This guide is intended for the IT administrator or person responsible for installing the File IQ Appliance on the Amazon EC2 platform.
General Information
This section provides general information about the File IQ Appliance, as well as its technical specifications.
File IQ
The File IQ feature is designed to provide insights and analytics on your file data usage patterns. File IQ enables you to quickly take advantage of several important capabilities, including:
File Usage Analytics: Track usage and collaboration patterns across users, departments, file types, volumes, and more. Gain visibility to optimize storage, plan capacity, and facilitate capacity-based chargeback.
Health Monitoring: Monitor system component metrics to proactively identify resource contention and capacity limits so administrators can take preventative measures.
Forensic Capabilities: Perform historical analysis of file, user, or application activity when troubleshooting issues or investigating information security events.
Automated Reporting: Leverage prebuilt reports and dashboards that deliver actionable intelligence to technical and business users and support chargeback reporting.
Key Terms
The following terms are helpful for understanding the File IQ Appliance:
AWS: Amazon Web Services is a subsidiary of Amazon that provides on-demand cloud computing platforms and APIs.
Cache: The local storage of the File IQ Appliance. All Volume metadata accessed regularly is kept locally in the File IQ Appliance cache. If the requested metadata is not locally resident, it is staged into the cache and provided for the request.
EBS Volume: An Elastic Block Storage (EBS) Volume hosts virtual data in segments. It is like a storage disk with the ability to contain various sizes of data. By default, the File IQ Appliance is provisioned with four different EBS Volumes. Two IQ EBS volumes must be resized based on the output of the Sizing Tool, and the File IQ EBS volume must be resized with a capacity of 64GB.
EC2: Amazon Elastic Compute Cloud, a part of Amazon.com's cloud-computing platform, Amazon Web Services, that allows users to rent virtual computers to run their computer applications.
Event Hubs: A cloud-native data streaming service used to forward events between components of the File IQ Solution.
Grafana: Grafana is a multi-platform open-source analytics and interactive visualization web application. It provides charts, graphs, and alerts for the Web when connected to supported data sources.
Nasuni Edge Appliance (NEA): The virtual or physical Nasuni appliance that integrates with your infrastructure via CIFS (SMB), NFS, FTP/SFTP, or HTTPS/REST protocols. The Nasuni Edge Appliance can be mapped as a network drive.
Nasuni Edge Appliance user interface: The Web-based graphical user interface configures and manages the Nasuni Edge Appliance. It is accessible with supported Web browsers, including Mozilla Firefox, Microsoft Edge, Apple Safari, and Google Chrome.
File IQ: The File IQ Appliance contains the database, Grafana server, event processing, and volume scanning capabilities that the File IQ Solution uses to give insight into Nasuni Edge Appliance and Volume usage across your Nasuni deployments.
File IQ AMI: Amazon Machine Image. The Nasuni-provided image used to run an File IQ Appliance in EC2.
Nasuni Management Console (NMC): This Web-accessible appliance configures and manages multiple Nasuni Edge Appliances. It is accessible with supported Web browsers, including Mozilla Firefox, Microsoft Edge, Apple Safari, and Google Chrome.
Nasuni Orchestration Center (NOC): Nasuni’s zero-maintenance control path is built on elastic, multi-region cloud services that enable file data to be shared across locations at any scale and without version conflict. The NOC, also called the Nasuni Account Dashboard, also provides access to File IQ Serial Numbers used to install File IQ.
File IQ Dashboard: A custom dashboard deployed within the File IQ Appliance-hosted Grafana to display information gathered by the File System Metadata Service (FSMS) and the File System Event Processor (FSEP).
File IQ Service: The File IQ Service collects audit events on the NEA and forwards them to the File IQ Appliance via the Azure EventHub.
Note: The audit events collected by the File IQ Service are independent of the standard auditing feature enabled on the NEAs.
Share/export: An access point to a folder on a volume that can be shared or exported on your network. Access to a CIFS (SMB) share can be customized on a user-level or group-level basis. You can create many shares or exports on a volume for different purposes or audiences.
Volume: A set of files and directories (CIFS (SMB), NFS, and FTP/SFTP).
File IQ Solution Specifications
This section contains specifications for configuring the File IQ Appliance.
Supported Web Browsers
The File IQ Appliance supports the following Web browsers:
Virtual Machine Requirements
For virtual machine requirements on an already deployed File IQ appliance running version 10.0 and below, proceed directly to Verifying Size Requirements.
The File IQ Appliance must meet minimum specifications starting from the 10.1 release. Each installation of the File IQ Appliance should adhere to these specifications and follow the actions required for specific sizing, as outlined in the following scenarios:
New Installation of File IQ without any Prior Installations of File IQ
If this is a new installation of File IQ without any prior installations of File IQ, follow one of these sets of steps:
If the File IQ installation is licensed for the Basic version of File IQ.
Install the File IQ Appliance using the minimum specification.
Connect the Volumes until all Volumes are processed at least once.
Connect NEAs to the File IQ using the Nasuni Portal or your Nasuni Account.
Otherwise, if the File IQ installation is licensed for the Premium version of File IQ.
Install the File IQ Appliance using the minimum specification.
Connect the Volumes until all Volumes are processed at least once.
Run the sizing tool at https://FILE-IQ-FQDN:8443/niq/retention_configuration to validate the correct size.
If necessary, make any recommended sizing adjustments to the Virtual Machine.
Connect NEAs to the File IQ using the Nasuni Portal.
Wait for 7 calendar days of NEA activity to occur within the organization.
Run the sizing tool at https://FILE-IQ-FQDN:8443/niq/retention_configuration to validate the correct size.
If necessary, make any recommended sizing adjustments to the Virtual Machine.
New Installation of File IQ with a Prior Installation of File IQ
If this is a new installation of File IQ and you have a previous installation of File IQ, follow one of these sets of steps:
If the File IQ installation is licensed for the Basic version of File IQ.
Use the manual Sizing Tool to determine the right virtual machine requirements for your organization by taking into account Volume and Event estimates from the existing Grafana dashboard content.
Use the File IQ Events dashboard > Edge Appliance Activity panel and Volumes Summary dashboard > Volume Summary panel to derive the inputs for the Sizing Tool.
Install the File IQ Appliance using the Virtual Machine specification derived from the Sizing Tool.
Connect the Volumes until all Volumes are processed at least once.
Connect NEAs to the File IQ using the Nasuni Portal.
Otherwise, if the File IQ installation is licensed for the Premium version of File IQ.
Use the manual Sizing Tool to determine the right virtual machine requirements for your organization by taking into account Volume and Event estimates from the existing Grafana dashboard content.
Use the File IQ Events dashboard > Edge Appliance Activity panel and Volumes Summary dashboard > Volume Summary panel to derive the inputs for the Sizing Tool.
Install the File IQ Appliance using the specification from the Sizing Tool.
Connect the Volumes until all Volumes are processed at least once.
Run the sizing tool at https://FILE-IQ-FQDN:8443/niq/retention_configuration to validate the correct size.
If necessary, make any recommended sizing adjustments to the Virtual Machine.
Connect NEAs to the File IQ using the Nasuni Portal.
Run the sizing tool at https://FILE-IQ-FQDN:8443/niq/retention_configuration to validate the correct size.
If necessary, make any recommended sizing adjustments to the Virtual Machine.
Upgrade to an Existing Installation of File IQ
If this is an upgrade to an existing installation of File IQ, follow these steps:
If the File IQ installation is licensed for the Basic version of File IQ
Run the File IQ Status tool at https://FILE-IQ-FQDN:8443/niq/status to validate the health of your File IQ installation. For more information, see File IQ Health Status.
If necessary, make any of the tool’s recommended changes to the Virtual Machine and/or Nasuni systems.
Upgrade the File IQ Appliance.
Run the File IQ Status tool at https://FILE-IQ-FQDN:8443/niq/status to validate the health of your File IQ installation. For more information, see File IQ Health Status.
