Chapter 3: Accessing Volumes

Overview

This chapter explains how to access volumes, including CIFS shares, NFS exports, and FTP/SFTP directories. After you access volumes, you can get up and running quickly with the Nasuni Edge Appliance and start using it on your network as a NAS or SAN device.

Tip: With a new Edge Appliance in an account that already has remote volumes with Read/Write permissions, it can initially take up to 20 minutes before these remote volumes appear in the list of volumes. It takes time to fetch the necessary information for the remote volumes.

Tip: For Nasuni recommendations for volume configuration, see “Volume Configuration” on page 80.

Cloud Credentials

Before creating or using volumes, you must configure the Nasuni Edge Appliance to use the storage you have arranged for this purpose.

Nasuni enables customers to execute a multi-cloud IT strategy and select the most appropriate object storage for their business by offering support for the leading private and public cloud (aka BYOC) storage platforms, including Amazon Simple Storage Service (Amazon S3), Dell EMC Elastic Cloud Storage (ECS), Hitachi Content Platform (HCP), IBM Cloud Object Storage, and Microsoft Azure Storage.

Cloud credentials define the connection between the Nasuni Edge Appliance and the cloud object storage provider. They generally consist of the location of the cloud object storage provider, as well as access keys and identification.

Important: You must create and maintain your own cloud object storage account. Nasuni does not have access to your cloud object storage account.

Tip: In the Nasuni model, customers provide their own cloud accounts for the storage of their data. Customers should leverage their cloud provider's role-based access and identity access management features as part of their overall security strategy. Such features can be used to limit or prohibit administrative access to the cloud account, based on customer policies.

Tip: You must configure cloud credentials before adding a volume that uses those cloud credentials.

Tip: If you have a requirement to change Cloud Credentials on a regular basis, use the following procedure, preferably outside office hours:

Obtain new credentials. Credentials typically consist of a pair of values, such as Access Key ID and Secret Access Key, Account Name and Primary Access Key, or User and Secret.
On the Cloud Credentials page, edit the cloud credentials to use the new credentials.
The change in cloud credentials is registered on the next snapshot that contains unprotected data.
Manually performing a snapshot also causes the change in cloud credentials to be registered, even if there is no unprotected data for the volume.
After each Edge Appliance has performed such a snapshot, the original credentials can be retired with the cloud provider.
Warning: Do not retire the original credentials with the cloud provider until you are certain that they are no longer necessary. Otherwise, data might become unavailable.

Viewing cloud credentials

To view cloud credentials:

On a Nasuni Edge Appliance, click Configuration, then select Cloud Credentials from the menu. The User Provided Cloud Credentials page displays a list of cloud credentials.
Figure 3-1: User Provided Cloud Credentials page.
The following information appears for each set of credentials in the list:
- Name: The name of the set of credentials.
- Provider: The cloud provider.
- Used by: The volumes that use the cloud credentials.
- Notes: Information provided by the user about the connection with the cloud provider.
- Actions: Actions available for each set of credentials.

Adding or editing cloud credentials

To add or edit cloud credentials:

On a Nasuni Edge Appliance, click Configuration, then select Cloud Credentials from the menu. The User Provided Cloud Credentials page displays a list of cloud credentials.
Figure 3-2: User Provided Cloud Credentials page.
The following information appears for each set of credentials in the list:
- Name: The name of the set of credentials.
- Provider: The cloud provider.
- Used by: The volumes that use the cloud credentials.
- Notes: Information provided by the user about the connection with the cloud provider.
- Actions: Actions available for each set of credentials.
To add new credentials, click Add New Credentials and select the platform.
Alternatively, to edit existing credentials, click Edit for the credentials to edit.
Tip: Be careful changing existing credentials. The connection between a Nasuni Edge Appliance and the cloud object storage provider could become invalid, causing loss of data access. Credential editing is to update access after changes to the cloud object storage parameters.
A page appropriate to your selected platform appears. We show the page for Microsoft Azure cloud credentials as an example only.
Figure 3-3: Add Windows Azure Credentials page.
Enter the credentials for your platform.
For Amazon Simple Storage Service (Amazon S3), credentials include the following:
Tip: For Amazon S3 GovCloud, see next section below.
- Name: A name for this set of credentials, which is used for display purposes.
- Access Key ID: The Amazon S3 Access Key ID for this set of credentials.
- Secret Access Key: The Amazon S3 Secret Access Key for this set of credentials.
- Hostname: The cloud object storage endpoint hostname. When using the default AWS S3 hostname (s3.amazonaws.com), Edge Appliances validate credentials against us-east-1 and automatically select the region-specific hostname during volume creation. For private endpoints or S3-compatible storage providers, enter the required hostname.
- Verify SSL Certificates: For self-signed certificates, certificates generated with a private root CA, or a default certificate: Off. For fully valid SSL certificate: On.
- Notes: Optional information to save.
- Skip Validation (on NMC): For Edge Appliances running version 9.12 or later, select whether to bypass validation when saving new or unused credentials. Skipping validation saves processing.
  Note: Even if “Skip Validation” is selected, validation always occurs before a volume is created.
  Tip: After using unvalidated credentials to create a new volume, confirm that snapshots are working.

