Cache or autocache or autofault

A feature that brings new data into the local cache from other Nasuni Edge Appliances that are
attached to a volume. Otherwise, new data is brought into the local cache from other Nasuni Edge
Appliances when that data is accessed next.
AV (Antivirus)
See “Antivirus (AV)” on page 546.

Glossary
B
bucket
A bucket is a logical unit of storage in object storage services, such as Amazon Simple Storage
Solution (Amazon S3), and Dell EMC Elastic Cloud Storage (ECS). Buckets can be thought of as
containers that are used to store objects, which consist of data and metadata.
BYOC storage
There are three ways that customers can obtain the storage used with Nasuni:
• Integrated storage: Customers obtain their storage from Nasuni. (This option is no longer
available.)
• Public cloud storage (aka BYOC storage): Customers do not obtain their storage from Nasuni,
but do obtain it from a public cloud storage provider, such as Microsoft Azure or Amazon S3.
• Private cloud storage: Customers do not obtain their storage from Nasuni or from public cloud
storage providers, but arrange their own private cloud storage, such as Dell EMC ECS or IBM
COS.
C
cache
A cache is a computer component that stores data locally so that future requests for that data can be
served faster. While all data and metadata are stored in cloud storage, data that requires regular access
is kept locally. This includes files that are re-written and data that is read often. If the requested data
does not reside locally, it is staged into the cache and provided for the request.
cache miss
If requested data does not reside in the local cache, and must be staged into the cache for the request,
this is called a “cache miss”.
Challenge-Handshake Authentication Protocol (CHAP)

A protocol that authenticates a user or network host to an authenticating entity.
CHAP (Challenge-Handshake Authentication Protocol)

See “Challenge-Handshake Authentication Protocol (CHAP)” on page 547.
chunks
Before sending data to the cloud, Nasuni breaks files into optimally-sized pieces for transport between
the on-premises cache and cloud storage. This not only disguises the actual sizes of files, but also
improves performance. These chunks are then deduplicated, compressed, and encrypted.

Glossary
CIFS (Common Internet File Service)

A standard protocol that allows Windows users to share files across a network. CIFS is one version of
SMB. See “Server Message Block (SMB)” on page 556.
ClamAV (Clam antivirus)

See “Antivirus (AV)” on page 546.
cloud storage
Where all your file data is stored. Nasuni supports almost all on-premises (private) cloud storage
solutions, including Dell EMC ECS, Hitachi Content Platform (HCP), and IBM Cloud Object Storage
(COS), as well as leading public cloud (aka BYOC) storage solutions, including Microsoft Azure
Storage, Amazon Simple Storage Service (Amazon S3), and Google Cloud Storage.
Cloud Usage data

Cloud Usage data includes the size in the cloud of all data and metadata protected in the cloud, for all
versions, after encryption, compression, and deduplication. Cloud Usage data does not include
unprotected data in the cache.
Content Size
Content Size includes data already protected in the cloud, but does not include data in the cache that is
not yet protected. Content Size data is current data only. Content Size data does include metadata.
Content Size does not reflect the effects of compression or deduplication.
copy-on-write (COW) disk

The copy-on-write (COW) disk is used during the snapshot process. If any writes to the Nasuni Edge
Appliance occur during a snapshot, the previous data from the cache disk is copied to the COW disk,
and the new data is written to the cache disk. Hence, the term “copy-on-write”. This allows new writes
to take place at any time, even during the snapshot process.
D
DAS (Direct Attached Storage)
See “Direct Attached Storage (DAS)” on page 548.
data
Data is transmittable and storable computer information. Nasuni handles data in the form of files,
including text, images, audio, and video.
Direct Attached Storage (DAS)

Direct-attached storage (DAS) is computer storage that is directly attached to one computer or server
and is not, without special support, directly accessible to other ones. The main alternatives to direct-
attached storage are network-attached storage (NAS) and a storage area network (SAN).

Glossary
directory quota
A limit on the amount of data in a directory. You can configure that quota reports are sent to
administrators or users when directories near or exceed their quota.
Directory Services
Services, including authentication, provided by Active Directory or LDAP.
durable handle
A durable handle is an open file handle that is preserved during a short network outage, which allows a
client to reconnect when connectivity is restored.
Dynamic Host Configuration Protocol (DHCP)

Dynamic Host Configuration Protocol (DHCP) is a network configuration protocol that provides a
network IP address for a host on an IP network automatically.
E
encryption
The Nasuni Edge Appliance encrypts data sent to cloud storage using the OpenPGP standard, with
AES-256 as the default encryption.
eviction
Data that has been copied from the Nasuni Edge Appliance to cloud storage, and that is rarely used
again, is eventually removed (“evicted”) from the Nasuni Edge Appliance’s cache to free up space for
new data. If one of these evicted files is later requested for reads or writes, the Nasuni Edge Appliance
retrieves the file from cloud storage and puts it back into the cache automatically.
export
A directory on a server volume that a client on your network can access.
F
faulting
If requested data does not reside in the local cache, it is staged into the cache and provided for the
request. This is informally called “faulting”.
file system
A method for storing and organizing computer files and the data that they contain in order to make it
easy to find and access them.

Glossary
file transfer protocol (FTP)

File Transfer Protocol (FTP) is a standard network protocol used to transfer files from one host to
another host over a TCP-based network, such as the Internet.
firewall
You can configure inbound traffic to the Nasuni Edge Appliance user interface and the Nasuni Support
SSH port, which provides firewall protection.
FTP (file transfer protocol)

See “file transfer protocol (FTP)” on page 550.
G
GB/GiB
GB is an abbreviation of gigabyte, meaning 1,000,000,000 bytes. Usually used to refer to hard disk
capacity.
GiB is an abbreviation of gibibyte, meaning 230 (1,073,741,824) bytes. Usually used to refer to RAM
memory.
GFA (Global File Acceleration)

See “Global File Acceleration (GFA)” on page 550.
Global File Acceleration (GFA)

Combined with Nasuni’s Global File System, the Nasuni Global File Acceleration (GFA) service
accelerates file synchronization to improve collaboration and optimize productivity across locations.
global file lock

The purpose of the Nasuni Global File Lock™ feature is to prevent conflicts when two or more users
attempt to change the same file on different Nasuni Edge Appliances. If you enable the Global File Lock
feature for a directory and its descendants, any files in that directory or its descendants can only be
changed by one user at a time. Any other users cannot change the same file at the same time.
You can also manually break the locking of a file. This might become necessary if a user leaves a file
open and another user needs to open that file.
I
instance
The Nasuni Edge Appliance is either a hardware appliance or a virtual machine. An instance refers to a
single virtual machine that provides virtualization of the Nasuni Edge Appliance software.

Glossary
integrated storage
available.)
COS.
K
Kerberos
Kerberos is a computer network authentication protocol that works on the basis of 'tickets' to allow
nodes communicating over a non-secure network to prove their identity to one another in a secure
manner. It provides mutual authentication: both the user and the server verify each other's identity.
Kerberos protocol messages are protected against eavesdropping and replay attacks. Kerberos builds
on symmetric key cryptography and requires a trusted third party, and optionally may use public-key
cryptography during certain phases of authentication. Kerberos uses UDP port 88 by default.
L
LDAP (Lightweight Directory Access Protocol)
See “Lightweight Directory Access Protocol (LDAP)” on page 552.
least recently used (LRU)

When the cache starts getting too full, the Nasuni Edge Appliance releases the least recently used
(LRU) data first, using a sophisticated algorithm. This helps to ensure that the most recently used data,
and the data most likely to be used, remains in the cache.
Licensed Data
Licensed Data is sometimes also called “Licensed Capacity” or “Storage Volume Limit”. Licensed Data
is the amount of data storage that Nasuni is managing for the customer, and that the customer is
paying to store using the Nasuni service. Every customer has a Licensed Data limit. No customer has
unlimited storage. However, every customer has unlimited versions of their data available. Since the
Nasuni service is inherently unlimited, the Licensed Data limit can easily be changed, as business
needs change. Licensed Data should be compared to data metrics such as “Now” data, which is
current data and metadata in the cloud, without the effects of compression or deduplication. The
default Licensed Data for trial accounts is 5 TB.

