Chapter 2: Configuring the Nasuni Edge Appliance

Overview

This chapter explains how to configure the Nasuni Edge Appliance on your network.

Before following the steps in this chapter, ensure that the Nasuni Edge Appliance has been set up by an IT specialist. To set up a Nasuni Edge Appliance hardware appliance, see the Hardware Getting Started Guide for the specific hardware appliance. To set up a Nasuni Edge Appliance on the Microsoft Azure or Amazon EC2 cloud platforms, see Installing on Microsoft Azure or Installing on Amazon EC2. For installation instructions for a virtual machine platform, see Installing on Hyper-V, Installing on Nutanix, Installing on Scale HyperCore, or Installing on VMware. See “Product Documentation” on page 8.

Before you begin, you should have the initial IP address of your Nasuni Edge Appliance from either the hardware appliance or virtual machine installation.

Important: Installing third-party software on Nasuni appliances is not allowed.

Connecting with the Nasuni Edge Appliance

You should have an initial IP address from the installation of your Nasuni Edge Appliance on either a hardware appliance or a virtual machine. This IP address should be provided by the IT specialist who initially set up the Nasuni Edge Appliance.

Open a Web browser and enter the IP address using this command:

https://<IP address>:   8443

where <IP address> is the IP address.

Tip: To access the NEA or NMC appliance using the serial console, instead of using the IP address obtained when installing the appliance, follow one of these procedures:

• If the appliance is running on Amazon EC2, see instructions in EC2 Serial Console for Linux instances.

• If the appliance is running on Google Cloud, see instructions in Troubleshooting using the serial console.

• If the appliance is running on Microsoft Azure, see instructions in Azure Serial Console.

All supported hypervisors include a serial console that works with Nasuni. For other hypervisors, consult your vendor’s documentation for connection instructions.

Tip:   When you attempt to access the Nasuni Edge Appliance Home page for the first time, a message might appear indicating that the security certificate is not trusted. You can still access the site to proceed with the initial configuration procedure.

Tip:   With a new Edge Appliance in an account that already has remote volumes with Read/Write permissions, it can initially take up to 20 minutes before these remote volumes appear in the list of volumes. It takes time to fetch the necessary information for the remote volumes.

Continue with the next section, “SSL Security Certificate” on page 15.

SSL Security Certificate

By default, the Nasuni Edge Appliance is preloaded with a self-signed SSL certificate that is unique to the Nasuni Edge Appliance. For this reason, when you attempt to access the Nasuni Edge Appliance Home page for the first time, a message might appear indicating that the security certificate is not trusted. You can still access the site to proceed with the initial configuration procedure.

Note: To add a new SSL certificate, see “SSL Server and Client Certificates” in the Nasuni Edge Appliance Administration Guide.

Example using Mozilla Firefox

This is an example of what you might see using the Mozilla Firefox Web browser:

1. Open a Web browser and enter the IP address provided by the IT specialist who initially set up the Nasuni Edge Appliance. The This Connection is Untrusted page appears.

   

2. Click I Understand the Risks. An expanded version of the This Connection is Untrusted page appears.

   

3. Click Add Exception. The Add Security Exception dialog box appears.

   

4. Click Get Certificate.

5. Click Confirm Security Exception.

6. Open a Web browser and enter the IP address again.

7. Continue with “Network Settings” on page 18.

Example using Google Chrome

This is an example of what you might see using the Google Chrome Web browser:

1. Open a Web browser and enter the IP address provided by the IT specialist who initially set up the Nasuni Edge Appliance. The “Your connection is not private” page appears.

   

2. Click Advanced. The “Your connection is not private” Advanced pane appears.

   

3. Click Proceed.

4. Continue with “Network Settings” on page 18.

Network Settings

The next step is to configure network parameters. This section gives general information about traffic groups, and specific procedures for configuring the network settings.

Note: IPv6 is not supported.

Important: Edge Appliances and the NMC must be configured with operational DNS servers and a time server (internal or external) within your environment.

