Overview
This chapter explains the recommended procedure for the initial installation of the Nasuni Edge Appliance or the Nasuni Management Console on the Amazon EC2 platform.
Warning: IF YOU EVER NEED TO TRANSITION FROM ONE HYPERVISOR PLATFORM TO A DIFFERENT
HYPERVISOR PLATFORM, DO NOT USE ANY OF THE MIGRATION TOOLS OF EITHER
HYPERVISOR PLATFORM. INSTEAD, PERFORM A RECOVERY PROCEDURE, USING THE NEW HYPERVISOR PLATFORM AS THE DESTINATION. FOR DETAILS, SEE NEA RECOVERY OR NMC RECOVERY GUIDE.
Warning: DO NOT USE EPHEMERAL DISKS AS THE CACHE FOR A NASUNI EDGE APPLIANCE.
WHILE EPHEMERAL DISKS ARE LOW-COST STORAGE OPTIONS, THE DATA ON THEM IS VOLATILE, AND UTILIZING THEM FOR NASUNI CACHE OPERATIONS EXPOSES YOU TO THE LOSS OF UNPROTECTED DATA, IF THE VIRTUAL MACHINE USING THEM IS SHUT DOWN.
EPHEMERAL DISKS CAN BE AUTOMATICALLY SELECTED FOR CACHE OPERATIONS IF THEY ARE THE LARGEST DISK ATTACHED TO THE VIRTUAL MACHINE WHEN THE NASUNI VIRTUAL MACHINE IS BOOTED.
SINCE EACH CLOUD PROVIDER HAS DIFFERENT POLICIES FOR ATTACHING EPHEMERAL DISKS TO VIRTUAL MACHINES, CONTACT YOUR PROVIDER FOR GUIDANCE REGARDING HOW TO CHECK FOR THIS CONDITION. IF YOU DO FIND EPHEMERAL DISKS ATTACHED TO AN EDGE APPLIANCE, CONTACT NASUNI SUPPORT TO DETERMINE IF THEY ARE BEING UTILIZED AS THE CACHE.
Warning: DO NOT ATTEMPT TO RESTORE FROM A VIRTUAL MACHINE SNAPSHOT OR BACKUP.
ATTEMPTING TO RESTORE FROM A VIRTUAL MACHINE SNAPSHOT OR BACKUP PUTS THE EDGE APPLIANCE IN AN UNKNOWN STATE IN RELATION TO THE NASUNI
ORCHESTRATION CENTER (NOC), AND REQUIRES A DISASTER RECOVERY PROCESS TO BE RECOVERED. THIS MIGHT RESULT IN DATA LOSS.
Important: Installing third-party software on Nasuni appliances is not allowed.
Tip: In the Nasuni model, customers provide their own cloud accounts for the storage of their data. Customers should leverage their cloud provider's role-based access and identity access management features as part of their overall security strategy. Such features can be used to limit or prohibit administrative access to the cloud account, based on customer policies.
For additional information on the initial configuration of the Nasuni Edge Appliance, see the Nasuni Edge Appliance Initial Configuration Guide.
For additional information on the initial configuration of the Nasuni Management Console, see the Nasuni Management Console Guide.
Note: The vendor changes their interfaces occasionally with little notice to the users. The exact screens and text on these platforms might change at any time.
Important: The Nasuni Edge Appliance supports Enhanced Networking (EN). See docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced-networking.html for instructions on how to enable Enhanced Networking.
Nasuni
Nasuni® enables organizations to store, protect, synchronize, and collaborate on unstructured file data across all locations. Built for the cloud and powered by UniFS, the world’s only global file system, the Nasuni File Data Platform couples the performance of local file servers with the infinite scale of the cloud to provide a global file-sharing platform at half the cost of traditional file infrastructures.
With Nasuni, you can consolidate Network Attached Storage (NAS), distributed file servers, backup, disaster recovery, file archiving, multi-site file synchronization, and global file locking in one simple, scalable solution.
Nasuni stores all files and metadata in private (on-premises) or public cloud object storage to provide unlimited primary or archive file storage capacity, then intelligently caches just the active data on lightweight Nasuni Edge Appliances to provide local, high-performance file access in any location.
Nasuni supports the leading third-party object storage services:
Public cloud (aka BYOC) storage services Alibaba Cloud Object Storage Service (OSS), Amazon Simple Storage Service (Amazon S3), Google Cloud Storage, IBM Cloud Object Storage, Microsoft Azure Cloud Storage, Virtustream Storage Cloud, and Wasabi Hot Cloud Storage.
Private cloud (on-premises) storage services Cloudian HyperStore, Dell EMC Elastic Cloud Storage (ECS), Hitachi Content Platform (HCP), IBM Cloud Object Storage, NetApp StorageGRID, Nutanix Objects, Pure Storage FlashBlade, Scality RING, and Quantum ActiveScale.
Support for each of these cloud object storage services is included with each Nasuni subscription.
Multiple cloud object storage services can be used within a single Nasuni implementation, and a single Nasuni Edge Appliance can connect to volumes in different cloud object storage services. However, each volume can exist only in a single cloud object storage service.
Nasuni consists of several product components.
