File IQ Installation for AWS EC2

This guide is intended for the IT administrator or person responsible for installing the File IQ Appliance on the Amazon EC2 platform.

General Information

This section includes general information about the File IQ Appliance and technical specifications.

File IQ

The File IQ feature is designed to provide insights and analytics on your file data usage patterns. File IQ enables you to quickly take advantage of several important capabilities, including:

• File Usage Analytics: Track usage and collaboration patterns across users, departments, file types, volumes, and more. Gain visibility to optimize storage, plan capacity, and facilitate capacity-based chargeback.

• Health Monitoring: Monitor system component metrics to proactively identify resource contention and capacity limits so administrators can take preventative measures.

• Forensic Capabilities: Perform historical analysis of file, user, or application activity when troubleshooting issues or investigating information security events.

• Automated Reporting: Leverage prebuilt reports and dashboards that deliver actionable intelligence to technical and business users and support chargeback reporting.

Key Terms

The following terms are helpful for understanding the File IQ Appliance:

• AWS: Amazon Web Services is a subsidiary of Amazon that provides on-demand cloud computing platforms and APIs.

• Cache: The local storage of the File IQ Appliance. All Volume metadata accessed regularly is kept locally in the File IQ Appliance cache. If the requested metadata is not locally resident, it is staged into the cache and provided for the request.

• EBS Volume: An Elastic Block Storage (EBS) Volume hosts virtual data in segments. It is like a storage disk with the ability to contain various sizes of data. By default, the File IQ Appliance is provisioned with four different EBS Volumes. Two IQ EBS volumes must be resized based on the output of the Sizing Tool, and the File IQ EBS volume must be resized with a capacity of 64GB.

• EC2: Amazon Elastic Compute Cloud, a part of Amazon.com's cloud-computing platform, Amazon Web Services, that allows users to rent virtual computers to run their computer applications.

• Event Hubs: A cloud-native data streaming service used to forward events between components of the File IQ Solution.

• Grafana: Grafana is a multi-platform open-source analytics and interactive visualization web application. It provides charts, graphs, and alerts for the Web when connected to supported data sources.

• Nasuni Edge Appliance (NEA): The virtual or physical Nasuni appliance that integrates with your infrastructure via CIFS (SMB), NFS, FTP/SFTP, or HTTPS/REST protocols. The Nasuni Edge Appliance can be mapped as a network drive.

• Nasuni Edge Appliance user interface: The Web-based graphical user interface configures and manages the Nasuni Edge Appliance. It is accessible with supported Web browsers, including Mozilla Firefox, Microsoft Edge, Apple Safari, and Google Chrome.

• File IQ: The File IQ Appliance contains the database, Grafana server, event processing, and volume scanning capabilities that the File IQ Solution uses to give insight into Nasuni Edge Appliance and Volume usage across your Nasuni deployments.

• File IQ AMI: Amazon Machine Image. The Nasuni-provided image used to run an File IQ Appliance in EC2.

• Nasuni Management Console (NMC): This Web-accessible appliance configures and manages multiple Nasuni Edge Appliances. It is accessible with supported Web browsers, including Mozilla Firefox, Microsoft Edge, Apple Safari, and Google Chrome.

• Nasuni Orchestration Center (NOC): Nasuni’s zero-maintenance control path is built on elastic, multi-region cloud services that enable file data to be shared across locations at any scale and without version conflict. The NOC, also called the Nasuni Account Dashboard, also provides access to File IQ Serial Numbers used to install File IQ.

• File IQ Dashboard: A custom dashboard deployed within the File IQ Appliance-hosted Grafana to display information gathered by the File System Metadata Service (FSMS) and the File System Event Processor (FSEP).

• File IQ Service: The File IQ Service collects audit events and forwards them to the File IQ Appliance via the Azure EventHub.

  Note: The audit events collected by the File IQ Service are independent of the standard auditing feature enabled on the NEAs.

• Share/export: An access point to a folder on a volume that can be shared or exported on your network. Access to a CIFS (SMB) share can be customized on a user-level or group-level basis. You can create many shares or exports on a volume for different purposes or audiences.

• Volume: A set of files and directories (CIFS (SMB), NFS, and FTP/SFTP).

File IQ solution specifications

This section contains specifications for configuring the File IQ Appliance.

Supported Web Browsers

The File IQ Appliance supports the following Web browsers:

Virtual Machine Requirements

Use the Sizing Tool for recommendations on the most appropriate Virtual Machine and disk sizes.

Installing on the Amazon EC2 Platform

This chapter explains how to install the File IQ Solution on the Amazon EC2 platform.

Tip: This document is about deploying virtual machines. It does not cover configuring a storage account for use with Nasuni volumes.

Warning: Do not attempt to restore from a virtual machine snapshot or backup. Attempting to restore from a virtual machine snapshot or backup puts the IQ Appliance in an unknown state in relation to the Nasuni Orchestration Center (NOC) and can result in data loss for the File IQ database.