If necessary, make any of the tool’s recommended changes to the Virtual Machine and/or Nasuni systems.
Otherwise, if the File IQ installation is licensed for the Premium version of File IQ.
Run the File IQ Status tool at https://FILE-IQ-FQDN:8443/niq/status to validate the health of your File IQ installation. For more information, see File IQ Health Status.
If necessary, make any of the tool’s recommended changes to the Virtual Machine and/or Nasuni systems.
Upgrade the File IQ Appliance.
Run the sizing tool at https://FILE-IQ-FQDN:8443/niq/retention_configuration to validate the correct size.
If necessary, make any recommended sizing adjustments to the Virtual Machine.
Verifying Size Requirements
The NMC has a health check for File IQ that indicates whether sizing needs to be adjusted as a result of any of the previous steps, regardless of whether the license is Basic or Premium.
To determine the right virtual machine requirements for the Basic license, follow these steps:
Open the manual Sizing Tool.
Navigate to the File IQ Events dashboard.
Use the information from the Edge Appliance Activity panel to fill in the Sizing Tool fields.
Navigate to the Volumes Summary dashboard and use the Volume Summary panel to fill in the Sizing Tool fields.
The Sizing Tool displays your minimum sizing requirements.
Note: If needed, contact your Nasuni Account Manager for assistance using the Sizing Tool.
To determine the right virtual machine requirements for the Premium license, use the sizing tool at https://FILE-IQ-FQDN:8443/niq/retention_configuration to determine the appropriate virtual machine requirements for your organization.
Minimum Specifications
The minimum specifications for the File IQ Appliance are as follows:
Item | Size | Notes |
|---|---|---|
vCPUs | 16 | - |
Memory | 32 GiB | - |
Nasuni Cache Disk | 569 GB | MB/s 150 ; IOPS 2,300 |
Nasuni COW Disk | 64 GB | MB/s 150 ; IOPS 2,300 |
File IQ DB Disk | 1.1 TB | MB/s 150 ; IOPS 5,000 |
VM Size | c5a.4xlarge | - |
On AWS EC2, only use EBS-Only virtual machines
On AWS EC2, for best performance use Provisioned IOPS SSD (io2) for high-intensity I/O
Installing on the Amazon EC2 Platform
This chapter explains how to install the File IQ Solution on the Amazon EC2 platform.
Tip: This document is about deploying virtual machines. It does not cover configuring a storage account for use with Nasuni volumes.
Warning: DO NOT attempt to restore from a virtual machine snapshot or backup. Attempting to restore from a virtual machine snapshot or backup puts the IQ Appliance in an unknown state in relation to the Nasuni Orchestration Center (NOC) and requires a recovery process. This might result in data loss.
Tip: Nasuni recommends leveraging your cloud provider's role-based access and identity access management features as part of your security strategy. Based on your policies, such features can limit or prohibit administrative access to the cloud account.
Important: File IQ Appliances must be configured with operational DNS servers and a time server (internal or external) within your environment. The File IQ Appliance is configured with a default time server time.nasuni.com. If you need to use a different time server, the procedure to change the default time server is documented in the Nasuni Edge Appliance Time Configuration section of the Nasuni Edge Administration guide.
Note: Vendors change their interfaces occasionally with little notice to the users. The exact screens and text on these platforms might change at any time.
Tip: Check out the File IQ Installation and Configuration videos for a general reference on the File IQ installation process. Your specific hypervisor installation will include unique steps not included in this video reference series.
Day 1 File IQ Installation Checklist
To complete a day 1 File IQ installation, follow this checklist:
Step | Action |
1 | Complete the 1. Before you Begin section in this document. Your Account Manager can assist you with this item. |
2 | Complete the 2. Installing File IQ using the Amazon EC2 AMI section in this document. |
3 | Complete the 3. Running the File IQ Appliance First Boot Wizard section in this document. |
4 | Complete the 4a. Set the Escrow Passphrase for the File IQ Appliance section in this document. For File IQ Appliances on 10.0 and below, always complete the 4b. Add the File IQDB to the File IQ Appliance section in this document. |
5 | Complete the 5. Connect the Nasuni Volumes to the File IQ Appliance section in this document. |
6 | Complete the 6. Disabling Quality of Service (QoS) for the File IQ Appliance section in this document. |
7 | Complete the 7. Enabling the File IQ and configuring File IQ Service section in this document. |
8 | Complete the 8. Accessing the File IQ Dashboards section in this document. |
9 | For more information, see the following sections: |
1. Before You Begin
The following items should be readily available to help you navigate the File IQ installation and setup process. It is recommended that you complete these requirements before starting or have a way to fulfill them during the installation process.
Note: File IQ does not support a proxy server.
Item | Description |
|---|---|
Contact Nasuni | Contact your Account Manager to enable the File IQ license and configure your account for the File IQ Appliance. |
Virtual Machine Requirements | Process the Virtual Machine Requirements section above to ensure you have the necessary sizing information before proceeding to installation or upgrade. The main information used for the Virtual Machine requirements will be:
Important: File IQ does not support disk striping on the Cache or File IQ DB disks. |
AWS Login | Authentication and Authorization to your organization’s Amazon EC2 Account is needed to create the File IQ Virtual Machine. |
AWS Network details for the File IQ virtual machine (VM) | When installing the File IQ virtual machine in Amazon EC2, the following items are required for the virtual machine:
Each organization has its own requirements for how the virtual machine's networking is fulfilled. Nasuni recommends defining this before you start the installation process. |
NMC Login | Authentication and authorization to your organization’s Nasuni Management Console to configure the File IQ for your environment. |
Nasuni Portal or NOC Login | Authentication and authorization to your organization’s Nasuni Portal or Nasuni Orchestration Center account to retrieve your File IQ Serial Number and Authorization Code, and to configure the File IQ. |
Volumes List | Use at least one volume when setting up File IQ. Note: Some customers may not use this feature and will not require this item for setup. |
NEAs List | You need at least one Nasuni Edge Appliance to configure sending activity to the File IQ virtual machine. Ideally, pick an NEA from which you can mount volumes to generate traffic and see it in the File IQ dashboards. The NEA must be running version 9.14.3 or later. Note: Some customers may not use this feature and will not require this item for setup. |
File IQ Serial Number and Authorization Code | From the Nasuni Portal To locate the File IQ Appliance Serial Number from the Nasuni Portal, navigate to Setup > Serial Numbers > File IQ. It is paired with an associated Authorization Code (Auth Code). Configuration of the File IQ Appliance and NEAs for File IQ can be found by navigating to Appliance Services > File IQ Configuration. From Account.nasuni.com The File IQ Appliance Serial Number is located in your Nasuni Account. It is paired with an Authorization Code (Auth Code), which is located in a table at the bottom of the page. Note: Configuration of the File IQ Appliance and NEAs for File IQ can also be found in this location of your Nasuni Account. If the File IQ Config menu or File IQ Serial Numbers are unavailable, contact your Nasuni Account Manager to confirm that the File IQ License is correctly configured for your account. Note: To enable a single sign-on user to access the File IQ Config menu, follow these steps: 1. Log in to account.nasuni.com. |
File IQ Username and Password | The first boot setup of the File IQ Appliance requires a new username and password. These values are specific to the File IQ Appliance only. |
File IQ Hostname | When you go through the First Boot Wizard for the File IQ appliance, you must provide a hostname for the machine. Note: Hostnames longer than 15 characters cannot be added to Active Directory services. |
File IQ Network Details | You must provide the machine's network details when you go through the First Boot Wizard for the File IQ Appliance. |
Grafana Password | The default password for the Grafana viewer account must be changed during the first usage. Nasuni recommends having a new password ready that aligns with your corporate processes and procedures. |
Active Directory credentials | The File IQ Appliance must connect to the same Active Directory domains as the NEAs and volumes configured in the File IQ Appliance. The following information might be necessary:
|
NEA Firewall requirements | The Nasuni Edge Appliance requires access to the Azure Event Hub when you enable File IQ. All network ports and access requirements for the File IQ Service on the NEA are documented in the Firewall and Port Requirements in the Nasuni Edge Appliance section. Before enabling the File IQ on the NEA, complete the NEA Firewall Requirements for File IQ Service. Important: File IQ Service does not support a proxy server. |
File IQ Firewall requirements | When you enable File IQ, the Nasuni Edge Appliance requires access to the Azure Event Hub. The File IQ Appliance section of the Firewall and Port Requirements documents all network ports and access requirements for the File IQ Service on the NEA. Before you activate File IQ on the File IQ Appliance, complete the File IQ Firewall Requirements for File IQ. Important: File IQ does not support a proxy server. |
2. Installing File IQ Using the Amazon EC2 AMI
This step describes how to install the File IQ Appliance using the File IQ Amazon Machine Image (AMI) from account.nasuni.com.
