Professional Documents
Culture Documents
Guide
Version 22.1
July 2022
Last modified: July 1, 2022
© 2022 Nasuni Corporation
All Rights Reserved
Document Information
Nasuni Management Console Guide
Version 22.1
July 2022
Copyright
Copyright © 2010-2022 Nasuni Corporation. All rights reserved.
Notice
The information in this document is subject to change without notice and does not
represent a commitment on the part of Nasuni Corporation (“Nasuni”). Software and
services described in this document are furnished under terms and conditions found at
www.nasuni.com/legal/. Software and services may be used only in accordance with such
terms. These terms are subject to change from time to time, so you should check our
website for the latest terms. This document contains the confidential and proprietary
information of Nasuni and may not be used or disclosed to any third party except as
specifically set forth in such terms and conditions and any confidentiality agreement in
place with Nasuni. No part of this manual may be reproduced in any form or by any
means, electronic or mechanical, including photocopying and recording, without the
express written permission of Nasuni. Licensed users may contact Nasuni for access to
additional copies.
Although Nasuni has attempted to ensure the accuracy of the content of this document, it
is possible that this document might contain technical inaccuracies, typos or other errors.
Nasuni assumes no liability for any error in this document and disclaims all damages that
might arise from the use of this document, whether direct, indirect, incidental,
consequential or otherwise, including, but not limited to loss of data or profits. Nasuni
provides this publication “as is” without warranty of any kind, either express or implied,
including, but not limited to implied warranties of merchantability or fitness for a particular
purpose.
Trademarks
NASUNI, the NASUNI logo, and UniFS are registered trademarks of Nasuni Corporation in the U.S. and other countries. All
other marks are the property of their respective owners.
Patents
Nasuni’s products are protected by the U.S. patents identified here. Nasuni’s products may also be covered by one or more
patents granted or pending in the U.S. and other countries.
Contents
Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Text Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Product Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Electronic Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Release Notes for Nasuni Documentation Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Handling encryption keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Role-based access control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
SSL certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Antivirus Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Ransomware Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Firewall protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Changing performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Actions only available on the Nasuni Edge Appliance . . . . . . . . . . . . . . . . . . . . . . . 35
NMC version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Sorting lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Action status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 559
Preface
Audience
This Guide is intended for the IT administrator or person responsible for managing Nasuni Management
Consoles using the Nasuni Management Console user interface.
Text Conventions
The following text conventions are used in this document:
Convention Description
Tip: A suggestion on how to do something. More than information, this is a hint to make things
easier or more productive for you.
Caution: If you do this, something negative, such as data loss or data unavailability, might
happen. Be careful.
Warning: If you do this, something negative, such as data loss or data unavailability, is
definitely going to happen. A Warning is the highest level of alert. Be extremely
careful.
Product Documentation
Electronic Publications
Extensive documentation is available for all aspects of installing, configuring, and operating the Nasuni
Edge Appliance (Filer). The latest version of each of the following documents is available in PDF format
at https://community.nasuni.com/s/documentation.
• Nasuni Edge Appliance Administration Guide: “The Manual”: Encyclopedic guide to managing
storage with a Nasuni Edge Appliance.
• Nasuni Management Console Guide: “The Other Manual”: Encyclopedic guide to managing
multiple Nasuni Edge Appliances.
• Best Practices Guide: Step-by-step instructions for planning, installing, configuring, operating,
and troubleshooting the Nasuni Edge Appliance and Nasuni Management Console.
• Hardware Getting Started Guides: To set up a Nasuni Edge Appliance on a Nasuni hardware
appliance:
• N1040r Hardware Appliance Getting Started Guide.
• N1040t Hardware Appliance Getting Started Guide.
• N2040 Hardware Appliance Getting Started Guide.
• N4040 Hardware Appliance Getting Started Guide.
• N1050 Hardware Appliance Getting Started Guide.
• N2050 Hardware Appliance Getting Started Guide.
• N4050 Hardware Appliance Getting Started Guide.
• Installing on Virtual Machines: For installing Nasuni on a virtual machine:
• On virtual machines within a corporate network: Installing on Google Cloud, Installing on
Hyper-V, Installing on Nutanix, and Installing on VMware.
• Installing on Microsoft Azure: For installing on Microsoft Azure.
• Installing on Amazon EC2: For installing on Amazon EC2.
• Nasuni Edge Appliance Initial Configuration Guide: For configuring and deploying the Nasuni
Edge Appliance after the initial installation on the hardware appliance or virtual machine.
2022-06-13 Added details of hardlinks with Global File Lock, in Global File Lock, Administration
Guide, NMC Guide, and Best Practices Guide.
2022-05-12 Added details of NFS ports to Firewall and Port Requirements.
2022-04-22 Added details of support for Windows Previous Versions, in Administration Guide,
NMC Guide, and Best Practices Guide.
2022-03-04 Improved data migration and audit time information, in many documents.
2022-02-08 Added endpoints for Global File Acceleration to Firewall and Port Requirements.
Nasuni
Nasuni® enables organizations to store, protect, synchronize, and collaborate on unstructured file data
across all locations. Built for the cloud and powered by UniFS, the world’s only global file system, the
Nasuni file data platform couples the performance of local file servers with the infinite scale of the cloud
to provide a global file-sharing platform at half the cost of traditional file infrastructures.
With Nasuni, you can consolidate Network Attached Storage (NAS), distributed file servers, backup,
disaster recovery, file archiving, multi-site file synchronization, and global file locking in one simple,
scalable solution.
Nasuni stores all files and metadata in private (on-premises) or public cloud object storage to provide
unlimited primary or archive file storage capacity, then intelligently caches just the active data on
lightweight Nasuni Edge Appliances to provide local, high-performance file access in any location.
Nasuni supports the leading third-party object storage services:
• Public cloud (aka BYOC) storage services Alibaba Cloud Object Storage Service (OSS), Amazon
Simple Storage Service (Amazon S3), Google Cloud Storage, IBM Cloud Object Storage,
Microsoft Azure Cloud Storage, Virtustream Storage Cloud, and Wasabi Hot Cloud Storage.
• Private cloud (on-premises) storage services Cloudian HyperStore, Dell EMC Elastic Cloud
Storage (ECS), Hitachi Content Platform (HCP), IBM Cloud Object Storage, NetApp
StorageGRID, Nutanix Objects, Pure Storage FlashBlade, Scality RING, and Quantum
ActiveScale.
Support for each of these cloud storage services is included with each Nasuni subscription. Multiple
cloud storage services can be used within a single Nasuni implementation, and a single Nasuni Edge
Appliance can connect to volumes in different cloud storage services. However, each volume can exist
only in a single cloud storage service.
Nasuni consists of several product components.
UniFS®
The UniFS® global file system is cloud-resident and downloadable software that serves as the
foundation of the Nasuni platform. UniFS is the first file system designed for private on-premises or
public cloud object storage. Unlike device-constrained file systems that cannot scale beyond their
single “box” or cluster, the unique ability for UniFS to live and scale within object storage means that
Nasuni has no limits on total capacity, file versions, file size, volume size, or number of locations.
Another unique quality of UniFS is the ability to extend on-premises and to cache only the actively used
files and metadata anywhere that high-performance file access is needed on Nasuni Edge Appliances.
It is this ability, combined with the ability to rapidly synchronize changes to files made on any Edge
Appliances with the authoritative master copies stored in cloud storage, that enables Microsoft Azure
storage, Amazon Simple Storage Service (Amazon S3), Dell EMC ECS, IBM Cloud Object, and other
public and private cloud object storage solutions to be used for high-performance file storage.
Global Volume Manager™, Nasuni Global File Lock™, credential management, support services, and
the dashboard for monitoring and reporting.
The NOC also ensures that organizations benefit by having a simple, safe, and secure way to share
data across any number of sites. Nasuni’s multi-site access capabilities include:
• Secure data distribution to remote office/branch office (ROBO).
• Remote offices forwarding data to a central point.
• Two-way synchronized read-write.
Nasuni’s multi-site access also eliminates costly and cumbersome replication schemes and slow WAN
optimizers.
Nasuni Global Volume Manager™
Nasuni Global Volume Manager ensures that changes from every location are synchronized with cloud
storage, then propagated from cloud storage to all other Edge Appliances that are caching the same
files, so that users are always working on the latest versions. Nasuni Global Volume Manager aligns the
changes from each Nasuni Edge Appliance based on date/time stamp, creating an infinite version
history of every file.
Nasuni Global File Lock™
Nasuni is designed to enable multiple appliances to connect to a single volume, so that users in
different locations can collaborate on the same shared files. Nasuni Global File Lock is software that
works with third-party cloud storage to ensure that only one user can write data at a time, minimizing
the possibility of version conflicts. Nasuni Global File Lock ensures that only one user in the world can
make file changes at any time, by controlling the transmission of data by multiple users to your third-
party cloud storage system to prevent overlap.
Analytics Connector
The Nasuni Analytics Connector enables you to turn unstructured data into big data. A consolidated
cloud-based file system enables you to export a temporary second copy of your file data, in native
object format, in a separate cloud storage account. You can then use this data with analytics software,
AI, machine learning, and other data recognition tools.
Using Analytics Connector, you can use any analytics service from AWS or Azure, regardless of which
cloud currently stores your Nasuni volume. Since file data has already been centralized in cloud
storage, the process is fast, capable of exporting 14–16 TBs of data per hour. You can specify file
types, specific paths, and more to refine the selection of data for analysis. Nasuni provides a cost
estimator tool to help organizations project the cloud costs of storing the selected data sets in native
object format in a separate cloud storage account. The Analytics Connector runs entirely in the chosen
cloud storage account, using securely stored customer keys.
Individual Edge Appliances continuously send file system audit events (such as reads, writes, deletes,
and renames) to the cloud-based Global File Acceleration Cloud Controller. Individual Edge Appliances
also request recommendations from the GFA Cloud Controller on when to perform syncs and
snapshots (respectively known as “pull” and “push”) for the GFA enabled volume, based on near-real-
time analysis of file system audit events.
Using the Nasuni Management Console, you can manage Nasuni Edge Appliances even if they are not
presently connected. Any changes made propagate to the Nasuni Edge Appliance when it becomes
connected.
Note: Notifications and changes on Nasuni Edge Appliances can take up to 10 minutes to
appear in the Nasuni Management Console.
Tip: Certain functions can also be performed using the NMC API. For details, see NMC API.
Certain actions remain unique to each Nasuni Edge Appliance and are not available for control using
the Nasuni Management Console, including:
• Restoring files and folders.
• Network-specific configuration.
• Active Directory or LDAP configuration.
• Setting quotas and quota rules (but not quota reporting).
permissions were discontinued, those requests and any associated approvals are
canceled.
To enable management by the Nasuni Management Console, follow these steps:
1. On the Edge Appliance user interface, click Services, then select Nasuni Management
Console from the list. The Nasuni Management Console page appears.
Key Terms
The following terms are helpful in understanding the Nasuni Edge Appliance:
• Nasuni Edge Appliance (Filer): The virtual or physical appliance in your data center that
integrates with your infrastructure via CIFS (SMB), NFS, FTP/SFTP, or HTTPS/REST protocols.
The Nasuni Edge Appliance can be mapped as a network drive.
• Nasuni Edge Appliance user interface: The Web-based graphical user interface with which
you configure and manage the Nasuni Edge Appliance. The Nasuni Edge Appliance user
interface is accessible with supported Web browsers including Mozilla Firefox, Internet
Explorer, Safari, and Google Chrome.
• Nasuni Management Console (NMC): The Web-accessible appliance with which you can
configure and manage multiple Nasuni Edge Appliances. The Nasuni Management Console is
accessible with supported Web browsers including Mozilla Firefox, Internet Explorer, Apple
Safari, and Google Chrome.
• Cloud storage: Internet-based, highly protected, unlimited storage.
• Volume: A set of files and directories (CIFS (SMB), NFS, and FTP/SFTP).
• Share/export: An access point to a folder on a volume that can be shared or exported on your
network. Access to a CIFS (SMB) share can be customized on a user-level or group-level basis.
You can create many shares or exports on a volume, for different purposes or audiences.
• Cache: The local storage of the Nasuni Edge Appliance. All data and metadata that is accessed
regularly is kept locally in the cache. If requested data is not locally resident, it is staged into the
cache and provided for the request.
• Snapshot: A snapshot is a complete picture of your volume at a specific point in time.
Snapshots offer data protection by enabling you to recover data deleted in error or to restore an
entire file system. After a snapshot has been taken and is sent to cloud storage, it is not
possible to modify that snapshot.
Terminology
The following terminology is useful in understanding Nasuni technology:
Alerts and messages: See “Notifications”, including “Notifications” on page 496.
Backup: See “Snapshots”, including “Snapshot schedule” on page 224 and “Snapshot retention” on
page 220.
Bandwidth: See “Quality of Service (QoS)”, including “Quality of Service (Bandwidth) Settings” on
page 317.
Local data: See “Cache”, including “Cache Settings” on page 287.
Maximum capacity: See “Quota”, including “Quota” on page 206.
Other Nasuni Edge Appliances: See “Remote Access”, including “Remote Access” on page 213.
Sets of data: See “Volumes”, including “Volumes page” on page 75.
Also, see “Glossary” on page 545.
The Nasuni Management Console provides extensive information that enables you to monitor the
status of your data from a single application. In addition, you can use the Nasuni Management Console
to configure volumes, CIFS shares, NFS exports, and FTP/SFTP directories from a single application,
regardless of which Nasuni Edge Appliance they reside on. This makes it simpler and faster for you to
perform multiple, near-simultaneous configurations, while maintaining consistent settings. There can
be only one Nasuni Management Console for your account.
Using the Nasuni Management Console, you can manage Nasuni Edge Appliances even if they are not
presently connected. Any configuration changes made will propagate to the Nasuni Edge Appliance
when it becomes connected.
Note: Notifications and changes on Nasuni Edge Appliances can take up to 10 minutes to
appear in the Nasuni Management Console.
Without the Nasuni Management Console, data management tasks require configuring volumes, CIFS
shares, NFS exports, and FTP/SFTP directories separately on each Nasuni Edge Appliance, which is
time-consuming and can lead to inconsistent settings.
This chapter presents an overview of some of the tasks that you can perform with the Nasuni
Management Console, along with links to further information.
• You can view the status and expiration date of your subscription. See “Viewing account status”
on page 396. You can also refresh your subscription license. See “Refreshing license” on
page 397.
• The Notifications page lets you view and acknowledge Nasuni Management Console
notifications. See “Notifications” on page 496.
• You can configure email alerts, which are sent to your email account from the Nasuni
Management Console. You can select various types of alerts to receive. See “Email Settings” on
page 415.
• You can perform the disaster recovery procedure for a genuine emergency, or when moving the
Nasuni Management Console to another location. See “Recovery” on page 501.
Managing data
You can enable, disable, and delete licenses for the Mobile Access service. See “Mobile
Licenses” on page 350.
Note: If you use the Nasuni Management Console to create a volume on a Nasuni Edge
Appliance, and specify generating a new encryption key for that volume, that new
encryption key is generated on the Nasuni Edge Appliance, not on the Nasuni
Management Console. The only way to download a Nasuni Edge Appliance encryption
key is by using the Nasuni Edge Appliance user interface.
Important: The time to generate an encryption key can vary widely, depending on the
hardware (real or virtual) that the Nasuni Edge Appliance is executing on.
Encryption keys are generated in the background, so as to not block use of the
Nasuni Edge Appliance during generation.
• To create a new "owned" local volume on the Nasuni Edge Appliance, see “Create Volume” on
page 100.
• Volumes are not shared by default. First, you need to enable Remote Access for the volume that
is sharing data. You can specify Read/Write or Read-Only access for the Nasuni Edge
Appliances that are receiving data. See “Setting or editing remote access settings” on
page 215.
• After the volume that is sharing data has Remote Access enabled, you connect the Nasuni Edge
Appliances that are receiving data to the volume that is sharing data. See “Connect to (and
Disconnect from) a Remote Volume” on page 109.
• End users access the data through CIFS shares, NFS exports, or FTP/SFTP directories of the
destination volume. You define CIFS shares (“Adding a New CIFS (SMB) Share to a Volume” on
page 155), NFS exports (“Adding an NFS Export to a Volume” on page 178), or FTP/SFTP
directories (“Adding FTP directories for a volume” on page 189) on the destination volume for
users to access. If you created a CIFS share, NFS export, or FTP/SFTP directory automatically
when you created a new volume, you can check and edit the settings for CIFS shares (“Editing a
SMB (CIFS) Share” on page 174), NFS exports (“Editing an NFS Export” on page 182), or FTP/
SFTP directories (“Editing FTP directories” on page 195).
Protecting data
A snapshot is a complete picture of your volume at a specific point in time. Snapshots offer data
protection by enabling you to recover past versions of a file or to restore an entire file system. You can
select when and how frequently to perform snapshots. For example, you can configure snapshots to
occur only at night when network usage is low.
• You can schedule snapshots for whenever suits your system best. See “Editing snapshot
schedules” on page 226.
• You can also take snapshots manually at any time. See “Take Snapshot” on page 99.
• For compliance purposes or your own best practices, you can specify to delete older snapshots
from cloud storage, based on a configured snapshot retention policy for a specific volume. See
“Setting or editing snapshot retention settings” on page 222.
Note: With each Nasuni snapshot, configuration information is included, in case it is necessary to
recover the Edge Appliance. The configuration information includes volume name, volume
GUID, share type, software version, last pushed version, retention type, and permissions
policy. The configuration bundle is encrypted in the same way that all the customer data is
encrypted.
If you receive an alert that such backup configurations have failed, this might be due to
intermittent network issues, or possibly due to DNS issues. If you see notifications that the
Edge Appliance has successfully completed a snapshot after the backup alert, then you
can safely ignore the alert.
Managing volumes
The Nasuni Management Console offers many options for managing volumes. See “Volumes Page” on
page 74.
• Volumes should have names that describe what data they contain and that users recognize.
You can change the name of a volume. See “Changing volume name” on page 195.
• You can monitor file statistics. See “File Sizes in Snapshots” on page 73, “File Sizes in
Snapshots” on page 73, and “Data Growth chart” on page 68.
• For CIFS and NFS volumes and FTP/SFTP directories, the volume quota (maximum capacity)
enables you to limit the amount of storage space for a volume, including snapshots, which helps
you to control your storage costs. You can change the volume quota. See “Quota” on page 206.
• You can delete volumes that are no longer needed. See “Deleting a local volume” on page 92.
Security
Tip: In the Nasuni model, customers provide their own cloud accounts for the storage of their
data. Customers should leverage their cloud provider's role-based access and identity
access management features as part of their overall security strategy. Such features can be
used to limit or prohibit administrative access to the cloud account, based on customer
policies.
SSL certificates
The user interface of the Nasuni Management Console and the user interface of Nasuni Edge
Appliances are Web-based. In order to secure these Web sites, SSL certificates or self-signed
certificates are used.
• You can view or add SSL certificates or a self-signed certificate that you can use when
accessing the Nasuni Management Console user interface. See “SSL Certificates” on page 458.
• You can view the SSL certificates or self-signed certificate that you use when accessing Nasuni
Edge Appliances. See “SSL Certificates” on page 394.
Antivirus Protection
Nasuni offers the option of protecting data with antivirus scanning, and review of files flagged for
violations. Nasuni Edge Appliance Antivirus Protection uses the Clam AntiVirus (ClamAV®) open-
source antivirus engine. Synchronization with the ClamAV virus database occurs within four hours of an
update to that database. Customers can report false positives here.
You can enable or disable Antivirus Protection. See “Editing Anti-Malware settings (Antivirus Protection
and Ransomware Detection)” on page 239.
• You can review antivirus violations. See “Reviewing antivirus violations” on page 243.
Ransomware Detection
Nasuni offers protection against ransomware by identifying known ransomware patterns, and notifying
administrators of their presence.
You can enable or disable Ransomware Detection. See “Editing Anti-Malware Service settings
(Antivirus Protection and Ransomware Detection)” on page 247.
Firewall protection
You can limit which network hosts connect to the Nasuni Management Console user interface and the
Nasuni Support SSH port, which provides firewall protection. See “Firewall” on page 486.
Changing performance
There are a number of settings that can affect the performance of the system.
• Quality of Service (QoS) settings specify the outbound bandwidth for moving snapshots from
the Nasuni Edge Appliance to cloud storage.
Tip: Nasuni recommends setting the Quality of Service to the limit of the total bandwidth, or
slightly higher (so that bandwidth is not being limited). If the Quality of Service is too low,
it can cause delays in propagation and snapshots.
Nasuni does not recommend setting the Quality of Service to Unlimited, because a
setting of Unlimited disables traffic shaping, which prioritizes and allocates bandwidth to
different types of traffic (such as user activity, snapshots, and merges), so that no traffic
is denied bandwidth.
Snapshots are slower during periods of lower bandwidth. Local user read/write operations are
not affected. Limiting the bandwidth of outbound data between specific hours can help
decrease network congestion. See “Quality of Service (Bandwidth) Settings” on page 317.
• On virtual platforms, you can change resources such as the number of processors applied to
the virtual machine as well as the contention for resources. See the installation guide for your
virtual machine platform at https://community.nasuni.com/s/documentation.
• The cache is the local storage of the Nasuni Edge Appliance. All data and metadata that are
accessed regularly are kept locally in the cache. By default, the amount of local cache space
reserved for new writes is managed automatically, using an advanced algorithm to optimize
cache usage. However, you can override the amount of local cache space reserved for new
writes in order to suit your company’s workload. Reserving a large portion of the cache for new
writes allows snapshots to complete more rapidly, but reduces the amount of data that is kept
locally. Reserving a small portion of the cache for new writes allows keeping more data locally,
but increases the time for completing snapshots. See “Cache Settings” on page 287. To view
unprotected files in the cache, see “Unprotected Files” on page 139.
On virtual platforms, you can also increase the size of the cache. See the installation guide for
your virtual machine platform at https://community.nasuni.com/s/documentation.
• Frequent snapshots increase the system load significantly. You can change when and how
frequently snapshots occur. See “Editing snapshot schedules” on page 226.
• Pinning a folder means retaining a folder in the local cache at all times. This can improve
performance and reduce the time necessary to return accessed data to clients. See “Pinned
Folders” on page 197. To view unprotected files in the cache, see “Unprotected Files” on
page 139.
Important: The NMC API can be used to pin metadata in the cache, or to enable Auto Cache for
metadata.
Pinning metadata in the cache and enabling Auto Cache for metadata can affect the
amount of data in the cache, and the display of data in the cache. Also, bringing all
metadata into the cache adds time to the sync process and might affect user
performance. With no users on a dedicated appliance (for example, to change
permissions or perform searches), the effect on sync times due to syncing the entire
metadata tree would not affect any user-related snapshot or sync changes.
The NMC API can also be used to verify that these features have been configured for
a directory.
Because metadata-only pinning and Auto Cache pinning are currently possible only
with the NMC API, directories with such pinning enabled are not displayed in the File
Browser of the NMC and the Edge Appliance, nor on the NMC Pinned Folders and
NMC Auto Cached Folders pages.
Overview
This chapter explains how to install the Nasuni Management Console on your network.
Note: There can be at most one Nasuni Management Console per account.
Number of Edge Appliances CPUs Memory (GiB) Azure VM size AWS EC2
managed by NMC instance
Up to 50 2 16 Standard_E2s_v4 r5.large
*If managing more than 200 Edge Appliances, additional backend configuration is necessary for the
NMC. Contact Nasuni Support for assistance.
Note: These values are based on CPU and memory utilization for a version 8.5 NMC. Earlier
versions of the NMC might require additional resources.
Important: These are general recommendations. Your specific situation might require further
resources.
• OVF FORMAT: OVF format is appropriate for VMware ESXi 6.7, 7.0, and above
environments.
3. From the drop-down list, select an available release for the Nasuni Management Console. The
list of available releases can change.
Note: If you already have the software installation file, you do not have to download it again.
However, the software installation file must not be older than the version you are
recovering.
4. Save the Nasuni Management Console software .zip file to a location on your local drive.
5. Unzip the Nasuni Management Console software .zip file.
6. To install the Nasuni Management Console into VMware ESXi, use the vSphere Client to deploy
the NasuniNMC.ovf OVF template file. Power on the new Nasuni Management Console virtual
machine. Click the Console tab.
Alternatively, to install the Nasuni Management Console into Microsoft Hyper-V, use the Hyper-
V Manager to import the virtual machine. Start the new Nasuni Management Console virtual
machine. Right-click the Nasuni Management Console virtual machine, and select Connect
from the drop-down menu.
Alternatively, to install the Nasuni Management Console into Nutanix AHV, use the Prism Web
Console to import the virtual machine. Start the new Nasuni Management Console virtual
machine. Right-click the Nasuni Management Console virtual machine, and select Power On
from the drop-down menu. Unlike the installation of the Nasuni Edge Appliance, the installation
of the Nasuni Management Console requires only one virtual disk.
7. The Nasuni Management Console screen appears with a plain white bar on the bottom that
indicates the progress of the installation.
8. After a few moments, the Nasuni Management Console console screen appears.
https://<IP address>
3. Click Add Exception. The Add Security Exception dialog box appears.
Figure 7-10: “There is a problem with this website's security certificate.” page.
2. Click Continue to this website.
3. Continue with “Nasuni Management Console Installation Wizard” on page 46.
Note: The Nasuni Management Console attempts to register the hostname in the DNS
server, so that users can access this host by name.
To change this name later, see “Networking” on page 487.
b. From the Network Type drop-down list, select either Static, DHCP, or DHCP with Custom
DNS.
c. In the Network Device Settings area, enter values depending on your choice of Network
Type:
• DHCP (Dynamic Host Configuration Protocol) or DHCP with custom DNS: Provides a
network IP address for a host on an IP network automatically. The IP Address, Netmask,
Default Gateway, and MTU Value fields become unavailable.
• Static: If you select Static as a source, you must provide Network Device Settings. See
your IT administrator for assistance.
• Enter the static IP address in the IP Address text box.
• Enter a netmask address in the Netmask text box.
• Enter a default gateway address in the Default Gateway text box.
The gateway address must match a subnet of a defined static network.
• Enter the MTU value in the MTU Value text box. MTU settings above 1500 are
supported.
The maximum transmission unit (MTU) is the size (in bytes) of the largest protocol
data unit that the layer can pass onwards. A larger MTU brings greater efficiency,
because each packet carries more user data while protocol overheads, such as
headers, remain fixed; the resulting higher efficiency means a slight improvement in
the bulk protocol throughput. A larger MTU also means processing fewer packets for
the same amount of data. However, large packets can occupy a slow link for some
time, causing greater delays to following packets, and increasing lag and minimum
latency.
d. In the System Settings area, enter values depending on your choice of Network Type:
• DHCP (Dynamic Host Configuration Protocol): The Search Domain, Primary DNS Server,
and Secondary DNS Server fields become unavailable.
• Static or DHCP with custom DNS: If you select Static or DHCP with custom DNS as a
source, you must provide System Settings. See your IT administrator for assistance.
• Enter one or more local search domains in the Search Domain text box. If you enter
multiple search domains, make sure you include a space between each entry. You
must enter valid hostnames.
You can use search domains to avoid typing the complete address of domains that
you use frequently. The search domains that you enter are automatically appended
to names that you specify for purposes such as Active Directory configuration,
HTTPS proxy, and NTP server. For example, if you specify the search domain
“mycompany.com”, then typing “server1” for one of these purposes would connect
to “server1.mycompany.com”.
Note: There are no search domains for LDAP Directory Services.
• Enter the IP address for your primary DNS server in the Primary DNS server text
box. You must enter a valid hostname or IP address.
• Enter the IP address for your secondary DNS server in the Secondary DNS server
text box (if applicable). You must enter a valid hostname or IP address.
e. Click Continue to proceed.
2. The Install Wizard — Proxy Network Configuration page appears.
f. Click Continue. To return to the previous page to change parameters, click Back.
3. The Install Wizard — Review Network Settings page appears.
Enter the NMC Serial Number and Authorization code, found under the Account section of
www.nasuni.com.
Click Continue to proceed.
Note: If you reuse an NMC Serial Number for a previously existing Nasuni Management
Console, you are asked if you want to perform a disaster recovery procedure on that
Nasuni Management Console. For details, see “Recovery” on page 501.
8. The Install Wizard — Confirm New NMC Install page appears.
Important: It is not supported for users in the Active Directory Protected Users security
group to log in to the NMC.
Important: You cannot use Active Directory passwords longer than 127 characters to log
in to the NMC.
An indicator of password strength appears. Although password strength is not enforced, you
should use strong passwords. This user automatically becomes a member of the NMC
Administrators group (see “Console Users and Groups” on page 472). Click Continue.
10. This completes the Install Wizard. The Setup Almost Complete page appears.
The Nasuni Management Console user interface presents you with a Login page, where you log in
using the username and password for the NMC administrative user.
You can log in and access the Nasuni Management Console user interface from any computer running
a supported Web browser, including Mozilla Firefox, Microsoft Internet Explorer, Apple Safari, and
Google Chrome.
At the top of the Login page, you can access online help (see “Viewing the Nasuni Management
Console Help” on page 57). You can also power down the system, if necessary (see “Powering Down
and Rebooting the Nasuni Management Console” on page 59).
Note: If you do not have the credentials for www.nasuni.com, you can perform a password
reset or contact Nasuni Technical Support.
3. In the New Administrative Account area, create a Username (case-sensitive) and a Password
(case-sensitive). An indicator of password strength appears. Password strength is enforced for
this action. You should use strong passwords.
Important: It is not supported for users in the Active Directory Protected Users security
group to log in to the NMC.
Important: You cannot use Active Directory passwords longer than 127 characters to log
in to the NMC.
4. Click Continue. The Nasuni Management Console user interface appears.
Several elements appear on all pages of the Nasuni Management Console user interface.
Username
In the navigation bar at the top of all pages, the name of the user who is logged in appears, along with
the time zone used for all displays.
6. If you do not stop the shutdown, the Nasuni Management Console shuts down.
On the console, a series of shutdown messages appears, and the console automatically closes
down.
To restart, you can power on the Nasuni Management Console from your platform.
If you selected Reboot immediately, the Nasuni Management Console reboots immediately.
Changing Password
You can change the password for the Nasuni Management Console administrative account. The
Change Password option is available by clicking the user name on the navigation bar at the top of all
pages.
Note: Changes to the password of the administrative user are propagated to all Nasuni Edge
Appliances that are under the control of the Nasuni Management Console.
Important: You cannot use Active Directory passwords longer than 127 characters to log in to
the NMC.
To change the password, follow these steps:
1. Click the user name on the navigation bar at the top of the page, then click Change Password
from the menu. The Change Password page appears.
NMC version
The NMC version appears on the bottom right of each .
However, using an unsupported Edge Appliance version with the NMC can lead to unknown behavior,
and Nasuni does not test unsupported versions.
If an Edge Appliance is either older than or newer than any supported version, the NMC displays a
notice on the Notifications page, the Filer Details page, and the Filers list.
Notifications
You can access notifications using the bell-shaped Notifications icon at the top right.
Sorting lists
You can sort many lists of information alphabetically, numerically, or chronologically. To sort, click on
the heading of each column. To sort in the opposite direction, click on the heading of the column again.
Action status
On pages where you can perform actions, a Status column shows the status of the last action
performed. If the action is completed, a checkmark appears. If the action is not completed, a
rotating circle appears. If there is a problem with the attempted action, a caution symbol
appears. Hover the mouse over the symbol for more information.
The Home page also offers links to the Volumes, Filers, Account Status, Console Settings, and
Notifications pages. Additional information appears on these pages and the menus and items they
contain.
You can return to the Home page at any time by clicking the Nasuni logo in the top left corner.
System Health
In the System Health area, the following information appears:
• Number of Nasuni Edge Appliances offline (if any) and online. Clicking Filers offline opens the
Filers page. For details, see “Filers page” on page 268.
Note: If a Nasuni Edge Appliance goes offline, an email alert is sent, if configured.
• Number of antivirus violations. Clicking antivirus violations opens the Antivirus Violations
page. For details, see “Antivirus Violations” on page 242.
• Number of pending notifications. Clicking pending notifications opens the Notifications page.
For details, see “Notifications” on page 496.
• Number of currently available NMC software updates. Clicking NMC update available opens
the Software Update Available page. For details, see “Automatic Software Updates for NMC”
on page 412.
• Number of currently available Nasuni Edge Appliance software updates. Clicking Filer updates
available opens the Filer Software Updates page. For details, see “Automatic Software
Updates” on page 284.
• Number of volumes available. Clicking volumes available opens the Volumes page. For details,
see “Volumes page” on page 75.
• Number of setting sync errors, namely, requested changes to Nasuni Edge Appliances that have
failed for some reason. Clicking setting sync errors opens the Outstanding Settings Updates
Filers page. For details, see “Sync Schedule” on page 233.
Hardware Health
In the Hardware Health area, the following information appears:
• Status of power supply. If the status is Alert, you should investigate the situation.
• Status of RAID batteries. Clicking RAID batteries opens the Filer Platform/Hardware Settings
page. For details, see “Platform Settings” on page 378. If the status is Alert, you should
investigate the situation.
• Status of RAID arrays. Clicking RAID arrays opens the Filer Platform/Hardware Settings
page. For details, see “Platform Settings” on page 378. If the status is Alert, you should
investigate the situation.
• Status of RAID disks. Clicking RAID disk error opens the Filer Platform/Hardware Settings
page. For details, see “Platform Settings” on page 378. If the status is Alert, you should
investigate the situation.
Account
The date that the current subscription license or trial license expires. Clicking valid through opens the
Account Status page. For details, see “Account Status” on page 396.
Tip: Nasuni monitors platform-specific limits on the number of supported concurrent
connections. When the number of concurrent connections reaches the “soft limit” for an
Edge Appliance, you receive a notification of how many connections remain, and a
suggestion to reduce the number of connections for that Edge Appliance, if possible. When
the number of concurrent connections reaches the “hard limit” for an Edge Appliance, you
receive a notification, and all new connections are denied for that Edge Appliance until the
number of connections decreases below the “hard limit” again.
N1050
N2040 3000 connections
5000 4000 connections
6000
Volumes Managed
In the Volumes Managed area, the following information appears:
• Total number of volumes managed. Clicking Volumes Managed opens the Volumes page. For
details, see “Volumes page” on page 75.
• Number of CIFS shares. Clicking CIFS Shares opens the Shares page. For details, see “SMB
(CIFS) Shares” on page 163.
• Number of NFS exports. Clicking NFS Exports opens the Exports page. For details, see “NFS
Exports” on page 141.
• Number of FTP/SFTP directories. Clicking FTP Directories opens the FTP Directories page.
For details, see “FTP Directories” on page 152.
Filers Managed
In the Filers Managed area, the following information appears:
• Total number of Nasuni Edge Appliances managed. Clicking Filers Managed opens the Filers
page. For details, see “Filers page” on page 268.
• Number of unmanaged Nasuni Edge Appliances. Clicking Unmanaged opens the Filers page.
For details, see “Filers page” on page 268.
Capacity
In the Capacity area, the following information appears:
• Total amount of Accessible Capacity.
Tip: For a summary of available data metrics, see “Data Metrics” on page 537.
• Amount of Licensed Capacity.
Tip: For a summary of available data metrics, see “Data Metrics” on page 537.
Note: If the licensed capacity is exceeded, you can still store more data temporarily. If your
total stored data nears or exceeds your licensed capacity, you receive warnings to
increase your licensed capacity.
• Percentage of Licensed Capacity used.
• Amount of capacity not yet protected.
Figure 10-2: Data Growth chart: Licensed Data and Accessible Data.
This shows the amount of data on the vertical axis versus time along the horizontal axis, including the
following:
• Licensed Data. Licensed Data is sometimes also called “Licensed Capacity” or “Storage
Volume Limit”. Licensed Data is the amount of data storage that Nasuni is managing for the
customer, and that the customer is paying to store using the Nasuni service. Every customer
has a Licensed Data limit. No customer has unlimited storage. However, every customer has
unlimited versions of their data available. Since the Nasuni service is inherently unlimited, the
Licensed Data limit can easily be changed, as business needs change. Licensed Data should be
compared to data metrics such as “Now” data, which is current data and metadata in the cloud,
without the effects of compression or deduplication. The default Licensed Data for trial
accounts is 5 TB. To select or unselect Licensed data, click Licensed Data.
Tip: For a summary of available data metrics, see “Data Metrics” on page 537.
• Accessible Data. Accessible Data includes current data already protected in the cloud, as well
as current data in the cache that is not yet protected. For this reason, the volume data in the
cache that is not yet protected is generally less than the total accessible data, unless this
volume has not completed any snapshots. Accessible Data is current data only. Accessible
Data does not include previous versions or snapshots. Accessible Data does not include
metadata. Accessible Data does not reflect the effects of compression or deduplication. To
select or unselect accessible data, click Accessible Data.
Tip: For a summary of available data metrics, see “Data Metrics” on page 537.
• Cloud Usage. If the customer license includes public or private cloud providers, and if the
amount of data stored with public or private cloud providers is greater than zero, the Cloud
Usage data is also available. Cloud Usage data includes the size in the cloud of all data and
metadata protected in the cloud, for all versions, after encryption, compression, and
deduplication. Cloud Usage data does not include unprotected data in the cache.To select or
unselect Cloud Usage, click Cloud Usage.
Figure 10-3: Data Growth chart: Cloud Usage and Accessible Data.
The amount of data is shown in units such as MB, GB, and TB. The length of time is shown by year and
month.
Tip: For a summary of available data metrics, see “Data Metrics” on page 537.
Note: Nasuni Edge Appliances and the NMC display the size of data in base 10 units (including
MB = 1,000,000 bytes, GB = 1,000,000,000 bytes, and TB = 1,000,000,000,000 bytes).
In contrast, some platforms display the size of data in base 2 units (including MB =
1,048,576 bytes, GB = 1,073,741,824 bytes, and TB = 1,099,511,627,776 bytes).
For example, a file that Nasuni displays as 10 MB would be displayed by some platforms
as 9.53 MB.
Important: The NMC API can be used to pin metadata in the cache, or to enable Auto Cache for
metadata.
Pinning metadata in the cache and enabling Auto Cache for metadata can affect the
amount of data in the cache, and the display of data in the cache. Also, bringing all
metadata into the cache adds time to the sync process and might affect user
performance. With no users on a dedicated appliance (for example, to change
permissions or perform searches), the effect on sync times due to syncing the entire
metadata tree would not affect any user-related snapshot or sync changes.
The NMC API can also be used to verify that these features have been configured for
a directory.
Because metadata-only pinning and Auto Cache pinning are currently possible only
with the NMC API, directories with such pinning enabled are not displayed in the File
Browser of the NMC and the Edge Appliance, nor on the NMC Pinned Folders and
NMC Auto Cached Folders pages.
Important: Time marker labels indicate the end of a time period. For example, the label 'Dec '19'
indicates the end of December 2019. Everything to the left of this label is before the
end of December 2019.
Network Traffic
A chart of the Network Traffic of the Nasuni Edge Appliances appears on the Home page.
Figure 10-8: Details of network traffic and time on Network Traffic chart.
To zoom in on a specific range of displayed data, click the chart at the high end of the range you want,
then drag to the low end of the range you want, then release. The chart rescales to zoom in on the
selected range.
To reset the zoom to the default display, click Reset zoom.
There are two types of volumes: local volumes that are “owned” by the local Nasuni Edge Appliance,
and remote volumes that belong to other Nasuni Edge Appliances.
On the Volumes page, you can view, delete, disconnect, and take snapshots of volumes.
From the Volumes page, you can also perform the following actions:
• Create a new volume.
• Create, view, and edit connections between volumes.
• View, download, and bring into cache volumes and files.
• Enabling Auto Cache for folders. View and edit Auto Cached folders.
• View unprotected files currently in the cache of a volume.
• Create, view, edit, and delete NFS exports, FTP/SFTP directories, and CIFS shares.
• View and edit volume encryption key information.
• View and edit volume names.
• View and edit folder pinning settings. Pin folders in the cache.
• View and edit volume protocols.
• View and edit volume quotas.
• View and edit volume remote access settings.
• View and edit volume snapshot directory access and volume snapshot retention settings.
• View and edit volume snapshot and volume sync schedules.
• View and edit volume Antivirus Protection settings. View antivirus violations, and ignore or
delete flagged files.
• View and edit volume Ransomware Detection settings.
• View and configure file auditing.
• View and edit volume File Alert Service settings.
• View charts of the time taken for data propagation, and the age of the oldest data in the cache.
Volumes page
Click Volumes. The Volumes page displays a dashboard of volume information and a list of all
managed volumes.
Volumes Managed
In the Volumes Managed area, the following information appears:
• Total number of Volumes Managed.
Note: Shared volumes that are not managed by the Nasuni Management Console might not
display or total correctly.
• Number of Multisite Volumes, namely, volumes that have Remote Access enabled. Clicking
Multisite Volumes opens the Volume Remote Access Setting page. For details, see “Remote
Access” on page 213.
Tip: For an Edge Appliance with new or changed volume configurations for remote volumes
with Read/Write permissions, it can initially take up to 20 minutes before these remote
volumes appear in the list of volumes. It takes time to fetch the necessary information for
the remote volumes.
• Number of Multisite Connections, namely, the volumes that are accessing volumes with Remote
Access enabled. Clicking Multisite Connections opens the Remotely Accessible Volumes
page. For details, see “Connect to (and Disconnect from) a Remote Volume” on page 109.
Volume Health
In the Volume Health area, the following information appears:
• Number of antivirus violations. Clicking antivirus violations opens the Antivirus Violations
page. For details, see “Antivirus Violations” on page 242.
• Number of volumes available. Clicking volumes available opens the Volumes page. For
details, see “Volumes page” on page 75.
If an attempt to read a volume from the cloud fails, an indication of Volume Unavailable (or
Volumes Unavailable) appears. This situation is generally temporary. If the Volume
Unavailable condition continues, investigate why the volume might be unavailable, such as
network issues.
• Number of setting sync errors, namely, requested changes to Nasuni Edge Appliances that have
failed for some reason. Clicking setting sync errors opens the Outstanding Settings Updates
To Filers page. For details, see “Pending Updates” on page 376.
Figure 11-4: Data Growth chart: Licensed Data and Accessible Data.
Figure 11-5: Data Growth chart: Cloud Usage and Accessible Data.
The amount of data is shown in units such as MB, GB, and TB. The length of time is shown by year and
month.
Tip: For a summary of available data metrics, see “Data Metrics” on page 537.
Note: Nasuni Edge Appliances and the NMC display the size of data in base 10 units (including
MB = 1,000,000 bytes, GB = 1,000,000,000 bytes, and TB = 1,000,000,000,000 bytes).
In contrast, some platforms display the size of data in base 2 units (including MB =
1,048,576 bytes, GB = 1,073,741,824 bytes, and TB = 1,099,511,627,776 bytes).
For example, a file that Nasuni displays as 10 MB would be displayed by some platforms
as 9.53 MB.
Important: The NMC API can be used to pin metadata in the cache, or to enable Auto Cache for
metadata.
Pinning metadata in the cache and enabling Auto Cache for metadata can affect the
amount of data in the cache, and the display of data in the cache. Also, bringing all
metadata into the cache adds time to the sync process and might affect user
performance. With no users on a dedicated appliance (for example, to change
permissions or perform searches), the effect on sync times due to syncing the entire
metadata tree would not affect any user-related snapshot or sync changes.
The NMC API can also be used to verify that these features have been configured for
a directory.