Glossary
Lightweight Directory Access Protocol (LDAP)

LDAP is an open, vendor-neutral, industry-standard application protocol for accessing and maintaining
distributed directory information services over an Internet Protocol (IP) network. Directory services
allow sharing information about users, systems, networks, services, and applications throughout the
network. A common use of LDAP is to provide a central place to store usernames and passwords. This
allows applications and services to connect to the LDAP server to validate users.
LDAP is used to identify users. After a user is authenticated with Kerberos and has a valid ticket, the
information from the ticket is used to look up additional details on that user from a directory server
using the LDAP protocol.
Linux
Linux is a family of free and open-source software operating systems built around the Linux kernel.
Typically, Linux is packaged in a form known as a Linux distribution (or distro for short) for both
desktop and server use.
LRU (least recently used)

See “least recently used (LRU)” on page 551.
M
management information base (MIB)
A database for managing entities in a network, such as with the Simple Network Management Protocol
(SNMP).
maximum transmission unit (MTU)

The maximum transmission unit (MTU) is the size (in bytes) of the largest protocol data unit that the
layer can pass onwards. A larger MTU brings greater efficiency, because each packet carries more user
data while protocol overheads, such as headers, remain fixed; the resulting higher efficiency means a
slight improvement in the bulk protocol throughput. A larger MTU also means processing fewer packets
for the same amount of data. However, large packets can occupy a slow link for some time, causing
greater delays to following packets, and increasing lag and minimum latency. MTU settings should not
exceed 1500.
MB/MiB
MB is an abbreviation of megabyte, meaning 1,000,000 bytes. Usually used to refer to hard disk
capacity.
MiB is an abbreviation of mebibyte, meaning 220 (1,048,576) bytes. Usually used to refer to RAM
memory.
metadata
Data about data. Metadata describes how and when and by whom a particular set of data was
collected, and how the data is formatted.

Glossary
MIB (management information base)

See “management information base (MIB)” on page 552.
MTU (maximum transmission unit)

See “maximum transmission unit (MTU)” on page 552.
N
NAS (Network Attached Storage)
See “Network Attached Storage (NAS)” on page 554.
Nasuni Edge Appliance (Nasuni Filer)

The Nasuni Edge Appliance is a virtual machine or Nasuni-supplied hardware appliance that replaces
traditional file servers and NAS devices using only a fraction of their storage capacity. The appliances
serve several functions. First, they store all new files created by users and applications in your preferred
cloud storage, encrypting the files to ensure that they are secure in transit and at rest, and compressing
and deduplicating them to minimize cloud storage costs. Second, they cache actively-used files from
cloud storage to provide high-performance file access through SMB (CIFS) and NFS file sharing
protocols, and Active Directory and LDAP authentication protocols. Third, they eliminate the need for
file backup by continuously sending file changes to cloud storage, where they are stored as WORM to
create an infinite version history. Each Nasuni Edge Appliance has unlimited capacity because it only
caches actively used files, and can tap the unlimited capacity of cloud storage to store all files.
Nasuni Edge Appliance (Nasuni Filer) user interface (UI)

The Web-based user interface to the Nasuni Edge Appliance.
Nasuni Management Console (NMC)

The Nasuni Management Console enables you to monitor and manage many Nasuni Edge Appliances
from one central application. Using the Nasuni Management Console, you can view the status of all of
your managed Nasuni Edge Appliances, as well as configure their settings. With the Nasuni
Management Console, you can ensure consistent settings on all your Nasuni Edge Appliances.
presently connected. Any configuration changes made will propagate to the Nasuni Edge Appliance
when it becomes connected.
Nasuni Orchestration Center (NOC)

The Nasuni Orchestration Center (NOC) provides a variety of behind-the-scenes services that make the
Nasuni Service possible. These services include security patches, component updates, system scaling,
performance tuning, response time monitoring and analysis, optimization, staging and deployment of
new software, support of new Nasuni Edge Appliance functionality, single sign on management, cloud
provisioning, cloud monitoring, account management, and customer support.

Glossary
Nasuni's cloud storage

The secure unlimited online storage provided through the Nasuni Edge Appliance.
Network Attached Storage (NAS)

Network-attached storage (NAS) is file-level computer data storage connected to a computer network.
NAS devices are a convenient method of sharing files among multiple computers. NAS systems
typically provide access to files using network file sharing protocols such as NFS, SMB/CIFS, or AFP.
Network File System (NFS)

A protocol and file system for accessing and sharing files across a computer network using UNIX and
Linux.
NFS (Network File System)

See “Network File System (NFS)” on page 554.
NMC (Nasuni Management Console)

See “Nasuni Management Console (NMC)” on page 553.
NOC (Nasuni Orchestration Center)

See “NOC (Nasuni Orchestration Center)” on page 554.
“Now” data
“Now” data is displayed on the Data Growth chart. “Now” data is current data and metadata in the
cloud, without the effects of compression or deduplication. “Now” data does not include unprotected
data in the cache.
O
object store
An object store, or object storage, is a data storage architecture that manages data as objects. File
systems manage data as a file hierarchy, and block storage manages data as blocks within sectors and
tracks. Each object typically includes the data itself, metadata about the data, and a globally unique
identifier.
offsite data protection

Storing copies of critical data away from the original data centers to protect this information from
natural disasters and accidental or malicious modification.
on-demand provisioning
The Nasuni Edge Appliance simplifies provisioning by offering instant provisioning in increments as
small as 1 TB.

Glossary
P
pinning
Pinning a folder specifies that the folder and its contents must remain in the local cache at all times.
This can improve performance and reduce the time necessary to return accessed data to clients. This
reduces the available cache by the size of the folder. Pinning a folder does not bring the folder’s data
into the cache.
private cloud storage

available.)
COS.
proxy
A server that acts as an intermediary for requests from clients seeking resources from other servers.
pruning
Pruning is the process of removing unneeded data. For example, you can specify removing log files
older than a certain number of days. Similarly, you can specify snapshot retention for a set number of
snapshots or for a set amount of time: the unwanted snapshots are removed.
public cloud (aka BYOC) storage

available.)
COS.
Q
QoS (Quality of Service)
See “Quality of Service (QoS)” on page 556.

Glossary
Quality of Service (QoS)

Quality of Service (QoS) settings indicate the inbound and outbound bandwidth limits of the Nasuni
Edge Appliance for data moving to or from the Nasuni Edge Appliance, such as transmitting snapshots
to cloud storage.
quota
A limit on the amount of usable storage space on a volume.
R
securely access your Nasuni Edge Appliance. This can help Nasuni Technical Support to diagnose and
resolve any issues with your Nasuni Edge Appliance quickly and proactively. No changes to your
corporate firewalls are necessary. This service is disabled by default and is strictly opt-in.
S
SAN (Storage Area Network)
See “Storage Area Network (SAN)” on page 557.
Serial Number
A unique 32-digit hexadecimal number associated with your account for use with Nasuni Edge
Appliance and Nasuni Management Console (NMC) installations. Each account has multiple Serial
Numbers. Unused Serial Numbers may be used to set up a new Nasuni Edge Appliance or an NMC.
Serial Numbers already in use may be used to recover existing Nasuni Edge Appliances or your existing
NMC. Serial Numbers are used in conjunction with Authorization Codes. To obtain a Serial Number,
visit https://account.nasuni.com/account/serial_numbers/.
Server Message Block (SMB)

A network protocol used for providing shared access to files. It also provides an authenticated inter-
process communication mechanism. Most usage of SMB involves computers running Microsoft
Windows. One version of SMB was also known as Common Internet File System (CIFS).
share
A folder on a volume that can be shared on your network. Access to a share can be customized on a
user or group-level basis.
Side Load
As part of the recovery process, the Side Load feature enables you to transfer cache data directly from
the original source decommissioned Nasuni Edge Appliance to the new destination Nasuni Edge
Appliance. This saves the time and bandwidth necessary to manually re-populate the new cache with
data.

Glossary
Simple Network Management Protocol) (SNMP)

An Internet-standard protocol for managing devices on IP networks.
SMB (Server Message Block)

See “Server Message Block (SMB)” on page 556.
snapshot
An instantaneous, non-changing, read-only image of a volume. Snapshots let you view any past version
of your file system, and restore all or part of the version quickly.
With snapshots, the Nasuni Edge Appliance can identify new or changed data. Snapshots offer data
SNMP (Simple Network Management Protocol)

See “Simple Network Management Protocol) (SNMP)” on page 557.
Storage Area Network (SAN)

An architecture to attach remote computer storage devices (such as disk arrays, tape libraries, and
optical jukeboxes) to servers in such a way that the devices appear as locally attached to the operating
system.
sync
You can schedule when, and with what frequency, the selected volume updates data (“syncs”) from
Nasuni, merging your local data with any new or changed data from other Nasuni Edge Appliances
connected to this volume. This helps to ensure that everyone in your organization is using the most
current data.
U
UI (Nasuni Edge Appliance (Nasuni Filer) user interface)
See “Nasuni Edge Appliance (Nasuni Filer) user interface (UI)” on page 553.
UniFS
UniFS® is Nasuni’s cloud-native global file system, storing all files, file versions, and metadata in your
preferred private or public cloud (aka BYOC) object store. UniFS is the first file system designed to have
its inode structure reside in the cloud. UniFS enables the Nasuni platform to inherit the virtually
unlimited capacity, durability, and georedundancy of the cloud object stores.