Traffic Groups

Three default traffic groups are available, but you can change the purpose and the name of each traffic group:

• General: All traffic is in the General traffic group, unless explicitly assigned to a different traffic group. Systems with only one network interface card (NIC) always use the General traffic group. This traffic group is not for any specific purpose.

• Management: The Management traffic group limits access to the assigned interfaces of the Nasuni Edge Appliance to administrative access only.

• External: The External traffic group designates a set of interfaces that carry only Web Access traffic.

Note: You use the Firewall configuration page to configure what kind of traffic the Nasuni Edge Appliance accepts on each traffic group.

You cannot combine traffic from two or more traffic groups together.

Note: If a proxy is defined such that it is on one of the networks local to the Nasuni Edge Appliance, this local proxy is used for cloud traffic, Remote Support traffic, and Nasuni Data API traffic. Traffic flows on whichever interface can reach the local proxy.

Bonding. If you assign more than one device to the same traffic group, the assigned devices are “bonded” for that traffic group. A bonded interface is a virtual network interface that runs on two or more physical interfaces. The Nasuni Edge Appliance uses bonding mode 5 (balance-tlb) for high-availability (HA) networking with a performance enhancement when sending packets. This has no requirement from the switches. To change this bonding mode, request Nasuni Support to configure the Bonding Mode setting. 

Bonding also provides failover benefits. This bonding mode monitors the state of the network interface cards (NICs) that are in the bond: if the active device fails, it switches to a different active device. In addition, when transmitting a packet, the system determines (using an internal metric) which device in the bond is least busy, and transmits the packet using that device. When the host sends a packet to the Nasuni Edge Appliance, the packet always goes to the active device.

Network switch ports to which bonded Nasuni Edge Appliance ports are attached must be configured as switch port access with trunk access disabled. Any switch port where a bonded Nasuni Edge Appliance port is attached should also not be bridged with any other Nasuni Edge Appliance port.

Note: Nasuni supports either Balance-TLB or the Link Aggregation Control Protocol (LACP) to bond several physical ports together to form a single logical channel. While Balance-TLB is the default, LACP allows a network device to negotiate an automatic bundling of links. If your switch supports LACP, Nasuni recommends using LACP as a best practice. To enable LACP, request Nasuni Support to configure the Bonding Mode setting.

The Spanning Tree's blocking, listening, and learning stages should be disabled or bypassed on all switch ports to which a bonded Nasuni Edge Appliance port is attached. (Cisco switches have a feature called PortFast that is used to disable these Spanning Tree stages on a port-by-port basis.)

Bonded Nasuni Edge Appliance port members may also be split across more than one switch in order to achieve switch redundancy. However, all switch ports that are attached to members of the same bond must comprise a single broadcast domain (namely, the same VLAN) configured on the switch port.

Additionally, if problems exist after deploying a Nasuni Edge Appliance bond across more than one switch, reattach all bond members to the same switch. If the problems disappear, then the cause of the problem resides in the configuration of the switches and not in the configuration of the Nasuni Edge Appliance.

Basic Configuration. Put all available NICs into the General traffic group. The Nasuni Edge Appliance uses a single IP address, and all types of traffic use that IP address. Traffic leaving the LAN uses a default gateway available on this LAN.

Separating client and cloud traffic. Divide the NICs into General and External traffic groups.
The Nasuni Edge Appliance uses one IP address for serving CIFS (SMB), NFS, and FTP traffic, along with the user interface and management protocols.
The Nasuni Edge Appliance uses another IP address for Web Access. The default gateway must be specified on the LAN that the External traffic group uses.

Separating data and management traffic. Divide the NICs into General and Management traffic groups. The Nasuni Edge Appliance uses one IP address for serving CIFS (SMB), NFS, and FTP traffic in addition to communicating with cloud APIs, and a different IP address for the user interface and management protocols. This configuration expects that administrators use a separate “back plane” network to manage devices more securely.

Sample network topologies.

This example is for General traffic only.

This example is for General and External traffic.

This example is for General and Management traffic.

This example is for General, External, and Management traffic.

Configure Network Settings

Important: Edge Appliances and the NMC must be configured with operational DNS servers and a time server (internal or external) within your environment.