UniFS®
The UniFS® global file system is cloud-resident and serves as the foundation of the Nasuni File Data Platform. UniFS is the first file system designed for private on-premises or public cloud object storage. Unlike device-constrained file systems that cannot scale beyond their single “box” or cluster, the unique ability for UniFS to live and scale within object storage means that Nasuni has no limits on total capacity, file versions, file size, volume size, or number of locations.
Another unique quality of UniFS is the ability to extend on-premises and to cache only the actively used files and metadata anywhere that high-performance file access is needed on Nasuni Edge Appliances. It is this ability, combined with the ability to rapidly synchronize changes to files made on any Edge Appliances with the authoritative copies stored in cloud object storage, that enables Microsoft Azure storage, Amazon Simple Storage Service (Amazon S3), Dell EMC ECS, IBM Cloud Object, and other public and private cloud object storage solutions to be used for high-performance file storage.
Nasuni Edge Appliances
Note: Nasuni Edge Appliances are sometimes referred to by the shorter name “Filers”.
Each Nasuni Edge Appliance performs two main tasks:
Securely transmits files to cloud object storage where the authoritative copies of all files are stored.
Caches actively used files locally to provide high-performance file access, and to minimize cloud egress charges in deployments where Nasuni is backed by public cloud object storage.
A Nasuni Edge Appliance can be a virtual machine that runs on hypervisors including Amazon EC2, Microsoft Azure, Microsoft Hyper-V, Nutanix AHV, Scale HyperCore, and VMware ESXi. Or a Nasuni Edge Appliance can be a Nasuni hardware appliance.
Just like traditional NAS controllers or file servers, Nasuni Edge Appliances support NFS, SMB (CIFS), FTP/SFTP, and HTTP/ REST protocols. They are also fully integrated with Active Directory, LDAP, Distributed File System (DFS), and Windows Previous Versions. However, the reach and capacity of Nasuni Edge Appliances far exceed traditional NAS controllers, because the appliances store only active files, and have the entire back-end capacity of cloud object storage at their disposal. All data is compressed and encrypted by the appliances before being transmitted to object storage.
Each Nasuni Edge Appliance includes Nasuni Continuous File Versioning™ for data protection. This advanced snapshot technology captures file changes as they occur, and transmits only those changes to your third-party cloud object storage system, so that the third-party cloud object storage system always contains the latest version of every file. It also provides highly granular file-level data protection that offers improved recovery points and recovery times compared to traditional file backup, eliminating the need for traditional backup hardware, software, media servers, and tape and disk media.
Each Nasuni Edge Appliance offers a Web-based interface that enables you to manage volumes and performance. To manage many Edge Appliances, you use the Nasuni Management Console (NMC).
Nasuni Management Console (NMC)
The Nasuni Management Console (NMC) enables you to monitor and manage many Nasuni Edge Appliances from one central Web-based interface. Using the Nasuni Management Console, you can view the status of all of your Nasuni Edge Appliances, as well as configure their settings. Using the Nasuni Management Console, you can also ensure consistent settings by applying changes to all appliances with one operation.
Nasuni Orchestration Center (NOC)
The Nasuni Orchestration Center (NOC) is the set of cloud-based services that serves as the control path for Nasuni, and is separate from the data path that writes data to and reads data from private or public cloud object storage. The NOC orchestrates internal authentication, software updates, Nasuni Global Volume Manager™, Nasuni Global File Lock™, credential management, support services, and the dashboard for monitoring and reporting.
The NOC also ensures that organizations benefit by having a simple, safe, and secure way to share data across any number of sites. Nasuni’s multi-site access capabilities include:
Secure data distribution to remote office/branch office (ROBO).
Remote offices forwarding data to a central point.
Two-way synchronized read-write.
Nasuni’s multi-site access also eliminates costly and cumbersome replication schemes and slow WAN optimizers.
Note: You can view the Health Status of the Nasuni Orchestration Center (NOC), Global File Acceleration (GFA), and Global File Lock (GFL) at account.nasuni.com.
Nasuni Global Volume Manager™
Nasuni Global Volume Manager ensures that changes from every location are synchronized with cloud object storage, then propagated from cloud object storage to all other Edge Appliances that are caching the same files, so that users are always working on the latest versions. Nasuni Global Volume Manager aligns the changes from each Nasuni Edge Appliance based on date/time stamp, creating an infinite version history of every file.
Nasuni Global File Lock™
Nasuni is designed to enable multiple appliances to connect to a single volume, so that users in different locations can collaborate on the same shared files. Nasuni Global File Lock is software that works with third-party cloud object storage to ensure that only one user can write data at a time, minimizing the possibility of version conflicts. Nasuni Global File Lock ensures that only one user in the world can make file changes at any time, by controlling the transmission of data by multiple users to your third-party cloud object storage system to prevent overlap.
Analytics Connector
The Nasuni Analytics Connector enables you to turn unstructured data into big data. A consolidated cloud-based file system enables you to export a temporary second copy of your file data, in native object format, in a separate cloud object storage account. You can then use this data with analytics software, AI, machine learning, and other data recognition tools.
Using Analytics Connector, you can use any analytics service from AWS or Azure, regardless of which cloud currently stores your Nasuni volume. Since file data has already been centralized in cloud object storage, the process is fast, capable of exporting 14–16 TBs of data per hour. You can specify file types, specific paths, and more to refine the selection of data for analysis. Nasuni provides a cost estimator tool to help organizations project the cloud costs of storing the selected data sets in native object format in a separate cloud object storage account. The Analytics Connector runs entirely in the chosen cloud object storage account, using securely stored customer keys.