Glossary
Unix
Unix is a family of multitasking, multiuser computer operating systems that derive from the original
AT&T Unix.
update
To transition from an older version of Nasuni software to a newer version.
V
versioning
The Nasuni Edge Appliance provides the versioning necessary to eliminate the need for separate
backup and restore procedures.
virtual machine (VM)

A virtual machine is a tightly isolated software container that can run its own operating systems and
applications as if it were a physical computer. A virtual machine behaves exactly like a physical
computer and contains its own virtual (software-based) CPU, RAM, hard disk, and network interface
card (NIC).
virtualization
Virtualization lets you run multiple virtual machines on a single physical machine, sharing the resources
of that single computer across multiple environments. Different virtual machines can run different
operating systems and multiple applications on the same physical computer.
VM (virtual machine)
See “virtual machine (VM)” on page 558.
volume
A set of files and directories. A volume can consist of multiple shares. Nasuni stores all volumes in your
choice of one or more cloud storage solutions.

Index
Index
Symbols accessible data 68, 69, 78, 81, 85, 370, 545
definition 545
.snapshot directory 218 volume 81
account
name 396
0-9 account alerts 483
123 (port) acknowledging
Network Time Protocol (NTP) 341, 422 alert 499
161 (port) pending updates 376
SNMP monitoring 331, 417 ACLs 87, 106, 201, 203
162 (port) ACLs (access control lists) 87, 106, 201, 203
SNMP monitoring 331, 417 acronyms
25 (port) list of 545
SMTP port 416 action status 64
443 (port) 348 Active Directory 20, 47, 110, 164, 214, 278, 382, 423,
514 (port) 424, 488, 489, 503, 534, 535, 536
syslog port 336, 419 Directory Services 549
5671 (port) 250, 257 domain
editing 443, 444
Health Monitor 530
limits 381, 428
A security 381, 423
access configuring 424
group 157, 158, 159, 170, 171, 172, 173, 180, 181, security mode 423
182 server 381, 423
Read-Only 172, 173, 181, 182 domain name 428
read-only 144, 147, 149, 156, 169, 215, 216 time server 341
read-write 172, 173, 181, 182, 215, 216 trusted domains 424, 429, 444
snapshot 174, 217 Active Directory domain
snapshot directory 217 disconnecting 445
user 144, 146, 148, 149, 158, 159, 172, 181, 182 joining 427
access control lists (ACLs) 87, 106, 201, 203 leaving 445
Access Key ID 401, 402, 403, 404 workgroup name 438
access keys
API 456
Accessible Data 537

Index
adding Analytics Connector 21, 113, 115

data enabling 115
to volume 28, 29 analytics software 21
Domain User 477 Android 271, 276, 345, 346, 347, 350
encryption key 306, 449 limiting mobile access to 347
to volume 192 anonymous bind 433
permission group 480, 484 anonymous connections
Quality of Service rule 319 CIFS 292
quota report schedule 327 Restrict Anonymous 292
user anonymous FTP access 156, 159
permission 475, 476 Anti-Malware Services 239, 246
Admin notification 496, 497 antivirus
administrative reports 326, 328, 330 alerts 483
administrative user Clam AntiVirus 33, 237, 242
NMC 51, 53, 54, 60 log file 238
password 54 service 237
username 54 violations 238
Advanced Antivirus Protection 244, 315
Global File Lock 131 Antivirus Service
Advanced Message Queuing Protocol 250, 251 editing 239
AES-256 302, 446 viewing 239
Age of Oldest Unprotected Data chart (OUD) 264, 265 antivirus violations
AI 21 deleting 243
alert ignoring 243
acknowledging 499 number of 66, 76
CPU usage 392, 393 reviewing 243
definition 496, 498 viewing 242
duration 393 API
email 483 access keys 456
examples of 496, 498 NMC 22, 76, 80, 81, 84, 100, 115, 116, 124, 126,
memory usage 392, 393 130, 133, 138, 141, 152, 163, 164, 166, 185,
message panel 61, 63, 497 186, 187, 191, 195, 197, 207, 209, 215, 242,
notification 61, 63, 496, 498 273, 297, 362, 365, 367, 399, 497
snapshot 392, 393 API keys 282
threshold 393 Apple Open Directory 432
types of 483 Apple OpenDirectory 382
alerts 24 Apple Safari 24
algorithm appliance alerts 483
encryption key 304, 448 Archive (Storage Class) 88, 102
Alibaba Cloud Object Storage Service (OSS) 19 Asynchronous
all_squash and NFS 102
UNIX 144, 147, 148, 149 Global File Lock 131
Allocation Roundup Size 290, 291 Asynchronous I/O 176
Allowed Devices 347 asynchronous replies 144, 147, 148, 150
allowed devices 346 audit logs 253
allowed GUI hosts 375 auditing 90, 250
allowed SSH hosts 375 file system 250
Amazon EC2 20 log file 252, 255
Amazon S3 19, 398, 401, 402 pruning 253
Amazon Simple Storage Service 19, 398 Varonis 250, 251, 252, 282, 360
ambient temperature 279, 380 volume 250
AMQP 250, 251, 257, 282, 360 AUTH_SYS 144
Authenticated Access 105, 110, 164, 176, 214, 382

Index
authenticating user 170 Bring into Cache 123, 361

authentication bucket
LDAP 423 with Analytics Connector 113, 115
authentication, volume 534 bundle
authorization code 50, 408, 506 configuration 30, 81, 99, 224, 386
authorization token 404 byte-range locking
Auto Cache with Global File Lock 127, 130
and Global File Lock 125, 127
cache jobs 361
disabling 187 C
enabling 125
enabling for volumes 125 cache 24
folder 115, 117, 125, 186 bringing data into 123
limits 125 cache jobs 361
editing settings 289
Auto Cache folder
files
viewing 186
viewing 139
Auto Refresh 498
folder pinned 81, 89, 124, 197
automatic software updates
percentage used 279
Nasuni Edge Appliance 284, 388
size 379
Nasuni Management Console 412
space
editing 413
reserved 34, 287
viewing 412
viewing 139
scheduling 412
viewing contents 139
automatic updates 277
viewing settings 287
Azure 19, 386, 387, 398
cache jobs 361
software for 37
viewing 361
Cache Resident 115, 117, 118
cache settings 278
B canceling
backup 24 snapshot 99
before restoring 137 capacity 68
backup alert 31, 82, 99, 224, 386 exceeded
backup configuration 31, 82, 99, 224, 386 warning 68, 397
backup key 507, 508 Capacity Alerts 483
backup keys 302, 310 capacity alerts 483
Bahrain 402 capacity exceeded
bandwidth 24 warning 89, 483
base operating system Cape Town 402
version 279 carrier 374
battery signal 374
RAID case insensitive 533
status 380 case sensitive 533
BIOS case sensitivity
firmware 379 configuring 533
blob 115 Windows 533
blocked files 170 case sensitivity, volume 534
BMC casefolded file names 107
firmware 379 case-insensitive 107, 174
BMC version 379 volumes
branding file name length 107
Web Access 183, 343 case-sensitive 107
breaking Case-Sensitive Paths 174, 533
file lock 129, 132 case-sensitivity 174

Index
Caution, meaning of 16 CIFS share

certificate creating 167
file 462 deleting 185
name 459, 461, 464 CIFS shares 76
self-signed 33, 394, 458, 461 number of 67
SSL 42, 394 CIFS summary 278
enabling 468 CIFS/SMB protocol 87, 106, 200, 203
generating 461 Clam AntiVirus 33, 237, 242
replacing 466 ClamAV 33, 237, 242
uploading 463 client
Certificate Authority 462 disconnecting 363, 364
certificate request 460, 462 resetting 363, 364
file 462 clients
name 462 CIFS 269
changing Mobile Access 269
password status 362
disk encryption 300 cloud credentials 399, 400, 401, 405, 407
quota copying 405
volume 31, 206 deleting 407
volume Cloud I/O 188
quota 31, 206 cloud provider 399
chart volume 88, 102
Cloud Traffic 71, 271, 276 cloud service provider 402
Mobile Access usage 271, 272, 276 Cloud Traffic chart 71, 271, 276
Chrome 24 Cloud Usage 69, 78, 85, 370, 537
chunks 91, 188 data 69, 78, 85, 370, 397, 548
compression 91, 188 Cloudian HyperStore 19
deduplication 91, 188 code, source 57
encryption 188 Coldline (Storage Class) 88, 103
size 188 compliance
CIFS 20, 102, 423, 534, 535, 536 and snapshot retention 223
anonymous connections 292 compression
Restrict Anonymous 292 chunks 188
file concurrent connections
lock 365 hard limit 67, 142, 154, 166, 177, 269, 273, 345, 378
macOS 102 limits 67, 142, 154, 166, 177, 269, 273, 345, 378
protocol 81, 110, 214, 217, 239, 247, 251 soft limit 67, 142, 154, 166, 177, 269, 273, 345, 378
share 81 configuration bundle 30, 81, 99, 224, 386
snapshot access 174 configuration information 30, 81, 99, 224, 386
volume 101 configuring
CIFS client 362 case sensitivity 533
viewing 362 conflict alerts 483
CIFS clients 269 connected initiators 269
disconnecting after changing share 183, 184, 363, connecting
364 to remote volume 109
status 362 connecting to remote volume 110
CIFS file lock 365 console 486, 515
CIFS file locks 365 message 60
status 365 resetting certificate 394
CIFS settings console commands 515, 516, 517, 519, 520, 522
editing 291 console settings 410
viewing 290 container
with Analytics Connector 115

