Configuration
After installation, you can use the Nasuni Edge Appliance user interface to configure the Edge Appliance. You can configure multiple Nasuni Edge Appliances with the Nasuni Management Console (NMC). For more details, see the Nasuni Edge Appliance Administration Guide and Nasuni Management Console Guide.
A. For each Nasuni Edge Appliance that you are configuring, determine this information
See Worksheet for a worksheet for planning configurations.
Edge Appliance Description (Name): (Avoid . \ / : * ? " < > |) |
Network Configuration (for Static) Default Gateway (IP address): Search Domain: Primary DNS server (IP address): Secondary DNS server (IP address): |
Domain Settings (Security for Active Directory or LDAP Directory Services) Domain: Workgroup (AD): Servers: User Name: Password: |
Time Configuration Time Zone: Default is US/Eastern. Time Server: Default is time.nasuni.com. |
Email Settings: Default is none. Require TLS: Select / Unselect (Default is Unselected.) From name: (Default is blank.) SMTP server: (Default is blank.) SMTP port: (Default is 25.) Login (Optional.): (Default is blank.) Password (Optional.): (Default is blank.) Send to: (Default is blank.) Receive All Alerts: Select / Unselect (Default is Selected.) Tested?: Yes / No |
Users and Groups: Default groups: Filer Admins and File Restore. Default user: admin. Groups: Users: |
B. Configure cloud credentials
The Nasuni Edge Appliance offers the feature of using a customer-provided cloud object storage account or a public cloud object storage account. Nasuni supports a variety of cloud object storage platforms, including Microsoft Azure, Amazon S3, IBM Cloud Object Storage, and Dell EMC Elastic Cloud Storage (ECS).
Important: You must create and maintain your own cloud object storage account. Nasuni does not have access to your cloud object storage account.
Tip: You must configure cloud credentials before adding a volume that uses those cloud credentials.
On Nasuni Edge Appliance: Click Configuration, then select Cloud Credentials. On NMC: Click Account, then click Cloud Credentials.
C. For each volume, configure Encryption Keys
Note: For details of encryption key management, see Encryption Key Best Practices.
Note: You can specify that you do not want Nasuni to generate any of your encryption keys.
If you want to specify that Nasuni not generate encryption keys, request Nasuni Support to disable key generation in your license.
Similarly, you can specify that you do not want Nasuni to escrow encryption keys. If you want to specify that Nasuni not escrow encryption keys, request Nasuni Support to disable key escrow in your license.
To ensure that none of your encrypted keys is escrowed with Nasuni, you must specify BOTH that Nasuni not generate encryption keys AND that Nasuni not escrow encryption keys.
Upload your enterprise’s encryption keys
It is a best practice to upload and use your enterprise’s own OpenPGP-compatible encryption keys. Protect your encryption keys. If you ever need to perform a disaster recovery procedure, you need all of your encryption keys. All uploaded encryption keys must be at least 2048 bits long. (For security reasons, encryption keys that you upload cannot be downloaded from the system.)
Warning: Do NOT save encryption key files to a volume on a Nasuni Edge Appliance. You will NOT be able to use these to recover data. This is NOT how to upload encryption keys to a Nasuni Edge Appliance.
Note: If an uploaded encryption key has an associated passphrase, that passphrase is removed from the encryption key when it is uploaded. The Edge Appliance does not need the passphrase in order to use the encryption key. However, if you do not escrow this encryption key, if you ever perform a recovery procedure on the Edge Appliance, you must provide that passphrase when you upload that encryption key during the recovery procedure.
On Nasuni Edge Appliance: Click Configuration, then select Encryption Keys. Click Upload Encryption Keys.
On NMC: Click Filers, then click Encryption Keys. Click Upload Encryption Keys.
Tip: You can also upload encryption keys using the NMC API. This can be useful for automating tasks and for enhancing security. For more details, see Nasuni API Documentation.
If any encryption keys are escrowed with Nasuni, the escrow passphrase lets you perform a recovery without providing the escrowed encryption keys.
On Nasuni Edge Appliance: Click Configuration, then select Encryption Keys. Click Set Escrow Passphrase.
