Azure: Installing on the Microsoft Azure Platform

This chapter explains how to perform the initial installation of the Nasuni Edge Appliance or the Nasuni Management Console on the Microsoft Azure platform.

Warning: IF YOU EVER NEED TO TRANSITION FROM ONE HYPERVISOR PLATFORM TO A DIFFERENT HYPERVISOR PLATFORM, DO NOT USE ANY OF THE MIGRATION TOOLS OF EITHER

HYPERVISOR PLATFORM. INSTEAD, PERFORM A RECOVERY PROCEDURE, USING THE NEW HYPERVISOR PLATFORM AS THE DESTINATION. FOR DETAILS, SEE NEA RECOVERY OR NMC RECOVERY GUIDE.

Tip: For information about preventing accidental or malicious data deletion, see Appendix B, “Deletion Security,” on page 83

Tip: This document is about deploying virtual machines. It does not cover configuring a storage account for use with Nasuni volumes.

Warning: DO NOT ATTEMPT TO RESTORE FROM A VIRTUAL MACHINE SNAPSHOT OR BACKUP.

ATTEMPTING TO RESTORE FROM A VIRTUAL MACHINE SNAPSHOT OR BACKUP PUTS THE EDGE APPLIANCE IN AN UNKNOWN STATE IN RELATION TO THE NASUNI ORCHESTRATION CENTER (NOC), AND REQUIRES A RECOVERY PROCESS. THIS MIGHT RESULT IN DATA LOSS.

Tip: In the Nasuni model, customers provide their own cloud accounts for the storage of their data. Customers should leverage their cloud provider's role-based access and identity access management features as part of their security strategy. Such features can be used to limit or prohibit administrative access to the cloud account, based on customer policies.

Important: Nasuni appliances do not use the Microsoft Azure agent, so any functionality that requires the agent (such as the Run command or code injection) is not available.

Important: Installing third-party software on Nasuni appliances is not allowed.

Tip: On Azure-based Edge Appliances only, during a reboot or recovery procedure, it is necessary to connect with IP address 169.254.169.254 in order to obtain information about the Azure VM. If you have configured an HTTPS proxy, this attempt to connect can cause a delay of several minutes. To avoid this delay, add the IP address 169.254.169.254 to the “Do Not Proxy” section of the HTTPS Proxy configuration.

The following installation options appear in this chapter:

• “Installing software from Azure Marketplace” on page 22

• “Installing software by downloading, and using Azure Portal” on page 36

For additional information on the initial configuration of the Nasuni Edge Appliance, see the Nasuni Edge Appliance Initial Configuration Guide and the Nasuni Edge Appliance Administration Guide.

For additional information on the initial configuration of the Nasuni Management Console, see the Nasuni Management Console Guide.

Note: The vendor changes their interfaces occasionally with little notice to the users. The exact screens and text on these platforms might change at any time.

Installing software from Azure Marketplace

Tip: To install software by downloading the software from Nasuni, see “Installing software by downloading, and using Azure Portal” on page 36.

Caution: Port 443 must be open to *.blob.core.windows.net, in order for the virtual machine to perform required Azure virtual machine validation checks during boot and normal operations.

Important: Edge Appliances and the NMC must be configured with operational DNS servers and a time server (internal or external) within your environment.

Important: Installing third-party software on Nasuni appliances is not allowed.

Caution: Do not install Azure extensions. They adversely affect Nasuni Edge Appliances.

Important: Nasuni appliances do not use the Microsoft Azure agent, so any functionality that requires the agent (such as the Run command or code injection) is not available.

Note: Nasuni supports only Microsoft Azure generation 2 (UEFI) virtual machines.

Important: When using virtual machine Edge Appliances or NMCs, Nasuni recommends running under a hypervisor that is still supported by its vendor. If a customer runs an Edge Appliance or NMC on an unsupported hypervisor version, a warning is logged at boot time. The warning is of the form:

“Nasuni recommends running the Management Console on ESX 7.0 or later.”

You can install the software for the Nasuni Edge Appliance or the Nasuni Management Console on a virtual machine by using the corresponding installation software, which is available from the Azure Marketplace.

The Azure Marketplace images for both the Nasuni Management Console (NMC) and the Nasuni Edge Appliance contain the underlying OS disks, and are automatically sized to 32 GB at launch.

The Azure Marketplace image for the Nasuni Edge Appliance does not include a cache disk: you must manually deploy a cache disk. Encrypted disks are supported.

During the first boot of the appliance:

• If the appliance includes a temporary (ephemeral) storage device, then the temporary (ephemeral) storage device is used as the copy-on-write (COW) disk, and all non-OS persistent storage devices are used as the cache.

• If the appliance does not include a temporary (ephemeral) storage device, then the smallest non-OS persistent storage device is used as the COW, and all remaining non-OS persistent storage devices are used as the cache.

During subsequent boots of the appliance, the largest non-OS disk not used as the cache is used as the COW. The COW can be either temporary or persistent storage.

You can always add a larger COW disk later.

For details on which Azure virtual machine sizes include temporary storage disks, see Azure VM sizes with no local temporary disk.

Important: You must create and maintain your own Microsoft Azure account. Nasuni does not have access to your Microsoft Azure account. To create a Microsoft Azure account, visit the Microsoft Azure site at https://azure.microsoft.com/.

Tip: In the Nasuni model, customers provide their own cloud accounts for the storage of their data. Customers should leverage their cloud provider's role-based access and identity access management features as part of their overall security strategy. Such features can be used to limit or prohibit administrative access to the cloud account, based on customer policies.

Important: To access Active Directory-enabled volumes, the Nasuni Edge Appliance must have access to the same Active Directory domains as the other Nasuni Edge Appliances connected to the volume. This requires either access to a Domain Controller running in Azure or the necessary network connectivity, such as a VPN connection or Azure ExpressRoute, to an on-premises Domain Controller.

Important: Similarly, to access LDAP-enabled volumes, the Nasuni Edge Appliance must be able to access LDAP and Kerberos in the same LDAP domain

You cannot enable both Active Directory and LDAP Directory Services for a Nasuni Edge Appliance.

Important: If multiple cache disks are provided before the first boot, Nasuni automatically provisions them as a striped set for best performance. Multiple cache disks must all be the same size, or the size of the smallest cache disk determines how much of each disk can be used. To add an additional cache disk after the first boot, contact Nasuni Support.

To install software from the Azure Marketplace, follow these steps:

1. Log in to the Azure Portal at https://portal.azure.com/. The Microsoft Azure Portal dashboard page appears.

   

2. On the top left of the page, click “Create a resource”. The New window appears.

   

3. In the “Search the Marketplace” text box, type Nasuni. From the drop-down menu, select either NMC (for the Nasuni Management Console) or Edge Appliance (for the Nasuni Edge Appliance).

   If you selected NMC, the NMC screen appears. Continue on page step 5 on page 30. If you selected Edge Appliance, the Edge Appliance screen appears. Continue with step a on page 24.

4. If you selected Edge Appliance, follow these steps:

   1. On the Edge Appliance screen, click Create. The “Create a virtual machine” pane appears.

      

   2. If there is more than one subscription, from the Subscription drop-down list, select the subscription to use for this storage account.

   3. To select an existing Resource Group, click “Select existing” and then select an existing Resource Group.

      Alternatively, create a new Resource Group by clicking “Create new” and then entering a Name for the new Resource Group.

      

   4. In the Virtual Machine Name text box, enter a descriptive name for this virtual machine. The name must be at most 64 characters long, using only letters, numbers, hyphens, periods, and underscores. The name must be unique in the current resource group.

   5. From the Region drop-down list, select the Azure region.

      Note: Not all VM sizes are available in all Regions.

      Tip: Legal requirements or your organization’s policies might require data placement in a specific region, or prevent replication outside the region.

   6. (Optional) To specify availability and resiliency options, from the “Availability options” dropdown list, select “Availability zone”, “Virtual machine scale set (preview)”, or “Availability set”. For each choice, enter or select the appropriate choices.

   7. For Image, ensure that “Nasuni Edge Appliance 9.0.4” or later is selected.

   8. For Size, either accept the default size of the virtual machine, or click “Change size” and select a different size. Select a virtual machine with at least 8 vcpus and at least 16 GiB memory.

      For recommendations, see Appendix C, “Azure virtual machine recommendations,” on page 86.

      Tip: This is the minimum configuration. Larger values might be necessary.

      

   9. Select the “Authentication type”: Password or “SSH public key”.

      If you select Password, enter and confirm the password. This is only used for the deployment process.

      If you select “SSH public key”, Azure automatically generates an SSH key pair for you and allows you to store it for future use. This is only used for the deployment process.