Important: You must create and maintain your own AWS account because Nasuni does not have access. To gain access to the Nasuni AMIs, contact Nasuni Technical Support with your AWS account number. To create an EC2 account, visit http://aws.amazon.com/ec2/.
Tip: In the Nasuni model, customers provide their own cloud accounts for storing their data. As part of their overall security strategy, customers should leverage their cloud provider's role-based access and identity access management features. These features can limit or prohibit administrative access to the cloud account based on company policies.
Important: File IQ Appliances must be configured with operational DNS servers and a time server (internal or external) within your environment. The File IQ Appliance is configured with a default time server time.nasuni.com. If you need to use a different time server, the procedure to change the default time server is documented in the Nasuni Edge Appliance Time Configuration section of the Nasuni Edge Administration guide.
Important: To access Active Directory-enabled volumes, the File IQ Appliance must be connected to an Active Directory server in the same Active Directory Forest. This requires part of your Active Directory infrastructure to run on the EC2 platform.
To launch the AMI from the AWS Dashboard page, follow these steps:
If your AWS account ID can access the Nasuni AMIs, continue to step 2.
If not, follow this procedure to enable your AWS account ID to access the Nasuni AMIs. Alternatively, request Nasuni Technical Support to enable your AWS account ID to access the Nasuni AMIs.Log in to Nasuni https://account.nasuni.com/. On the Overview tab, click Downloads. The Downloads page appears.
Click Amazon EC2 or scroll down to the Nasuni AMIs on EC2 area.
In the text box, enter the 12-digit AWS account IDs permitted to access the Nasuni AMIs. Separate AWS account IDs by commas.
Click Submit. These AWS account IDs are granted access to the Nasuni AMIs.
Note: Access can take up to 5 minutes to be granted. If access has not been given after 5 minutes, contact Nasuni Technical Support.
Go to the Amazon Web Services EC2 console at https://console.aws.amazon.com/ec2/. The EC2 Dashboard page appears.
In the left-hand column, click AMIs. The AMIs page appears.
The File IQ AMI appears in the list of AMIs.
Tip: If the File IQ AMI is not visible on the list of AMIs, navigate to the filter area at the top of the page and click Owned by Me or Public Images, then click Private Images from the dropdown list. The File IQ AMI should appear in the list of AMIs. If not, type “Nasuni” in the Search text box and press Enter. The File IQ AMI should appear in the list of AMIs.
From the list of AMIs, choose the most up-to-date AMI version for File IQ.
Select the check box to the left of the correct Nasuni AMI entry and click Launch instance from AMI (upper right corner).
The Launch an instance screen appears.In the Name text box, enter a name for this instance.
Note: You can add tags (key and value pairs) by clicking Add additional tags.
In the Application and OS Images (Amazon Machine Image) area, verify that the correct AMI has been chosen. If necessary, you can change your AMI selection here.
In the Instance type area, select an instance type with a suitable number of virtual CPU processors and memory.
Important: The File IQ Sizing Tool provides a suggestion for the Virtual Machine size to use when setting up the File IQ Virtual Machine in EC2.
In the Key pair (login) area, leave the Key pair name empty.
In the Network settings area, click Edit to update.
From the VPC dropdown list, select the VPC to use.
From the Subnet dropdown list, select the subnet corresponding to the VPC you selected.
From the Auto-assign public IP dropdown list, select Disable. You can assign a public IP to the File IQ Appliance; however, the File IQ can operate effectively with a private IP address.
Use the Firewall (security groups) area to configure security, as follows.
Warning: Running the File IQ on the Amazon EC2 platform is like running these systems outside of your business. Unused ports, including the SSH port and port 222, should not be exposed to the public Internet.
Minimally, the following ports should be exposed to the hosts that access them:
Outbound: Amazon EC2 does not enable restricting outbound traffic. Nasuni recommends allowing outgoing traffic to all hosts on all ports for the File IQ.
Inbound: Here are recommendations for the following ports:
Port 222 SSH: This port is implicitly closed. If Nasuni Customer Support requests that you open it, open it temporarily to all clients and ranges.
Port 443 TCP: Used to administer the Nasuni Appliance (see step e.iv).
Port 8443 TCP: Used to administer the File IQ Appliance. Open to clients who need to use the Nasuni administration interface (see step e.iii).
Port 3000 HTTPS: Used to access the File IQ Dashboards (see step e.v).
Select Create security group or use an existing security group designed for Nasuni products.
In the Security group name text box, enter a name for this security group. For example, “Nasuni”.
In the Description text box, enter a description for this security group, such as “Nasuni appliance security.”
Update the security group rule.
In the Type combo box, select Custom TCP.
In the Port range text box, type “8443”.
In the Source type, select Custom.
In the Source text box, type “0.0.0.0/0”.
Click Add security group rule. The new rule appears.
In the Type combo box, select HTTPS.
Note: For HTTPS, port 443 is entered automatically.
In the Source type, select Custom.
In the Source text box, type “0.0.0.0/0”
Click Add security group rule. The new rule appears.
In the Type combo box, select Custom TCP.
In the Port range text box, type “3000”.
In the Source type, select Custom.
In the Source text box, type “0.0.0.0/0”.
Tip: Add additional rules as required. Nasuni recommends restricting access to only the ports and incoming hosts you use.
The Configure storage area allows you to manage the disk for the virtual machine. By default, four disks are automatically provisioned. Skip this section if you are using a version below 10.1, as the resizing of EBS Volumes for the File IQ Appliance is performed in Appendix E: Resize the File IQ Appliance EBS Volumes after completing the first boot wizard.
Important: Do not modify any setting in the Configure storage section, because it might interfere with the File IQ Appliance installation process.
Use the Advanced details area for additional configuration.
From the Shutdown behavior dropdown list, select Stop.
Caution: Ensure that the Shutdown behavior is not set to Terminate. Instance termination renders the File IQ Appliance inoperable and can lead to data loss.
Placement groups can help minimize the network latency between the File IQ Appliance and EC2 workloads. By default, when launching a new EC2 instance, the EC2 service attempts to spread all your instances across underlying hardware to minimize correlated failures.
Placement groups influence the placement of interdependent instances at no additional charge. AWS offers three placement group strategies. The Cluster placement group strategy works best to minimize latency. You can add the instance to an existing placement group or create a new one using the Cluster placement group strategy.
You can also change the placement group, as described here.
Use the Summary area to verify and change configuration.
In the Number of Instances text box, use the default value “1”.Click Launch instance. A dialog appears, allowing you to select an existing key pair or create a new one.
Select Proceed without key pair and click Launch instance. The instance is launched.
At the bottom of the screen, click View all instances. The Instances screen appears.
If the Instances screen does not appear, click Instances in the left-hand column. The new instances appear in the list of instances.
Select the check box to the left of the instance. The Instance State displays Running.
Note: Details of the selected instance appear at the bottom of the screen. Click the Status and alarms, Monitoring, and Tags tabs to examine their information.
Name the EBS volumes:
After the instance is running, navigate to the EC2 dashboard.
Access the Instances section and click the File IQ Appliance instance for which you need to name the volumes.