Index
Content Size 114, 117, 537, 548 data growth 68, 370
copying Data Growth chart 77
SSL certificate information 460 Data Not Yet Protected chart 77
cores per CPU 379 Data Propagation Time chart (DPT) 263, 265
COS 19 data propagation visualization (DPV) 263, 265
count data recognition 21
CPU 379 days
CPU Quality of Service 318
cores per 379 quota report schedule 325
count 379 snapshot schedule 225, 239, 247, 284, 410, 412
frequency 379 decommissioned 356, 357
Health Monitor 529 deduplication
health of 281 chunks 188
model 379 default gateway 279, 373, 517, 519, 522
processors per 379 delete
sockets 379 safe delete 95
CPU activity 277 deleting
CPU Usage CIFS share 185
threshold 392 directory 170
CPU usage encryption key 309, 453
alert 392, 393 export 151
CPUs folder 170
NMC 36 folder quota 209
number of 279 folder quota rules 212
creating FTP directory 162
CIFS share 166, 167 local volume 82, 93
export Mobile Access license 351
automatically 104, 111 notification 500
FTP directory 155 notifications 500
NFS export 141, 142 permission
password 51, 56, 512 group 485
share 163 Quality of Service
automatically 104, 111 rule 322
username 51, 56, 512 Quality of Service rule 322
CSV 251 share 185
current time shared link 384
console 422 snapshot 30, 220
Nasuni Edge Appliances 340 SSL certificate 470
refreshing 341 user
custom DNS 47 permission 479
custom permission volume 92, 93
remote access 215 Dell EMC Elastic Cloud Storage (ECS) 19, 398, 403,
customer license 19, 102 404
customer-provided clouds 188 Deny 172, 173, 181, 182
description
editing 297
D Nasuni Edge Appliance 277, 296, 297
Nasuni Management Console
dashboard 268, 410
editing 414
data
details
adding
Nasuni Edge Appliance 268
to volume 28, 29
volume 75, 80, 84
exporting 21
Device ID 350
Data Growth 537

Index
devices 374 disk space

DFS 20 NMC 36
DHCP 47, 374, 488, 502, 503 Distributed File System (DFS) 20
network type 47, 502 DNS 47
with Custom DNS 47 DNS issues 31, 82, 99, 224, 386
DHCP with Custom DNS 47 DNS server 373, 517, 519, 522
diagnostics 355, 495 DNS servers 46, 279, 340, 373, 422, 487
sending to Nasuni Support 355, 495 domain
dialect negotiation, secure 163 Active Directory
directory disconnecting 445
FTP 25, 26, 27, 30, 31, 67, 152, 153, 154, 155, 156, editing 443, 444
157, 159, 160, 161, 162 leaving 445
viewing 152 joining 427
SFTP 25, 26, 27, 30, 31, 67, 152, 153, 154, 155, 156, LDAP 440
157, 159, 160, 161, 162 domain controller
directory quota read-only (RODC) 436
setting 133 read-write (RWDC) 436
Directory Services 133, 168, 174, 208, 211, 438, 549 domain controllers
Active Directory 133, 168, 174, 208, 211, 549 Network Time Protocol services 429
LDAP 133, 168, 174, 208, 211, 549 domain groups 473
Provider 382 domain name 428, 461
directory services Active Directory 428
health of 281 LDAP Directory Services 432
disabling Domain User
Auto Cache 187 adding 477
encryption key 194 domain users 472, 474
Mobile Access 351 domains
pinning 198 updating 431, 438, 443, 444
Remote Support Service 354, 494 download
disaster recovery 103, 296 files 113
encryption key 305, 307, 308, 449, 452 folders 113
file 510 downloading
procedure 501 encryption key 451
disconnecting file 135
client 363, 364 Nasuni Management Console software 37
from remote volume 110 notifications 140, 498, 500
from volume 98 software
FTP clients 368 Nasuni.com account 501
remote volume 98 SSL certificate 469
volume 82, 98 DPT (Data Propagation Time) chart 263, 265
disconnecting Active Directory domain 445 DPV (data propagation visualization) 263, 265
disk dsNet Accesser 403
health of 281 duplex 374
status 279, 380 durable handles 87, 106, 130, 164, 166, 200, 202, 290,
disk cache 279 313
disk encryption 298 duration
enabling 299 alert condition 393
password
changing 300
viewing 298 E
disk errors
Edge Appliance
Health Monitor 531
serial number of
viewing 138

Index
Edge Appliance version 279 enabling

Edge Detection 244 disk encryption 299
editing encryption key 193
Antivirus Service 239 Mobile Access 351
automatic software updates mobile access 175
Nasuni Management Console 413 multiple protocols 201
cache settings 289 Remote Support Service 354, 494
CIFS settings 291 snapshot directory access 217
export 146, 147 SSL certificate 468
File Alert Service 261 Web access 175
folder quota 208 encryption
folder quota rules 211 disk encryption 298
FTP directory 161 encryption key 190, 192, 278, 302, 304, 410, 446, 447
FTP settings 294 adding 302, 305, 306, 446, 449
Mobile Access service 347 adding to volume 192
Nasuni Edge Appliance description 297 algorithm 304, 448
Nasuni Management Console description 414 creating volume 103
permission group 484 deleting 309, 453
Quality of Service disabling 194
rule 321 downloading 451
Quality of Service rule 321 enabling 193
quota 207 escrowing 308, 452
quota report schedule 329 file 306, 449
Ransomware Detection 247 disaster recovery 510
remote access 215 fingerprint 192, 193, 304, 448
share 184 generating 302, 305, 446, 449
snapshot retention 222 importing 302, 305, 306, 446, 449
snapshot schedules 226 key ID 193, 304, 448
SNMP settings 417 length 304, 448
time settings 341 name 304, 448
user recovery 507, 508
password 476 sending 307
permission 476 status 88
editnetwork 516, 517, 519, 520, 522, 523, 524 uploading 302, 305, 306, 446, 449
email volume 88
address 416 encryption keys
alert 483 OpenPGP-compatible 26, 28, 31, 100, 190, 302,
configuring 415 446
disabling 415 uploading 26, 100, 190, 302, 305, 446, 449, 510
enabling 415 encryption, SMB 163
Nasuni 2 EngineID 331, 417
server 416 error
setting 27, 415 definition 496, 498
testing 416 escrow passphrase 191, 303, 305, 308, 311, 447, 454,
email alerts 410 508
email server 416 before creating volume 100, 103
email subscriptions 483 escrowing
empty directory 170 encryption key 308, 452
with Nasuni 191, 302, 303, 308, 447, 452
Estimated Cloud Usage 397
ESXi, VMware 38
exhaust temperature 279, 380

Index
expiration file
date 67, 396 certificate 462
shared link 177, 179 certificate request 462
subscription 396 deleting 220
expires downloading 113
shared link 384 encryption key 306, 449
Explorer 24 file
export 24 disaster recovery 510
creating 142 File Sizes chart 371
automatically 104, 111 File Sizes in Snapshots chart 73
deleting 151 File Types chart 371
editing 146, 147 File Types Written chart 72, 371
mounting 145 Global File Lock 113, 122, 127, 129, 130, 132, 237
name 141, 143 hiding 173
read-only 144, 147, 149 lock
export, NFS breaking 132
using NMC API 104, 141, 142, 146, 151 locking 127
exporting data 21 name
extension case-sensitive 174
file 72 owner 118
external hostname 178 path 117
previous version 173
restoring 113, 122
F searching 118
searching for 113, 118
facility
size
logging 338
number 369
false positive 245, 246
File Alert Service 259
false positives
editing 261
ransomware 244
viewing 261
fast restore
file heuristics 369
Global File Lock 129
file lock
snapshot retention 221
CIFS 365
Fast-Track Push 82
file locking 127, 129, 130, 132, 237
breaking 129, 132
file locks
CIFS 365
status 365
file name
maximum length 119, 121, 135, 137, 143, 155, 167,
168, 175, 306, 344, 435, 442, 449, 462, 464,
465, 466, 467, 510
file name length
case-insensitive volumes 107
file permissions, changing
and Global File Lock 127, 130, 313
File Protocol Access
Health Monitor 530
File Sizes chart 371
file sizes in snapshot 369, 371
File Sizes in Snapshot chart 73
File Sizes in Snapshots chart 73
file statistics 369