   10. Enter a “Username” for the administrative user of this virtual machine. This is only used for the deployment process.

   11. Click “Next: Disks”. The Disks pane appears.

       

   12. From the “OS disk type” drop-down list, select “Premium SSD”.

       

   13. In the “Data disks” area, create the cache disk by following this procedure:

       1. Click “Create and attach a new disk”. The “Create a new disk” screen appears.

          

       2. Enter a Name for the cache disk. The name must begin with a letter or a number; end with a letter, a number, or an underscore; and contain only letters, numbers, underscores, periods, or hyphens.

       3. From the “Source type” drop-down list, select None.

       4. For the Size, either accept the default size, or click “Change size” and select the appropriate disk size.

          Note: Contact Nasuni Support if you require a cache size that exceeds the limits of a single Azure virtual disk.

          Important: If multiple cache disks are provided before the first boot, Nasuni automatically provisions them as a striped set for best performance. Multiple cache disks must all be the same size, or the size of the smallest cache disk determines how much of each disk can be used. To add an additional cache disk after the first boot, contact Nasuni Support.

       5. Click OK. The configuration is validated, and the disk is created. The new disk appears in the list of “Data disks”.

   14. This step discusses the copy-on-write (COW) disk. During the first boot of the appliance:

       • If the appliance includes a temporary (ephemeral) storage device, then the temporary (ephemeral) storage device is used as the copy-on-write (COW) disk, and all non-OS persistent storage devices are used as the cache.

       • If the appliance does not include a temporary (ephemeral) storage device, then the smallest non-OS persistent storage device is used as the COW, and all remaining nonOS persistent storage devices are used as the cache. You can manually add the COW disk using step k, step l, and step m on page 26-page 27.

       During subsequent boots of the appliance, the largest non-OS disk not used as the cache is used as the COW. The COW can be either temporary or persistent storage. You can manually add the COW disk using step k, step l, and step m on page 26-page 27.

       You can always add a larger COW disk later.

       For details on which Azure virtual machine sizes include temporary storage disks, see Azure VM sizes with no local temporary disk.

   15. Click “Next: Networking”. The Networking pane appears.

       

   16. Specify the network interface, by following these steps:

       1. For the virtual network, select an existing virtual network from the “Virtual network” drop-down list, or create a new virtual network by clicking “Create new”.

       2. For the subnet, select an existing subnet from the Subnet drop-down list, or create a new subnet by clicking “Create new”.

       3. For the public IP, either delete the public IP, or select an existing public IP from the “Public IP” drop-down list, or create a new Public ID by clicking “Create new”.

   17. Click “Next: Management”. The Management pane appears.

       

   18. For Monitoring, ensure that “Boot diagnostics” is enabled, and select an appropriate storage account. This can aid with troubleshooting.

   19. For Identity, configure a managed identity to match your desired settings.

   20. Ensure that “Auto-shutdown” is set to Off.

   21. Click “Next: Advanced”. The Advanced tab opens.

   22. Configure any necessary advanced features for your use.

   23. Click “Next: Tags”. The Tags tab opens.

   24. Create any tags necessary to maintain this resource.

   25. Click “Next: Review + create”. The “Review + create” pane appears. Configuration parameters are validated.

       Review all settings for completeness and accuracy.

   26. Click Create. The deployment begins.

       When the deployment is finished, the new Nasuni Edge Appliance appears in the list of virtual machines (“Virtual machines” at the top of the home page).

   27. This completes the installation procedure for the Nasuni Edge Appliance.

   Important: When using virtual machine Edge Appliances or NMCs, Nasuni recommends running under a hypervisor that is still supported by its vendor. If a customer runs an Edge Appliance or NMC on an unsupported hypervisor version, a warning is logged at boot time. The warning is of the form:

   “Nasuni recommends running the Management Console on ESX 7.0 or later.”

5. If you selected NMC, follow these steps:

   1. On the NMC screen, click Create. The “Create a virtual machine” pane appears.

      

   2. If there is more than one subscription, from the Subscription drop-down list, select the subscription to use for this storage account.

   3. To select an existing Resource Group, click “Select existing” and then select an existing Resource Group.

      Alternatively, create a new Resource Group by clicking “Create new” and then entering a Name for the new Resource Group.

      

   4. In the Virtual Machine Name text box, enter a descriptive name for this virtual machine. The name must be at most 64 characters long, using only letters, numbers, hyphens, periods, and underscores. The name must be unique in the current resource group.

   5. From the Region drop-down list, select the Azure region.

      Note: Not all VM sizes are available in all Regions.

      Tip: Legal requirements or your organization’s policies might require data placement in a specific region, or prevent replication outside the region.

   6. (Optional) To specify availability and resiliency options, from the “Availability options” dropdown list, select “Availability zone” or “Availability set”. For each choice, enter or select the appropriate choices.

   7. For Image, ensure that “NMC” is selected.

   8. For Size, either accept the default size of the virtual machine, or click “Change size” and select a different size. Select a virtual machine with at least 2 vcpus and at least 16 GiB memory. For details, see “NMC Sizing Guidelines” on page 19.

      Tip: Consult your Nasuni Sales Engineer for the size of virtual machine to select.

      Tip: This is the minimum configuration. Larger values might be necessary.

      

   9. Select the “Authentication type”: Password or “SSH public key”.

      If you select Password, enter and confirm the password. This is only used for the deployment process.

      If you select “SSH public key”, Azure automatically generates an SSH key pair for you and allows you to store it for future use. This is only used for the deployment process.

   10. Enter a “Username” for the administrative user of this virtual machine. This is only used for the deployment process.

   11. Click “Next: Disks”. The Disks pane appears.

       

   12. From the “OS disk type” drop-down list, select “Premium SSD”.

       

   13. Click “Next: Networking”. The Networking pane appears.

       

   14. Specify the network interface, by following these steps:

       1. For the virtual network, select an existing virtual network from the “Virtual network” drop-down list, or create a new virtual network by clicking “Create new”.

       2. For the public IP, either delete the public IP, or select an existing public IP from the “Public IP” drop-down list, or create a new Public ID by clicking “Create new”.

   15. Click “Next: Management”. The Management pane appears.

       

   16. For Monitoring, ensure that “Boot diagnostics” is enabled, and select an appropriate storage account. This can aid with troubleshooting.

   17. For Identity, configure a managed identity to match your desired settings.

   18. Ensure that “Auto-shutdown” is set to Off.

   19. Click “Next: Advanced”. The Advanced tab opens.

   20. Configure any necessary advanced features for your use.

   21. Click “Next: Tags”. The Tags tab opens.

   22. Create any tags necessary to maintain this resource.

   23. Click “Next: Review + create”. The “Review + create” pane appears. Configuration parameters are validated.

       Review all settings for completeness and accuracy.

   24. Click Create. The deployment begins.

       When the deployment is finished, the new NMC appears in the list of virtual machines (“Virtual machines” at the top of the home page).

   25. This completes the installation procedure of the NMC.

Important: When using virtual machine Edge Appliances or NMCs, Nasuni recommends running under a hypervisor that is still supported by its vendor. If a customer runs an Edge Appliance or NMC on an unsupported hypervisor version, a warning is logged at boot time. The warning is of the form:

“Nasuni recommends running the Management Console on ESX 7.0 or later.”

Starting the virtual machine

To start the virtual machine, follow this procedure:

1. From the list in the left-most pane, click “Virtual machines”. The “Virtual machines” pane appears.

2. From the “Virtual machines” list, click the virtual machine created above. The Overview pane for this virtual machine appears.

3. To launch the virtual machine, click Start.

Accessing the Nasuni Edge Appliance or NMC

To access the newly installed Nasuni Edge Appliance or NMC, follow this procedure:

1. From the list in the left-most pane, click “Virtual machines”. The “Virtual machines” pane appears.

2. From the “Virtual machines” list, click the virtual machine created above. The Overview pane for this virtual machine appears.

3. If a public IP address was configured, copy the “Public IP address”.

   If a public IP address was not configured, you must get the private IP address instead.

   Note: If the “Public IP address” is blank, click Start. The virtual machine starts, and the “Public IP address” appears. It might take a few minutes for the virtual machine to start.

4. Open a new browser window.

5. To access the Nasuni Edge Appliance, enter the address in this form:

   https://<Public IP address>:8443, where <Public IP address> is the “Public IP address” from step 3 on page 34 above.

   The Nasuni Edge Appliance user interface should appear.

   Continue with “Configuring the Nasuni Edge Appliance” on page 68.

6. To access the NMC, enter the address https://<Public IP address>, where <Public IP address> is the “Public IP address” from step 3 on page 34 above.