Because metadata-only pinning and Auto Cache pinning are currently possible only
with the NMC API, directories with such pinning enabled are not displayed in the File
Browser of the NMC and the Edge Appliance, nor on the NMC Pinned Folders and
NMC Auto Cached Folders pages.
Time marker labels indicate the end of a time period. For example, the label 'Dec '19' indicates the end
of December 2019. Everything to the left of this label is before the end of December 2019.
To zoom in on a specific range of displayed data, click the chart at the high end of the range you want,
then drag to the low end of the range you want, then release. The chart rescales to zoom in on the
selected range.
To reset the zoom to the default display, click Reset zoom.
Volume List
The Volume List appears on the Volumes page.
• Pinned: Indicates whether the entire volume, namely, the root folder of the volume, is
pinned in the cache: Pinned, if volume folder is pinned. You can pin the volume folder to the
cache as detailed in “Pinned Folders” on page 197. To view unprotected files in the cache,
see “Unprotected Files” on page 139.
• Security Mode (CIFS volumes only): The security mode of the CIFS volume: Active
Directory, LDAP Directory Services, Publicly Available, or Unknown.
Note: If the permission of a remote volume is Disabled, the remote volume might not
display the correct Security for that volume.
• Filer: The name of the Nasuni Edge Appliance that the volume is on. For details, see “Filer
Details page” on page 275.
Tip: This function can also be performed using the NMC API. For details, see NMC API.
• Protocol: The protocol of the volume: CIFS, NFS, or FTP.
• Number of shares (CIFS), exports (NFS), or directories (FTP): For CIFS volumes, the total
number of shares. For details, see “SMB (CIFS) Shares” on page 163. For NFS volumes, the
total number of exports. For details, see “NFS Exports” on page 141. For FTP/SFTP
directories, the total number of FTP/SFTP directories. For details, see “FTP Directories” on
page 152
• Accessible Data: Accessible Data includes current data already protected in the cloud, as well
as current data in the cache that is not yet protected. For this reason, the volume data in the
cache that is not yet protected is generally less than the total accessible data, unless this
volume has not completed any snapshots. Accessible Data is current data only. Accessible
Data does not include previous versions or snapshots. Accessible Data does not include
metadata. Accessible Data does not reflect the effects of compression or deduplication.
• not yet protected: The amount of data not yet protected.
Tip: For a summary of available data metrics, see “Data Metrics” on page 537.
• Last Snapshot: For a local volume, the date and time of the latest version of the data within this
volume in the cloud, that the NMC is aware of.
For a remote or shared volume, the date and time of the latest version of the data within this
volume in the cloud, that the Edge Appliance has synced to, and that the NMC is aware of.
If there are no snapshots yet, “No snapshots”.
For a more current representation of Edge Appliances on the NMC, click “Refresh Managed
Filers” on the Filers page. For details, see “Account Filers” on page 273.
If a snapshot is in progress and has not completed, the label “In progress” displays, along with
the percentage of the snapshot completed.
Tip: This function can also be performed using the NMC API. For details, see NMC API.
• Actions: Actions available for each managed volume.
• To initiate a snapshot, click Take Snapshot . A snapshot is initiated for the volume.
Tip: This function can also be performed using the NMC API. For details, see NMC API.
Note: With each Nasuni snapshot, configuration information is included, in case it is
necessary to recover the Edge Appliance. The configuration information includes
volume name, volume GUID, share type, software version, last pushed version,
retention type, and permissions policy. The configuration bundle is encrypted in the
Volume details
Tip: This function can also be performed using the NMC API. For details, see NMC API.
In the Volume List, clicking the volume name opens the Volume Details page.
Also, if the user is one of the volume-delete-capable administrators, but not the initiator of the
delete, and deletion has not been approved, the “Approve Delete” button appears.
Also, if the user is one of the volume-delete-capable administrators, but not the initiator of the
delete, and they have approved the deletion, the “Revoke Approval” button appears.
Also, if the user is the initiator of the delete and all approvals have been received, the “Delete
Immediately” button appears.
Data Growth chart:
This shows the amount of data on the vertical axis versus time along the horizontal axis,
including the following:
• Licensed Data. Licensed Data is sometimes also called “Licensed Capacity” or “Storage
Volume Limit”. Licensed Data is the amount of data storage that Nasuni is managing for the
customer, and that the customer is paying to store using the Nasuni service. Every customer
has a Licensed Data limit. No customer has unlimited storage. However, every customer has
unlimited versions of their data available. Since the Nasuni service is inherently unlimited,
the Licensed Data limit can easily be changed, as business needs change. Licensed Data
should be compared to data metrics such as “Now” data, which is current data and
metadata in the cloud, without the effects of compression or deduplication. The default
Licensed Data for trial accounts is 5 TB. To select or unselect Licensed data, click Licensed
Data.
Tip: For a summary of available data metrics, see “Data Metrics” on page 537.
• Accessible Data. Accessible Data includes current data already protected in the cloud, as
well as current data in the cache that is not yet protected. For this reason, the volume data
in the cache that is not yet protected is generally less than the total accessible data, unless
this volume has not completed any snapshots. Accessible Data is current data only.
Accessible Data does not include previous versions or snapshots. Accessible Data does not
include metadata. Accessible Data does not reflect the effects of compression or
deduplication. To select or unselect accessible data, click Accessible Data.
Tip: For a summary of available data metrics, see “Data Metrics” on page 537.
• Cloud Usage. If the customer license includes public or private cloud providers, and if the
amount of data stored with public or private cloud providers is greater than zero, the Cloud
Usage data is also available. Cloud Usage data includes the size in the cloud of all data and
metadata protected in the cloud, for all versions, after encryption, compression, and
deduplication. Cloud Usage data does not include unprotected data in the cache.To select
or unselect Cloud Usage, click Cloud Usage.
Tip: For a summary of available data metrics, see “Data Metrics” on page 537.
The amount of data is shown in units such as MB, GB, and TB. The length of time is shown by
year and month.
Note: Nasuni Edge Appliances and the NMC display the size of data in base 10 units
(including MB = 1,000,000 bytes, GB = 1,000,000,000 bytes, and TB =
1,000,000,000,000 bytes).
In contrast, some platforms display the size of data in base 2 units (including MB =
1,048,576 bytes, GB = 1,073,741,824 bytes, and TB = 1,099,511,627,776 bytes).
• Allows durable handles with SMB 2.0 and higher clients, which can then open a file
and survive a temporary connection loss (60 seconds or less).
Note: When Global Locking is enabled, support for SMB durable handles (allowing
clients to survive temporary connection loss) is disabled. Enabling Global
Locking anywhere on the volume disables durable handles. If durable handles is
disabled in this way, durable handles cannot be enabled again.
Caution: A CIFS NTFS Exclusive Mode volume cannot have multiple volume
protocols. If this CIFS volume must support multiple protocols, select NTFS
Compatible Mode.
Important: You cannot switch from NTFS Exclusive Mode to NTFS Compatible
Mode.
• NTFS Compatible Mode:
• Optional mode for CIFS (SMB) volumes on Nasuni Edge Appliances joined to Active
Directory.
• Provides a high level of Windows and Mac compatibility through the CIFS (SMB)
protocol, with some limitations.
• This mode is required for multiple protocol support that does NOT involve NFS, such
as CIFS (SMB) with FTP/SFTP, as well as CIFS (SMB).
NFS and FTP/SFTP protocols cannot see all NTFS permissions and do not obey all
access rules in NTFS permissions. NFS and FTP/SFTP protocols obey only the
POSIX access control list (ACL) component of inheritance rules.
• Not supported: NFS-only volumes, LDAP authentication.
• POSIX Mixed Mode:
• Default mode for CIFS (SMB) volumes on Nasuni Edge Appliances joined to LDAP.
Also available for Nasuni Appliances joined to Active Directory.
• Recommended for combined NFS and CIFS (SMB) volumes, and for combined CIFS
(SMB) and FTP/SFTP volumes. Also recommended for LDAP-authenticated CIFS
(SMB)-only volumes with Linux or Mac clients, with UNIX extensions enabled.
• More information:
• Access control lists (ACLs) are supported entirely through POSIX ACLs. Windows
clients receive mapping of POSIX ACLs to NTFS ACLs. However, the mappings
are not as complete as mappings done for NTFS Compatible Mode. NFS clients
cannot view the ACLs.
• The NFSv4 protocol automatically translates the underlying ACLs to NFSv4
ACLs. The common tools for managing POSIX ACLs are not supported on
NFSv4. To manage ACLs using NFSv4, you must use the NFSv4 ACL tools.
• UNIX/NFS Permissions Only Mode:
• Default mode for NFS volumes.
• Recommended for primary or heavy NFS use.
• Not available for CIFS (SMB) volumes. Not recommended for Windows users.
• More information:
• Only supports traditional UNIX mode bits to control permissions (chmod).
• Windows can view permissions as access control lists (ACLs), but cannot add or
remove access control entries (ACEs).
• Pinned Folders: Indicates whether any volume folder is pinned in the cache: Yes or No. To
view pinned folders, click the status. For details, see “Pinned Folders” on page 197. To view
unprotected files in the cache, see “Unprotected Files” on page 139.
• Auto Cached Folders: Indicates whether folders have Auto Cache (automatically bringing
data from other Nasuni Edge Appliances into the local cache immediately) enabled. To see
folders with Auto Cache enabled, click the status. For details, see “Enabling Auto Cache for
Folders” on page 125. To enable or disable Auto Cache for a volume, see “Scheduling
Syncs” on page 234.
Note: Auto Cache must be enabled for a volume before Auto Cache is enabled for a
folder in the volume.
• Quota: The quota (maximum capacity) configuration in GB, or “No Quota” if there is no
quota. To change the quota, click the status. For details, see “Quota” on page 206.
Note: If the licensed capacity is exceeded, you can still store more data temporarily. If
your total stored data nears or exceeds your licensed capacity, you receive
warnings to increase your licensed capacity.
Tip: For a summary of available data metrics, see “Data Metrics” on page 537.
• Safe Delete: Indicates whether the Safe Delete feature is Enabled or Disabled. To enable
or disable the Safe Delete feature, click the status. For details, see “Safe Delete of volumes”
on page 95.
In the Snapshots & Sync area:
• Snapshot Access: Indicates whether access to the snapshot directory for the volume is
Enabled or Disabled. To enable or disable snapshot directory access for a volume, click the
status. Clicking the status opens the Volume Snapshot Directory Access page, with the
Edit Snapshot Directory Access dialog box selected. For details, see “Snapshot Directory
Access” on page 217.
Tip: If both the SMB (CIFS) protocol and the NFS protocol are enabled on a volume, then
the .snapshot directory is not available.
• Snapshot Retention: The snapshot retention policy. To configure a snapshot retention
policy, click the status. Clicking the status opens the Volume Snapshot Retention page,
with the Snapshot Retention dialog box selected. For details, see “Snapshot retention” on
page 220.
Snapshot Schedule: The schedule for snapshots. If there is no schedule for snapshots,
indicates Disabled. To schedule snapshots, click the status. Clicking the status opens the
Volume Snapshot Schedule page, with the Snapshot Schedule dialog box selected. For
details, see “Snapshot schedule” on page 224.
If a volume has Global File Acceleration set as Active, and not Observation, the Snapshot
Schedule for the volume displays “Global File Accelerator”.
Note: For any volume that is either Pending Delete or Pending Delete Approval, the pending
deletions might be canceled after the volume's Nasuni Edge Appliance is recovered.
Before deleting a volume, complete the following prerequisites:
• If other Nasuni Edge Appliances are connected to the volume, disconnect them from the
volume. See “Connect to (and Disconnect from) a Remote Volume” on page 109 for details
about disconnecting from a volume.
• If the volume is configured for remote access by other Nasuni Edge Appliances, disable remote
access on the volume before deleting it. See “Remote Access” on page 213 for details.
• Administrators should notify the file system users that the volume is going to be deleted.
Note: Deleting a volume reduces the licensed capacity used; however, the background
delete operation can take time to process, depending on the number of files or blocks.
Notifications indicate when the volume deletion is complete.
Tip: For a summary of available data metrics, see “Data Metrics” on page 537.
To delete a local "owned" volume, follow these steps:
Caution: You cannot undo this procedure.
Warning: Deleting a volume destroys all the volume’s data stored in the cache, as well as
data stored in cloud storage.
Other Nasuni Edge Appliances connected to the volume lose access to the data in
the volume.
1. Click Delete . The Delete Volume dialog box appears.
3. Click “Edit Volumes”. The “Volume Safe Delete Settings” dialog box appears.
3. Click “Edit Volumes”. The “Volume Safe Delete Settings” dialog box appears.
Take Snapshot
To take a snapshot of a volume, follow these steps:
1. For the volume that you want to take a snapshot of, click Take Snapshot .
A snapshot is scheduled for this volume.
Note: Because multiple Edge Appliances can share multiple volumes, snapshot handling
simplifies processing in these ways:
• On a given Edge Appliance, only one volume can perform a snapshot at a time.
• A volume that is shared on multiple Edge Appliances can only perform phase 2
(metadata) of a snapshot on one of the Edge Appliances at a time.
Note: With each Nasuni snapshot, configuration information is included, in case it is necessary to
recover the Edge Appliance. The configuration information includes volume name, volume
GUID, share type, software version, last pushed version, retention type, and permissions
policy. The configuration bundle is encrypted in the same way that all the customer data is
encrypted.
If you receive an alert that such backup configurations have failed, this might be due to
intermittent network issues, or possibly due to DNS issues. If you see notifications that the
Edge Appliance has successfully completed a snapshot after the backup alert, then you
can safely ignore the alert.
Cancel Snapshot
After you click Take Snapshot, as described above, you can cancel that scheduled snapshot.
To cancel a snapshot of a volume, click Cancel .
If the snapshot for this volume can be canceled, the snapshot is canceled.
If the snapshot cannot be canceled, a message appears.
Create Volume
There are two types of volumes: local volumes that are “owned” by the local Nasuni Edge Appliance,
and remote volumes that belong to other Nasuni Edge Appliances. You can use the Create Volume
page to create a new CIFS or NFS "owned" local volume on any managed Nasuni Edge Appliance.
Tip: For Nasuni recommendations for volume configuration, see “Volume Configuration” on
page 534.
Tip: Before adding an "owned" local volume, configure the cloud credentials for this volume. To
configure cloud credentials, see “Cloud Credentials” on page 398.
Note: The default maximum number of volumes is 8.
Tip: This function can also be performed using the NMC API. For details, see NMC API.
If you want to upload (import) an OpenPGP-compatible encryption key to use with the new volume, you
must upload the encryption key before starting the volume creation process. (For security reasons,
encryption keys that you upload cannot be downloaded from the system.) See “Adding (importing or
uploading) encryption keys to Nasuni Edge Appliances” on page 305. All uploaded encryption keys
should be at least 2048 bits long.
Important: If you intend to use a new encryption key that Nasuni generates, that encryption key
is automatically escrowed with Nasuni. To recover encryption keys escrowed with
Nasuni, you must specify an escrow passphrase. Therefore, before creating a new
volume with an encryption key that Nasuni generates, you must specify an escrow
passphrase. See “Escrow Passphrase” on page 311.
Tip: See Worksheet for a worksheet for planning configurations.
To create a new CIFS or NFS "owned" local volume, follow these steps:
1. Click Volumes then click Create Volume from the menu in the left column. The Create Volume
page appears.
Tip: For volumes supporting both Windows and Linux/UNIX clients, select CIFS (Windows
clients) and use a SMB client on Linux/UNIX.
Your choices are:
• CIFS (Windows clients): This protocol allows Windows users to share files across a
network. The CIFS protocol can be used on other operating systems besides Windows,
including UNIX, Linux, and macOS.
Tip: For Nasuni recommendations for volume configuration, see “Volume Configuration”
on page 534.
Tip: If you plan to enable both CIFS and NFS protocols for this volume, enable the NFS
protocol first, then add the CIFS protocol. Then select POSIX Mixed Mode as the
permissions policy.
• NFS (Unix clients): This protocol allows UNIX users to access and share file systems across
a computer network using UNIX and Linux.
Tip: For Nasuni recommendations for volume configuration, see “Volume Configuration”
on page 534.
Note: NFS volumes can only use the Optimized or Asynchronous modes of Global File
Lock.
Note: You can enable FTP/SFTP access to a SMB (CIFS) volume or an NFS volume after the
volume is created. See “Protocols” on page 199.
4. In the Volume Properties area, enter a human-readable name for the volume in the Name text
box, for example, “New York Office”. The name you enter is automatically applied as the
encryption key name in the Key Name text box.
Tip: The volume name must be fewer than 25 characters.
Important: Volumes on the same Edge Appliance must have unique names.
5. From the Cloud Provider drop-down list, select the cloud storage provider for this volume. The
choices for the back-end cloud storage component are part of each customer license.
6. From the Credentials drop-down list, select the cloud credentials for this volume. To configure
cloud credentials, see “Cloud Credentials” on page 398.
7. (For the Google Cloud Storage provider only.)
• Coldline: Very-low-cost, highly durable storage service for storing infrequently accessed
data.
• Nearline: Low-cost, highly durable storage service for storing infrequently accessed data.
• Standard: Best for data that is frequently accessed ("hot" data), or stored for only brief
periods of time.
For details, see Google Cloud Storage classes.
8. From the Region drop-down list, specify a region where you want to store your data.
You should store your data in a region that is near to your users and data centers, in order to
reduce data access latencies. The region you select should be remote from your other
operations for geographic redundancy and disaster recovery purposes. You should also
consider any compliance requirements for the location of data.
Note: Your data is protected with multiple copies in whichever region you choose.
Tip: For details on available regions, see Compatibility and Support and the following:
• For Amazon S3: https://docs.aws.amazon.com/general/latest/gr/
s3.html
• For Google Cloud Storage: https://cloud.google.com/about/locations
• For Microsoft Azure: https://azure.microsoft.com/en-us/global-
infrastructure/geographies/#geographies
Tip: For the Amazon S3 GovCloud cloud provider, use the region associated with the
hostname. For hostname s3.us-gov-east-1.amazonaws.com, select AWS
GovCloud (US-East). For hostname s3.us-gov-west-1.amazonaws.com, select
AWS GovCloud (US-West).
9. You can use an existing encryption key or create a new encryption key.
• To use an existing encryption key, select an encryption key from the Key drop-down list.
• To create a new encryption key, select Create New Key from the Key drop-down list, then
optionally enter a name for the new encryption key in the Key Name text box.
Important: If you intend to use a new encryption key that Nasuni generates, that
encryption key is automatically escrowed with Nasuni. To recover encryption
keys escrowed with Nasuni, you must specify an escrow passphrase.
Therefore, before creating a new volume with an encryption key that Nasuni
generates, you must specify an escrow passphrase. See “Escrow
Passphrase” on page 311.
Important: You can specify that you do not want Nasuni to generate any of your
encryption keys. This ensures that your data is encrypted only with
encryption keys that you upload. If you specify this, you must upload all the
encryption keys used. Specifically, when creating a volume, you cannot
select Create New Key as the source of the volume encryption key. If you
want to specify that Nasuni not generate encryption keys, request Nasuni
Support to disable key generation in your license.
Note: If you select Create New Key, the new encryption key is automatically escrowed for
you. To use your own encryption key, see “Adding encryption keys to a volume” on
page 192.
Important: The time to generate an encryption key can vary widely, depending on the
hardware (real or virtual) that the Nasuni Edge Appliance is executing on.
Encryption keys are generated in the background, so as to not block use of
the Nasuni Edge Appliance during generation.
Note: You cannot download any Nasuni Edge Appliance encryption key from a Nasuni
Management Console, because the Nasuni Edge Appliance never transmits any
encryption keys to a Nasuni Management Console. The Nasuni Management
Console is never in possession of any encryption key generated by a Nasuni Edge
Appliance. In particular, if you use the Nasuni Management Console to create a
volume on a Nasuni Edge Appliance, and specify generating a new encryption key
for that volume, that new encryption key is generated on the Nasuni Edge
Appliance, not on the Nasuni Management Console. The only way to download a
Nasuni Edge Appliance encryption key is by using the Nasuni Edge Appliance user
interface.
10. For CIFS and NFS volumes only, set the maximum volume capacity (in gigabytes) in the Quota
text box. A value of 0 (zero) or blank specifies an unlimited volume capacity (up to your licensed
capacity).
Quotas are applied after each successful snapshot. Nasuni recommends that you only increase
quotas rather than decrease them. A notification occurs when the volume reaches 90 percent of
the quota. Another notification occurs when the volume reaches the quota. If the volume is
shared, then the quota is compared to the sum of all Nasuni Edge Appliances connected to the
volume.
11. For CIFS and NFS volumes only, to automatically create a CIFS share or an NFS export for the
new volume, leave the Create a default Share/Export check box selected.
Tip: It is possible to create, update, and delete NFS exports using the NMC API.
12. For SMB (CIFS) volumes only, from the User Authentication drop-down list, select the method
for the Nasuni Edge Appliance to authenticate users connecting to SMB (CIFS) shares within
this volume.
Tip: For Nasuni recommendations for volume configuration, see “Volume Configuration” on
page 534.
Note: “Authenticated Access” refers to either Active Directory or LDAP Directory Services.
Note: If the Nasuni Edge Appliance is configured for Active Directory authentication, but is
not joined to a domain, a message appears, indicating that the new volume is not
usable until the Nasuni Edge Appliance joins a domain, at which time you can choose
Active Directory, LDAP Directory Services, or Public authentication.
Tip: It is not possible to change the authentication mode of a volume after you create the
volume.
The following options are available:
• Recommended for CIFS (SMB) volumes that do not require multiple protocols.
• Not Supported: NFS, FTP, LDAP authentication.
• Allows durable handles with SMB 2.0 and higher clients, which can then open a file
and survive a temporary connection loss (60 seconds or less).
Note: When Global Locking is enabled, support for SMB durable handles (allowing
clients to survive temporary connection loss) is disabled. Enabling Global
Locking anywhere on the volume disables durable handles. If durable handles is
disabled in this way, durable handles cannot be enabled again.
Caution: A CIFS NTFS Exclusive Mode volume cannot have multiple volume
protocols. If this CIFS volume must support multiple protocols, select NTFS
Compatible Mode.
Important: You cannot switch from NTFS Exclusive Mode to NTFS Compatible
Mode.
• NTFS Compatible Mode:
• Optional mode for CIFS (SMB) volumes on Nasuni Edge Appliances joined to Active
Directory.
• Provides a high level of Windows and Mac compatibility through the CIFS (SMB)
protocol, with some limitations.
• This mode is required for multiple protocol support that does NOT involve NFS, such
as CIFS (SMB) with FTP/SFTP, as well as CIFS (SMB).
NFS and FTP/SFTP protocols cannot see all NTFS permissions and do not obey all
access rules in NTFS permissions. NFS and FTP/SFTP protocols obey only the
POSIX access control list (ACL) component of inheritance rules.
• Not supported: NFS-only volumes, LDAP authentication.
• POSIX Mixed Mode:
• Default mode for CIFS (SMB) volumes on Nasuni Edge Appliances joined to LDAP.
Also available for Nasuni Appliances joined to Active Directory.
• Recommended for combined NFS and CIFS (SMB) volumes, and for combined CIFS
(SMB) and FTP/SFTP volumes. Also recommended for LDAP-authenticated CIFS
(SMB)-only volumes with Linux or Mac clients, with UNIX extensions enabled.
• More information:
• Access control lists (ACLs) are supported entirely through POSIX ACLs. Windows
clients receive mapping of POSIX ACLs to NTFS ACLs. However, the mappings
are not as complete as mappings done for NTFS Compatible Mode. NFS clients
cannot view the ACLs.
• The NFSv4 protocol automatically translates the underlying ACLs to NFSv4
ACLs. The common tools for managing POSIX ACLs are not supported on
NFSv4. To manage ACLs using NFSv4, you must use the NFSv4 ACL tools.
• UNIX/NFS Permissions Only Mode:
• Default mode for NFS volumes.
• Recommended for primary or heavy NFS use.
• Not available for CIFS (SMB) volumes. Not recommended for Windows users.
• More information:
• Only supports traditional UNIX mode bits to control permissions (chmod).
• Windows can view permissions as access control lists (ACLs), but cannot add or
remove access control entries (ACEs).
Changing the Storage Class and Location Type of a Google Cloud bucket
Nasuni customers might want to change the Storage Class and Location Type of a Google Cloud
bucket, to take advantage of pricing, availability, or other features.
In particular, customers using Nasuni Files for Google Cloud should change the Storage Class to
Archive Storage for the lowest pricing tier. For details on how Storage Class and Location Type
affect pricing, see the following Google information:
• Storage classes.
• Bucket locations.
• Cloud Storage pricing.
Note: To change the Storage Class and Location Type of a Google Cloud bucket, we transfer
data from the original bucket that Nasuni creates, to a temporary bucket; then from that
temporary bucket to a new bucket with the desired Storage Class and Location Type.
Tip: After the Storage Class is changed, the original Storage Class is still displayed on the
Volume Overview page of the Edge Appliance UI and on the Volume Details page of the
NMC.
For Nasuni versions 9.3 and later, see step 7 on page 102.
For Nasuni versions before 9.3, to change the Storage Class and Location Type of a Google Cloud
bucket, see the Google Cloud Storage Configuration Guide.
3. For the remotely accessible volume whose connections you want to change, click Edit
Connections. The Connect/Disconnect Volume dialog box appears.
b. To disconnect a currently connected managed Nasuni Edge Appliance from the selected
remotely accessible volume, clear the check box next to the managed Nasuni Edge
Appliance.
Caution: Disconnecting a Nasuni Edge Appliance from a remotely accessible volume
causes all shares and exports of the remotely accessible volume to be deleted
from the Nasuni Edge Appliance.
c. In the Inherit Settings area, select or deselect the settings that you want to inherit from the
remotely accessible volume.
d. Click Save Connections to save the changes you made to connections to remotely
accessible volumes.
The new information appears in the list of remotely accessible volumes on the Remotely
Accessible Volumes page.
Browsing a Volume
Browse
Tip: For a summary of available data metrics, see “Data Metrics” on page 537.
Note: Nasuni’s display of size might differ from other indications of size, such as
Windows Explorer and other utilities. Typically, such utilities display only the size of
the data currently present in the local cache, while Nasuni displays the full size,
regardless of where the data is.
• Ownership: The owner of the volume.
• Cache Resident: (CIFS and NFS volumes and FTP/SFTP directories.) Indicates whether the
volume is currently in the cache of the Nasuni Edge Appliance (Yes) or not (No). To view
unprotected files in the cache, see “Unprotected Files” on page 139.
• Pinning: (For folders, including volumes.) Indicates whether the folder (including volumes) is
pinned in the cache (Enabled). To enable pinning for a folder (including volumes), see
“Pinning Folders in the Cache” on page 124. To view unprotected files in the cache, see
“Unprotected Files” on page 139.
• Global Locking: (For folders, including volumes.) Indicates whether Global File Lock is
enabled for the volume (Enabled). To enable Global File Lock for a volume, see “Global File
Lock” on page 127.
• Auto Cache: (For folders, including volumes.) Indicates whether Auto Cache (automatically
bringing data from other Nasuni Edge Appliances into the local cache immediately) is
enabled for the folder (including volumes). To enable Auto Cache for a folder (including
volumes), see “Enabling Auto Cache for Folders” on page 125.
• Handle: (For volumes.) The handle for the blob in cloud storage that represents the start of a
UniFS snapshot for a specified volume. For use by the Analytics Connector.
The Analytics Connector helps to provide direct access to file system data in a secure,
native (file or object) format that does not involve an Edge Appliance cache.
Currently, the Analytics Connector requires the handle of the blob in cloud storage that
represents the start of a UniFS snapshot for a specified volume, as well as the bucket or
container.
Note: The terms “bucket” and “container” are used in the sense of a storage container for
items in cloud storage. Specific terms depend on the cloud storage provider.
Tip: The Analytics Connector must be enabled in the customer license. To enable the
Analytics Connector, contact Support.
Tip: This function can also be performed using the NMC API. For details, see
http://docs.api.nasuni.com/nmc/api/1.1.0/index.html.
• Bucket: (For volumes.) The bucket for the blob in cloud storage that represents the start of a
UniFS snapshot for a specified volume. For use by the Analytics Connector.
Note: The term “bucket” is used in the sense of a storage container for items in cloud
storage. Specific terms depend on the cloud storage provider.
Tip: This function can also be performed using the NMC API. For details, see
http://docs.api.nasuni.com/nmc/api/1.1.0/index.html.
• Container: (For volumes.) The container for the blob in cloud storage that represents the
start of a UniFS snapshot for a specified volume. For use by the Analytics Connector.
Note: The term “container” is used in the sense of a storage container for items in cloud
storage. Specific terms depend on the cloud storage provider.
Tip: This function can also be performed using the NMC API. For details, see
http://docs.api.nasuni.com/nmc/api/1.1.0/index.html.
3. From the Filer drop-down list, select a Nasuni Edge Appliance for the selected volume.
• Content Size: The size of the folder and its contents. Content Size includes data already
protected in the cloud, but does not include data in the cache that is not yet protected.
Content Size data is current data only. Content Size data does include metadata.
Content Size does not reflect the effects of compression or deduplication.
Tip: For a summary of available data metrics, see “Data Metrics” on page 537.
Note: Nasuni’s display of size might differ from other indications of size, such as
Windows Explorer and other utilities. Typically, such utilities display only the
size of the data currently present in the local cache, while Nasuni displays the
full size, regardless of where the data is.
• Ownership: The owner of the folder.
• Cache Resident: (CIFS and NFS volumes and FTP/SFTP directories.) Indicates whether
the folder is currently in the cache of the Nasuni Edge Appliance (Yes) or not (No). To
view unprotected files in the cache, see “Unprotected Files” on page 139.
• Pinning: (For folders.) Indicates whether the folder is pinned in the cache (Enabled). To
enable pinning for a folder, see “Pinning Folders in the Cache” on page 124. To view
unprotected files in the cache, see “Unprotected Files” on page 139.
• Auto Cache: (For folders.) Indicates whether Auto Cache (automatically bringing data
from other Nasuni Edge Appliances into the local cache immediately) is enabled for the
folder. To enable Auto Cache for a folder, see “Enabling Auto Cache for Folders” on
page 125.
• Global Locking: (For folders.) Indicates whether Global File Lock is enabled for the
volume (“Enabled (inherited)”). To enable Global File Lock for a volume, see “Global File
Lock” on page 127.
• One file: select the file you want. The selected file is highlighted in the list.
The properties of the selected file are displayed.
size of the data currently present in the local cache, while Nasuni displays the
full size, regardless of where the data is.
• Ownership: The owner of the file.
• Cache Resident: (CIFS and NFS volumes and FTP/SFTP directories.) Indicates whether
the file is currently in the cache of the Nasuni Edge Appliance (Yes) or not (No). To view
unprotected files in the cache, see “Unprotected Files” on page 139.
• Lock Status: If Global File Lock is enabled for the volume, indicates whether the file is
Locked or Unlocked. To enable Global File Lock for a volume, see “Global File Lock” on
page 127. If locked by multiple Nasuni Edge Appliances, a list appears.
Filtering by Date
By default, the current contents of the volume are displayed. To select contents from another date and
time from available snapshots, follow these steps:
1. Navigate to a volume as described in “Browsing a Volume” on page 114.
2. Click the Version drop-down list. A calendar of available dates appears. Select the date, then
select the snapshot on that date. The folders and files from that snapshot appear.
Note: Some dates in the range of available dates do not have snapshots. When you click a
date with no snapshots, the message “There are no snapshots for the selected date.”
appears.
Folders and files from snapshots display the date and time of the version in addition to their
other properties.
3. Select a folder or file from the list. To select multiple individual items from snapshots, use
Ctrl+click. To select a range of items from snapshots, use Shift+click.
4. To select the current version of folders and files, click the Version drop-down list and select
Current Version.
You can now perform actions with the selected folder or files, as described in “Actions with
Selected Volume, Folder, or Files” on page 122.
In addition to browsing for folders and files, you can also search for a specific folder or file by name
within a snapshot, and then select it for further actions.
Caution: In most cases, snapshots are not in the cache of the Nasuni Edge Appliance, and must
be brought into the local cache of the Nasuni Edge Appliance to be searched. As a
result, snapshot searches can impact performance. Searching a large number of
snapshots proceeds better by using a Nasuni Edge Appliance that users are not using
heavily at the same time.
To search for a folder or file by name in a snapshot, follow these steps:
1. Navigate to a volume as described in “Browsing a Volume” on page 114. If you intend to restrict
the search to a specific directory, navigate to that directory.
Caution: The maximum length of a file name is 255 bytes.
In addition, the length of a path, including the file name, must be less than 4,000
bytes.
Since the UTF-8 representation of characters from some character sets can occupy
several bytes, the maximum number of characters that a file path or a file name
might contain can vary.
If a particular client has other limits, the smaller of the two limits applies.
2. Click Search . The Search Versions dialog box appears.
4. The default is to search all versions. To specify search dates, click the Date Range box. The
Date Range list appears.
Note: You can use glob syntax wildcards when you specify the name, such as the following:
Wildcard Meaning Example
* Matches any number of *.mp3
any character. means any file name that ends with “mp3”.
The search matches the query text within a folder or file name. For example, searching for
“mount” finds items named “Mount”, “mounted”, “unmounted”, and “unmount”. The search
is not case-sensitive.
Optionally, you can specify searching for the exact name of the file (including the filename
extension) or folder by selecting the Exact Match check box. In this case, searching for
“mount” only finds items named “mount”. This search is also not case-sensitive.
7. Click Search. The Search Status results appear.
Pinning a folder specifies that the folder and its contents must remain in the local cache at all times.
This can improve performance and reduce the time necessary to return accessed data to clients.
Warning: Enabling this feature means that the entire folder, and all the folder’s contents,
remain resident in the cache at all times. This reduces the available cache by the
size of the folder. If the amount of data pinned in the cache exceeds the size of the
cache, you cannot access data that is not in the cache. If this occurs, an Alert
notification is given.
Note: Pinning a folder does not bring the folder’s data into the cache. If the folder’s data is not
already present in the cache, you must specifically bring that data to the cache. To check
on whether data is resident in the cache, see “Browsing a Volume” on page 114. To bring
data to the cache, see “Bringing Data into Cache of the Nasuni Edge Appliance” on
page 123.
Important: The NMC API can be used to pin metadata in the cache, or to enable Auto Cache for
metadata.
Pinning metadata in the cache and enabling Auto Cache for metadata can affect the
amount of data in the cache, and the display of data in the cache. Also, bringing all
metadata into the cache adds time to the sync process and might affect user
performance. With no users on a dedicated appliance (for example, to change
permissions or perform searches), the effect on sync times due to syncing the entire
metadata tree would not affect any user-related snapshot or sync changes.
The NMC API can also be used to verify that these features have been configured for
a directory.
Because metadata-only pinning and Auto Cache pinning are currently possible only
with the NMC API, directories with such pinning enabled are not displayed in the File
Browser of the NMC and the Edge Appliance, nor on the NMC Pinned Folders and
NMC Auto Cached Folders pages.
Tip: This function can also be performed using the NMC API. For details, see NMC API.
To view pinned folders, or disable pinning for a folder, see “Pinned Folders” on page 197.
To view unprotected files in the cache, see “Unprotected Files” on page 139.
See Worksheet for a worksheet for planning configurations.
To pin a folder in the cache, follow these steps:
1. Select a volume, folder or file as described in “Selecting Volume, Folder, or Files” on page 114.
2. Click Edit Cache Settings. The Folder Cache Settings dialog box appears.
“Auto Cache” attempts to bring into the local cache of the specified Nasuni Edge Appliance any
changes made to the specified folders by other Nasuni Edge Appliances. Without Auto Cache, any
such data is only brought into the local cache as it is accessed locally. With Auto Cache enabled, the
Nasuni Edge Appliance attempts to bring such data into the local cache during the scheduled syncs.
For Auto Cache to run on more than one Nasuni Edge Appliance, you must enable Auto Cache for each
Nasuni Edge Appliance.
Auto Cache must be enabled for a volume (on the Volume Sync Schedule screen) before Auto Cache is
enabled for a folder in the volume (on the File System Browser screen). You can only enable Auto
Cache for shared volumes.
Auto Cache is designed to run in the background with limited impact on the normal operation of the
Nasuni Edge Appliance. For this reason, Auto Cache is not designed to bring items into the cache
immediately. Also, other processes, such as snapshots, can interrupt the Auto Cache process so that it
takes longer. Multiple Auto Cache jobs are processed in parallel. More available CPUs and bandwidth
enable more parallel processing.
Auto Cache makes 3 attempts to bring a given item into the cache. After 3 attempts, Auto Cache skips
that item. If a user references that item, the Nasuni Edge Appliance again attempts to bring the item
into the cache.
Similarly, the queue for the items that Auto Cache attempts to bring into the cache is limited to 50,000
items. An item is a file or a directory. If there are more than 50,000 items, the items beyond 50,000 do
not fit on the queue and are not processed. However, if a user references one of those non-processed
items, the Nasuni Edge Appliance does attempt to bring the item into the cache.
If Auto Cache is enabled for directories that have Global File Lock enabled, then only the metadata is
brought into the cache during the next sync. The data itself is not brought into the cache until a user
accesses the file, because, if the user were to access the file at the same time that the file was brought
into the cache, then the user would have to wait even longer.
Tip: Because Auto Cache is not enabled by default, new data in the folder comes into the local
cache only when requested. Before enabling Auto Cache, ensure that all of the following
apply to your deployment:
• All the Nasuni Edge Appliances on which you plan to enable Auto Cache have caches
large enough to contain data from the other Nasuni Edge Appliances.
• All the data in the folder is relevant and appropriate for all other sites that access the
folder.
• Network access at each site is not adversely affected by automatically moving large
quantities of data.
Tip: Auto Cache should not be used during the initial transfer of data into a Nasuni Edge
Appliance or other large transfers of data.
Note: Before enabling Auto Cache for a folder, the folder’s volume must have Remote Access
enabled and Auto Cache enabled. For details, see “Setting or editing remote access
settings” on page 215 and “Scheduling Syncs” on page 234.
Note: Auto Cache is only available for shared or remote volumes.
Note: You can also enable Auto Cache for volumes. See “Scheduling Syncs” on page 234.
Note: If Auto Cache is enabled and you disable Auto Cache, any process bringing data into the
cache continues until complete.
Note: You can also disable Auto Cache for a folder using the Auto Cached Folders page. See
“Disabling Auto Cache” on page 187.
Tip: This function can also be performed using the NMC API. For details, see NMC API.
To enable Auto Cache for a folder, follow these steps:
1. Select a volume, folder or file as described in “Selecting Volume, Folder, or Files” on page 114.
2. Click Edit Cache Settings. The Folder Cache Settings dialog box appears.
The purpose of the Global File Lock feature is to prevent conflicts when two or more users attempt to
change the same file on different Nasuni Edge Appliances. If you enable the Global File Lock feature for
a directory and its descendants, any files in that directory or its descendants can only be changed by
one user at a time. Any other users cannot change the same file at the same time.
Typically, when User X opens a file to change it, the application locks the file, preventing access by
User Y. Applications and platforms differ on specific behavior. User Y might receive the option of
opening a Read-Only copy of the file, opening a copy of the file with a different name, or receiving a
notice when User X closes the file. When User X does close the file, User Y can then access the file.
If Auto Cache is enabled for directories that have Global File Lock enabled, then only the metadata is
brought into the cache during the next sync. The data itself is not brought into the cache until a user
accesses the file, because, if the user were to access the file at the same time that the file was brought
into the cache, then the user would have to wait even longer.
Tip: For Nasuni recommendations for volume configuration, see “Volume Configuration” on
page 534.
Caution: Nasuni recommends that you enable, disable, or reconfigure Global File Lock only
during off-hours, after ensuring that all affected files and directories are closed.
Caution: Disabling Global File Lock does not take effect immediately for files that still have
outstanding locks by one or more clients.
Tip: Enabling Global File Lock can have an impact on performance, depending on factors that
include network congestion, user load, and file sizes. If users do not typically collaborate on
the same file at the same time, it is unnecessary to enable Global File Lock.
Tip: To use Global File Lock, you must enable Global Locking in the customer license.
Caution: It is not recommended to move files between directories protected by Global File Lock
and directories not protected by Global File Lock. Data loss is possible.
Caution: If two Nasuni Edge Appliances both have Global File Lock enabled for the same folder,
and a file is deleted or removed in the folder on one of the Nasuni Edge Appliances, the
file might still be available on the other Nasuni Edge Appliance.
Note: Byte-range locking is not supported for items that have Global File Lock enabled.
Important: If an open file has Global File Lock enabled, and if that file is saved, then that file is
protected in the cloud outside of the regular snapshot, even if that file is still open.
However, if Antivirus Protection is enabled for that file, then that open file is not
immediately protected in the cloud. This is because Antivirus Protection must check
that file before that file can be moved to cloud storage. In this case, after Antivirus
Protection checks that file, and that file has no infections, then that file is protected
in the cloud.
If a file does have antivirus infections, and those infections are marked “Ignore”, then
the file experiences the usual Global File Lock processing.
For details of Global File Lock processing, see Global File Lock.
For details of Antivirus Protection processing, see Antivirus Service.
Tip: If Global File Lock is enabled for a volume that uses multiple protocols where hardlinks
might be present, it is highly recommended that the parent directory where Global File Lock
is enabled be exported as an “NFS Export” to applications that use multiple protocols. Note
that hardlinks can span multiple hierarchies where Global File Lock is enabled.
You can also manually break the locking of a file. This might become necessary if a user leaves a file
open and another user needs to open that file.
Warning: If you manually break the locking of a file, conflicts for the file might result.
Note: If a user continues using a file after the lock is manually broken, the file might become
locked again.
Restoring data protected by Global File Lock
Two types of data restore are possible: a “slow” data restore and a “fast” data restore. The differences
between the two types of restore include the following:
• Fast restore: A fast restore only needs to restore the metadata at the top level of the directory
structure. Any required data or metadata is brought into the cache only when actually accessed.
A fast restore can be extremely fast (a matter of minutes) for multiple TBs of data.
An Edge Appliance can generally perform a fast restore unless, for safety reasons, it must
perform a slow restore (see below).
For data safety reasons, a few features prevent performing a fast restore:
• Global File Lock: If Global File Lock is enabled on the data set being restored, the system
must perform a slow restore on the data protected by Global File Lock. You can disable
Global File Lock in order to perform a fast restore. For details, see below.
• Snapshot Retention: If Snapshot Retention is enabled, and versions are marked as time
boundaries, a fast restore cannot happen across these time boundaries, so that older
directories and files might require slow restore. You can disable Snapshot Retention in order
to perform a fast restore. For details, see “Snapshot retention” on page 220.
• Slow restore: If a fast restore is not possible, you can perform a slow restore. A slow restore
must download from cloud storage the full metadata and data for the version that you are
restoring. This can take a significant amount of time (possibly days or weeks) in order to restore
larger data sets. For this reason, if you need larger restores, try to do everything possible in
order to perform a fast restore.
If you intend to perform a slow restore, it is not necessary to disable Global File Lock or
Snapshot Retention.
4. From the Locking Mode drop-down list, select one of the following locking modes.
Tip: For Nasuni recommendations for volume configuration, see “Volume Configuration” on
page 534.
• Optimized: All locks are elevated to write locks that allow read. Only one Nasuni Edge
Appliance can have a lock on a file at a given time. Supported with both CIFS and NFS.
Recommended for most applications that don’t rely heavily on shared access modes.
Optimized locking gives the best performance, but lower protocol compatibility.