To configure network settings for the Nasuni Edge Appliance:

1. After you add a security certificate, or proceed without adding a security certificate, the Enter the Network Parameters for this Filer page appears.

   

2. In the Host Name or FQDN box, a default hostname for the Nasuni Edge Appliance appears. You can accept the default hostname or change it to a customized hostname. Enter the hostname (15 characters or less) or Fully Qualified Domain Name (64 characters or less) for this Nasuni Edge Appliance. The name that you enter is the name that you provide to users so they can access the Nasuni Edge Appliance. You can use ASCII letters a through z, digits 0 through 9, and hyphens.

   Note: If joining a Nasuni Edge Appliance to Active Directory, Nasuni recommends using the fully qualified domain name with the hostname, using lower-case letters and periods, such as filer.domain.com.
   If the Nasuni Edge Appliance would never join Active Directory, you can use the hostname without the domain name.

   Note: Limits on domains, groups, users, objects, and other items are the same as the limits of Active Directory. See Active Directory Maximum Limits - Scalability for details.

   Note: The Nasuni Edge Appliance attempts to register the hostname in the DNS server, so that users can access this host by name.

   To change this name later, see “Network Configuration” in the Nasuni Edge Appliance Administration Guide.

3. In the Network Interface Settings area, for each Device in the list, select the Traffic Group from the drop-down list. 

   

   You can define your own traffic groups. See step 4 below. See “Traffic Groups” on page 18 for details about traffic groups.

   Tip: If any network interfaces are not in use, set them to “Disabled”.

4. Also in the Network Interface Settings area, to configure each Traffic Group, click Edit beside the Traffic Group. The Network Settings page appears.

   

5. From the Network Type drop-down list, select either Static or DHCP.

   If you select DHCP (Dynamic Host Configuration Protocol), the IP Address, Netmask, and MTU Value fields become unavailable.

   Note: DHCP might not be enabled on more than one traffic group.

   Important: If installing on the Google Compute Platform (GCP), use Static and not DHCP.
   If DHCP is selected, the new Edge Appliance can reach appliances outside the local GCP subnet, but is unable to reach local appliances on the same subnet.

   If you select Static, you must provide Network Interface Settings and System Settings. See your IT administrator for assistance. Enter the following information:

   • Enter the static IP address in the IP Address text box. The address of a static device must not already be present on the network. The Nasuni Edge Appliance verifies this and displays an error if a collision is detected.

     Ensure that the IP address you are using is not in use elsewhere.

     Note: If you define more than one static device, the Nasuni Edge Appliance checks that the subnets specified do not appear more than once.

     Important: If you change the IP address, also do the following:

     • Update Firewalls with the new IP address.

     • Update DNS entries so that they resolve the Edge Appliance with the new IP address.

     • Re-join the Domain after changing the IP address.You might need to remove the old computer object.

   • Enter a netmask address in the Netmask text box.

   • Enter the MTU value in the MTU Value text box.

     Tip: MTU settings should not exceed 1500.

     The maximum transmission unit (MTU) is the size (in bytes) of the largest protocol data unit that the layer can pass onwards. A larger MTU brings greater efficiency, because each packet carries more user data, while protocol overheads, such as headers, remain fixed; the resulting higher efficiency means a slight improvement in the bulk protocol throughput. A larger MTU also means processing fewer packets for the same amount of data. However, large packets can occupy a slow link for some time, causing greater delays to following packets, and increasing lag and minimum latency.

   • (Optional) You can specify a gateway for each traffic group. This gateway is used to return traffic for clients outside one of the Nasuni Edge Appliance's local networks that do not use the default gateway. In the Gateway text box, enter the IP address for the gateway.

   • Click OK to use these values. Click Cancel to exit this page without making any changes.

6. In the System Settings area, from the Settings Source drop-down list, select one of the following:

   

   • DHCP (Dynamic Host Configuration Protocol): Provides a network IP address for a host on an IP network automatically. The Default Gateway, Search Domain, Primary DNS Server, and Secondary DNS Server fields become unavailable.