   The Nasuni Management Console should appear.

   Continue with “Configuring the Nasuni Management Console” on page 70.

Tip: To access the NEA or NMC appliance using the serial console, instead of using the IP address obtained when installing the appliance, follow one of these procedures:

• If the appliance is running on Amazon EC2, see instructions in EC2 Serial Console for Linux instances.

• If the appliance is running on Google Cloud, see instructions in Troubleshooting using the serial console.

• If the appliance is running on Microsoft Azure, see instructions in Azure Serial Console.

All supported hypervisors include a serial console that works with Nasuni. For other hypervisors, consult your vendor’s documentation for connection instructions.

Installing software by downloading, and using Azure Portal

To deploy a virtual machine in Microsoft Azure, you can upload Nasuni’s Azure-compliant VHD file to a container, and then create an image from that VHD file. You can then use the created image as a template that you can deploy multiple times.

You can install the software for the Nasuni Edge Appliance or the Nasuni Management Console on a virtual machine by downloading the corresponding installation software, which is available from Nasuni. Alternatively, to install software from the Azure Marketplace, see “Installing software from Azure Marketplace” on page 22.

Important: You must create and maintain your own Microsoft Azure account. Nasuni does not have access to your Microsoft Azure account. To create a Microsoft Azure account, visit the Microsoft Azure site at https://azure.microsoft.com/.

Important: To access Active Directory-enabled volumes, the Nasuni Edge Appliance must have access to the same Active Directory domains as the other Nasuni Edge Appliances connected to the volume. This requires either access to a Domain Controller running in Azure or the necessary network connectivity, such as a VPN connection or Azure ExpressRoute, to an on-premises Domain Controller. Azure Active Directory is not currently supported.

Similarly, to access LDAP-enabled volumes, the Nasuni Edge Appliance must be able to access LDAP and Kerberos in the same LDAP domain

You cannot enable both Active Directory and LDAP Directory Services for a Nasuni Edge Appliance.

Caution: Port 443 must be open to *.blob.core.windows.net, in order for the virtual machine to perform required Azure virtual machine validation checks during boot and normal operations.

Caution: Do not install Azure extensions. They adversely affect Nasuni Edge Appliances.

Important: Installing third-party software on Nasuni appliances is not allowed.

Important: Nasuni appliances do not use the Microsoft Azure agent, so any functionality that requires the agent (such as the Run command or code injection) is not available.

Note: Nasuni supports only Microsoft Azure generation 2 (UEFI) virtual machines.

Important: When using virtual machine Edge Appliances or NMCs, Nasuni recommends running under a hypervisor that is still supported by its vendor. If a customer runs an Edge Appliance or NMC on an unsupported hypervisor version, a warning is logged at boot time. The warning is of the form:

“Nasuni recommends running the Management Console on ESX 7.0 or later.”

Downloading software

To download software for the Nasuni Edge Appliance or the NMC, follow these steps:

1. Log in to your Nasuni account web site ( https://account.nasuni.com/) and click Downloads. The Downloads page appears.

   

2. Select the appropriate format of the Nasuni Edge Appliance software or of the Nasuni

   Management Console software. For the Microsoft Azure cloud virtual machine, select Microsoft Azure format.

3. From the drop-down list, select an available release for the Edge Appliance or NMC. The list of available releases can change.

   

   Note: If you are running a recovery procedure, select the same version family as your existing Edge Appliance to ensure software compatibility. For example, if the existing Edge

   Appliance is running version 9.5.1, you could select version 9.5.4 (which is in the same 9.5.x version family), but not version 9.7.1 (which is in a different version family). If you need to use a different version than those offered, contact Nasuni Customer Support.

   Tip: For update paths, see Compatibility and Support.

   Note: You can perform the Recovery process to the same version of the software that you were running, or to a newer version than you were running, but not to an older version.

   Note: If you already have the software installation file, you do not have to download it again. However, the software installation file must not be older than the version you are recovering.

4. Save the Nasuni Edge Appliance software .zip file to a location on your local drive.

5. Unzip the Nasuni software file to a convenient directory.

6. Continue with “Creating an Azure storage account (using Azure Portal)” on page 38.

Creating an Azure storage account (using Azure Portal)

Important: You must have at least one subscription for this purpose.

Tip: In the Nasuni model, customers provide their own cloud accounts for the storage of their data. Customers should leverage their cloud provider's role-based access and identity access management features as part of their overall security strategy. Such features can be used to limit or prohibit administrative access to the cloud account, based on customer policies.

Note: Selecting the “Secure transfer required” feature for an Azure Storage account does not affect the operation of the Nasuni Edge Appliance.

Tip: You can download the Azure Storage Explorer, a tool for configuring and maintaining

Microsoft Azure accounts, at https://azure.microsoft.com/en-us/features/storage-explorer/.

This procedure uses the Azure Portal.

Creating a new storage account

If you do not already have a storage account in Microsoft Azure, create a storage account in Microsoft Azure by following these steps:

1. Log in to the Azure Portal at https://portal.azure.com/. The Microsoft Azure Portal dashboard page appears.

   

2. On the top left of the page, click “Create a resource”. The New window appears.

   

3. Click Storage, then click “Storage account - blob, file, table, queue”. The “Create storage account” pane appears.

   

4. If there is more than one subscription, from the Subscription drop-down list, select the subscription to use for this storage account.

5. To select an existing Resource Group, click “Select existing” and then select an existing Resource Group from the list.

   Alternatively, create a new Resource Group by clicking “Create new” and then entering a Name for the new Resource Group, and clicking OK.

6. In the Storage account name text box, enter a descriptive name to use in the URL of the storage account. The name must be at least 3 characters long and at most 24 characters long, using only numbers and lowercase letters. This name is appended with “.core.windows.net” to form the complete URL for the storage account. The storage account name must be globally unique.

7. From the Location drop-down list, select the location for the storage account. By selecting the appropriate location, you can locate your cloud storage closest to where it is to be used.

   Note: If you choose BlobStorage” as the “Account kind”, some Locations might not be available. In this case, select “General Purpose” as the “Account kind”.

   Tip: Legal requirements or your organization’s policies might require data placement in a specific region, or prevent replication outside the region.

8. For the Performance, select Standard.

9. From the “Account kind” drop-down list, select “StorageV2 (general purpose v2)”.

10. From the Replication drop-down list, select the type of replication that you prefer.

    Tip: Select “Geo-redundant storage (GRS)” or “Locally redundant storage (LRS)”, based on your redundancy requirements. Also, see https://azure.microsoft.com/en-us/ documentation/articles/storage-redundancy/.

    Tip: Legal requirements or your organization’s policies might require data placement in a specific region, or prevent replication outside the region.

11. For the “Access tier”, select Cool for production data.

12. Click Next: Networking. On the Network connectivity pane, select the Connectivity method appropriate to your implementation, then click Next: Advanced. The Advanced pane appears.

13. If your security policy requires it, enable “Secure transfer required”.

14. Disable “Azure Files Large file shares”.

15. Nasuni recommends enabling Blob soft delete for all storage accounts being used for Nasuni volumes. If data is deleted, instead of the data being permanently lost, the data changes to a “soft deleted” state and remains available for a configurable number of days.

    To enable Blob soft delete, follow these steps:

    1. Click Enabled.

    2. Specify the “Retain for” period by entering or selecting the number of days to retain data. You can retain soft-deleted data for between 1 and 365 days. Nasuni recommends specifying at least 30 days.

    Tip: Soft delete for containers is also available. For details, see Soft delete for containers.

16. Disable “Data lake Storage Gen2”.

17. Click Next: Tags. Optionally, create tags for your use. Click Next: Review + create.

18. The values are validated. The Review + create pane appears.

19. Review all settings.

    If any settings must be changed, click Previous and change the setting.

    If settings are correct, click Create.

    The storage account starts being created.

    When the storage account is created, click Go to resource.

    Alternatively, click Home in the top left. Click the new storage account in the list of Recent Resources. The storage account appears.

    

Creating a new container

To create a new container, follow this procedure:

1. Click Home, then, from the list along the top, click “Storage accounts”. (If this does not appear in the list at the top, click “More Services” or “All Services” to view more services.) A list of available storage accounts appears.

2. In the list of available storage accounts, click your storage account. The overview of your storage account appears.

3. In the list under your storage account name, click Containers. The Containers pane appears.

4. Click “+ Container”. The “New container” pane appears.

5. Enter a Name for the new container that is between 3 and 63 characters long, beginning with a number or a lowercase letter, and consisting of numbers, lowercase letters, and hyphens. Hyphens must be preceded and followed by non-hyphens.