For Amazon S3 GovCloud, credentials include the following:

Tip: For Amazon S3, see previous section above.

Name: A name for this set of credentials, which is used for display purposes.
Access Key ID: The Amazon S3 Access Key ID for this set of credentials.
Secret Access Key: The Amazon S3 Secret Access Key for this set of credentials.
Hostname: The hostname for the location of the cloud service provider.
For the GovCloud East region, use s3.us-gov-east-1.amazonaws.com
For the GovCloud West region, use s3.us-gov-west-1.amazonaws.com
Verify SSL Certificates: For self-signed certificates, certificates generated with a private root CA, or a default certificate: Off. For fully valid SSL certificate: On.
Notes: Optional information to save.

For Dell EMC Elastic Cloud Storage (ECS), credentials include the following:

Name: A name for this set of credentials, which is used for display purposes.
Access Key ID: The user name recognized by the Dell EMC Elastic Cloud Storage (ECS) system for this set of credentials.
Secret Access Key: The object data store key from the Dell EMC Elastic Cloud Storage (ECS) UI for this set of credentials.
Hostname: The hostname for the location of the cloud service provider.
Path-Based Addressing should be used with ViPR/ECS. If using a namespace, add it to the end of the path: vipr1.yourco.com/mynamespace
Verify SSL Certificates: For self-signed certificates, certificates generated with a private root CA, or a default certificate: Off. For fully valid SSL certificate: On.
Notes: Optional information to save.

For Google Cloud Storage, credentials include the following:

Name: A name for this set of credentials, which is used for display purposes.
Access Key ID: The Google Cloud Storage Access Key ID for this set of credentials.
Secret Access Key: The Google Cloud Storage Secret Access Key for this set of credentials.
Hostname: The hostname for the location of the cloud service provider. The default hostname is storage.googleapis.com
Verify SSL Certificates: Use the default On setting.
Notes: Optional information to save.

For Hitachi Content Platform (HCP), credentials include the following:

Name: A name for this set of credentials, which is used for display purposes.
Access Key ID: The Base64-encoded username for your user account for the Hitachi Content Platform (HCP) system for this set of credentials. This is the left-hand part of the authorization token.
Secret Access Key: The object data store key from the Hitachi Content Platform (HCP) UI for this set of credentials. This is the right-hand part of the authorization token.
Hostname: The public endpoint URL of the region supplied by your public cloud (aka BYOC) storage provider.
Verify SSL Certificates: For self-signed certificates, certificates generated with a private root CA, or a default certificate: Off. For fully valid SSL certificate: On.
Notes: Optional information to save.

For IBM Cloud Object Storage, credentials include the following:

Name: A name for this set of credentials, which is used for display purposes.
User: The IBM Cloud Object Storage Username for this set of credentials. “Vault Provisioner” access must be enabled.
Secret: The IBM Cloud Object Storage Password for this set of credentials.
Hostname: The dsNet Accesser IP address.
Verify SSL Certificates: For self-signed certificates, certificates generated with a private root CA, or a default certificate: Off. For fully valid SSL certificate: On.
Notes: Optional information to save.

For Microsoft Azure, credentials include the following:

Tip: For Microsoft Azure Gov Cloud, see next section below.

Name: A name for this set of credentials, which is used for display purposes.
Account Name: The Microsoft Azure Storage Account Name for this set of credentials.
Primary Access Key: The Microsoft Azure Primary Access Key for this set of credentials.
Hostname: The hostname for the location of the cloud service provider. Use the default setting: blob.core.windows.net
Verify SSL Certificates: For self-signed certificates, certificates generated with a private root CA, or a default certificate: Off. For fully valid SSL certificate: On.
Notes: Optional information to save.

For Microsoft Azure Gov Cloud, credentials include the following:

Name: A name for this set of credentials, which is used for display purposes.
Account Name: The Microsoft Azure Storage Account Name for this set of credentials.
Primary Access Key: The Microsoft Azure Primary Access Key for this set of credentials.
Hostname: The hostname for the location of the cloud service provider. Use: blob.core.usgovcloudapi.net
Verify SSL Certificates: For self-signed certificates, certificates generated with a private root CA, or a default certificate: Off. For fully valid SSL certificate: On.
Notes: Optional information to save.

Click Save Credentials. The configured credentials are saved.

At this point, you can begin adding volumes that use these cloud credentials to a Nasuni Edge Appliance. Volume creation, volume connection, and credentials verification can each take up to 2 minutes.