On the instance details page, click the Storage tab, where the list of volumes is attached to this instance.
For each volume, click on the Volume ID column to access the volume details page, and click on the Name column to add a descriptive name. The descriptive name of each volume (such as “File IQdb”) should be prefixed with the File IQ Instance name as a best practice. For example:
In the release prior to 10.1
The EBS Volume with a size = 32 GB should be named “<File IQ_instance_name>_os” for the OS disk.
The EBS Volume with a size = 10 GB should be named “<File IQ_instance_name>_cow” for the COW disk.
The EBS Volume with a size = 30 GB should be named “<File IQ_instance_name>_fiqdb” for the File IQ database disk.
The EBS Volume with a size = 40 GB should be named “<File IQ_instance_name>_cache” for the cache disk.
In the release from 10.1 +
The EBS Volume with a size = 32 GB should be named “<File IQ_instance_name>_os” for the OS disk.
The EBS Volume with a size = 10 GB should be named “<File IQ_instance_name>_cow” for the COW disk.
The EBS Volume with a size = 30 GB should be named “<File IQ_instance_name>_cache” for the cache disk.
The EBS Volume with a size = 40 GB should be named “<File IQ_instance_name>_fiqdb” for the File IQ database disk.
After a volume is renamed, click your browser's back button to return to the list of volumes for your File IQ Instance and proceed with the next volume rename step.
The deployment of the File IQ Appliance instance is complete.
3. Running the File IQ Appliance First Boot Wizard
To access the newly installed File IQ Appliance on Amazon EC2, follow these steps:
Navigate to the EC2 Dashboard by clicking the Services menu at the top of the AWS Management Console and selecting EC2.
From the navigation pane on the left, click Instances. The list of your EC2 instances displays.
Locate and click the EC2 instance you previously created for the File IQ Appliance. The details pane for this instance appears, showing an overview under the Details tab.
Obtain the IP Address under the Details tab:
If a public IP address has been assigned to your instance, you can locate it under the Public IPv4 address field.
If no public IP address is assigned, locate the Private IPv4 addresses field instead. To connect using a private IP, you must be within the same network, for example, a VPN or another EC2 instance within the same VPC.
Note: If both the Public IPv4 address and Private IPv4 addresses are present, you can use either one.
If the IP address field is empty or the instance is not running, click Instance State, followed by Start Instance.
Note: It might take a few minutes for the instance to launch and for the IP address to be displayed. Refresh the page to see the updated information.
Navigate to the First Boot Wizard for the File IQ Appliance by opening a new browser window.
To access the File IQ Appliance, enter the address in this form: https://<IP address>, where <IP address> is the IP address from step 4.
The Enter the Network Parameters for this Filer page appears.
.png)
Enter the Hostname defined in the File IQ Hostname. This was defined in the 1. Before you Begin section.
Complete the remainder of the System Settings defined in the File IQ Network Details as part of the 1. Before you Begin section above.
Click Continue. The Review the Network Settings pane appears.
If all fields are correct, click Continue. The next pane confirms if the File IQ Appliance is Configuring Network Settings. If the File IQ Appliance does not automatically reconnect, try refreshing the page and checking if the File IQ Appliance’s IP address has changed. If so, update the browser address bar.
The Nasuni Filer Software Update pane appears. Click Continue.
Enter the File IQ Serial Number and Authorization Code obtained under the File IQ Serial Number and Authorization Code as part of the 1. Before you Begin section above.
Click Continue. The Add a New Nasuni Filer to your account pane appears.
Note: If you get an Invalid serial number or access code provided during this step, it is because you have used a NEA Serial Number instead of an File IQ Serial Number. Nasuni recommends double-checking your Serial Number and trying again. See the 1. Before you Begin section for the correct location to the File IQ Serial Number and Authorization Code values.
Enter Install New Filer into the Confirmation textbox.
Click Continue. The Accept the Terms of Service and License Agreement pane appears.
Accept the Terms of Service and click Continue. The Enter or accept Filer Name pane appears.
Click Continue. The Nasuni Management Console Detected pane appears.
Enable the Join NMC Management checkbox and click Continue. The Enter a username and password for Administration of this Filer pane appears.
Enter your NMC local account Username and Password, and then Confirm Password. These were obtained in the File IQ Username and Password section of the 1. Before you Begin section above.
Click Continue, the First Boot Wizard is complete, and the File IQ Appliance Management window appears.
3.1 Joining the File IQ Appliance to Active Directory
If the volumes you want to scan are protected by Active Directory, you must join your File IQ Appliance to the Active Directory domains to secure these volumes.
Note: The configuration of Active Directory can vary based on different factors, and your specific configuration might require additional settings that are not mentioned in this section. If you encounter any issues while connecting to Active Directory, reach out to your Nasuni Account Manager for assistance.
Follow this procedure to join Active Directory:
Open a Web Browser and access the File IQ Appliance. Enter the address in this form: https://<IP address>, where <IP address> is the IP address from step 4 in the previous section. The File IQ Appliance user interface appears.
Ensure that the hostname of your File IQ Appliance is shorter than 16 characters:
From the Configuration menu, select Network Configuration under the Networking section.
Verify that the hostname in Hostname or FQDN is 15 characters or less.
If required, shorten the hostname and click Save Network Configuration.
Enter your Nasuni admin account details, confirm, and wait for the File IQ Appliance to apply the new settings.
Enter the IP address for your primary DNS server in the Primary DNS server text box. You must enter a valid hostname or IP address.
From the Configuration menu, select Network Configuration under the Networking section.
In Settings Source, under System Settings, select DHCP with Custom DNS.
Leave the Search Domain empty.
Set the Primary DNS server to your Active Directory PDC’s IP address.
Click Save Network Configuration. You must enter your Nasuni admin account details, confirm, and wait for the appliance to apply the new settings.
Join the File IQ Appliance to Active Directory by following these steps:
From the Configuration menu, select Directory Services under the CIFS & Directory Services section.
Enter the fully qualified Active Directory domain name in the Domain entry field.
Unless instructed by your Nasuni Account Manager, do not change any other fields.
Click Continue. The Confirm/Authenticate Directory Service dialog box appears.
In the Confirm/Authenticate Directory Service dialog box, enter your Active Directory administrator username and password and click Submit.
Wait until the joining process is complete and the Volume Selection page is displayed.
Select all volumes you wish to access from the File IQ appliance and click Continue.
Wait until the volume configuration is complete and the Domain Configuration page is displayed.
Enable all the trusted domains you wish to monitor users from and click Continue.
Wait until the trusted domain configuration is complete and the “Complete the Configuration” page is displayed.
Click Finish to finish the Active Directory configuration.
The display then returns to the Directory Services page and displays Active Directory domain information.
You have successfully joined Active Directory.
4a. Set the Escrow Passphrase for the File IQ Appliance (10.0+)
Important: In order to use DR capabilities a backup of the File IQ Appliance configuration needs to happen. Setting the escrow passphrase enables the backup.
Note: In order to use the Nasuni File IQ Database backup feature DR needs to be configured for the File IQ Appliance.
To set the escrow key for the File IQ Appliance, follow this procedure:
Log in to the Nasuni Management Console associated with the File IQ Appliance.
Click Filers.
Click Escrow Passphrase. The Filer Escrow Passphrase pane appears.
Select the File IQ Appliance entry in the table and click Edit 1 Filer. The Set Escrow Passphrase dialog box appears.
Enter the same passphrase for both Escrow Passphrase and Confirm Passphrase.
Click Set Passphrase. The dialog box closes and returns to the Filer Escrow Passphrase pane.
If you do not use the Nasuni Escrow Service, instead of setting an escrow passphrase, you can upload your own encryption keyfile and set it as a recovery backup key:
Log in to the File IQ appliance web UI.
From the Configuration menu, select Encryption Keys.
Click Upload Encryption Keys.
Choose your externally generated OpenPGP keyfile.