6. From the “Public access level” drop-down list, select “Private (no anonymous access)”.

7. Click OK. The container is created and appears in the list of containers.

Copying Nasuni software to container

To deploy a virtual machine in Microsoft Azure, you can upload Nasuni’s Azure-compliant VHD file to a container, and then create an image from that VHD file. You can then use the created image as a template that you can deploy multiple times.

To copy Nasuni software to the container, follow this procedure:

1. Click Home, then, from the list along the top, click “Storage accounts”. (If this does not appear in the list at the top, click “More Services” or “All Services” to view more services.) A list of available storage accounts appears.

2. In the list of available storage accounts, click your storage account. The overview of your storage account appears.

3. In the list under your storage account name, click Containers. The Containers pane appears.

4. From the list of containers, select the container. A pane of information about the container appears.

5. Click Upload. The “Upload blob” pane appears.

6. To upload the file even if a file of the same name already exists in this location, select “Overwrite if files already exist”.

7. Navigate to the .vhd file that you downloaded in “Installing software by downloading, and using Azure Portal” on page 36 above.

8. Click Upload.

   The .vhd file is uploaded to the container.

Tip: This can take a few minutes to complete, depending on your Internet speed. When complete, the file appears in the list for the container.

Creating image of installation software

After uploading Nasuni’s Azure-compliant VHD file to a container, you can then create an image from that VHD file. You can then use the created image as a template that you can deploy multiple times.

To create an image of the installation software, follow this procedure:

1. Click Home, then, from the list along the top, click Images. (If this does not appear in the list at the top, click “More Services” or “All Services” to view more services.) The Images pane appears.

   

2. Click “+ Add”. The “Create image” pane appears.

3. Enter a Name for this image. The name must begin with a letter or a number; end with a letter, a number, or an underscore; and contain only letters, numbers, underscores, periods, or hyphens.

4. From the Subscription drop-down list, select your subscription.

5. To select an existing Resource Group, click “Select existing” and then select an existing Resource Group from the list.

   Alternatively, create a new Resource Group by clicking “Create new” and then entering a Name for the new Resource Group, and clicking OK.

6. From the Location drop-down list, select the location.

7. (Optional) Specify Zone resiliency.

8. For the “OS type”, select Linux.

9. For the “VM generation”, select the VM Generation “Gen 2”.

   Note: Nasuni supports only Microsoft Azure generation 2 (UEFI) virtual machines.

10. For “Storage blob”, click Browse, then navigate to the storage account, container, and file uploaded in “Copying Nasuni software to container” on page 45 above. Then click Select. The path to the uploaded file appears.

11. From the “Account type” drop-down list, select “Premium (SSD)”, or the choice most appropriate for your performance requirements.

12. From the “Host caching” drop-down list, select “Read/write”.

    Note: Host caching is not supported for disks 4 TiB (4096 GiB) and larger.

13. Click Create. The image is created and appears in the list of images. If the image does not appear in the list after it is created, refresh the page.

Creating virtual machine

After creating an image from the VHD file, you can then use the created image as a template that you can deploy multiple times.

Note: If you installed software from the Azure Marketplace, a default set of Nasuni ports is part of the definition, so it is not necessary to specify public ports.

To create a virtual machine, follow this procedure:

1. Click Home, then, from the list along the top, click Images. (If this does not appear in the list at the top, click “More Services” or “All Services” to view more services.) The Images pane appears.

2. From the list of images, click the image for which you want to create a virtual machine. The Image pane appears.

3. Click “+ Create VM”. The “Create virtual machine” pane appears.

   

4. To select an existing Resource Group, click “Select existing” and then select an existing Resource Group from the list.

   Alternatively, create a new Resource Group by clicking “Create new” and then entering a Name for the new Resource Group, and clicking OK.

5. Enter a “Virtual machine name” for this virtual machine. The name must be 1 to 64 characters long. Non-ASCII and special characters are not allowed. The name must be unique in the resource group.

6. (Optional) To specify availability options, from the “Availability options” drop-down list, select “Availability zone”, “Virtual machine scale set (preview)”, or “Availability set”. For each choice, enter or select the appropriate choices.

7. From the Image drop-down list, select the image to use for this virtual machine.

8. For Size, click “Select size”. The “Select a VM size” pane appears.

   Select a virtual machine size appropriate for your workload.

   Depending on your VM disk type selection (SSD or HDD), an informational message might indicate incompatibility between the virtual machine size selected and the VM disk type selected. Select another virtual machine size, or change the VM disk type to match the virtual machine size. Click Select.

   Tip: Consult with Nasuni for assistance determining the appropriate virtual machine size.

9. If available, for “Authentication type”, select Password.

10. Enter a “Username” for the user of this virtual machine.

    Note: This value is not used and does not provide access to the virtual machine.

11. Enter a Password for this user. Passwords must be at least 13 characters, and satisfy complexity requirements.

    Note: This value is not used and does not provide access to the virtual machine.

12. Confirm the password.

    Note: This value is not used and does not provide access to the virtual machine.

13. For “Inbound port rules”, you can specify which virtual machine networking ports are accessible.

    For “Public inbound ports”, select None. By default, access to the virtual machine is restricted to sources in the same virtual network, and traffic from Azure load balancing solutions.

14. Click Next: Disks. The Disks pane appears.

15. From the “OS disk type” drop-down list, select “Premium SSD”, or the choice most appropriate for your performance requirements.

16. You can specify disks on this pane, or add disks after the virtual machine is created.

    Important: If multiple cache disks are provided before the first boot, Nasuni automatically provisions them as a striped set for best performance. Multiple cache disks must all be the same size, or the size of the smallest cache disk determines how much of each disk can be used. To add an additional cache disk after the first boot, contact Nasuni Support.

17. Click Next: Networking. The “Network Interface” pane appears.

18. From the “Virtual network” drop-down list, select the virtual network. Alternatively, click “Create new” and create a new virtual network.

19. From the Subnet values, drop-down list, select the subnet. Alternatively, click “Create new” and create a new subnet.

20. Configure other settings as appropriate for your solution.

21. Click “Next: Management”. The “Azure Security Center” pane appears.

22. For Monitoring, ensure that “Boot diagnostics” is enabled, and select an appropriate storage account. This can aid with troubleshooting.

23. For Identity, configuring manged identity to match your desired settings.

24. Ensure that “Auto-shutdown” is set to Off.

25. Configure other settings as appropriate for your solution.

26. Click “Next: Advanced”. The Advanced pane appears. Configure to match your desired settings.

27. Click Next: Tags. Optionally, create tags for your use.

28. Click Next: Review + create. The Review + create pane appears.

29. Review all settings.

    If any settings must be changed, click Previous and change the setting.

    If settings are correct, click Create.

    The virtual machine starts being created.

30. When the virtual machine is created, the new virtual machine appears in the list of virtual machines with a status of Created.

    The virtual machine starts being deployed.

31. When the deployment is finished, the status of the virtual machine changes to OK. Click Go to resource.

    Alternatively, click Home in the top left. Click “Virtual machines”. Click the new virtual machine.

Important: When using virtual machine Edge Appliances or NMCs, Nasuni recommends running under a hypervisor that is still supported by its vendor. If a customer runs an Edge Appliance or NMC on an unsupported hypervisor version, a warning is logged at boot time. The warning is of the form:

“Nasuni recommends running the Management Console on ESX 7.0 or later.”

Adding the cache disk

Important: If multiple cache disks are provided before the first boot, Nasuni automatically provisions them as a striped set for best performance. Multiple cache disks must all be the same size, or the size of the smallest cache disk determines how much of each disk can be used. To add an additional cache disk after the first boot, contact Nasuni Support.

To add the cache disk, follow this procedure:

1. Click Home, then, from the list along the top, click “Virtual machines”. (If this does not appear in the list at the top, click “More Services” or “All Services” to view more services.) The “Virtual machines” pane appears.

2. Click the virtual machine in the list. The virtual machine pane opens.

3. Click Stop to stop the virtual machine. A dialog box appears. Click Yes. The virtual machine stops.

4. From the list directly under the name of the virtual machine, click Disks. The Disks pane appears.

5. Click “+ Add data disk”. In the “Data disks” area, new blank fields appear.

6. From the top of the Name drop-down list, click “Create disk”. The “Create managed disk” pane appears.

7. Enter a Name for the disk. The name must begin with a letter or a number; end with a letter, a number, or an underscore; and contain only letters, numbers, underscores, periods, or hyphens.