Note: NFS volumes support only Optimized mode locking.
• Advanced: Multiple Nasuni Edge Appliances can hold locks on a file at a given time, based
on the share access modes. Supported with CIFS only.
Recommended for applications that rely on shared access modes. Advanced locking
provides the highest Global File Lock compatibility, but might impact performance.
Caution: If you attempt to create a share on a directory on which Advanced Global File
Lock is enabled, all SMB-connected users will be disconnected and might need
to re-connect. Also, data reads and writes will be disrupted.
Caution: Not supported with NFS volumes or multiprotocol (CIFS and NFS) volumes. If
this volume must support multiple protocols, select Optimized mode or
Asynchronous mode.
Note: If Advanced locking is set on a directory, then any sub-directories that inherit the
Advanced setting do not have the option to “Edit Global Locking Settings”.
Tip: Not supported with NFS.
Tip: If the Advanced Global File Lock Mode is enabled for a CIFS folder, then Linux
clients might not be able to access all files.
• Asynchronous: Not a true locking mode. Recommended for special applications and use
cases that create all new files and that rely on Global File Lock to propagate information
about new files across other Nasuni Edge Appliances.
Note: The “Asynchronous” mode is only available if activated by the product license.
Tip: The parent directory of an “Asynchronous” directory cannot be “Advanced” mode.
5. Click Save Settings. Your changes are saved.
Otherwise, to close the dialog box without saving changes, click Close.
You can set a quota on the contents of a volume or a folder. You can configure quota reports to be sent
to administrators or users when volumes or folders approach or exceed their quota.
Tip: This function can also be performed using the NMC API. For details, see NMC API.
To set a volume or folder quota, follow these steps:
1. Select a volume or folder as described in “Selecting Volume, Folder, or Files” on page 114.
2. Click Set Quota or Rule. The Set Quota or Rule dialog box appears.
5. In the Limit text box, enter or select the quota limit (in gigabytes or fractions of a gigabyte, such
as 6.8). The content size of uncompressed data is displayed to help you decide on a quota limit.
Tip: For a summary of available data metrics, see “Data Metrics” on page 537.
Note: Nasuni’s display of size might differ from other indications of size, such as
Windows Explorer and other utilities. Typically, such utilities display only the size of
the data currently present in the local cache, while Nasuni displays the full size,
regardless of where the data is.
6. For the Rule quota type, to apply the same Limit to the data in any existing sub-directories of
the selected directory, select the Apply to existing sub-directories check box.
7. Click Save Quota to save your changes. Otherwise, click Cancel.
The quota is enabled as configured.
Downloading Files
Tip: The “Download File” button is disabled by default. Contact Support to make it available.
You can download one or more files to your local computer.
Tip: The default upper limit for downloading is 20 MB. Contact Support to change the upper
limit. However, increasing the upper limit can result in issues requiring assistance from
Support.
Tip: Although users with “Perform File Restores/Access Versions” permission have the ability to
access all files on the file server, the Download File button is not available.
Tip: Users who are members of groups that have the “Manage all aspects of Volumes”
permission or the “Manage all aspects of the Filer (super user)” permission can download
files. To control who can download files, manage these permissions accordingly. However,
note that each of these permissions control other settings besides downloading files. For
details, see Appendix 24, “Permissions,” on page 538.
Tip: Downloading large files from the NMC can take a long time.
To download one or more files, follow these steps:
1. Select one or more files as described in “Selecting Volume, Folder, or Files” on page 114.
2. Click Download File.
Downloading features depend on your Web browser. If the file is of a type that your Web
browser recognizes (such as a PDF file), the file might download and display directly in the
browser.
If the Web browser cannot directly display the file, navigate to a location where the file should
be saved.
Caution: The maximum length of a file name is 255 bytes.
In addition, the length of a path, including the file name, must be less than 4,000
bytes.
Since the UTF-8 representation of characters from some character sets can occupy
several bytes, the maximum number of characters that a file path or a file name
might contain can vary.
If a particular client has other limits, the smaller of the two limits applies.
The selected files are downloaded to your local computer.
4. By default, the file or folder is restored to its original location. To restore the file or folder to
another path, click in the Destination box and navigate to the alternative path.
Caution: If the file or folder is restored to its original location, it replaces the file or folder of
the same name (if any) in that original location.
Important: If you specify one directory to restore to another directory, it puts the contents of
the original directory (not the original directory itself) in the target directory.
If you specify multiple directories to restore to another directory, it puts all of the
actual original directories under the target directory.
Caution: The maximum length of a file name is 255 bytes.
In addition, the length of a path, including the file name, must be less than 4,000
bytes.
Since the UTF-8 representation of characters from some character sets can occupy
several bytes, the maximum number of characters that a file path or a file name
might contain can vary.
If a particular client has other limits, the smaller of the two limits applies.
5. To back up existing files before proceeding, select the Back Up Existing check box. If any files
that you selected to restore also exist in your volume, they are copied and retained. Backup files
are created with the preface “backupxxxx.” For example, “backup0001.Sales.doc”.
If Back Up Existing is not selected, the restore overwrites any files with the same name.
6. On the Restore Folder dialog box, in order to not impact existing directories, select Preserve
Existing Directories. This can help prevent impacting an existing directory with the same name
as a directory about to be restored. Also, by avoiding unnecessary processing, this can improve
performance.
7. To restore the selected files or folder to your system, click Restore File or Restore Folder.
Important: When restoring a folder, if you specify one directory to restore to another
directory, it puts the contents of the original directory (not the original directory
itself) in the target directory.
In contrast, if you specify multiple directories to restore to another directory, it
puts all of the actual original directories in the target directory.
The Restore in Progress pane appears.
Determining the serial number of an Edge Appliance with File System Browser
You can determine the serial number of an Edge Appliance by examining the URL of the NMC while
selecting a volume of that Edge Appliance in File System Browser. The serial number of an Edge
Appliance is used for a number of purposes, such as installing and recovering Edge Appliances. You
can also determine the serial number of an Edge Appliance, as described in “Filer Details” on page 277
and in “Serial Numbers” on page 408.
To determine the serial number of an Edge Appliance with File System Browser, follow these steps:
1. Select a volume and Edge Appliance as described in “Selecting Volume, Folder, or Files” on
page 114.
2. Examine the URL of the NMC in your Web browser.
For example, here is a sample URL of an NMC:
https://10.100.4.53/volumes/fsbrowser/?volume=11dfd1db-5701-432a-b6a5-
d25104397b80_10
&filer=3c4ec032-22d1-47ab-9119-9929481fdf08
&version=now&path=tn__&selected=tn__
The part of the URL after “&filer=” and before the next ampersand “&” is the serial number of
the Edge Appliance. In this example, the serial number of the Edge Appliance is 3c4ec032-
22d1-47ab-9119-9929481fdf08.
Unprotected Files
You can view the current unprotected files in the cache for a volume. You can filter by file name, path,
size, and owner. A file is protected if a copy of the file has been saved to cloud storage.
Important: A file might not appear in this list if the file itself has been saved to the cloud, but the
snapshot processing for that file has not finished with the file’s metadata. The file is
not yet restorable, and the file cannot yet be propagated to another Edge Appliance.
3. Using the Filter text box, you can limit the display to items that match the criteria that you enter.
See “Filtering Displays” on page 527 for details.
Note: You cannot filter using any part of the path except the file name.
On this screen, the following field names are available:
• Path: Matches values in the file name of the Path field.
• Size: Matches values in the Unprotected Bytes field.
• Owner: Matches values in the Owner field.
• Name: Matches values in the file name in the Path field.
Note: If there are many files, it might take a little time to display the filtered results.
4. To move to the next page of unprotected files (if any), click the right arrow at the top of the
page.
5. To move to the previous page of unprotected files (if any), click the left arrow at the top of the
page.
6. To download a list of unprotected files as a CSV file, click Download CSV.
NFS Exports
You can create, view, edit, and delete NFS exports from NFS volumes. NFSv3 is supported. NFSv4
encrypted connections are supported. Supported protocols appear on the Exports page.
Tip: It is possible to create, update, and delete NFS exports using the NMC API.
Viewing exports
Tip: This function can also be performed using the NMC API. For details, see NMC API.
To view NFS exports from NFS volumes, follow these steps:
1. Click Volumes, then click Exports in the left-hand column. The Exports page displays a list of
exports from NFS volumes on managed Nasuni Edge Appliances.
Creating exports
Tip: You can only add NFS exports to a volume that has the NFS protocol enabled. To create an
NFS volume, see “Create Volume” on page 100. To enable the NFS protocol for a volume,
see “Protocols” on page 199.
Tip: It is possible to create, update, and delete NFS exports using the NMC API.
Tip: Nasuni monitors platform-specific limits on the number of supported concurrent
connections. When the number of concurrent connections reaches the “soft limit” for an
Edge Appliance, you receive a notification of how many connections remain, and a
suggestion to reduce the number of connections for that Edge Appliance, if possible. When
the number of concurrent connections reaches the “hard limit” for an Edge Appliance, you
receive a notification, and all new connections are denied for that Edge Appliance until the
number of connections decreases below the “hard limit” again.
N1050
N2040 3000 connections
5000 4000 connections
6000
g. From the Access Mode drop-down list, select an access mode. Your choices are:
• Normal Users Permitted (root_squash): All users who have User IDs (UIDs) greater
than zero can map to the NFS export. (Typically, users with a UID of zero (root user) are
forcibly mapped to the anonymous NFS UID.) This is the same as “root_squash” on
UNIX systems: it reduces the access rights for a remote superuser (root).
• All Users Permitted (no_root_squash): All users can map to the NFS export with their
normal UID. This is the same as “no_root_squash” on UNIX systems: it allows remote
root users to have root access.
• Anonymize All Users (all_squash): All users are forcibly mapped to the anonymous
NFS UID. This is the same as “all_squash” on UNIX systems: it converts all users to the
anonymous UID and GID.
h. If you want the export folder to be read-only for users on the network, select the Read Only
check box. This means that users can access the export, but only have read-only rights and
therefore cannot make changes to any of the files in the exported folder.
i. From the four drop-down lists, select any or all of the NFS Security Options that you prefer.
The options include the following:
• Traditional (sys): Use AUTH_SYS authentication. The user's UNIX user-id and group-ids
are passed in the clear on the network, unauthenticated by the NFS server. This is the
default.
• Authentication (krb5): krb5 uses Kerberos V5 instead of local UNIX UIDs and GIDs to
authenticate users.
• Integrity Protection (krb5i): krb5i uses Kerberos V5 for user authentication, and
performs integrity checking of NFS operations using secure checksums to prevent data
tampering.
• Privacy Protection (krb5p): krb5p uses Kerberos V5 for user authentication and
integrity checking, and encrypts NFS traffic to prevent traffic sniffing. This is the most
secure setting, but it also involves the most performance overhead.
j. From the Performance Tuning drop-down list, select the type of Performance Tuning. The
choices include the following:
• Default (sync): Replies to each NFS request only after all data has been stored to disk.
This is safer than async, but there is a delay between the store and the reply.
• No Write Delay (no_wdelay / sync): If NFS deduces a likelihood of a related storage
request arriving soon, then NFS’s optimization algorithm delays storage. This saves disk
writes and can speed performance. However, if NFS deduces incorrectly, this behavior
causes a delay in every request. The no_wdelay option eliminates the delay.
• Asynchronous Replies (async): Replies to requests before the data is stored to disk.
This improves performance, but results in lost data if the server goes down.
2. To accept your selections, click Create Export.
The export is created and appears in the list of exports. The export is available to clients under
/exports/<Directory name> and exposes the directory within the volume.
where:
• ip_address is the hostname or the IP address of the Nasuni Edge Appliance.
• exportname is the name of the NFS export on the Nasuni Edge Appliance.
• target is the name of the local directory.
Important: Make sure to include the '/nfs/' part of the command.
Note: The default options for the mount command should work. However, if this does
not work, use this version with explicit options:
mount -o tcp,nfsvers=3,timeo=600,rsize=16384,wsize=16384,hard
This version of the mount command includes these explicit options: TCP; 10-minute
timeout; read and write sizes of 16 KB; hard mount (soft mounts can corrupt data).
These values of rsize and wsize are recommended, but tune them for your system.
The result of the mount command is to mount the NFS export in the target directory. Users can
then add data to the NFS volume using copy commands.
Tip: You can place the mount command in a script that runs on login and mounts the
NFS export automatically.
Tip: Depending on the specific operating system, performing the mount might also
create a graphical icon of the NFS export that enables drag and drop and other GUI
actions.
Editing exports
Tip: It is possible to create, update, and delete NFS exports using the NMC API.
To edit the selected export, follow these steps:
1. On the Exports page, click Edit . The Edit Export dialog box appears. F
• Anonymize All Users (all_squash): All users are forcibly mapped to the anonymous
NFS UID. This is the same as “all_squash” on UNIX systems: it converts all users to the
anonymous UID and GID.
d. If you want the export folder to be read-only for users on the network, select the Read Only
check box. This means that users can access the export, but only have read-only rights and
therefore cannot make changes to any of the files in the exported folder.
e. From the Performance Tuning drop-down list, select the type of Performance Tuning. The
choices include the following:
• Default (sync): Replies to each NFS request only after all data has been stored to disk.
This is safer than async, but there is a delay between the store and the reply.
• No Write Delay (no_wdelay / sync): If NFS deduces a likelihood of a related storage
request arriving soon, then NFS’s optimization algorithm delays storage. This saves disk
writes and can speed performance. However, if NFS deduces incorrectly, this behavior
causes a delay in every request. The no_wdelay option eliminates the delay.
• Asynchronous Replies (async): Replies to requests before the data is stored to disk.
This improves performance, but results in lost data if the server goes down.
2. To accept your selections, click Update Export.
The export is changed and appears in the list of exports.
Alternatively, to exit this screen without changing the export, click Close.
• Read Only: Indication of whether the files and directories on the exported folder are read-
only (Yes) or not (No).
• Access Mode: The access mode, of the following:
• Normal Users Permitted (root_squash): All users who have User IDs (UIDs) greater
than zero can map to the NFS export. (Typically, users with a UID of zero (root user) are
forcibly mapped to the anonymous NFS UID.) This is the same as “root_squash” on
UNIX systems: it reduces the access rights for a remote superuser (root).
• All Users Permitted (no_root_squash): All users can map to the NFS export with their
normal UID. This is the same as “no_root_squash” on UNIX systems: it allows remote
root users to have root access.
• Anonymize All Users (all_squash): All users are forcibly mapped to the anonymous
NFS UID. This is the same as “all_squash” on UNIX systems: it converts all users to the
anonymous UID and GID.
• Performance Mode: The type of Performance Tuning, including the following:
• Default (sync): Replies to each NFS request only after all data has been stored to disk.
This is safer than async, but there is a delay between the store and the reply.
• No Write Delay (no_wdelay / sync): If NFS deduces a likelihood of a related storage
request arriving soon, then NFS’s optimization algorithm delays storage. This saves disk
writes and can speed performance. However, if NFS deduces incorrectly, this behavior
causes a delay in every request. The no_wdelay option eliminates the delay.
• Asynchronous Replies (async): Replies to requests before the data is stored to disk.
This improves performance, but results in lost data if the server goes down.
• Actions: Actions available for each NFS export.
2. To add a new set of host options, click Add. The NFS Export: Host Options dialog box
appears.
d. From the Performance Tuning drop-down list, select the type of Performance Tuning. The
choices include the following:
• Default (sync): Replies to each NFS request only after all data has been stored to disk.
This is safer than async, but there is a delay between the store and the reply.
• No Write Delay (no_wdelay / sync): If NFS deduces a likelihood of a related storage
request arriving soon, then NFS’s optimization algorithm delays storage. This saves disk
writes and can speed performance. However, if NFS deduces incorrectly, this behavior
causes a delay in every request. The no_wdelay option eliminates the delay.
• Asynchronous Replies (async): Replies to requests before the data is stored to disk.
This improves performance, but results in lost data if the server goes down.
e. To accept your selections, click Save Options. The export is changed and appears in the list
of exports.
3. To edit an existing set of host options, click Edit for the host option. The NFS Export: Host
Options dialog box appears. Follow the steps in step 2 above.
4. To delete a set of host options, click Delete. The “Remove NFS Host Option?” dialog box
appears. Click Delete.
5. To save the complete list of host options, click Save.
The host options for the export are changed.
Alternatively, to exit this screen without changing the export, click Close.
Deleting exports
Tip: It is possible to create, update, and delete NFS exports using the NMC API.
To delete the selected export, follow these steps:
1. On the Exports page, click Delete . The Delete Export dialog box appears.
FTP Directories
You can create, view, edit, and delete FTP/SFTP directories for volumes that have the FTP/SFTP
protocol enabled. This enables you to allow FTP/SFTP access to directories and files without adding
new users.
Note: Nasuni supports SFTP, the SSH File Transfer Protocol. This is not the same as FTPS, the
File Transfer Protocol over SSL.
Tip: In order to access data using the FTP/SFTP protocol, the following steps are necessary:
1. Create a CIFS or NFS volume. See “Create Volume” on page 100.
2. Enable the FTP protocol on the volume. See “Enabling multiple volume protocols” on
page 201.
3. (Optional) Configure FTP/SFTP settings. See “Editing FTP settings” on page 294.
4. Add a new FTP/SFTP directory. See “Creating FTP directories” on page 154.
5. (Optional) Create a permission group that has storage access. See “Adding Permission
Groups” on page 394 in the Nasuni Edge Appliance Administration Guide.
6. (Optional) Create a user in a permission group that has storage access. See “Adding Users”
on page 401 in the Nasuni Edge Appliance Administration Guide. Active Directory and LDAP
users can log in for FTP access just as they do for CIFS access. Also, if anonymous access
is enabled, you don't need a specific group or user.
7. Access files using the FTP/SFTP protocol.
• Filer: The name of the Nasuni Edge Appliance with volumes that have FTP/SFTP directories.
• Name: The name of the FTP/SFTP directory.
• Descriptive comment for the FTP/SFTP directory.
• Path: The path to the FTP/SFTP directory.
• Actions: Actions available for each FTP/SFTP directory.
• Protocols: The supported versions of the FTP/SFTP protocol.
N1050
N2040 3000 connections
5000 4000 connections
6000
To create a new FTP/SFTP directory on a volume that has the FTP protocol enabled, follow these
steps:
1. On the FTP Directories page, click Create FTP Directory. The Create FTP Directory page
appears.
• Hide Unreadable: Files that the user does not have permission to access are not visible to
the user.
• Invisible: No files are visible to the user. However, if a user has the filename of a file, and the
appropriate permission, the user can access the file.
8. If you want the FTP/SFTP directory to be read-only, select the Read Only check box. This
means that users can access the FTP/SFTP directory, but only have read-only rights and
therefore cannot make changes to any of the files or directories in the FTP/SFTP directory.
9. To control the permissions on new files in this FTP/SFTP directory, there are several choices,
which use umask settings to represent read, write, and execute permissions for the user, the
group, and others. Select one of the following choices from the Permissions on New Files
drop-down menu:
• No Extra Restrictions (Default): The owner, the group, and all others have all permissions
for all files in this FTP/SFTP directory. This is a umask setting of 000, which, for a requested
permission of 777, produces 777.
• Read-Only Others: The owner and the group have all permissions for all files in this FTP/
SFTP directory. Others can only read all files in this FTP/SFTP directory. This is a umask
setting of 002, which, for a requested permission of 777, produces 775.
• Read-Only Groups and Others: The owner has all permissions for all files in this FTP/SFTP
directory. The group and others can only read all files in this FTP/SFTP directory. This is a
umask setting of 022, which, for a requested permission of 777, produces 755.
• Restrict Others: The owner and the group have all permissions for all files in this FTP/SFTP
directory. Others have no permissions for all files in this FTP/SFTP directory. This is a umask
setting of 006, which, for a requested permission of 777, produces 771.
• Restrict Groups and Others: The owner has all permissions for all files in this FTP/SFTP
directory. The group and others have no permissions for all files in this FTP/SFTP directory.
This is a umask setting of 066, which, for a requested permission of 777, produces 711.
• Read-Only Groups, Restrict Others: The owner has all permissions for all files in this FTP/
SFTP directory. The group can only read all files in this FTP/SFTP directory. Others have no
permissions for all files in this FTP/SFTP directory. This is a umask setting of 026, which, for
a requested permission of 777, produces 751.
10. To control which hosts are allowed to connect to this FTP/SFTP directory, in the IP
Restrictions text box, enter a comma-separated list of the IP addresses or subnet addresses of
the hosts that are allowed to access this FTP/SFTP directory. If you leave this field blank, all
hosts on your network have access to this FTP/SFTP directory without restrictions.
Note: You cannot use IP Restrictions in conjunction with Allowed Users/Groups in step 11
on page 156.
11. To control the users and groups that have access to the FTP/SFTP directory, from the Allowed
Users/Groups drop-down list, select one of the following choices.
• Everyone: Allows all users and groups to access the FTP/SFTP directory.
• Anonymous Only: Allows only the anonymous user to access the FTP/SFTP directory. This
selection is only available if Anonymous is enabled, as in step 12 on page 159.
• Specific Users/Groups: Allows you to specify the users and groups that have access to
this FTP/SFTP directory. The Allowed Groups and Allowed Users areas appear.
Note: You cannot use Allowed Users/Groups in conjunction with IP Restrictions in step 10
on page 156.
Tip: A user can access the FTP/SFTP directory if the user is accessing the FTP/SFTP
directory from one of the allowed hosts and is either one of the allowed users or a
member of one of the allowed groups.
Tip: To specify users or groups, the users or groups must have Storage Access enabled. See
“Users and Groups” on page 391.
a. To add one group, follow these steps:
i. In the Allowed Groups area, click Add One. The Name search box appears.
iv. Click Search. A list of groups that match your search appears. Select the group to define
access for, then click Add Selected Group. The selected group appears in the Allowed
Groups area.
iv. To control the range of the search, select one of the following:
• All: To search through all users.
• Domain only: To search though domain users only.
• Native only: To search through native users only.
v. Click Search. A list of users that match your search appears. Select the user to define
access for, then click Add Selected User. The selected user appears in the Allowed
Users area.
The FTP/SFTP directory is created and appears in the list of FTP directories. The FTP/SFTP
directory is available to users.
2. Continue with step 4 on page 155. When finished, click Update FTP Directory.
The FTP/SFTP directory is changed and appears in the list of FTP directories. The FTP/SFTP
directory is available to users.
Alternatively, to exit this screen without changing the FTP/SFTP directory, click Close.
Large MTU/Jumbo Frames: Nasuni supports 9000-byte MTUs for the Edge Appliance, although it is
not enabled by default. Customers can edit the MTU on the Network Configuration page.
Caution: With version 9.0 and above, you must specify the domain with the username in order to
authenticate, such as DOMAIN\username or username@DOMAIN.
Durable handles allow SMB 2.0 and higher clients to open a file and survive a temporary connection
loss (60 seconds or less). Durable handles are supported for volumes with NTFS Exclusive Permissions
Policy and cannot be used with Global File Lock.
Note: When Global Locking is enabled, support for SMB durable handles (allowing clients to
survive temporary connection loss) is disabled. Enabling Global Locking anywhere on the
volume disables durable handles. If durable handles is disabled in this way, durable
handles cannot be enabled again.
Viewing shares
Tip: This function can also be performed using the NMC API. For details, see NMC API.
To view CIFS shares from CIFS volumes, follow these steps:
1. Click Volumes, then click Shares in the left-hand column. The Shares page displays a list of
shares from CIFS volumes on managed Nasuni Edge Appliances.
Creating shares
Caution: If you attempt to create a share on a directory on which Advanced Global File Lock is
enabled, all SMB-connected users will be disconnected and might need to re-connect.
Also, data reads and writes will be disrupted.
Tip: You can only add CIFS shares to a volume that has the CIFS protocol enabled. To create a
CIFS volume, see “Create Volume” on page 100. To enable the CIFS protocol for a volume,
see “Protocols” on page 199.
Tip: Hard links, junctions, and symbolic links (including Windows junctions and hard links) are not
supported with SMB (CIFS) shares.
Caution: With version 9.0 and above, you must specify the domain with the username in order to
authenticate, such as DOMAIN\username or username@DOMAIN.
Durable handles allow SMB 2.0 and higher clients to open a file and survive a temporary connection
loss (60 seconds or less). Durable handles are supported for volumes with NTFS Exclusive Permissions
Policy and cannot be used with Global File Lock.
Note: When Global Locking is enabled, support for SMB durable handles (allowing clients to
survive temporary connection loss) is disabled. Enabling Global Locking anywhere on the
volume disables durable handles. If durable handles is disabled in this way, durable
handles cannot be enabled again.
Tip: Windows share permissions are not Nasuni share permissions. Setting permissions using
the “Share Permissions” tab in File Explorer or using the Shared Folders Microsoft
Management Console (MMC) is not supported. To set share permissions, use the
Authentication option in step 13 on page 170 below.
Tip: This function can also be performed using the NMC API. For details, see NMC API.
Tip: Nasuni monitors platform-specific limits on the number of supported concurrent
connections. When the number of concurrent connections reaches the “soft limit” for an
Edge Appliance, you receive a notification of how many connections remain, and a
suggestion to reduce the number of connections for that Edge Appliance, if possible. When
the number of concurrent connections reaches the “hard limit” for an Edge Appliance, you
receive a notification, and all new connections are denied for that Edge Appliance until the
number of connections decreases below the “hard limit” again.
N1050
N2040 3000 connections
5000 4000 connections
6000
• Length limited to 32 bytes. Since the Unicode representation of a character can occupy
several bytes, the maximum number of characters in a SMB (CIFS) share name can be less
than 32.
• The following characters are not valid for SMB (CIFS) share names:
< > : " / \ | ? *
• Do not use . (period or dot) at the beginning of the name of the SMB (CIFS) share.
• Do not use the $ character at the end of the name of the SMB (CIFS) share. Windows clients
interpret these SMB (CIFS) shares as hidden.
• Do not use “global” as an SMB (CIFS) share name. This is a reserved name.
Caution: Each share name on an Edge Appliance must be unique. In particular, share names
cannot differ only by case. When connecting remote volumes, each share name on
all connecting Edge Appliances must be similarly unique. You can view all share
names for an Edge Appliance on the CIFS Shares page, or on the Shares page on
the NMC.
If the Security of this Nasuni Edge Appliance is Directory Services, and if User Folders
Support is enabled, you can modify the name of the share to include the wildcard “%U” to
represent the user name. (See step f on page 175.) For example, the wildcard share name:
%U_share
for the user “paulm” becomes the share name:
paulm_share
If the share “%U_share” maps to the folder “/homes”, then, when the user maps
“paulm_share”, the resulting location is “/homes/paulm”. This can simplify creating multiple
shares for multiple users.
Note: The %U wildcard only produces lower-case user names, regardless of the case of the
actual original name.
Tip: You cannot create an internal link to folders created by using the "%U" wildcard in the
CIFS share name.
Important: If User Folders Support is enabled on a share, do not create a Shared Link Global
User.
Tip: For Windows uses, see Naming Files, Paths, and Namespaces.
Caution: The maximum length of a file name is 255 bytes.
In addition, the length of a path, including the file name, must be less than 4,000
bytes.
Since the UTF-8 representation of characters from some character sets can occupy
several bytes, the maximum number of characters that a file path or a file name
might contain can vary.
If a particular client has other limits, the smaller of the two limits applies.
6. Optionally, enter a descriptive comment in the Comment text box.
7. If you want the share to be visible in the list of shares when users map the Nasuni Edge
Appliance, select the Visible Share check box. If the share is not visible, it does not appear in
the list of shares when users map the Nasuni Edge Appliance; however, if you know the share’s
name, you can still map the share directly.
8. If you want the share folder to be read-only for users on the network, select the Read Only
Share check box. This means that users can access the share, but only have read-only rights
and, therefore, cannot make changes to any of the files in the shared folder.
Important: If you select “Read Only Share”, and then select “Read-Write” as either the group
Access (step c on page 172) or the user Access (step g on page 173), then the
actual access for the group or user is Read-Write. The Read-Write access of the
group or user overrides the Read only setting of the share.
The Advanced Settings area contains additional settings.
blank, all users on your network have access to the CIFS share without restrictions. Separate
entries with spaces.
10. In the Block files text box, enter the names of files or directories to make invisible and
inaccessible in the share. Enter one name per line. You can use wildcard characters, such as
“?” and “*”. Do not use the forward slash “/” character.
Note: Using this feature can break compatibility with some clients.
Tip: On a Nasuni Edge Appliance, non-empty directories that contain only blocked files
appear empty to a client, and might lead to unexpected behavior when attempting to
delete those directories. For example, if a directory contains only blocked files, and you
try to delete that directory, the directory is removed from view temporarily, but is not
deleted, and reappears upon refresh. In Windows, the Nasuni Edge Appliance sends the
error STATUS_DIRECTORY_NOT_EMPTY to report that the delete failed, but Windows
does not act on that error.
11. If the Security of this Nasuni Edge Appliance is Authenticated Access (meaning either Active
Directory or LDAP Directory Services), the Authentication, Groups, Users, and Asynchronous
I/O options appear. Otherwise, if the Security of this Nasuni Edge Appliance is Publicly
Available, the Authentication, Groups, Users, and Asynchronous I/O options do not appear.
12. To authenticate all users, from the Authentication drop-down list, select Authenticate all
Users.
13. Otherwise, to authenticate only specified groups and users, from the Authentication drop-
down list, select Authenticate only specified Groups and Users. This enables the Groups and
Users areas.
Tip: To specify users or groups, the users or groups must have Storage Access enabled. See
“Console Users and Groups” on page 472.
a. To add one group, follow these steps:
i. In the Groups area, click Add One. The Name search box appears.
ii. Enter a partial or complete group name, then click Search . The Select Group dialog
box appears, containing the partial or complete group name.
c. For each group in the Groups list, from the Access drop-down list, select either Read-Write,
Read-Only, or Deny.
Important: If you selected “Read Only Share” (step 8 on page 169), and now select
“Read-Write” as the group Access, then the actual access for the group is
Read-Write. The Read-Write access of the group overrides the Read Only
setting of the share.
d. To delete a group from the Groups list, click Delete next to the group name. The group is
deleted from the list.
e. To add one user, follow these steps:
i. In the Users area, click Add One. The Name search box appears.
i. In the Users area, click Add Many. The Select Users dialog box appears.
ii. In the Search text box, enter a partial or complete user name.
Tip: To specify a local user name (native to the Nasuni Edge Appliance), include the name
of the local Nasuni Edge Appliance in the query string.
iii. To control the range of the search, select one of the following:
• All: To search through all users.
• Domain only: To search though domain users only.
• Native only: To search through native users only.
iv. Click Search. A list of users that match your search appears.
v. Select the users to define access for, then click Add Selected Users. The selected users
appear in the Users area.
g. For each user in the Users list, from the Access drop-down list, select either Read-Write,
Read-Only, or Deny.
Important: If you selected “Read Only Share” (step 8 on page 169), and now select
“Read-Write” as the user Access, then the actual access for the user is Read-
Write. The Read-Write access of the user overrides the Read Only setting of
the share.
h. To delete a user from the Users list, click Delete next to the user name. The user is deleted
from the list.
14. To hide files and folders that a user cannot access, leave the Hide Unreadable Files check box
selected. This option is selected by default.
15. To allow clients to view or restore files using the Previous Versions tab in Windows, select the
Enable Previous Versions check box. For details on using Windows Previous Versions, see
your Microsoft Windows documentation.
Caution: When Previous Versions is enabled on a share, certain operations on that share can
take longer than expected. Specifically, these operations include file upload to
web-based applications, such as Salesforce, Microsoft Office 365, or Microsoft
mail. Processing for these operations includes the following features:
• When the Previous Versions dialog is selected, it enumerates snapshots.
• If the required metadata is not present in the cache, it must be brought in from
cloud storage. This can make simple file access take longer than expected.
Microsoft is currently investigating the behavior of their Previous Versions dialog.
• To mitigate such performance issues, current best practice is to use separate
shares for operations involving previous versions. This can be configured by
following these steps:
• On the Nasuni Edge Appliance or the NMC, disable Previous Versions for the
original share.
• Create a second share identical to the first (perhaps named
“<ShareName>_Restore”).
• If a user must use Windows Previous Versions, instruct them to use the second
share.
16. (Available for case-sensitive volumes only.) To enable case sensitivity for file or folder names,
select the Case-Sensitive Paths check box. For details on selecting case sensitivity, see “Case
Sensitivity” on page 533.
Tip: For CIFS-only volumes, certain processing is optimized for volumes that treat file names
and directory names as case-insensitive (namely, volumes created with version 8.0 or
above, with the “Case Sensitive” option unselected). See step 14 on page 107.
However, for case-sensitive volumes, using case-sensitive paths on CIFS shares
improves performance for certain processing.
Important: Clients such as Windows can sometimes give inconsistent results when dealing
with the case sensitivity of file names.
Note: Even if case-sensitivity is not enabled, non-Windows clients such as Linux might still
treat the paths as case-sensitive.
17. To enable clients to access hidden snapshot directories within the share, select the Enable
Snapshot Directories check box. The volume must have Snapshot Directory Access
enabled. See “Snapshot Directory Access” on page 217.
Tip: If both the SMB (CIFS) protocol and the NFS protocol are enabled on a volume, then the
.snapshot directory is not available.
Note: Snapshot directory access can add a significant load to the Nasuni Edge Appliance.
Note: When Enable Snapshot Directories is enabled on a share, you cannot delete
directories from the client.
Note: The setting of Windows Previous Versions is independent of the setting of Snapshot
Directory Access.
Tip: If "Snapshot Directory Access" is enabled on a volume and “Enable Snapshot
Directories” is enabled on a CIFS share of that volume, then directories in that CIFS
share on that volume cannot be deleted.
18. If the Security of this Nasuni Edge Appliance is Directory Services, then User Folders Support
is available.
If enabled, for each user, the target folder path for the SMB (CIFS) share is automatically
appended with a folder named for the user. For example, the CIFS share “homes” that points to
the folder “/homes” mounted by the user “paulm” results in a mapping to “/homes/paulm”.
This can simplify setting up multiple CIFS shares for multiple users.
Tip: If you use this option, disabling case sensitivity is recommended.
Important: If User Folders Support is enabled on a share, do not create a Shared Link
Global User.
In addition, you can modify the name of the SMB (CIFS) share to include the wildcard “%U” to
represent the user name. For example, the wildcard CIFS share name:
%U_share
for the user “paulm” becomes the CIFS share name:
paulm_share
If the SMB (CIFS) share “%U_share” maps to the folder “/homes”, then, when the user maps
“paulm_share”, the resulting location is “/homes/paulm”.
Caution: The maximum length of a file name is 255 bytes.
In addition, the length of a path, including the file name, must be less than
4,000 bytes.
Since the UTF-8 representation of characters from some character sets can
occupy several bytes, the maximum number of characters that a file path or a
file name might contain can vary.
If a particular client has other limits, the smaller of the two limits applies.
Tip: You cannot create an internal link to folders created by using the "%U" wildcard in
the CIFS share name.
Note: Even if Case-Sensitive Paths is not enabled, UNC paths accessed via User Folders
Support are case-sensitive.
To enable User Folders Support, follow these steps:
a. DO NOT enable User Folders Support when you first create a share. Create the share
first.
b. After creating a share, mount the share on the client, such as Microsoft Windows.
c. On the client, such as Microsoft Windows, in the mounted share, create all the user
folders.
d. Return to this screen for this share.
e. Edit the original share Name to include the wildcard “%U” to represent the user name.
f. Select Enabled from the User Folders Support drop-down list.
Each user then sees their login name as the share name, as a separate space from all
other users.
Otherwise, select Disabled from the User Folders Support drop-down list.
19. To enable access by mobile devices, such as iPhones and Android phones, select the Sync and
Mobile Access check box. For details on the Mobile Service, see “Mobile Settings” on
page 345 and “Mobile Licenses” on page 350. See Worksheet for a worksheet for planning
configurations.
Tip: Mobile Access must be enabled in the customer license before Mobile Access or Web
Access can be used with a Nasuni Edge Appliance.
20. To enable Web Access to files and folders, select the Web Access check box. The Web
Access Settings pane appears. Continue with specific instructions at “Web Access Settings”
on page 177.
Tip: Mobile Access must be enabled in the customer license before Mobile Access or Web
Access can be used with a Nasuni Edge Appliance.
Note: Web Access is not available with LDAP Directory Services security.
21. If the Security of this Nasuni Edge Appliance is Authenticated Access (meaning either Active
Directory or LDAP Directory Services), then Asynchronous I/O is available. This enables
concurrent read and write access to the share. To enable Asynchronous I/O, select Enable
Asynchronous I/O. Asynchronous I/O is enabled by default.
22. To enable support for the SMB2 protocol for macOS clients, select Enhanced Support for Mac
OS X. Enabling this can speed up performance for macOS clients.
23. To select handling of SMB encryption for CIFS clients, from the SMB Encryption drop-down
list, select one of the following options:
• Optional: It is optional for clients to use SMB encryption when connecting to the share.
SMB3 encryption is enabled if the client machine specifically requests it. This is the default.
• Desired: It is desired that clients use SMB encryption when connecting to the share. The
Nasuni Edge Appliance requests that the client machine use SMB3 encryption. If the client
supports SMB3 encryption, the connection is encrypted.
• Required: It is required that clients use SMB encryption when connecting to the share. All
clients must use SMB3 encryption. If a client does not support SMB3 encryption, the client
is not allowed to mount the CIFS share on the Nasuni Edge Appliance.
Note: This includes SMB3 encryption for Windows clients.
Note: SMB Signing is supported if negotiated by the client. There is no Nasuni setting to
require SMB signing for the server or the share.
Tip: SMB encryption enhances security and prevents snooping on client traffic. Windows
clients should use SMB3 encryption if it is enabled on the CIFS share that they are
connecting to.
24. To create the share, click Create Share. The share is created and appears in the list of CIFS
shares.
receive a notification, and all new connections are denied for that Edge Appliance until the
number of connections decreases below the “hard limit” again.
N1050
N2040 3000 connections
5000 4000 connections
6000
Configuring the "External Hostname" field helps guarantee that publicly shared links are
accessible by outside users.
3. If shared links are enabled, in the Maximum Expiration text box, enter the maximum number of
days until a shared link expires. To specify that there is no limit to the time until expiration, enter
0 (zero).
Important: Existing shared links are not affected by changes to the shared link settings, or by
changes to the permissions of the user who created the link. In particular, if a
user creates a shared link, and later that user’s permissions change so that they
can no longer create shared links, the shared link they created is not affected.
4. If shared links are enabled, to specify that any shared links must include a password, select
Require Password.
Important: Existing shared links are not affected by changes to the shared link settings, or by
changes to the permissions of the user who created the link. In particular, if a
user creates a shared link, and later that user’s permissions change so that they
can no longer create shared links, the shared link they created is not affected.
5. If shared links are enabled, to allow creating shared links that permit writing to directories,
select Allow Writable Shared Links to Directories.
Important: Existing shared links are not affected by changes to the shared link settings, or by
changes to the permissions of the user who created the link. In particular, if a
user creates a shared link, and later that user’s permissions change so that they
can no longer create shared links, the shared link they created is not affected.
6. If shared links are enabled, select either Allow all Users or Allow only specified Groups and
Users from the Shared Link Permissions drop-down list.
7. If shared links are enabled, and you selected Allow only specified Groups and Users, you can
specify the groups and users who can create shared links.
Note: If you specify groups and also specify users within the specified groups, the Access for
the specified users is given by this table:
If the group Access is and the user Access is: then the user’s actual Access
is:
If the group Access is and the user Access is: then the user’s actual Access
is:
v. Select the group, then click Add Selected Group. The selected group appears in the
Groups area.
iii. Click Search . The Select User dialog box appears, containing the partial or complete
user name.
8. If shared links are enabled, to enable a Shared Link Global User, select “Enable Shared Link
Global User”.
By enabling a Shared Link Global User, any shared links are associated with the Shared Link
Global User, and not with a specific user. This helps ensure that shared links remain valid even
when the credentials for a specific user change.
Important: If User Folders Support is enabled on a share, do not create a Shared Link Global
User.
Note: The Shared Link Global User feature must be enabled in the customer license by
Nasuni Support. After the Shared Link Global User feature is enabled in the customer
license, the Edge Appliance license must be refreshed on the Edge Appliance: click
Account Status --> Refresh License. Then, if the Edge Appliance is managed by the
NMC, click Filers --> Refresh Managed Filers.
If you enable a Shared Link Global User, follow these steps:
a. In the Username text box, enter an NT-compatible name of a user in an Active Directory
domain.
Important: It is important that the password for this Shared Link Global User stay in sync
with the Active Directory user account password. Therefore, you should use
a dedicated service account for this Shared Link Global User, and this
account should be configured with the “password never expires” option.
b. In the Password text box, enter the password for this user.
If you are editing the configuration of an existing share, and do not want this previously
entered password to be changed, ensure that this text box is left blank.
9. Continue with the procedure at step 21 on page 176.
Tip: You can change the logo and the primary and secondary colors of the Web Access display
for branding purposes. See “Web Access Branding” on page 343.
Editing shares
Important: After you change any share setting, the currently connected CIFS/SMB clients do not
observe the change until they disconnect and create new sessions. You can
disconnect clients individually by clicking Disconnect for each one, or you can
disconnect all clients by clicking "Reset All Clients".
Deleting shares
Tip: This function can also be performed using the NMC API. For details, see
NMC API.
To delete a selected share, follow these steps:
1. On the Shares page, click Delete . The Delete Share dialog box appears.
Cloud I/O
If the Cloud Provider is a customer-provided cloud provider, the Volume Cloud I/O page is available.
Before sending data to the cloud, Nasuni breaks files into optimally-sized pieces for transport between
the on-premises cache and cloud storage. This not only disguises the actual sizes of files, but also
improves performance. These chunks are then deduplicated, compressed, and encrypted.
If the file is smaller than 1 GiB, the default chunk size is 1 MiB. If the file is 1 GiB or larger, and the
appliance has less than 16 GiB of RAM, the default chunk size is 2 MiB. If the file is 1 GiB or larger, and
the appliance has 16 GiB of RAM or more, the default chunk size is 10 MiB.
For customer-provided clouds, if directed by Nasuni Support, you can adjust the chunk size, or enable
or disable Nasuni's compression and deduplication, using the Cloud I/O area of the Volume Overview
page (Nasuni Edge Appliance) or the Volume Cloud I/O page (NMC). If you do manually change the
chunk size, the variable chunk size mentioned above no longer operates. You can restore the variable
chunk size mentioned above by leaving the Chunk Size field blank and then clicking Save.
To enable or disable Nasuni's compression and deduplication, or to adjust the chunk size, follow these
steps:
1. Click Volumes, then click Cloud I/O in the left-hand column. The Volume Cloud I/O page
displays a list of volumes on managed Nasuni Edge Appliances on customer-provided cloud
providers.
2. To enable or disable deduplication, enable or disable compression, or change the chunk size,
click Edit . The Change Volume Cloud I/O dialog box appears.
Encryption Keys
Note: For details of encryption key management, see Encryption Key Best Practices.
You can view, add, enable, and disable volume encryption keys on the Volume Encryption Keys page.
You can view, upload, send, escrow, and delete encryption keys on the Filer Encryption Keys page.
You can view, upload, escrow, and delete encryption keys on the Console Settings Encryption Keys
page.
Note: You can upload OpenPGP-compatible encryption keys to the Nasuni Management
Console. (For security reasons, encryption keys that you upload cannot be downloaded
from the system.) See “Uploading (importing or adding) encryption keys to the NMC” on
page 449.