Index
file system frequency

auditing 90, 250 Antivirus Service scanning 241, 249
file system browser 113 CPU 379
file type 72 snapshot schedule 224, 225, 227
number 369 FTP 20, 87, 106, 152, 159, 200, 203
file types 72, 371 anonymous access 156, 159
File Types chart 371 ownership
file types in snapshot 369, 371 hiding 159
File Types Written chart 72, 371 settings 293, 294
Filer Administrator 479 uploads
Filers Online 66 resuming 159
files temporary files 159
cache FTP access 152, 159
viewing 139 FTP clients
unprotected 139 disconnecting 368
viewing viewing 367
cache 139 FTP directory 25, 26, 27, 30, 31, 67, 76, 152, 153, 154,
filesystem 155, 156, 157, 159, 160, 161, 162
health of 281 creating 155
filtering deleting 162
auditing 254 editing 161
by criteria 141, 153, 165, 210, 243, 350, 365, 368, name 153
527 status 367
by date 118 viewing 152
notifications 499 FTP protocol 27, 30, 81, 110, 152, 199, 201, 214, 217,
fingerprint 239, 247, 251, 293
encryption key 192, 193, 304, 448 FTP settings 152, 154, 199, 293, 294
Firefox 24 editing 294
firewall 411, 486 viewing 293
firmware FTP summary. 279
BIOS 379 FTP/SFTP 20
BMC 379 FTPS 152, 154, 293, 294, 367
RAID 380 Full Disk Encryption 298
folder
access 143, 146, 149, 169
Auto Cache 115, 117, 125, 186 G
downloading 113
general alerts 483
Global File Lock 115, 117, 118
generating
hiding 173
invitation link for Mobile Access 348
name 186, 198
SSL certificate 461
case-sensitive 174
Generic LDAP domain 432
owner 117
Generic LDAP/Kerberos 382
path 116
GFA 21, 230
pinning 115, 117
GFA Telemetry API 230
pinning in cache 35, 124, 197
gidNumber 432
restoring 113, 122, 136
Global File Acceleration 21, 230
searching 118
searching for 113, 118
forget pages 61
FreeIPA 382, 432

Index
Global File Lock 21, 113, 122, 127, 129, 132, 237, 313 hardware 378
Advanced 131 appliance 274, 279, 281, 378, 379, 380
and Antivirus Service 127, 238, 315 console 394
and Auto Cache 125, 127 power supply
and changing file permissions 127, 130, 313 status 279, 380
and NFS 284, 388 status 378
and snapshot frequency 224, 233 information
Asynchronous 131 viewing 378
breaking 129, 132 status 378
disabling 315 Hardware Alerts 483
enabling 130 hardware errors 270
folder 115, 117, 118 HCP (Hitachi Content Platform) 19, 398, 401, 404
moving directory 313 health
Optimized 131 of Edge Appliance 274, 281
Glossary 545 Health Monitor 280
GnuPG 302, 305, 446, 449 overview 528
Google Chrome 24 remediation 528
Google Cloud Healthy
software for 37 health 274, 281
Google Cloud Storage 19, 88, 102, 103, 398, 402 Help 56, 57
Gpg4win 446, 449 hiding
group file 173
access 157, 158, 159, 170, 171, 172, 173, 180, 181, folder 173
182 hiding FTP ownership 159
permission 472, 475, 476, 478, 480, 481, 484, 485 hiding ownership 159
adding 480 FTP 159
deleting 485 Hitachi Content Platform (HCP) 19, 398, 401, 404
editing 484 Home page 65
viewing 472, 480 Hong Kong 402
Group Association 483 hostname 48, 143, 146, 149, 279, 373, 491, 504, 517,
group associations 473, 480, 481 519, 522
Group type, Active Directory 428, 477, 484 external 178
groups 410 HTTP/ REST protocol 20
Groups Granting Access 473 HTTPS Access Points 76
GUID HTTPS proxy 47, 48, 488, 489, 490, 491, 503, 504
of volume 138 server 490
IP address 48, 504
port 48, 491, 504
H Hyper-V 20
Hyper-V format 37
handle 115
Hyper-V, Microsoft 39
with Analytics Connector 113, 115
hard limit
concurrent connections 67, 142, 154, 166, 177, 269,
273, 345, 378 I
hard links 166 IBM Cloud Object Storage 19, 88, 398, 403
hardlinks 128, 314 Identity Management for UNIX 423
idle
timeout 457
iDRAC monitoring 280, 331, 529
iDRAC version 379
Important, meaning of 15
importing
encryption key 306, 449

Index
informational notification key, recovery 311, 312, 454, 455

definition 496, 497 keys
Initial Configuration Guide 40 uploading 26, 100, 190, 302, 305, 446, 449, 510
initiators keytab 424
connected 269 file 439
inlet temperature 279, 380 keytab file 441
installing krb5 144
Nasuni Management Console 36, 46 krb5i 144
Installing on the Azure Platform 17 krb5p 144
Installing on the EC2 Platform 17
internal file system utilization
Health Monitor 531 L
Internet Explorer 24
invitation link for Mobile Access large MTU 164
last snapshot 81
generating 348
LDAP 20, 87, 88, 104, 106, 107, 152, 200, 201, 203,
iOS 271, 276, 345, 346, 347
293, 367, 423
limiting mobile access to 347
best practices 381, 424, 432, 440, 441
IP address 143, 146, 149, 156, 169, 279, 373, 374,
bind DN 433
488, 489, 491, 518, 521
bind password 433
Do Not Proxy 48, 504
configuring 381, 424, 432, 440, 441
HTTPS proxy server 48, 504
Directory Services 549
domain 438, 439, 440
primary DNS server 48, 488, 489, 503
installation 381, 424, 432, 440, 441
secondary DNS server 48, 488, 489, 503
security 424
static 47, 503
security mode 424
VPN 348
server 382, 424, 433, 439, 440
IP address configuration 515
LDAP Directory Services 27, 30, 33, 81, 104, 105, 110,
iPad 271, 276, 345, 347, 350
111, 164, 175, 176, 177, 214, 278, 363, 381, 382,
iPhone 271, 276, 345, 347, 350
423, 472, 473, 474, 477, 480, 482
iPod Touch 350
domain 440
server
domain name 432
J LDAP Directory Services domain
joining joining 427
Active Directory domain 427 leasing, SMB file 163
domain 427 leaving Active Directory domain 445
LDAP Directory Services domain 427 length
jumbo frames 164 encryption key 304, 448
junctions 166 file name 119, 121, 135, 137, 143, 155, 167, 168,
175, 306, 344, 435, 442, 449, 462, 464, 465,
466, 467, 510
K path 119, 121, 135, 137, 143, 155, 167, 168, 175,
306, 344, 435, 442, 449, 462, 464, 465, 466,
KDC 382, 433, 439, 441 467, 510
Kerberos 144, 424 license 67, 526
Key Distribution Center 382, 433, 439, 441 refreshing 352, 397
server 382
Licensed Capacity 69, 78, 85, 370, 537, 551
key
licensed capacity 68, 104, 206, 397
recovery 508, 509
exceeding 68, 89, 397, 483
shared link 383
Licensed Data 69, 78, 85, 370, 537, 551
key ID
licensed data 69, 78, 85, 370
encryption key 193, 304, 448
limit
key terms 24
Quality of Service 318

Index
limits Media Access Control address 374

Active Directory 381, 428 memory 279
concurrent connections 67, 142, 154, 166, 177, 269, Health Monitor 529
273, 345, 378 health of 281
linking NMC 36
user memory fragmentation
permission 478 Health Monitor 532
Linux memory usage 277
and LDAP 424 alert 392, 393
CIFS 102 threshold 392
mobile access 347 merge conflict
NFS 102 renaming file or directory 28, 109, 213
list message
remote volume 111 console 60
local data 24 panel 61, 63
local user name 158, 159, 172, 173, 181, 182 alert 61, 63, 497
lock test 416
breaking 129, 132 messages
CIFS file 365 notifications 24, 496
locking metadata 24, 34, 361
file 113, 122, 127, 129, 130, 132, 237 pinning in cache 35, 70, 79, 86, 124, 197, 370
locks metrics
CIFS file 365 GFA 230
disconnecting 366 Global File Acceleration 230
log file Microsoft Azure 20, 398, 403
auditing 252, 255 software for 37
pruning 253 Microsoft Azure Storage 19
logging facility 338 Microsoft Hyper-V 39
login 53 Milan 402
password 53 MMC 166
username 53 Mobile Access 278, 350
logo additional port 347
Web Access 343, 344 API port 346
Logout 57, 61 device 345, 350
logs, audit 253 disabling 351
enabling 351
license
M deleting 351
licenses
MAC address 374, 524
machine learning 21
limiting device type 347
macOS
limiting time 347
and LDAP 424
limiting to one device 347
CIFS 102
Nasuni Application 351
maximum capacity 24
service
Maximum Expiration 179
editing settings 347
maximum length
file name 119, 121, 135, 137, 143, 155, 167, 168,
mobile access
175, 306, 344, 435, 442, 449, 462, 464, 465,
enabling 175
466, 467, 510
limiting device type 347
path 119, 121, 135, 137, 143, 155, 167, 168, 175,
Mobile Access clients 269
306, 344, 435, 442, 449, 462, 464, 465, 466,
Mobile Access licenses 278
467, 510
maximum transmission unit 374