Tip: Nasuni recommends leveraging your cloud provider's role-based access and identity access management features as part of your security strategy. Based on your policies, such features can limit or prohibit administrative access to the cloud account.

Note: Vendors change their interfaces occasionally with little notice to the users. The exact screens and text on these platforms might change at any time.

Tip: Check out the File IQ Installation and Configuration videos for a general reference on the File IQ installation process. Your specific hypervisor installation will include unique steps not included in this video reference series.

Day 1 File IQ Installation Checklist

To complete a day 1 File IQ installation, follow this checklist:

1. Before You Begin

The following items should be readily available so that you can navigate the File IQ installation and setup process. It is recommended that you complete these requirements before starting or have a way to fulfill them during the installation process.

Note: File IQ does not support a proxy server.

2. Installing the File IQ Using the Amazon EC2 AMI

This step describes how to install the File IQ Appliance using the File IQ Amazon Machine Image (AMI) from account.nasuni.com.

Important: You must create and maintain your own AWS account because Nasuni does not have access. To gain access to the Nasuni AMIs, contact Nasuni Technical Support with your AWS account number. To create an EC2 account, visit http://aws.amazon.com/ec2/.

Tip: In the Nasuni model, customers provide their own cloud accounts for storing their data. As part of their overall security strategy, customers should leverage their cloud provider's role-based access and identity access management features. These features can limit or prohibit administrative access to the cloud account based on company policies. 

Important: File IQ Appliances must be configured with operational DNS servers and a time server (internal or external) within your environment. The File IQ Appliance is configured with a default time server time.nasuni.com. If you need to use a different time server, the procedure to change the default time server is documented in the Nasuni Edge Appliance Time Configuration section of the Nasuni Edge Administration guide.

Important: To access Active Directory-enabled volumes, the File IQ Appliance must be connected to an Active Directory server in the same Active Directory Forest. This requires part of your Active Directory infrastructure to run on the EC2 platform.  Similarly, to access LDAP-enabled volumes, the File IQ Appliance must be able to access LDAP and Kerberos in the same LDAP domain. 

Important: You cannot enable both Active Directory and LDAP Directory Services for a File IQ Appliance. 

To launch the AMI from the AWS Dashboard page, follow these steps: 

1. If your AWS account ID can access the Nasuni AMIs, continue to step 2.
   If not, follow this procedure to enable your AWS account ID to access the Nasuni AMIs. Alternatively, request Nasuni Technical Support to enable your AWS account ID to access the Nasuni AMIs. 

   1. Log into Nasuni https://account.nasuni.com/. On the Overview tab, click Downloads. The Downloads page appears.

   2. Click Amazon EC2 or scroll down to the Nasuni AMIs on EC2 area. 

   3. In the text box, enter the 12-digit AWS account IDs permitted to access the Nasuni AMIs. Separate AWS account IDs by commas. 

   4. Click Submit. These AWS account IDs are granted access to the Nasuni AMIs. 

      Note: Access can take up to 5 minutes to be granted. If access has not been given after 5 minutes, contact Nasuni Technical Support. 

2. Go to the Amazon Web Services EC2 console at https://console.aws.amazon.com/ec2/. The EC2 Dashboard page appears.

3. In the left-hand column, click AMIs. The AMIs page appears. 

4. The File IQ AMI appears in the list of AMIs.

   Tip: If the File IQ AMI is not visible on the list of AMIs, navigate to the filter area at the top of the page and click Owned by Me or Public Images, then click Private Images from the dropdown list. The File IQ AMI should appear in the list of AMIs.  If not, type “Nasuni” in the Search text box and press Enter. The File IQ AMI should appear in the list of AMIs. 

5. From the list of AMIs, choose the most up-to-date AMI version for File IQ. 

6. Select the check box to the left of the correct Nasuni AMI entry and click Launch instance from AMI (upper right corner). 
   The Launch an instance screen appears.

7. In the Name text box, enter a name for this instance. 

   Note: You can add tags (key and value pairs) by clicking Add additional tags.

8. In the Application and OS Images (Amazon Machine Image) area, verify that the correct AMI has been chosen. If necessary, you can change your AMI selection here. 

9. In the Instance type area, select an instance type with a suitable number of virtual CPU processors and memory.

   Important: The File IQ Sizing Tool provides a suggestion for the Virtual Machine size to use when setting up the File IQ Virtual Machine in EC2.

10. In the Key pair (login) area, leave the Key pair name empty.

11. In the Network settings area, click Edit to update. 

    1. From the VPC dropdown list, select the VPC to use. 

    2. From the Subnet dropdown list, select the subnet corresponding to the VPC you selected.

    3. From the Auto-assign public IP dropdown list, select Disable. You can assign a public IP to the File IQ Appliance; however, the File IQ can operate effectively with a private IP address.