Note: If an uploaded encryption key has an associated passphrase, that passphrase is removed
from the encryption key when it is uploaded. The Edge Appliance does not need the
passphrase in order to use the encryption key. However, if you do not escrow this
encryption key, if you ever perform a recovery procedure on the Edge Appliance, you must
provide that passphrase when you upload that encryption key during the recovery
procedure.
Note: You can send encryption keys from the Nasuni Management Console to Nasuni Edge
Appliances. See “Sending encryption keys to Nasuni Edge Appliances” on page 307.
Warning: Do NOT save encryption key files to a volume on a Nasuni Edge Appliance. You
will NOT be able to use these to recover data. This is NOT how to upload
encryption keys to a Nasuni Edge Appliance.
All data on a volume is encrypted using one or more OpenPGP-compatible encryption keys before
being sent to cloud storage. Volumes may be encrypted with one or more encryption keys, and
encryption keys may be used for any number of volumes.
There are several actions you can perform on encryption keys, including adding new encryption keys,
enabling or disabling encryption keys, escrowing encryption keys with Nasuni, and, under certain
circumstances, deleting encryption keys.
All uploaded encryption keys should be at least 2048 bits long.
Warning: Do NOT save encryption key files to a volume on a Nasuni Edge Appliance.
You will NOT be able to use these to recover data. This is NOT how to upload
encryption keys to a Nasuni Edge Appliance. To upload encryption keys to a
Nasuni Edge Appliance, use the Encryption Keys page.
At least one encryption key must be enabled for a volume, but several encryption keys can be enabled
at the same time. When multiple encryption keys are enabled, all of the encryption keys enabled at the
time are used to encrypt the data. Any of the encryption keys enabled at the time a piece of data is
encrypted can be used to later decrypt the data. Only the encryption keys enabled when the data was
written can decrypt that data. An encryption key that was enabled after the data was written cannot
decrypt any data that was written before that key was enabled.
There are several reasons you might want to disable an encryption key, such as, when someone with
access to the encryption key leaves the company, or if your enterprise has a policy of rotating
encryption keys periodically. When you disable an encryption key, no future data is encrypted with that
encryption key. However, all data previously encrypted by that disabled encryption key remains
encrypted by that disabled encryption key. For this reason, before you disable an encryption key, you
should consider establishing a snapshot retention policy that removes the data that was encrypted with
the disabled encryption key. Because volumes must have at least one encryption key associated with
them, in practice you add a new encryption key to a volume first, and then disable the existing
encryption key.
You can delete encryption keys, but only in the case where they are not being used by any volumes.
You cannot modify encryption keys stored on the system. For security reasons, encryption keys that
you upload cannot be downloaded from the system. You can only download encryption keys that the
Nasuni Edge Appliance has generated internally.
You can escrow your encryption keys with Nasuni (or a trusted third party), or store your own
encryption keys. Before you can escrow your encryption keys with Nasuni, you must create an escrow
passphrase, in case you need these escrowed encryption keys when you perform a recovery
procedure.
You can specify that you do not want Nasuni to generate any of your encryption keys. This ensures that
your data is encrypted only with encryption keys that you upload. If you specify this, you must upload
all the encryption keys used. Specifically, when creating a volume, you cannot select Create New Key
as the source of the volume encryption key. For security reasons, encryption keys that you upload
cannot be downloaded from the system. If you want to specify that Nasuni not generate encryption
keys, request Nasuni Support to disable key generation in your license.
Similarly, you can specify that you do not want Nasuni to escrow encryption keys. If you specify this,
you must manage your own encryption keys, because Nasuni does not manage them. If you specify
this, you can still have Nasuni generate encryption keys, and those generated encryption keys are still
automatically escrowed, because all generated encryption keys are automatically escrowed. If you
want to specify that Nasuni not escrow encryption keys, request Nasuni Support to disable key escrow
in your license.
To ensure that none of your encrypted keys is escrowed with Nasuni, you must specify both that
Nasuni not generate encryption keys and that Nasuni not escrow encryption keys.
2. To add an existing encryption key to this volume, click Add Keys. The Add Encryption Keys
dialog box appears
3. Click Save Encryption Keys. The selected encryption key is enabled for this volume. The
encryption key appears in the list of encryption keys on the Volume Encryption Keys page with
the state Enabled.
Alternatively, to exit the dialog box without enabling the selected encryption key, click Close.
Name of volume
You can view or change the name of a volume.
Note: If a snapshot is in progress when you attempt to rename a volume, you receive a message
to retry after the snapshot is complete.
See Worksheet for a worksheet for planning configurations.
Alternatively, to exit the dialog box without changing the volume name, click Close.
Pinned Folders
You can view pinned folders.
Pinning a folder ensures that a folder's contents must remain in the local cache at all times. This can
improve performance and reduce the time necessary to return accessed data to clients.
Note: Enabling this feature means that the entire folder remains resident in the cache at all times.
This reduces the available cache by the size of the folder. If too much cache space is taken
up by pinned folders, an Alert notification is given.
Note: Pinning a folder does not bring the folder’s data into the cache. If the folder’s data is not
already present in the cache, you must specifically bring that data to the cache. You can
use the File Browser to bring data to the cache. See “Bringing Data into Cache of the
Nasuni Edge Appliance” on page 123.
Note: To enable or disabling pinning for a folder, see “Pinning Folders in the Cache” on
page 124.
Important: The NMC API can be used to pin metadata in the cache, or to enable Auto Cache for
metadata.
Pinning metadata in the cache and enabling Auto Cache for metadata can affect the
amount of data in the cache, and the display of data in the cache. Also, bringing all
metadata into the cache adds time to the sync process and might affect user
performance. With no users on a dedicated appliance (for example, to change
permissions or perform searches), the effect on sync times due to syncing the entire
metadata tree would not affect any user-related snapshot or sync changes.
The NMC API can also be used to verify that these features have been configured for
a directory.
Because metadata-only pinning and Auto Cache pinning are currently possible only
with the NMC API, directories with such pinning enabled are not displayed in the File
Browser of the NMC and the Edge Appliance, nor on the NMC Pinned Folders and
NMC Auto Cached Folders pages.
To view unprotected files in the cache, see “Unprotected Files” on page 139.
See Worksheet for a worksheet for planning configurations.
Protocols
You can assign CIFS, NFS, and FTP/SFTP protocols to existing CIFS and NFS volumes. This enables
you to allow access to data using multiple protocols. This might be helpful for simplifying access by
users or applications.
Tip: For Nasuni recommendations for volume configuration, see “Volume Configuration” on
page 534.
Tip: If you plan to enable both CIFS and NFS protocols for this volume, enable the NFS protocol
first, then add the CIFS protocol. Then select POSIX Mixed Mode as the permissions policy.
Note: Multiprotocol (CIFS and NFS) volumes only support the Optimized mode of Global File
Lock.
Note: If a volume has Remote Access enabled and other volumes connect to this volume, the
connected volumes inherit the same protocols as this volume. If these protocols change,
the connected volumes inherit the changed protocols. This can take some time. You can
refresh the volume connections in order to inherit the changed protocols immediately.
Tip: In order to access data using the FTP/SFTP protocol, the following steps are necessary:
1. Create a CIFS or NFS volume. See “Create Volume” on page 100.
2. Enable the FTP protocol on the volume. See “Enabling multiple volume protocols” on
page 201.
3. (Optional) Configure FTP/SFTP settings. See “Editing FTP settings” on page 294.
4. Add a new FTP/SFTP directory. See “Creating FTP directories” on page 154.
5. (Optional) Create a permission group that has storage access. See “Adding Permission
Groups” on page 394 in the Nasuni Edge Appliance Administration Guide.
6. (Optional) Create a user in a permission group that has storage access. See “Adding Users”
on page 401 in the Nasuni Edge Appliance Administration Guide. Active Directory and LDAP
users can log in for FTP access just as they do for CIFS access. Also, if anonymous access
is enabled, you don't need a specific group or user.
7. Access files using the FTP/SFTP protocol.
The following information appears for each volume name in the list:
• Name: The name of the volume.
• Filer: The name of the Nasuni Edge Appliance where this volume is located.
• Protocols: The protocols enabled for the volume.
• Permissions Policy: The permissions policy for the selected protocols, out of the following:
• NTFS Exclusive Mode:
• Default mode for CIFS (SMB) volumes on Nasuni Edge Appliances joined to Active
Directory.
• Produces full NTFS permissions support for CIFS (SMB) shares. This volume
permissions policy offers the greatest Windows and Mac client compatibility.
• Recommended for CIFS (SMB) volumes that do not require multiple protocols.
• Not Supported: NFS, FTP, LDAP authentication.
• Allows durable handles with SMB 2.0 and higher clients, which can then open a file
and survive a temporary connection loss (60 seconds or less).
Note: When Global Locking is enabled, support for SMB durable handles (allowing
clients to survive temporary connection loss) is disabled. Enabling Global
Locking anywhere on the volume disables durable handles. If durable handles is
disabled in this way, durable handles cannot be enabled again.
Caution: A CIFS NTFS Exclusive Mode volume cannot have multiple volume
protocols. If this CIFS volume must support multiple protocols, select NTFS
Compatible Mode.
Important: You cannot switch from NTFS Exclusive Mode to NTFS Compatible
Mode.
• NTFS Compatible Mode:
• Optional mode for CIFS (SMB) volumes on Nasuni Edge Appliances joined to Active
Directory.
• Provides a high level of Windows and Mac compatibility through the CIFS (SMB)
protocol, with some limitations.
• This mode is required for multiple protocol support that does NOT involve NFS, such
as CIFS (SMB) with FTP/SFTP, as well as CIFS (SMB).
NFS and FTP/SFTP protocols cannot see all NTFS permissions and do not obey all
access rules in NTFS permissions. NFS and FTP/SFTP protocols obey only the
POSIX access control list (ACL) component of inheritance rules.
• Not supported: NFS-only volumes, LDAP authentication.
• POSIX Mixed Mode:
• Default mode for CIFS (SMB) volumes on Nasuni Edge Appliances joined to LDAP.
Also available for Nasuni Appliances joined to Active Directory.
• Recommended for combined NFS and CIFS (SMB) volumes, and for combined CIFS
(SMB) and FTP/SFTP volumes. Also recommended for LDAP-authenticated CIFS
(SMB)-only volumes with Linux or Mac clients, with UNIX extensions enabled.
• More information:
• Access control lists (ACLs) are supported entirely through POSIX ACLs. Windows
clients receive mapping of POSIX ACLs to NTFS ACLs. However, the mappings
are not as complete as mappings done for NTFS Compatible Mode. NFS clients
cannot view the ACLs.
• The NFSv4 protocol automatically translates the underlying ACLs to NFSv4
ACLs. The common tools for managing POSIX ACLs are not supported on
NFSv4. To manage ACLs using NFSv4, you must use the NFSv4 ACL tools.
• UNIX/NFS Permissions Only Mode:
• Default mode for NFS volumes.
• Recommended for primary or heavy NFS use.
• Not available for CIFS (SMB) volumes. Not recommended for Windows users.
• More information:
• Only supports traditional UNIX mode bits to control permissions (chmod).
• Windows can view permissions as access control lists (ACLs), but cannot add or
remove access control entries (ACEs).
• Unauthenticated Access Mode:
• Default mode for CIFS (SMB) volumes on Nasuni Edge Appliances that are not joined
to Active Directory or to LDAP. Also available for Nasuni Edge Appliances joined to
Active Directory or LDAP.
• Recommended for CIFS (SMB) Public-mode volumes. For CIFS (SMB) clients, this
mode acts as an open share. For all other protocols, this mode acts identically to
POSIX Mixed Mode.
• Actions: Actions available for each volume.
2. For the selected volume, click Edit . The Volume Protocol Settings dialog box appears.
5. Click Save Protocol Settings. The Confirm Volume Protocols Update dialog box appears.
2. For the selected volume with NTFS Compatible Mode for its Permissions Policy, click Edit .
The Volume Protocol Settings dialog box appears.
Quota
You can view or change the quota (maximum capacity) of volumes. You can also view or change quota
rules and quotas for folders.
For CIFS and NFS volumes and FTP/SFTP directories, the volume quota (maximum capacity) enables
you to limit the amount of storage space for a volume, including snapshots, which helps you to control
your storage costs. Unlimited storage space is available. However, the volume is limited to your
licensed capacity. Nasuni recommends that you only increase volume quotas rather than decrease
them.
Note: A notification occurs when the volume reaches 90 percent of the volume quota. Another
notification occurs when the volume reaches the volume quota. If the volume is shared,
then the volume quota is compared to the sum of all Nasuni Edge Appliances connected
to the volume.
Note: You can also set Directory Quotas on folders. See “Setting Quota or Rule” on page 133.
You can schedule the resulting quota reports here: “Quota Reports” on page 324.
See Worksheet for a worksheet for planning configurations.
Tip: This function can also be performed using the NMC API. For details, see NMC API.
5. In the Limit text box, enter or select the quota limit (in gigabytes or fractions of a gigabyte, such
as 6.8). The content size of uncompressed data is displayed to help you decide on a quota limit.
Tip: For a summary of available data metrics, see “Data Metrics” on page 537.
Note: Nasuni’s display of size might differ from other indications of size, such as
Windows Explorer and other utilities. Typically, such utilities display only the size of
the data currently present in the local cache, while Nasuni displays the full size,
regardless of where the data is.
Tip: This function can also be performed using the NMC API. For details, see NMC API.
6. For the Rule quota type, to apply the same Limit to the data in any existing sub-directories of
the selected directory, select the Apply to existing sub-directories check box.
7. Click Save Quota. The volume quota settings are changed. The volume appears in the list on
the Volume Quota page.
5. In the Limit text box, enter or select the quota limit (in gigabytes or fractions of a gigabyte, such
as 6.8). The content size of uncompressed data is displayed to help you decide on a quota limit.
Tip: For a summary of available data metrics, see “Data Metrics” on page 537.
Note: Nasuni’s display of size might differ from other indications of size, such as
Windows Explorer and other utilities. Typically, such utilities display only the size of
the data currently present in the local cache, while Nasuni displays the full size,
regardless of where the data is.
6. Click Save Rule. The volume quota rule settings are changed. The volume appears in the list on
the Volume Quota page.
Alternatively, to exit the dialog box without changing the settings, click Close.
Remote Access
There are two types of volumes: local volumes that are “owned” by the local Nasuni Edge Appliance,
and remote volumes that belong to other Nasuni Edge Appliances. Remote access allows one or more
Nasuni Edge Appliances to connect, using Nasuni, to a volume associated with another Nasuni Edge
Appliance. You can view or change the remote access setting of volumes.
You can enable or disable access to a CIFS or NFS volume or FTP/SFTP directory by your remote
offices attached to your Nasuni.com account. If remote access to a volume or FTP/SFTP directory is
enabled, you can select permissions for remote access to this volume.
See Worksheet for a worksheet for planning configurations.
Tip: Perform any necessary data ingestions to the volume before enabling Remote Access.
Otherwise, data ingestion processing can impact the synchronization of remote volumes.
Tip: When you create a volume on an Edge Appliance, it is a best practice to create and
configure as many shares as possible before connecting other Edge Appliances to that
volume.
Then, when other Edge Appliances connect to that volume, they automatically inherit all of
the share definitions that were specified on the original volume. This only happens the first
time that remote Edge Appliances connect to the volume, so it is important to perform as
much share creation and configuration as possible before connecting to the volume.
Tip: For an Edge Appliance with new or changed volume configurations for remote volumes with
Read/Write permissions, it can initially take up to 20 minutes before these remote volumes
appear in the list of volumes. It takes time to fetch the necessary information for the remote
volumes.
Caution: Edge Appliances joined to LDAP cannot share volumes with Edge Appliances joined to
Active Directory. Similarly, Edge Appliances joined to Active Directory cannot share
volumes with Edge Appliances joined to LDAP. If you want Edge Appliances to share
volumes, ensure that they are joined to the same directory service.
Caution: If a file or directory is renamed (and its data and permissions remain unchanged) on two
different Edge Appliances that share the item’s volume, and both renames occur
before the snapshots on the two Edge Appliances, then only one of the renames is
effective, namely, the one with the latest snapshot.
This is not considered a merge conflict.
For each other Nasuni Edge Appliance on this account, select the drop-down list beside the
name of the Nasuni Edge Appliance and select either Read/Write, Read Only, or Disabled.
• Read/Write: This Nasuni Edge Appliance can view the data on the selected volume, and
can also change that data.
• Read Only: This Nasuni Edge Appliance can view the data on the selected volume, but
cannot change that data.
• Disabled: The specified Edge Appliance (“Filer”) is not allowed to make new
connections to the volume. The Disabled setting does not disconnect the selected
volume from any Edge Appliance that has already been connected.
Note: If the Permission is Disabled, the remote volume might not display the correct
Security for that volume.
If the Edge Appliance had been connected to the volume before the permission was set
to Disabled, users are still able to read from the volume and write to the volume.
However, unprotected data of an Edge Appliance with remote access permission of
Disabled is never included in snapshots to the volume.
Important: Do not change the Disabled remote access permission for an Edge
Appliance that is currently connected. Disconnect the Edge Appliance
before setting the remote access permission to Disabled.
6. Click Save Remote Access Settings. The volume remote access settings are changed. The
volume appears in the list on the Volume Remote Access Setting page.
Alternatively, to exit the dialog box without changing the volume remote access settings, click
Close.
Snapshot retention
You can view or change the snapshot retention setting of volumes.
A snapshot is a complete picture of the files and folders in your file system at a specific point in time.
Using snapshots, the Nasuni Edge Appliance can identify new or changed data. Snapshots offer data
protection by enabling you to recover a file deleted in error or to restore an entire file system. After a
snapshot has been taken and is sent to cloud storage, it is not possible to modify that snapshot.
Note: To monitor snapshots, see “Monitoring snapshot processing” on page 99.
By default, all snapshots are retained. However, for compliance purposes or your own best practices,
you can specify to delete older snapshots from cloud storage.
Caution: For security purposes, when a snapshot is removed, it is permanently deleted from
cloud storage and cannot be recovered.
You can specify to delete older snapshots from cloud storage, based on a configured policy for a
specific "owned" local volume. Snapshot retention policies are configured on the volume level.
Snapshot retention policies also work on shared volumes.
Tip: Snapshot Retention can remove previous snapshots only if snapshots are currently
occurring regularly.
Important: As long as a file is included in any snapshot within your snapshot retention policy,
that file is not removed. However, if you delete a file, and none of the retained
snapshots includes that file, the file is removed.
Tip: Changes to the Snapshot Retention setting go into effect when the next snapshot occurs. It
is normal to temporarily see more snapshots than the Snapshot Retention setting would
suggest.
Tip: Set a snapshot retention policy for any volumes used for backup.
Important: For the purposes of time-based snapshot retention:
• One year is defined as 31,556,926 seconds.
• One month is defined as 2,629,743 seconds.
• One day is defined as 86,400 seconds.
3. To copy settings from another volume, select the volume from the Copy Settings drop-down
list. The settings from that volume appear in the dialog box.
4. From the Retain drop-down list, select a retention policy option:
• All Snapshots: (This is the default setting.) Retains all snapshots indefinitely. If you require
deleting older snapshots for compliance or other reasons, do not select this option.
• Set Number of Snapshots: (This option is not available if the selected volume has Remote
Access enabled.) Enter the Number of the most recent snapshots to retain, from 1 to 1
billion (1,000,000,000).
For example, if you choose to keep 100 snapshots, then the 100 most recent snapshots are
retained, and the rest are deleted automatically.
Snapshot schedule
You can view or change the snapshot schedule of volumes.
A snapshot is a complete picture of the files and folders in your file system at a specific point in time.
Using snapshots, the Nasuni Edge Appliance can identify new or changed data. Snapshots offer data
protection by enabling you to recover a file deleted in error or to restore an entire file system. After a
snapshot has been taken and is sent to cloud storage, it is not possible to modify that snapshot.
Note: Because multiple Edge Appliances can share multiple volumes, snapshot handling
simplifies processing in these ways:
• On a given Edge Appliance, only one volume can perform a snapshot at a time.
• A volume that is shared on multiple Edge Appliances can only perform phase 2
(metadata) of a snapshot on one of the Edge Appliances at a time.
Note: To monitor snapshots, see “Monitoring snapshot processing” on page 99.
Note: With each Nasuni snapshot, configuration information is included, in case it is necessary to
recover the Edge Appliance. The configuration information includes volume name, volume
GUID, share type, software version, last pushed version, retention type, and permissions
policy. The configuration bundle is encrypted in the same way that all the customer data is
encrypted.
If you receive an alert that such backup configurations have failed, this might be due to
intermittent network issues, or possibly due to DNS issues. If you see notifications that the
Edge Appliance has successfully completed a snapshot after the backup alert, then you
can safely ignore the alert.
Tip: If you receive a message of the type “Unable to inherit all folder settings on
volume: settings could not be applied during the mount operation.”,
verify your folder settings to determine if they should be recreated, updated, or deleted.
With snapshots, you can find, view, and restore past versions of your files quickly. You can restore a
single file, a directory, or an entire volume.
The Nasuni Edge Appliance captures complete snapshots of files at regular intervals and stores all
snapshots in cloud storage to protect your files. You can select which days of the week on which to
perform snapshots. You can also select at what time of day to start and stop creating snapshots. You
can also set the frequency for creating snapshots. If the volume does not have Remote Access
enabled, your choices are 1, 2, 4, 8, 12, or 24 hours between snapshots. If the volume does have
Remote Access enabled, your choices are 1, 5, 10, 15, 25, or 30 minutes, or 1, 2, 4, 8, 12, or 24 hours
between snapshots. For example, you can configure snapshots to not occur during the day and only
push new and changed data at night when network usage is low.
Warning: Frequent snapshots increase the system load significantly.
Tip: On volumes with Global File Lock enabled, we recommend increasing the snapshot
frequency and the synchronization frequency of the volume.
If the normal snapshot and synchronization frequency of the volume are decreased, new
files take longer to propagate, because new files depend on snapshot and synchronization
to propagate.
See “Quality of Service (Bandwidth) Settings” on page 317 to configure outbound bandwidth limits.
If a volume has Global File Acceleration set as Active, and not as Observation, the
Frequency for the volume displays “GFA Active”. See “Global File Acceleration” on
page 228.
If Global File Acceleration is Active, the Global File Acceleration Enablement Window dialog
box appears.
• “Protection” refers to Write activity such as creating, writing, and deleting files and
directories.
• “Collaboration” refers to Write activity that has subsequent Read activity (reading files
and directories) on other appliances.
• A positive weight is a multiplier greater than 1.0.
• A negative weight is a multiplier lesser than 1.0. There is no weight or multiplier equal to
0.
5. To save this configuration, click Save Configuration.
The configuration is saved.
If a volume has been set as Active, Global File Acceleration begins managing the selected volume’s
snapshot schedule. Also, the Schedule for the volume displays “GFA Active”.
"volume_title": "Marketing-F1"
}
• Edge Appliance Information: GFA information about the Edge Appliance (aka “Filer”), including
the last time it checked into GFA, the last read and write events reported, and the oldest
unprotected data. Reported to the client every 15 minutes for each Edge Appliance for the
volume.
• Example:
{
"filer_guid": "0dd5244f-6a9e-4acb-a85d-9ed994baf5b0",
"filer_title": "cor-nasuni-005-DFS-W-IN",
"last_checkin": 2,
"metric_type": "filer_info",
"oldest_unprotected_data": 2083,
"timestamp": "2022-03-08T03:43:43Z",
"version": 1,
"volume_guid": "e1486b21-cdab-4136-aca6-31901cf594bd_3",
"volume_title": "Active"
"volume_title": "Marketing-F1"
}
• Propagation Information: Information about each GFA propagation value calculated for the
volume, including the type of propagation (“collab” or “protect”), the amount of time in seconds
the propagation took, and how much data was protected. Reported to the client with every
request, if there is new propagation data since the last request.
• Example:
{
"data_protected": 195,
"filer_guid": "8722ce0e-04f5-42b2-8c3f-f90b1381248a",
"filer_title": "cor-nasuni-028-DFS-SC-US",
"kind": "protect",
"metric_type": "propagation",
"prop_seconds": 516,
"timestamp": "2022-03-08T03:29:55Z",
"version": 1,
"volume_guid": "e1486b21-cdab-4136-aca6-31901cf594bd_3",
"volume_title": "Marketing-F1"
}
• Lock Information: Information about volume lock acquisitions and releases by an Edge
Appliance in the volume. Reported to the client with every request, if there are new lock events
since the last request.
• Example:
{
"filer_guid": "210be74a-1f29-486c-ae27-39baf114b9d1",
"filer_title": "cil-nasu-003",
"lock_phase": "P2",
"lock_state": "REJECTED",
"metric_type": "lock_event",
"timestamp": "2022-03-08T03:28:54Z",
"version": 1,
"volume_guid": "e1486b21-cdab-4136-aca6-31901cf594bd_3",
"volume_title": "Marketing-F1"
}
Not every metric type is returned with each request. Multiple metrics of the same type might be
returned from a single request. Likewise, the order of the metrics returned is not guaranteed; in
particular, there is no guarantee that they are ordered by time.
Sync Schedule
You can schedule when, and with what frequency, the selected volumes synchronize data (“syncs”)
from Nasuni, merging local data with any new or changed data from other Nasuni Edge Appliances
connected to the selected volumes. This helps to ensure that everyone in your organization is using the
most current data.
If you enable the “Auto Cache” option, data from other Nasuni Edge Appliances that are attached to the
selected volumes is brought into the local caches of the selected volumes immediately. Otherwise, data
from other Nasuni Edge Appliances that are attached to the selected volumes is brought into their local
caches when that data is accessed next.
Note: Because Auto Cache is not enabled by default, new data in the selected volumes comes
into their local caches only when requested. If you plan on enabling Auto Cache, ensure
that all of the following apply to your deployment:
• All the Nasuni Edge Appliances in your organization have caches large enough to
contain data from the other Nasuni Edge Appliances.
• All the data in the volume is relevant and appropriate for all other sites that access the
volume.
• Network access at each site is not adversely affected by automatically moving large
quantities of data.
Auto Cache should not be used during the initial transfer of data into a Nasuni Edge Appliance,
or during other large transfers of data.
You can select which days of the week on which to sync data. You can also select at what time of day
to start and stop syncing data. You can set the frequency for syncing data to be every 1, 5, 10, 25, or
30 minutes, or every 1, 2, 4, 8, 12, or 24 hours for each volume. For example, you can configure syncs
to not occur during the day and only sync data at night when network usage is low.
Warning: If you have directories with tens of thousands of files but few changes during each
snapshot, or large files that require multiple snapshots, frequent syncs can
increase the system load significantly.
Tip: If Global File Acceleration is Active for any volume, this message appears: Volume is under
Global File Acceleration control. Schedules are only used as a backup to the GFA service.
Tip: On volumes with Global File Lock enabled, we recommend increasing the snapshot
frequency and the synchronization frequency of the volume.
If the normal snapshot and synchronization frequency of the volume are decreased, new
files take longer to propagate, because new files depend on snapshot and synchronization
to propagate.
Tip: If you receive a message of the type “Unable to inherit all folder settings on
volume: settings could not be applied during the mount operation.”,
verify your folder settings to determine if they should be recreated, updated, or deleted.
See “Quality of Service (Bandwidth) Settings” on page 317 to configure outbound bandwidth limits.
See Worksheet for a worksheet for planning configurations.
Scheduling Syncs
To schedule syncs, follow these steps:
1. Click Volumes, then select Sync Schedule from the menu in the left column. The Volume Sync
Schedule page displays a list of volumes on managed Nasuni Edge Appliances.
10. If Auto Cache is enabled, you can specify bringing only files greater than or equal to a specified
size into the cache automatically. Enter the minimum size (in whole numbers) in the Auto Cache
Minimum File Size text box, then select the correct units from the drop-down list.
11. Click Save Schedule. The sync schedule is changed for the selected volumes.
Alternatively, to exit the dialog box without changing the sync schedule settings, click Close.
Antivirus Protection
You can view or change the Antivirus Protection setting of volumes.
Antivirus Protection provides protection against viruses and other malware by scanning every new or
modified file. The entire file is scanned, not just the changed part. Files are scanned when included in a
snapshot, but not during Global File Lock processing. If a scanned file is infected, the authorized
administrator has the option to ignore the infection. If a file has no antivirus violations, that file is
allowed to be part of a snapshot and to be protected in cloud storage. If a file does have an antivirus
violation, but the authorized administrator deliberately ignores the violation, that file is also allowed to
be part of a snapshot and to be protected in cloud storage. However, if a file does have an antivirus
violation, and the authorized administrator does not ignore the violation, that file is not allowed to be
part of a snapshot and is not protected in cloud storage.
You can enable or disable Antivirus Protection at the volume level.
The Antivirus Protection setting is inherited by connecting Nasuni Edge Appliances. For example, if the
Boston Nasuni Edge Appliance enables Antivirus Protection for a volume, and the London Nasuni Edge
Appliance connects to that volume, then Antivirus Protection is also enabled for that volume on the
London Nasuni Edge Appliance. In such a case, there might be a brief time lag before the London
Nasuni Edge Appliance inherits that setting.
Important: If you use Antivirus Protection, Nasuni recommends at least 8 GB of memory for
most implementations. Due to other factors, more memory might be necessary.
Nasuni Edge Appliance Antivirus Protection uses the Clam AntiVirus (ClamAV®) open-source antivirus
engine. The Nasuni Edge Appliance updates antivirus definition files multiple times daily.
Synchronization with the ClamAV virus database occurs within four hours of an update to that
database. Customers can report false positives here.
Nasuni Antivirus Protection scans files and container files (such as .zip files). Antivirus Protection does
not detect malware in the following circumstances:
• Encrypted or password-protected files or container files.
• Files or container files larger than 25 MB.
• Container files that contain any file larger than 25 MB.
• Container files where the combined size of the container file itself, plus the size of all the
contained files, is larger than 100 MB.
For details, see Nasuni Antivirus Service. See Worksheet for a worksheet for planning configurations.
Note: Antivirus Protection can be enabled or disabled in the customer license by Nasuni
Support. The default is that Antivirus Protection is enabled in the customer license.
Tip: To administer settings of Antivirus Protection, you must have the "Manage anti-malware
settings" permission.
Important: Using Antivirus Protection has the following effects on performance and data
propagation:
• Because files must be scanned before they are moved to cloud storage, this can
slightly delay data propagation and file synchronization.
• Using Antivirus Protection generally has a low impact on performance, because
files are scanned in batch. However, since files do not proceed to cloud storage until
they are scanned, this can delay data propagation and file synchronization until after
the scheduled scan occurs.
• Using “Check files immediately” has a higher impact on performance, because
each file is checked individually when it is closed, rather than as part of a batch of
files. Such scans do not have to wait until scheduled times.
Tip: To receive notifications of violations, and emails, if email is enabled, you must ensure that
Violation Alerts is selected for the user’s group.
Note: Antivirus violations are displayed in the Nasuni Edge Appliance or Nasuni Management
Console, and are also logged to the .nasuni/av_violations/ folder of the volume. In
the Antivirus log file, each violation entry is of the form:
<DATE> <TIME> <TIMEZONE> New AV violation: <SIGNATURE> found: <PATH>
Example:
2018-09-08 14:32:33 GMT New AV violation: EicarSignature found: /ei.txt
Tip: To access the hidden .nasuni directory on an SMB share, you must be an administrative
user.
Because the .nasuni directory is located in the root directory of the volume, in order to
access the .nasuni directory, you must create a share that includes the root directory of
the volume.
In addition, this hidden directory must be visible on the client machine. For example, in
Windows, “Show Hidden Files, folders, and drives” must be enabled, and “Hide protected
operating system files” must be disabled.
Alternatively, you can use the File System Browser to view the .nasuni directory and its
contents. On the File System Browser page, select the volume, click the gear icon, then
select “Show Hidden Files”.
Important: If an open file has Global File Lock enabled, and if that file is saved, then that file is
protected in the cloud outside of the regular snapshot, even if that file is still open.
However, if Antivirus Protection is enabled for that file, then that open file is not
immediately protected in the cloud. This is because Antivirus Protection must check
that file before that file can be moved to cloud storage. In this case, after Antivirus
Protection checks that file, and that file has no infections, then that file is protected
in the cloud.
If a file does have antivirus infections, and those infections are marked “Ignore”, then
the file experiences the usual Global File Lock processing.
For details of Global File Lock processing, see Global File Lock.
For details of Antivirus Protection processing, see Antivirus Service.
2. Click Edit Volumes. The Edit Anti-Malware Services dialog box appears.
c. For volumes on which the CIFS protocol has been enabled only, to check files as they are
written to the Nasuni Edge Appliance, in addition to the specified Antivirus Protection
schedule, select the Check files immediately check box. Otherwise, clear the Check files
immediately check box.
Note: Enabling “Check files immediately” can have a small effect on performance.
d. To specify scanning 24 hours a day, select the 24 Hours/Day check box.
Alternatively, select the hour to start scanning from the Start drop-down list. Select the hour
to stop scanning from the Stop drop-down list.
e. Select the frequency for Antivirus Protection scanning to occur from the Frequency drop-
down list.
If the volume does not have Remote Access enabled, your choices are 1, 2, 4, 8, 12, or 24
hours.
If the volume does have Remote Access enabled, your choices are 1, 5, 10, 25, or 30 minutes,
or 1, 2, 4, 8, 12, or 24 hours.
Note: Volumes that do not have Remote Access enabled only have Frequency options of
hours, not minutes. For Antivirus Protection scanning more frequent than every 1
hour, enable Remote Access for the volume.
Note: In addition to the specified scanning schedule, a scan is performed automatically
with every snapshot.
6. Click Save. The Ransomware Protection and Antivirus Protection settings are changed. The
volume appears in the list on the Volume Anti-Malware Services page.
Alternatively, to exit the dialog box without changing the Ransomware Protection and Antivirus
Protection settings, click Close.
Antivirus Violations
You can view or review the antivirus violations of volumes.
If Antivirus Protection finds any files infected with a virus or other malware, that information is
displayed.
If a scanned file is infected, the authorized administrator has the option to ignore the infection. If a file
has no antivirus violations, that file is allowed to be part of a snapshot and to be protected in cloud
storage. If a file does have an antivirus violation, but the authorized administrator deliberately ignores
the violation, that file is also allowed to be part of a snapshot and to be protected in cloud storage.
However, if a file does have an antivirus violation, and the authorized administrator does not ignore the
violation, that file is not allowed to be part of a snapshot and is not protected in cloud storage.
Nasuni Edge Appliance Antivirus Protection uses the Clam AntiVirus (ClamAV®) open-source antivirus
engine. Synchronization with the ClamAV virus database occurs within four hours of an update to that
database. Customers can report false positives here.
Ransomware Detection
The Ransomware Detection settings implement Nasuni Edge Detection. You can view or change the
Edge Detection setting of volumes.
Nasuni provides unmatched recovery capabilities for customers impacted by ransomware attacks as
part of its base platform. Nasuni Edge Detection extends these built-in capabilities by identifying
ransomware attacks on files anywhere within your Nasuni environment, and alerting administrators
about ransomware attacks before they cause significant damage. This enables you to identify the
impacted files and culprit users, so you can recover smarter and even faster without having to pay
ransom.
Edge Detection includes the following processing:
• Regularly updates known ransomware patterns used for detection.
The Nasuni list of known ransomware file extensions is at https://r3.api.nasuni.com/
ext_blocklist.json.
• Reads creation and renaming events, and analyzes their paths.
• Emits an immediate notification if an attack is underway. You receive one notification when the
attack is first recorded; you do not receive a notification for each affected file. You also receive
two reminder alerts during the same day, until the attack summary is cleared.
• Logs individual pattern violations to .nasuni.
• Sends a summary notification twice per day, which includes the attack signature (such as
*.wannacry), the target volume, the number of violations detected so far, and the timestamp
of first detection.
Tip: You can avoid false positives by requesting Support to add particular file extensions to a
safelist.
You can enable or disable Edge Detection at the volume level.
For details, see Nasuni Ransomware Protection. See Worksheet for a worksheet for planning
configurations.
Note: Nasuni Edge Detection is a feature of the Nasuni Ransomware Protection add-on service.
If you do not see the feature, contact your Nasuni account team to discuss how to
purchase and enable the add-on.
Antivirus Protection must also be enabled in the customer license by Nasuni Support. The
default is that Antivirus Protection is enabled in the customer license.
Note: Some ransomware file extensions may be considered vulgar. Nasuni believes in giving the
most accurate information to its users, so does show the full extension.
Important: To enable Edge Detection, you must open port 443 to the FQDN
r3.api.nasuni.com in order to get ransomware detection definition files.
Tip: To administer settings of Edge Detection, you must have the "Manage Anti-Malware
Settings" permission.
Tip: To receive notifications of violations, you must have the “Manage all aspects of the Filer
(super user)” or “Manage Notifications” permissions, and the appropriate “Filer Access”
permissions.
To receive emails of violations, if email is enabled, you must also ensure that Violation Alerts
is selected for the user’s group.
Note: Ransomware pattern violations are logged to a CSV file in the
.nasuni/ransomware_violations/ folder of the volume.
In the log file, each violation entry includes the following: event timestamp, event type,
path, client SID, and client IP.
The event types include 4 (AUDIT_RENAME: Rename) and 10 (AUDIT_MKNOD: New File).
Tip: To access the hidden .nasuni directory on an SMB share, you must be an administrative
user.
Because the .nasuni directory is located in the root directory of the volume, in order to
access the .nasuni directory, you must create a share that includes the root directory of
the volume.
In addition, this hidden directory must be visible on the client machine. For example, in
Windows, “Show Hidden Files, folders, and drives” must be enabled, and “Hide protected
operating system files” must be disabled.
Alternatively, you can use the File System Browser to view the .nasuni directory and its
contents. On the File System Browser page, select the volume, click the gear icon, then
select “Show Hidden Files”.
• Because the .nasuni directory is located in the root directory of the volume, in order to
access the .nasuni directory, you must create a share that includes the root directory of
the volume.
• In Windows, “Show Hidden Files, folders, and drives” must be enabled.
• In Windows, “Hide protected operating system files” must be disabled.
Find and open this CSV file. It includes a list of suspicious files. Examine the extensions of these
files.
a. Are these typical extensions of ordinary files used in your organization? If so, this is an
example of a false positive, and a good indication of the type of file that you can typically
ignore in future notifications.
b. Are these unusual extensions for your organization? If so, this can indicate the possibility of
an actual ransomware attack, and further investigation is necessary. For example, if only one
or a few files have such an unusual extension, it is still probably not a ransomware attack,
since ransomware attacks typically affect many files on a system.
3. After a few days or weeks of examining ransomware notifications, you should have a good idea
of the types of extensions that you can safely ignore. You should also have an idea of the
number of ransomware violations that you can expect per day. Receiving many more than your
usual daily number of ransomware violations can also indicate an actual ransomware attack.
4. When you have identified ordinary file extensions that seem to routinely trigger ransomware
notifications, you can decide how best to manage these false positives.
For example, you can request Nasuni Support to add these known false positive file extensions
to the safelist for this volume. This ensures that you do not receive notifications for files that
match these extensions.
However, if you do so, you risk the possibility of a genuine ransomware attack that happens to
use those particular file extensions. That is a decision that must be made carefully. You might
well decide to continue to allow Nasuni Ransomware Detection to flag these file extensions, and
provide the most complete protection possible.
2. Click Edit Volumes. The Edit Anti-Malware Services dialog box appears.
c. For volumes on which the CIFS protocol has been enabled only, to check files as they are
written to the Nasuni Edge Appliance, in addition to the specified Antivirus Protection
schedule, select the Check files immediately check box. Otherwise, clear the Check files
immediately check box.
Note: Enabling “Check files immediately” can have a small effect on performance.
d. To specify scanning 24 hours a day, select the 24 Hours/Day check box.
Alternatively, select the hour to start scanning from the Start drop-down list. Select the hour
to stop scanning from the Stop drop-down list.
e. Select the frequency for Antivirus Protection scanning to occur from the Frequency drop-
down list.
If the volume does not have Remote Access enabled, your choices are 1, 2, 4, 8, 12, or 24
hours.
If the volume does have Remote Access enabled, your choices are 1, 5, 10, 25, or 30 minutes,
or 1, 2, 4, 8, 12, or 24 hours.
Note: Volumes that do not have Remote Access enabled only have Frequency options of
hours, not minutes. For Antivirus Protection scanning more frequent than every 1
hour, enable Remote Access for the volume.
Note: In addition to the specified scanning schedule, a scan is performed automatically
with every snapshot.
6. Click Save. The Ransomware Protection and Antivirus Protection settings are changed. The
volume appears in the list on the Volume Anti-Malware Services page.
Alternatively, to exit the dialog box without changing the Ransomware Protection and Antivirus
Protection settings, click Close.
You can configure extensive file system auditing and logging of operations for volumes.
As an alternative to Nasuni’s own auditing options, Nasuni also supports auditing by Varonis and other
external auditing services. For Varonis versions before 8.5, to complete configuration of the Varonis
application to use Nasuni auditing events, you must provide a Nasuni API access key. Events created
by the Nasuni Edge Appliance propagate to the Varonis monitoring infrastructure. For details of the
Varonis configuration, see “Varonis Configuration” on page 257. For more details on specifying audit
destinations, see “Audit Destinations Status” on page 360.
As an alternative to Nasuni’s own auditing options, Nasuni also supports output to an Advanced
Message Queuing Protocol (AMQP) server of an external auditing service.
Important: If using external auditing (such as Varonis), open port 5671 outbound from the Edge
Appliance to the configured audit endpoint.
Port 5671 is used for AMQP with SSL. Nasuni does not support AMQP without SSL.
Syslog Export enables you to direct Nasuni notifications and file auditing messages to your syslog
server. For more details, see “Syslog Export” on page 336.
Tip: The NMC API can be used to configure auditing, including configuring AMQP destinations
for audit messages (such as for Varonis or RabbitMQ).
Tip: Auditing volume events such as Create, Delete, Rename, and Security can aid in recovering
from ransomware attacks.
Note: Enabling file system auditing generally affects performance less than 5–10 percent. The
effect is greater if auditing writes. The effect is less if using solid-state drives (SSD), rather
than hard disk drives (HDD). We do not recommend auditing additional events for these
purposes, because that can consume system resources unnecessarily.
Note: It is possible that occasionally a specified operation might not be audited and logged,
such as when a Nasuni Edge Appliance reboots or restarts. Also, if events occur faster
than the auditing, a “Lost Events” entry is made in the log file.
Note: If you remove a destination that a volume is using for Varonis or AMQP auditing, auditing
becomes disabled for that volume.
Tip: Log files take up space. To reduce the amount of space necessary for log files, you can: limit
the number of event categories to audit, limit which volumes to audit, use filters to reduce
the directories or files to audit, and limit the log file retention period.
To configure file system auditing for a volume, follow these steps:
1. Click Volumes, then click Auditing. The Volume Auditing Settings page appears.
A list of volumes appears. Each volume is on a Nasuni Edge Appliance that has the file system
auditing feature.
2. Click the right-facing arrow beside each volume to reveal the file system auditing setting for
each Nasuni Edge Appliance for that volume. To reveal the settings for all volumes of all Nasuni
Edge Appliances, click Expand All. To collapse the display of the settings for all volumes of all
Nasuni Edge Appliances, click Collapse All.
The following information appears for each volume and Nasuni Edge Appliance combination in
the list:
• Name: The name of the volume.