Deleting cloud credentials

To delete cloud credentials:

On a Nasuni Edge Appliance, click Configuration, then select Cloud Credentials from the menu. The User Provided Cloud Credentials page displays a list of cloud credentials.
Figure 3-4: User Provided Cloud Credentials page.
For the set of cloud credentials that you want to delete, click Delete. The “Delete Cloud Credentials Confirmation” page appears.
Figure 3-5: Delete Cloud Credentials Confirmation page.
Verify that the correct set of cloud credentials is being deleted.
Enter the Username and Password for a user who has the authority to perform this action.
Click Delete Credentials.
The selected set of cloud credentials are deleted.

Folder and File Access Permissions in Windows

Tip: Windows share permissions are not Nasuni share permissions. Changing Windows share permissions, for example, on the “Share Permissions” tab in File Explorer, does not change Nasuni share permissions.

Special default permissions are applied to these folders and files:

.nasuni
.nasuni/sync_logs/
Files in .nasuni/sync_logs/
.nasuni/av_violations/
Files in .nasuni/av_violations/
.nasuni/file_alerts/
Files in .nasuni/file_alerts/
.nasuni/audit/
Files in .nasuni/audit/

Caution: Do not change the permissions on these folders or files unless it is absolutely necessary. Use caution when changing any permissions. Incorrect permissions can cause problems in access and processing.

Tip: To access the hidden .nasuni directory on an SMB share, you must be an administrative user.
Because the .nasuni directory is located in the root directory of the volume, in order to access the .nasuni directory, you must create a share to the root directory of the volume.
In addition, this hidden directory must be visible on the client machine. For example, in Windows, “Show Hidden Files, folders, and drives” must be enabled, and “Hide protected operating system files” must be disabled.
Alternatively, you can use the File System Browser to view the .nasuni directory and its contents. On the File System Browser page, select the volume, click the gear icon, then select “Show Hidden Files”.

In Windows, using Active Directory security, all users have Read permission for all files and all folders under the topmost .nasuni folder. However, unless a user also has Read permission for the topmost .nasuni folder, that user cannot access any of those files or folders under the topmost .nasuni folder. By default, only a Filer Administrator has Read permission for the topmost .nasuni folder. If a Filer Administrator wants to allow a user to view the files, the Filer Administrator should change the permission on the topmost .nasuni folder for that user.

Tip: In Windows, if a folder gives permission to the group “Everyone”, unprivileged users might not be able to access the folder. Instead, Nasuni recommends that you assign users to another group that has the desired permission for the folder.

Tip: If you are using Active Directory authentication and your Nasuni Edge Appliance is joined to an Active Directory server that has Windows Server 2012 domain controllers, and the following conditions occur:
• The Windows Server 2012 domain controller has Resource SID compression enabled,
• The client accesses the Nasuni Edge Appliance CIFS volume by hostname,
• The user client is authenticating using access to the CIFS volume based on membership in a domain local group, then the user is denied access to the CIFS volume.

Mapping a Windows Network Drive to a CIFS Share

You can map a Windows network drive to a CIFS share on the Nasuni Edge Appliance.

Note: You must have share privileges to access the folder on the Nasuni Edge Appliance and map a network drive to it. See “Adding a New CIFS (SMB) Share to a Volume” and “Editing a SMB (CIFS) Share” in the Nasuni Edge Appliance Administration Guide for more details.

Tip: Hard links, junctions, and symbolic links (including Windows junctions and hard links) are not supported with SMB (CIFS) shares.

Tip: If using the Windows “net use” command, ensure that the user name is expressed in the form
/user:[DomainName\]UserName]
or
/user:[DottedDomainName\]UserName
For example:
net use r: \\1.1.1.1\Volume_HW_filer /user:mydomain.mycompany.com\user_person password

Tip: Before adding data to a Nasuni Edge Appliance, it is a Best Practice to clean up historical and orphaned SIDs. This can help prevent later difficulties with permissions. For more details, see Permissions Best Practices.

To map a Windows network drive to a CIFS share:

In Windows, right-click My Computer.
Select Map Network Drive. The Map Network Drive dialog box appears.
Figure 3-6: Map Network Drive dialog box.
From the Drive drop-down menu, select an available network drive letter to map the share to. An unused network drive letter is automatically selected.
From the Folder drop-down list, select a shared folder on the Nasuni Edge Appliance.
Alternatively, in the Folder text box, enter the IP address or URL of a shared folder on the Nasuni Edge Appliance. For example, \\10.1.10.97\files.
Alternatively, click Browse to navigate to the IP address or URL of a shared folder on the Nasuni Edge Appliance. For example, \\10.1.10.97\files.
Caution: The maximum length of a file name is 255 bytes.
In addition, the length of a path, including the file name, must be less than 4,000 bytes.
Since the UTF-8 representation of characters from some character sets can occupy several bytes, the maximum number of characters that a file path or a file name might contain can vary.
If a particular client has other limits, the smaller of the two limits applies.
If prompted for a username and password, use a username that has data access permissions.
Tip: For some Windows platforms, it might be necessary to use
<hostname>\<username> instead of the username, where <hostname> is the IP address or hostname of the Nasuni Edge Appliance.
Click Finish.
With Windows Explorer, select the network drive letter that you mapped. For example:
Figure 3-7: Sample mapped drive.
Tip: Alternatively, you can enter the path for the share folder or IP address in the address bar of Windows Explorer instead of using the Map Network Drive dialog box.
Open the drive, then drag and drop files that you want to send to the Nasuni Edge Appliance. You can now open these files and do your work from this mapped drive. By default, snapshots of unshared volumes are taken every hour (every 5 minutes for shared volumes) to provide you with a backup of your work.

Accessing data using the FTP protocol

If the FTP/SFTP protocol has been enabled for a volume, and FTP/SFTP directories have been added to a volume, you can use FTP/SFTP commands and various applications to access that data.

Note: Nasuni supports SFTP, the SSH File Transfer Protocol. This is not the same as FTPS, the File Transfer Protocol over SSL.

Tip: You can ensure that the SFTP (SSH File Transfer Protocol) protocol is used, rather than the FTP protocol, with the Firewall page in the Edge Appliance UI. For each Traffic Group, select SFTP and deselect FTP.

Tip: In order to access data using the FTP/SFTP protocol, the following steps are necessary:

Create a CIFS or NFS volume. See “Adding a Volume” in the Nasuni Edge Appliance Administration Guide.
Enable the FTP protocol on the volume. See “Enabling multiple volume protocols” on page 199 in the Nasuni Edge Appliance Administration Guide.
(Optional) Configure FTP settings. See “Configuring FTP settings” on page 315 in the Nasuni Edge Appliance Administration Guide.
Add a new FTP/SFTP directory. See “Adding FTP directories for a volume” on page 190 in the Nasuni Edge Appliance Administration Guide.
(Optional) Create a permission group that has storage access. See “Adding Permission Groups” on page 395 in the Nasuni Edge Appliance Administration Guide.
(Optional) Create a user in a permission group that has storage access. See “Adding Users” on page 402 in the Nasuni Edge Appliance Administration Guide. Active Directory and LDAP users can log in for FTP access just as they do for CIFS access. Also, if anonymous access is enabled, you don't need a specific group or user.
Access files using the FTP/SFTP protocol.

To access data using FTP commands, use commands such as these:

Enter the following FTP command:
ftp <filer DNS | filer IP>
where <filer DNS | filer IP> is the DNS or IP address or hostname of the Nasuni Edge Appliance.
When prompted, enter a valid username and password for that Nasuni Edge Appliance.
Note: This user must belong to a permission group that has Storage Access enabled. See “Users and Groups” on page 392 in the Nasuni Edge Appliance Administration Guide.
Navigate to the directory using a command of the form:
cd /<ftp_directory>/<folder_name>
where <ftp_directory> is the name of the FTP directory and <folder_name> is the name of the folder that the FTP access is defined for.
Caution: The maximum length of a file name is 255 bytes.
In addition, the length of a path, including the file name, must be less than 4,000 bytes.
Since the UTF-8 representation of characters from some character sets can occupy several bytes, the maximum number of characters that a file path or a file name might contain can vary.
If a particular client has other limits, the smaller of the two limits applies.

Alternatively, follow these steps:

Enter the following on the address bar of your Web browser:
ftp://<user_name>@<filer>/<ftp_directory>/<folder_name>
where
<user_name> is the username of the user. This user must belong to a permission group that has Storage Access enabled. See “Users and Groups” on page 392.
<filer> is the IP address or hostname of the Nasuni Edge Appliance.
<ftp_directory> is the name of the FTP directory.
<folder_name> is the name of the folder that FTP access is defined for.
Note: If you are not logging in anonymously, you still must specify a username in the URL, such as ftp://username@ftp.server.hostname. This is true even if Anonymous access is not enabled.
When prompted, enter a valid username and password for that Nasuni Edge Appliance.
Note: This user must belong to a permission group that has Storage Access enabled. See “Users and Groups” on page 392.
A display of the FTP/SFTP directory appears. You can then navigate this directory to access folders and files.
Caution: The maximum length of a file name is 255 bytes.
In addition, the length of a path, including the file name, must be less than 4,000 bytes.
Since the UTF-8 representation of characters from some character sets can occupy several bytes, the maximum number of characters that a file path or a file name might contain can vary.
If a particular client has other limits, the smaller of the two limits applies.

Mounting a CIFS Share in Linux or UNIX

You can mount a CIFS share in Linux or UNIX using the mount.cifs command. There should not be any issues between the CIFS character set and the Linux character set. In most cases, use mount.cifs with the option iocharset=utf-8. CIFS shares are case-sensitive by default, which is consistent with Linux.