    4. Use the Firewall (security groups) area to configure security, as follows. 

       Warning: Running the File IQ on the Amazon EC2 platform is like running these systems outside of your business. Unused ports, including the SSH port and port 222, should not be exposed to the public Internet.

       Minimally, the following ports should be exposed to the hosts that access them:

       Outbound: Amazon EC2 does not enable restricting outbound traffic. Nasuni recommends allowing outgoing traffic to all hosts on all ports for the File IQ.

       Inbound: Here are recommendations for the following ports:

       • Port 222 SSH: This port is implicitly closed. If Nasuni Customer Support requests that you open it, open it temporarily to all clients and ranges.

       • Port 443 TCP: Used to administer the Nasuni Appliance (see step e.iv).

       • Port 8443 TCP: Used to administer the File IQ Appliance. Open to clients who need to use the Nasuni administration interface (see step e.iii).

       • Port 3000 HTTPS: Used to access the File IQ Dashboards (see step e.v).

    5. Select Create security group or use an existing security group designed for Nasuni products.

       1. In the Security group name text box, enter a name for this security group. For example, “Nasuni”. 

       2. In the Description text box, enter a description for this security group, such as “Nasuni appliance security.” 

       3. Update the security group rule.

          1. In the Type combo box, select Custom TCP.

          2. In the Port range text box, type “8443”. 

          3. In the Source type, select Custom.

          4. In the Source text box, type “0.0.0.0/0”. 

       4. Click Add security group rule. The new rule appears.

          1. In the Type combo box, select HTTPS.

             Note: For HTTPS, port 443 is entered automatically.

          2. In the Source type, select Custom.

          3. In the Source text box, type “0.0.0.0/0”

       1. Click Add security group rule. The new rule appears.

          1. In the Type combo box, select Custom TCP.

          2. In the Port range text box, type “3000”. 

          3. In the Source type, select Custom.

          4. In the Source text box, type “0.0.0.0/0”. 

       Tip: Add additional rules as required. Nasuni recommends restricting access to only the ports and incoming hosts you use. 

12. The Configure storage area allows you to manage the disk for the virtual machine. By default, four disks are automatically provisioned. Skip this section because the resize of the EBS Volumes for the File IQ Appliance is done in 4. Resize the File IQ Appliance EBS Volumes after completing the first boot wizard.

    Important: Do not modify any setting in the Configure storage section, because it might interfere with the File IQ Appliance installation process.

13. Use the Advanced details area for additional configuration. 

    1. From the Shutdown behavior dropdown list, select Stop. 

       Caution: Ensure that the Shutdown behavior is not set to Terminate. Instance termination renders the File IQ Appliance inoperable and can lead to data loss. 

    2. Placement groups can help minimize the network latency between the File IQ Appliance and EC2 workloads. By default, when launching a new EC2 instance, the EC2 service attempts to spread all your instances across underlying hardware to minimize correlated failures.
       Placement groups influence the placement of interdependent instances at no additional charge. AWS offers three placement group strategies. The Cluster placement group strategy works best to minimize latency. You can add the instance to an existing placement group or create a new one using the Cluster placement group strategy.
       You can also change the placement group, as described here.

14. Use the Summary area to verify and change configuration. 
    In the Number of Instances text box, use the default value “1”.  

15. Click Launch instance. A dialog appears, allowing you to select an existing key pair or create a new one.

16. Select Proceed without key pair and click Launch instance. The instance is launched.

17. At the bottom of the screen, click View all instances. The Instances screen appears. 

18. If the Instances screen does not appear, click Instances in the left-hand column. The new instances appear in the list of instances.

19. Select the check box to the left of the instance. The Instance State displays Running. 

    Note: Details of the selected instance appear at the bottom of the screen. Click the Status and alarms, Monitoring, and Tags tabs to examine their information. 

20. Name the EBS volumes:

    1. After the instance is running, navigate to the EC2 dashboard.

    2. Access the Instances section and click the File IQ Appliance instance for which you need to name the volumes.

    3. On the instance details page, click the Storage tab, where the list of volumes is attached to this instance.

    4. For each volume, click on the Volume ID column to access the volume details page, and click on the Name column to add a descriptive name. The descriptive name of each volume (such as “File IQdb”) should be prefixed with the File IQ Instance name as a best practice. For example:

       1. The EBS Volume with a size = 32 GB should be named “<File IQ_instance_name>_os” for the OS disk.

       2. The EBS Volume with a size = 10 GB should be named “<File IQ_instance_name>_cow” for the COW disk.

       3. The EBS Volume with a size = 30 GB should be named “<File IQ_instance_name>_fiqdb” for the File IQ database disk.

       4. The EBS Volume with a size = 40 GB should be named “<File IQ_instance_name>_cache” for the cache disk.

       After a volume is renamed, click your browser's back button to return to the list of volumes for your File IQ Instance and proceed with the next volume rename step.

The deployment of the File IQ Appliance instance is complete.