On NMC: Click Filers, then select Escrow Passphrase, select Nasuni Edge Appliances, then click Edit Filers.
Download and protect encryption keys generated by the Nasuni Edge Appliance, in case you need them for disaster recovery
If you are using automatically-generated encryption keys, download and protect the encryption keys. If you ever need to perform a disaster recovery procedure, you need all of your encryption keys. Any generated keys are also securely escrowed with Nasuni automatically.
On Nasuni Edge Appliance: Click Configuration, then select Encryption Keys. Click Download Generated Keys.
D. On the Nasuni Management Console, configure Active Directory or LDAP security
Click Console Settings, then click General Settings.
Tip: For Nasuni recommendations for volume configuration, see Appendix C, “Volume Configuration".
Important: You cannot enable both Active Directory and LDAP Directory Services.
Note: Limits on domains, groups, users, objects, and other items are the same as the limits of Active Directory. See Active Directory Maximum Limits - Scalability for details.
E. Place each Nasuni Edge Appliance under the control of the Nasuni Management Console
The Nasuni Management Console allows you to manage multiple Nasuni Edge Appliances from one central application. For details, see the Nasuni Management Console Guide.
On Nasuni Edge Appliance: Click Services, then select Nasuni Management Console.
F. For each Nasuni Edge Appliance, configure the Time Zone and the Time Server (Network Time Protocol)
Important: Edge Appliances and the NMC must be configured with operational DNS servers and a time server (internal or external) within your environment.
On Nasuni Edge Appliance: Click Configuration, then select Time Configuration. You can also specify using NTP services from domain controllers: Configuration → Domain Settings → Show Advanced Options.
On NMC: Click Filers, then click Time Configuration Settings. Select Nasuni Edge Appliances, then click Edit Filers.
G. For each Nasuni Edge Appliance, configure Active Directory or LDAP Directory Services security
If you are using Active Directory or LDAP Directory Services for security, configure Active Directory or LDAP Directory Services security on each Nasuni Edge Appliance.
Tip: For Nasuni recommendations for volume configuration, see Appendix C, “Volume Configuration,”.
Important: You cannot enable both Active Directory and LDAP Directory Services for a Nasuni Edge Appliance.
To join a Nasuni Edge Appliance to its first Active Directory or LDAP Directory Services domain, click Configuration, then select General Settings, then click Join Domain.
Important: To connect an Edge Appliance to a shared volume owned by another Edge Appliance, the following must be true:
The Edge Appliance must join the same domain as the owning Edge Appliance.
The domain configuration for the Edge Appliance must match the domain configuration for the owning Edge Appliance.
Important: If joining an Active Directory domain, members of the Active Directory "Protected Users" security group cannot be used to join the domain. This is due to the login restrictions for members of that security group. Nasuni recommends using a Domain Admin account that is not a part of the “Protected Users” group to join Active Directory.
Caution: Avoid using characters that systems, such as Active Directory, specify as disallowed, including period (.), backslash (\), forward slash (/), colon (:), asterisk (*), question mark (?), quotation mark ("), less than sign (<), greater than sign (>), percent (%), and vertical bar (|). Errors can occur for Nasuni Edge Appliances whose names include such characters. For example, it might not be possible to configure the Nasuni Edge Appliance for Active Directory access. You can change the name of the Nasuni Edge Appliance to avoid such characters.
H. Creating a volume
To plan and create a volume, see “Planning a volume”.
Tip: For Nasuni recommendations for volume configuration, see Appendix C, “Volume Configuration".
Tip: Before adding data to a Nasuni Edge Appliance, it is a Best Practice to clean up historical and orphaned SIDs. This can help prevent later difficulties with permissions. For more details, see Permissions Best Practices.
I. For each volume, enable Safe Delete
To help ensure that one administrator cannot delete a volume accidentally or by themselves, you can specify how many administrators must approve deleting a volume. This feature is called “Safe Delete”.
On Nasuni Edge Appliance: Click Volumes, select the volume from the list, then click Properties and select Safe Delete status. Select Enabled.
On NMC: Click Volumes, then click Safe Delete. For selected volume, click Edit. Select Enable.