Global File Acceleration
Combined with Nasuni’s global file system, the Nasuni Global File Acceleration (GFA) service accelerates file synchronization to improve collaboration and optimize productivity across locations.
Global File Acceleration delivers more intelligent multi-site file synchronization that is based on realtime user activity to prioritize when data gets propagated to Nasuni Edge Appliances at other sites, so that users gain faster access to their shared data. The GFA service is available to customers who have the Multisite Collaboration license add-on.
Individual Edge Appliances continuously send file system audit events (such as reads, writes, deletes, and renames) to the cloud-based Global File Acceleration Cloud Controller. Individual Edge Appliances also request recommendations from the GFA Cloud Controller on when to perform syncs and snapshots (respectively known as “pull” and “push”) for the GFA enabled volume, based on near-realtime analysis of file system audit events.
Note: You can view the Health Status of the Nasuni Orchestration Center (NOC), Global File Acceleration (GFA), and Global File Lock (GFL) at account.nasuni.com.
Nasuni Access Anywhere (NAA)
When combined with Nasuni’s core platform capabilities, Nasuni Access Anywhere delivers highperformance file access for remote and hybrid (distributed) users, along with productivity tools that let them manage files from anywhere on any device. Additionally, integration with collaborative tools provides a seamless workflow across Microsoft Office 365, Microsoft Teams, Slack, and corporate file shares to ensure easy and secure access to critical corporate data.
Nasuni File IQ (NFIQ)
The Nasuni File IQ Appliance (NFIQ Appliance) is a new appliance in the Nasuni system that co-exists with installations of the NEA and NMC. It gives business-critical insights into how, when, and by whom the data on the volumes controlled by the NEAs is used. The system is made up of several key elements:
The File System Metadata Service (FSMS) efficiently scans the associated NEAs’ volumes, and compiles data on their contents.
The File System Event Processing Service (FSEP) listens to all the events generated by users creating, viewing, editing, moving, deleting, or manipulating files and directories on those volumes in any way.
The File System Aggregation Service (FSAGG) combines the raw data of these audit events into coherent business knowledge, and stores it in a dedicated database.
Grafana Dashboards are provided to allow ease of navigation and understanding of this knowledge.
In short, the NFIQ Appliance is an intelligent window into your Nasuni Volumes. For further information, see Nasuni File IQ Best Practices.
Key Terms
The following terms are helpful in understanding the Nasuni Edge Appliance:
Nasuni Edge Appliance (“Filer”): The virtual or physical appliance in your data center that integrates with your infrastructure via CIFS (SMB), NFS, FTP/SFTP, or HTTPS/REST protocols. The Nasuni Edge Appliance can be mapped as a network drive.
Nasuni Edge Appliance user interface: The Web-based graphical user interface with which you configure and manage the Nasuni Edge Appliance. The Nasuni Edge Appliance user interface is accessible with supported Web browsers including Mozilla Firefox, Microsoft Edge, Safari, and Google Chrome.
Nasuni Management Console (NMC): The Web-accessible appliance with which you can configure and manage multiple Nasuni Edge Appliances. The Nasuni Management Console is accessible with supported Web browsers including Mozilla Firefox, Microsoft Edge, Apple Safari, and Google Chrome.
Cloud storage: Internet-based, highly protected, unlimited storage.
Volume: A set of files and directories (CIFS (SMB), NFS, and FTP/SFTP).
Share/export: An access point to a folder on a volume that can be shared or exported on your network. Access to a CIFS (SMB) share can be customized on a user-level or group-level basis. You can create many shares or exports on a volume, for different purposes or audiences.
Cache: The local storage of the Nasuni Edge Appliance. All data and metadata that is accessed regularly is kept locally in the cache. If requested data is not locally resident, it is staged into the cache and provided for the request.
Snapshot: A snapshot is a complete picture of your volume at a specific point in time.
Snapshots offer data protection by enabling you to recover data deleted in error or to restore an entire file system. After a snapshot has been taken and is sent to cloud object storage, it is not possible to modify that snapshot.
Nasuni Edge Appliance Specifications
This section contains specifications for configuring the Nasuni Edge Appliance.
General Specifications
The following table lists general specifications for the Nasuni Edge Appliance.
Description | Value |
|---|---|
Maximum number of owned volumes per Nasuni Edge Appliance. | 8 We recommend 8 owned volumes or fewer.To determine the ideal number of owned volumes for your workload, contact Nasuni Support. |
Maximum number of files in the Nasuni Service. | Unlimited |
Maximum capacity of files in the Nasuni Service. | Unlimited (might be restricted by license) |
Default cache size on disk. | 250 GB (VM only) No default for Microsoft Azure: must deploy. |
Default copy-on-write (COW) disk size. | 62 GiB (VM only) No default for Microsoft Azure: must deploy. |
Default snapshot period. | 1 hour (after most recent snapshot) |
Maximum file size. | Available cache space at time of write |
Number of cache volumes supported. | 1 |
Minimum memory required. | 16 GiB (VM only) |
Minimum number of processors (CPUs). | 8 recommended |
Important: These are general recommendations. Your specific situation might require further resources.