Enter the Key Passphrase, if the keyfile has been secured with a passphrase.
Click Import Key.
Make sure the key has been imported, and click "Set backup key" to set it as a recovery backup key.
4b. Add the File IQDB Disk to the File IQ Appliance
Important: These steps are only applicable to File IQ Appliances prior to the 10.1 release.
Before enabling the File IQ Appliance, add another disk for the File IQ Database, by following this procedure:
Log in to the Nasuni Management Console associated with the File IQ Appliance.
Click Filers.
Click Shutdown & Reboot. The Shutdown and Reboot pane appears.
For the File IQ Appliance, click the associated Shutdown/Reboot action. The Initiate Shutdown/Reboot of File IQ Appliance pane appears.
Enter ‘Change Filer Power State’ into the Confirmation Phrase textbox.
Select Shut down immediately. Click Shutdown. The Shutdown and Reboot pane appears. Wait until the Status column for the File IQ Appliance changes to a checkmark before proceeding; at that point, the File IQ Appliance is shut down.
Go to the Amazon Web Services EC2 console at: https://console.aws.amazon.com/ec2/. The EC2 Dashboard page appears.
Click Instances under the Instances section in the left-hand menu and click on your File IQ Appliance.
Take note of the Instance ID and Availability Zone to use in a later step.
Click Volumes under the Elastic Block Store section in the left-hand menu
Click Create volume. The Create Volume pane appears.
Volume Type: Nasuni recommends using Provisioned IOPS SSD (io2) for the File IQ DB volume.
Size: Use the File IQ Sizing Tool to estimate the size of the Nasuni File IQ DB volume.
IOPS: Use the File IQ Sizing Tool to estimate the IOPS of the Nasuni File IQ DB volume.
Throughput: Not applicable if you select Provisioned IOPS SSD (io2) for Volume Type. Otherwise, use the File IQ Sizing Tool to estimate the throughput of the Nasuni File IQ DB volume.
Availability Zone: Must match the Availability Zone of your File IQ Appliance.
Select the newly created volume from the list of Volumes.
Click Actions and then Attach volume.
Instance: Enter the Instance ID which was copied in step 9 and select your File IQ Appliance.
Device Name: Select /dev/sdd as the device name.
Click Attach.
Click Instances under the Instances section in the left-hand menu and click on your File IQ Appliance.
With the instance selected, click the Instance state dropdown menu at the top of the page.
Click Start instance from the dropdown options. It might take a few minutes for the instance to start. You might need to refresh the page to see the updated information
The File IQ Appliance Virtual Machine starts.
5. Connect the Nasuni Volumes to the File IQ Appliance
Important: For the Basic version of File IQ a maximum of 19 volumes can be connected to a File IQ Appliance for metadata analysis. For the Premium version of File IQ a maximum of 47 volumes can be connected to a File IQ Appliance for metadata analysis. If these limits are exceeded, then the metadata analysis stops until the number of connected volumes for metadata analysis falls within the specific range.
Note: The File IQ Appliance Administration UI Status > Subscription Status pane will not accurately reflect the Max Volumes / Filer values based on the settings above. You should ignore the value Max Volumes / Filer in the Status > Subscription Status pane.
Note: You might see a "File IQ unhealthy" alert displayed prior to enabling the File IQ service in step 7. This alert is expected and resolves itself after a successful File IQ service enablement.
To share and connect a volume to the File IQ Appliance for metadata analysis, follow this procedure:
Log in to the Nasuni Management Console associated with the File IQ Appliance.
Set up remote access for the Volume by following this procedure:
Click Volumes.
Click Remote Access. The Volume Remote Access Setting pane appears.
Select the volumes that you want to share. These should match the Volumes in the Volumes List section in the 1. Before you Begin section above.
Click Edit Volumes. The Edit Volume Remote Access Settings dialog box appears.
Ensure that the Enabled toggle is set to On.
For Remote Access Permissions, select Custom.
For the File IQ Appliance entry in the Custom Remote Access Permissions section, select Read Only.
Caution: Ensure that you change only the Remote Access entry for the File IQ appliance to Read Only. Be sure to leave the Remote Access entries for the other volumes unchanged.Unselect all sharing options and click Save Remote Access Settings. The Volume Remote Access Setting pane appears.
Wait until the Status for each of the selected volumes changes to a checkmark before proceeding.
Connect the Volumes to the File IQ Appliance by following these steps:
Click Volumes.
Click Connect Volume. The Remotely Accessible Volumes pane appears.
Click Refresh Connections and wait for the process to complete.
For the volumes for which you set up remote access to the File IQ Appliance (step 2 above), click Edit Connections. The Connect/Disconnect Volume dialog box appears.
In the Filers section, enable the File IQ Appliance checkbox.
In the Storage Access section, select Skip creating storage access point.
In the Inherit Setting section, untick the three inherit setting checkboxes.
Click Save Connections. The dialog box closes and returns to the Remotely Accessible Volumes pane.
Wait until the Status column for the Volume changes to a checkmark before proceeding.
Disable Snapshot Schedule for the FILE IQ Appliance and volume pairs by following one of these sets of steps:
For volumes not managed by GFA, follow these steps:
Click Volumes.
Click Snapshot Schedule.
The Volume Snapshot Schedule pane appears.
Expand the volumes for which you configured remote access in step 2.
For each expanded select each item that is a File IQ Appliance.
Click Edit Volumes.
The Snapshot Schedule dialog box appears.
Click Select/Deselect all until all of the Days turn from color to grey.
Click Save Configuration.
The changes are saved.
Note: The changes might take up to 10 minutes to apply.
For volumes managed by GFA, follow these steps:
Click Volumes.
Click Snapshot Schedule.
The Volume Snapshot Schedule pane appears.
Select the volumes for which you configured remote access in step 2.
For each selected volume, expand its list to display the associated NEAs and File IQ Appliances.
Deselect each item that is not a File IQ Appliance.
Click Edit Volumes.
The Snapshot Schedule dialog box appears.
Set the Enablement Window to On.
Deselect all until all the Days turn from color to grey.
Click Save Configuration. The changes are saved.
Note: The changes might take up to 10 minutes to apply.
Disable Sync Schedule for the File IQ Appliance and Volumes pairs by following these steps:
Click Volumes.
Click Sync Schedule.
The Sync Schedule pane appears.
Select a volume for which you configured remote access in step 2.
Expand the volume's list to display the associated NEAs and File IQ Appliances.
Deselect each item that is not a File IQ Appliance.
Click Edit Volumes.
The Sync Schedule dialog box appears.
Click Select/Deselect all until all of the Days turn from colored to grey.
Click Save Schedule.
The changes are saved.
The changes might take up to 10 minutes to apply.
Note: Repeat steps c-h in this section for each Volume connected to File IQ.
6. Disabling Quality of Service (QoS) for the File IQ Appliance
It is recommended to disable the Quality of Service (QoS) for the File IQ Appliance as the main workloads involve synchronization of content to the File IQ Appliance and the system wants to ensure this happens as quickly as possible.
To disable the Quality of Service (QoS) for the File IQ Appliance, follow these steps:
Log in to the Nasuni Management Console associated with the File IQ Appliance.
Click Filers.
Click Quality of Service. The Filer Quality of Service pane appears.
Select the File IQ Appliance entry in the table and click Edit Filers. The Quality of Service Settings dialog box appears.
For all existing Quality of Service rules, click Delete.
Click Save Rules. The dialog box closes and returns to the Filer Quality of Service pane.
7. Enabling the File IQ Appliance and Configuring File IQ Service
By default, your File IQ service is turned off on the File IQ Appliance. Additionally, the File IQ Service on the NEA is off and is not configured to use any File IQ Appliance.
This section outlines how to enable your File IQ Product on the File IQ Appliance and then configure one or more NEAs to send activity information to the File IQ Appliance.
The Nasuni Portal or Nasuni Orchestration Center (NOC) User Interface enables File IQ on the File IQ Appliance and the NEA.