Note: Even if case-sensitivity is not enabled, non-Windows clients such as Linux might still treat the paths as case-sensitive.
To ensure that paths are treated as case-insensitive, mount shares using the nocase option, such as in this command:
mount -v -t cifs –o nocase,<options> <share IP address> /mnt/<folder>

Tip: Hard links, junctions, and symbolic links (including Windows junctions and hard links) are not supported with SMB (CIFS) shares.

Note: You must have share privileges to access the folder on the Nasuni Edge Appliance. See “Adding a New CIFS (SMB) Share to a Volume” and “Editing a SMB (CIFS) Share” in the Nasuni Edge Appliance Administration Guide for more details.

Note: If the Nasuni Edge Appliance is running in Active Directory security mode, the Linux clients must connect to the Nasuni Edge Appliance as Active Directory users.

In UNIX and Linux, the default permissions for certain folders and files are as follows:

Folder or file	Permissions
`.nasuni`	500
`.nasuni/sync_logs/`	500
Files in `.nasuni/sync_logs/`	444
`.nasuni/av_violations/`	500
Files in `.nasuni/av_violations/`	444
`.nasuni/file_alerts/`	500
Files in `.nasuni/file_alerts/`	444
`.nasuni/audit/`	500
Files in `.nasuni/audit/`	444

Tip: To access the hidden .nasuni directory on an SMB share, you must be an administrative user.
Because the .nasuni directory is located in the root directory of the volume, in order to access the .nasuni directory, you must create a share to the root directory of the volume.
In addition, this hidden directory must be visible on the client machine. For example, in Windows, “Show Hidden Files, folders, and drives” must be enabled, and “Hide protected operating system files” must be disabled.
Alternatively, you can use the File System Browser to view the .nasuni directory and its contents. On the File System Browser page, select the volume, click the gear icon, then select “Show Hidden Files”.

If you change the permissions on any of these folders and files, the Nasuni Edge Appliance preserves your changes. However, new files still receive the default permissions of 444. The owner of each folder can delete files in that folder.

To mount a CIFS share enter the following command:

mount -t cifs -o iocharset=utf-8, user=<username>, domain=<domain-shortname> //<filername>/<sharename> /<localdir>

where:

username is the username to connect as.
domain-shortname is the shortname (not the fully-qualified domain name) of the domain.
filername is the name or the IP address of the Nasuni Edge Appliance.
sharename is the name of the CIFS share on the Nasuni Edge Appliance.
localdir is the name of the local Linux directory.

The result of the mount command is to mount the CIFS share in the local directory. Users can then add data to the volume with CIFS enabled using copy commands.

Tip: You can place the mount command in a script that runs on login and mounts the CIFS share automatically.

Tip: Depending on the specific operating system, performing the mount might also create a graphical icon of the export that allows drag and drop and other GUI actions.

To disconnect from the CIFS share, use the unmount command.

Defining NFS datastores using VMware client

You can use a VMware client, such as the VMware vSphere Client, to define NFS datastores.

To define NFS datastores using a VMware client, follow these steps:

On the VMware client, select the host from the list.
Select the Configuration tab, then select Storage from the list on the left.
In the Datastores area, click Add Storage. The Add Storage dialog box appears.
In the Storage Type area, select Network File System, then click Next.
In the Properties area, in the Server text box, enter the IP address of the Nasuni Edge Appliance.
In the Properties area, in the Folder text box, enter the following:
/nfs/<name of NFS volume or NFS export>
where <name of NFS volume or NFS export> is the case-sensitive name of either the volume with NFS enabled or the NFS export.
In the Properties area, in the Datastore Name text box, enter the name that you want to give to this datastore.
Click Next, then review the information and click Finish.

The datastore appears in the Datastores list.

Mounting an NFS Export in Linux or UNIX

You can mount an NFS export in Linux or UNIX using the mount command.

Important: NFS mounts using TCP are supported by default. NFS mounts using UDP are not supported by default.

Note: You must have export privileges to access the folder on the Nasuni Edge Appliance. See “Editing an NFS Export” in the Nasuni Edge Appliance Administration Guide for more details.

In UNIX and Linux, the default permissions for certain folders and files are as follows:

Folder or file	Permissions
`.nasuni`	500
`.nasuni/sync_logs/`	500
Files in `.nasuni/sync_logs/`	444
`.nasuni/av_violations/`	500
Files in `.nasuni/av_violations/`	444
`.nasuni/file_alerts/`	500
Files in `.nasuni/file_alerts/`	444
`.nasuni/audit/`	500
Files in `.nasuni/audit/`	444

To mount an NFS export in Linux or UNIX, enter the following command:

mount -t nfs <ip_address>:/nfs/<exportname> <target>

where:

ip_address is the hostname or the IP address of the Nasuni Edge Appliance.
exportname is the name of the NFS export on the Nasuni Edge Appliance.
target is the name of the local directory.