Note: The maximum amount of memory that can be configured is 128 GiB. Any memory above the limit of 128 GiB is ignored.
Supported Web Browsers
The Nasuni Edge Appliance supports the following Web browsers:
Browser | Version |
|---|---|
Mozilla Firefox | Latest |
Google Chrome | Latest |
Apple Safari | Latest |
Microsoft Edge | Latest |
Supported Windows Operating Systems
The Nasuni Edge Appliance provides file sharing services to the following Windows operating systems:
Server Operating Systems
Operating System | Service Packs |
|---|---|
Windows Server 2022 (recommended for better performance) | N/A |
Windows Server 2019 (recommended for better performance) | N/A |
Windows Server 2016 (recommended for better performance) | N/A |
Desktop Operating Systems
Operating System | Service Packs |
|---|---|
Windows 11 | N/A |
Windows 10 | N/A |
Virtual Machine Requirements
The minimum or recommended virtual machine resources for running the Nasuni Edge Appliance are as follows:
Limit | Value |
|---|---|
Minimum free disk space to run the Nasuni Edge Appliance. | 370 GB (344 GiB) (includes 32 GiB operating system, 250 GB cache, and 62 GiB copy-on-write (COW) disk) |
Recommended minimum memory on a VM host. | 16 GiB |
Recommended Nasuni Edge Appliance Virtual Machine minimum memory. | 16 GiB |
Nasuni Edge Appliance Virtual Machine processors (CPUs). | 8 recommended |
Important: These are general recommendations. Your specific situation might require further resources.
Administrators can expand the operating system disk on existing VMs up to 32 GiB by following the same process used to expand the cache disk.
To increase the size of the OS disk to 32 GiB for the Nasuni Edge Appliance (NEA) or the Nasuni Management Console (NMC), perform these steps:
Change the size of the OS disk in the virtual machine to 32 GiB.
Reboot the virtual machine.
Note: Since this procedure interrupts access to the NEA or NMC, schedule this procedure for a time of low usage.
Important: The maximum amount of memory that can be configured is 128 GiB. Any memory above the limit of 128 GiB is ignored.
Initial, Recommended, and Minimum Memory
The memory allocation for a virtual machine platform (VM) is set and changed in the hypervisor. The memory allocation that is first set is the "initial memory allocation".
The "recommended memory allocation" is a suggested amount of memory. If the VM has less than the "recommended memory allocation", an alert informs the customer of the situation.
There is also a "minimum memory allocation". If the VM has less than the "minimum memory allocation", then the software does not run.
Tip: For both the Nasuni Edge Appliance and the NMC, it might be necessary to increase the memory allocation above the recommended memory allocation, depending on the workload.
For the Nasuni Edge Appliance, these values are:
Initial memory allocation: 16 GiB
Recommended memory allocation: 16 GiB
Minimum memory allocation for production Edge Appliances: 16 GiB (Test Edge Appliances can run with less.)
Note: The document preview feature of Nasuni Web Access requires a minimum of 8 GiB.
For the NMC, these values are:
Initial memory allocation: 16 GiB
Recommended memory allocation: 16 GiB
Minimum memory allocation: 16 GiB
Important: These are general recommendations. Your specific situation might require further resources.
Note: The maximum amount of memory that can be configured is 128 GiB. Any memory above the limit of 128 GiB is ignored.
NMC Sizing Guidelines
The NMC requires 16 GB of disk space.
Use the following CPU and memory guidelines to plan the sizing of the NMC. These guidelines are based on the number of Edge Appliances managed by the NMC, since the NMC memory and CPU utilization relate directly to the number of Edge Appliances managed.
Important: If using Varonis, the NMC should have at least 4 CPUs, 16 GiB memory, and an appropriate corresponding virtual machine.
Number of Edge Appliances managed by NMC | CPUs | Memory (GiB) | AWS EC2 instance |
|---|---|---|---|
Up to 50 | 2 | 16 | |
Up to 100 | 4 | 16 | m6a.xlarge (AMD), m6i.xlarge (Intel) |
Up to 300* | 8 | 32 | m6a.2xlarge (AMD), m6i.2xlarge (Intel) |
*If managing more than 200 Edge Appliances, additional backend configuration is necessary for the NMC. Contact Nasuni Support for assistance.
Note: These values are based on CPU and memory utilization for a version 8.5 NMC. Earlier versions of the NMC might require additional resources.
Important: These are general recommendations. Your specific situation might require further resources.
Nasuni Edge Appliance (NEA) recommendations
For NEA recommendations, see Appendix B, “Amazon EC2 Instance Type virtual machine recommendations,” on page 42.
AWS Local Zones
Nasuni Edge Appliances can be deployed within AWS Local Zones. AWS Local Zones allow you to place EC2 instances in select metropolitan or other geographical areas closer to users or latencysensitive infrastructure. AWS Local Zones are a relatively new and continually expanding zone option for EC2 instances, so locations, instances, sizes, and EBS types vary from zone to zone. The majority of instance types are of Nitro architecture. Most Local Zones are currently limited to gp2 EBS types. See AWS Local Zones Features for the most recent published list.