Use this section to perform the following:
Enable the File IQ Product on the new File IQ Appliance.
Enable File IQ Service and Assign the File IQ Appliance for the NEA.
Before getting started, ensure that the following items from the 1. Before You Begin section are complete for this specific area:
NMC Login
NEA(s) List
Note: Before proceeding, confirm that the NMC, File IQ Appliance, and NEAs are all started and running.
a. Enabling the File IQ on the New File IQ Appliance
Use either the Nasuni Portal or the Nasuni Orchestration Center to enable File IQ on the File IQ Appliance.
Nasuni Portal
To enable the File IQ Appliance from the Nasuni Portal, follow these steps:
Log in to the Nasuni Portal.
Navigate to Appliance Services > File IQ Configuration.
Click on the File IQ Appliance in the table list. The checkbox becomes Enabled.
From the Enable/Disable drop-down menu, click on Enable Selected. The State changes to Enabled for the File IQ Appliance in the table list.
This action is automatically saved.
Nasuni Orchestration Center
To enable the File IQ Appliance from the Nasuni Orchestration Center (NOC) UI, follow these steps:
Log in to Nasuni Orchestration Center.
Click the File IQ Config tab. The File IQ pane appears.
In the Configuration section, select the Disabled toggle for the new File IQ Appliance. The toggle becomes enabled, and the label changes to Enabled.
Click Save.
The configuration change is stored.
b. Enabling File IQ Service and Assigning the File IQ Appliance for the NEA
Important: The Nasuni Edge Appliance(s) that are used for data migration or third-party integration purposes should not be enabled to send events to File IQ Appliance(s).
In this section, enable the File IQ Service for each of the NEAs that you have chosen to report activity to the File IQ Appliance. You should have defined each NEA as part of the NEAs List entry in the 1. Before you Begin section above.
Use either the Nasuni Portal or the Nasuni Orchestration Center to enable the File IQ service and assign the File IQ Appliance for the NEA.
Nasuni Portal
To enable the File IQ Service and assign the File IQ Appliance for each of these Nasuni Edge Appliances from the Nasuni Portal, follow these steps:
Log in to Nasuni Portal.
Navigate to Appliance Services > File IQ Configuration
Click on the Edge entry in the Configuration items on the left of the page
Click on the Edge name in the table list. The checkbox becomes Enabled.
From the Enable/Disable drop down menu click on Enable Selected. The State changes to Enabled for the Edge name in the table list.
This action is automatically saved.
Click on the Assign/Unassign File IQ button. The File IQ Assignment panel appears.
From the drop down list select the name of the File IQ Appliance that you want to assign the previously selected Edge entries.
Click Save.
Nasuni Orchestration Center
To enable the File IQ Service and assign the File IQ Appliance for each of these Nasuni Edge Appliances from the Nasuni Orchestration Center, follow these steps:
Log in to Nasuni Orchestration Center.
Click the File IQ Config tab. The File IQ pane appears.
In the Enable File IQ Service on appliances section, click the Disabled toggle for the specific NEAs. The toggle becomes enabled, and its label changes to Enabled.
For the same NEAs, from the Assign File IQs to NEAs dropdown menu, select the new File IQ Appliance.
The dropdown shows the new File IQ Appliance as assigned to the NEAs.Click Save.
The configuration change is stored.
c. Forcing the Configuration to be Applied to the File IQ Appliance and Nasuni Edge Appliance
After the configuration is saved, it can take up to 1 hour for the configuration to become active on the File IQ Appliance and NEAs. Instead, you can force the configuration to immediately refresh using the Refresh License feature in the NMC so that you can move on to 8. Accessing the File IQ Dashboards immediately.
To force the configuration to become active, follow these steps:
Log in to the Nasuni Management Console associated with your account.
Click Filers.
Click Refresh License. The Refresh Subscription License pane appears.
Select the File IQ Appliance and NEAs used in steps a. and b. above and click Update Filers. The Refresh Subscription License dialog box appears.
Click Refresh License. The dialog box closes, and you return to the Refresh Subscription License pane. Wait until the Status column for the values you selected in step 4 has changed to a checkmark before proceeding.
Important: The initial scanning of your volume files begins immediately. This process can take a while, depending on the number of files and directories to be scanned initially. It can take on the order of 1 hour per million files and directories for this first scan.
Subsequent scans occur every 24 hours after the initial scan. Subsequent scans are much faster, because they only deal with changes to the existing volumes. To view the progress of the Volume scans use the System Status dashboard > Volume Scan Detailed Status panel and Service Support dashboard > Volume Scan State Logs panel.
8. Accessing the File IQ Dashboards
The results of scanning the selected volumes appear in numerical and graphical form on the File IQ Dashboards. For details on the File IQ Dashboards, see File IQ Dashboards.
The File IQ Dashboards contain all the information for NEA activity and volume metadata that the File IQ Appliance receives and produces.
To access the File IQ Dashboards, follow this procedure:
Open a new browser window.
Enter the address in this form:
https://<FILE-IQ-FQDN>:3000where <FILE-IQ-FQDN> is the FQDN of the File IQ Appliance, assigned in 3. Running the File IQ Appliance First Boot Wizard. The File IQ Dashboard user interface appears.
In the Email or username field, enter “Viewer”.
Caution: Do not rename the Grafana viewer account. The Initialization program expects the viewer account to be present. If the viewer account is not present, the Initialization of the viewer account recreates the viewer account with the default password.
In the Password field, enter “nasuni_IQ_2024!”.
Note: Nasuni highly recommends updating the default password for the Grafana viewer account during the first usage.
Click Log in. The system logs you into the File IQ Dashboard, and the Home page appears.
It is important to change the default password. To change the password, follow this procedure:
Click the avatar icon at the top right of the File IQ Dashboard. A context menu is displayed.
In the context menu, click Change password. The Change Password pane appears.
In the Old Password textbox, enter the original default password “nasuni_IQ_2024!”.
Enter the new password into the New password and Confirm password text boxes. Click Change Password.
The password is saved, and a dialog appears in the top right corner with the text User password changed.Click Home in the top left corner to return to the Home page.
9. Nasuni File IQ Status and File IQ Appliance Health
This section describes the Nasuni File IQ Status tool that is shipped with the File IQ Appliance.
a. File IQ Status Tooling
The File IQ Status tool, shipped with the File IQ Appliance, offers key insights into the operational health of the File IQ Appliance installation. At any point during the setup of the File IQ Appliance or afterward, the File IQ Status displays the health of key sections of the File IQ Appliance.
Each line has three possible status values:
Healthy: Indicated by a Green tick symbol. No action is required in this case.
Unhealthy: Indicated by a Red x symbol. Action is required in this case.
Informational: Indicated by a Yellow triangle with an exclamation point inside. Action may be required depending on the organization’s use case for File IQ.
Note: Informational items do not cause a health check to return as an error condition.
The Unhealthy and Information points are accompanied by a detailed text on the problem space and links to the Nasuni documentation to address them.
As the installation of File IQ progresses, it is recommended to run File IQ Status to ensure the setup is functional. Depending on when you run the File IQ Status tool, warnings and errors may be expected. For example, before enabling File IQ on the NOC or Portal, it is expected that the check for this does not pass.
b. File IQ Appliance Health
The File IQ Appliance reports its health to the NMC and uses the File IQ Status Tooling as the basis for the information. If the NMC reports a File IQ Appliance as unhealthy, the File IQ Status tool provides the customer with the cause of the problem, as well as remediation materials.
To view the current health of the File IQ Appliance in the NMC, follow this procedure:
Log in to the Nasuni Management Console (NMC) associated with your account.
Click Filers.
Click the name of the File IQ Appliance in the table at the bottom of the page. The File IQ Appliance Details pane appears.