• Filer: The names or number of Nasuni Edge Appliances that access the volume.
• Protocol: The protocol of the volume: CIFS, NFS, or FTP.
• Output Type: The type of output for the auditing information, which can be one of the
following:
• CSV: For output to local auditing log files. Auditing log files are written to the
.nasuni\audit\<filerdescription>\<yyyymmdd> directory, where
filerdescription is the description of the Nasuni Edge Appliance and yyyymmdd is
the date of the log file.
Tip: To access the hidden .nasuni directory on an SMB share, you must be a CIFS
administrative user. To specify a CIFS administrative user, on the Nasuni Edge
Appliance, select General Settings from the Configuration menu, then specify an
Administrative User.
Because the .nasuni directory is located in the root directory of the volume, in
order to access the .nasuni directory, you must create a share that includes
the root directory of the volume.
In addition, this hidden directory must be visible on the client machine. For
example, in Windows, “Show Hidden Files, folders, and drives” must be enabled,
and “Hide protected operating system files” must be disabled.
Alternatively, you can use the File System Browser to view the .nasuni
directory and its contents. On the File System Browser page, select the volume,
click the gear icon, then select “Show Hidden Files”.
• AMQP: For output for an Advanced Message Queuing Protocol (AMQP) server of an
external auditing service.
• Varonis: For external auditing by Varonis.
• Enabled: The auditing setting of the volume: Yes (auditing enabled) or No (auditing not
enabled).
3. To change the settings for file auditing, on the Volume Auditing Settings page, select the
volumes in the list whose file system auditing setting you want to edit, then click Edit Volumes.
The Edit Volume Auditing Settings dialog box appears.
Figure 11-135: Top portion of Edit Volume Auditing Settings dialog box.
Tip: No changes on this page are saved until you click Save Auditing Settings.
4. To copy settings from another volume, select the volume from the Copy Settings drop-down
list. The settings from that volume appear in the dialog box.
5. If this volume has Varonis auditing selected, the content on this page is unavailable, except for
the “Revert control to NMC” button. To revert control of auditing to the NMC, click “Revert
control to NMC”.
6. To enable file system auditing for this volume, select Auditing Enabled.
Important: When you enable file system auditing for this volume, auditing log files are written
to the .nasuni\audit\<filerdescription>\<yyyymmdd> directory,
where filerdescription is the description of the Nasuni Edge Appliance and
yyyymmdd is the date of the log file. For details on log files, see “File Alert
Service” on page 259.
Tip: To access the hidden .nasuni directory on an SMB share, you must be a CIFS
administrative user. To specify a CIFS administrative user, on the Nasuni Edge
Appliance, select General Settings from the Configuration menu, then specify an
Administrative User.
Because the .nasuni directory is located in the root directory of the volume, in order to
access the .nasuni directory, you must create a share that includes the root directory
of the volume.
In addition, this hidden directory must be visible on the client machine. For example, in
Windows, “Show Hidden Files, folders, and drives” must be enabled, and “Hide
protected operating system files” must be disabled.
Alternatively, you can use the File System Browser to view the .nasuni directory and
its contents. On the File System Browser page, select the volume, click the gear icon,
then select “Show Hidden Files”.
7. In the Event Types area, select the operations to include in file system auditing, from these
choices:
• Create: Operations that create files, directories, or links.
• Delete: Operations that delete files or directories.
• Rename: Operations that rename files or directories.
• Close: Operations that close files.
• Security: Changes to file or directory ownership or permission.
• Metadata: Changes to update time and extended attributes.
• Write: Operations that write or truncate files.
• Read: Operations that read files or directories.
Note: Some event types generate a greater load and result in greater traffic.
8. To delete log files older than a specified number of days, select Prune Audit Logs and enter a
number greater than zero in Days to Keep. The default is 90 days. If Prune Audit Logs is not
selected, or if Days to Keep is zero, audit logs are not deleted.
Note: Audit logs are retained for 90 days by default. Customers can decide how long to keep
the audit logs, based on their specific requirements or compliance considerations.
Also, audit logs are included in snapshots, so that, if an older audit log is needed that
has already been pruned, the audit log can be restored from snapshots, like any other
user file.
Figure 11-136: Bottom portion of Edit Volume Auditing Settings dialog box.
10. In the Filtering area, to audit operations only for specified directories or files, select Exclude by
Default and enter the specific directories or files to include in the Include Patterns text box.
Separate the patterns with a comma or by placing a pattern on a new line. You can use glob
syntax wildcards when you specify each pattern, such as the following:
Wildcard Meaning Example
* Matches any number of *.mp3
any character. means any file name that ends with “mp3”.
11. To audit operations for directories or files in the Include Patterns text box, even if those
directories or files are logically part of the entries in the Exclude Patterns text box, select
Include List Takes Priority.
12. To include specified directories or files in audit operations, such as *.tmp files, enter the
specific directories or files to include in the Include Patterns text box. Separate the patterns
with a comma or by placing a pattern on a new line. You can use glob syntax wildcards when
you specify each pattern, as described in step 10.
13. To exclude specified directories or files from audit operations, such as *.tmp files, enter the
specific directories or files to exclude in the Exclude Patterns text box. Separate the patterns
with a comma or by placing a pattern on a new line. You can use glob syntax wildcards when
you specify each pattern, as described in step 10.
14. The “Syslog Export for Audit Events” area appears near the bottom of the page.
Varonis Configuration
Nasuni can use an external auditing service, such as Varonis.
Important: If using external auditing (such as Varonis), open port 5671 outbound from the Edge
Appliance to the configured audit endpoint.
Port 5671 is used for AMQP with SSL. Nasuni does not support AMQP without SSL.
Tip: The NMC API can be used to configure auditing, including configuring AMQP destinations
for audit messages (such as for Varonis or RabbitMQ).
Important: After initially configuring Varonis to monitor your volumes, if you connect a monitored
volume to a new Edge Appliance, you must configure the new Edge Appliance to
send audit events to Varonis. For assistance with updating the configuration, contact
Varonis Support.
Tip: For Varonis versions before 8.5, to complete configuration of the Varonis application to use
Nasuni auditing events, you must provide a Nasuni API access key.
For Varonis versions after 8.5, the configuration of the AMQP destination and audit policy is
managed using the NMC API.
When specifying a file server on the File Server Wizard of the Varonis Management Console, for
example:
• Select Common from the left-hand menu.
• Enter the name or IP address of the Nasuni Edge Appliance as the “File server name”.
• Select Nasuni from the “File server type” drop-down list. Alternatively, if you click “Detect File
Server Type”, Nasuni is chosen.
• After selecting Nasuni as the “File server type”, the “Nasuni Management API Settings” pane
appears.
• Enter the Nasuni API Access Key Name (from the Filers → API Keys page) as the “Access
key name”. For details about the Nasuni access key, see “API Access key for external
auditing using Varonis” on page 282.
• Enter the Nasuni API Access Key Passcode (from the Filers → API Keys page) as the
“Access key passcode”. For details about the Nasuni access key, see “API Access key for
external auditing using Varonis” on page 282.
When specifying shares on the File Server Wizard of the Varonis Management Console, for example:
• Select Shares from the left-hand menu.
• The unhidden CIFS shares of the Nasuni Edge Appliance appear in the “Available Shares”
area.
• To move a share to the “Registered Shares” area, select the share, then click the down
arrow.
In addition, if the names of any files or directories match any of the specified patterns, an alert (no more
than one per day) is generated in the Notifications system. If you have configured email settings, you
receive an email (no more than one per day) when names of files or directories match one of the
patterns. To configure email settings, see “Email Settings” on page 289. It might take 24-48 hours for
the alert to be sent.
Note: If a match is detected, you receive no more than one alert per day. The alert contains the
path to a complete log file containing all detected matches.
Tip: Alerts do not occur for empty files.
Tip: Receiving the results of the File Alert Service involves several features:
• Enable the Alerts permission for a group: Console Settings → Users/Groups → Manage
Groups → Edit → Violation Alerts. See “Console Users and Groups” on page 472.
• Enable File Alerts on the volume: Described below.
• To receive emails, configure email for user: Console Settings → Users/Groups → Manage
Users → Edit → Email. See “Console Users and Groups” on page 472.
See Worksheet for a worksheet for planning configurations.
Caution: While individual file alerts do not require significant processing, specifying hundreds or
thousands of file alert patterns can have consequences, including the following:
• Matching file or directory names are recorded in log files in the .nasuni/file_alerts
directory. For large numbers of file alert patterns, the processing necessary to match
patterns and update log files can affect the resources available for other tasks.
• Conflicts can occur on the log files themselves, because multiple Edge Appliances
might register near-simultaneous file alerts.
• Log files must be manually deleted from the file_alerts directory. This is not an
automated process.
• A large number of files in a directory can cause delays in snapshots each time new
files are added that must be checked.
• Matching file or directory names can trigger alerts in the Notifications system, and
emails. For large numbers of file alert patterns, this process can affect processing.
• These effects are exacerbated when ingesting large amounts of data.
2. Click Edit Volumes. The Edit File Alert Service dialog box appears.
6. Click Save. The File Alert Service settings are changed. The volume appears in the list on the
Volume File Alert Service page.
Alternatively, to exit the dialog box without changing the File Alert Service settings, click Close.
Data Propagation
You can view a chart of how long it takes data in shared volumes to propagate from the source Nasuni
Edge Appliance to any remote Nasuni Edge Appliances. You can also view a chart of the age of the
oldest data or metadata in the cache. Two charts are available:
• Data Propagation Time (DPT) chart: The Data Propagation Time chart shows the time taken
for a version of a file or folder to propagate on the vertical axis, and the time span on the
horizontal axis.
The time to propagate is measured from the start of the snapshot on the source Nasuni Edge
Appliance to the completion of synchronization on destination Nasuni Edge Appliances.
This chart can be useful to investigate how long it takes data to propagate from a source Edge
Appliance to destination Edge Appliances. You can use this to get a general idea about how
long it takes data to propagate, or to investigate specific situations involving data propagation.
By adjusting the time scale, you can examine the time to propagate on specific dates (within the
last 30 days) or at specific times.
Using the “Max and Avg” perspective, you can see cumulative data propagation times across
all Edge Appliances. Using the “Per Filer” perspective, you can see data propagation times to
the specified destination Edge Appliances.
The time span and resolution on the horizontal axis is one of the following:
• 30 days of data, at once-per-day resolution (default);
• 1 day, at once-per-hour resolution;
• 1 hour, showing every snapshot.
Tip: The Data Propagation Time chart is only available for volumes that are shared by two or
more Nasuni Edge Appliances that are running version 8.4 or later.
The Data Propagation Time chart is available in two perspectives:
• Max and Avg (default): Displays the maximum time (and the average time) taken for any
snapshot of a file or folder completed during a given day or hour to be synced to other
Nasuni Edge Appliances on the vertical axis, and the time span on the horizontal axis. For
the 1-hour time span, the chart shows the maximum time (and the average time) taken for a
particular version of a file or folder to be synced to other Nasuni Edge Appliances on the
This chart can be useful to examine how unprotected data moves from the cache to cloud
storage. You can use this to get a general idea about how long data remains in the cache before
moving to cloud storage, or to investigate specific situations involving data moving to cloud
storage.
By adjusting the time scale, you can examine the oldest data on specific dates (within the last
30 days) or at specific times.
Using the “Max and Avg” perspective, you can see the oldest unprotected data in the cache for
all Nasuni Edge Appliances connected to the selected volume. Using the “Per Filer”
perspective, you can see the oldest unprotected data in the cache for specified Edge
Appliances connected to the selected volume.
The time of observation and resolution on the horizontal axis is one of the following:
• 30 days of data, at once-per-day resolution (default);
• 1 day, at once-per-hour resolution;
• for Per Filer perspective, 1 hour, showing every OUD observation.
2. From the Volume drop-down list, select the volume whose data propagation display you want
to see. The charts reflect the selected volume.
3. From the Perspective drop-down list, select the perspective of the display you want to see,
from the following:
• Max and Avg, as described above.
• Per Filer, as described above.
4. If the Per Filer perspective is selected, select which Nasuni Edge Appliances to display data for
from the Filers drop-down list. You can select up to 5 Nasuni Edge Appliances.
5. To change from one time span to the next finer time span, click any point on either chart. To
change from one time span to the next less fine time span, click Zoom Out.
6. You can display different combinations of Nasuni Edge Appliances and maximum and average
values by clicking the appropriate chart legends.
On the Filers page, you can view managed Nasuni Edge Appliances. You can also perform the
following actions:
• Set API access keys.
• Schedule automatic software updates.
• Configure cache settings.
• Change CIFS and FTP/SFTP settings.
• Change the description of managed Nasuni Edge Appliances.
• Configure full disk encryption for disks that have this feature available.
• Configure email settings.
• Manage encryption keys for managed Nasuni Edge Appliances.
• Set the escrow passphrase for managed Nasuni Edge Appliances.
• Configure Global File Lock.
• Schedule of Quality of Service (inbound and outbound bandwidth).
• Schedule when to send quota reports.
• Configure SNMP settings.
• Configure syslog export.
• Configure time servers.
• Configure Web Access branding.
• Manage mobile access to data.
• Refresh the Nasuni Edge Appliance license.
• Configure remote support settings.
• Send diagnostic information to Nasuni.
• Manage Side Load processing.
• View the status of jobs to move data into the cache.
• Review the status of CIFS shares, shared links, and FTP/SFTP directories on managed Nasuni
Edge Appliances.
• File heuristics for all Nasuni Edge Appliances or selected Nasuni Edge Appliances.
• Review pending updates to Nasuni Edge Appliances.
• Review the platform settings and status of managed Nasuni Edge Appliances.
Filers page
Click Filers. The Filers page displays a dashboard of Nasuni Edge Appliance information and a list of
all Nasuni Edge Appliances in the account.
Filers Managed
In the Filers Managed area, the following information appears:
• Total number of Nasuni Edge Appliances managed in the account. Only Nasuni Edge
Appliances that the user has access to are included.
• Total number of unmanaged Nasuni Edge Appliances in the account. Only Nasuni Edge
Appliances that the user has access to are included.
Note: If configured, an email notification is sent when a new Nasuni Edge Appliance is
deployed, whether the new Nasuni Edge Appliance is managed or unmanaged.
• Number of Nasuni Edge Appliances that have Remote Support enabled. Only Nasuni Edge
Appliances that the user has access to are included.
Clicking Enabled Remote Support opens the Remote Support Service page. For details, see
“Remote Support Service” on page 353.
• Number of Nasuni Edge Appliances that have active Remote Support connections in progress.
Only Nasuni Edge Appliances that the user has access to are included.
Clicking Active Support Session opens the Remote Support Service page. For details, see
“Remote Support Service” on page 353.
Connected Clients
Tip: Nasuni monitors platform-specific limits on the number of supported concurrent
connections. When the number of concurrent connections reaches the “soft limit” for an
Edge Appliance, you receive a notification of how many connections remain, and a
suggestion to reduce the number of connections for that Edge Appliance, if possible. When
the number of concurrent connections reaches the “hard limit” for an Edge Appliance, you
receive a notification, and all new connections are denied for that Edge Appliance until the
number of connections decreases below the “hard limit” again.
N1050
N2040 3000 connections
5000 4000 connections
6000
Filer Health
In the Filer Health area in the upper right, the following information appears:
• Number of Nasuni Edge Appliances offline, if any.
Note: If a Nasuni Edge Appliance goes offline, an email alert is sent, if configured.
• Number of unhealthy Nasuni Edge Appliances, if any.
• Number of warnings for Nasuni Edge Appliances, if any.
• Number of hardware errors, if any. Clicking hardware error opens the Filer Platform/
Hardware Settings page. For details, see “Platform Settings” on page 378.
• Number of setting sync errors, namely, requested changes to Nasuni Edge Appliances that have
failed for some reason, if any. Clicking setting sync error opens the Outstanding Settings
Updates Filers page. For details, see “Pending Updates” on page 376.
• Number of Nasuni Edge Appliance updates available, if any. Clicking Filer updates opens the
Filer Software Updates page. For details, see “Software Updates” on page 388.
Tip: This area does not update automatically. To update the display, refresh the browser page.
Network Traffic
You can view a chart of the network traffic of the Nasuni Edge Appliances vs. time. This chart shows
data received from and transmitted to cloud storage, Mobile Access clients, the user interface, and
clients. The scale is in Kbits/second or Mbits/second, depending on throughput. Only Nasuni Edge
Appliances that the user has access to are included.
The Network Traffic chart looks like this:
On the Network Traffic chart, you can select which network activity to include or exclude by clicking
any or all of the following:
• Cloud Transmit: for data transmitted to the cloud by the Nasuni Edge Appliance.
• Cloud Receive: for data received from the cloud by the Nasuni Edge Appliance.
• Mobile Transmit: for data transmitted to mobile devices by the Nasuni Edge Appliance.
• Mobile Receive: for data received from mobile devices by the Nasuni Edge Appliance.
• UI Transmit: for data transmitted to the user interface by the Nasuni Edge Appliance.
• UI Receive: for data received from the user interface by the Nasuni Edge Appliance.
• Client Transmit: for data transmitted to the client by the Nasuni Edge Appliance.
• Client Receive: for data received from the client by the Nasuni Edge Appliance.
If you hover the mouse over any part of the chart, a label appears displaying details about the amount
of network activity at that date and time.
Mobile Usage
You can view a chart of Mobile Access usage vs. time. This chart shows the number of iOS and
Android users.
The Mobile Usage chart looks like this:
Different colors represent types Mobile Access clients. From the drop-down list, select one of the
following choices:
• All Filers: Displays Mobile Access usage for all Nasuni Edge Appliances under the control of the
Nasuni Management Console.
• specific Nasuni Edge Appliance: Displays Mobile Access usage for the selected Nasuni Edge
Appliance.
On the Mobile Usage chart, you can select which Mobile Access clients to include or exclude by
clicking iOS or Android.
If you hover the mouse over any part of the chart, a label appears displaying details about the number
of Mobile Access clients at that date and time.
Account Filers
A list appears of the Nasuni Edge Appliances in this account.
N1050
N2040 3000 connections
5000 4000 connections
6000
Tip: This function can also be performed using the NMC API. For details, see
NMC API.
The following properties appear for each Nasuni Edge Appliance in the list of Nasuni Edge Appliances:
Network Traffic
You can view a chart of the network traffic of the Nasuni Edge Appliance vs. time. This chart shows
data received from and transmitted to cloud storage, Mobile Access clients, the user interface, and
clients. The scale is in Kbits/second or Mbits/second, depending on throughput.
On the Network Traffic chart, you can select which network activity to include or exclude by clicking
any or all of the following:
• Cloud Transmit: for data transmitted to the cloud by the Nasuni Edge Appliance.
• Cloud Receive: for data received from the cloud by the Nasuni Edge Appliance.
• Mobile Transmit: for data transmitted to mobile devices by the Nasuni Edge Appliance.
• Mobile Receive: for data received from mobile devices by the Nasuni Edge Appliance.
• UI Transmit: for data transmitted to the user interface by the Nasuni Edge Appliance.
• UI Receive: for data received from the user interface by the Nasuni Edge Appliance.
• Client Transmit: for data transmitted to the client by the Nasuni Edge Appliance.
• Client Receive: for data received from the client by the Nasuni Edge Appliance.
If you hover the mouse over any part of the chart, a label appears displaying details about the amount
of network activity at that date and time.
Mobile Usage
You can view a chart of Mobile Access usage vs. time. This chart shows the number of iOS and
Android users.
On the Mobile Usage chart, you can select which Mobile Access clients to include or exclude by
clicking iOS or Android.
If you hover the mouse over any part of the chart, a label appears displaying details about the number
of Mobile Access clients at that date and time.
CPU Activity
You can view a chart of CPU activity vs. time. This chart shows the percentage usage of the CPU.
If you hover the mouse over any part of the chart, a label appears displaying details about the CPU
activity at that date and time.
Memory Usage
You can view a chart of memory usage vs. time. This chart shows the amount of memory used in units
such as GiB.
Note: Nasuni Edge Appliances and the NMC display the size of data in base 10 units (including
MB = 1,000,000 bytes, GB = 1,000,000,000 bytes, and TB = 1,000,000,000,000 bytes).
In contrast, some platforms display the size of data in base 2 units (including MB =
1,048,576 bytes, GB = 1,073,741,824 bytes, and TB = 1,099,511,627,776 bytes).
For example, a file that Nasuni displays as 10 MB would be displayed by some platforms
as 9.53 MB.
Tip: Due to the way Memory Usage is calculated, the display can show spikes that do not reflect
the actual values. Refreshing the display can remove these spikes.
If you hover the mouse over any part of the chart, a label appears displaying details about the memory
usage at that date and time.
Filer Details
The Filer Details page displays a summary of information about the Nasuni Edge Appliance:
• In the Settings area:
• Description: Description of this Nasuni Edge Appliance. Clicking the description opens the
Filer Description page, with the Description Settings dialog box selected. For details, see
“Nasuni Edge Appliance Description” on page 296.
• Serial Number: Serial number of this Nasuni Edge Appliance, which is used to recover a
Nasuni Edge Appliance.
• Automatic Updates: The schedule to automatically update the software for this Nasuni
Edge Appliance. Clicking the schedule opens the Filer Automatic Software Update
Settings page, with the Automatic Updates dialog box selected. For details, see
“Automatic Software Updates” on page 284.
• Cache Settings: The minimum and maximum amount of local cache space reserved for
new, incoming data on this Nasuni Edge Appliance. The percentage of the cache to reserve
for new, incoming data also appears, or, if the percentage is managed automatically, the
label “Automatic” appears. Clicking the setting opens the Filer Cache Settings page, with
the Cache Settings dialog box selected. For details, see “Cache Settings” on page 287.
• Encryption Keys: Number of encryption keys in use on this Nasuni Edge Appliance.
Clicking this setting opens the Filer Encryption Keys page. For details, see “Encryption
Keys” on page 302.
• Quality of Service: Number of Quality of Service rules for this Nasuni Edge Appliance.
Clicking this setting opens the Filer Quality of Service page, with the Quality of Service
Settings dialog box selected. For details, see “Quality of Service (Bandwidth) Settings” on
page 317.
• SNMP Settings: An indicator of whether SNMP settings are enabled for this Nasuni Edge
Appliance. Clicking this setting opens the Filer SNMP Settings page, with the SNMP
Settings dialog box selected. For details, see “SNMP Settings” on page 331.
• Time Configuration: The time zone and number of time servers for this Nasuni Edge
Appliance. Clicking this setting opens the Filer Time Configuration page, with the
Timezone Settings dialog box selected. For details, see “Time Configuration” on page 340.
• In the Services area:
• Mobile Settings: Mobile Access settings for this Nasuni Edge Appliance, including
expiration, single device setting, and allowed devices. Clicking this setting opens the Mobile
Service Settings page, with the Edit Mobile Service Settings dialog box selected. For
details, see “Mobile Settings” on page 345.
• Mobile Licenses: Mobile licenses for this Nasuni Edge Appliance. Clicking this setting
opens the Mobile Licenses page. For details, see “Mobile Licenses” on page 350.
• Remote Support: Remote Support status for this Nasuni Edge Appliance. Clicking this
setting opens the Remote Support Service page, with the Edit Remote Support Service
dialog box selected. For details, see “Remote Support Service” on page 353.
• In the Status area:
• Software updates: Software updates available for this Nasuni Edge Appliance. Clicking this
setting opens the Filer Software Updates page, with the Update Filer dialog box selected.
For details, see “Software Updates” on page 388.
• Uptime: Uptime for this Nasuni Edge Appliance.
• Security Mode: Security mode for this Nasuni Edge Appliance: Active Directory, LDAP
Directory Services, Publicly Available, or Unknown. Clicking this setting opens the Filer
Security Settings page. For details, see “Security Settings” on page 381.
• SSL Certificate: SSL certificate settings for this Nasuni Edge Appliance. Clicking this
setting opens the SSL Certificates page. For details, see “SSL Certificates” on page 394.
• CIFS: Number of CIFS shares, clients, and locks for this Nasuni Edge Appliance. Clicking
this setting opens the Shares page. For details, see “SMB (CIFS) Shares” on page 163.
• NFS: Number of NFS exports for this Nasuni Edge Appliance. Clicking this setting opens the
Exports page. For details, see “NFS Exports” on page 141.
• FTP: Number of FTP/SFTP directories for this Nasuni Edge Appliance. Clicking this setting
opens the Filer FTP Status page. For details, see “FTP clients” on page 367.
• In the Platform area:
• Filer Version: The version of the Nasuni Edge Appliance software, such as 9.3, and the
version of the Nasuni Edge Appliance base operating system, such as OS7.
• Platform: Type of platform for this Nasuni Edge Appliance. For details, see “Platform
Settings” on page 378.
• CPUs: Number of CPUs for this Nasuni Edge Appliance. For details, see “Platform Settings”
on page 378.
• Memory: Memory for this Nasuni Edge Appliance. For details, see “Platform Settings” on
page 378.
• Disk Cache: Size of disk cache, and percentage of cache used, for this Nasuni Edge
Appliance. For details, see “Platform Settings” on page 378.
Note: Nasuni’s display of size might differ from other indications of size, such as
Windows Explorer and other utilities. Typically, such utilities display only the size of
the data currently present in the local cache, while Nasuni displays the full size,
regardless of where the data is.
• Ambient Temperature (for Nasuni Edge Appliance hardware appliances only): The ambient
temperature in Celsius and Fahrenheit.
• Exhaust Temperature (for Nasuni Edge Appliance hardware appliances only): The exhaust
temperature in Celsius and Fahrenheit.
• Inlet Temperature (for Nasuni Edge Appliance hardware appliances only): The inlet
temperature in Celsius and Fahrenheit.
• Power Supplies (for Nasuni Edge Appliance hardware appliances only): The status of the
power supplies. If the status is Alert, you should investigate the situation.
• RAID Arrays (for Nasuni Edge Appliance hardware appliances only): Number of RAID arrays
and status of the RAID arrays. If the status is Alert, you should investigate the situation.
• RAID Disks (for Nasuni Edge Appliance hardware appliances only): Number of disks and
status of the disks. If the status is Alert, you should investigate the situation.
• In the Network area:
• Hostname: Hostname of this Nasuni Edge Appliance. For details, see “Network” on
page 373.
• IP Addresses: IP addresses for this Nasuni Edge Appliance. Clicking this setting opens the
Nasuni Edge Appliance user interface. For details, see “Network” on page 373.
• Default Gateway: Default gateway for this Nasuni Edge Appliance. For details, see
“Network” on page 373.
• DNS Servers: DNS servers for this Nasuni Edge Appliance. For details, see “Network” on
page 373.
• Search Domains: Search domains for this Nasuni Edge Appliance. For details, see
“Network” on page 373.
Health Monitor
Health Monitor is a feature for monitoring a number of Edge Appliance conditions. Health Monitor
conditions can be helpful in troubleshooting issues with Edge Appliances. The monitored results are
displayed in the Health area here.
API Keys
Certain programs external to the Nasuni Edge Appliance require a Nasuni API access key for
configuration purposes.
• Hour: The time at which to look for automatic software updates on the selected days.
Cache Settings
On the Filer Cache Settings page, you can view and edit the settings for the local cache space
reserved for new writes.
The cache performs two different, but related, tasks. First, the cache retains the data that users are
most likely to need. Second, the cache also temporarily contains new, incoming data that the Nasuni
Edge Appliance has not yet sent to permanent storage in the cloud.
By default, the Nasuni Edge Appliance automatically manages the amount of local cache space
reserved for new, incoming data, using an advanced algorithm to optimize cache usage. However, the
administrator can manually set the area of the cache reserved for new, incoming data. The area for
new, incoming data can be from 5 percent to 90 percent of the cache. The remainder of the cache
retains the data locally that users are most likely to need.
The larger the area for new, incoming data is, the less data the Nasuni Edge Appliance can retain
locally, and the more slowly users can access data. It might also be necessary for the Nasuni Edge
Appliance to frequently retrieve data from the cloud, which could delay access.
However, the larger the area for new, incoming data is, the larger the batches of new, incoming data
that the Nasuni Edge Appliance can send to permanent storage in the cloud, protecting that data from
loss.
You can estimate the area necessary for each use by examining data usage patterns. For example, if
you have a 1 TB cache and must keep 200 GB of data locally, then you can set the area for new,
incoming data as high as 80 percent. On the other hand, if you rarely have more than 300 GB in a
snapshot, then you can set the area for new, incoming data as low as 30 percent, leaving 70 percent of
the cache for retaining data locally.
By setting the amount of local cache space reserved for new, incoming data, you disable the automatic
management of this value.
To view unprotected files in the cache, see “Unprotected Files” on page 139.
• Minimum Value: The minimum value of space to reserve for new, incoming data, in percent.
• Maximum Value: The maximum value of space to reserve for new, incoming data, in
percent.
• Reserved: The amount of space reserved for new, incoming data in the cache, in percent. If
the amount of space reserved for new, incoming data is managed automatically by the
Nasuni Edge Appliance, the label “Automatic” appears.
CIFS Settings
You can view and configure CIFS settings for Nasuni Edge Appliances. These advanced features of the
CIFS interface apply to all volumes on a Nasuni Edge Appliance.
Durable handles allow SMB 2.0 and higher clients to open a file and survive a temporary connection
loss (60 seconds or less). Durable handles are supported for volumes with NTFS Exclusive Permissions
Policy and cannot be used with Global File Lock.
Note: When Global Locking is enabled, support for SMB durable handles (allowing clients to
survive temporary connection loss) is disabled. Enabling Global Locking anywhere on the
volume disables durable handles. If durable handles is disabled in this way, durable
handles cannot be enabled again.
6. To not allow anonymous connections, select Restrict Anonymous. When selected, users
cannot log into CIFS without entering a username and password.
Tip: If “Restrict Anonymous” is not set, anonymous connections are allowed, and users can
log into CIFS without entering a valid username and password.
If “Restrict Anonymous” is set, anonymous connections are not allowed, and users must
enter a valid username and password to log into CIFS. In particular, users cannot
discover shares, cannot discover or list sessions, and cannot discover or list users and
groups. Additional restriction options can be configured by contacting Support.
7. To save your settings, click Save CIFS Settings. Otherwise, click Close.
Note: Changing these settings only affects new CIFS/SMB clients. You must disconnect or
reset an existing client's connection to use the new settings.
FTP Settings
You can view and configure FTP/SFTP settings for Nasuni Edge Appliances. These advanced features
of the FTP protocol apply to all volumes on a Nasuni Edge Appliance.
Note: Nasuni supports SFTP, the SSH File Transfer Protocol. This is not the same as FTPS, the
File Transfer Protocol over SSL.
Tip: In order to access data using the FTP/SFTP protocol, the following steps are necessary:
1. Create a CIFS or NFS volume. See “Create Volume” on page 100.
2. Enable the FTP protocol on the volume. See “Enabling multiple volume protocols” on
page 201.
3. (Optional) Configure FTP/SFTP settings. See “Editing FTP settings” on page 294.
4. Add a new FTP/SFTP directory. See “Creating FTP directories” on page 154.
5. (Optional) Create a permission group that has storage access. See “Adding Permission
Groups” on page 394 in the Nasuni Edge Appliance Administration Guide.
6. (Optional) Create a user in a permission group that has storage access. See “Adding Users”
on page 401 in the Nasuni Edge Appliance Administration Guide. Active Directory and LDAP
users can log in for FTP access just as they do for CIFS access. Also, if anonymous access
is enabled, you don't need a specific group or user.
7. Access files using the FTP/SFTP protocol.
• Anonymous Access Group: Group associated with the Anonymous Access Username.
6. Optionally, in the Anonymous Access Group text box, type the group associated with the
Anonymous Access Username.
7. Click Save FTP Settings to save your settings. Otherwise, click Close.
Disk Encryption
You can view and change the disk encryption settings for Nasuni Edge Appliances. If Full Disk
Encryption is available for a Nasuni Edge Appliance, you can enable disk encryption. If disk encryption
is enabled, you can change the encryption password.
Warning: After Full Disk Encryption is enabled, it cannot be disabled.
2. To change the password for a disk with disk encryption enabled: On the Full Disk Encryption
page, for a Nasuni Edge Appliance that has the status of Enabled, click Edit . The Change
Full Disk Encryption Password dialog box appears.
Email Settings
Clicking the Email Settings link opens the Filer & Console Email Settings page. See “Email Settings”
on page 415.
Encryption Keys
Note: For details of encryption key management, see Encryption Key Best Practices.
You can view, upload, send, escrow, and delete encryption keys on the Filer Encryption Keys page.
You can also select backup keys. You can view, add, enable, and disable volume encryption keys on
the Volume Encryption Keys page. You can view, upload, escrow, and delete encryption keys on the
Console Settings Encryption Keys page.
The Nasuni Edge Appliance automatically encrypts your data at your premises using the OpenPGP
encryption protocol, with the default encryption of 256-bit Advanced Encryption Standard (AES-256).
The data remains encrypted in cloud storage.
You can generate your own encryption keys using any OpenPGP-compatible program, such as
Gpg4win, GPGTools, and OpenPGP Studio. For details, see Generating Encryption Keys. You can then
add (import or upload) the encryption key to the Nasuni Management Console. (For security reasons,
encryption keys that you upload cannot be downloaded from the system.) The encryption key is used
to encrypt your data before it is sent to cloud storage and decrypt data when it is read back.
Note: If an uploaded encryption key has an associated passphrase, that passphrase is removed
from the encryption key when it is uploaded. The Edge Appliance does not need the
passphrase in order to use the encryption key. However, if you do not escrow this
encryption key, if you ever perform a recovery procedure on the Edge Appliance, you must
provide that passphrase when you upload that encryption key during the recovery
procedure.
You can send existing encryption keys to Nasuni Edge Appliances. You can escrow your encryption
keys with Nasuni.
All data on a volume is encrypted using one or more OpenPGP-compatible encryption keys before
being sent to cloud storage. Volumes may be encrypted with one or more encryption keys, and
encryption keys may be used for any number of volumes.
There are several actions you can perform on encryption keys, including adding new encryption keys,
enabling or disabling encryption keys, escrowing encryption keys with Nasuni, and, under certain
circumstances, deleting encryption keys.
All uploaded encryption keys should be at least 2048 bits long.
Warning: Do NOT save encryption key files to a volume on a Nasuni Edge Appliance.
You will NOT be able to use these to recover data. This is NOT how to upload
encryption keys to a Nasuni Edge Appliance. To upload encryption keys to a
Nasuni Edge Appliance, use the Encryption Keys page.
At least one encryption key must be enabled for a volume, but several encryption keys can be enabled
at the same time. When multiple encryption keys are enabled, all of the encryption keys enabled at the
time are used to encrypt the data. Any of the encryption keys enabled at the time a piece of data is
encrypted can be used to later decrypt the data. Only the encryption keys enabled when the data was
written can decrypt that data. An encryption key that was enabled after the data was written cannot
decrypt any data that was written before that key was enabled.
There are several reasons you might want to disable an encryption key, such as, when someone with
access to the encryption key leaves the company, or if your enterprise has a policy of rotating
encryption keys periodically. When you disable an encryption key, no future data is encrypted with that
encryption key. However, all data previously encrypted by that disabled encryption key remains
encrypted by that disabled encryption key. For this reason, before you disable an encryption key, you
should consider establishing a snapshot retention policy that removes the data that was encrypted with
the disabled encryption key. Because volumes must have at least one encryption key associated with
them, in practice you add a new encryption key to a volume first, and then disable the existing
encryption key.
You can delete encryption keys, but only in the case where they are not being used by any volumes.
You cannot modify encryption keys stored on the system. For security reasons, encryption keys that
you upload cannot be downloaded from the system. You can only download encryption keys that the
Nasuni Edge Appliance has generated internally.
You can escrow your encryption keys with Nasuni (or a trusted third party), or store your own
encryption keys. Before you can escrow your encryption keys with Nasuni, you must create an escrow
passphrase, in case you need these escrowed encryption keys when you perform a recovery
procedure.
You can specify that you do not want Nasuni to generate any of your encryption keys. This ensures that
your data is encrypted only with encryption keys that you upload. If you specify this, you must upload
all the encryption keys used. Specifically, when creating a volume, you cannot select Create New Key
as the source of the volume encryption key. For security reasons, encryption keys that you upload
cannot be downloaded from the system. If you want to specify that Nasuni not generate encryption
keys, request Nasuni Support to disable key generation in your license.
Similarly, you can specify that you do not want Nasuni to escrow encryption keys. If you specify this,
you must manage your own encryption keys, because Nasuni does not manage them. If you specify
this, you can still have Nasuni generate encryption keys, and those generated encryption keys are still
automatically escrowed, because all generated encryption keys are automatically escrowed. If you
want to specify that Nasuni not escrow encryption keys, request Nasuni Support to disable key escrow
in your license.
To ensure that none of your encrypted keys is escrowed with Nasuni, you must specify both that
Nasuni not generate encryption keys and that Nasuni not escrow encryption keys.
Note: To add an encryption key to a volume, see “Adding encryption keys to a volume”.
See Worksheet for a worksheet for planning configurations.
To add (import or upload) encryption keys to Nasuni Edge Appliances, follow these steps:
1. On the Filer Encryption Keys page, click Upload Encryption Keys. The Import Key(s) dialog
box appears.
Backup Keys
A backup key is a type of encryption key that is used to ensure that it is possible to recover a Nasuni
Edge Appliance that has no owned volumes. Without a backup key, it is not possible to recover a
Nasuni Edge Appliance that has no owned volumes.
If a Nasuni Edge Appliance has no owned volumes and no backup key, after 2 days, the following
notification is sent: “Because this Edge Appliance has no volumes or backup keys, you cannot
currently perform a disaster recovery on this Edge Appliance. On the Encryption Keys page, you can
generate a backup key to enable disaster recovery.”
For Edge Appliances before version 9.3, you can generate a Backup Key using the Nasuni Edge
Appliance user interface.
If the backup key is the only encryption key for the Nasuni Edge Appliance, you cannot delete the
backup key.
When recovering the Nasuni Edge Appliance using a backup key, indicate whether or not you need
Nasuni to provide an escrowed backup key on the second “Perform Disaster Recovery on existing
Edge Appliance” page. Then obtain your backup key, either from Nasuni or from your own
safekeeping, and upload your backup key on the “Upload Encryption Keys” page.
Escrow Passphrase
To perform a recovery procedure on an Edge Appliance, you MUST have all of the encryption keys for
ALL volumes owned by that Edge Appliance in order to successfully regain access to your data. This
means that, if Nasuni is escrowing any of your encryption keys, one of the following must occur:
• You must have created an escrow passphrase.
• You must have all of your encryption keys available, including the encryption keys escrowed
with Nasuni.
• You must contact Nasuni and verify your identity so that Nasuni can issue a special recovery
key.
The escrow passphrase must contain only ASCII printable characters (no Unicode) and cannot exceed
511 characters.
You can create an escrow passphrase on the Nasuni Edge Appliance, on the NMC, or using the NMC
API.
To create an escrow passphrase on the NMC, follow these steps:
1. Click Filers, then select Escrow Passphrase from the list. The Filer Escrow Passphrase page
appears.
Global Locking
Edit
This page enables you to configure certain aspects of Global File Lock. For details about Global File
Lock, see “Global File Lock” on page 127.
Tip: For Nasuni recommendations for volume configuration, see “Volume Configuration” on
page 534.
Tip: Use caution when making changes to Global File Lock, and discuss the possible
implications of changes beforehand with Nasuni Technical Support.
Tip: To use Global File Lock, you must enable Global Locking in the customer license.
Caution: Nasuni recommends that you enable, disable, or reconfigure Global File Lock only
during off-hours, after ensuring that all affected files and directories are closed.
Caution: Disabling Global File Lock does not take effect immediately for files that still have
outstanding locks by one or more clients.
Caution: It is not recommended to move files between directories protected by Global File Lock
and directories not protected by Global File Lock. Data loss is possible.
Note: When Global Locking is enabled, support for SMB durable handles (allowing clients to
survive temporary connection loss) is disabled.
Caution: If you move a directory from a parent directory that does not have Global File Lock
enabled, to another parent directory that does have Global File Lock enabled, the new
directory is created in the destination parent directory, the data is moved to the new
directory, and the original directory is deleted from the source parent directory.
Snapshots of the moved directory from before the move are retained in the source
parent directory.
Global File Lock is automatically enabled for the new directory. This default behavior
can be changed so that Global File Lock is not automatically enabled for the moved
directory. Nasuni Support can configure this setting.
Tip: If Global File Lock is enabled for a volume that uses multiple protocols where hardlinks
might be present, it is highly recommended that the parent directory where Global File Lock
is enabled be exported as an “NFS Export” to applications that use multiple protocols. Note
that hardlinks can span multiple hierarchies where Global File Lock is enabled.
Important: If an open file has Global File Lock enabled, and if that file is saved, then that file is
protected in the cloud outside of the regular snapshot, even if that file is still open.
However, if Antivirus Protection is enabled for that file, then that open file is not
immediately protected in the cloud. This is because Antivirus Protection must check
that file before that file can be moved to cloud storage. In this case, after Antivirus
Protection checks that file, and that file has no infections, then that file is protected
in the cloud.
If a file does have antivirus infections, and those infections are marked “Ignore”, then
the file experiences the usual Global File Lock processing.
For details of Global File Lock processing, see Global File Lock.
For details of Antivirus Protection processing, see Antivirus Service.
If Global File Lock is enabled, and Internet connectivity issues prevent a Nasuni Edge Appliance from
releasing locks on certain files, local users can still read any files that are present in the local cache by
degrading the type of lock to a read lock.
If a user is trying to access a file that is not present in the local cache, and if the Nasuni Edge Appliance
does have Internet access, you can also attempt to restore access to the file by degrading the type of
lock to a read lock. Enabling this feature causes all locks that are not read locks to be denied. This
effectively makes any directories that have global locks enabled into read-only directories.
To continue working on a file, the user should copy the file to their local client.
After connectivity is restored, set “Degrade to read locks” back to “disabled”.
After connectivity is restored and “Degrade to read locks” has been set back to “disabled”, the user
should copy the file back to the Edge Appliance.
Tip: Only enable this feature if file access is affected for an extended period of time.
You can perform this procedure using either the Nasuni Edge Appliance user interface or the Nasuni
Management Console (NMC).
2. Select the Nasuni Edge Appliances to degrade to read locks, then click Edit Filers. The Global
Locking Settings dialog box appears.
Note: You cannot have a rule that applies to the same day and hour as another rule.
a. Select the days to limit the bandwidth (for example, Sunday, Tuesday, and Thursday).
b. To specify limiting the bandwidth 24 hours a day, select the All Day check box.
Otherwise, select the hour to start limiting the bandwidth from the Start drop-down list.
Select the hour to stop limiting the bandwidth from the Stop drop-down list.
c. Enter the Outbound Limit value, and select the units from the drop-down list. Use 0 (zero) to
specify no limit.
Tip: Nasuni recommends setting the Quality of Service to the limit of the total bandwidth,
or slightly higher (so that bandwidth is not being limited). If the Quality of Service is
too low, it can cause delays in propagation and snapshots.
Nasuni does not recommend setting the Quality of Service to Unlimited, because a
setting of Unlimited disables traffic shaping, which prioritizes and allocates
bandwidth to different types of traffic (such as user activity, snapshots, and merges),
so that no traffic is denied bandwidth.
d. Enter the Inbound Limit value, and select the units from the drop-down list. Use 0 (zero) to
specify no limit.
e. Click Add Rule. The new rule is added to the Quality of Service.