AWS Local Zones prerequisites
Prerequisites for AWS Local Zones include the following:
To enable AWS Local Zones within the AWS Console, the AWS Console must be selected to use the New EC2 Experience.
Opt in to enable the desired Local Zones from the EC2 Settings/Zones configuration. Each AWS region toggled within the console presents its respective, available Local Zones that can be enabled.
Opt-in can also be accomplished using the modify-availability-zone-group option of the AWS CLI.
Example:
aws ec2 modify-availability-zone-group --group-name us-west-2-lax-1--opt-in-status opted-inwhere:
group-nameis the AWS Local Zone
Instance placement is determined during instance configuration by the selected subnet of a VPC. Before configuring the instance for launch, create a subnet within the Local Zone's VPC, or optionally create the subnet while in the instance configuration wizard.
AWS Local Zone instance size availability
The availability of a specific EC2 instance size can vary at any given location at any given time. To retrieve a table of the available instances and sizes, you can run the following AWS CLI command:
aws ec2 describe-instance-type-offerings --location-type availability-zone
--filters Name=location,Values=<local zone> --region <region>
--output table
where:
Values is the AWS Local Zone
region is the parent region for the AWS Local Zone
Local Zone to Local Zone network limitation
A current service limitation for consideration is that any resource or instance within one Local Zone cannot communicate to another within other Local Zones, even if they are under the same parent region. The impact of this limitation can vary with use case. In situations where Nasuni Support might want to SSH from one Edge Appliance to another, connectivity would not be possible with this limit. There is currently a request within AWS for a feature or a workaround to enable this.
Creating a Virtual Private Cloud (VPC)
Before launching the Amazon Machine Image (AMI) for the Nasuni Edge Appliance, you must create a Virtual Private Cloud (VPC). If you already have a VPC, you can use the existing VPC. Using a VPC gives you more control over networking features, such as assigning static addresses and enabling Active Directory or LDAP in the cloud.
Important: You must create and maintain your own AWS account. Nasuni does not have access to your AWS account. To gain access to the Nasuni AMIs, contact Nasuni Technical Support with your AWS account number. To create an EC2 account, visit http:// aws.amazon.com/ec2/.
Tip: In the Nasuni model, customers provide their own cloud accounts for the storage of their data. Customers should leverage their cloud provider's role-based access and identity access management features as part of their overall security strategy. Such features can be used to limit or prohibit administrative access to the cloud account, based on customer policies.
Important: This procedure assumes that you have already configured Active Directory, LDAP, and any domain controllers in the cloud.
Tip: When a Nasuni Edge Appliance is deployed in EC2, considerations for MTU include the following:
Amazon AWS sets the default MTU to 9001.
To ensure that the Nasuni Edge Appliance can communicate well outside the Virtual Private Cloud, ensure that ICMP is correctly configured for the Nasuni Edge Appliance's security group. In particular, do not block Path MTU Discovery (PMTUD) ICMP packets.
Also, see Network maximum transmission unit (MTU) for your EC2 instance.
To create a VPC on the AWS web site:
Launch your Web browser.
Go to the Amazon Web Services VPC console at https://console.aws.amazon.com/vpc. The VPC Dashboard appears.
Click Start VPC Wizard. The Create an Amazon Virtual Private Cloud screen appears.
Select the type of VPC that suits your networking needs best from the following types of VPC:
VPC with a Single Public Subnet Only.
VPC with Public and Private Subnets.
VPC with Public and Private Subnets and Hardware VPN Access.
VPC with a Private Subnet Only and Hardware VPN Access.
Click Continue. Depending on the type of VPC you selected in step 4, different screens appear for the VPC Wizard. Complete each screen with settings appropriate for your networking needs.
Important: Whichever type of VPC you selected in step 4, ensure that you only provide a single network interface to the Nasuni Edge Appliance, and ensure that you assign an IP address to the Nasuni Edge Appliance.
After completing all screens of the VPC Wizard, click Create VPC. A message appears notifying you that the VPC is created.
On the VPC Dashboard, click DHCP Options Sets in the left-hand menu. A list of DHCP Options Sets appears.
If a suitable DHCP Options Set already exists, skip to step 9.
Otherwise, click Create DHCP Options Set. The Create DHCP Options Set dialog box appears. Enter the appropriate settings for the new DHCP Options Set, then click “Yes, Create”. The new DHCP Options Set is created and appears in the list.
On the VPC Dashboard, click Your VPCs in the left-hand menu. A list of VPCs appears.
Right-click the VPC you are going to use, then select Change DHCP Options Set from the drop-down menu. The Change DHCP Options Set dialog box appears.
From the DHCP Options Set drop-down list, select the DHCP Options Set to use with the VPC, then click “Yes, Change”. The selected DHCP Options Set is associated with the VPC.
The VPC has now been created and the DHCP Options Set has been associated with it.
Launching the AMI
Installing the Nasuni Edge Appliance or Nasuni Management Console requires the corresponding Amazon Machine Image (AMI), which is available on the Amazon Web Services (AWS) web site.
Important: You must create and maintain your own AWS account. Nasuni does not have access to your AWS account. To gain access to the Nasuni AMIs, contact Nasuni Technical Support with your AWS account number. To create an EC2 account, visit http:// aws.amazon.com/ec2/.