The Health section is displayed at the bottom right of the pane.
c. File IQ Status Messaging
The list of health items that the File IQ Status can provide is outlined in the following table:
Name | Description | Since version | Health Item * | Premium Only ** |
|---|---|---|---|---|
Nasuni File IQ Enabled in NOC | Indicates that the File IQ appliance has been enabled in the Nasuni Portal UI or NOC UI. | 10.0 | Yes | No |
Nasuni File IQ database filesystem created | Indicates that the file system for the File IQ DB has been created. | 10.0 | Yes | No |
Nasuni Appliance filesystem sizes | Indicates that the size of the disks on the File IQ Appliance meet the expected size ratios. | 9.15 | Yes | No |
Nasuni File IQ sizing | Indicates that the virtual machine is sized appropriately based on the data stored in the system at the time the tool is run. | 10.1 | Yes | No |
Nasuni File IQ database filesystem usage | Indicates that there is a problem with the File IQ DB disk has adequate space. When the File IQ disk is ≥90% full it will show unhealthy. When the File IQ DB disk reaches ≥85% full it will show as an information point. | 9.15 | Yes | No |
Nasuni File IQ database created | Indicates that the File IQ Database has been created on the File IQ Appliance. | 9.15 | Yes | No |
Nasuni File IQ database running | Indicates that that File IQ Database service is running successfully. | 9.15 | Yes | No |
Nasuni File IQ Appliance connected to Directory Service | Indicates that the File IQ Appliance is connected to an Active Directory service. | 9.15 | No | No |
Nasuni volumes mounted | Indicates that volumes have been connected to the File IQ Appliance for metadata analysis. | 9.15 | Yes | No |
Nasuni volumes mounted Read-only | Indicates that the volumes connected to the File IQ Appliance for metadata analysis are connected as Read Only. | 9.15 | Yes | No |
Nasuni File IQ event queue created | Indicates that the File IQ Appliance has successfully created the Event Queue required for communicating with the NEAs for activity data. | 9.15 | No | No |
Nasuni File IQ event queue connectivity | Indicates that the File IQ Appliance has successfully connected to the Event Queue required for communicating with the NEAs for activity data. | 9.15 | No | No |
Nasuni audit events received | Indicates that the File IQ Appliance is successfully receiving activity data from one or more NEAs. | 9.15 | No | No |
Nasuni volumes have snapshot and sync disabled | Indicates that all of the volumes connected to the File IQ Appliance for metadata analysis have their sync and snap schedules disabled. | 10.0 | No | No |
Nasuni File IQ system memory size check | Indicates that there has been no recent cores for the File IQ process and that the File IQ Appliance recently has not experienced an Out of Memory (OOM) situation. | 10.1 | Yes | Yes |
Nasuni File IQ cache usage | Indicates that the Cache disk on the File IQ Appliance has adequate space. | 10.0 | Yes | No |
Nasuni File IQ Event Hub Partitions check | Indicates that the Event Queue processing is utilizing all of the capacity available to the system. | 10.0 | Yes | No |
Nasuni File IQ Database Backup Configuration | Indicates the File IQ Database backup is configured and enabled on the system. | 10.1 | Yes | No |
Nasuni File IQ Database Backup Status | Indicates that the File IQ Database backup has been successfully run on the File IQ Appliance. | 10.1 | Yes | No |
Nasuni File IQ Database Backup Available | Indicates that the File IQ Database backup is accessible in the cloud storage. | 10.1 | Yes | No |
Nasuni File IQ Database WAL Archiving Status | Indicates that the File IQ Database backup of the Write Ahead Logs (WAL) is keeping up with the workload on the File IQ Appliance. | 10.1 | Yes | No |
Nasuni Appliance Backup Key set up | Indicates that the Escrow Passphrase has been set for the File IQ Appliance. | 10.1 | Yes | No |
Nasuni Appliance Backup available | Indicates that the File IQ Appliance’s configuration has been backed up to the NOC and it is in a DR ready state. | 10.1 | Yes | No |
Nasuni File IQ Reporting Service running | Indicates that the Reporting Service is running on the File IQ Appliance. | 10.1 | Yes | Yes |
Nasuni File IQ Reporting cron job configured | Indicates that the cron job that schedules the Reports has been configured on the File IQ Appliance. | 10.1 | Yes | Yes |
Nasuni File IQ Report staging volume configured | Indicates that a Volume has been connected to the File IQ Appliance to store reports and the Reporting Service has been configured to use this Volume to store the reports that the service generates. | 10.1 | Yes | Yes |
Nasuni File IQ Report staging path configured | Indicates that an absolute directory path on the volume used by the Reporting Service has been configured and checked for ability to store reports. | 10.1 | Yes | Yes |
Nasuni File IQ Report execution failures during previous 24 hours | Indicate that the Reporting Service has had no failures in executing reports within the past 24 hours. | 10.1 | Yes | Yes |
Nasuni File IQ Single Sign-On Configuration | Indicates that the SSO feature has been configured for the File IQ Dashboard. | 10.1 | Yes | Yes |
Nasuni File IQ Single Sign-On health check | Indicates that the SSO feature for the File IQ Dashboard is passing the health checks which ensures that the feature is operational. | 10.1 | Yes | Yes |
* The Health Item indicates whether this item may raise a health problem to the NMC.
** The Health Item varies between the Basic and Premium versions of the File IQ Appliance.
Appendix A: Firewall Configuration
The File IQ Appliance and Nasuni Edge Appliance both require access to the Microsoft Azure Event Hub API. For configuration instructions, see Firewall and Port Requirements.
Appendix B: Deletion Security
The Amazon cloud storage platform offers several safeguards to prevent or mitigate unwanted deletion. You might choose to employ some or all these safeguards.
For specific recommendations and guidelines on managing and safeguarding EC2 instances and associated disks (EBS volumes), AWS provides targeted documentation that can help protect these resources from accidental or unauthorized deletion.
For more information directly related to managing EC2 instances and EBS volumes, see the following resources:
Amazon EC2 Documentation. This section includes detailed information on managing instances, including permissions and lifecycle considerations: Amazon EC2 Documentation
Amazon EBS Documentation. Covers all aspects of managing Elastic Block Store volumes, including backups, encryption, and preventing accidental deletion: Amazon EBS Documentation
AWS Using IAM to Manage Access to Amazon EC2 Resources. Provides guidelines on how to create and manage IAM policies for EC2 resources, crucial for preventing unauthorized access or deletion: Manage Access to EC2 Resources
Preventing Unintended Resource Deletion with AWS Rule Locks. While not limited to just EC2 and EBS, this guide explains how to use rule locks to prevent accidental deletion: Rule Locks.
Storage Redundancy
Carefully consider the best redundancy options for your data and your organization. Considerations might include legally mandated data locations and geographic proximity to other resources.
To achieve this, Amazon provides Regions and Availability Zones, AWS Local Zones, Data Replication Options, and Automation and Scaling Capabilities. For more information, see Resilience in Amazon EC2.
Locking Resources
Locking resources in AWS is critical to ensuring that essential components are not accidentally modified or deleted. AWS offers various mechanisms to control and restrict these operations, enhancing security and governance across your AWS environment.
Resource Locking Features in AWS
AWS Resource Locks: Lock your resources to prevent accidental deletion or modification. Achieve this using IAM policies that restrict delete permissions and other critical operations.
IAM Policies:
Prevent Deletion: Configure IAM policies to deny the deletion of specific resources. Specify actions that cannot be executed, effectively implementing a CanNotDelete lock.
Read-Only Access: Set read-only access policies to resources to prevent modifications.
Permissions Required: Specific permissions to alter IAM policies or service configurations are required to create or manage locks. Typically, only users with administrative privileges (AdministratorAccess) or those explicitly granted permissions can manage these locks.
Inheritance: Locks in AWS are not inherited through resource hierarchy (like resource groups) by default. Each resource needs a specific lock or IAM policy to ensure protection.
For more information, see Controlling access to AWS resources using policies.
Protecting Attached Resources in AWS
AWS incorporates several safeguards to prevent the unintended deletion of resources currently in use or attached to other services, ensuring data integrity and continuity of operations.