Important: Make sure to include the '/nfs/' part of the command.

Note: If the default options for the mount command do not work, use these explicit options:

mount -o tcp,nfsvers=3,timeo=600, rsize=16384, wsize=16384,hard

This version of the mount command includes these explicit options: TCP; 10-minute timeout; read and write sizes of 16 KB; hard mount (soft mounts can corrupt data).
These values of rsize and wsize are recommended, but tune them for your system.

The result of the mount command is to mount the NFS export in the target directory. Users can then add data to the volume with NFS enabled using copy commands.

Tip: You can place the mount command in a script that runs on login and mounts the NFS export automatically.

Tip: Depending on the specific operating system, performing the mount might also create a graphical icon of the export that allows drag and drop and other GUI actions.

To disconnect from the NFS export, use the unmount command.

Web Access

Using Nasuni Web Access, you can access CIFS (SMB) share data or NFS export data stored in the Nasuni Edge Appliance using a Web browser. Some of the actions you can perform depend on the capabilities of the Web browser.

Tip: For Nasuni recommendations for volume configuration, see “Volume Configuration” on page 80.

Note: To access data in an NFS export, you must enable the CIFS protocol for the NFS volume. See “Multiple Volume Protocols” on page 198 in the Nasuni Edge Appliance Administration Guide.

Note: You must enable Web Access for the CIFS share that you want to access. For details, see “Adding a New CIFS (SMB) Share to a Volume” on page 156 or “Editing a SMB (CIFS) Share” on page 175 in the Nasuni Edge Appliance Administration Guide.

Tip: The user must have Active Directory or Storage Access permissions. See “Users and Groups” on page 392 in the Nasuni Edge Appliance Administration Guide.

The URL of the Web Access page is similar to the URL of the Nasuni Edge Appliance user interface. For example, if you use this URL to access your Nasuni Edge Appliance user interface:

https://youredgeapp.example.com: 8443/

then the URL of the Web Access page is:

https://youredgeapp.example.com: 443/

Caution: With Active Directory authentication, a known issue with how Nasuni Web Access processes user login requests could cause users to be locked out from their Active Directory accounts. Suppose that an Active Directory user attempts to authenticate on Web Access with an invalid password, and that the number of Web Access-enabled shares is greater than the number of logins allowed by the Active Directory Account Lockout Policy. In that case, the user is locked out from their Active Directory account, because Web Access performs one authentication attempt per Web Access-enabled share.
Nasuni intends to address this issue in a future release.

After you log in, the Nasuni Web Access page appears.

The Nasuni Web Access page shows a list of the CIFS (SMB) shares available on this Nasuni Edge Appliance.

Tip: You can change the logo and the primary and secondary colors of the Web Access display for branding purposes. See “Web Access Branding” on page 414 in the Nasuni Edge Appliance Administration Guide.

Opening a CIFS (SMB) share or directory

To open a CIFS (SMB) share or directory, click the name of that CIFS (SMB) share or directory. The contents appear as a list.

The path to the directory appears above the list on the left. To navigate to a higher point in the directory hierarchy, click one of the directory names in the path.

Caution: The maximum length of a file name is 255 bytes.
In addition, the length of a path, including the file name, must be less than 4,000 bytes.
Since the UTF-8 representation of characters from some character sets can occupy several bytes, the maximum number of characters that a file path or a file name might contain can vary.
If a particular client has other limits, the smaller of the two limits applies.

Sorting directory

To sort the display, click the Sort button in the upper right, then select Type, Name, Size, or Modified from the list.

Uploading file

Tip: Before adding data to a Nasuni Edge Appliance, it is a Best Practice to clean up historical and orphaned SIDs. This can help prevent later difficulties with permissions. For more details, see Permissions Best Practices.

Tip: The largest file that can be uploaded using Web Access is 35 GB.

Tip: PST files: Microsoft Outlook Personal Storage (.pst) files are used to store information for Microsoft Outlook email systems. These files contain a large quantity of different types of information, and can grow very large: multi-GB .pst files are common.
Nasuni recommends that customers NOT store active Outlook .pst files with the Nasuni Edge Appliance, for a number of reasons:
Whenever a new email arrives, the entire .pst file is marked as unprotected, and the entire very large file must then be uploaded to the cloud again with the next snapshot. This can interfere with the handling of other files, and with data propagation.
The multiple versions of .pst files can increase the cloud usage of such files for a volume.
Microsoft also recommends NOT storing .pst files on networks: https://docs.microsoft.com/en-US/outlook/troubleshoot/data-files/limits-using-pst-files-over-lan-wan

To help ensure that .pst files are not stored with the Nasuni Edge Appliance, Nasuni recommends that customers enable the File Alert Service and include patterns such as *.pst.