3. Running the File IQ Appliance First Boot Wizard

To access the newly installed File IQ Appliance on Amazon EC2, follow these steps:

1. Navigate to the EC2 Dashboard by clicking the Services menu at the top of the AWS Management Console and selecting EC2.

2. From the navigation pane on the left, click Instances. The list of your EC2 instances displays.

3. Locate and click the EC2 instance you previously created for the File IQ Appliance. The details pane for this instance appears, showing an overview under the Details tab.

4. Obtain the IP Address under the Details tab:

   1. If a public IP address has been assigned to your instance, you can locate it under the Public IPv4 address field.

   2. If no public IP address is assigned, locate the Private IPv4 addresses field instead. To connect using a private IP, you must be within the same network, for example, a VPN or another EC2 instance within the same VPC.

      Note: If both the Public IPv4 address and Private IPv4 addresses are present, you can use either one.

   3. If the IP address field is empty or the instance is not running, click Instance State, followed by Start Instance.

      Note: It might take a few minutes for the instance to launch and for the IP address to be displayed. Refresh the page to see the updated information.

5. Navigate to the First Boot Wizard for the File IQ Appliance by opening a new browser window.

   1. To access the File IQ Appliance, enter the address in this form: https://<IP address>, where <IP address> is the IP address from step 4.

   2. The Enter the Network Parameters for this Filer page appears.
       

6. Enter the Hostname defined in the File IQ Hostname. This was defined in the 1. Before you Begin section.

7. Complete the remainder of the System Settings, which were defined in the File IQ Network Details part of the 1. Before you Begin section.

8. Click Continue. The Review the Network Settings pane appears.

9. If all fields are correct, click Continue.
   The next pane confirms if the File IQ Appliance is Configuring Network Settings.

   Note: If the File IQ Appliance does not automatically reconnect, refresh the page and check if its IP address has changed. If so, update the browser address bar.

10. The Nasuni Filer Software Update pane appears. Click Continue.
    If any updates are being applied, the Applying Updates pane might appear briefly.

11. Enter the File IQ Serial Number and Authorization Code, which was obtained under the File IQ Serial Number and Authorization Code in the 1. Before you Begin section.

    Tip: Ensure that you use an File IQ Serial Number, not an NEA Serial Number.

12. Click Continue. The Add a New Nasuni Filer to your account pane appears.

    Note: If you get an “Internal Server Error” during this step, it is because an NEA Serial Number was entered instead of a File IQ Serial Number. Nasuni recommends double-checking your Serial Number and trying again. See the 1. Before you Begin section for the correct location to the File IQ Serial Number and Authorization Code values.

13. Type ‘Install New Filer’ into the Confirmation textbox.

14. Click Continue. The Accept the Terms of Service and License Agreement pane appears.

15. Accept the Terms of Service and click Continue. The Enter or Accept Filer Name pane appears.

16. Click Continue. The Nasuni Management Console Detected pane appears.

17. Enable the Join NMC Management checkbox and click Continue. The Enter a username and password for Administration of this Filer pane appears.

18. Enter your NMC local account Username and Password, and Confirm Password. These were obtained in the File IQ Username and Password section of the 1. Before you Begin section.

19. Click Continue. The First Boot Wizard is complete and the File IQ Appliance Management window appears.

    Tip: After the First Boot Wizard finishes and the main user interface (UI) is displayed, you might receive a notification advising that Nasuni suggests keeping the cache size of the File IQ appliance no larger than four times the size of the snapshot space. Disregard this warning, because all volumes are shared in read-only mode with the File IQ appliance.

3.1 Joining the File IQ Appliance to Active Directory

If Active Directory protects the volumes you want scanned, you must join the File IQ Appliance to the Active Directory domains to secure the volumes.

Note: The configuration of Active Directory can vary based on different factors, and your specific configuration might require additional settings not mentioned in this section. If you encounter any issues while connecting to Active Directory, contact your Nasuni Account Manager for assistance.

Follow this procedure to join Active Directory:

1. Open a Web Browser and access the File IQ Appliance. Enter the address in this form: https://<IP address>, where <IP address> is the IP address from step 4 in the previous section. The File IQ Appliance user interface appears.

2. Ensure that the hostname of your File IQ Appliance is shorter than 16 characters. If not, follow these steps:

   1. Navigate to the Configuration menu. Under the Networking section, select Network Configuration.

   2. Verify that the hostname in Hostname or FQDN is 15 characters or less.

   3. If required, shorten the hostname and click Save Network Configuration.

   4. Enter your Nasuni admin account details, confirm, and wait for the File IQ Appliance to apply the new settings.

3. Unless your Active Directory is registered publicly, change the File IQ’s DNS server to your Active Directory Primary Domain Controller (PDC). To change the File IQ’s DNS server to your Active Directory Primary Domain Controller, follow these steps:

   1. Navigate to the Configuration menu. Under the Networking section, select Network Configuration.

   2. In Settings Source, under System Settings, select DHCP with Custom DNS.

   3. Leave the Search Domain empty.

   4. Set the Primary DNS server to your Active Directory PDC’s IP address.

   5. Click Save Network Configuration.

   6. Enter your Nasuni admin account details, confirm, and wait for the appliance to apply the new settings.

4. Join the File IQ Appliance to Active Directory by following these steps:

   1. Navigate to the Configuration menu. Under the CIFS & Directory Services section, select Directory Services.

   2. In the Domain field, enter the fully qualified Active Directory domain name.

   3. Unless your Nasuni Account Manager instructs, do not change any other fields.

   4. Click Continue. The Confirm/Authenticate Directory Service dialog box appears.

   5. In the Confirm/Authenticate Directory Service dialog box, enter your Active Directory administrator username and password and click Submit.

   6. Wait until the joining process is complete and the Volume Selection page displays.

   7. Select all volumes you want to access from the File IQ appliance and click Continue.

   8. Wait until the volume configuration is complete and the Domain Configuration page displays.

   9. Enable all the trusted domains you want to monitor users from and click Continue.

   10. Wait until the trusted domain configuration is complete and the Complete the Configuration page is displayed.

   11. Click Finish to complete the Active Directory configuration.

   12. Wait until the configuration is complete and the Directory Services page displays the Active Directory domain information.

You have successfully joined Active Directory.

4. Resize the File IQ Appliance EBS Volumes

The File IQ is installed with four EBS Volumes by default. Based on the Nasuni Sizing Tool output, resize the Nasuni cache and the File IQDB EBS volumes. The COW EBS volume also needs to be resized with a size of 64 GB.

The inputs for this task were defined as Sizing Tool Outputs in the 1. Before you Begin section.

Referencing the Sizing Tool, keep note of:

1. File IQ DB Disk Size and IOPS values.

2. Nasuni Cache Size and IOPS values.

Note: For a better administration experience, Nasuni recommends naming the EBS volumes using the best practice of prefixing the EBS volume names (such as “File IQdb”) with the File IQ Instance name. For more information, see step 2 of 2. Installing File IQ using the Amazon EC2 AMI.

Important: Only EBS Volumes can be increased.

Important: For best performance, Nasuni recommends using the io2 volume type for the Nasuni File IQ DB and Nasuni cache volumes.

For more information on EBS Volume types, see: https://docs.aws.amazon.com/ebs/latest/userguide/ebs-volume-types.html.

Resize the following EBS volumes:

<File IQ_instance_name>_cache

<File IQ_instance_name>_iqdb

<File IQ_instance_name>_cow

To resize the following EBS volumes, follow these steps:

1. Log in to the Nasuni Management Console associated with the File IQ Appliance.

2. Click Filers.

3. Click Shutdown & Reboot. The Shutdown and Reboot pane appears.

4. For the File IQ Appliance, click the associated Shutdown/Reboot action. The Initiate Shutdown/Reboot of File IQ Appliance pane appears.

5. Enter “Change Filer Power State” into the Confirmation Phrase textbox.

6. Select Shut down immediately. Click Shutdown. The Shutdown and Reboot pane appears.

7. Wait until the File IQ Appliance's Status column changes to a checkmark before proceeding; at that point, the appliance is shut down.

8. Log into the Amazon Web Services EC2 console. The EC2 Dashboard page appears.

9. Click Instances on the left panel. The list of instances appears.

10. Select your File IQ Instance from the list. The Details pane appears for the File IQ appliance.

11. From the Details pane, select the Storage tab. The list of volumes appears.

12. Click the Volume ID whose Volume size is 30 GB (File IQ DB volume). A detailed view of the volume appears.

13. Select the volume in the table.

14. In the menu bar, select Actions, followed by Modify volume. The editor for the volume appears.

15. Change the Size of the File IQ DB volume according to the Sizing Tool output for the minimum size of the File IQ DB Disk. Nasuni recommends that the Volume type be set to Provisioned IOPS SSD (io2) for the best performance.
    When using io2, adjust the value of the EBS volume IOPS to the recommended IOPS value derived from the Sizing Tool for File IQ DB Disk.

16. Click Modify. A confirmation dialog appears. Ignore the message indicating that the file system must be extended to the new volume size. The File IQ appliance automatically detects when the EBS volume is extended and adjusts the file system accordingly.

17. Click Modify. The Volume updates, and the list of all the volumes is displayed.

18. Click the Volume ID whose Volume size is 40 GB (File IQ Cache volume). The detailed view for the volume appears.

19. Select the volume in the table.

20. In the menu bar, select Actions, followed by Modify volume. The editor for the volume appears.

21. Change the size of the File IQ Cache volume according to the Sizing Tool output for the Nasuni Cache minimum size. Nasuni recommends that the volume type be set to Provisioned IOPS SSD (io2) for the best performance.
    When using io2, adjust the value of the EBS volume IOPS according to the recommended IOPS value derived from the Sizing Tool for Nasuni Cache.