Features for Protecting Attached Resources in AWS
Amazon EC2 and EBS volumes:
Prevention of Deletion: AWS does not allow the deletion of an Amazon Elastic Block Store (EBS) volume when attached to a running instance. This safeguard ensures that active data is not accidentally removed.
Deletion Protection: Configure Amazon EC2 instances with deletion protection to prevent accidental termination through the AWS Management Console, CLI, or API.
Leased Resources: AWS provides similar protections via resource-locking features and permissions management.
Permissions and Policies: In AWS, IAM policies are critical in preventing resource deletion. Define policies restricting users' ability to delete important resources like EC2 instances, EBS volumes, and more.
For more information, see Amazon EC2 and Amazon EBS.
Appendix C: Controlling the EC2 File IQ VM
Virtual platforms offer the ability to control various aspects of your File IQ Appliance. This section presents procedures for these control functions. Because these controls depend on third-party virtual platforms, you should follow the procedures for your specific virtual platform.
Note: The vendor changes their interfaces occasionally with little notice to the users. The exact screens and text on these platforms might change at any time.
Starting the Amazon EC2 VM
You can start a stopped Amazon EC2 VM of the File IQ Appliance on the virtual platform.
To start a stopped Amazon EC2 VM, follow these steps:
Open your web browser and navigate to: https://console.aws.amazon.com/ec2/.
Once logged in, navigate to the EC2 Dashboard.
On the EC2 Dashboard, click Instances in the left-hand navigation pane. A list of your EC2 instances displays.
In the list of instances, locate the File IQ Appliance instance you want to start. You can identify it by its Instance ID, Name tag, or other details set during its creation or previous configuration.
Select the instance by clicking the checkbox next to its name.
With the instance selected, click the Instance State dropdown menu at the top of the page.
Click Start instance from the dropdown options.
Note: This might require a few minutes to launch, or a page refresh to see the updated information.
Status of the Amazon EC2 VM
To view the status of the Amazon EC2 VM of the File IQ Appliance, follow these steps:
After starting the instance, monitor its status in the Instance state column of the Instances list.
The instance might take a few minutes to change from Stopped to Pending to Running.
Once the instance status is Running, it indicates that the system has completed the boot process. However, additional time might be required for the operating system to load and for any startup tasks to be completed. To determine operational readiness, monitor the Status check column for any system and instance checks to pass, confirming that all services and applications are fully functional and ready for use.
Shutting Down the Amazon EC2 VM
To shut down the Amazon EC2 VM, follow these steps:
Log in to the Nasuni Management Console associated with the File IQ Appliance.
Click Filers.
Click Shutdown & Reboot. The Shutdown and Reboot pane appears.
For the File IQ Appliance, click the associated Shutdown/Reboot action.
The Initiate Shutdown/Reboot of File IQ Appliance pane appears.
Enter “Change Filer Power State” into the Confirmation Phrase textbox.
Select the Option to Shut down immediately. Click Shutdown. The Shutdown and Reboot pane appears.
Wait until the Status column for the File IQ Appliance changes to a checkmark before processing and the File IQ Appliance shuts down.
Appendix D: Uninstalling the Amazon EC2 VM
This section describes uninstalling the File IQ Appliance from the Amazon EC2 platform.
Note: Vendors change their interfaces occasionally with little notice to the users. The exact screens and text on these platforms might change at any time.
Uninstalling the File IQ Appliance
To uninstall the File IQ Appliance on the Amazon EC2 VM platform, follow these steps:
After logging in to https://console.aws.amazon.com/ec2/, navigate to the EC2 Dashboard.
Click Instances in the left-hand navigation pane to view your EC2 instances.
Locate the File IQ Appliance VM you want to uninstall and click the checkbox next to its name.
From the Instance State dropdown menu, select Stop instance to ensure the VM is stopped.
Confirm the action by clicking Stop in the confirmation dialog.
With the instance still selected, click Actions.
Navigate to Instance State and then select Terminate instance.
A confirmation dialog box appears with a list of associated EBS volumes. Note the EBS Volume identifiers. This list of volume identifiers might be used to identify the list of volumes to be deleted.
Confirm your intention to delete the instance by clicking Terminate. This action permanently deletes the VM.
Terminating the virtual machine might not delete the EBS volumes associated with it.
To delete the associated EBS volumes, follow these steps:
After terminating the instance, navigate to Volumes in the left-hand navigation pane.
Look for any volume names prefixed with the File IQ Instance name ,or use the list of volume identifiers provided in the Terminate instance confirmation dialog.
Select the volumes in the Volumes table view.
If any of the volumes are still associated with the terminated instance, click Actions.
Select Detach volume, and a confirmation dialog appears.
Click Detach. The associated volumes are no longer associated with the terminated instance and are ready to be deleted.
Confirm that the volumes are selected in the Volumes table view.
Click Actions and select Delete volume. A confirmation dialog with a list of volume identifiers appears.
Type “delete” in the Confirmation field.
Confirm the deletion by clicking Delete.
Revisit the Instances and Volumes sections to ensure that the instances and volumes have been successfully deleted.
Appendix E: Resizing the File IQ EBS Volumes
This section describes how to resize the File IQ Appliance EBS volumes from the Amazon EC2 platform.
Note: Vendors change their interfaces occasionally with little notice to the users. The exact screens and text on these platforms might change at any time.
Important: Only EBS volumes can be increased.
Prerequisites:
The File IQ Instance installation is complete.
The File IQ EBS volumes are correctly named using the prefixing of the volume names (such as “File IQdb”) with the File IQ Instance name. For more information, see step 20 of 2. Installing File IQ using the Amazon EC2 AMI.
To resize the File IQ EBS volumes, follow these steps:
Log in to the Nasuni Management Console associated with the File IQ Appliance.
Click Filers.
Click Shutdown & Reboot. The Shutdown and Reboot pane appears.
For the File IQ Appliance, click the associated Shutdown/Reboot action. The Initiate Shutdown/Reboot of File IQ Appliance pane appears.
Enter ‘Change Filer Power State’ into the Confirmation Phrase textbox.
Select Shut down immediately, and click Shutdown. The Shutdown and Reboot pane appears.
Wait until the File IQ Appliance's Status column changes to a checkmark before proceeding; at that point, the appliance is shut down.
Go to the Amazon Web Services EC2 console at: https://console.aws.amazon.com/ec2/. The EC2 Dashboard page appears.
Click Volumes in the left-hand navigation pane to view your list of EBS volumes.
The list of volumes displays. By filtering the list of volumes using the File IQ Instance name, locate the File IQ EBS volumes you need to resize.
For each of the volumes displayed in the list that you want to resize, execute the following steps:
Select the Volume checkbox that you want to change.
From the Actions dropdown menu, select Modify volume. The editor for the volume appears.
Via the Volume editor, you can update:
The Volume type. Nasuni recommends:
Using Provisioned IOPS SSD for both the File IQ cache volume and File IQ DB volumes.
Using General Purpose SSD for both the Operating System and COW volumes.
The volume's Size. Use the File IQ Sizing Tool to estimate the size of the Nasuni Cache and File IQ DB volumes.
The volume's IOPS value. Use the File IQ Sizing Tool to set this value.
The Throughput value (MiB/s).
Note: This option is available when the volume type is set to gp3.
Click Modify. A confirmation dialog box appears. Ignore the message indicating that the file system must be extended to the new volume size. The File IQ appliance automatically detects when the EBS volume is extended and adjusts the file system accordingly.
Click Modify. The volume update is triggered, and the list of all the volumes is displayed.
On the left panel, click Instances. The list of Instances is displayed, and the same File IQ instance previously modified should remain selected. If not, reselect the File IQ Instance to display the detailed view of the Instance.
With the instance selected, click the Instance state dropdown menu at the top of the page.
Click Start instance from the dropdown options. It might take a few minutes for the instance to start. You might need to refresh the page to see the updated information.
The File IQ Appliance Virtual Machine starts.