Alternatively, to exit the dialog box without adding the new rule, click Close.
5. Click Save Rules. The Quality of Service rules are changed. The Nasuni Edge Appliance
appears in the list on the Quality of Service page.
Alternatively, to exit the dialog box without changing the Quality of Service rules, click Close.
b. To specify limiting the bandwidth 24 hours a day, select the All Day check box.
Otherwise, select the hour to start limiting the bandwidth from the Start drop-down list.
Select the hour to stop limiting the bandwidth from the Stop drop-down list.
c. Enter the Outbound Limit value, and select the units from the drop-down list. Use 0 (zero) to
specify no limit.
Tip: Nasuni recommends setting the Quality of Service to the limit of the total bandwidth,
or slightly higher (so that bandwidth is not being limited). If the Quality of Service is
too low, it can cause delays in propagation and snapshots.
Nasuni does not recommend setting the Quality of Service to Unlimited, because a
setting of Unlimited disables traffic shaping, which prioritizes and allocates
bandwidth to different types of traffic (such as user activity, snapshots, and merges),
so that no traffic is denied bandwidth.
d. Enter the Inbound Limit value, and select the units from the drop-down list. Use 0 (zero) to
specify no limit.
e. Click Update Rule. The rule is changed.
Alternatively, to exit the dialog box without changing the rule, click Close.
5. Click Save Rules. The Quality of Service rules are changed. The Nasuni Edge Appliance
appears in the list on the Quality of Service page.
Alternatively, to exit the dialog box without changing the Quality of Service rules, click Close.
Alternatively, to exit the dialog box without changing the Quality of Service rules, click Close.
Quota Reports
You can view and configure the schedule of when to send quota reports. You can also manually initiate
sending a quota report.
Using the Nasuni Edge Appliance user interface, you can set a quota on the contents of a directory and
the subdirectories of a directory. You can configure an email address to receive reports when the
selected directory is near or over its limit. You can also set the quota limit. The email reports can go to
administrators or to users or both. To send quota email reports, you must also enable email (see “Email
Settings” on page 415) and Capacity Alerts (see “Adding Permission Groups” on page 480).
A typical personal quota report looks like the following:
You are receiving this automated Storage Usage Report because at least one
directory is near or over its storage quota threshold of 90%. Your storage
administrator has associated this email address with the directories
listed below. If this is incorrect, please contact your storage
administrator.
This Storage Usage Report is for the storage controller: "filer-x"
This Storage Usage Report includes directories that are in the volume:
volume-1
Current Current
Percent
Directory Path Storage Storage Email Address
Used
Limit Usage
Please consult with your storage administrator to either reduce the amount
of data stored in the directories listed above, or increase the storage
limit for those directories.
A typical Directory Quota Violation Report looks like the following:
You are receiving this Directory Quota Violation Report because one or
more directories is near or over its Directory quota threshold of 90%.
This email address is designated to receive Capacity Alerts. If this is
incorrect, you can change the Email Settings for this Nasuni Edge
Appliance.
This Storage Usage Report is for the storage controller: "filer-x"
This Storage Usage Report includes directories that are in the volume:
volume-1
Current Current
Percent
Directory Path Storage Storage Email Address
Used
Limit Usage
6. Select the hour to start sending quota reports from the Activation Time drop-down list.
7. To send administrative reports, select Administrative Report. Administrative reports include all
Directory Quota Violations for all directories near or over their quota.
8. To send user reports, select User Report. User reports include individual Directory Quota
Violations sent to the owner of the directory for the user’s directories near or over their quota.
9. In the Report Threshold text box, enter the percentage of the limit at which to send the report.
For example, if you enter 95, a report is sent when the data exceeds 95 percent of the limit.
10. Click Add Report. The new quota report schedule is added.
Alternatively, to exit the dialog box without adding the quota report schedule, click Close.
11. On the Volume Quota Report Settings dialog box, click Save Schedules. The quota report
schedules are saved. The Nasuni Edge Appliance appears in the list on the Quota Report
Schedule page.
Alternatively, to exit the dialog box without saving the quota report schedules, click Close.
5. Select the days to send quota reports (for example, Sunday, Tuesday, and Thursday). To select
or deselect all days, click Select/Deselect All.
6. Select the hour to start sending quota reports from the Activation Time drop-down list.
7. To send administrative reports, select Administrative Report. Administrative reports include all
Directory Quota Violations for all directories near or over their quota.
8. To send user reports, select User Report. User reports include individual Directory Quota
Violations sent to the owner of the directory for the user’s directories near or over their quota.
9. In the Report Threshold text box, enter the percentage of the limit at which to send the report.
For example, if you enter 95, a report is sent when the data exceeds 95 percent of the limit.
10. Click Update Schedule. The quota report schedule is updated.
Alternatively, to exit the dialog box without updating the quota report schedule, click Close.
11. On the Volume Quota Report Settings dialog box, click Save Schedules. The quota report
schedules are saved. The Nasuni Edge Appliance appears in the list on the Quota Report
Schedule page.
Alternatively, to exit the dialog box without saving the quota report schedules, click Close.
SNMP Settings
You can configure SNMP monitoring of Nasuni Edge Appliances, for network monitoring, and with
third-party products that collect and report log data, such as Splunk.
Nasuni provides two ways to configure SNMP monitoring:
• You can enable SNMP traps, which send information to destinations that you provide.
• You can use apps that can pull SNMP information, using the definitions in the NASUNI-FILER-
MIB.
You can configure either or both.
The Nasuni Edge Appliance supports monitoring via the Simple Network Management Protocol (SNMP)
v1, v2c, and v3. The Nasuni Edge Appliance exposes the standard SNMPv1 MIB (management
information base), as well as the NASUNI-FILER-MIB, SNMPv2-MIB, HOST-RESOURCES-MIB, UCD-
SNMP-MIB, UCD-DISKIO-MIB, and IF-MIB. Both 32-bit and 64-bit SNMP network counters are
supported.
Each of the displayed MIBs is a link. If you click a link, a page with that MIB information appears.
As the SNMP agent, Nasuni receives requests on UDP port 161 from the third-party SNMP manager
that is used for system monitoring. Nasuni sends agent responses back to the source port on the third-
party SNMP manager. The third-party SNMP manager receives notifications (including Traps and
InformRequests) on SNMP destination port 162. You cannot change port 161 or port 162.
Important: Data is updated at most once per minute. Some values, such as
filerTotalUnprotectedData, might take 20 minutes or longer to be updated.
Note: Nasuni automatically provides the EngineID value.
Tip: You can also monitor hardware conditions using iDRAC. See iDRAC Configuration.
Data available in SNMP updates includes the following:
• Network information, such as:
• Inbound and outbound traffic by type and by port
• Volume information, such as:
• Size
• TIme of last snapshot
• Local cache information, such as:
• Total space, used space, and free space
• Unprotected data
• Cache hit/miss rate
• CPU performance information, such as:
• Percent utilization
• Load averages
• Memory usage information, such as:
• Memory utilization
• Swap utilization
• Disk performance information, such as:
• Number of disk reads and writes per disk
• Bytes read and written per disk
• Client information, such as: Number of connected CIFS, and Mobile Access clients
• Snapshot and sync information, such as:
• Number of Merge Conflicts
• Snapshot success (version) count per volume
• Times for Snapshots (start, end, delta) per volume
• Traps information for anything that would generate an email alert
• Community Name: If SNMP v1,v2c is enabled, the Community Name parameter from
the SNMP settings.
• SNMP V3: Indication of whether SNMP v3 is enabled for this Nasuni Edge Appliance:
Enabled or Disabled.
• Trap Addresses: If SNMP is enabled, a list of IP addresses or hostnames listening for
SNMP traps.
• System Info: If SNMP is enabled, additional information appears.
• Location: The System Location parameter from the SNMP settings. If SNMP monitoring
is disabled, the label “--” appears.
• Contact: The System Contact parameter from the SNMP settings. If SNMP monitoring
is disabled, the label “--” appears.
If you enable SNMP v1,v2c monitoring, in the Community Name text box, enter the SNMP
community name for the Nasuni Edge Appliance. The default community name is public.
Changing the community name from the default improves security.
If you enter any trap addresses, you can send a test trap by clicking Send Test Trap.
9. Click Save SNMP Settings. The SNMP settings are changed. The Nasuni Edge Appliances
appear in the list on the Filer SNMP Settings page.
Alternatively, to exit the dialog box without changing the SNMP settings, click Close.
Syslog Export
Syslog Export enables you to direct Nasuni notifications and file auditing messages to your syslog
servers. Tools that work with syslog, such as Splunk, can then process, store, and report on these
messages. The syslog protocol is used to convey event notification messages. It also provides a
message format that allows vendor-specific extensions to be provided in a structured way. Syslog
Export supports UDP protocol.
You can also direct NMC console notifications to your syslog servers. See “Syslog Export” on
page 419.
Tip: Because each Edge Appliance sends syslog messages directly to the specified syslog
servers, ensure that the appropriate port is open between each Edge Appliance and the
syslog servers. This is usually UDP port 514.
A standard syslog message (based on the RFC 5424 specification) uses the following format:
<PRIORITY>VERSION TIMESTAMP HOSTNAME APPLICATION
PROCID MESSAGEID [STRUCTURED_DATA] MESSAGE
where:
Structured Data Structured Data Elements (Not currently used. A ‘-’ appears instead.)
Unique data elements consisting of well-known
key-value pairs within a set of brackets.
2. Click Edit Filers. The Filer Syslog Export Settings dialog box appears.
10. From the “Lowest Log Level” drop-down list, select the lowest Notification level to send. Each
Notification level includes all the Notifications in the levels above it in the drop-down list. For
example, the ‘Info’ level includes all the other levels, but the ‘Alert’ level includes only alerts.
11. To send test messages to the currently listed Servers for all selected Nasuni Edge Appliances,
click “Send Test Messages”. A test message is sent to all listed Servers. If Notifications are on,
the messages use the selected Notification level and facility. If Audit is on, but Notifications are
off, the messages use the ‘Audit’ level and facility. If neither is on, the messages are sent with
the selected Notification facility at ‘Info’ level. Sending test messages does not save the
configuration.
12. Click Save Settings. Your settings are saved. The Nasuni Edge Appliances appear in the list on
the Filer Syslog Export Settings page.
Alternatively, to exit the dialog box without changing the syslog export settings, click Close.
Time Configuration
Important: Edge Appliances and the NMC must be configured with operational DNS servers and
a time server (internal or external) within your environment.
You can set the time zone and time server for the Nasuni Edge Appliance, which are necessary for
notifications and file sharing purposes. The time zone setting you select should be for the region where
the Nasuni Edge Appliance is located. For example, use “US/Eastern” if you are located in the eastern
part of the United States.
See Worksheet for a worksheet for planning configurations.
6. Click Save Timezone. The time zone and time source settings are changed. The Nasuni Edge
Appliances appear in the list on the Filer Time Configuration page.
Alternatively, to exit the dialog box without changing the time zone and time source settings,
click Close.
You can use the Web Access feature to access CIFS share data or NFS export data stored in the
Nasuni Edge Appliance using a Web browser. You can configure the Web Access display to include
elements of your organization’s branding, including logo and colors. For information on Web Access,
see “Web Access” on page 214. To enable Web Access, see at step 20 on page 175.
To configure Web Access branding, follow these steps:
1. Click Filers, then select Web Access Branding from the list on the left-hand side. The Web
Access Branding page displays a list of managed Nasuni Edge Appliances.
5. To include a logo on the Web Access display, click the Logo area and navigate to a logo
graphics file. The maximum file size is 500 KB.
Caution: The maximum length of a file name is 255 bytes.
In addition, the length of a path, including the file name, must be less than 4,000
bytes.
Since the UTF-8 representation of characters from some character sets can occupy
several bytes, the maximum number of characters that a file path or a file name
might contain can vary.
If a particular client has other limits, the smaller of the two limits applies.
6. To change the primary color, which is used for items including Shares, Settings, and Logout on
the Web Access display, click the Primary Color area and select a primary color.
7. To change the secondary color, which is used for items including Add Folder, Upload File, and
Sort on the Web Access display, click the Secondary Color area and select a secondary color.
8. To revert to the default logo, primary color, and secondary color, click Set Defaults.
9. Click Save Rules. Your settings are saved.
Figure 12-60: Web Access Branding dialog box with new logo and colors.
The Web Access page appears with the selected logo and colors.
Mobile Settings
You can view and edit the settings for the Mobile Access service.
The Nasuni Mobile Access service enables you to access folders and files from mobile devices,
including iOS-based devices (such as iPhone and iPad) and Android phones. Nasuni Mobile Access is
available for volumes on which the CIFS protocol has been enabled, but not for NFS volumes.
Tip: For Nasuni recommendations for volume configuration, see “Volume Configuration” on
page 534.
See Worksheet for a worksheet for planning configurations.
Tip: Nasuni monitors platform-specific limits on the number of supported concurrent
connections. When the number of concurrent connections reaches the “soft limit” for an
Edge Appliance, you receive a notification of how many connections remain, and a
suggestion to reduce the number of connections for that Edge Appliance, if possible. When
the number of concurrent connections reaches the “hard limit” for an Edge Appliance, you
receive a notification, and all new connections are denied for that Edge Appliance until the
number of connections decreases below the “hard limit” again.
N1050
N2040 3000 connections
5000 4000 connections
6000
7. Click Save Settings. The Mobile Access service settings are changed. The Nasuni Edge
Appliances appear in the list on the Mobile Service Settings page.
Alternatively, to exit the dialog box without changing the Mobile Access service settings, click
Close.
5. The Generate Invitation Link dialog box appears again, showing the invitation link.
Mobile Licenses
You can view, enable, disable, and delete licenses for the Mobile Access service.
See Worksheet for a worksheet for planning configurations.
Refresh License
You can refresh the subscription license of Nasuni Edge Appliances. This is ordinarily unnecessary,
unless the license has changed in some way.
Refreshing license
To refresh the subscription license, follow these steps:
1. Click Filers, then click Refresh License in the left-hand column. The Refresh Subscription
License page displays a list of managed Nasuni Edge Appliances.
Send Diagnostics
If you experience problems that you cannot resolve, you can send diagnostic information to Nasuni
Technical Support for troubleshooting purposes.
Note: Local diagnostic information is automatically sent when needed, so there is typically no
need to do this, unless instructed to by Nasuni Technical Support. Using Send Diagnostics
includes more information than the automatic diagnostic information.
To send diagnostic information, follow these steps:
1. Click Filers, then select Send Diagnostics from the menu. The Send Diagnostics page
displays a list of managed Nasuni Edge Appliances.
Side Load
Nasuni supports a Disaster Recovery (DR) process that enables you to recover the Nasuni Edge
Appliance after a true disaster, such as the loss of a data center. However, most of the time, clients
perform the Disaster Recovery process in order to upgrade from one piece of hardware to another.
In such a situation, there is a working Nasuni Edge Appliance in their data center that contains active
data in the cache. Performing the Disaster Recovery process results in a new Nasuni Edge Appliance
that has an empty cache. The client often then re-populates the new cache with data, which can require
considerable inbound bandwidth from the cloud, and which can take days, weeks, or even months to
complete.
The Side Load feature enables you to transfer cache data directly from the source Nasuni Edge
Appliance to the new Nasuni Edge Appliance. The source Nasuni Edge Appliance must already be
decommissioned.
Tip: You cannot perform the Side Load procedure apart from performing the Disaster Recovery
procedure.
Tip: Only one Side Load process is permitted at a time for each Nasuni Edge Appliance.
Tip: Only the Admin user can perform the Side Load process.
Tip: The source Nasuni Edge Appliance must be:
• Running;
• Decommissioned;
• Using release 7.0 or above.
Tip: Any Quality of Service (QoS) limits to bandwidth do not pertain to the Side Load process.
The Side Load process uses all the available bandwidth to copy data.
You can configure Notifications to notify you by email when the Side Load process completes.
To view unprotected files in the cache, see “Unprotected Files” on page 139.
6. In the Password text box, enter the password for the specified Username for the specified
source Nasuni Edge Appliance. The source Nasuni Edge Appliance must already be
decommissioned.
7. Click Connect and Start.
A connection is established with the data of the source Nasuni Edge Appliance. Data begins
moving to the destination Nasuni Edge Appliance.
After the data transfer starts, you can view the progress of the Side Load process.
8. When the Side Load process completes, the Complete label appears.
Tip: Record any information you want to retain from the screen.
In contrast, some platforms display the size of data in base 2 units (including
MB = 1,048,576 bytes, GB = 1,073,741,824 bytes, and TB = 1,099,511,627,776
bytes).
For example, a file that Nasuni displays as 10 MB would be displayed by some
platforms as 9.53 MB.
• Est. Rate: The estimated rate of data transfer (in KB/S, MB/S, GB/S, or TB/S).
• Est. Time Remaining: The estimated time until the Side Load process is complete.
• Actions: Actions available for each Side Load process.
2. To pause a running Side Load process, click Pause. The Side Load process pauses indefinitely.
The bar graph label changes to Paused.
To continue with the Side Load process after a pause, click Resume. The Side Load process
continues. The bar graph label changes to Running.
3. To cancel the Side Load process, click Cancel. The Cancel Side Load dialog box appears.
Cache Jobs
You can view the status of jobs that bring data or metadata into the cache, such as Bring into Cache
(see “Bringing Data into Cache of the Nasuni Edge Appliance” on page 123) and Auto Cache (see
“Enabling Auto Cache for Folders” on page 125). You can also cancel jobs that are unnecessary.
To view unprotected files in the cache, see “Unprotected Files” on page 139.
CIFS Clients
You can view the status of Nasuni Edge Appliance CIFS clients. You can also disconnect the CIFS
client, reset CIFS clients, and reset the CIFS authorization cache.
You can reset the CIFS authentication cache to clear all CIFS shares for Nasuni Edge Appliance users.
You might reset the CIFS authentication cache if instructed by Nasuni Support, or if users are not
appearing in a group they are assigned to via Active Directory or LDAP Directory Services.
To reset the CIFS authentication cache, follow these steps:
1. On the Filer CIFS Clients page, click Reset CIFS Auth Cache. The Reset CIFS Auth Cache
dialog box appears.
2. Select the Nasuni Edge Appliances whose CIFS authentication cache you want to reset. Then
click Reset Auth Cache.
This flushes all the cached CIFS authentication data. Alternatively, to not reset the CIFS authentication
cache, click Close.
You can reset all CIFS clients connected to the Nasuni Edge Appliance. You might reset all CIFS clients
if instructed by Nasuni Support, or to remove clients.
Important: After you change any share setting, the currently connected CIFS/SMB clients do not
observe the change until they disconnect and create new sessions. You can
disconnect clients individually by clicking Disconnect for each one, or you can
disconnect all clients by clicking "Reset All Clients".
To reset all CIFS clients, follow these steps:
1. On the Filer CIFS Clients page, click Reset All Clients. The Reset All Clients dialog box
appears.
2. Select the Nasuni Edge Appliances whose CIFS clients you want to reset. Then click Reset
Clients.
This resets all CIFS clients for the selected Nasuni Edge Appliances. Alternatively, to not reset all CIFS
clients, click Close.
Note: Some CIFS clients automatically re-connect to CIFS shares and can then re-appear in the
listing even after the connection is reset.
FTP clients
You can view the status of FTP/SFTP clients.
Note: Nasuni supports SFTP, the SSH File Transfer Protocol. This is not the same as FTPS, the
File Transfer Protocol over SSL.
Tip: In order to access data using the FTP/SFTP protocol, the following steps are necessary:
1. Create a CIFS or NFS volume. See “Create Volume” on page 100.
2. Enable the FTP protocol on the volume. See “Enabling multiple volume protocols” on
page 201.
3. (Optional) Configure FTP/SFTP settings. See “Editing FTP settings” on page 294.
4. Add a new FTP/SFTP directory. See “Creating FTP directories” on page 154.
5. (Optional) Create a permission group that has storage access. See “Adding Permission
Groups” on page 394 in the Nasuni Edge Appliance Administration Guide.
6. (Optional) Create a user in a permission group that has storage access. See “Adding Users”
on page 401 in the Nasuni Edge Appliance Administration Guide. Active Directory and LDAP
users can log in for FTP access just as they do for CIFS access. Also, if anonymous access
is enabled, you don't need a specific group or user.
7. Access files using the FTP/SFTP protocol.
Filer Heuristics
Chart
For all Nasuni Edge Appliances, or for each Nasuni Edge Appliance, you can view the number of each
type of file and the number of each size of file stored. These metrics can be useful for planning storage.
Metrics are updated after each snapshot by an Edge Appliance.
To view file metrics:
1. Click Filers, then select Heuristics from the list. The Filer Heuristics page appears.
2. From the Filer drop-down list, select All Filers or the specific Nasuni Edge Appliance you want
heuristics for.
amount of data in the cache, and the display of data in the cache. Also, bringing all
metadata into the cache adds time to the sync process and might affect user
performance. With no users on a dedicated appliance (for example, to change
permissions or perform searches), the effect on sync times due to syncing the entire
metadata tree would not affect any user-related snapshot or sync changes.
The NMC API can also be used to verify that these features have been configured for
a directory.
Because metadata-only pinning and Auto Cache pinning are currently possible only
with the NMC API, directories with such pinning enabled are not displayed in the File
Browser of the NMC and the Edge Appliance, nor on the NMC Pinned Folders and
NMC Auto Cached Folders pages.
Important: If you hover the mouse over any part of the chart, a label appears displaying details
about the amount of data at that date and time.
present in the local cache, while Nasuni displays the full size, regardless of where the data
is.
Network
You can view network settings of Nasuni Edge Appliances.
The network address configuration is initially set during installation of the Nasuni Edge Appliance.
However, you can change network settings as required, with the Nasuni Edge Appliance user interface.
Important: Edge Appliances and the NMC must be configured with operational DNS servers and
a time server (internal or external) within your environment.
2. For the selected Nasuni Edge Appliance, in the Details column, click Group or NIC to open the
Network Details dialog box.
3. For the selected Nasuni Edge Appliance, in the Details column, click View Details link to open
the Firewall Settings dialog box.
Pending Updates
You can view pending updates to Nasuni Edge Appliances. You can acknowledge warnings about
pending updates.
Tip: If there are errors in adding cloud credentials, an error status shows for the “Add New
Credentials” item on the “Outstanding Settings Updates to Filers” page. You can
acknowledge the error, and try entering the credentials again. See “Adding or editing cloud
credentials” on page 400.
2. To acknowledge the message and remove the pending update from the list, click
Acknowledge. The pending update is removed from the list.
Alternatively, to exit the message without acknowledging the message or removing the pending
update, move the mouse away from the Status symbol. The message no longer appears.
Platform Settings
You can view the status and settings of Nasuni Edge Appliances running on virtual machines as well as
Nasuni Edge Appliance hardware appliance.
Tip: Nasuni monitors platform-specific limits on the number of supported concurrent
connections. When the number of concurrent connections reaches the “soft limit” for an
Edge Appliance, you receive a notification of how many connections remain, and a
suggestion to reduce the number of connections for that Edge Appliance, if possible. When
the number of concurrent connections reaches the “hard limit” for an Edge Appliance, you
receive a notification, and all new connections are denied for that Edge Appliance until the
number of connections decreases below the “hard limit” again.
N1050
N2040 3000 connections
5000 4000 connections
6000
The following information appears for each managed Nasuni Edge Appliance on a virtual
platform:
• Filer: The name of the Nasuni Edge Appliance.
• Platform: The virtual or hardware platform of the Nasuni Edge Appliance, such as Nutanix
AHV, Microsoft Hyper-V, VMware, or NF-200.
• CPU Model: The specific model of CPU.
• HW Serial (for Nasuni Edge Appliance hardware appliances only): The serial number of
the hardware appliance.
• BIOS Firmware (for Nasuni Edge Appliance hardware appliances only): The version
number of the BIOS firmware.
Tip: You can update the firmware of Nasuni Edge Appliance hardware appliances
using commands from the Service menu of the console for the Nasuni Edge
Appliance.
• BMC Firmware (for Nasuni Edge Appliance hardware appliances only): The version
number of the hardware appliance’s BMC (baseboard management controller) firmware.
Tip: You can update the firmware of Nasuni Edge Appliance hardware appliances
using commands from the Service menu of the console for the Nasuni Edge
Appliance.
Note: When you update the iDRAC (BMC) firmware, the old iDRAC (BMC) version
might still be displayed on the Nasuni Console, on the Edge Appliance UI, and
on the NMC. It is possible, but not necessary, to force the correct version to
display by rebooting the Edge Appliance. The iDRAC UI always shows the
correct version.
• CPU: The CPU frequency in GHz.
• sockets: The number of CPU sockets.
• cores: The number of CPU processors.
• Memory: The amount of available RAM in GiB.
Note: Nasuni Edge Appliances and the NMC display the size of data in base 10 units
(including MB = 1,000,000 bytes, GB = 1,000,000,000 bytes, and TB =
1,000,000,000,000 bytes).
In contrast, some platforms display the size of data in base 2 units (including MB =
1,048,576 bytes, GB = 1,073,741,824 bytes, and TB = 1,099,511,627,776 bytes).
For example, a file that Nasuni displays as 10 MB would be displayed by some
platforms as 9.53 MB.
• Cache: The size of the local cache.
Note: Nasuni’s display of size might differ from other indications of size, such as
Windows Explorer and other utilities. Typically, such utilities display only the size of
the data currently present in the local cache, while Nasuni displays the full size,
regardless of where the data is.
• Sensors (for Nasuni Edge Appliance hardware appliances only): Sensor information for the
platform.
• Power Supplies: The status of the power supplies. If the status is Alert, you should
investigate the situation.
• Ambient Temp (for Nasuni Edge Appliance hardware appliances only): The ambient
temperature in Celsius and Fahrenheit.
• Exhaust Temp (for Nasuni Edge Appliance hardware appliances only): The exhaust
temperature in Celsius and Fahrenheit.
• Inlet Temp (for Nasuni Edge Appliance hardware appliances only): The inlet temperature
in Celsius and Fahrenheit.
• RAID (for Nasuni Edge Appliance hardware appliances only): RAID information for Nasuni
Edge Appliance hardware appliances only.
• Battery: Status of the battery for the RAID array. If the status is Alert, you should
investigate the situation.
• Arrays: Number of RAID arrays and status of the RAID arrays. If the status is Alert, you
should investigate the situation.
• Disks: Number of disks and status of the disks. If the status is Alert, you should
investigate the situation.
If you click the Disks display, the Raid Disks dialog box displays all the disks in the
RAID array, with the status of each disk.
Security Settings
You can view security settings for Nasuni Edge Appliances.
The Security mode controls who can access CIFS files and folders that the Nasuni Edge Appliance is
managing.
The following security modes are available:
• Publicly Available: (Default) The Publicly Available mode gives access to CIFS shares to all
network users. You can configure write access and specific client access.
• Active Directory: Active Directory provides a connection to an existing Windows Active
Directory server, so you can control CIFS share access based on the users and groups that an
Active Directory server manages.
Important: It is not supported for users in the Active Directory Protected Users security
group to log in to the NMC.
Important: You cannot use Active Directory passwords longer than 127 characters to log in
to the NMC.
Note: Limits on domains, groups, users, objects, and other items are the same as the limits
of Active Directory. See Active Directory Maximum Limits - Scalability for details.
• LDAP Directory Services: LDAP Directory Services provides authentication using LDAP
domains and Kerberos security.
Important: You cannot enable both Active Directory and LDAP Directory Services for a Nasuni
Edge Appliance.
Tip: For detailed procedures for LDAP with Apple OpenDirectory, Oracle Enterprise Directory
Server (Oracle DS), and FreeIPA, see the LDAP Best Practices Guide.
See Worksheet for a worksheet for planning configurations.
• Security Mode: The security mode of the Nasuni Edge Appliance: Active Directory, LDAP
Directory Services, Publicly Available, or Unknown.
• Source Domains (Active Directory or LDAP Directory Services only): The source domains
for Active Directory or LDAP Directory Services.
• NT Name (Active Directory only): The NT Name of the Active Directory domain.
• Enabled (Active Directory only): Whether the Active Directory domain is enabled: Yes (is
enabled) or No (is not enabled).
• Provider (LDAP Directory Services only): The Directory Services Provider that matches
your LDAP and Kerberos servers, such as FreeIPA, Generic LDAP/Kerberos, or Apple
OpenDirectory.
• LDAP Servers (LDAP Directory Services only): The IP addresses or hostnames of the
LDAP servers for the Nasuni Edge Appliance to connect to.
• KDCs (LDAP Directory Services only): The IP addresses or hostnames of the Kerberos
Key Distribution Center (KDC) servers for the Nasuni Edge Appliance to connect to.
• Currently joined: Whether the Nasuni Edge Appliance is currently joined to the Active
Directory or LDAP Directory Services primary domain: Yes (is joined) or No (is not joined).
• Expires: The date and time that the shared link expires on. You can change this using Web
Access.
• Writable: For a directory, indicates whether the shared link permits writing data to the
directory: Yes or No. You can change this by editing the CIFS share.
• Password Protected: Indicates whether a password must be entered to use the shared
link: Yes or No. You can change this by editing the CIFS share.
• Username: The username for Web Access.
• Links: If Shared Link Global User is enabled, a link to the shared link is available.
• Shut down immediately: (Default) Shuts down the Nasuni Edge Appliance without
performing a snapshot. Data that has not already been captured by a snapshot is not
protected in cloud storage. However, data in the cache is not lost. A message notifies you
that the system is shutting down. If you change your mind, you have 60 seconds to cancel
the shutdown.
Tip: On the Microsoft Azure virtual platform, virtual machines that have been shut down
continue to incur compute charges. To avoid these charges, use the Azure
Management Portal at
https://portal.azure.com/ to stop or delete the virtual machines.
• Reboot immediately: Reboots the Nasuni Edge Appliance without performing a snapshot.
5. Click Update. The selected Nasuni Edge Appliances shut down or reboot, as specified.
Alternatively, to exit the dialog box without shutdown or reboot, click Close.
Software Updates
You can view the currently available Nasuni Edge Appliance software updates, and update the
software.
When a newer version of the Nasuni Edge Appliance software is available for installation, you can
update the software from the Nasuni Management Console. When you update your software, your
Nasuni Edge Appliance is updated to the newer version.
Warning: Do not attempt to restore from a virtual machine snapshot or backup.
Important: The version of the Nasuni Management Console must support the version of the
Nasuni Edge Appliance that the Nasuni Management Console is to manage. If a
Nasuni Edge Appliance is joined to a Nasuni Management Console, update the
Nasuni Management Console software before updating the Nasuni Edge Appliance
software.
For details, see “NMC version” on page 62.
Caution: Updating the software disconnects all users currently using the Nasuni Edge
Appliance. The system can take several minutes to reboot. The time to reboot can be
longer if one-time upgrade operations are necessary.
Note: Nasuni does not recommend applying software updates during your normal business
hours, because this can disrupt access. Apply software updates at night or on weekends.
Tip: If updating the Edge Appliance software from a version before 9.0 to version 9.0 and later,
for NFS volumes and multiprotocol (CIFS and NFS) volumes that are using the Advanced
mode of Global File Lock, change the mode of Global File Lock before performing the
update. NFS volumes and multiprotocol (CIFS and NFS) volumes do not support the
Advanced mode of Global File Lock for version 9.0 and later.
Tip: Review the release notes of all releases between your current release and the most recent
release. See “Viewing the Nasuni Management Console Release Notes” on page 58 for
details. You can also view Release Notes.
Tip: You can configure the Nasuni Edge Appliance to apply updates automatically. For details,
see “Automatic Software Updates” on page 284.
The following information appears for each Nasuni Edge Appliance in the list:
• Description: The description of the Nasuni Edge Appliance. You can change the
description, as detailed in “Nasuni Edge Appliance Description” on page 296.
• Current Version: The current version of the software running on the Nasuni Edge Appliance.
If an update is available, the label “Update Available” appears.
• Available Version: The highest currently available version of the Nasuni Edge Appliance
software. If the highest currently available version of the Nasuni Edge Appliance software is
already running on the Nasuni Edge Appliance, the label “No updates available” appears.
2. To force a check for available software updates, click Check for Updates. A check for updates
is done for all Nasuni Edge Appliances in the list.
System Alerts
Edit
You can configure Nasuni Edge Appliances to issue alerts for the following conditions:
• Snapshots do not occur for more than a specified time.
• For Edge Appliances before version 8.8: CPU usage exceeds a specified threshold for more
than a specified time.
Note: For Edge Appliances at version 8.8 or later, CPU status is part of “Health Monitor” on
page 280.
• For Edge Appliances before version 8.8: Memory usage exceeds a specified threshold for more
than a specified time.
Note: For Edge Appliances at version 8.8 or later, memory status is part of “Health Monitor”
on page 280.
To view charts of CPU activity and memory usage, see “CPU Activity” on page 277 and “Memory
Usage” on page 277.
To configure alerts, follow these steps:
1. Click Filers, then select System Alerts from the list on the left-hand side. The Filer System
Alerts page displays a list of managed Nasuni Edge Appliances.
• (For Edge Appliances before version 8.8) Threshold: For CPU Alerts and Memory Usage
Alerts, the threshold for the alert.
Note: For Edge Appliances at version 8.8 or later, CPU status and memory status are part
of “Health Monitor” on page 280.
• Duration: The duration of the alert condition.
2. On the Filer System Alerts page, select the Nasuni Edge Appliances in the list whose alerts you
want to configure.
3. Click Edit Items. The System Alerts dialog box appears.
Figure 12-99: System Alerts dialog box (for Edge Appliances before version 8.8).
4. To copy the System Alerts settings from a Nasuni Edge Appliance, select the Nasuni Edge
Appliance from the Copy Settings drop-down list. The System Alerts settings of the selected
Nasuni Edge Appliance appear in the dialog box.
5. To set a snapshot alert, set the Enabled switch to On. Enter a Duration, in days. The alarm is
issued if the volume has no snapshots for the specified Duration.
6. (For Edge Appliances before version 8.8) To set a CPU usage alert, set the Enabled switch to
On. Enter a Threshold as a percentage of CPU usage. Enter a Duration, in minutes. The alarm
is issued if the CPU usage exceeds the specified Threshold for the specified Duration.
7. (For Edge Appliances before version 8.8) To set a memory usage alert, set the Enabled switch to
On. Enter a Threshold as a percentage of memory usage. Enter a Duration, in minutes. The
alarm is issued if the memory usage exceeds the specified Threshold for the specified Duration.
8. Click Save Alerts.
SSL Certificates
You can view information about SSL certificates.
By default, the Nasuni Edge Appliance is preloaded with a self-signed SSL certificate that is unique to
the Nasuni Edge Appliance.
You can also use other SSL certificates to manage the Nasuni Edge Appliance.
Tip: For managing SSL certificates for Nasuni Edge Appliances, you must use the Nasuni Edge
Appliance UI. For details, see the “SSL Server and Client Certificates” section of the
Configuration Page chapter of the Edge Appliance Administration Guide for instructions on
how to perform these tasks:
• View SSL CA-signed server certificates or self-signed server certificates.
• Generate SSL CA-signed server certificates and self-signed server certificates.
• Copy existing SSL server certificates.
• Upload SSL server certificates.
• Replace SSL server certificates and SSL server certificate chains.
• Set SSL server certificates.
• Download or save an SSL server certificate.
• Delete SSL server certificates or certificate requests.
• Reset an SSL certificate.
• View SSL client certificates.
• Upload SSL client certificates.
• Delete SSL client certificates.
Note: If something ever goes wrong with the certificates and you are unable to access the
Nasuni Edge Appliance user interface, use the service menu console on your hardware
appliance or virtual machine to enter the resetguicert command to reset the certificate
to the default self-signed certificate.
Account Status
On the Account Status page, you can view account information and refresh the license.
You can also view serial numbers and authorization codes for Nasuni Edge Appliances.
You can also view, configure, change, and delete cloud credentials for Nasuni Edge Appliances.
Refreshing license
Licenses automatically refresh every 24 hours. However, you can manually refresh the license by
clicking Refresh License.
The message “Successfully updated license.” appears. Click the x to close this message box.
Cloud Credentials
Nasuni enables customers to execute a multi-cloud IT strategy and select the most appropriate object
storage for their business by offering support for the leading private and public cloud (aka BYOC)
storage platforms, including Amazon Simple Storage Service (Amazon S3), Dell EMC Elastic Cloud
Storage (ECS), Google Cloud Storage, Hitachi Content Platform (HCP), IBM Cloud Object Storage, and
Microsoft Azure Storage.
Cloud credentials define the connection between the Nasuni Edge Appliance and the cloud storage
provider. They generally consist of the location of the cloud storage provider, as well as access keys
and identification.
Important: You must create and maintain your own cloud storage account. Nasuni does not
have access to your cloud storage account.
Tip: In the Nasuni model, customers provide their own cloud accounts for the storage of their
data. Customers should leverage their cloud provider's role-based access and identity
access management features as part of their overall security strategy. Such features can be
used to limit or prohibit administrative access to the cloud account, based on customer
policies.
Tip: You must configure cloud credentials before adding a volume that uses those cloud
credentials.
Tip: If you have a requirement to change Cloud Credentials on a regular basis, use the following
procedure, preferably outside office hours:
• Obtain new credentials. Credentials typically consist of a pair of values, such as Access
Key ID and Secret Access Key, Account Name and Primary Access Key, or User and
Secret.
• On the Cloud Credentials page, edit the cloud credentials to use the new credentials.
• The change in cloud credentials is registered on the next snapshot that contains
unprotected data.
Manually performing a snapshot also causes the change in cloud credentials to be
registered, even if there is no unprotected data for the volume.
• After each Edge Appliance has performed such a snapshot, the original credentials can
be retired with the cloud provider.
Warning: Do not retire the original credentials with the cloud provider until you
are certain that they are no longer necessary. Otherwise, data might
become unavailable.
3. A page appropriate to your selected platform appears. We show the page for Hitachi Content
Platform (HCP) cloud credentials as an example only.
For Amazon Simple Storage Service (Amazon S3), credentials include the following:
Tip: For Amazon S3 GovCloud, see next section below.
• Name: A name for this set of credentials, which is used for display purposes.
• Access Key ID: The Amazon S3 Access Key ID for this set of credentials.
• Secret Access Key: The Amazon S3 Secret Access Key for this set of credentials.
• Hostname: The hostname for the location of the cloud service provider. Use the default
setting: s3.amazonaws.com
For the following regions, use the specified hostnames:
Location Code Hostname
Africa (Cape Town) af-south-1 s3.af-south-1.amazonaws.com
Asia Pacific (Hong Kong) ap-east-1 s3.ap-east-1.amazonaws.com
Europe (Milan) eu-south-1 s3.eu-south-1.amazonaws.com
Middle East (Bahrain) me-south-1 s3.me-south-1.amazonaws.com
Tip: To use one of these regions, ensure that the region is enabled in the customer
Amazon S3 account. For details, see Setting permissions to enable accounts for
upcoming AWS Regions.
• Verify SSL Certificates: For self-signed certificates, certificates generated with a private
root CA, or a default certificate: Off. For fully valid SSL certificate: On.
• Notes: Optional information to save.
For Dell EMC Elastic Cloud Storage (ECS), credentials include the following:
• Name: A name for this set of credentials, which is used for display purposes.
• Access Key ID: The user name recognized by the Dell EMC Elastic Cloud Storage (ECS)
system for this set of credentials.
• Secret Access Key: The object data store key from the Dell EMC Elastic Cloud Storage
(ECS) UI for this set of credentials.
• Hostname: The hostname for the location of the cloud service provider.
Path-Based Addressing should be used with ViPR/ECS. If using a namespace, add it to the
end of the path: vipr1.yourco.com/mynamespace
• Verify SSL Certificates: For self-signed certificates, certificates generated with a private
root CA, or a default certificate: Off. For fully valid SSL certificate: On.
• Notes: Optional information to save.
5. For all types of credentials, select the Nasuni Edge Appliances that you want the credentials to
be available on.
6. Click Save Credentials.
The credentials are saved under the provided name. You can now use these credentials to add new
volumes on the customer-provided cloud providers.
If there are any errors in adding the credentials, an error status shows for the “Add New Credentials”
item on the “Outstanding Settings Updates to Filers” page. See “Pending Updates” on page 376.
You can acknowledge the error, and try entering the credentials again.
At this point, you can begin adding volumes to the Nasuni Edge Appliance. Volume creation, volume
connection and credentials verification can each take up to 2 minutes.
2. To copy cloud credentials, click Copy for the set of credentials to copy. The "Copy
Credentials" dialog box appears. (We show the page for Google Cloud Storage for illustration
purposes.)
Serial Numbers
On the Serial Numbers page, you can view and obtain the serial numbers associated with your Nasuni
account for Nasuni Edge Appliances and the NMC. You need serial numbers and authorization codes
to install or recover Nasuni Edge Appliances.
On the Console Settings page, you can view an overview of the configuration of the Nasuni
Management Console.
From the Console Settings page, you can also perform the following actions:
• Schedule automatic updates of the Nasuni Management Console software.
• Change the description of the Nasuni Management Console.
• Configure email settings for Nasuni Edge Appliances and the Nasuni Management Console.
• Configure SNMP settings for the Nasuni Management Console.
• Configure console syslog export settings for the Nasuni Management Console.
• Configure time servers for the Nasuni Management Console.
• Configure Directory Services for Active Directory and LDAP Directory Services.
• Manage encryption keys.
• Manage NMC API access keys.
• Review SSL certificates for the Nasuni Management Console.
• Manage users and groups for the Nasuni Management Console.
• Configure the firewall for the Nasuni Management Console.
• Configure network settings for the Nasuni Management Console.
• Configure proxy server settings for the Nasuni Management Console.
• Update the Nasuni Management Console software.
• Configure remote support settings for the Nasuni Management Console.
• Send diagnostic information to Nasuni Technical Support about the Nasuni Management
Console.
Description
You can view and change the description of the Nasuni Management Console on the Console
Description page.
You can change the name of the Nasuni Management Console from the name assigned when you
installed it. The name can be up to 255 characters in length.
Caution: Avoid using characters that systems, such as Active Directory, specify as disallowed,
including period (.), backslash (\), forward slash (/), colon (:), asterisk (*), question mark
(?), quotation mark ("), less than sign (<), greater than sign (>), and vertical bar (|). Errors
can occur for a Nasuni Management Console whose name includes such characters.
For example, it might not be possible to configure the Nasuni Management Console for
Active Directory access.
Viewing description
To view description, follow these steps:
1. Click Console Settings, then click Description in the left-hand column. The Console
Description page displays the description of the Nasuni Management Console.
Email Settings
You can configure email alerts, which are sent to your email account from the Nasuni Management
Console. Email configurations apply to Nasuni Edge Appliances under the control of the Nasuni
Management Console. The alert messages you receive can also be viewed on the Notifications page.
To select which alerts to receive, see “Adding Permission Groups” on page 480.
Note: Nasuni Edge Appliances managed by the NMC send emails using this configuration.
Emails are sent by the NMC. No emails are sent directly by managed Nasuni Edge
Appliances.
To configure email settings:
1. Click Console Settings, then select Email Settings in the left-hand column. The Filer &
Console Email Settings page appears.
3. To send a test email with these settings when you click Save Settings, select the Test Settings
check box.
4. Enter a source email address in the From name text box. You can use this source email
address to filter emails or ensure that it does not go into a spam folder.
5. In the Test Email Recipient text box, enter a destination email address, to which to send alerts.
6. Specify the SMTP server in the SMTP server text box. For example, mail.mycompany.net.
When sending an email alert, Nasuni logs into the specified SMTP server using the specified
credentials and sends the email from the source email address.