     Important: If installing on the Google Compute Platform (GCP), use Static and not DHCP or DHCP with custom DNS.
     If DHCP or DHCP with custom DNS is selected, the new Edge Appliance can reach appliances outside the local GCP subnet, but is unable to reach local appliances on the same subnet.

   • DHCP with custom DNS: Provides a network IP address for a host on an IP network automatically. The Default Gateway field becomes unavailable.

     Important: If installing on the Google Compute Platform (GCP), use Static and not DHCP or DHCP with custom DNS.
     If DHCP or DHCP with custom DNS is selected, the new Edge Appliance can reach appliances outside the local GCP subnet, but is unable to reach local appliances on the same subnet.

     Enter the following information:

     • Enter one or more local search domains in the Search Domain text box, each separated by a space. You must enter valid hostnames.

       You can use search domains to avoid typing the complete address of domains that you use frequently. The search domains that you enter are automatically appended to names that you specify for purposes such as Active Directory configuration, HTTPS proxy, and NTP server. For example, if you specify the search domain “mycompany.com”, then typing “server1” for one of these purposes would connect to “server1.mycompany.com”.

     • Enter the IP address for your primary DNS server in the Primary DNS server text box. You must enter a valid hostname or IP address.

     • Enter the IP address for your secondary DNS server in the Secondary DNS server text box (if applicable). You must enter a valid hostname or IP address.

   • Static: Address information must be entered manually. Enter the following information:

     • Enter a default gateway address in the Default Gateway text box.
       The gateway address must match a subnet of a defined static network.

     • Enter one or more local search domains in the Search Domain text box, each separated by a space. You must enter valid hostnames.

       You can use search domains to avoid typing the complete address of domains that you use frequently. The search domains that you enter are automatically appended to names that you specify for purposes such as Active Directory configuration, HTTPS proxy, and NTP server. For example, if you specify the search domain “mycompany.com”, then typing “server1” for one of these purposes would connect to “server1.mycompany.com”.

     • Enter the IP address for your primary DNS server in the Primary DNS server text box. You must enter a valid hostname or IP address.

     • Enter the IP address for your secondary DNS server in the Secondary DNS server text box (if applicable). You must enter a valid hostname or IP address.

7. To configure a proxy in order to reach HTTPS resources on the Internet, select the Configure A Proxy check box.
   On Azure-based Edge Appliances only, during a reboot or recovery procedure, it is necessary to connect with IP address 169.254.169.254 in order to obtain information about the Azure VM instance. If you have configured an HTTPS proxy, this attempt to connect can cause a delay of several minutes. To avoid this delay, add the IP address 169.254.169.254 to the “Do Not Proxy” section of the HTTPS Proxy configuration.

8. To proceed, click Continue.

9. The Review the Network Settings page appears.

   

   To accept the network settings, click Continue. To return to the previous page to change network settings, click Back.

10. The Configuring Network Settings page appears.

    

11. You are automatically directed to the specified IP address (or you can click the link “here”).

12. If there is a more recent version than the version that you are attempting to install, the Software Update page appears.

    

    To apply the suggested update, select “Apply the update” and click Continue. The update is installed.
    Otherwise, make sure that “Apply the update” is not selected, and click Continue.

13. If you selected “Apply the update”, the Applying Updates page appears.

    

    The update is installed.

    Tip: The Web-based display might update several times during the installation of the update. Because some Web browsers cache the display, we recommend clearing the browser cache.

After the update and reboot are complete, you are directed to the next step of the wizard. Alternatively, you can click the link “here” to proceed to the next step and wait for the reboot to finish.

Continue with “Setting Up Your Nasuni Edge Appliance” on page 39.

Setting Up Your Nasuni Edge Appliance

After configuring the network settings for the Nasuni Edge Appliance, you must enter your Nasuni.com serial number and authorization code, accept the end-user license agreement, and create a user name and password for the user who is a Filer Administrator of the Nasuni Edge Appliance.

Important: Internet connectivity (HTTPS port 443) is a prerequisite for setting up the Nasuni Edge Appliance, or to update software during the installation.

Important: Edge Appliances and the NMC must be configured with operational DNS servers and a time server (internal or external) within your environment.

Important: Installing third-party software on Nasuni appliances is not allowed.