22. Click Modify. A confirmation dialog appears. Ignore the message indicating that the file system must be extended to the new volume size. The File IQ appliance automatically detects when the EBS volume is extended and adjusts the file system accordingly.

23. Click Modify. The volume updates, and the list of all the volumes is displayed.

24. Click the Volume ID whose Volume Size is 10 GB (File IQ COW volume). A detailed view of the volume appears.

25. Select the volume in the table.

26. In the menu bar, select Actions, followed by Modify volume. The editor for the volume appears.

27. Change the size of the Nasuni COW volume to 64 GB. Nasuni recommends setting the volume type to General Purpose SSD (gp3) for the Nasuni COW EBS volume. Use a Throughput value of 150 MiB/s and an IOPS value of 3000.

28. Click Modify. A confirmation dialog appears. Ignore the message indicating that the file system must be extended to the new volume size. The File IQ appliance automatically detects when the EBS volume is extended and adjusts the file system accordingly.

29. Click Modify. The volume updates, and the list of all the volumes is displayed.

30. Click Instances on the left panel. The list of instances is displayed, and the recently modified File IQ instance should remain selected. If not, reselect the File IQ Instance to display a detailed view of it.

31. With the instance selected, click the Instance State dropdown menu at the top of the page.

32. Click Start instance from the dropdown options. It might take a few minutes for the instance to start, and you might need to refresh the page to see the updated information.

The File IQ Appliance virtual machine starts.

5. Connect the Nasuni Volumes to the File IQ Appliance

Important: A maximum of 19 volumes can be connected to a single File IQ Appliance at a given time.

Note: You might see a "File IQ unhealthy" alert displayed prior to enabling the File IQ service in step 7. This alert is expected and resolves itself after a successful File IQ service enablement.

To share and connect a volume to the File IQ Appliance, follow this procedure:

1. Log in to the Nasuni Management Console associated with the File IQ Appliance.

2. Set up remote access for the Volume by following this procedure:

   1. Click Volumes.

   2. Click Remote Access. The Volume Remote Access Setting pane appears.

   3. Select the volumes you want to share; these should be the same volumes from the Volumes List section of the 1. Before you Begin section.

   4. Click Edit Volumes. The Edit Volume Remote Access Settings dialog box appears.

   5. Set the Enabled toggle to On.

   6. For Remote Access Permissions, select Custom.

      Caution: Be sure to change ONLY the Remote Access entry for the File IQ appliance to Read Only. Be sure to leave the Remote Access entries for the other volumes as they were.

   7. For the File IQ Appliance entry in the Custom Remote Access Permissions section, select Read Only.

   8. Click Save Remote Access Settings. The Volume Remote Access Setting pane appears.

   9. Wait until the Status for each selected volume changes to a checkmark before proceeding.

3. Connect the volumes to the File IQ Appliance by following these steps:

   1. Click Volumes.

   2. Click Connect Volume. The Remotely Accessible Volumes pane appears.

   3. Click Refresh Connections and wait for it to complete.

   4. For eachthe volumes for whichthat you set up remote access to the File IQ Appliance (step 2 above), click Edit Connections. The Connect/Disconnect Volume dialog box appears.

   5. In the Filers section, enable the File IQ Appliance checkbox.

   6. In the Storage Access section, select Skip creating storage access point.

   7. In the Inherit Setting section, unselect the three Inherit Settings checkboxes.

   8. Click Save Connections. The dialog box closes and returns to the Remotely Accessible Volumes pane.

   9. Wait until the volume Status column changes to a checkmark before proceeding.

4. Disable Snapshot Schedule for the FILE IQ Appliance and Volumes pairs by following these steps:

   Note: If GFA manages the volume you are connecting to FILE IQ, follow these steps:

   1. Click Volumes Snapshot Schedule. The Volume Snapshot Schedule pane appears.

   2. Select the volumes that you configured remote access for in step 2.

   3. Click Edit Volumes. The Snapshot Schedule dialog box appears.

   4. Set the Enablement Window to On.

   5. Deselect all until all the Days turn from color to grey.

   6. Click Save Configuration. The changes are saved.

      Note: The changes might take up to 10 minutes to apply.

5. Disable Sync Schedule for the File IQ Appliance and volumes pairs by following these steps:

   Note: If GFA manages the volume you are connecting to File IQ, skip this step (disabling snap and sync schedules). GFA does not send snapshot or sync recommendations to File IQ for these volumes.

   1. Click Volumes.

   2. Click Sync Schedule. The Volume Sync Schedule pane appears.

   3. Select a volume that you configured remote access for in step 2.

   4. Expand the volume's list to display the associated NEAs and File IQ Appliances.

   5. De-select each item that is not an File IQ Appliance.

   6. Click Edit Volumes. The Sync Schedule dialog box appears.

   7. Click Select/Deselect all until all the Days turn from color to grey.

   8. Click Save Schedule. The changes are saved and might take up to 10 minutes to apply.2

   9. Wait until the volume Status column changes to a checkmark before proceeding.

      Note: Repeat steps 2-5 in this section to connect each volume to File IQ.