8. For “Resource group”, select “Use existing”, then, from the drop-down list, select the resource group.

9. From the “Account type” drop-down list, select “Premium (SSD)”.

10. From the “Source type” drop-down list, select None.

11. In the “Size GiB” field, enter the appropriate disk size, such as 1023.

    Note: Contact Nasuni Support if you require a cache size that exceeds the limits of a single Azure virtual disk.

    Important: If multiple cache disks are provided before the first boot, Nasuni automatically provisions them as a striped set for best performance. Multiple cache disks must all be the same size, or the size of the smallest cache disk determines how much of each disk can be used. To add an additional cache disk after the first boot, contact Nasuni Support.

12. Click Create. The configuration is validated, and the disk is created. The new disk appears in the list of “Data disks”.

13. Host caching can improve performance under some circumstances.

    Note: Host caching is not supported for disks 4 TiB (4096 GiB) and larger.

    Select the Host Cache Preference from the following choices:

    • None: Do not use host caching.

    • Read Only: Use host caching only for read operations.

    • Read/Write: Use host caching for both read and write operations. Nasuni recommends enabling Read/Write host caching.

14. Click Save. The disk is updated. The new disk appears in the list of “Data disks”.

Starting the virtual machine

To start the virtual machine, follow this procedure:

1. Click Home, then, from the list along the top, click “Virtual machines”. (If this does not appear in the list at the top, click “More Services” or “All Services” to view more services.) The “Virtual machines” pane appears.

2. From the “Virtual machines” list, click the virtual machine created in “Creating virtual machine” on page 46 above. The Overview pane for this virtual machine appears.

3. To launch the virtual machine, click Start.

Accessing the Nasuni Edge Appliance or NMC

To access the newly installed Nasuni Edge Appliance or NMC, follow this procedure:

1. Click Home, then, from the list along the top, click “Virtual machines”. (If this does not appear in the list at the top, click “More Services” or “All Services” to view more services.) The “Virtual machines” pane appears.

2. From the “Virtual machines” list, click the virtual machine created in “Creating virtual machine” on page 46 above. The Overview pane for this virtual machine appears.

3. If a public IP address was configured, copy the “Public IP address”.

   If a public IP address was not configured, you must get the private IP address instead.

   Note: If the “Public IP address” is blank, click Start. The virtual machine starts, and the “Public IP address” appears. It might take a few minutes for the virtual machine to start.

4. Open a new browser window.

5. To access the Nasuni Edge Appliance, enter the address in this form:

   https://<Public IP address>:8443, where <Public IP address> is the “Public IP address” from step 3 on page 51 above.

   The Nasuni Edge Appliance user interface should appear.

   Continue with “Configuring the Nasuni Edge Appliance” on page 68.

6. To access the NMC, enter the address https://<Public IP address>, where <Public IP address> is the “Public IP address” from step 3 on page 51 above.

   The Nasuni Management Console should appear.

   Continue with “Configuring the Nasuni Management Console” on page 70.

Deploying NMC using downloaded software

Installing the Nasuni Management Console (NMC) requires the corresponding Microsoft Azure VHD, which is available from Nasuni.

Important: You must create and maintain your own Microsoft Azure account. Nasuni does not have access to your Microsoft Azure account. To create a Microsoft Azure account, visit the Microsoft Azure site at https://azure.microsoft.com/.

Tip: In the Nasuni model, customers provide their own cloud accounts for the storage of their data. Customers should leverage their cloud provider's role-based access and identity access management features as part of their overall security strategy. Such features can be used to limit or prohibit administrative access to the cloud account, based on customer policies.

Caution: Port 443 must be open to *.blob.core.windows.net, in order for the Azure Linux

Agent (WALinuxAgent) to perform validation checks during boot and normal operations. Nasuni incorporates the WALinuxAgent into the images provided for manual installation and for installation through the Azure Marketplace.

Important: Before beginning this procedure there must be an existing primary resource group, a primary virtual network for this virtual machine, and a primary subnet

Important: When using virtual machine Edge Appliances or NMCs, Nasuni recommends running under a hypervisor that is still supported by its vendor. If a customer runs an Edge Appliance or NMC on an unsupported hypervisor version, a warning is logged at boot time. The warning is of the form:

“Nasuni recommends running the Management Console on ESX 7.0 or later.”

Obtaining software

To obtain the NMC software, follow these steps:

1. Obtain the Microsoft Azure VHD file for the NMC from Nasuni by following these steps:

1. If you do not have a Nasuni account already, go to the Nasuni evaluation Web site at https://info.nasuni.com/request-a-demo. The Demo page appears.

   Enter your contact information.

   Note: The email address that you enter is used for authentication with Nasuni.

   A member of the Nasuni staff will contact you with registration material to obtain your Nasuni account.

2. Log in to your Nasuni account web site ( https://account.nasuni.com/) and click Downloads.

   The Downloads page appears.

3. In the Nasuni Management Console area, select the Azure format.

4. Download the Nasuni Management Console software .zip file to your local drive.

   The amount of time to download the software file depends on your Internet connection. The file is approximately 17 GB in size.

5. Unzip the software file to a convenient directory.

   Tip: Since you must type the complete path to the extracted contents in a later step, the shorter the path, the better.

Creating the virtual machine

To create the virtual machine, follow these steps:

Important: To access Active Directory-enabled volumes, before performing this step, ensure that there is Virtual Network for the virtual machine to join.

1. On the Microsoft Azure dashboard page, click Virtual Machines. A list of virtual machines appears.

2. Click Add, then click Virtual machine. The Create a virtual machine pane appears.

3. Click Virtual Machine. On the menu that appears, click From Gallery.

4. The Virtual machine image selection page appears.

5. Click My Images. A list of available images appears. If you downloaded and used software, select the image that you created in step 13 on page 46. If you used the Azure Marketplace, select that image.

   Then click the right-arrow at the bottom right of the page. The Virtual machine configuration page appears.

6. In the Virtual Machine Name text box, enter a descriptive name for this virtual machine. The name must be at least 3 characters long and at most 15 characters long, using only numbers, hyphens, and lowercase letters. The name must start with a letter, and must end with a letter or a number.

7. For the Tier, select Standard, which is recommended for production workloads. For more information, see https://azure.microsoft.com/en-us/pricing/details/virtual-machines/#Linux.

8. From the Size drop-down list, select the size of the virtual machine, following these recommendations:

Tip: Consult your Nasuni Sales Engineer for the size of virtual machine to select.

Tip: This is the minimum configuration. Larger values might be necessary.

9. In the New User Name text box, enter a user name. The user name must be at least 4 characters. This user name is not actually used, so it can have any allowed value.

10. Click the right-arrow at the bottom right of the page. The next Virtual machine configuration page appears.

11. Accept the default values of the Cloud Service, Cloud Service DNS Name (based on the Virtual Machine Name in step 6), and the Availability Set.

    To access Active Directory-enabled volumes, from the Region/Affinity Group/Virtual Network drop-down list, select the appropriate value. If you are not accessing Active-Directory-enabled volumes, accept the default value of the Region/Affinity Group/Virtual Network.

12. Use the list of Endpoints to configure port security. For each port or protocol, enter the following information:

    • Name: The name of the protocol. Select from the drop-down list or enter name.

    • Protocol: From the drop-down list, select TCP or UDP.

    • Public Port: Enter or accept the public port number.

    • Private Port: Enter or accept the private port number.

    Warning: RUNNING THE NASUNI EDGE APPLIANCE OR NMC ON THE MICROSOFT AZURE PLATFORM IS SIMILAR TO RUNNING THESE SYSTEMS OUTSIDE OF YOUR BUSINESS. UNUSED PORTS SHOULD NOT BE EXPOSED TO THE PUBLIC INTERNET, INCLUDING THE SSH PORT, PORT 222.

    MINIMALLY, THE FOLLOWING PORTS SHOULD BE EXPOSED TO THE HOSTS THAT ACCESS THEM:

    OUTBOUND: MICROSOFT AZURE DOES NOT ENABLE RESTRICTING OUTBOUND TRAFFIC. NASUNI RECOMMENDS ALLOWING OUTGOING TRAFFIC ON ALL PORTS TO ALL HOSTS FOR THE NASUNI EDGE APPLIANCE AND NMC.

    INBOUND: HERE ARE RECOMMENDATIONS FOR THE FOLLOWING PORTS:

    • Port 222 SSH: Close this port. If Nasuni Customer Support requests you to open this port, open this port temporarily to all clients/ranges.

    • Port 443 TCP: Used for Web Access. If these features are in use, Nasuni recommends opening this port to all clients/ranges. Note that these features must be enabled on the Nasuni Edge Appliance.

    • Port 8443 TCP: Used to administer the Nasuni Edge Appliance and Nasuni Management Console. Open to clients that need to use the Nasuni administration interface.