7. Specify the SMTP port number in the SMTP port text box. If you do not specify a value, the
default port 25 is used.
8. Optionally, enter a login name (for example, an email account) in the Login text box (case-
sensitive) if your email server requires it. For example, name@mycompany.com. Optionally,
enter a password (case-sensitive) in the Password text box if your email server requires it.
9. If you require TLS security, select the Require TLS check box.
If this check box is selected, and the email server does not support TLS security, the Nasuni
Edge Appliance does not use the server.
If the check box is not selected, TLS security is still used by default if the email server supports
it.
10. To test your settings and then save your settings, click Save Settings. If Test Settings is
selected, a test message is sent to the specified email address for confirmation purposes.
SNMP Monitoring
You can configure SNMP monitoring of the Nasuni Management Console.
The Nasuni Edge Appliance supports monitoring via the Simple Network Management Protocol (SNMP)
v1, v2c, and v3. The Nasuni Edge Appliance exposes the standard SNMPv1 MIB (management
information base), as well as the NASUNI-FILER-MIB, SNMPv2-MIB, HOST-RESOURCES-MIB, UCD-
SNMP-MIB, UCD-DISKIO-MIB, and IF-MIB. Both 32-bit and 64-bit SNMP network counters are
supported. Each of the displayed MIBs is a link. If you click a link, a page with that MIB information
appears.
As the SNMP agent, Nasuni receives requests on UDP port 161 from the third-party SNMP manager
that is used for system monitoring. Nasuni sends agent responses back to the source port on the third-
party SNMP manager. The third-party SNMP manager receives notifications (including Traps and
InformRequests) on SNMP destination port 162. You cannot change port 161 or port 162.
Note: Nasuni automatically provides the EngineID value.
2. To enable SNMP v1,v2c monitoring, click Enable v1,v2c Support. Selecting On enables SNMP
v1,v2c monitoring. Selecting Off disables SNMP monitoring.
If you enable SNMP v1,v2c monitoring, in the Community Name text box, enter the SNMP
community name for the Nasuni Management Console. The default community name is
public. Changing the community name from the default improves security.
3. To enable SNMP v3 monitoring, click Enable v3 Support. Selecting On enables SNMP v3
monitoring. Selecting Off disables SNMP monitoring.
If you enable SNMP v3 monitoring, enter a Username and Password for SNMP v3
authorization.
4. If you enable SNMP monitoring, in the System Location text box, enter the physical location of
the Nasuni Management Console.
5. If you enable SNMP monitoring, in the System Contact text box, enter the contact information
of the person responsible for SNMP monitoring for the Nasuni Management Console.
6. Click Save SNMP Settings. The SNMP settings are changed.
Syslog Export
Syslog Export enables you to direct NMC console notifications to your syslog servers. Tools that work
with syslog can then process, store, and report on these messages. The syslog protocol is used to
convey event notification messages. It also provides a message format that allows vendor-specific
extensions to be provided in a structured way. Syslog Export supports UDP protocol. For more details,
see “Syslog Export” on page 336.
Tip: Because each Edge Appliance sends syslog messages directly to the specified syslog
servers, ensure that the appropriate port is open between each Edge Appliance and the
syslog servers. This is usually UDP port 514.
A standard syslog message (based on the RFC 5424 specification) uses the following format:
<PRIORITY>VERSION TIMESTAMP HOSTNAME APPLICATION
PROCID MESSAGEID [STRUCTURED_DATA] MESSAGE
where:
Structured Data Structured Data Elements (Not currently used. A ‘-’ appears instead.)
Unique data elements consisting of well-known
key-value pairs within a set of brackets.
Time Configuration
Important: Edge Appliances and the NMC must be configured with operational DNS servers and
a time server (internal or external) within your environment.
You can set the time zone and time server for the Nasuni Management Console, which are necessary
for notifications and file sharing purposes. The time zone setting you select should be for the region
where the Nasuni Management Console is located. For example, use “US/Eastern” if you are located in
the eastern part of the United States.
Directory Services
The Nasuni Management Console supports Directory Services using either Active Directory or LDAP
(Lightweight Directory Access Protocol) with Kerberos for authentication.
Tip: For Nasuni recommendations for volume configuration, see “Volume Configuration” on
page 534.
Important: You cannot enable both Active Directory and LDAP Directory Services for a Nasuni
Edge Appliance.
Caution: Edge Appliances joined to LDAP cannot share volumes with Edge Appliances joined to
Active Directory. Similarly, Edge Appliances joined to Active Directory cannot share
volumes with Edge Appliances joined to LDAP. If you want Edge Appliances to share
volumes, ensure that they are joined to the same directory service.
Important: To connect an Edge Appliance to a shared volume owned by another Edge
Appliance, the following must be true:
• The Edge Appliance must join the same domain as the owning Edge Appliance.
• The domain configuration for the Edge Appliance must match the domain
configuration for the owning Edge Appliance.
Tip: You can configure users and groups so that users have access to data even if domain
connectivity fails. For details, see Appendix E, “Ensuring user access to data if domain
connection lost,” on page 515.
You can associate an Active Directory or LDAP Directory Services domain group with a permission
group. This enables you to log in using Active Directory or LDAP Directory Services credentials. See
“Adding Permission Groups” on page 480.
See Worksheet for a worksheet for planning configurations.
• Request Nasuni Support to configure the Edge Appliance for Active Directory Unix
Extensions (RFC 2307).
The Nasuni Edge Appliance can join one Windows Active Directory domain server and access its users
and groups. These users and groups can only be edited through Active Directory tools.
Note: Limits on domains, groups, users, objects, and other items are the same as the limits of
Active Directory. See Active Directory Maximum Limits - Scalability for details.
Important: If joining an Active Directory domain, members of the Active Directory "Protected
Users" security group cannot be used to join the domain. This is due to the login
restrictions for members of that security group. Nasuni recommends using a Domain
Admin account that is not a part of the “Protected Users” group to join Active
Directory.
The Nasuni Management Console joins one domain, called the primary domain. If the client’s
environment has valid, active trust relationships between the primary domain and other domains, the
Nasuni Management Console attempts to discover those domains automatically. You can then select
which of the non-primary domains to allow to access the Nasuni Management Console.
Important: You cannot use Active Directory passwords longer than 127 characters to log in to
the NMC.
The Nasuni Management Console offers support for trusted domains of multiple Active Directory
servers. This can simplify enabling access and permissions for users and groups within trusted
domains. To use trusted domains of multiple Active Directory servers, you must establish the correct
trust relationships among your Active Directory servers.
There are two aspects to trusted domain support: authentication and sharing. The authentication
aspect allows a user to access a Nasuni Management Console's resources in a different domain. The
sharing aspect enables systems in different domains to access the same data.
Tip: You can configure users and groups so that users have access to data even if domain
connectivity fails. For details, see Appendix E, “Ensuring user access to data if domain
connection lost,” on page 515.
Note: The Nasuni Management Console requires the use of Kerberos for secure authentication,
and does not support storing passwords in LDAP.
Caution: Edge Appliances joined to LDAP cannot share volumes with Edge Appliances joined to
Active Directory. Similarly, Edge Appliances joined to Active Directory cannot share
volumes with Edge Appliances joined to LDAP. If you want Edge Appliances to share
volumes, ensure that they are joined to the same directory service.
Important: You cannot enable both Active Directory and LDAP Directory Services for a Nasuni
Edge Appliance.
Tip: You can configure users and groups so that users have access to data even if domain
connectivity fails. For details, see Appendix E, “Ensuring user access to data if domain
connection lost,” on page 515.
Important: You cannot enable both Active Directory and LDAP Directory Services for a Nasuni
Edge Appliance.
Caution: Edge Appliances joined to LDAP cannot share volumes with Edge Appliances joined to
Active Directory. Similarly, Edge Appliances joined to Active Directory cannot share
volumes with Edge Appliances joined to LDAP. If you want Edge Appliances to share
volumes, ensure that they are joined to the same directory service.
Important: If joining an Active Directory domain, members of the Active Directory "Protected
Users" security group cannot be used to join the domain. This is due to the login
restrictions for members of that security group. Nasuni recommends using a Domain
Admin account that is not a part of the “Protected Users” group to join Active
Directory.
Important: To connect an Edge Appliance to a shared volume owned by another Edge
Appliance, the following must be true:
• The Edge Appliance must join the same domain as the owning Edge Appliance.
• The domain configuration for the Edge Appliance must match the domain
configuration for the owning Edge Appliance.
Tip: You can configure users and groups so that users have access to data even if domain
connectivity fails. For details, see Appendix E, “Ensuring user access to data if domain
connection lost,” on page 515.
If the Nasuni Management Console has not previously joined any Active Directory domain or LDAP
Directory Services domain before, follow these steps:
1. Click Console Settings, then select Directory Services from the list. On the Console
Directory Services page, the Type should be Disabled, and the Connection Status should be
DISABLED.
Caution: Avoid using characters in the description (or name) that systems, such as Active
Directory, specify as disallowed, including period (.), backslash (\), forward slash (/),
colon (:), asterisk (*), question mark (?), quotation mark ("), less than sign (<), greater
than sign (>), and vertical bar (|). Errors can occur for a Nasuni Management
Console whose name includes such characters. For example, it might not be
possible to configure the Nasuni Management Console for Active Directory access.
Important: In order to link an Active Directory domain group to a permission group, the
“Group type” of the Active Directory domain group must be “Security”. If the
“Group type” of the Active Directory domain group is “Distribution”, users within
the Active Directory domain group are not able to log in.
Important: If joining an Active Directory domain, members of the Active Directory "Protected
Users" security group cannot be used to join the domain. This is due to the login
restrictions for members of that security group. Nasuni recommends using a
Domain Admin account that is not a part of the “Protected Users” group to join
Active Directory.
Note: Limits on domains, groups, users, objects, and other items are the same as the limits
of Active Directory. See Active Directory Maximum Limits - Scalability for details.
a. If joining a Read-Only Domain Controller (RODC), see “Considerations for a Read-Only
Domain Controller (RODC)” on page 436.
b. In the Domain text box, enter the fully qualified Active Directory domain name that you want
the Nasuni Management Console to join, in lower-case letters, such as,
subdomain.domain.com. The Nasuni Management Console joins this domain to
authenticate users from the Active Directory server.
c. Leave Auto Detect selected. If Auto Detect is selected, the wizard attempts to retrieve
pertinent information using DNS.
Note: For Auto Detect to work, the DNS must be configured to refer to directory service
settings.
If, after you click Continue (step j on page 429), the wizard is unsuccessful in automatically
detecting configuration information, deselect Auto Detect. The Directory Service Type
drop-down list becomes available.
d. To automatically alter the system’s hostname so that it is part of the domain to be joined,
select Alter System Hostname. For example, if joining a Nasuni Management Console (such
as nmc) to a domain (such as domain.com), Nasuni recommends using the fully qualified
domain name with the hostname to form the new hostname (such as nmc.domain.com).
Alternatively, if you know that the hostname is correct for this domain, deselect Alter System
Hostname.
e. If Auto Detect is deselected, the Directory Service Type drop-down list becomes available.
From the drop-down list, select Active Directory.
f. (Optional) In the Workgroup text box, enter a local Windows NT-compatible workgroup
name (15 characters maximum) in which the Nasuni Management Console can be accessed.
To use the default workgroup for the domain, leave this field blank. Some domains need this
value if the name cannot be automatically determined.
Tip: This value cannot be changed after the Nasuni Management Console joins the
domain.
g. (Optional) In the Domain Controller text box, enter the fully qualified domain name of the
primary domain controller. For example, DomainControllerName.domain.com.
Entering a Domain Controller name forces the Nasuni Management Console to use only
that domain controller. However, leaving the Domain Controller text box blank causes the
Nasuni Management Console to use the primary domain controller on the join, and also
allows for domain controller failover. Unless you want only one specific domain controller to
be used, leave the Domain Controller text box blank.
In particular, if you want support for trusted domains of multiple Active Directory servers,
leave the Domain Controller text box blank.
h. (Optional) In the Computer OU text box, enter a domain organization unit in which the Nasuni
Management Console is placed. The computer’s container is the default location. If you leave
this value blank, the Nasuni Management Console is placed in a default location.
Tip: This value cannot be changed after the Nasuni Management Console joins the
domain.
i. (Optional) To use Network Time Protocol (NTP) services provided by domain controllers,
select NTP from Domain Controllers. If no NTP services are available from domain
controllers, the current NTP server is used. See “Time Configuration” on page 422.
Tip: This value cannot be changed after the Nasuni Management Console joins the
domain.
j. Click Continue. The wizard attempts to look up domain information in the DNS. If successful,
the wizard returns to this page, enters the information found, and deselects Auto Detect. You
can then enter or change any information.
k. If the message appears that Auto Detect was successful, verify any values that Auto Detect
added, deselect Auto Detect if still selected, then click Continue.
l. The Confirm/Authenticate Directory Service dialog box appears.
Enter the user name and password of a user who is authorized to join this Nasuni
Management Console to the specified domain. Click Submit.
m. The wizard attempts to configure for the specified domain. If successful, the Enable
Domains tab is selected.
o. The wizard attempts to complete the configuration. If successful, the Console Directory
Services page appears.
3. Alternatively, to join an LDAP Directory Services domain, follow the procedure below.
Tip: LDAP Directory Services must be enabled in the client license before joining an LDAP
domain. Active Directory is enabled by default.
Important: You cannot enable both Active Directory and LDAP Directory Services for a
Nasuni Edge Appliance.
Tip: For detailed procedures for LDAP with Apple OpenDirectory, Oracle Enterprise Directory
Server (Oracle DS), and FreeIPA, see the LDAP Best Practices Guide.
Important: Before configuring LDAP Directory Services, ensure that SSL client certificates
have been uploaded. See “Uploading SSL Certificates” on page 463.
Important: We recommend the use of indexes for uidNumber and gidNumber attributes. If
your LDAP Directory Server can look up records based on uidNumber and
gidNumber quickly without an index, this is also sufficient.
a. In the Domain text box, enter the fully qualified LDAP Directory Services domain name that
you want the Nasuni Management Console to join, in lower-case letters, such as,
subdomain.domain.com. The Nasuni Management Console joins this domain to
authenticate users from the LDAP Directory Services server.
b. Leave Auto Detect selected. If Auto Detect is selected, the wizard attempts to retrieve
pertinent information using DNS. If the wizard detects an LDAP Directory Services domain, it
also tries to detect the type of domain (FreeIPA, Apple Open Directory, or Generic).
Note: For Auto Detect to work, the DNS must be configured to refer to directory service
settings.
If, after clicking Continue (step g on page 434), the wizard is unsuccessful in automatically
detecting configuration information, deselect Auto Detect. The Directory Service Type
drop-down list becomes available.
c. To automatically alter the system’s hostname so that it is part of the domain to be joined,
select Alter System Hostname. For example, if joining a Nasuni Management Console (such
as nmc) to a domain (such as domain.com), Nasuni recommends using the fully qualified
domain name with the hostname to form the new hostname (such as nmc.domain.com).
Alternatively, if you know that the hostname is correct for this domain, deselect Alter System
Hostname.
d. If Auto Detect is deselected, the Directory Service Type drop-down list becomes available.
From the drop-down list, select LDAP Directory Services.
e. If the directory services provider has not already been selected, from the Directory Services
Provider drop-down list, select the provider that matches your LDAP and Kerberos servers.
Options include FreeIPA, Generic LDAP/Kerberos, and Apple OpenDirectory. By
selecting the appropriate provider, the wizard selects various connection parameters. The
following steps detail the Generic LDAP/Kerberos option where the wizard does not
assume any connection settings.
Note: Some of the following fields are optional, depending on the choice of Directory
Services Provider.
i. In the LDAP Servers text box, enter a list of the IP addresses or hostnames of the LDAP
servers for the Nasuni Management Console to connect to, separated by commas. Use
lower-case letters.
To use DNS to retrieve information, leave this text box blank.
ii. In the Kerberos KDC Servers text box, enter a list of the IP addresses or hostnames of
the Kerberos Key Distribution Center (KDC) servers for the Nasuni Management Console
to connect to, separated by commas. Use lower-case letters.
To use DNS to retrieve information, leave this text box blank.
iii. From the LDAP ID Schema drop-down list, select the LDAP ID schema to use: RFC2307
or RFC2307bis.
iv. In the LDAP User Search Base text box, enter an LDAP DN (distinguished name) that
indicates a subtree that contains users.
v. In the LDAP Group Search Base text box, enter an LDAP DN (distinguished name) that
indicates a subtree that contains groups.
vi. In the LDAP User Name Attribute text box, enter the LDAP user name attribute.
vii. In the LDAP Group Name Attribute text box, enter the LDAP group name attribute.
viii. In the LDAP Netgroup Search Base text box, enter an LDAP DN (distinguished name)
that indicates a subtree that contains netgroups.
ix. In the LDAP Bind DN text box, enter an LDAP DN (distinguished name) to use instead of
an anonymous bind.
x. In the LDAP Bind Password text box, enter a password to use to bind with DN.
xi. In the Minimum Supported ID text box, enter the minimum user or group ID to map to
the Nasuni Management Console.
To have Auto Detect find this, leave blank.
xii. In the Maximum Supported ID text box, enter the maximum user or group ID to map to
the Nasuni Management Console.
To have Auto Detect find this, leave blank.
xiii. Click Continue. The wizard attempts to look up domain information in DNS. If successful,
the wizard returns to this page, enters the information found, and deselects Auto Detect.
You can then enter or change any information.
j. From the Keytab Source drop-down list, select the source of the Kerberos keytab for the
Nasuni Management Console from the following choices:
• If you select a server, enter the Username, Password, and Repeat Password, then
click Continue.
• If you select to upload a keytab file, click Browse to navigate to the file, then click
Continue.
Caution: The maximum length of a file name is 255 bytes.
In addition, the length of a path, including the file name, must be less than
4,000 bytes.
Since the UTF-8 representation of characters from some character sets can
occupy several bytes, the maximum number of characters that a file path or a
file name might contain can vary.
If a particular client has other limits, the smaller of the two limits applies.
k. The wizard checks the provided keytab information before proceeding to the Volume
Selection step. If the wizard is successful in obtaining the Kerberos keytab information, the
“Complete the Configuration” tab is selected.
Verify the configuration values, then click Continue.
l. The wizard attempts to complete the configuration. If successful, the Console Directory
Services page appears.
3. For LDAP Directory Services, the Console Directory Services page looks like this.
Figure 14-18: Console Directory Services page for LDAP Directory Services.
For LDAP Directory Services, information on this page includes the following:
• Type: Type of authentication, such as Publicly Available, Active Directory, and LDAP
Directory Services.
• Connection Status: The current status of the connection.
ENABLED indicates that the connection has been configured successfully.
DISABLED indicates that the connection has not been configured successfully.
HEALTHY indicates that the connection is successful.
UNHEALTHY indicates that the connection is not successful.
• Domain Settings: A list of domains appears, displaying the following information:
• Domain: The IP address or the hostname of the domain.
• Details: Details about the Directory Services entry, including the following:
• Provider: The Directory Services provider.
• LDAP Servers: The IP address or the hostname of the servers that service the
domain.
• KDCs: The IP address or the hostname of the Kerberos Key Distribution Centers
(KDC) that supply session tickets and temporary session keys.
• Status: The status of the domain: Enabled or Disabled.
• Keytab Contents: The contents of the keytab file used to authenticate to the KDC, including
the following information:
• Service Type: The service type and the IP address or the hostname of the host that is
offering it.
• Realm: The IP address or the hostname of the server hosting the application.
Tip: For detailed procedures for LDAP with Apple OpenDirectory, Oracle Enterprise Directory
Server (Oracle DS), and FreeIPA, see the LDAP Best Practices Guide.
Tip: You can configure users and groups so that users have access to data even if domain
connectivity fails. For details, see Appendix E, “Ensuring user access to data if domain
connection lost,” on page 515.
To edit settings for the LDAP Directory Services domain, follow these steps:
1. Click Console Settings, then select Directory Services from the list. The Console Directory
Services page appears.
Figure 14-19: Console Directory Services page for LDAP Directory Services.
2. For the domain whose information you want to edit, click Edit. The Edit Domain dialog box
appears.
letters.
To use DNS to retrieve information, leave this text box blank.
4. In the Kerberos KDC Servers text box, enter a list of the IP addresses or hostnames of the
Kerberos Key Distribution Center (KDC) servers for the Nasuni Management Console to connect
to, separated by commas. Use lower-case letters.
To use DNS to retrieve information, leave this text box blank.
5. Click Save. The information is applied to the selected domain.
Tip: For detailed procedures for LDAP with Apple OpenDirectory, Oracle Enterprise Directory
Server (Oracle DS), and FreeIPA, see the LDAP Best Practices Guide.
The Kerberos keytab file contains encryption keys associated with services (the service principal
names) located on servers hosting Kerberos-enabled protocols.
To update the keytab file, follow these steps:
1. Click Console Settings, then select Directory Services from the list. The Console Directory
Services page appears.
Figure 14-21: Console Directory Services page for LDAP Directory Services.
Tip: You can configure users and groups so that users have access to data even if domain
connectivity fails. For details, see Appendix E, “Ensuring user access to data if domain
connection lost,” on page 515.
To edit settings for an Active Directory domain, follow these steps:
1. Click Console Settings, then select Directory Services from the list. The Console Directory
Services page appears.
Tip: You can configure users and groups so that users have access to data even if domain
connectivity fails. For details, see Appendix E, “Ensuring user access to data if domain
connection lost,” on page 515.
To edit settings for Active Directory, follow these steps:
1. Click Console Settings, then select Directory Services from the list. The Console Directory
Services page appears.
Encryption Keys
You can view, upload, escrow, and delete encryption keys on the Console Settings Encryption Keys
page. The encryption keys that you upload to the Nasuni Management Console can then be sent to
Nasuni Edge Appliances to use with volumes. You can view, add, enable, and disable volume
encryption keys on the Volume Encryption Keys page. You can view, upload, send, escrow, and
delete encryption keys on the Filer Encryption Keys page.
The Nasuni Edge Appliance automatically encrypts your data at your premises using the OpenPGP
encryption protocol, with 256-bit Advanced Encryption Standard (AES-256) encryption as the default
encryption. The data remains encrypted in cloud storage.
You can generate your own encryption keys using any OpenPGP-compatible program, such as GnuPG
or Gpg4win. You can then add (import or upload) the encryption key to the Nasuni Management
Console. (For security reasons, encryption keys that you upload cannot be downloaded from the
system.) The encryption key is used to encrypt your data before it is sent to cloud storage and decrypt
data when it is read back. The Nasuni Edge Appliance accepts multiple encryption algorithms for
encryption keys.
Note: If an uploaded encryption key has an associated passphrase, that passphrase is removed
from the encryption key when it is uploaded. The Edge Appliance does not need the
passphrase in order to use the encryption key. However, if you do not escrow this
encryption key, if you ever perform a recovery procedure on the Edge Appliance, you must
provide that passphrase when you upload that encryption key during the recovery
procedure.
All data on a volume is encrypted using one or more OpenPGP-compatible encryption keys before
being sent to cloud storage. Volumes may be encrypted with one or more encryption keys, and
encryption keys may be used for any number of volumes.
There are several actions you can perform on encryption keys, including adding new encryption keys,
enabling or disabling encryption keys, escrowing encryption keys with Nasuni, and, under certain
circumstances, deleting encryption keys.
All uploaded encryption keys should be at least 2048 bits long.
Warning: Do NOT save encryption key files to a volume on a Nasuni Edge Appliance.
You will NOT be able to use these to recover data. This is NOT how to upload
encryption keys to a Nasuni Edge Appliance. To upload encryption keys to a
Nasuni Edge Appliance, use the Encryption Keys page.
At least one encryption key must be enabled for a volume, but several encryption keys can be enabled
at the same time. When multiple encryption keys are enabled, all of the encryption keys enabled at the
time are used to encrypt the data. Any of the encryption keys enabled at the time a piece of data is
encrypted can be used to later decrypt the data. Only the encryption keys enabled when the data was
written can decrypt that data. An encryption key that was enabled after the data was written cannot
decrypt any data that was written before that key was enabled.
There are several reasons you might want to disable an encryption key, such as, when someone with
access to the encryption key leaves the company, or if your enterprise has a policy of rotating
encryption keys periodically. When you disable an encryption key, no future data is encrypted with that
encryption key. However, all data previously encrypted by that disabled encryption key remains
encrypted by that disabled encryption key. For this reason, before you disable an encryption key, you
should consider establishing a snapshot retention policy that removes the data that was encrypted with
the disabled encryption key. Because volumes must have at least one encryption key associated with
them, in practice you add a new encryption key to a volume first, and then disable the existing
encryption key.
You can delete encryption keys, but only in the case where they are not being used by any volumes.
You cannot modify encryption keys stored on the system. For security reasons, encryption keys that
you upload cannot be downloaded from the system. You can only download encryption keys that the
Nasuni Edge Appliance has generated internally.
You can escrow your encryption keys with Nasuni (or a trusted third party), or store your own
encryption keys. Before you can escrow your encryption keys with Nasuni, you must create an escrow
passphrase, in case you need these escrowed encryption keys when you perform a recovery
procedure.
You can specify that you do not want Nasuni to generate any of your encryption keys. This ensures that
your data is encrypted only with encryption keys that you upload. If you specify this, you must upload
all the encryption keys used. Specifically, when creating a volume, you cannot select Create New Key
as the source of the volume encryption key. For security reasons, encryption keys that you upload
cannot be downloaded from the system. If you want to specify that Nasuni not generate encryption
keys, request Nasuni Support to disable key generation in your license.
Similarly, you can specify that you do not want Nasuni to escrow encryption keys. If you specify this,
you must manage your own encryption keys, because Nasuni does not manage them. If you specify
this, you can still have Nasuni generate encryption keys, and those generated encryption keys are still
automatically escrowed, because all generated encryption keys are automatically escrowed. If you
want to specify that Nasuni not escrow encryption keys, request Nasuni Support to disable key escrow
in your license.
To ensure that none of your encrypted keys is escrowed with Nasuni, you must specify both that
Nasuni not generate encryption keys and that Nasuni not escrow encryption keys.
Note: To add an encryption key to a volume, see “Adding encryption keys to a volume”.
bytes.
Since the UTF-8 representation of characters from some character sets can occupy
several bytes, the maximum number of characters that a file path or a file name
might contain can vary.
If a particular client has other limits, the smaller of the two limits applies.
3. If an encryption key passphrase is needed, enter the encryption key passphrase in the Key
Passphrase text box.
Note: If an uploaded encryption key has an associated passphrase, that passphrase is
removed from the encryption key when it is uploaded. The Edge Appliance does not
need the passphrase in order to use the encryption key. However, if you do not escrow
this encryption key, if you ever perform a recovery procedure on the Edge Appliance,
you must provide that passphrase when you upload that encryption key during the
recovery procedure.
4. Click Import Key. The encryption key is imported to the Nasuni Management Console.
Alternatively, to exit this screen without importing any encryption keys, click the Close button.
Important: Keep this NMC escrow passphrase in a secure place. You use the escrow
passphrase when performing a recovery procedure for the NMC.
Tip: If the escrow passphrase is lost, contact Nasuni Support and complete a lost passphrase
form. Nasuni provides a recovery key. The recovery key is not the escrow passphrase:
Nasuni does not know your escrow passphrase and cannot provide it.
Session Timeout
You can configure the session timeout, namely, the time of inactivity that must occur before the Nasuni
Management Console requires you to log in again. The default is 60 minutes.
SSL Certificates
You can view, generate, upload, copy, replace, and delete SSL certificates.
You can view the SSL certificates or self-signed certificate that you can use when accessing the Nasuni
Management Console user interface.
You can also create a new SSL certificate, by generating a new Certificate Request to submit to a
Certificate Authority (CA) for signing. When you receive the signed SSL certificate from the CA, you can
associate the SSL certificate (and optional certificate chain) with the request. After this is done, you can
use that new SSL certificate to manage the Nasuni Management Console.
2. To view details of an existing SSL certificate, click View Details. The Certificate Details box
appears.
15. Click Save Certificate. The certificate is installed and becomes available in the list of
certificates on the Console SSL Certificates page.
Alternatively, to exit this screen without adding a certificate, click the Close button.
6. If an SSL certificate chain was not part of the bundle file in step 4, to add an SSL certificate
chain file, click Choose File next to Certificate Chain File, then navigate to the SSL certificate
chain file.
Caution: The maximum length of a file name is 255 bytes.
In addition, the length of a path, including the file name, must be less than 4,000
bytes.
Since the UTF-8 representation of characters from some character sets can occupy
several bytes, the maximum number of characters that a file path or a file name
might contain can vary.
If a particular client has other limits, the smaller of the two limits applies.
7. Enter the Password, if required.
8. Click Save Certificate. The certificate is installed and becomes available in the list of
certificates on the Console SSL Certificates page.
Since the UTF-8 representation of characters from some character sets can occupy
several bytes, the maximum number of characters that a file path or a file name
might contain can vary.
If a particular client has other limits, the smaller of the two limits applies.
4. Optionally, click Choose File next to Certificate Chain File, then navigate to the SSL certificate
chain file.
Caution: The maximum length of a file name is 255 bytes.
In addition, the length of a path, including the file name, must be less than 4,000
bytes.
Since the UTF-8 representation of characters from some character sets can occupy
several bytes, the maximum number of characters that a file path or a file name
might contain can vary.
If a particular client has other limits, the smaller of the two limits applies.
5. Click Save Certificate. The existing certificate is replaced and appears in the list of certificates
on the Console SSL Certificates page.
You can select which of several SSL certificates to enable as the SSL certificate for the NMC.
To enable a new SSL certificate:
1. Click Console Settings, then click SSL Certificates in the left-hand column. The Console SSL
Certificates page displays a list of SSL certificates for the Nasuni Management Console.
• Users with Storage Access: The number of native users who are members of permission
groups that have Storage Access enabled. To view a list of users, click the displayed value
or click Manage Users. To add a permission group that has Storage Access enabled, see
“Adding Permission Groups” on page 480.
• Total Groups: The total number of permission groups, including Groups with Domain
Associations, Groups with Storage Access, and permission groups that do not have Group
Associations or Storage Access. To view a list of permission groups, click the displayed
value or click Manage Groups.
• Groups with Domain Associations: The number of permission groups that have Active
Directory or LDAP Directory Services domain groups associated with them. To view a list of
permission groups, click the displayed value or click Manage Groups.
• Groups with Storage Access: The number of permission groups that have Storage Access
enabled. To view a list of permission groups, click the displayed value or click Manage
Groups.
• Groups without Members: The number of permission groups that do not have any
members. To view a list of permission groups, click the displayed value or click Manage
Groups.
In the Filer Status area, the following properties appear for each Nasuni Edge Appliance:
• Description: The name of each Nasuni Edge Appliance.
• Users with Access: The users that have access to that Nasuni Edge Appliance.
• Groups with Access: The permission groups that have access to that Nasuni Edge
Appliance.
Viewing Users
You can view existing users.
To view users, follow these steps:
1. On the Console Users and Groups Overview page, click Manage Users. The Console Users
page appears.
Important: It is not supported for users in the Active Directory Protected Users security
group to log in to the NMC.
Important: It is not supported for users in the Active Directory Protected Users security
group to log in to the NMC.
4. In the Email text box, enter the email address for this user.
5. In the Password text box, enter the password for this user.
Important: You cannot use Active Directory passwords longer than 127 characters to log
in to the NMC.
Enter the same password in the Password confirmation text box. An indicator of password
strength appears. Although password strength is not enforced, you should use strong
passwords.
6. In the Groups list, for each of the groups, select or clear the check box for granting membership
to the group.
7. To accept your selections, click Add User. The user is added with membership in the selected
groups.
Alternatively, to exit the dialog box without adding a user, click Close.
2. On the Console Users page, click Add Domain User. The Add Domain User dialog box
appears.
Deleting Users
Note: You cannot delete the last user in the Filer Administrators group.
To delete a user, follow these steps:
1. On the Console Users and Groups Overview page, click Manage Users. The Console Users
page appears.
• User Interface Access: This Access Type allows you to define NMC permissions, Nasuni
Edge Appliance permissions, Nasuni Edge Appliance access, and, optionally, any
associations to Active Directory or LDAP Directory Services domain groups.
4. In the NMC Permissions list, select or clear the Nasuni Management Console permissions that
you want to grant to the new group. For a full list of displayed NMC permissions and the
operational permissions that they include, see Appendix 24, “Permissions,” on page 538.
Tip: If you want this group to receive alert emails, you MUST select “Receive alert
emails”.
5. To gain access to the NMC API, you must select the "Enable NMC API Access" permission for
this group.
Important: In addition to selecting the "Enable NMC API Access" permission for this
group, NMC API users must also select the corresponding NMC permission
for the action that they are performing with the NMC API. For example,
setting folder quotas with the NMC API requires the "Manage Folder Quotas"
NMC permission. Users must first authenticate to the NMC to obtain a token,
and then can use that token to access subsequent API endpoints.
6. In the Filer Permissions list, select or clear the Nasuni Edge Appliance permissions that you
want to grant to the new group. For a full list of displayed Nasuni Edge Appliance permissions
and the operational permissions that they include, see Appendix 24, “Permissions,” on
page 538.
Warning: Users with “Perform File Restores/Access Versions” permission have the
ability to access all files on the file server.
Tip: If you want a group to NOT BE ABLE TO add volumes, delete volumes, or enable
downloading, select “Manage Volume Settings”.
If you want a group to BE ABLE TO add volumes, delete volumes, or enable
downloading, select "Manage all aspects of Volumes". This permission also includes
all the other permissions of “Manage Volume Settings”.
For details of the many permissions that these permissions include, see Appendix
24, “Permissions,” on page 538.
Tip: Selecting the “Manage all aspects of the Filer (super user)” permission automatically
selects all other permissions, even though those other permissions are not selected
on the screen. To specify permissions at a more granular level, do not select the
“Manage all aspects of the Filer (super user)” permission, and instead select
combinations of individual permissions.
Tip: Users with “Disconnect Users from Access Points” permission have the ability to
disconnect CIFS or NFS users individually, which is sometimes necessary when
there are locked files.
7. In the Email Subscriptions area, select which alerts to receive.
Tip: If you want this group to receive alert emails, you MUST select “Receive alert emails”
in step 4 on page 482.
a. To receive alerts about all available Nasuni Edge Appliance conditions to the configured email
address, select the Receive All Alerts check box.
b. If you do not select the Receive All Alerts check box, but you want to receive alerts about
specific Nasuni Edge Appliance conditions, in the Email Subscriptions area, select the
specific alerts about Nasuni Edge Appliance conditions that you want sent to the configured
email account.
The choices include the following:
• Appliance Alerts: Alerts that occur on the appliance.
• Conflict Alerts: Notices that merge conflicts have occurred during a sync.
• General Alerts: Alerts not in the other categories.
• Safe Delete Alerts: Alerts related to Safe Delete events. For more information, see “Safe
Delete of volumes” on page 95.
• Software Updates: Notices that software updates are available.
• Account Alerts: Alerts related to Nasuni.com account license issues, such as expiration
and capacity limits.
• Capacity Alerts: Alerts related to capacity, such as volume quotas, new quotas, and
account limits.
Note: If the licensed capacity is exceeded, you can still store more data temporarily. If
your total stored data nears or exceeds your licensed capacity, you receive
warnings to increase your licensed capacity.
Tip: To receive quota reports, you must enable Capacity Alerts.
• Hardware Alerts: Alerts related to hardware events.
• Snapshot Restore Alerts: When you restore data from a snapshot, this alert notifies you
when the restore is complete.
• Violation Alerts: Alerts about antivirus violations (infections) and ransomware detection
violations. See “Editing Anti-Malware settings (Antivirus Protection and Ransomware
Detection)” on page 239.
Tip: To receive notifications of violations, you must have the “Manage all aspects of
the Filer (super user)” or “Manage Notifications” permissions, and the
appropriate “Filer Access” permissions.
8. In the Extra Emails text box, enter one or more destination email addresses for sending alerts
to, separated by commas.
9. In the Filer Access list, select or clear the Nasuni Edge Appliances to which you want to grant
access by the new group.
10. (Optional.) To link a domain group (Active Directory or LDAP Directory Services) to this
permission group, and allow members of that domain group to use their domain credentials to
access volumes on Nasuni Edge Appliances, the exact domain name and domain group are
necessary.
In the Group Association text box, enter any text from the domain name or the domain group,
and click Search. The Select Group dialog box appears. Click Search. From the list of domain
groups that include the search text, select the domain name and domain group, then click Add
Selected Group.
Alternatively, enter the exact domain name and domain group in the Group Association text
box.
Important: In order to link an Active Directory domain group to a permission group, the
“Group type” of the Active Directory domain group must be “Security”. If the
“Group type” of the Active Directory domain group is “Distribution”, users
within the Active Directory domain group are not able to log in.
Note: It is not necessary for a permission group to be linked to a domain group.
Note: Adding a domain group allows all users in that group to access the user
interface. You do not need to explicitly add those users. If the group
membership changes after the group is linked, the new members can still log
in.
Note: If you use a Group Association, you cannot select Storage Access.
Note: The list of available domain groups are from the domains previously joined to
the Nasuni Management Console.
Note: Domain groups and the members of those groups always have storage access.
11. To accept your selections, click Add Group. The group is added with the selected permissions.
Alternatively, to exit the dialog box without adding a group, click Close.
Firewall
You can limit which network hosts can connect to the Nasuni Management Console user interface and
the Nasuni Support SSH port. This is similar to firewall protection.
Note: In addition to this protection, you can also configure separate access to shares, exports,
and FTP/SFTP directories, as detailed in “Editing shares” on page 183, “Editing exports”
on page 146, and “Editing FTP directories” on page 161.
To configure firewall protection for the Nasuni Management Console, follow these steps:
1. Click Console Settings, then select Firewall in the left-hand column. The Console Firewall
Configuration page appears.
Networking
Important: Edge Appliances and the NMC must be configured with operational DNS servers and
a time server (internal or external) within your environment.
To configure network settings for the Nasuni Management Console, follow these steps:
1. Click Console Settings, then select Networking in the left-hand column. The Console Network
Configuration page appears.
Tip: After you change the Hostname of the NMC, you should delete the Active Directory
computer object with that Hostname.
3. From the Network Type drop-down list, select one of the following:
• DHCP (Dynamic Host Configuration Protocol): Provides a network IP address for a host on
an IP network automatically. The Network Device Settings and System Settings areas
become unavailable.
• DHCP with custom DNS: Provides a network IP address for a host on an IP network
automatically. The Network Device Settings area becomes unavailable. Enter the following
information:
• Enter one or more local search domains in the Search Domain text box, each separated
by a space. You must enter valid hostnames.
You can use search domains to avoid typing the complete address of domains that you
use frequently. The search domains that you enter are automatically appended to names
that you specify for purposes such as Active Directory configuration, HTTPS proxy, and
NTP server. For example, if you specify the search domain “mycompany.com”, then
typing “server1” for one of these purposes would connect to
“server1.mycompany.com”.
Note: There are no search domains for LDAP.
• Enter the IP address for your primary DNS server in the Primary DNS server text box.
You must enter a valid hostname or IP address.
• Enter the IP address for your secondary DNS server in the Secondary DNS server text
box (if applicable). You must enter a valid hostname or IP address.
• Static: You must provide Network Device Settings and System Settings. See your IT
administrator for assistance. Enter the following information:
• Enter the static IP address in the IP Address text box. The address of a static device
must not already be present on the network. The Nasuni Management Console verifies
this and displays an error if a collision is detected.
• Enter a netmask address in the Netmask text box.
• Enter a default gateway address in the Default Gateway text box.
The gateway address must match a subnet of a defined static network. If the External traffic
group is being used, the default gateway address must match that subnet exactly.
• Enter the MTU value in the MTU Value text box. MTU settings above 1500 are
supported.
The maximum transmission unit (MTU) is the size (in bytes) of the largest protocol data unit
that the layer can pass onwards. A larger MTU brings greater efficiency, because each
packet carries more user data, while protocol overheads, such as headers, remain fixed; the
resulting higher efficiency means a slight improvement in the bulk protocol throughput. A
larger MTU also means processing fewer packets for the same amount of data. However,
large packets can occupy a slow link for some time, causing greater delays to following
packets, and increasing lag and minimum latency.
• Enter one or more local search domains in the Search Domain text box, each separated
by a space. You must enter valid hostnames.
You can use search domains to avoid typing the complete address of domains that you
use frequently. The search domains that you enter are automatically appended to names
that you specify for purposes such as Active Directory configuration, HTTPS proxy, and
NTP server. For example, if you specify the search domain “mycompany.com”, then
typing “server1” for one of these purposes would connect to
“server1.mycompany.com”.
Note: There are no search domains for LDAP.
• Enter the IP address for your primary DNS server in the Primary DNS server text box.
You must enter a valid hostname or IP address.
• Enter the IP address for your secondary DNS server in the Secondary DNS server text
box (if applicable). You must enter a valid hostname or IP address.
4. To save your entries, click Save Network Settings.
The Confirm Network Changes dialog box appears.
Proxy
You can configure the Nasuni Management Console to use a proxy server, if needed. All HTTPS traffic
goes through the proxy server that you specify. See Firewall Best Practices for details of HTTPS traffic,
which includes:
• Storage traffic.
• Global File Lock server traffic.
• Antivirus definition files.
• Nasuni Management Console Administrative Access.
• Web Access.
• Mobile Access.
• NOC traffic.
Note: When you enable or disable the HTTPS proxy, the Nasuni Management Console cannot
update any Nasuni Edge Appliance settings for about 2 minutes.
Note: Nasuni only supports HTTPS proxies. SOCKS proxies are not supported.
Tip: On Azure-based NMCs only, during an installation or recovery procedure, it is necessary to
connect with IP address 169.254.169.254 in order to obtain information about the Azure VM
instance. If you have configured an HTTPS proxy, this attempt to connect can cause a delay
of several minutes. To avoid this delay, add the IP address 169.254.169.254 to the “Do Not
Proxy” section of the HTTPS Proxy configuration.
To configure the HTTPS Proxy, follow these steps:
1. Click Console Settings, then select Proxy in the left-hand column. The Console Proxy
Configuration page appears.
Note: Some software updates can take longer to apply than others. Refer to the release
notes before applying the update.
3. Update NMC in the Confirmation Phrase text field.
4. Click Update Console Software. The Nasuni Management Console downloads software
updates and reboots the system.
Tip: To avoid any performance issues when updates occur, clear your browser’s cache.
5. After the reboot completes, re-log in to the Nasuni Management Console with your username
(case-sensitive) and password (case-sensitive).
Important: It is not supported for users in the Active Directory Protected Users security
group to log in to the NMC.
Important: You cannot use Active Directory passwords longer than 127 characters to log
in to the NMC.
Click Enable Remote Support. The Remote Support Service settings are changed. If you
enable the Remote Support Service with a nonzero Timeout time, a countdown begins.
4. If the Remote Support Service is enabled, to disable the Remote Support Service, click Disable
Remote Support. The Remote Support Service settings are changed.
Send Diagnostics
If you experience problems that you cannot resolve, you can send diagnostic information to Nasuni
Technical Support for troubleshooting purposes.
Note: Local diagnostic information is automatically sent when needed, so there is typically no
need to do this, unless instructed by Nasuni Technical Support. Using Send Diagnostics
includes more information than the automatic diagnostic information.