6. Disabling Quality of Service (QoS) for the File IQ Appliance

To disable the Quality of Service (QoS) for the File IQ Appliance, follow these steps:

1. Log in to the Nasuni Management Console associated with the File IQ Appliance.

2. Click Filers.

3. Click Quality of Service. The Filer Quality of Service pane appears.

4. Select the File IQ Appliance entry in the table and click Edit Filers. The Quality of Service Settings dialog box appears.

5. For all existing Quality of Service rules, click Delete.

6. Click Save Rules. The dialog box closes and returns to the Filer Quality of Service pane.

7. Enabling the File IQ and Configuring File IQ Service

By default, your File IQ service is turned off on the File IQ Appliance. Additionally, the File IQ Service on the NEA is off and is not configured to use any File IQ Appliance.

This section outlines how to enable your File IQ service on the File IQ Appliance and then configure one or more NEAs to send activity information to the File IQ Appliance.

The Nasuni Orchestration Center (NOC) User Interface enables File IQ on the File IQ Appliance and the NEA.

Use this section to perform the following:

1. Enable the File IQ service on the new File IQ Appliance.

2. Enable File IQ Service and Assign the File IQ Appliance for the NEA.

Before getting started, ensure that the following items from the 1. Before You Begin section are complete for this specific area:

• NOC Login

• NMC Login

• NEAs List

Note: Before proceeding, confirm that the NMC, File IQ Appliance, and NEAs are all started and running.

a. Enabling the File IQ service on the new File IQ Appliance

To enable the File IQ Appliance from the NOC UI, follow these steps:

1. Log in to https://account.nasuni.com.

2. Click the File IQ Config tab. The File IQ pane appears.

3. Navigate to Configuration. Locate the File IQ Appliance you want to enable under File IQs. Toggle the switch from the red Disabled position to the green Enabled position. The status displays Enabled.

4. Click Save.

The configuration change is stored.

b. Enabling File IQ Service and assigning the File IQ Appliance for the NEA

Important: The Nasuni Edge Appliances used for data migration or third-party integration purposes should not be enabled to send events to File IQ Appliance.

In this section, enable the File IQ Service for each of the Nasuni Edge Appliances (NEAs) that you have chosen to report activity to the File IQ Appliance. The NEA was defined as part of the NEAs List entry in the 1. Before you Begin section.

To enable the File IQ Service and assign the File IQ Appliance for each of these Nasuni Edge Appliances, follow these steps:

1. Log in to https://account.nasuni.com.

2. Click the File IQ Config tab. The File IQ pane appears.

3. In the Enable File IQ Service on appliances section, toggle the switch from the Disabled red position to the Enabled green position for the specific NEAs.  

4. From the Assign File IQs to NEAs dropdown menu, select the new File IQ Appliance for the same NEAs as in step 3. The dropdown shows the new File IQ Appliance as assigned to the NEAs.

5. Click Save.

The configuration change is stored.

c. Forcing the configuration to be applied on the File IQ Appliance and NEAs (optional)

After the configuration is saved, it can take up to 1 hour to become active on the File IQ Appliance and NEAs. Alternatively, to force the configuration to become active immediately, you can refresh the configuration by using the Refresh License feature in the NMC. Afterward, you can move on to Accessing the File IQ Dashboards.

To force the configuration to become active, follow these steps:

1. Log in to the Nasuni Management Console associated with your account.

2. Click Filers.

3. Click Refresh License. The Refresh Subscription License pane appears.

4. Select the File IQ Appliance and NEAs used in steps a. and b. above and click Update Filers. The Refresh Subscription License dialog box appears.

5. Click Refresh License. The dialog box closes, and you return to the Refresh Subscription License pane. Wait until the Status column for the values you selected in step 4 has changed to a checkmark before proceeding.

Important: The initial scanning of your selected volume files begins immediately. This process can take a while, depending on the number of files and directories that must be scanned initially. It can take on the order of 1 hour per million files and directories for this first scan. Subsequent scans occur every 24 hours after the initial scan. Subsequent scans are much faster because they only deal with changes to the existing files.

8. Accessing the File IQ Dashboards

The results of scanning the selected volumes appear in numerical and graphical form on the File IQ Dashboards. For more information on the File IQ Dashboards, see File IQ Dashboards.

The File IQ Dashboards contain all the information for NEA activity and volume metadata that the File IQ Appliance receives and produces.

To access the File IQ Dashboards, follow this procedure:

1. Open a new browser window.

2. Enter the address in this form:

   https://<File IQ Appliance IP address>:3000

   where <File IQ Appliance IP address> is the IP address of the File IQ Appliance, assigned in 3. Running the File IQ Appliance First Boot Wizard. The File IQ Dashboard user interface appears.