To upload a file to this directory, click the Upload files button above the list on the right. The Upload Files dialog box appears.

To navigate to the files to upload, click Choose Files. Alternatively, drag and drop the selected files onto the drag and drop area.

Caution: The maximum length of a file name is 255 bytes.
In addition, the length of a path, including the file name, must be less than 4,000 bytes.
Since the UTF-8 representation of characters from some character sets can occupy several bytes, the maximum number of characters that a file path or a file name might contain can vary.
If a particular client has other limits, the smaller of the two limits applies.

Tip: If a file already exists with the same name as the file you are uploading, you are asked to confirm overwriting the existing file. Alternatively, click Done.

Downloading files and folders

To download a file, several files, or a folder, first select the items to download. You can click on a single item to select it, or Ctrl-click on multiple items to select them all. The Download icon appears in the upper row.

When you have selected all the items to download, click the Download button. Your Web browser then downloads the items as it has been configured. If you download multiple files or a folder, the result is a .zip file.

Tip: By default, the largest file that can be downloaded using Web Access is 2 GB. This limit can be increased if needed: contact Nasuni Support.

Tip: You can download at most 2,000 files at a time.

Tip: With Web Access, downloading a folder produces a .zip file that contains the folder and its contents. If this .zip file contains paths with special characters, the default Windows unzip utility might not be able to open the .zip file. However, third-party unzip utilities, such as 7-Zip, do open this .zip file.

Creating folders

To create a folder inside this folder, click the Add Folder button above the list on the right. Enter a name for the new folder.

Creating internal links to files or folders

To create an internal link URL to a file or folder in Web Access, select the file or folder, then click the Get internal link button above the list on the right. The Share Internal Link dialog box appears.

Figure 3-12: Share Internal Link dialog box.

You can copy the text of the internal link URL for use elsewhere. The link opens an instance of Web Access and displays the linked object.

Tip: You cannot create an internal link to folders created by using the "%U" wildcard in the CIFS (SMB) share name.

Shared Links

A shared link is a URL that points to a specific file or folder within Web Access. This can be useful for providing a trusted partner or contractor with access to a folder or file that they do not have credentials to access directly.

Shared links are only available for CIFS (SMB) shares.

Tip: After a recovery, if any of the original source Nasuni Edge Appliance’s CIFS (SMB) shares had Shared Links defined, these links must be regenerated. Use Web Access to view links that must be regenerated, and regenerate them.

Important: Existing shared links are not affected by changes to the shared link settings, or by changes to the permissions of the user who created the link. In particular, if a user creates a shared link, and later that user’s permissions change so that they can no longer create shared links, the shared link they created is not affected.

In order to ensure that shared links remain valid regardless of changes to the sharing user’s credentials, you can create a special Shared Link Global User specifically to “own” shared links. This is especially useful in environments where users must change their passwords regularly for security purposes.

Note: To enable the Shared Link Global User feature, request Nasuni Support to configure the Shared Link Global User mode. After the Shared Link Global User feature is configured, the Edge Appliance license must be refreshed on the Edge Appliance: click Account Status --> Refresh License. Then, if the Edge Appliance is managed by the NMC, click Filers --> Refresh Managed Filers.

Important: If User Folders Support is enabled on a share, do not create a Shared Link Global User.

You can control how long until the shared link expires, whether a password is required, and who is allowed to create shared links. All access through shared links is audited, if auditing is enabled for the volume. See “File System Auditing” on page 107 in the Nasuni Edge Appliance Administration Guide.

Important: Existing shared links are not affected by changes to the shared link settings, or by changes to the permissions of the user who created the link. In particular, if a user creates a shared link, and later that user’s permissions change so that they can no longer create shared links, the shared link they created is not affected.

To create shared links, Shared Links must be enabled for the CIFS share, and the user must have permission. See “Web Access Shared Links Settings” on page 168 in the Nasuni Edge Appliance Administration Guide.

To create a shared link to a folder or file, select the item, then click the Share public link button above the list on the right. If the button does not appear, either Shared Links is not enabled for the CIFS share, or the user does not have permission. See “Web Access Shared Links Settings” on page 168 in the Nasuni Edge Appliance Administration Guide.

The Share Public Link dialog box appears.

Figure 3-13: Share Public Link dialog box.

Note: If “Shared Link Global User” is enabled for this share, the link URL also appears in this dialog box.

Click On, then select an expiration date and the type of access. If a password is required, enter the password for this item. Click Create. The Share Public Link dialog box appears, displaying the shared link URL.

Figure 3-14: Share Public Link dialog box with shared link URL.

You can copy the text of the link URL for use elsewhere. The link opens an instance of Web Access and displays the linked object. The link works only until the specified expiration date. If a password is required, the password must be entered to access the linked object.