Tip: In the Nasuni model, customers provide their own cloud accounts for the storage of their data. Customers should leverage their cloud provider's role-based access and identity access management features as part of their overall security strategy. Such features can be used to limit or prohibit administrative access to the cloud account, based on customer policies.
Important: Edge Appliances and the NMC must be configured with operational DNS servers and a time server (internal or external) within your environment.
Important: Installing third-party software on Nasuni appliances is not allowed.
Important: To access Active Directory-enabled volumes, the Nasuni Edge Appliance must be connected to an Active Directory server in the same Active Directory forest. This requires part of your Active Directory infrastructure to also be running on the EC2 platform.
Similarly, to access LDAP-enabled volumes, the Nasuni Edge Appliance must be able to access LDAP and Kerberos in the same LDAP domain.
Important: When using virtual machine Edge Appliances or NMCs, Nasuni recommends running under a hypervisor that is still supported by its vendor. If a customer runs an Edge Appliance or NMC on an unsupported hypervisor version, a warning is logged at boot time. The warning is of the form:
“Nasuni recommends running the Management Console on ESX 7.0 or later.”
To launch the AMI from the AWS web site:
The Nasuni AMIs are not publicly available. If your AWS account ID already has access to the Nasuni AMIs, continue with step 2 on page 24.
Otherwise, to enable your AWS account ID to access the Nasuni AMIs, follow this procedure. Alternatively, request Nasuni Technical Support to enable your AWS account ID to access the Nasuni AMIs.
Log in to your Nasuni account Web site (https://account.nasuni.com/) and click Downloads. The Downloads page appears.
Figure 1-1: Downloads page.
Click Amazon EC2, or scroll down to the “Nasuni AMIs on EC2” area.
Figure 1-2: “Nasuni AMIs on EC2” area.
In the text box, enter any 12-digit AWS account IDs that you want to have access to the Nasuni AMIs. Separate AWS account IDs by commas.
Click Submit.
These AWS account IDs are granted access to the Nasuni AMIs.
Note: It can take up to 5 minutes for access to be granted. If access has not been granted after 5 minutes, contact Nasuni Technical Support.
Go to the Amazon Web Services EC2 console at https://console.aws.amazon.com/ec2/. The EC2 Dashboard page appears.
Figure 1-3: EC2 Dashboard page.
In the left-hand column, click AMIs. The AMIs page appears.
Figure 1-4: AMIs page.
The correct AMI should appear in the list of AMIs.
If the correct AMI is not visible in the list of AMIs, then, in the “Filter:” area at the top of the screen, click “Owned by me” or “Public images”, then select “Private images” from the dropdown list. The correct AMI should appear in the list of AMIs.
If the correct AMI still does not appear, type
Nasuniin the Search text box at the top of the screen and press Enter. The correct AMI should appear in the list of AMIs.
Figure 1-5: List of AMIs.
From the list of AMIs, choose the most up-to-date AMI version.
Select the check box to the left of the correct Nasuni AMI entry, then click “Launch instance from AMI”.
The “Launch an instance” screen appears.
Figure 1-6: “Launch an instance” screen.
In the Name text box, enter a name for this instance.
You can also add any desired tags (key/value pairs) for management, by clicking “Add additional tags”.
In the “Application and OS Images (Amazon Machine Image)” area, verify that the correct AMI has been chosen. If necessary, you can change your AMI selection here.
In the “Instance type” area, select an instance type with a suitable number of virtual CPU processors and memory for your purposes. Pricing information also appears for comparison.
Figure 1-7: “Instance type” area and “Key pair” area.
For recommendations, see Appendix B, “Amazon EC2 Instance Type virtual machine recommendations,” on page 42.
It is recommended to use a key pair to securely connect to your instance. Enter the “Key pair name”. Ensure that you have access to the selected key pair before you launch the instance.
In the “Network settings” area, click Edit to change any items.
Figure 1-8: “Network settings” area
From the VPC drop-down list, select the VPC to use.
From the Subnet drop-down list, select the subnet to correspond to the VPC created in “AWS Local Zones” on page 18.
From the “Auto-assign public IP” drop-down list, select Enable,
Use the “Firewall (security groups)” area to configure security.
Warning: RUNNING THE NASUNI EDGE APPLIANCE OR NMC ON THE AMAZON EC2 PLATFORM IS SIMILAR TO RUNNING THESE SYSTEMS OUTSIDE OF YOUR BUSINESS.
UNUSED PORTS SHOULD NOT BE EXPOSED TO THE PUBLIC INTERNET, INCLUDING THE SSH PORT, PORT 222.
MINIMALLY, THE FOLLOWING PORTS SHOULD BE EXPOSED TO THE HOSTS THAT ACCESS THEM:
OUTBOUND: AMAZON EC2 DOES NOT ENABLE RESTRICTING OUTBOUND TRAFFIC.
NASUNI RECOMMENDS ALLOWING OUTGOING TRAFFIC ON ALL PORTS TO ALL HOSTS FOR THE NASUNI EDGE APPLIANCE AND NMC.
INBOUND: HERE ARE RECOMMENDATIONS FOR THE FOLLOWING PORTS:
Port 222 SSH: Close this port. If Nasuni Customer Support requests you to open this port, open this port temporarily to all clients/ranges.