To set up your Nasuni Edge Appliance:

1. After you have configured your network, open the specific URL to continue. The “Enter your serial number and authorization code” wizard page appears.

   

2. Enter a Filer Serial Number and Authorization code, found under the Account section of www.nasuni.com, or on the Account Status page of the Nasuni Management Console. For a new installation, choose an unused Filer Serial Number. To recover a prior installation, such as during disaster recovery, choose the Filer Serial Number of the prior installation. Click Continue to proceed.

   Important: Authorization codes (also called “Auth codes”) are intended for a single use, and are not permanent. Authorization codes change if the associated serial number is used successfully, if the authorization code is refreshed via the NMC (Account Status --> Serial Numbers, then click Refresh), and if the authorization code is regenerated via the NOC (visit https://account.nasuni.com/account/serial_numbers/, then click show, then click regen).

   Note: If the administrative account for this Nasuni Edge Appliance was reset (such as, for a forgotten password), and this Nasuni Edge Appliance was under the control of the Nasuni Management Console, and if you are using the Filer Serial Number for that prior installation, you must wait 1 hour from the time that you reset the administrative account for the Nasuni Edge Appliance before entering the Filer Serial Number and Authorization code and clicking Continue.

3. If this is a new Nasuni Edge Appliance, the “Add a New Nasuni Filer to your account” page appears.

   

   To add the new Nasuni Edge Appliance, type the words “Install New Filer” (without the quotation marks) in the Confirmation text box, then click Continue.

4. If a more recent version of the Nasuni Edge Appliance software is available, a page appears to notify you. Click Continue. A second page appears to notify you of the progress of the software update.

5. The “Accept the Terms of Service and License Agreement” page appears.

   

   You can print or download a copy of the Terms of Service and License Agreement by clicking the appropriate icon.

   Select “I accept the Terms of Service”, then click Continue.

6. The “Enter or accept Filer Name” page appears.

   

   To change the name (or description) of the Nasuni Edge Appliance, enter a new Nasuni Filer Name. A descriptive and distinctive name helps users and administrators to identify and distinguish specific Nasuni Edge Appliances. Otherwise, leave the Nasuni Filer Name unchanged. Click Continue.

   Caution: Avoid using characters that systems, such as Active Directory, specify as disallowed, including period (.), backslash (\), forward slash (/), colon (:), asterisk (*), question mark (?), quotation mark ("), less than sign (<), greater than sign (>), percent (%), and vertical bar (|). Errors can occur for Nasuni Edge Appliances whose names include such characters. For example, it might not be possible to configure the Nasuni Edge Appliance for Active Directory access. You can change the name of the Nasuni Edge Appliance to avoid such characters.

7. If this account has a Nasuni Management Console installed, a page appears asking if you want this Nasuni Edge Appliance to join the Nasuni Management Console.

8. The “Enter a username and password for Administration of this Filer” page appears.

   

   1. Set up an administrator for the new Nasuni Edge Appliance by creating a Username (case-sensitive) and a Password (case-sensitive). An indicator of password strength appears. Although password strength is not enforced, you should use strong passwords. The newly defined user is automatically a member of the Filer Administrators permission group for this Nasuni Edge Appliance.

   2. Click Continue.

9. The “You’re almost ready to go!” window appears.

   

   Click OK to close the window.

10. The Nasuni Edge Appliance Home page appears. See “Nasuni Edge Appliance Home Page” on page 37.

For further information about using the Nasuni Edge Appliance, see the Nasuni Edge Appliance Administration Guide. If this account has a Nasuni Management Console installed, see the Nasuni Management Console Guide for information on using the Nasuni Management Console to configure and manage this Nasuni Edge Appliance.

For details on accessing volumes, see Chapter 3, “Accessing Volumes,” on page 38.

Nasuni Edge Appliance Home Page

The Nasuni Edge Appliance Home page appears in your Web browser. 

After you access data volumes (as described in Chapter 3, “Accessing Volumes,” on page 38), you can begin using the Nasuni Edge Appliance as a NAS device. See the Nasuni Edge Appliance Administration Guide for details on using all product features.