Tip: If the creator of a shared link no longer has access to the file or directory that is the object of the shared link, then that shared link is no longer displayed in Web Access for that creator. The shared link is still visible on the Edge Appliance (on the Shared Links page, if you log in with appropriate privileges) and on the NMC (on the Filer Shared Links page, if you log in with appropriate privileges).

Important: Existing shared links are not affected by changes to the shared link settings, or by changes to the permissions of the user who created the link. In particular, if a user creates a shared link, and later that user’s permissions change so that they can no longer create shared links, the shared link they created is not affected.

You can change the shared link for an item by selecting the item with the shared link and clicking the Share public link button above the list on the right. The Share Public Link dialog box appears.

Figure 3-15: Share Public Link dialog box.

Note: The Regenerate button is only available if Shared Link Global User is not enabled.

If Shared Link Global User is not enabled, to view the shared link URL again, click Regenerate.
You can toggle the shared link On or Off.
You can select an expiration date and the type of access.
If a password is required, you can enter the password for this item.
Click Update. The Share Public Link dialog box appears, displaying the shared link URL.

Important: Existing shared links are not affected by changes to the shared link settings, or by changes to the permissions of the user who created the link. In particular, if a user creates a shared link, and later that user’s permissions change so that they can no longer create shared links, the shared link they created is not affected.

Tip: After a recovery, if any of the original source Nasuni Edge Appliance’s CIFS (SMB) shares had Shared Links defined, and Shared Link Global User is not enabled, these links must be regenerated. Use Web Access to view links that must be regenerated, and regenerate them.

Opening or previewing file

To access a file, click the file name. If the file is of a format that the browser can handle, a preview of the file opens in the browser. Supported file types include the following:

Audio: .mp3, .wav, and .ogg.
Documents: text, Microsoft Word, PDF, Open Office, and rich text format.
Images and design: .jpg, .gif, .png, and .bmp.
Presentations: Microsoft PowerPoint and Open Office.
Spreadsheets: Microsoft Excel, Open Office, and .csv.
Video: preview or playback for .mp4, .mov, and .webm formats.

Note: Streaming video does not work with self-signed certificates. To add a new certificate, see “SSL Server and Client Certificates” on page 373 in the Nasuni Edge Appliance Administration Guide.

Note: The document preview feature of Nasuni Web Access requires a minimum of 8 GiB.

Note: The maximum file size for preview is 250 MB.

Previews appear in a separate display box. When the preview box appears, you can navigate to the next and previous files in the folder using right and left arrows.

Audio and video previews include controls to start, pause, mute, unmute, adjust volume, and display fullscreen.

You can scroll forwards and backwards through multipage documents using your mouse scroll function.

If the file is of a format that the browser does not recognize, you are offered the option of downloading the file.

If the display takes longer than 20 seconds to appear, a message appears offering you the option of downloading the file.

Viewing details

To view details of an item, select the item, then click the View Details button at the upper right of the page.

If the item is a directory, the Directory Info pane appears.

The name of the directory appears, as well as the date last modified and an indication of whether the directory is shared.

To view other versions of the directory, if available, click Versions. A list of available versions appears.

Figure 3-17: Directory Info Versions pane.

To open a previous version of the selected directory, click a version in the list. That version of the directory is selected. To exit from the selected version, click “X” at the top of the page.

If the item is a file, the File Info pane appears.

The name of the file appears, as well as the date last modified, the size, and an indication of whether the file is shared.

Note: Nasuni’s display of size might differ from other indications of size, such as Windows Explorer and other utilities. Typically, such utilities display only the size of the data currently present in the local cache, while Nasuni displays the full size, regardless of where the data is.

To view other versions of the file, if available, click Versions. A list of available versions appears. To open a previous version of the selected file, click a version in the list. That version of the file is selected. To exit from the selected version, click “X” at the top of the page.

Deleting file or empty directory

To delete a file or empty directory, select the item, then click the Delete button in the upper right. A dialog box appears. Click Delete to delete the item.

Note: The directory must be empty before you delete it.

Tip: On a Nasuni Edge Appliance, non-empty directories that contain only blocked files appear empty to a client, and might lead to unexpected behavior when attempting to delete those directories. For example, if a directory contains only blocked files, and you try to delete that directory, the directory is removed from view temporarily, but is not deleted, and reappears upon refresh. In Windows, the Nasuni Edge Appliance sends the error STATUS_DIRECTORY_NOT_EMPTY to report that the delete failed, but Windows does not act on that error.

Showing hidden files

To show hidden files, click the Settings button on the left. A dialog box appears. To show hidden files, select Yes, then click Save.

Logging out

To log out from this page, click Logout in the left-hand column.

Nasuni Mobile Access

Important: The Nasuni Mobile Access app is End-of-Life as of May 1, 2024. The Nasuni Mobile Access app is no longer supported or available from app stores.