Index
Mobile Access usage Nasuni Edge Appliance description 277

chart 271, 272, 276 Nasuni Edge Appliance user interface 24
mobile device Nasuni Edge Appliances managed
logged in 350 number of 268
monitoring Nasuni Edge Appliances unmanaged
SNMP number of 268
Nasuni Management Console 331, 417 Nasuni Management Console 22, 24
monitoring, iDRAC 280, 331, 529 disabling 23
mounting enabling 23
export 145 installing 46
Mozilla Firefox 24 rebooting 525
MTU 374, 517, 519, 521 Nasuni Management Console Guide 17
multiple protocols 87, 106, 107, 199, 200, 202 Nasuni Orchestration Center (NOC) 20
enabling 201 Nasuni Services
viewing 199 Health Monitor 531
Nasuni.com account
downloading software 501
N remote access 213
native object format 21
name
native users 472, 474
account 396
Nearline (Storage Class) 88, 103
certificate 459, 461, 464
NetApp StorageGRID 19
certificate request 462
netmask 47, 143, 146, 149, 169, 374, 488, 503, 517,
encryption key 304, 448
518, 521
export 141, 143
network
folder 186, 198
configuration
FTP directory 153
password 468
Nasuni Edge Appliance 274, 296, 297
username 468
changing 296
health of 281
port 374
settings 373
share 167
viewing 373
volume 80, 86, 102, 110, 141, 152, 164, 188, 192,
type 374
195, 200, 206, 207, 209, 210, 211, 212, 214,
DHCP 47, 502
217, 222, 225, 234, 239, 242, 247, 251, 261
static 47, 502, 503
setting 102
network connectivity checks
Windows workgroup 428
Health Monitor 532
Nasuni Application
Network Time Protocol
Mobile Access 351
NTP 47, 488, 489, 503
Nasuni Edge Appliance 20, 24
port 123 341, 422
description 296, 297
services from domain controllers 429
details 268
network type
managed
static 47, 488
number of 68
NFS 20, 102, 423
name 274, 296, 297
and Asynchronous 102
changing 296
and Global File Lock 284, 388
planning
and Optimized 102, 199
worksheet 100, 124, 175, 186, 195, 197, 206,
export 81
213, 221, 225, 233, 260, 284, 296, 303, 317,
health of 281
340, 345, 350, 381, 423
protocol 81, 110, 214, 217, 239, 247, 251
platform 274
volume 101
software updates 270
number of 66
unmanaged
number of 68

Index
NFS export NTFS Compatible

number of 67 changing to NTFS Exclusive 204
using NMC API 104, 141, 142, 146, 151 NTFS Compatible Mode 87, 106, 200, 203
viewing 141 NTFS Exclusive 534, 535, 536
NFS exports 76 NTFS Exclusive Mode 86, 105, 200, 202
NFS hardlinks 128, 314 NTP
NFS summary. 278 Network Time Protocol 47, 488, 489, 503
NFSv4 141 time server 47, 488, 489, 503
NFSv4 ACL 87, 106, 201, 203 NTP servers 340
NFSv4 protocol 87, 106, 141, 201, 203 Nutanix AHV 20
NMC software for 37
administrative user 51, 53, 54, 60 Nutanix Objects 19
CPUs 36
disk space 36
memory 36 O
offline
rebooting 525
number of Edge Appliances 270
sizing 36
open source code 57
NMC Administrators 472
OpenPGP 302, 305, 306, 446, 449, 549
NMC API 22, 76, 80, 81, 84, 100, 115, 116, 124, 126,
OpenPGP-compatible encryption keys 26, 28, 31, 100,
130, 133, 138, 141, 152, 163, 164, 166, 185, 186,
190, 302, 446
187, 191, 195, 197, 207, 209, 215, 242, 273, 297,
operating system
362, 365, 367, 399, 456, 497
version 279
access keys 456
Optimized
revoking 456
and NFS 102, 199
NMC escrow passphrase 454, 455
Global File Lock 131
NMC version 62
OS X
no_root_squash
mobile access 347
UNIX 144, 146, 148, 149
OUD (Age of Oldest Unprotected Data) chart 264, 265
NOC (Nasuni Orchestration Center) 20
outbound bandwidth 320
Note, meaning of 15
outbound Quality of Service 34, 317, 318, 320, 322
notification 497
overwriting
Admin 496, 497
during restore 137
alert 496, 498
OVF format 38
deleting 500
owned volume
near quota 104, 206
adding 26, 100, 101
sorting
backup key without 310
by date 498
creating 26, 100, 101
by severity 498
deleting 92, 93
by text 498
recovering without 310
types of 496
remote access to 213
notifications
sharing 28
deleting 500
downloading 140, 498, 500
filtering 499
number of 66
retaining 496 P
viewing 497 passcode 282
Notifications page 27 passphrase, escrow 191, 303, 305, 308, 311, 447, 454
Now Data 537 before creating volume 100, 103
Now data 554
NTFS 87, 106, 200, 203

Index
password 54 planning
administrative user 54 Nasuni Edge Appliance
changing 57, 60 worksheet 100, 124, 175, 186, 195, 197, 206,
creating 51, 56, 512 213, 221, 225, 233, 260, 284, 296, 303, 317,
disk encryption 340, 345, 350, 381, 423
changing 300 platform 279, 379
login 53 Nasuni Edge Appliance 274
network platform information
configuration 468 viewing 378
shared link 384 policy 375
strength 52, 60, 476, 512 polling interval 529
user 476 polling threshold 529
editing 476 port
patents 2 123
path Network Time Protocol (NTP) 341, 422
maximum length 119, 121, 135, 137, 143, 155, 167, 161
168, 175, 306, 344, 435, 442, 449, 462, 464, SNMP monitoring 331, 417
465, 466, 467, 510 162
pausing SNMP monitoring 331, 417
Side Load 359 25
pending updates SMTP port 416
acknowledging 376 HTTPS proxy
viewing 376 server 48, 491, 504
performance tuning 144, 147, 148, 150 name 374
permission syslog 338
custom port 443 348
remote access 215 POSIX 87, 106, 200, 203, 291
group 472, 475, 476, 478, 480, 481, 485 POSIX ACL 87, 106, 201, 203
default 472 POSIX Mixed Mode 87, 101, 102, 106, 199, 200, 202,
viewing 472, 480 203, 533
remote access 215 power 57, 59
remote volume 80, 214 power option 59
user 472, 475, 476, 478, 479, 480 power supply
adding 475, 476 status 279, 380
deleting 479 power supply problems
editing 476 number of 66
linking 478 power window 59
permission group 480, 481, 484, 485 powering down 59
adding 480, 484 previous version
deleting 485 file 173
editing 484 Previous Versions 20
permissions 538, 540 previous versions
permissions policy, volume 534 snapshots available 218
PGP 302, 305, 446, 449 Previous Versions, Windows 218
physical port 374 Primary Access Key 403
pinning primary DNS 48, 488, 489, 503
disabling 198 primary DNS server
folder 115, 117 IP address 48, 488, 489, 503
folder in cache 35, 81, 89, 124, 197 Prioritize Snapshot 82
viewing 198 priority snapshot 82
pinning metadata in cache 35, 70, 79, 86, 124, 197, privacy policy 56, 57
370 private cloud
data 69, 78, 85, 370, 397

Index
processors per CPU 379 quota 113

Protected Users 424, 426, 428 directory 133
protocol 141, 153, 165, 367 editing 207
FTP 27, 30, 152, 199, 201, 214, 217, 239, 247, 251, folder
293 deleting 209
SFTP 27, 30, 152, 199, 201 editing 208
SMB 291 viewing 207
SMB2 291 notification near 104, 206
SMB3 291 rule
SMBv2 291 viewing 210
SMBv3 291 threshold 324, 325, 326, 327, 328, 329, 330
volume 81, 86, 110, 214, 217, 239, 247, 251 viewing 206
protocol, volume 534 volume
protocols setting 31, 104, 206
multiple 87, 106, 107, 199, 200, 202 quota limit 134, 209, 212
volume 199 quota report 133
Provider administrative reports 326, 328, 330
Directory Services 382 schedule 324, 327, 329, 330
proxy 411 adding 327
proxy server 411 days 325
HTTPS 490 editing 329
public cloud time 325
data 69, 78, 85, 370, 397 viewing 325
Publicly Available 110, 164, 214, 278, 382 scheduling 325
security mode 381 sending manually 326
Publicly Available volume 105 threshold 325
Pure Storage FlashBlade 19 types 325
user reports 326, 328, 330
quota reports 483
Q quota rules
folder
QoS
deleting 212
editing 211
Quality of Service 278, 319, 321, 322
days 318
limit 318
rule R
adding 319 RabbitMQ 250, 257, 282, 360
deleting 322 RAID
editing 321 firmware 380
scheduling 317 status 279, 380
time 318 RAID battery
viewing 318 status 380
Quantum ActiveScale 19 RAID disks 380
RAM 379
ransomware 250
detection
definition files 244
false positives 244
notifications 245
pattern violations 244
signatures 245
suspicious files 246
violations 245, 246, 483