    • Ports 139 and 445 TCP: Open to clients that need to use SMB/CIFS.

    • Ports 111, 662, 875, 892, 2049, and 32803 TCP or UDP: Open to clients that need to use NFS.

    • Port 161 UDP: Open to clients that need to use SNMP.

13. Click the right-arrow in the lower right corner of the dialog box. The next Virtual machine configuration page appears.

14. Accept all defaults. Click the checkmark in the lower right corner of the dialog box.

15. The new virtual machine is created, and appears in the list of virtual machines. The state should become Running.

    Details of the VM include Status, Subscription, Location, and DNS Name.

16. Note the DNS Name address, which is of the format <VMName>.cloudapp.net, where <VMName> is the name of the VM. If the DNS Name address is not displayed, ensure that the virtual machine has started.

    Important: When using virtual machine Edge Appliances or NMCs, Nasuni recommends running under a hypervisor that is still supported by its vendor. If a customer runs an Edge Appliance or NMC on an unsupported hypervisor version, a warning is logged at boot time. The warning is of the form:

    “Nasuni recommends running the Management Console on ESX 7.0 or later.”

Adding disks

Important: If multiple cache disks are provided before the first boot, Nasuni automatically provisions them as a striped set for best performance. Multiple cache disks must all be the same size, or the size of the smallest cache disk determines how much of each disk can be used. To add an additional cache disk after the first boot, contact Nasuni Support.

If installing a Nasuni Edge Appliance, attach a cache disk to the virtual machine by following these steps:

1. On the Microsoft Azure dashboard page, click Virtual Machines in the left-hand column. A list of virtual machines appears.

2. At the bottom of the page, click Attach. From the drop-down list, select Attach empty disk. The “Attach an empty disk to the virtual machine” dialog box appears.

3. In the Size (GB) text box, enter the size of the new disk in GB. For typical VMs (at least 4 processors and at least 6 GB of memory), Nasuni recommends no larger than 1023 GB.

4. Host caching can improve performance under some circumstances.

   Note: Host caching is not supported for disks 4 TiB (4096 GiB) and larger.

   Select the Host Cache Preference from the following choices:

   • None: Do not use host caching.

   • Read Only: Use host caching only for read operations.

   • Read/Write: Use host caching for both read and write operations. Nasuni recommends enabling Read/Write host caching.

5. Click the checkmark in the lower right corner of the dialog box.

   The cache disk is attached to the virtual machine. This might take 10 minutes to complete. The state should become Running.

   Note: During the first boot of the appliance:

   • If the appliance includes a temporary (ephemeral) storage device, then the temporary (ephemeral) storage device is used as the copy-on-write (COW) disk, and all non-OS persistent storage devices are used as the cache.

   • If the appliance does not include a temporary (ephemeral) storage device, then the smallest non-OS persistent storage device is used as the COW, and all remaining non-OS persistent storage devices are used as the cache.

   During subsequent boots of the appliance, the largest non-OS disk not used as the cache is used as the COW. The COW can be either temporary or persistent storage.

   You can always add a larger COW disk later.

   For details on which Azure virtual machine sizes include temporary storage disks, see Azure VM sizes with no local temporary disk.

Accessing the Nasuni Edge Appliance or Nasuni Management Console

In your web browser, enter the following in the address bar and press Enter:

https://<DNS Name>:8443.

where <DNS Name> is the DNS Name address from step 16 on page 55. If the DNS Name address is not displayed, ensure that the virtual machine has started. It might take a few minutes before the new Nasuni Edge Appliance or Nasuni Management Console is available.

Be sure to append 8443 to the specified DNS Name address.

For the Nasuni Edge Appliance, continue with “Configuring the Nasuni Edge Appliance” on page 68.

For the NMC, continue with “Configuring the Nasuni Management Console” on page 70.

Procedure using the Azure PowerShell Az module

The Azure PowerShell Az module is now the intended PowerShell module for interacting with Azure. Az offers shorter commands, improved stability, and cross-platform support. Az also has feature parity with AzureRM, giving you an easy migration path.

Important: You must have at least one subscription for this purpose.

Tip: In the Nasuni model, customers provide their own cloud accounts for the storage of their data. Customers should leverage their cloud provider's role-based access and identity access management features as part of their overall security strategy. Such features can be used to limit or prohibit administrative access to the cloud account, based on customer policies.

Important: Installing third-party software on Nasuni appliances is not allowed.

Note: Selecting the “Secure transfer required” feature for an Azure Storage account does not affect the operation of the Nasuni Edge Appliance.

Tip: Run PowerShell as an Administrator.

This procedure uses the Azure PowerShell Az module.

For more information on the Azure PowerShell Az module, see https://docs.microsoft.com/en-us/ powershell/azure/new-azureps-module-az?view=azps-3.4.0.

Installing the Azure PowerShell Az module

To install the new AZ module, follow these steps:

1. Launch PowerShell.

2. Run the following command:

   Install-Module -Name Az -AllowClobber -Scope CurrentUser

Note: The Microsoft-recommended installation method is to install the module only for the active user. If you would like to install the module for all users, you must run the following version of the command from an elevated PowerShell session launched as Administrator:

Install-Module -Name Az -AllowClobber -Scope AllUsers

Deploying an NMC or Edge Appliance using the Azure PowerShell Az module

The following PowerShell commands can be used to deploy an NMC or an Edge Appliance based on the latest Azure VHDs. It involves the creation of custom Images that can be used to deploy multiple virtual machines. After the virtual machines are created, virtual machine deployment can also be carried out through the Azure portal.

Important: This process requires AzCopy v10 which you can find here: https:// docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10.

Important: If multiple cache disks are provided before the first boot, Nasuni automatically provisions them as a striped set for best performance. Multiple cache disks must all be the same size, or the size of the smallest cache disk determines how much of each disk can be used. To add an additional cache disk after the first boot, contact Nasuni Support.

Important: When using virtual machine Edge Appliances or NMCs, Nasuni recommends running under a hypervisor that is still supported by its vendor. If a customer runs an Edge Appliance or NMC on an unsupported hypervisor version, a warning is logged at boot time. The warning is of the form:

“Nasuni recommends running the Management Console on ESX 7.0 or later.”

To install an NMC or Edge Appliance using the Azure PowerShell Az, follow these steps:

1. Download the NMC or Edge Appliance VHD as described in “Downloading software” on page 37.

2. Launch PowerShell as Administrator.

3. Run the following commands:

   # Setup variables for use
   $ResourceGroup = '<Resource_Group_Name>'
   $Location = '<Azure_Region>'
   $Vnet = '<Virtual_Network_Name>'
   $VmSubnet = '<Subnet_Name>'
   $NMCVmSize = 'Standard_D4s_v4' # The NMC virtual machine size. Consult with your Nasuni account team for sizing guidance.
   $EAVmSize = 'Standard_D8ds_v4' # The Edge Appliance virtual machine size. Consult with your Nasuni account team for sizing guidance.
   $NMCVhdPath = '<Path_to_NMC_VHD>' # Path to the NMC VHD file. The latest NMC VHD can be downloaded from https://account.nasuni.com.
   $EAVhdPath = '<Path_to_Edge_Appliance_VHD>' # Path to the Edge Appliance VHD file. The latest NMC VHD can be downloaded from https:/ /account.nasuni.com.
   $NMCPrivateIp = '<NMC_Private_IP>' # Optional static private IP address to be assigned to the NMC. Ensure that this address is valid for the subnet specified above.
   $EAPrivateIp = '<Edge_Appliance_Private_IP>' # Optional static private IP address to be assigned to the Edge Appliance. Ensure that this address is valid for the subnet specified above.
   $DiagnosticStorage = '<VM_Diagnostics_Storage_Account_name>' # Storage account name where VM diagnostics should be stored.
   # The following account is only needed to provision the virtual machine; it is not used by the virtual machine.
   $VMLocalAdminUser = '<Valid_username_for_Azure>'
   $VMLocalAdminSecurePassword = ConvertTo-SecureString '<Valid_Azure_VM_Password>' -AsPlainText -Force
   $Credential = New-Object System.Management.Automation.PSCredential ($VMLocalAdminUser, $VMLocalADminSecurePassword)
   # Connect to Azure
   Connect-AzAccount
   # Nasuni Management Console (NMC) Deployment
   #
   # Prepare the managed disk to be used for the NMC image
   $diskName = 'NMCDiskImage'
   $vhdSizeBytes = (Get-Item $NMCVhdPath).Length
   $diskConfig = New-AzDiskConfig -SkuName Premium_LRS -OsType Linux
   -UploadSizeInBytes $vhdSizeBytes -Location $Location
   -CreateOption Upload
   New-AzDisk -ResourceGroupName $ResourceGroup -DiskName $diskName -Disk $diskConfig
   # Generate SAS for the managed disk
   $diskSas = Grant-AzDiskAccess -ResourceGroupName $ResourceGroup -DiskName $diskName -DurationInSecond 86400 -Access Write
   $disk = Get-AzDisk -ResourceGroupName $ResourceGroup -DiskName $diskName
   # Upload the NMC VHD using AzCopy v10
   & 'C:\Program Files\azcopy.exe' copy $NMCVhdPath $diskSas.AccessSAS --blob-type PageBlob
   # When the upload is complete, revoke the SAS
   Revoke-AzDiskAccess -ResourceGroupName $ResourceGroup -DiskName $diskName
   # Create an NMC image from the new managed disk. Images allow for easy deployment of subsequent virtual machines.
   $imageName = 'NMCImage'
   $imageConfig = New-AzImageConfig -Location $Location $imageConfig = Set-AzImageOsDisk -Image $imageConfig
   -OsState Generalized -OsType Linux -ManagedDiskId $disk.Id -Caching ReadWrite
   $NMCImage = New-AzImage -ImageName $imageName
   -ResourceGroupName $ResourceGroup -Image $imageConfig
   # Create a Network Security Group for the NMC that allows anyone to connect to port 443 for management.
   # Modify the rule's SourceAddressPrefix to match your security policy.
   $rule1 = New-AzNetworkSecurityRuleConfig -Name nmc-mgmt
   -Description "Allow NMC Management (HTTPS)" -Access Allow
   -Protocol Tcp -Direction Inbound -Priority 100
   -SourceAddressPrefix Internet -SourcePortRange *
   -DestinationAddressPrefix * -DestinationPortRange 443
   $nmcsg = New-AzNetworkSecurityGroup -ResourceGroupName $ResourceGroup -Location $Location -Name "nmc-sg" -SecurityRules $rule1
   # Create a NIC for the NMC
   # Optional: If you want to assign a public IP address, uncomment the following line and the PublicIpAddressID line below. #$PIP = New-AzPublicIpAddress -Name "NMCPIP"
   -ResourceGroupName $ResourceGroup -Location $Location
   -AllocationMethod Dynamic
   $VmSubnetID = (Get-AzVirtualNetworkSubnetConfig -Name $VmSubnet -VirtualNetwork (Get-AzVirtualNetwork -Name $vnet)).Id
   $NICargs = @{
   Name = "NMCNIC"
   ResourceGroupName = $ResourceGroup
   Location = $Location
   SubnetId = $VmSubnetID
   # Optional: To specify a private IP address defined above for the NMC, uncomment the following line.
   # PrivateIpAddress = $NMCPrivateIp
   # Optional: If you want to assign a public IP address, uncomment the following line and the $PIP line above.
   # PublicIpAddressID = $PIP.Id
   NetworkSecurityGroupId = $nmcsg.Id
   }
   $NIC = New-AzNetworkInterface @NICargs
   # Create an NMC virtual machine from the new image
   $NMCVm = New-AzVMConfig -VMName "NMC" -VMSize $NMCVmSize
   $NMCVm = Set-AzVMOperatingSystem -VM $NMCVm -Linux -ComputerName "NMC" -Credential $Credential
   $NMCVm = Set-AzVMSourceImage -VM $NMCVm -Id $NMCImage.Id $NMCVm = Set-AzVMBootDiagnostic -VM $NMCVm -Enable
   -ResourceGroupName $ResourceGroup -StorageAccountName
   $DiagnosticStorage
   $NMCVm = Add-AzVMNetworkInterface -VM $NMCVm -Id $NIC.Id New-AzVm -ResourceGroupName $ResourceGroup -Location $Location -VM $NMCVm
   # Edge Appliance Deployment
   #
   # Prepare the managed disk to use for the Edge Appliance OS
   $diskName = 'EdgeApplianceDiskImage'
   $vhdSizeBytes = (Get-Item $EAVhdPath).Length
   $diskConfig = New-AzDiskConfig -SkuName Premium_LRS -OsType Linux
   -UploadSizeInBytes $vhdSizeBytes -Location $Location
   -CreateOption Upload
   New-AzDisk -ResourceGroupName $ResourceGroup -DiskName $diskName -Disk $diskConfig
   # Generate SAS for the managed disk
   $diskSas = Grant-AzDiskAccess -ResourceGroupName $ResourceGroup
   -DiskName $diskName -DurationInSecond 86400 -Access Write $disk = Get-AzDisk -ResourceGroupName $ResourceGroup -DiskName $diskName
   # Upload the Edge Appliance VHD using AzCopy v10
   & 'C:\Program Files\azcopy.exe' copy $EAVhdPath $diskSas.AccessSAS --blob-type PageBlob
   # When the upload is complete, revoke the SAS
   Revoke-AzDiskAccess -ResourceGroupName $ResourceGroup
   -DiskName $diskName
   # Create an empty managed disk to use as the source for the cache volume for the Edge Appliance
   $EACacheDiskName = 'EdgeApplianceCache'
   $EACacheDiskConfig = New-AzDiskConfig -SkuName Premium_LRS
   -DiskSizeGB 1024 -CreateOption Empty -Location $Location $EACacheDisk = New-AzDisk -ResourceGroupName $ResourceGroup
   -DiskName $EACacheDiskName -Disk $EACacheDiskConfig
   # Create an Edge Appliance image from the new managed disk. Images allow for easy deployment of subsequent virtual machines.
   $imageName = 'EdgeApplianceImage'
   $imageConfig = New-AzImageConfig -Location $Location $imageConfig = Set-AzImageOsDisk -Image $imageConfig
   -OsState Generalized -OsType Linux -ManagedDiskId $disk.Id
   -Caching ReadWrite -StorageAccountType Premium_LRS
   # If you are planning on deploying Edge Appliances with striped disks, duplicate the following line and increment the Lun value. Each time you duplicate the line, a new disk is added. Contact Nasuni Support for assistance configuring the disk striping for any virtual machines deployed from this image.
   $imageConfig = Add-AzImageDataDisk -Image $imageConfig -DiskSizeGB 1024
   -Caching ReadWrite -ManagedDiskId $EACacheDisk.Id
   -StorageAccountType Premium_LRS -Lun 0
   $EAImage = New-AzImage -ImageName $imageName
   -ResourceGroupName $ResourceGroup -Image $imageConfig
   
   # Create a Network Security Group (NSG) for the Edge Appliance that allows anyone to connect to port 8443 for management.
   # Modify the rule's SourceAddressPrefix to match your security policy and access requirements. The NSG contains default rules allowing other resources in the virtual network to access the virtual machine. If you have resources outside of the vnet that require access to the Edge Appliance, ensure that you add additional rules to accommodate them.
   
   $rule1 = New-AzNetworkSecurityRuleConfig -Name ea-mgmt
   -Description "Allow Edge Appliance Management (HTTPS)" -Access Allow
   -Protocol Tcp -Direction Inbound -Priority 100
   -SourceAddressPrefix Internet -SourcePortRange *
   -DestinationAddressPrefix * -DestinationPortRange 8443
   
   $easg = New-AzNetworkSecurityGroup -ResourceGroupName $ResourceGroup -Location $Location -Name "ea-sg" -SecurityRules $rule1
   
   # Create a NIC for the NMC
   # Optional: If you want to assign a public IP address, uncomment the following line and the PublicIpAddressID line below. #$PIP = New-AzPublicIpAddress -Name "EAPIP"
   -ResourceGroupName $ResourceGroup -Location $Location
   -AllocationMethod Dynamic
   $VmSubnetID = (Get-AzVirtualNetworkSubnetConfig -Name $VmSubnet -VirtualNetwork (Get-AzVirtualNetwork -Name $vnet)).Id
   $NICargs = @{
   Name = "EANIC"
   ResourceGroupName = $ResourceGroup
   Location = $Location
   SubnetId = $VmSubnetID
   # Optional: To specify a private IP address defined above for the Edge Appliance, uncomment the following line.
   # PrivateIpAddress = $EAPrivateIp
   # Optional: To assign a public IP address, uncomment the following line and the $PIP line above.
   # PublicIpAddressID = $PIP.Id
   NetworkSecurityGroupId = $easg.Id
   }
   $NIC = New-AzNetworkInterface @NICargs
   
   # Create an Edge Appliance virtual machine from the new image
   $EAVm = New-AzVMConfig -VMName "EdgeAppliance" -VMSize $EAVmSize
   $EAVm = Set-AzVMOperatingSystem -VM $EAVm -Linux
   -ComputerName "EdgeApp" -Credential $Credential $EAVm = Set-AzVMSourceImage -VM $EAVm -Id $EAImage.Id $EAVm = Set-AzVMBootDiagnostic -VM $EAVm -Enable
   -ResourceGroupName $ResourceGroup
   -StorageAccountName $DiagnosticStorage
   $EAVm = Add-AzVMNetworkInterface -VM $EAVm -Id $NIC.Id
   New-AzVm -ResourceGroupName $ResourceGroup -Location $Location -VM $EAVm

4. The new virtual machine is created, and appears in the list of virtual machines on the portal. The state should become Running.