Port 443 TCP: Used for Web Access. If these features are in use, Nasuni recommends opening this port to all clients/ranges. Note that these features must be enabled on the Nasuni Edge Appliance.
Port 8443 TCP: Used to administer the Nasuni Edge Appliance and Nasuni Management Console. Open to clients that need to use the Nasuni administration interface.
Ports 139 and 445 TCP: Open to clients that need to use SMB/CIFS.
Ports 111, 662, 875, 892, 2049, and 32803 TCP or UDP: Open to clients that need to use NFS.
Port 161 UDP: Open to clients that need to use SNMP.
Select “Create security group”.
In the “Security group name” text box, enter a name for this security group, such as “
Nasuni”.In the Description text box, enter a description for this security group, such as “
Nasuni appliance security”.Click “Add security group rule”. The new rule appears.
In the Port range text box, type
443.In the Source text box, type
0.0.0.0/0.Click “Add security group rule”. The new rule appears.
In the Port range text box, type
8443.In the Source text box, type
0.0.0.0/0.Tip: Add any other rules you need, as discussed above. Nasuni recommends restricting access to only the ports and incoming hosts that you use.
The “Configure storage” area is for configuring storage.
Figure 1-9: “Configure storage” area.
Note: The largest disk is the cache disk; the smallest disk is the COW (copy on write) disk.
The cache disk size should be at least 250 GB. The default cache disk size is 40 GB.
The maximum cache disk size is 1 TB (16 TB for SSDs).
The COW disk size should be at least 63 GB. The default COW disk size is 10 GB. You receive a warning if the COW disk becomes less than 25 percent of the cache disk.
Warning: DO NOT USE EPHEMERAL DISKS AS THE CACHE FOR A NASUNI EDGE APPLIANCE.
WHILE EPHEMERAL DISKS ARE LOW-COST STORAGE OPTIONS, THE DATA ON THEM IS VOLATILE, AND UTILIZING THEM FOR NASUNI CACHE OPERATIONS EXPOSES YOU TO THE LOSS OF UNPROTECTED DATA, IF THE VIRTUAL MACHINE USING THEM IS SHUT DOWN. EPHEMERAL DISKS CAN BE AUTOMATICALLY SELECTED FOR CACHE OPERATIONS IF THEY ARE THE LARGEST DISK ATTACHED TO THE VIRTUAL MACHINE WHEN THE NASUNI VIRTUAL MACHINE IS BOOTED.
SINCE EACH CLOUD PROVIDER HAS DIFFERENT POLICIES FOR ATTACHING EPHEMERAL DISKS TO VIRTUAL MACHINES, CONTACT YOUR PROVIDER FOR GUIDANCE REGARDING HOW TO CHECK FOR THIS CONDITION. IF YOU DO FIND EPHEMERAL DISKS ATTACHED TO AN EDGE APPLIANCE, CONTACT NASUNI SUPPORT TO DETERMINE IF THEY ARE BEING UTILIZED AS THE CACHE.
Configure the cache disk.
Enter the volume size in GiB.
The cache disk size should be at least 250 GB.
Select the type of volume for the disk.
For the cache disk, select the General Purpose SSD (gp3) volume for standard workloads; for intensive workloads, select the Provisioned IOPS SSD (io2) volume.
For the cache-on-write (COW) disk, select the Provisioned IOPS SSD (io2) volume.
Tip: You can change the Volume Type without rebooting the Edge Appliance or performing a recovery procedure on the Edge Appliance.
However, reducing the size of the cache disk does require performing a recovery procedure on the Edge Appliance.
Configure the COW disk.
Enter the volume size in GiB.
The COW disk size should be at least 63 GB. The cache-on-write (COW) disk should be 1/4 the size of the cache disk.
Select the type of volume for the disk.
For the cache-on-write (COW) disk, select the Provisioned IOPS SSD (io2) volume.
Tip: You can change the Volume Type without rebooting the Edge Appliance or performing a recovery procedure on the Edge Appliance.
Use the “Advanced details” area for additional configuration.
From the “Shutdown behavior” drop-down list, select Stop.
Caution: Ensure that “Shutdown behavior” is not set to Terminate because instance termination renders the Edge Appliance inoperable and can lead to data loss.
Placement groups can help to minimize the network latency between the Edge Appliance and EC2 workloads. By default, when launching a new EC2 instance, the EC2 service attempts to spread all your instances across underlying hardware to minimize correlated failures. However, this can lead to unnecessary latency, and can slow access for clients connecting via SMB or NFS.
Placement groups influence the placement of interdependent instances, at no additional charge.
AWS offers three placement group strategies. The Cluster placement group strategy works best to minimize latency. You can add the instance to an existing placement group, or create a new placement group with the Cluster placement group strategy.
You can also change the placement group for an instance, as described here.
Use the “Summary” area to verify and change configuration.
In the Number of Instances text box, enter the number of instances to launch. Using multiple instances can help you deal with issues such as performance, different uses or needs, different geographies or locations, and cache management.
Click “Launch instance”. The instance is launched.
Important: When using virtual machine Edge Appliances or NMCs, Nasuni recommends running under a hypervisor that is still supported by its vendor. If a customer runs an Edge Appliance or NMC on an unsupported hypervisor version, a warning is logged at boot time. The warning is of the form:
“Nasuni recommends running the Management Console on ESX 7.0 or later.”