J. For customer-provided cloud providers, configure compression and chunk size
Before sending data to the cloud, Nasuni breaks files into optimally-sized pieces for transport between the on-premises cache and cloud object storage. This not only disguises the actual sizes of files, but also improves performance. These chunks are then compressed and encrypted.
If the file is smaller than 1 GiB, the default chunk size is 1 MiB. If the file is 1 GiB or larger, and the appliance has less than 16 GiB of RAM, the default chunk size is 2 MiB. If the file is 1 GiB or larger, and the appliance has 16 GiB of RAM or more, the default chunk size is 10 MiB.
For customer-provided clouds, if directed by Nasuni Support, you can adjust the chunk size, or enable or disable Nasuni's compression, using the Cloud I/O area of the Volume Overview page (Nasuni Edge Appliance) or the Volume Cloud I/O page (NMC). If you do manually change the chunk size, the variable chunk size mentioned above no longer operates. You can restore the variable chunk size mentioned above by leaving the Chunk Size field blank and then clicking Save.
For each volume, configure Quality of Service rules.
“Quality of Service” is the inbound and outbound bandwidth limit for moving data to and from the Nasuni Edge Appliance, such as sending snapshots to Nasuni’s cloud object storage. The larger the outbound Quality of Service, the faster incoming data is protected in cloud object storage and the more cache space is made available for data. The best performance generally occurs with the Unlimited setting, but this depends on your enterprise’s use of the network and the amount of bandwidth available to the Nasuni Edge Appliance. The default inbound Quality of Service is unlimited. The default outbound Quality of Service is 10 megabits per second.
Tip: Set the outbound Quality of Service to the highest value possible. This helps snapshots complete rapidly.
You can create up to 12 different rules that specify the Quality of Service on different days and times. When you create one or more Quality of Service rules, the default Quality of Service bandwidth becomes unlimited during any time that is not defined by a rule.
If this Nasuni Edge Appliance is managing backup data, set the outbound Quality of Service to the maximum possible. Higher Quality of Service settings might be possible at night or on weekends, when it does not impact other activity.
If the inbound Quality of Service is too low, and data must be obtained from cloud object storage, data access might be affected.
If the outbound Quality of Service is large or unlimited, and the inbound Quality of Service is small, the limited inbound bandwidth for return packets (such as acknowledgements) might affect the outbound bandwidth.
On Nasuni Edge Appliance: Click Configuration, then select Quality of Service.
On NMC: Click Filers, then click Quality of Service. Select Nasuni Edge Appliances, then click Edit Filers.
K. For each Nasuni Edge Appliance, configure Email settings
On Nasuni Edge Appliance: To receive alerts by email, click Configuration, then select Email Settings.
On NMC: Click Filers, then click Email Settings. Select Nasuni Edge Appliances, then click Edit Filers.
L. For each Nasuni Edge Appliance, configure SNMP
Using SNMP, you can monitor your unique workloads. This is valuable in helping you to establish what is “normal” in your environments and on your volumes. Implement SNMP, then monitor the systems for 2-4 weeks to observe what is usual for them. After that, you can configure the Notifications and alerts based on that knowledge. For details, see SNMP Best Practices.
Tip: You can also monitor hardware conditions using iDRAC. See iDRAC Configuration.
On Nasuni Edge Appliance: To receive alerts by email, click Configuration, then select SNMP Monitoring.
On NMC: Click Filers, then click SNMP Settings. Select Nasuni Edge Appliances, then click Edit Filers.
M. For each Nasuni Edge Appliance, configure Automatic Software Updates
Warning: Do not attempt to restore from a virtual machine snapshot or backup.
To configure when to install automatic software updates:
On Nasuni Edge Appliance: Click Configuration, then select Automatic Updates.
On NMC: Click Filers, then click Automatic Updates. Select Nasuni Edge Appliances, then click Edit Filers.
To prevent automatic software updates from occurring at inconvenient times, specify the days and times for automatic software updates to occur. To prevent automatic software updates entirely, deselect all days and times.
To manually initiate software updates:
On Nasuni Edge Appliance: Click Status, then select Updates.