Index
Ransomware Detection 244 Remote Support Service 353, 494

editing 247 disabling 354, 494
viewing 246 enabling 354, 494
ransomware pattern violations 245 viewing settings 353
ransomware patterns 244 remote volume
Read/Write 80, 214 connecting to 109, 110
Read-Only 80, 214 disconnecting from 110
Read-Only access 172, 173, 181, 182 list 111
read-only access 144, 147, 149, 156, 169, 215, 216 maximum number 397
Read-Only Domain Controller (RODC) 428, 436 renaming file or directory 28, 109, 213
read-write access 172, 173, 181, 182, 215, 216 remote volumes
Read-Write Domain Controller (RWDC) 436 delay 75, 109, 213
rebooting removing alert from Home page 499
after software updates renaming
Nasuni Management Console 492 volume 195
Nasuni Edge Appliance 385 renaming file or directory
Nasuni Management Console 59, 60, 493, 512, 525 on remote volumes 28, 109, 213
NMC 525 replacing
recovery SSL certificate 466
encryption key 507, 508 requirements
procedure 501 virtual machine 36
recovery key 311, 312, 454, 455, 508, 509 resetting
refreshing CIFS authentication cache 363
current time 341 client 363, 364
subscription license 352 resetting certificate
refreshing subscription license 397 console 394
region 88, 103, 340, 422 restoring
Release Notes 56, 57, 58 backup before 137
viewing 58, 492 file 113, 122
remediation folder 113, 122, 136
Health Monitor 528 folder from snapshot 136
remember pages 61 restoring file or folder
Remote Access 75 snapshot 136, 137
remote access 80, 109, 213 Restrict Anonymous
Antivirus Service scanning frequency 241, 249 CIFS anonymous connections 292
connecting resuming FTP uploads 159
to volume 109 retention
disconnecting snapshot 89, 191, 222, 223, 303, 447
volume 98 reviewing
editing 215 antivirus violations 243
maximum group size 397 RFC 2307 424
maximum volumes 397 RFC2307 433
Nasuni.com account 213 RFC2307bis 433
permission 215 ROBO 21
custom 215 RODC 428
setting 215 RODC (Read-Only Domain Controller) 436
snapshot frequency 227 role-based access control 472
status 90 root_squash
viewing 214 UNIX 144, 146, 148, 149
Remote Support 269, 278, 411 RWDC (Read-Write Domain Controller) 436

Index
S security mode 81, 110, 164, 214, 278, 381, 382

Active Directory 423, 424
S3 19, 398 LDAP 424
Safari 24 Publicly Available 381
Safe Delete security setting 302, 446
and NMC 22 security settings 381
safe delete 95 viewing 381
alerts 95 self-signed certificate 33, 394, 458, 461
approving 94 sending encryption key 307
canceling 94 serial number 50, 396, 408, 506
canceling deletion 97 of Edge Appliance
disabling 96 viewing 138
enabling 95 viewing 277, 408
immediately deleting 94 server
report 95 Active Directory 381, 423
revoking approval 97 LDAP 424
volume-delete-capable administrator 95 Service Level Agreement 56, 57
Safe Delete alerts 483 services
safelist health of 281
ransomware 246 session expiration 346
saving session timeout 457
SSL certificate 469, 471 setaddr 521
Scality RING 19 setall 518
schedule setsystem 521
snapshot 30, 89, 224, 227 setting
sync 90 name
scheduling volume 102
automatic software updates 412 remote access 215
Quality of Service 317 volume
quota report 325 name 102
snapshot 30, 224, 227 setting sync errors
sync 233 number of 66, 76, 270
search settings
for files 113 FTP 293, 294
for folders 113 setup wizard 502
pages 61 SFTP 20, 87, 106, 152, 154, 200, 203, 293, 294, 367
text box 61 SFTP access 152, 159
search domain 373, 517, 519, 522 SFTP directory 25, 26, 27, 30, 31, 67, 152, 153, 154,
search domains 279 155, 156, 157, 159, 160, 161, 162
searching SFTP protocol 27, 30, 152, 199, 201
file and folder for restore 118 SFTP settings 152, 154, 199, 293, 294
snapshot 118 share 24
searching for access 169
file 118 creating 163
folder 118 automatically 104, 111
secondary DNS 48, 488, 489, 503 deleting 185
secondary DNS server disconnecting clients after changing 183, 184, 363,
IP address 48, 488, 489, 503 364
Secret Access Key 401, 402, 404 editing 184
secure dialect negotiation 163 name 167
security read-only 169
Active Directory 381, 423 visible 169
configuring 424 volume and 24
LDAP 424

Index
Share Permissions 166 snapshot

share permissions 166 access 89, 174
shared directory 164, 192, 304, 414, 447 alert 392, 393
Shared Folders Microsoft Management Console and quota 31, 104, 206
(MMC) 166 available 218
shared link 177, 383 before disconnecting from remote volume 98
deleting 384 canceling 99
expiration 177, 179 definition 24
expires 384 deleting 30, 220
key 383 detail 34, 224, 317
list 268 directory access
password 384 enabling 217
Shared Link Global User 177, 183, 384 enabling directory access 217
status 383 file sizes in 72, 73, 369, 371
viewing 383 file types in 72, 73, 369, 371
Shared Link Global User 168, 174, 177, 183, 384 frequency 227
shares last 81
unique names 109, 168 prioritized 82
shutdown priority 82
Nasuni Edge Appliance 385 restoring file or folder 136, 137
Nasuni Management Console 59, 60 restoring folder and file 136
Side Load 356, 358 retention 89, 191, 222, 223, 303, 447
pausing 359 schedule 30, 89, 224, 227
signature type 459 scheduling 30, 224, 227
signing, SMB 163 searching 118
size searching for file 118
cache 379 status 81
sizing taking 81
NMC 36 with Analytics Connector 115
slow restore snapshot access 174, 217
Global File Lock 129 Snapshot Directory Access 89, 174
snapshot retention 221 snapshot directory access 217
SMB 20, 291, 423, 534, 535, 536 viewing 217
SMB encryption 163, 176 snapshot frequency
SMB protocol 87, 106, 200, 203, 291 and Global File Lock 224, 233
SMB Signing 176 snapshot handling
SMB signing 163 limits 99, 224
SMB2 protocol 291 snapshot restore alerts 483
SMB3 291 snapshot retention 220
SMB3 encryption 176 and compliance 223
SMB3 protocol 291 changing time 220
SMBv2 protocol 291 editing 222
SMBv3 protocol 291 setting 222
SMTP viewing 222
port 25 416 snapshot retention policy 30, 220
SMTP server 416 snapshot schedule 224
days 225, 239, 247, 284, 410, 412
frequency 225
time 225, 239, 247, 285, 410, 412
snapshot schedules
editing 226
viewing 225
snapshots 20

Index
SNMP 331, 417 status

monitoring CIFS clients 362
Nasuni Edge Appliance 331 CIFS file locks 365
Nasuni Management Console 331, 410, 417 disk 279, 380
Nasuni Management Console encryption key 88
editing settings 417 FTP directory 367
port 161 331, 417 hardware
settings appliance 378
Nasuni Edge Appliance 278 power supply 279, 380
trap 333 RAID 279, 380
v3 333 RAID battery 380
sockets remote access 90
CPU 379 shared link 383
SOCKS 490 Storage Access 473, 474, 483, 484
soft limit Storage Class 88, 102
concurrent connections 67, 142, 154, 166, 177, 269, Storage Volume Limit 69, 78, 85, 370, 537, 551
273, 345, 378 subnet mask 374
soft links 128, 314 subscription
software expiration date 396
version 279 subscription license 67
software updates 278, 411, 483 refreshing 352, 397
automatic subscription mode 396
Nasuni Management Console 412 subscriptions, email 483
manual super user 538
Nasuni Management Console 492 superuser 144, 146, 148, 149
Nasuni Edge Appliance symbolic links 166
number of 66 symlinks 128, 314
Nasuni Management Console 492 sync
number of 66 schedule 90
scheduling 412 scheduling 233
sorting lists 63 setting sync errors 270
source code 57 volume 233
speed sys 144
port 374 syslog
SSH 375 export settings 337
SSL 416 console 420
SSL certificate 42, 278, 394, 410 message 336, 419
deleting 470 server 250, 336, 419
downloading 469 Syslog Export 250, 336, 419
enabling 468 syslog port 338
generating 461
replacing 466
saving 469, 471 T
uploading 463
take snapshot 99
SSL certificate information
taking snapshot 81
copying 460
Telemetry API, GFA 230
viewing 395, 458
temperature 279, 380
SSL certificates 394, 458
temporary files
Standard (storage class) 88, 102
FTP uploads 159
static 374
terms of service 56, 57
network type 47, 488, 502, 503
test
static IP address 517
message 416
Test Email Recipient 416