Click “View all instances”. The Instances screen appears.
Figure 1-10: Instances screen.
If the Instances screen does not appear, click Instances in the left-hand column.
The new instances appear in the list of instances. Select the check box to the left of the instance. The state should be Running.
Details of the selected instance appear at the bottom of the screen. You can click the Status Checks, Monitoring, and Tags tabs to examine their information.
Note the Public IPv4 address. If the Public IPv4 address is not displayed, ensure that the virtual machine has started.
In your web browser, enter the following in the address bar and press Enter:
https://<Public IPv4 address>If the Public IPv4 address is not displayed, ensure that the virtual machine has started. It might take a few minutes before the new Nasuni Edge Appliance or Nasuni Management Console is available.
The Nasuni Edge Appliance or Nasuni Management Console is now installed and ready to access using the Public DNS address.
Tip: To access the NEA or NMC appliance using the serial console, instead of using the IP address obtained when installing the appliance, follow one of these procedures:
If the appliance is running on Amazon EC2, see instructions in EC2 Serial Console for Linux instances.
If the appliance is running on Google Cloud, see instructions in Troubleshooting using the serial console.
If the appliance is running on Microsoft Azure, see instructions in Azure Serial Console.
All supported hypervisors include a serial console that works with Nasuni. For other hypervisors, consult your vendor’s documentation for connection instructions.
Configuring the Nasuni Edge Appliance on EC2
You now use the Nasuni Edge Appliance Initial Configuration Guide to complete the configuration of the Nasuni Edge Appliance.
Important: Edge Appliances and the NMC must be configured with operational DNS servers and a time server (internal or external) within your environment.
In general, during this configuration, it is not necessary to change any of the network settings: leave the network interface/configuration as DHCP, and the traffic group as General. Only a single interface and traffic group are supported on EC2 images.
However, if the DHCP pool is not configured to provide DNS servers that can resolve records for Active Directory SRV records, you have several options:
In the System Settings area, from the Settings Source drop-down list, select “DHCP with custom DNS”, then specify the search domain and DNS server.
Alternatively, specify a Domain Controller in the Domain Settings for the Edge Appliance.
After the Nasuni Edge Appliance is running, if you need Nasuni Technical Support to help you with your EC2 instance, enable the Remote Support Service on the Services menu.
Configuring the Nasuni Management Console on EC2
You now use the Nasuni Management Console Guide to complete the configuration of the Nasuni Management Console.
Important: Edge Appliances and the NMC must be configured with operational DNS servers and a time server (internal or external) within your environment.
In general, during this configuration, it is not necessary to change any of the network settings: leave the network interface/configuration as DHCP, and the traffic group as General. Only a single interface and traffic group are supported on EC2 images.
However, if the DHCP pool is not configured to provide DNS servers that can resolve records for Active Directory SRV records, you have several options:
In the System Settings area, from the Settings Source drop-down list, select “DHCP with custom DNS”, then specify the search domain and DNS server.
Alternatively, specify a Domain Controller in the Domain Settings for the Nasuni Management Console.
After the Nasuni Management Console is running, if you need Nasuni Technical Support to help you with your EC2 instance, enable the Remote Support Service on the Console Settings menu.
Performance
For the Nasuni Edge Appliance, industry-standard NAS and SAN interfaces are not designed to be hosted on remote sites and attached over the public Internet. Nasuni recommends using only and Web Access over long distances. Nasuni also recommends only using the NAS and SAN protocols from clients that are hosted in the same infrastructure “near” the Nasuni Edge Appliance.
For the Nasuni Management Console, since all access is browser-based, there are no specific performance concerns.
Changing the size of the cache disk
You can change the size of the cache disk of the Nasuni Edge Appliance. This requires performing a reboot of the Nasuni Edge Appliance.
Tip: You can change the Volume Type without rebooting the Edge Appliance or performing a recovery procedure on the Edge Appliance.
Tip: Reducing the size of the cache disk does require performing a recovery procedure on the Edge Appliance.
To change the size of the cache disk, follow these steps:
Launch the Amazon Web Services EC2 console at https://console.aws.amazon.com/ec2/. The EC2 Dashboard page appears. Log in using your credentials.
Click Instances in the left-hand column. The Instances screen appears.
For the instance whose cache you want to change, copy the Instance ID.
Click Volumes (disks) in the left-hand column. The Volumes screen appears.
Paste the Instance ID in the Filter text box. The volumes (disks) for this instance appear in a list.
Note: On this screen, the largest EBS is the cache disk; the smallest EBS is the COW (copy on write) disk.
The cache disk size should be at least 250 GB. The default cache disk size is 40 GB.
The maximum cache disk size is 1 TB (16 TB for SSDs).
The COW disk size should be at least 63 GB. The default COW disk size is 10 GB. You receive a warning if the COW disk becomes less than 25 percent of the cache disk.
Select the volume (disk), click Actions, then select Modify Volume from the drop-down list. The Modify Volume dialog box appears.
Change the Size of the volume (disk) to the new value, then click Modify, then click Yes. The size of the volume (disk) changes to the new value. You might need to refresh the display to see the new value.
Reboot the Edge Appliance.