   Details of the VM include Status, Subscription, Location, and DNS Name.

   Important: When using virtual machine Edge Appliances or NMCs, Nasuni recommends running under a hypervisor that is still supported by its vendor. If a customer runs an Edge Appliance or NMC on an unsupported hypervisor version, a warning is logged at boot time. The warning is of the form:

   “Nasuni recommends running the Management Console on ESX 7.0 or later.”

5. Note the DNS Name address, which is of the format <VMName>.cloudapp.net, where <VMName> is the name of the VM. If the DNS Name address is not displayed, ensure that the virtual machine has started.

Resizing the cache and snapshot (copy-on-write or COW) disks

For various options for resizing the cache and snapshot (copy-on-write or COW) disks on the Microsoft Azure platform, see Resizing the Cache and Snapshot Disks.

Important: If multiple cache disks are provided before the first boot, Nasuni automatically provisions them as a striped set for best performance. Multiple cache disks must all be the same size, or the size of the smallest cache disk determines how much of each disk can be used. To add an additional cache disk after the first boot, contact Nasuni Support.

Considerations

The following considerations are important when resizing the cache or COW disks:

• Before expanding an attached Azure disk, the Azure virtual machine (VM) must be deallocated (powered off).

• Disks that are 4095 GiB or smaller must be detached from the Azure virtual machine before expanding them to 4096 GiB or larger. Attempting to resize a disk without first detaching the disk generates the following error:

  (BadRequest) Disks cannot be resized beyond 4095 GiB when attached to a VM. Detach disk <diskName> from VM <vmName> and try again. If caching is enabled for this disk, it will not be supported for disks greater than 4095 GiB.

• Host caching is not supported for disks 4 TiB (4096 GiB) and larger.

Procedure

Caution: Perform a manual Nasuni snapshot before changing the size of the disk.

To resize an Azure disk, follow these steps:

1. Deallocate (power off) the VM.

2. If the disk is smaller than 4096 GiB and you are expanding it to 4096 GiB or greater, detach the disk from the VM.

3. If you are expanding the disk to 4096 GiB or larger, and if the disk is a Premium SSD disk, and if host caching (also referred to as disk caching) is enabled, disable host caching. Host caching is not supported for disks 4 TiB and larger.

4. Use the Expand an Azure Managed Disk procedure to expand the disk.

   The linked instructions have two steps, but only step 1 (to expand the capacity of the disk) is required. Step 2 (to expand the partition) is not required, and is automatically performed by the Edge Appliance.

5. If you detached the disk from the VM before expanding it, attach the disk to the VM before powering on the VM.

6. Power on the VM.

   The Edge Appliance automatically detects the extra space that you added to the disk (cache or COW).

Resizing the OS disk

To increase the size of the OS disk to 32 GiB for the Nasuni Edge Appliance (NEA) or the Nasuni Management Console (NMC), perform these steps:

• Change the size of the OS disk in the virtual machine to 32 GiB.

• Reboot the virtual machine.

Note: Since this procedure interrupts access to the NEA or NMC, schedule this procedure for a time of low usage.

Configuring the Nasuni Edge Appliance

You now use the Nasuni Edge Appliance Initial Configuration Guide and the Nasuni Edge Appliance Administration Guide to complete the configuration of the Nasuni Edge Appliance.

Important: Edge Appliances and the NMC must be configured with operational DNS servers and a time server (internal or external) within your environment.

In general, during this configuration, it is not necessary to change any of the network settings: leave the network interface/configuration as DHCP, and the traffic group as General. Only a single interface and traffic group are supported on Azure images.

However, if the DHCP pool is not configured to provide DNS servers that can resolve records for Active Directory SRV records, you have several options:

• In the System Settings area, from the Settings Source drop-down list, select “DHCP with custom DNS”, then specify the search domain and DNS server.

• Alternatively, specify a Domain Controller in the Domain Settings for the Edge Appliance.

After the Nasuni Edge Appliance is running, if you need Nasuni Technical Support to help you with your Azure instance, enable the Remote Support Service on the Services menu.

Enabling or disabling compression and adjusting chunk size

If directed by Nasuni Customer Support to enable or disable Nasuni's compression, or to adjust the chunk size, this is possible using the Volume page.

To enable or disable Nasuni's compression, or to adjust the chunk size, follow these steps:

1. From the Volume list, select the volume. The Volume page for the volume appears, including the Cloud I/O area.

   

2. To enable or disable compression, or change the chunk size, click the current value. The Change Volume Cloud I/O dialog box appears.

   

3. Select or deselect compression.

4. Enter the chunk size, and select the units from the drop-down menu. To use the default chunk size, leave the text box blank.

   Warning: CONTACT NASUNI SUPPORT BEFORE CHANGING THE CHUNK SIZE.

5. Click Save to save your settings.

Configuring the Nasuni Management Console

You now use the Nasuni Management Console Guide to complete the configuration of the Nasuni Management Console.

Important: Edge Appliances and the NMC must be configured with operational DNS servers and a time server (internal or external) within your environment.

In general, during this configuration, it is not necessary to change any of the network settings: leave the network interface/configuration as DHCP, and the traffic group as General. Only a single interface and traffic group are supported on Azure images.

However, if the DHCP pool is not configured to provide DNS servers that can resolve records for Active Directory SRV records, you have several options:

• In the System Settings area, from the Settings Source drop-down list, select “DHCP with custom DNS”, then specify the search domain and DNS server.

• Alternatively, specify a Domain Controller in the Domain Settings for the Nasuni Management Console.

After the Nasuni Management Console is running, if you need Nasuni Technical Support to help you with your Azure instance, enable the Remote Support Service on the Console Settings menu.

Enabling or disabling compression and adjusting chunk size

If directed by Nasuni Customer Support to enable or disable Nasuni's compression, or to adjust the chunk size for a volume, this is possible using the Volume Cloud I/O page.

To enable or disable Nasuni's compression, or to adjust the chunk size, follow these steps:

1. Click Volume, then select Cloud I/O. The Volume Cloud I/O page for the volume appears.

   The following information appears for each volume in the list:

   • Name: The name of the volume.

   • Filer: The name of the Nasuni Edge Appliance for the volume.

   • Compression: The state of compression for this volume.

   • Chunk Size: The chunk size for this volume.

   • Actions: Actions available for each volume.

2. For the volume to change, click Edit . The Change Volume Cloud I/O dialog box appears.

3. Select or deselect compression.

4. Enter the chunk size, and select the units from the drop-down menu.

   Warning: CONTACT NASUNI SUPPORT BEFORE CHANGING THE CHUNK SIZE.

5. Click Save to save your settings.

Performance

For the Nasuni Edge Appliance, industry-standard NAS and SAN interfaces are not designed to be hosted on remote sites and attached over the public Internet. Nasuni recommends using only and Web Access over long distances. Nasuni also recommends only using the NAS and SAN protocols from clients that are hosted in the same infrastructure “near” the Nasuni Edge Appliance.

For the Nasuni Management Console, since all access is browser-based, there are no specific performance concerns.

Adding static IP address to existing Edge Appliance (using PowerShell)

Important: You must have at least one subscription for this purpose.

Tip: Run PowerShell as an Administrator.

You can add a static IP address to an existing Nasuni Edge Appliance. We present the procedure using Az commands. For details, see https://docs.microsoft.com/en-us/azure/virtual-network/virtualnetworks-static-private-ip-arm-ps.

To add a static IP address to an existing Nasuni Edge Appliance, follow these steps:

1. In Azure PowerShell, enter the following commands:

   • Using Az commands:

$nic = Get-AzNetworkInterface -Name <NICname> -ResourceGroupName <RGname>

$nic.IpConfigurations[0].PrivateIpAllocationMethod = "Static"

$nic.IpConfigurations[0].PrivateIpAddress = "<privateip>"

Set-AzNetworkInterface -NetworkInterface $nic

where

<NICname> is the name you are giving to the network interface controller (NIC);

<RGname> is the name you are giving to the resource group;

<privateip> is the private IP address for the static network IP.