To send diagnostic information, follow these steps:
1. Click Console Settings, then select Send Diagnostics from the menu. The Send Diagnostic
Information to Nasuni page appears.
Retaining Notifications
Notifications are retained according to the following rules:
• Review of notifications occurs daily on the NMC and weekly on the Nasuni Edge Appliance.
• Info-level notifications are removed after 7 days.
• Acknowledged notifications of any level are removed after 14 days.
• Only the most recent 50,000 Info-level notifications per Nasuni Edge Appliance are retained.
Viewing Notifications
Notifications that require acknowledgment appear on the Notifications pane. You can view and filter all
notifications using the Notifications page.
Tip: This function can also be performed using the NMC API. For details, see NMC API.
To view notifications, follow these steps:
1. Click the bell-shaped Notifications icon at the top right of any page. The Notifications pane
appears.
• Error: Something unusual or incorrect has occurred, and the user should take notice
and try to resolve the situation, if possible. Errors generate email messages to the
user, if the user has set up email. See “Email Settings” on page 415 for details.
• Alert: Something unusual or incorrect has occurred, and the user should take notice
and try to resolve the situation, if possible, or contact Nasuni for assistance, if
necessary. Alerts generate emails to the user, if the user has set up email. For details,
see “Email Settings” on page 415. Examples of alert notifications are:
• Software update available.
• Account issues.
• Local cache issues.
• Evaluation period expired.
• Date: The date and time of the notification.
• Origin: The Nasuni Edge Appliance that the notification occurred on.
• Message: The text of the notification.
Note: It can take up to 10 minutes for the notifications of a managed Nasuni Edge Appliance
to appear on the Notifications page of the Nasuni Management Console.
Acknowledged notifications display a checkmark to the right of their severity.
At the top of the list is a count of the number of entries shown and the total number of entries.
3. You can select whether to view acknowledged notifications, unacknowledged notifications, or
all notifications, as follows:
• All: To view all notifications, including acknowledged notifications, select All. All
notifications are listed.
• No: To view only notifications that have not been acknowledged, select No. Only
unacknowledged notifications are listed.
• Yes: To view only acknowledged notifications, select Yes. Only acknowledged notifications
are listed.
4. To include Alert notifications, select Alert.
5. To include Error notifications, select Error.
6. To include Warning notifications, select Warning.
7. To include Info notifications, select Info.
Tip: Info notifications can safely be ignored.
8. To automatically refresh the Notifications page, select Enable Auto Refresh.
9. To move to the next page of notifications (if any), click the right arrow at the top of the page.
10. To move to the previous page of notifications (if any), click the left arrow at the top of the page.
11. To download notifications as a CSV file, click Download CSV.
Acknowledging Notifications
You can acknowledge notifications.
Acknowledging notifications marks them as read, but leaves them in place for further use. By contrast,
deleting notifications removes them entirely. When you acknowledge notifications, you are no longer
prompted to view them.
To acknowledge notifications, follow these steps:
1. List and filter notifications as described in “Viewing Notifications” on page 497.
2. Select the notifications that you want to acknowledge.
To select all notifications on the page, select the check box to the left of the Severity heading. If
there is more than one page of notifications, a message appears detailing how many
notifications are selected and the total number of notifications matching the current criteria.
Deleting Notifications
You can delete notifications.
Deleting notifications removes them from the list entirely. When you delete notifications, you are no
longer prompted to view them.
Tip: There are often many notifications such as “Snapshot not needed”, “Antivirus scan started”,
“Updated the Nasuni Edge Appliance product license key”, and “Snapshot for volume ...
has been scheduled”. Unless the Nasuni Management Console is experiencing problems in
these areas, you can usually delete all notifications of this kind.
To delete notifications, follow these steps:
1. List and filter notifications as described in “Viewing Notifications” on page 497.
2. Select the notifications that you want to delete:
To select all notifications on the page, select the check box to the left of the Severity heading. If
there is more than one page of notifications, a message appears detailing how many
notifications are selected and the total number of notifications matching the current criteria.
Downloading Notifications
Download
You can download notifications to a comma-separated values (CSV) file for further analysis or retention.
To download notifications as a CSV file, on the Notifications page, click Download CSV. The
notifications are downloaded and saved as a CSV file, according to the configuration of your browser.
5. After you obtain the initial IP address, open the specific URL to continue. The Install Wizard —
Network Configuration page appears.
If you select Static, you must provide Network Device Settings and System Settings. See
your IT administrator for assistance.
If you select Static as a source, enter the following information:
• Enter the static IP address in the IP Address text box.
• Enter a netmask address in the Netmask text box.
• Enter a default gateway address in the Default Gateway text box.
The gateway address must match a subnet of a defined static network.
• Enter the MTU value in the MTU Value text box. MTU settings above 1500 are
supported.
The maximum transmission unit (MTU) is the size (in bytes) of the largest protocol data unit
that the layer can pass onwards. A larger MTU brings greater efficiency, because each
packet carries more user data while protocol overheads, such as headers, remain fixed; the
resulting higher efficiency means a slight improvement in the bulk protocol throughput. A
larger MTU also means processing fewer packets for the same amount of data. However,
large packets can occupy a slow link for some time, causing greater delays to following
packets, and increasing lag and minimum latency.
c. In the System Settings area:
If you selected DHCP (Dynamic Host Configuration Protocol), the Search Domain, Primary
DNS Server, and Secondary DNS Server fields become unavailable.
If you select Static as a source, enter the following information:
• Enter one or more local search domains in the Search Domain text box. If you enter
multiple search domains, make sure you include a space between each entry. You must
enter valid hostnames.
You can use search domains to avoid typing the complete address of domains that you
use frequently. The search domains that you enter are automatically appended to names
that you specify for purposes such as Active Directory configuration, HTTPS proxy, and
NTP server. For example, if you specify the search domain “mycompany.com”, then
typing “server1” for one of these purposes would connect to
“server1.mycompany.com”.
Note: There are no search domains for LDAP.
• Enter the IP address for your primary DNS server in the Primary DNS server text box.
You must enter a valid hostname or IP address.
• Enter the IP address for your secondary DNS server in the Secondary DNS server text
box (if applicable). You must enter a valid hostname or IP address.
d. Click Continue to proceed.
13. If you selected No, the Install Wizard — Upload Encryption Keys page appears.
which encryption keys were not uploaded. Uploading these encryption keys is
optional.
Overview
You can change network settings, such as the IP address of the Nasuni Management Console, using
commands on the console. You might want to change the IP address if, for example, you do not want
to use the initial default IP address or if the current IP address is not valid. Also, if you make an entry
error when setting network parameters, you can correct it using the IP address configuration
commands in this section.
2. Press Enter to access the Service menu. The login prompt appears. Enter the username and
password. The login username is service, and the default password is service. The Service
Menu appears.
4. To use DHCP settings for the device and the system, enter the following command:
setall dhcp
setall static
8. To change the MTU, enter an MTU and press Enter. To leave the current MTU unchanged,
press Enter.
The maximum transmission unit (MTU) is the size (in bytes) of the largest protocol data unit that
the layer can pass onwards. A larger MTU brings greater efficiency, because each packet
carries more user data while protocol overheads, such as headers, remain fixed; the resulting
higher efficiency means a slight improvement in the bulk protocol throughput. A larger MTU also
means processing fewer packets for the same amount of data. However, large packets can
occupy a slow link for some time, causing greater delays to following packets, and increasing
lag and minimum latency.
9. To change any of the above values, enter yes. Use step 6, step 7, and step 8 to change the
values.
Alternatively, to leave values unchanged, enter No or press Enter.
10. To change the hostname, enter a new hostname and press Enter. To leave the current
hostname unchanged, press Enter.
11. To change the default gateway, enter a default gateway and press Enter. To leave the current
default gateway unchanged, press Enter.
12. To change the DNS server, enter one or two DNS servers separated by spaces and press Enter.
To leave the current DNS server unchanged, press Enter.
13. To change the search domain, enter one or more search domains separated by spaces and
press Enter. To leave the current search domain unchanged, press Enter.
14. To change any of the above values, enter yes. Use step 10, step 11, step 12, and step 13 to
change the values.
Alternatively, to leave values unchanged, enter No.
15. To save your values, enter save.
16. To exit the editnetwork commands, enter close.
17. To exit the console commands, enter quit.
18. On the Nasuni Management Console, enter any changed settings so that the Nasuni
Management Console is consistent with the platform.
setaddr static
setsystem static
10. To change the hostname, enter a new hostname and press Enter. To leave the current
hostname unchanged, press Enter.
11. To change the default gateway, enter a default gateway and press Enter. To leave the current
default gateway unchanged, press Enter.
12. To change the DNS server, enter one or two DNS servers separated by spaces and press Enter.
To leave the current DNS server unchanged, press Enter.
13. To change the search domain, enter one or more search domains separated by spaces and
press Enter. To leave the current search domain unchanged, press Enter.
14. To change values, enter yes. The entered values are changed.
Alternatively, to leave values unchanged, enter No.
15. To save your network parameter values, enter save.
16. To exit the editnetwork commands, enter close.
17. To exit the console commands, enter quit.
18. On the Nasuni Management Console, enter any changed settings so that the Nasuni
Management Console is consistent with the platform.
setaddr dhcp
showmac
reboot
Nasuni Corporation
The Terms of Service and License Agreement for the Nasuni Edge Appliance is located at:
http://www.nasuni.com/legal/
The Health Monitor service was introduced in the 8.8 release of the NMC and Edge Appliance. After the
NMC is upgraded to 8.8, the Health Monitor status is available for Edge Appliances running version 8.8
or higher.
Status
Health Monitor status for Edge Appliances is available from the NMC Filers Overview page and NMC
Filer Details page along with recommended remediation steps. Further, warning and error messages
are available via NMC notifications and the NMC API and, if configured, can be sent as email alerts,
syslog, and SNMP traps.
The NMC Filers Overview “Health” column shows an aggregate of Health Monitor check status and
reports the highest severity check status as the current Health Monitor status for the Edge Appliance.
For example, if all checks are healthy, “Healthy” is displayed in the Filers Overview page. If one check is
in an unhealthy state but all other checks are healthy, “Unhealthy” is displayed for the Edge Appliance.
Tip: If any Health condition is displayed as “Unhealthy”, you can view detailed information and
any recommendations by hovering over the “Unhealthy” indicator. Alternatively, clicking
“View Recommendations” opens the Health Monitor Current Status dialog box which
displays detailed information and any recommendations.
Status Types
• Unhealthy: The check is unhealthy. Edge Appliance functionality is likely to be degraded.
• Warning: The check is approaching and unhealthy state. Not all checks include a warning
status.
• Healthy: The check is reporting no errors.
• “ - ”: The Edge Appliance Health Monitor status is “Unknown”. The “Unknown” status is
reported for pre-8.8 Edge Appliances.
Memory
If Edge Appliance memory usage exceeds 90 percent, the "Warning" status is triggered. If memory
usage exceeds 95 percent, the "Unhealthy" status is triggered.
Polling Interval: 1 minute
Polling Threshold: 30 consecutive
Remediation - Consider adding memory if possible or contact Nasuni Customer Support.
CPU
If CPU usage exceeds 90 percent (average across cores), the "Warning" status is triggered. If CPU
usage exceeds 95 percent (average across cores), the "Unhealthy" status is triggered.
Polling Interval: 1 minute
Polling Threshold: 5 consecutive
Remediation - Add CPUs if possible or contact Nasuni Customer Support.
Active Directory
If the Edge Appliance is joined to Active Directory and the Nasuni Edge Appliance AD health polling job
fails five times consecutively, the "Unhealthy" status is triggered.
Polling Interval: 5 minutes
Polling Threshold: 5 consecutive
Remediation - Confirm that the Edge Appliance can contact the Active Directory Domain and confirm
that the AD domain controllers for the site are online. Attempt to use the Edge Appliance Management
UI to rejoin the Edge Appliance to AD. If that fails, open a case with Nasuni Customer Support.
Nasuni Services
Nasuni Services - If a critical Nasuni service is not running, the "Unhealthy" status is triggered.
Most Services
Polling Interval: 1 minute
Polling Threshold: 5 consecutive
Disk Errors
If the system's io_error_cnt is more than 0, the "Unhealthy" status is triggered. If SMART reports an
error (only relevant for hardware Edge Appliances), the “Unhealthy” status is triggered.
Polling Interval: 10 minutes
Polling Threshold: 1 event
Remediation - Contact Nasuni Customer Support. A disk may need to be replaced.
Polling Group 1
• Nasuni NMC messaging queues - If a call fails, the "Unhealthy" status is triggered.
• Global File Lock - Checks if connection to the Global File Lock server endpoint is functional. If a
call fails, the "Unhealthy" status is triggered.
Polling Interval: 10 minutes
Polling Threshold: 3 consecutive
Polling Group 2
• Nasuni Orchestration Center (NOC) - If a call fails, the "Unhealthy" status is triggered.
• Object Storage - Checks if each of the volumes can connect to the cloud. If a call fails for any
volume, the "Unhealthy" status is triggered.
Polling Interval: 5 minutes
Polling Threshold: 3 consecutive
Remediation - Confirm network routing and connectivity between the Edge Appliance and network
end points. The Nasuni Service Console running on the Edge Appliance offers built-in network utilities
for traceroute and ping.
Memory Fragmentation
Checks for excessive memory fragmentation and supports both “Warning” and “Unhealthy” thresholds.
Memory fragmentation events are not currently visible in the Filer Overview or Filer Details page,
although “Warning” and “Unhealthy” messages are logged to NMC notifications. Memory
fragmentation can impact Edge Appliance performance or could cause operations to fail.
Polling Interval: 1 minute
Polling Threshold: 5 consecutive
Remediation - Reboot the Edge Appliance to temporarily resolve memory fragmentation. If the errors
continue, or if you observe slow performance on spinning media drives, contact Nasuni Customer
Support.
If case sensitivity is REQUIRED, such as for SMB/CIFS volumes that also have NFS protocol enabled,
configure case sensitivity as follows:
• Specify the volume to be case-sensitive. This is not the default configuration of volumes, and
must be specified for the volume. To specify the volume to be case-sensitive, on the “Add New
Volume” page (Edge Appliance) or on the “Create Volume” page (NMC), select “Case
Sensitive”.
• Specify the share to use “Case-Sensitive Paths”.
• For the volume’s Permissions Policy, select POSIX Mixed Mode.
On Windows systems, if some applications require case sensitivity and other applications require not
being case sensitive on the same volume, configure case sensitivity as follows:
• Specify the volume to be case-sensitive. This is not the default configuration of volumes, and
must be specified for the volume. To specify the volume to be case-sensitive, on the “Add New
Volume” page (Edge Appliance) or on the “Create Volume” page (NMC), select “Case
Sensitive”.
• Specify one share on the volume to use “Case-Sensitive Paths”. The case-sensitive
applications can use this share.
• Specify another share on the volume to NOT use “Case-Sensitive Paths”. The applications that
are not case-sensitive can use this share.
• For the volume’s Permissions Policy, select NTFS Exclusive.
Note: Most Windows applications are not case-sensitive.
The following table contains Nasuni recommendations for configuring volumes, based on the objectives for the volume. Configuration
includes consideration of the following:
Original volume protocol
Additional volume protocol, if any
Authentication
Volume Permissions Policy
Case Sensitivity
Important: Before joining Edge Appliance to Active Directory, contact Nasuni Support to ensure optimal configuration.
SMB clients only SMB (CIFS) None Active Directory NTFS No Durable NFS. FTP.
(Microsoft Exclusive handles (with LDAP. Multiple
Windows clients, SMB 2.0+ and volume
macOS clients) GFL disabled). protocols.
(no NFS, no FTP) Web Access. Switching from
Mobile Access. NTFS
Exclusive to
Global File
NTFS
Lock Advanced
Compatible.
and Optimized
mode.
SMB clients + FTP SMB (CIFS) FTP Active Directory NTFS Yes (Case FTP. Web NFS.
(Microsoft Compatible sensitivity Access. Mobile LDAP
Windows clients, or POSIX required to Access. Global
macOS clients) add FTP) File Lock:
Advanced and
Optimized
mode. Switch
from NTFS
Compatible to
NTFS
Exclusive.
NFS clients (UNIX NFS None Active Directory POSIX Yes (cannot FTP. CIFS (SMB)
or Linux clients) be changed) Global File volumes.
Lock: Web Access.
Optimized Mobile Access.
mode.
NFS + SMB NFS SMB (CIFS) Active Directory POSIX Yes (cannot FTP. LDAP.
Clients: IDs (translated to be changed) Web Access.
mapped between NTFS) Mobile Access.
SMB/NFS using
Global File
AD Unix
Lock:
Extensions
Optimized
(Microsoft
mode
Windows clients,
macOS clients,
UNIX or Linux
clients)
NFS + SMB Basic SMB (CIFS) NFS Active Directory NTFS Yes (Case FTP. NFS-only
InterOp: no ID Compatible sensitivity Web Access. volumes.
mapping + POSIX required to Mobile Access. LDAP
(Microsoft add NFS authentication.
Global File
Windows clients, and FTP
Lock:
macOS clients, protocols)
Optimized
UNIX or Linux
mode.
clients)
Can switch
from NTFS
Compatible to
NTFS
Exclusive.
Metric name Scope of Actual Current Uncompressed Deduplicated Includes Includes Includes Includes
data data data or or compressed or not previous unprotected protected metadata
or not all data versions / data in data in
snapshots cache cloud
Accessible Account data Actual Current Uncompressed Not No Yes Yes No
Data deduplicated
Cloud Usage Account data Actual All Compressed Deduplicated Yes No Yes Yes
Content Size Volumes, Actual Current Uncompressed Not No No Yes Yes
directories, deduplicated
and files in
File System
Browser
“Now” or Account data Actual Current Uncompressed Not No No Yes Yes
Data Growth deduplicated
“Storage
Volume
Limit”
Manage all aspects of NMC (super user) Manage all pending messages for Nasuni Edge
Appliance
Manage refresh for Nasuni Edge Appliance
Manage NMC account status
Manage NMC description
Manage NMC diagnostic settings
Manage NMC email settings
Manage NMC encryption keys
Manage NMC network settings
Manage NMC notifications
Manage NMC license refresh
Manage NMC remote support
Manage NMC session
Manage NMC shutdown
Manage NMC SMB settings
Manage NMC SNMP settings
Manage NMC software updates
Manage NMC SSL settings
Manage NMC time settings
Manage updating NMC
Manage NMC users and groups
Manage NMC notifications only
For the Nasuni Edge Appliance, the available displayed permissions include the following operational
permissions:
Manage all aspects of the Filer (super user) Manage all pending messages for Nasuni Edge
Appliance
Manage API access keys
Manage branding
Manage cache jobs
Manage cache settings
Manage CIFS (SMB) client page
Manage CIFS (SMB) client settings
Manage connection status settings
Manage credential settings
Manage description
Manage diagnostic settings
Manage encryption keys
Manage File System Browser
Manage FTP client page
Manage FTP settings
Manage global locking settings
Manage hardware settings
Manage Mobile Access
Manage network settings
Manage NFS settings
Manage NMC encryption keys
Manage NMC notifications
Manage notifications
Manage Quality of Service settings
Manage quotas
Manage refresh license settings
Manage remote support settings
Manage shared links
Manage shutdown settings
Manage Side Load settings
Manage SNMP settings
Manage SSL settings
Manage taking volume snapshot
Manage time configuration
Manage update settings
Manage Anti-Malware Services
Manage volume audit settings
Manage volume Auto Cache settings
Manage all aspects of the Filer (super user) Manage volume cloud I/O settings
(continued) Manage volume creation settings
Manage volume deletion settings
Manage volume download settings
Manage volume encryption keys
Manage volume exports
Manage volume file alerts
Manage volume FTP directories
Manage volume global lock settings
Manage volume name
Manage volume pinning
Manage volume protocols
Manage volume quotas
Manage volume remote access settings
Manage volume restore settings (to item’s
current location)
Manage volume shares
Manage volume snapshot access
Manage volume snapshot retention
Manage volume snapshot schedule
Manage volume sync schedule
View heuristic page
Manage Shares, Exports, and FTP Manage CIFS (SMB) client page
Manage connection status settings
Manage File System Browser
Manage FTP settings
Manage NFS settings
Manage time configuration
Manage volume exports
Manage volume FTP directories
Manage volume shares
The following terms are useful in understanding the Nasuni Edge Appliance (Nasuni Filer).
A
Accessible Data
Accessible Data includes current data already protected in the cloud, as well as current data in the
cache that is not yet protected. For this reason, the volume data in the cache that is not yet protected is
generally less than the total accessible data, unless this volume has not completed any snapshots.
Accessible Data is current data only. Accessible Data does not include previous versions or snapshots.
Accessible Data does not include metadata. Accessible Data does not reflect the effects of
compression or deduplication.
AD (Active Directory)
See “Active Directory (AD)” on page 545.
Analytics Connector
The Nasuni Analytics Connector enables you to export a temporary second copy of your file data, in
native object format, in a separate cloud storage account. You can then use this data with analytics
software, AI, machine learning, and other data recognition tools.
Antivirus (AV)
Antivirus Protection provides protection against viruses and other malware in files on a volume.
Antivirus Protection scans every new or modified file for the presence of viruses and other malware. If a
scanned file is found to be infected, the authorized administrator has the option to ignore the infection.
Only files with no detected malware, or infected files that the authorized administrator deliberately
ignores, are allowed into cloud storage. Nasuni Edge Appliance Antivirus Protection uses the Clam
AntiVirus (ClamAV®) open-source antivirus engine.
Authorization Code
A 6-character code used in conjunction with a Serial Number to validate an installation. Authorization
Codes are good for one use; one successful use causes an authorization code to be changed
automatically. Generating a new authorization code for a serial number does not cause a Nasuni Edge
Appliance or NMC that uses that serial number to stop working. The authorization code is only used
once during initial setup of a new or recovered Nasuni Edge Appliance or NMC. Because an
Authorization Code is only used once, an administrator can safely issue it to a user in order to install a
single Nasuni Edge Appliance or NMC without revealing Nasuni account credentials. To obtain an
Authorization code for a Serial Number, visit https://account.nasuni.com/account/serial_numbers/, or
the Account Status page of the Nasuni Management Console.
AV (Antivirus)
See “Antivirus (AV)” on page 546.
B
bucket
A bucket is a logical unit of storage in object storage services, such as Amazon Simple Storage
Solution (Amazon S3), and Dell EMC Elastic Cloud Storage (ECS). Buckets can be thought of as
containers that are used to store objects, which consist of data and metadata.
BYOC storage
There are three ways that customers can obtain the storage used with Nasuni:
• Integrated storage: Customers obtain their storage from Nasuni. (This option is no longer
available.)
• Public cloud storage (aka BYOC storage): Customers do not obtain their storage from Nasuni,
but do obtain it from a public cloud storage provider, such as Microsoft Azure or Amazon S3.
• Private cloud storage: Customers do not obtain their storage from Nasuni or from public cloud
storage providers, but arrange their own private cloud storage, such as Dell EMC ECS or IBM
COS.
C
cache
A cache is a computer component that stores data locally so that future requests for that data can be
served faster. While all data and metadata are stored in cloud storage, data that requires regular access
is kept locally. This includes files that are re-written and data that is read often. If the requested data
does not reside locally, it is staged into the cache and provided for the request.
cache miss
If requested data does not reside in the local cache, and must be staged into the cache for the request,
this is called a “cache miss”.
chunks
Before sending data to the cloud, Nasuni breaks files into optimally-sized pieces for transport between
the on-premises cache and cloud storage. This not only disguises the actual sizes of files, but also
improves performance. These chunks are then deduplicated, compressed, and encrypted.
cloud storage
Where all your file data is stored. Nasuni supports almost all on-premises (private) cloud storage
solutions, including Dell EMC ECS, Hitachi Content Platform (HCP), and IBM Cloud Object Storage
(COS), as well as leading public cloud (aka BYOC) storage solutions, including Microsoft Azure
Storage, Amazon Simple Storage Service (Amazon S3), and Google Cloud Storage.
Content Size
Content Size includes data already protected in the cloud, but does not include data in the cache that is
not yet protected. Content Size data is current data only. Content Size data does include metadata.
Content Size does not reflect the effects of compression or deduplication.
D
DAS (Direct Attached Storage)
See “Direct Attached Storage (DAS)” on page 548.
data
Data is transmittable and storable computer information. Nasuni handles data in the form of files,
including text, images, audio, and video.
directory quota
A limit on the amount of data in a directory. You can configure that quota reports are sent to
administrators or users when directories near or exceed their quota.
Directory Services
Services, including authentication, provided by Active Directory or LDAP.
durable handle
A durable handle is an open file handle that is preserved during a short network outage, which allows a
client to reconnect when connectivity is restored.
E
encryption
The Nasuni Edge Appliance encrypts data sent to cloud storage using the OpenPGP standard, with
AES-256 as the default encryption.
eviction
Data that has been copied from the Nasuni Edge Appliance to cloud storage, and that is rarely used
again, is eventually removed (“evicted”) from the Nasuni Edge Appliance’s cache to free up space for
new data. If one of these evicted files is later requested for reads or writes, the Nasuni Edge Appliance
retrieves the file from cloud storage and puts it back into the cache automatically.
export
A directory on a server volume that a client on your network can access.
F
faulting
If requested data does not reside in the local cache, it is staged into the cache and provided for the
request. This is informally called “faulting”.
file system
A method for storing and organizing computer files and the data that they contain in order to make it
easy to find and access them.
firewall
You can configure inbound traffic to the Nasuni Edge Appliance user interface and the Nasuni Support
SSH port, which provides firewall protection.
G
GB/GiB
GB is an abbreviation of gigabyte, meaning 1,000,000,000 bytes. Usually used to refer to hard disk
capacity.
GiB is an abbreviation of gibibyte, meaning 230 (1,073,741,824) bytes. Usually used to refer to RAM
memory.
I
instance
The Nasuni Edge Appliance is either a hardware appliance or a virtual machine. An instance refers to a
single virtual machine that provides virtualization of the Nasuni Edge Appliance software.
integrated storage
There are three ways that customers can obtain the storage used with Nasuni:
• Integrated storage: Customers obtain their storage from Nasuni. (This option is no longer
available.)
• Public cloud storage (aka BYOC storage): Customers do not obtain their storage from Nasuni,
but do obtain it from a public cloud storage provider, such as Microsoft Azure or Amazon S3.
• Private cloud storage: Customers do not obtain their storage from Nasuni or from public cloud
storage providers, but arrange their own private cloud storage, such as Dell EMC ECS or IBM
COS.
K
Kerberos
Kerberos is a computer network authentication protocol that works on the basis of 'tickets' to allow
nodes communicating over a non-secure network to prove their identity to one another in a secure
manner. It provides mutual authentication: both the user and the server verify each other's identity.
Kerberos protocol messages are protected against eavesdropping and replay attacks. Kerberos builds
on symmetric key cryptography and requires a trusted third party, and optionally may use public-key
cryptography during certain phases of authentication. Kerberos uses UDP port 88 by default.
L
LDAP (Lightweight Directory Access Protocol)
See “Lightweight Directory Access Protocol (LDAP)” on page 552.
Licensed Data
Licensed Data is sometimes also called “Licensed Capacity” or “Storage Volume Limit”. Licensed Data
is the amount of data storage that Nasuni is managing for the customer, and that the customer is
paying to store using the Nasuni service. Every customer has a Licensed Data limit. No customer has
unlimited storage. However, every customer has unlimited versions of their data available. Since the
Nasuni service is inherently unlimited, the Licensed Data limit can easily be changed, as business
needs change. Licensed Data should be compared to data metrics such as “Now” data, which is
current data and metadata in the cloud, without the effects of compression or deduplication. The
default Licensed Data for trial accounts is 5 TB.
Linux
Linux is a family of free and open-source software operating systems built around the Linux kernel.
Typically, Linux is packaged in a form known as a Linux distribution (or distro for short) for both
desktop and server use.
M
management information base (MIB)
A database for managing entities in a network, such as with the Simple Network Management Protocol
(SNMP).
MB/MiB
MB is an abbreviation of megabyte, meaning 1,000,000 bytes. Usually used to refer to hard disk
capacity.
MiB is an abbreviation of mebibyte, meaning 220 (1,048,576) bytes. Usually used to refer to RAM
memory.
metadata
Data about data. Metadata describes how and when and by whom a particular set of data was
collected, and how the data is formatted.
N
NAS (Network Attached Storage)
See “Network Attached Storage (NAS)” on page 554.
“Now” data
“Now” data is displayed on the Data Growth chart. “Now” data is current data and metadata in the
cloud, without the effects of compression or deduplication. “Now” data does not include unprotected
data in the cache.
O
object store
An object store, or object storage, is a data storage architecture that manages data as objects. File
systems manage data as a file hierarchy, and block storage manages data as blocks within sectors and
tracks. Each object typically includes the data itself, metadata about the data, and a globally unique
identifier.
on-demand provisioning
The Nasuni Edge Appliance simplifies provisioning by offering instant provisioning in increments as
small as 1 TB.
P
pinning
Pinning a folder specifies that the folder and its contents must remain in the local cache at all times.
This can improve performance and reduce the time necessary to return accessed data to clients. This
reduces the available cache by the size of the folder. Pinning a folder does not bring the folder’s data
into the cache.
proxy
A server that acts as an intermediary for requests from clients seeking resources from other servers.
pruning
Pruning is the process of removing unneeded data. For example, you can specify removing log files
older than a certain number of days. Similarly, you can specify snapshot retention for a set number of
snapshots or for a set amount of time: the unwanted snapshots are removed.
Q
QoS (Quality of Service)
See “Quality of Service (QoS)” on page 556.
quota
A limit on the amount of usable storage space on a volume.
R
Remote Support Service
The Remote Support Service allows authorized Nasuni Technical Support personnel to remotely and
securely access your Nasuni Edge Appliance. This can help Nasuni Technical Support to diagnose and
resolve any issues with your Nasuni Edge Appliance quickly and proactively. No changes to your
corporate firewalls are necessary. This service is disabled by default and is strictly opt-in.
S
SAN (Storage Area Network)
See “Storage Area Network (SAN)” on page 557.
Serial Number
A unique 32-digit hexadecimal number associated with your account for use with Nasuni Edge
Appliance and Nasuni Management Console (NMC) installations. Each account has multiple Serial
Numbers. Unused Serial Numbers may be used to set up a new Nasuni Edge Appliance or an NMC.
Serial Numbers already in use may be used to recover existing Nasuni Edge Appliances or your existing
NMC. Serial Numbers are used in conjunction with Authorization Codes. To obtain a Serial Number,
visit https://account.nasuni.com/account/serial_numbers/.
share
A folder on a volume that can be shared on your network. Access to a share can be customized on a
user or group-level basis.
Side Load
As part of the recovery process, the Side Load feature enables you to transfer cache data directly from
the original source decommissioned Nasuni Edge Appliance to the new destination Nasuni Edge
Appliance. This saves the time and bandwidth necessary to manually re-populate the new cache with
data.
snapshot
An instantaneous, non-changing, read-only image of a volume. Snapshots let you view any past version
of your file system, and restore all or part of the version quickly.
A snapshot is a complete picture of the files and folders in your file system at a specific point in time.
With snapshots, the Nasuni Edge Appliance can identify new or changed data. Snapshots offer data
protection by enabling you to recover a file deleted in error or to restore an entire file system. After a
snapshot has been taken and is sent to cloud storage, it is not possible to modify that snapshot.
sync
You can schedule when, and with what frequency, the selected volume updates data (“syncs”) from
Nasuni, merging your local data with any new or changed data from other Nasuni Edge Appliances
connected to this volume. This helps to ensure that everyone in your organization is using the most
current data.
U
UI (Nasuni Edge Appliance (Nasuni Filer) user interface)
See “Nasuni Edge Appliance (Nasuni Filer) user interface (UI)” on page 553.
UniFS
UniFS® is Nasuni’s cloud-native global file system, storing all files, file versions, and metadata in your
preferred private or public cloud (aka BYOC) object store. UniFS is the first file system designed to have
its inode structure reside in the cloud. UniFS enables the Nasuni platform to inherit the virtually
unlimited capacity, durability, and georedundancy of the cloud object stores.
Unix
Unix is a family of multitasking, multiuser computer operating systems that derive from the original
AT&T Unix.
update
To transition from an older version of Nasuni software to a newer version.
V
versioning
The Nasuni Edge Appliance provides the versioning necessary to eliminate the need for separate
backup and restore procedures.
virtualization
Virtualization lets you run multiple virtual machines on a single physical machine, sharing the resources
of that single computer across multiple environments. Different virtual machines can run different
operating systems and multiple applications on the same physical computer.
VM (virtual machine)
See “virtual machine (VM)” on page 558.
volume
A set of files and directories. A volume can consist of multiple shares. Nasuni stores all volumes in your
choice of one or more cloud storage solutions.
Index
Symbols accessible data 68, 69, 78, 81, 85, 370, 545
definition 545
.snapshot directory 218 volume 81
account
name 396
0-9 account alerts 483
123 (port) acknowledging
Network Time Protocol (NTP) 341, 422 alert 499
161 (port) pending updates 376
SNMP monitoring 331, 417 ACLs 87, 106, 201, 203
162 (port) ACLs (access control lists) 87, 106, 201, 203
SNMP monitoring 331, 417 acronyms
25 (port) list of 545
SMTP port 416 action status 64
443 (port) 348 Active Directory 20, 47, 110, 164, 214, 278, 382, 423,
514 (port) 424, 488, 489, 503, 534, 535, 536
syslog port 336, 419 Directory Services 549
5671 (port) 250, 257 domain
editing 443, 444
Health Monitor 530
limits 381, 428
A security 381, 423
access configuring 424
group 157, 158, 159, 170, 171, 172, 173, 180, 181, security mode 423
182 server 381, 423
Read-Only 172, 173, 181, 182 domain name 428
read-only 144, 147, 149, 156, 169, 215, 216 time server 341
read-write 172, 173, 181, 182, 215, 216 trusted domains 424, 429, 444
snapshot 174, 217 Active Directory domain
snapshot directory 217 disconnecting 445
user 144, 146, 148, 149, 158, 159, 172, 181, 182 joining 427
access control lists (ACLs) 87, 106, 201, 203 leaving 445
Access Key ID 401, 402, 403, 404 workgroup name 438
access keys
API 456
Accessible Data 537
Content Size 114, 117, 537, 548 data growth 68, 370
copying Data Growth chart 77
SSL certificate information 460 Data Not Yet Protected chart 77
cores per CPU 379 Data Propagation Time chart (DPT) 263, 265
COS 19 data propagation visualization (DPV) 263, 265
count data recognition 21
CPU 379 days
CPU Quality of Service 318
cores per 379 quota report schedule 325
count 379 snapshot schedule 225, 239, 247, 284, 410, 412
frequency 379 decommissioned 356, 357
Health Monitor 529 deduplication
health of 281 chunks 188
model 379 default gateway 279, 373, 517, 519, 522
processors per 379 delete
sockets 379 safe delete 95
CPU activity 277 deleting
CPU Usage CIFS share 185
threshold 392 directory 170
CPU usage encryption key 309, 453
alert 392, 393 export 151
CPUs folder 170
NMC 36 folder quota 209
number of 279 folder quota rules 212
creating FTP directory 162
CIFS share 166, 167 local volume 82, 93
export Mobile Access license 351
automatically 104, 111 notification 500
FTP directory 155 notifications 500
NFS export 141, 142 permission
password 51, 56, 512 group 485
share 163 Quality of Service
automatically 104, 111 rule 322
username 51, 56, 512 Quality of Service rule 322
CSV 251 share 185
current time shared link 384
console 422 snapshot 30, 220
Nasuni Edge Appliances 340 SSL certificate 470
refreshing 341 user
custom DNS 47 permission 479
custom permission volume 92, 93
remote access 215 Dell EMC Elastic Cloud Storage (ECS) 19, 398, 403,
customer license 19, 102 404
customer-provided clouds 188 Deny 172, 173, 181, 182
description
editing 297
D Nasuni Edge Appliance 277, 296, 297
Nasuni Management Console
dashboard 268, 410
editing 414
data
details
adding
Nasuni Edge Appliance 268
to volume 28, 29
volume 75, 80, 84
exporting 21
Device ID 350
Data Growth 537
expiration file
date 67, 396 certificate 462
shared link 177, 179 certificate request 462
subscription 396 deleting 220
expires downloading 113
shared link 384 encryption key 306, 449
Explorer 24 file
export 24 disaster recovery 510
creating 142 File Sizes chart 371
automatically 104, 111 File Sizes in Snapshots chart 73
deleting 151 File Types chart 371
editing 146, 147 File Types Written chart 72, 371
mounting 145 Global File Lock 113, 122, 127, 129, 130, 132, 237
name 141, 143 hiding 173
read-only 144, 147, 149 lock
export, NFS breaking 132
using NMC API 104, 141, 142, 146, 151 locking 127
exporting data 21 name
extension case-sensitive 174
file 72 owner 118
external hostname 178 path 117
previous version 173
restoring 113, 122
F searching 118
searching for 113, 118
facility
size
logging 338
number 369
false positive 245, 246
File Alert Service 259
false positives
editing 261
ransomware 244
viewing 261
fast restore
file heuristics 369
Global File Lock 129
file lock
snapshot retention 221
CIFS 365
Fast-Track Push 82
file locking 127, 129, 130, 132, 237
breaking 129, 132
file locks
CIFS 365
status 365
file name
maximum length 119, 121, 135, 137, 143, 155, 167,
168, 175, 306, 344, 435, 442, 449, 462, 464,
465, 466, 467, 510
file name length
case-insensitive volumes 107
file permissions, changing
and Global File Lock 127, 130, 313
File Protocol Access
Health Monitor 530
File Sizes chart 371
file sizes in snapshot 369, 371
File Sizes in Snapshot chart 73
File Sizes in Snapshots chart 73
file statistics 369
Global File Lock 21, 113, 122, 127, 129, 132, 237, 313 hardware 378
Advanced 131 appliance 274, 279, 281, 378, 379, 380
and Antivirus Service 127, 238, 315 console 394
and Auto Cache 125, 127 power supply
and changing file permissions 127, 130, 313 status 279, 380
and NFS 284, 388 status 378
and snapshot frequency 224, 233 information
Asynchronous 131 viewing 378
breaking 129, 132 status 378
disabling 315 Hardware Alerts 483
enabling 130 hardware errors 270
folder 115, 117, 118 HCP (Hitachi Content Platform) 19, 398, 401, 404
moving directory 313 health
Optimized 131 of Edge Appliance 274, 281
Glossary 545 Health Monitor 280
GnuPG 302, 305, 446, 449 overview 528
Google Chrome 24 remediation 528
Google Cloud Healthy
software for 37 health 274, 281
Google Cloud Storage 19, 88, 102, 103, 398, 402 Help 56, 57
Gpg4win 446, 449 hiding
group file 173
access 157, 158, 159, 170, 171, 172, 173, 180, 181, folder 173
182 hiding FTP ownership 159
permission 472, 475, 476, 478, 480, 481, 484, 485 hiding ownership 159
adding 480 FTP 159
deleting 485 Hitachi Content Platform (HCP) 19, 398, 401, 404
editing 484 Home page 65
viewing 472, 480 Hong Kong 402
Group Association 483 hostname 48, 143, 146, 149, 279, 373, 491, 504, 517,
group associations 473, 480, 481 519, 522
Group type, Active Directory 428, 477, 484 external 178
groups 410 HTTP/ REST protocol 20
Groups Granting Access 473 HTTPS Access Points 76
GUID HTTPS proxy 47, 48, 488, 489, 490, 491, 503, 504
of volume 138 server 490
IP address 48, 504
port 48, 491, 504
H Hyper-V 20
Hyper-V format 37
handle 115
Hyper-V, Microsoft 39
with Analytics Connector 113, 115
hard limit
concurrent connections 67, 142, 154, 166, 177, 269,
273, 345, 378 I
hard links 166 IBM Cloud Object Storage 19, 88, 398, 403
hardlinks 128, 314 Identity Management for UNIX 423
idle
timeout 457
iDRAC monitoring 280, 331, 529
iDRAC version 379
Important, meaning of 15
importing
encryption key 306, 449
password 54 planning
administrative user 54 Nasuni Edge Appliance
changing 57, 60 worksheet 100, 124, 175, 186, 195, 197, 206,
creating 51, 56, 512 213, 221, 225, 233, 260, 284, 296, 303, 317,
disk encryption 340, 345, 350, 381, 423
changing 300 platform 279, 379
login 53 Nasuni Edge Appliance 274
network platform information
configuration 468 viewing 378
shared link 384 policy 375
strength 52, 60, 476, 512 polling interval 529
user 476 polling threshold 529
editing 476 port
patents 2 123
path Network Time Protocol (NTP) 341, 422
maximum length 119, 121, 135, 137, 143, 155, 167, 161
168, 175, 306, 344, 435, 442, 449, 462, 464, SNMP monitoring 331, 417
465, 466, 467, 510 162
pausing SNMP monitoring 331, 417
Side Load 359 25
pending updates SMTP port 416
acknowledging 376 HTTPS proxy
viewing 376 server 48, 491, 504
performance tuning 144, 147, 148, 150 name 374
permission syslog 338
custom port 443 348
remote access 215 POSIX 87, 106, 200, 203, 291
group 472, 475, 476, 478, 480, 481, 485 POSIX ACL 87, 106, 201, 203
default 472 POSIX Mixed Mode 87, 101, 102, 106, 199, 200, 202,
viewing 472, 480 203, 533
remote access 215 power 57, 59
remote volume 80, 214 power option 59
user 472, 475, 476, 478, 479, 480 power supply
adding 475, 476 status 279, 380
deleting 479 power supply problems
editing 476 number of 66
linking 478 power window 59
permission group 480, 481, 484, 485 powering down 59
adding 480, 484 previous version
deleting 485 file 173
editing 484 Previous Versions 20
permissions 538, 540 previous versions
permissions policy, volume 534 snapshots available 218
PGP 302, 305, 446, 449 Previous Versions, Windows 218
physical port 374 Primary Access Key 403
pinning primary DNS 48, 488, 489, 503
disabling 198 primary DNS server
folder 115, 117 IP address 48, 488, 489, 503
folder in cache 35, 81, 89, 124, 197 Prioritize Snapshot 82
viewing 198 priority snapshot 82
pinning metadata in cache 35, 70, 79, 86, 124, 197, privacy policy 56, 57
370 private cloud
data 69, 78, 85, 370, 397
version 62 viewing
and snapshot 30, 224 Antivirus Service 239
base operating system 279 antivirus violations 242
Edge Appliance 279 Auto Cache folder 186
file 173 automatic software updates
Nasuni Edge Appliance software 279 Nasuni Management Console 412
Release Notes 58 cache 139
software cache jobs 361
Nasuni Edge Appliance 279 cache settings 287
Version By 117 CIFS client 362
CIFS settings 290
directory
FTP 152
File Alert Service 261
files
cache 139
folder quota 207
FTP clients 367
FTP directory 152
FTP settings 293
hardware and platform information 378
Mobile Access licenses 350
Mobile Access service 346
multiple protocols 199
network settings 373
NFS export 141
notifications 497
pending updates 376
permission
group 472
permission group 480
pinning 198
Quality of Service 318
quota 206
quota report schedule 325
quota rule 210
Ransomware Detection 246
Release Notes 58, 492
remote access 214
Remote Support Service 353
security settings 381
shared link 383
snapshot directory access 217
snapshot retention 222
snapshot schedules 225
SSL certificate information 395, 458
time settings 340
user 474
username 57
violation alerts 483
violations
ransomware 245, 483