Index
testing email 416 UNIX client 102

text conventions 15 UNIX/NFS Permissions Only Mode 87, 106, 201, 203
threshold unmanaged Nasuni Edge Appliances 268
alert 393 unprotected files 139
CPU Usage 392 Update Domains 431, 438, 443, 444
memory usage 392 updates
quota 324, 325, 326, 327, 328, 329, 330 Nasuni Edge Appliance software 270
time 422 scheduling 412
editing settings 341 updating
Quality of Service 318 software
quota report schedule 325 Nasuni Management Console 492
snapshot schedule 225, 239, 247, 285, 410, 412 uploading
viewing settings 340 encryption key 302, 305, 306, 446, 449
time configuration 278, 340, 422 encryption keys 26, 100, 190, 302, 305, 446, 449,
time server 46, 340, 373, 410, 422, 487 510
Active Directory 341 SSL certificate 463
time.nasuni.com 341, 422 uptime 278
time services usage metrics 369
from domain controllers 429 user
time settings 422 access 144, 146, 148, 149, 158, 159, 172, 181, 182
time zone 57, 62, 340, 410, 422 authenticating 170
selecting 62 deleting 479
time.nasuni.com domain 472
time server 341, 422 native 472
timeout password 476
idle 457 editing 476
session 457 permission 472, 475, 476, 478, 479, 480
Tip, meaning of 16 adding 475, 476
TLS security 416 deleting 479
traffic group 374, 375 editing 476
trap linking 478
SNMP 333 viewing 474
trial license 67 User Folders Support 168, 174, 175, 177, 183
trusted domains and directory quota 133, 208, 211
Active Directory 424, 429, 444 user reports 326, 328, 330
username 54
administrative user 54
U creating 51, 56, 512
login 53
uidNumber 432
network
Unauthenticated Access Mode 88, 107, 201, 203
configuration 468
Unavailable Volume 76
viewing 57
Unhealthy
users 410
health 274, 280, 281
unhealthy
number of Edge Appliances 270
Unified Storage Access Points 76 V
UniFS 19 Varonis 250, 257, 282, 360
UNIX 87, 106, 201, 203, 423 auditing 250, 251, 252, 282, 360
all_squash 144, 147, 148, 149 configuration 257
CIFS 102 Vault Provisioner 403
NFS 102
no_root_squash 144, 146, 148, 149
root_squash 144, 146, 148, 149

Index
version 62 viewing
and snapshot 30, 224 Antivirus Service 239
base operating system 279 antivirus violations 242
Edge Appliance 279 Auto Cache folder 186
file 173 automatic software updates
Nasuni Edge Appliance software 279 Nasuni Management Console 412
Release Notes 58 cache 139
software cache jobs 361
Nasuni Edge Appliance 279 cache settings 287
Version By 117 CIFS client 362
CIFS settings 290
directory
FTP 152
File Alert Service 261
files
cache 139
folder quota 207
FTP clients 367
FTP directory 152
FTP settings 293
hardware and platform information 378
Mobile Access licenses 350
Mobile Access service 346
multiple protocols 199
network settings 373
NFS export 141
notifications 497
pending updates 376
permission
group 472
permission group 480
pinning 198
quota 206
quota report schedule 325
quota rule 210
Ransomware Detection 246
Release Notes 58, 492
remote access 214
Remote Support Service 353
security settings 381
shared link 383
snapshot directory access 217
snapshot schedules 225
SSL certificate information 395, 458
time settings 340
user 474
username 57
violation alerts 483
violations
ransomware 245, 483

Index
virtual machine 274 volume, authentication 534

requirements 36 volume, case sensitivity 534
virtual platform 379 volume, permissions policy 534
Virtustream Storage Cloud 19 volume, protocol 534
virus volume-delete-capable administrator
Clam AntiVirus 33, 237, 242 safe delete 95
VMware ESXi 20, 38 volumes managed
volume number of 67, 75
accessible data 81 VPN
adding IP address and 348
data 28, 29
auditing for 250
browsing 114 W
CIFS 101
Warning
cloud provider 88, 102
health 274, 280, 281
creating
warning
CIFS share 163
capacity exceeded 68, 89, 397, 483
creating NFS export 141
definition 496, 497
data
Warning, meaning of 16
adding 28, 29
warnings
definition 24
for Edge Appliances 270
deleting 82, 92, 93
Wasabi Hot Cloud Storage 19
details 75, 80, 84
Web Access 383
disconnecting 82, 98
branding 183, 343
enabling
logo 343, 344
snapshot directory access 218
settings 177
encryption key 88
shared link 177
export
Web access
creating 104, 111
enabling 175
GUID 138
Web browsers 24
maximum number 396
wildcard “%U” 168, 174, 175
name 80, 86, 102, 110, 141, 152, 164, 188, 192, 195,
Windows
200, 206, 207, 209, 210, 211, 212, 214, 217,
case sensitivity 533
222, 225, 234, 239, 242, 247, 251, 261
mobile access 347
setting 102
snapshot access 174
NFS 101
Windows client 102
protocol 81, 86, 110, 214, 217, 239, 247, 251
Windows Previous Versions 20, 173, 218
CIFS 101
Windows share permissions 166
NFS 101
Windows workgroup
protocols 199
name 428
quota 104
wizard
setting 31, 104, 206
setup 502
renaming 195
workgroup name
restoring folder 136
Active Directory domain 438
share 24
worksheet
creating 104, 111
planning Nasuni Edge Appliance 100, 124, 175, 186,
snapshot
195, 197, 206, 213, 221, 225, 233, 260, 284,
canceling 99
296, 303, 317, 340, 345, 350, 381, 423
taking 99
sync 233
Volume Cloud I/O 188
volume protocols 199, 201
Volume Unavailable 76

NMC Guide

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

NMC Guide

Uploaded by

Copyright:

Available Formats

Nasuni Management Console

Contacting Nasuni Corporation

Chapter 5: The Nasuni Management Console . . . . . . . . . . . . . . . . . . . . . . . 19

Chapter 6: Task Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Nasuni Management Console Guide 22.1 3

Chapter 7: Installing the Nasuni Management Console . . . . . . . . . . . . . . . . 36

Chapter 8: Login Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Chapter 9: Common Screen Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Nasuni Management Console Guide 22.1 4

Chapter 10: Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Chapter 11: Volumes Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

Nasuni Management Console Guide 22.1 5

Unprotected Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

Nasuni Management Console Guide 22.1 6

Deleting folder quotas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209

Nasuni Management Console Guide 22.1 7

Chapter 12: Filers Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267

Nasuni Management Console Guide 22.1 8

Escrowing Encryption Keys with Nasuni . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308

Nasuni Management Console Guide 22.1 9

Remote Support Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353

Nasuni Management Console Guide 22.1 10

Software Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388

Chapter 13: Account Status Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396

Chapter 14: Console Settings Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409

Nasuni Management Console Guide 22.1 11

Considerations for a Read-Only Domain Controller (RODC) . . . . . . . . . . . . . . 436

Nasuni Management Console Guide 22.1 12

Deleting Permission Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 485

Chapter 15: Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 496

Chapter 16: Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501

Appendix 17: Console Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 515

Appendix 18: Nasuni Terms of Service and License Agreement . . . . . . . . 526

Appendix 19: Filtering Displays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 527

Appendix 20: Health Monitor Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . 528

Nasuni Management Console Guide 22.1 13

Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 530

Appendix 21: Case Sensitivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 533

Appendix 22: Volume Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 534

Appendix 23: Data Metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 537

Appendix 24: Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 538

Appendix 25: Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545

Nasuni Management Console Guide 22.1 14

1. Number Used to indicate a step in a procedure.

• Bullet Used for items in a list without any particular order.

Bold Used to give emphasis to a word.

Italics Used to represent options or parameters.

Underline Used for hyperlinks, such as links to Web sites.

Monospace Used to indicate pathnames, filenames, directory names,

The following types of text notes have special meanings:

Nasuni Management Console Guide 22.1 15

Nasuni Management Console Guide 22.1 16

Nasuni Management Console Guide 22.1 17

Release Notes for Nasuni Documentation Set

2022-01-06 Updated supported operating systems, in many documents.

Nasuni Management Console Guide 22.1 18

Nasuni Management Console Guide 22.1 19

Nasuni Edge Appliances

Nasuni Management Console (NMC)

Nasuni Orchestration Center (NOC)

Nasuni Management Console Guide 22.1 20

Global File Acceleration

Nasuni Management Console Guide 22.1 21

Placing Nasuni Edge Appliance under control of Nasuni Management Console