On NMC: Click Filers, then click Software Updates. Select Nasuni Edge Appliances, then click
Update Filers.
To avoid interface issues, clear your Web browser’s cache after updating software. Updating the software disconnects all users currently using the Nasuni Edge Appliance.
If this Nasuni Edge Appliance is a primary file server, configure automatic software updates during times that do not impact users.
If this Nasuni Edge Appliance is a standby for disaster recovery, configure automatic software updates during times that do not impact users.
N. For each Nasuni Edge Appliance, configure Remote Support Service
The opt-in Remote Support Service allows authorized Nasuni Technical Support personnel to remotely and securely diagnose and resolve issues with your Nasuni Edge Appliance.
On Nasuni Edge Appliance: Click Services, then select Remote Support Service.
On NMC: Click Filers, then click Remote Support. Select Nasuni Edge Appliances, then click Edit Filers.
O. Enabling multiple protocols to access a volume
You can use multiple protocols, including CIFS, NFS, and FTP/SFTP, to access data.
Tip: For Nasuni recommendations for volume configuration, see Appendix C, “Volume Configuration,”.
On Nasuni Edge Appliance: Click Volumes, select the volume from the list, then click
Properties and select Volume Protocols. Select protocols for volume.
On NMC: Click Volumes, then click Protocols. For selected volume, click Edit.
P. Enabling Web Access to CIFS shares on each volume
You can access data stored in the Nasuni Edge Appliance using a Web browser. The actions you can perform depend on the capabilities of the Web browser.
Tip: For Nasuni recommendations for volume configuration, see Appendix C, “Volume Configuration,”.
Tip: “Mobile Access” must be enabled in the customer license before Web Access can be used with a Nasuni Edge Appliance.
To enable Web Access:
On Nasuni Edge Appliance: Click Volumes, select the volume with the CIFS protocol enabled from the list, then click the Total Shares status. Click Edit Share for the share. Select Show Advanced Options, then select the Web Access check box.
On NMC: Click Volumes, then click Shares. For the selected share, click Edit. Select Show Advanced Options, then select the Web Access check box.
For both: To enable Shared Links, select Enable Shared Links.
Important: Existing shared links are not affected by changes to the shared link settings, or by changes to the permissions of the user who created the link. In particular, if a user creates a shared link, and later that user’s permissions change so that they can no longer create shared links, the shared link they created is not affected.
Q. Configuring for OS X clients on each volume
Tip: For Nasuni recommendations for volume configuration, see Appendix C, “Volume Configuration,”.
CIFS shares that have OS X clients should specify the Enhanced Support for POSIX Clients option.
On Nasuni Edge Appliance: Click Configuration, then select General Settings. Click Show Advanced Options, then select the Enhanced Support for POSIX Clients check box.
On NMC: Click Filers, then click CIFS Settings. Select Nasuni Edge Appliances, then click Edit Filers. Select the Enhanced Support for POSIX Clients check box.
R. Configuring Snapshot Retention on each volume
For compliance purposes or your own best practices, you can specify to delete older snapshots from cloud object storage. When a snapshot is removed, it is permanently deleted from cloud object storage and cannot be recovered.
On Nasuni Edge Appliance: Click Volumes, then select the volume from the list. Click the Snapshot Retention status.
On NMC: Click Volumes, then click Snapshot Retention. For the selected volumes, click Edit Volumes.
S. If this Nasuni Edge Appliance is a primary file server, change the snapshot Frequency to 10 minutes or longer for the volume
Frequent snapshots can affect performance.
On Nasuni Edge Appliance: Click Volumes, then select the volume from the list. Click the Snapshot Schedule setting.
On NMC: Click Volumes, then click Snapshot Schedule. For the selected volumes, click Edit Volumes.
T. If this Nasuni Edge Appliance is managing backup data, schedule snapshots for once per day at a time of minimal activity
On Nasuni Edge Appliance: Click Volumes, then select the volume from the list. Click the Snapshot Schedule setting.
On NMC: Click Volumes, then click Snapshot Schedule. For the selected volumes, click Edit Volumes.