3. In the Email or username field, enter “Viewer”.

   Caution: Do not rename the Grafana viewer account. The Initialization program expects the viewer account to be present. If the viewer account is not present, the Initialization of the viewer account recreates the viewer account with the default password.

4. In the Password field, enter the default password “nasuni_IQ_2024!”.

   Note: Nasuni highly recommends updating the default password for the Grafana viewer account during the first usage.

5. Click Log in. The system logs you into the File IQ Dashboard, and the Home page appears.

6. It is important to change the default password. To change the password, follow this procedure:

   1. Click the avatar icon at the top right of the File IQ Dashboard. A context menu is displayed.

   2. In the context menu, click Change password. The Change Password pane appears.

   3. In the Old Password textbox, enter the original default password “nasuni_IQ_2024!”.

   4. Enter the new password into the New password and Confirm password text boxes. Click Change Password.
      The password is saved, and a dialog appears in the top right corner with the text User password changed.

   5. Click Home in the top left corner to return to the Home page.

Appendix A: Firewall Configuration

The File IQ Appliance and Nasuni Edge Appliance require access to the Microsoft Azure Event Hub API. For more information, see Firewall and Port Requirements.

Appendix B: Deletion Security

The Amazon cloud storage platform offers several safeguards to prevent or mitigate unwanted deletion. You might choose to employ some or all these safeguards.

For specific recommendations and guidelines on managing and safeguarding EC2 instances and associated disks (EBS volumes), AWS provides targeted documentation that can help protect these resources from accidental or unauthorized deletion.

For more information directly related to managing EC2 instances and EBS volumes, see the following resources:

1. Amazon EC2 Documentation. This section includes detailed information on managing instances, including permissions and lifecycle considerations: Amazon EC2 Documentation

2. Amazon EBS Documentation. Covers all aspects of managing Elastic Block Store volumes, including backups, encryption, and preventing accidental deletion: Amazon EBS Documentation

3. AWS Using IAM to Manage Access to Amazon EC2 Resources. Provides guidelines on how to create and manage IAM policies for EC2 resources, crucial for preventing unauthorized access or deletion: Manage Access to EC2 Resources

4. Preventing Unintended Resource Deletion with AWS Rule Locks. While not limited to just EC2 and EBS, this guide explains how to use rule locks to prevent accidental deletion: Rule Locks.

Storage Redundancy

Carefully consider the best redundancy options for your data and your organization. Considerations might include legally mandated data locations and geographic proximity to other resources.

Toward this end, Amazon offers Regions and Availability Zones, AWS Local Zones, Data Replication Options, and Automation and Scaling. For details, see Resilience in Amazon EC2.

Locking Resources

Locking resources in AWS is critical to ensuring that essential components are not accidentally modified or deleted. AWS offers various mechanisms to control and restrict these operations, enhancing security and governance across your AWS environment.

Resource Locking Features in AWS

1. AWS Resource Locks: Lock your resources to prevent accidental deletion or modification. Achieve this using IAM policies that restrict delete permissions and other critical operations.

2. IAM Policies:

   1. Prevent Deletion: Configure IAM policies to deny the deletion of specific resources. Specify actions that cannot be executed, effectively implementing a CanNotDelete lock.

   2. Read-Only Access: Set read-only access policies to resources to prevent modifications.

3. Permissions Required: Specific permissions to alter IAM policies or service configurations are required to create or manage locks. Typically, only users with administrative privileges (AdministratorAccess) or those explicitly granted permissions can manage these locks.

4. Inheritance: Locks in AWS are not inherited through resource hierarchy (like resource groups) by default. Each resource needs a specific lock or IAM policy to ensure protection.

For more information, see Controlling access to AWS resources using policies.

Protecting Attached Resources in AWS

AWS incorporates several safeguards to prevent the unintended deletion of resources currently in use or attached to other services, ensuring data integrity and continuity of operations.

Features for Protecting Attached Resources in AWS

1. Amazon EC2 and EBS volumes:

   1. Prevention of Deletion: AWS does not allow the deletion of an Amazon Elastic Block Store (EBS) volume when attached to a running instance. This safeguard ensures that active data is not accidentally removed.

   2. Deletion Protection: Configure Amazon EC2 instances with deletion protection to prevent accidental termination through the AWS Management Console, CLI, or API.

2. Leased Resources: AWS provides similar protections via resource-locking features and permissions management.

3. Permissions and Policies: In AWS, IAM policies are critical in preventing resource deletion. Define policies restricting users' ability to delete important resources like EC2 instances, EBS volumes, and more.

For more information, see Amazon EC2 and Amazon EBS.

Appendix C: Controlling the EC2 File IQ VM

Virtual platforms offer the ability to control various aspects of your File IQ Appliance. This sectionpresents procedures for these control functions. Because these controls depend on third-party virtual platforms, you should follow the procedures for your specific virtual platform.

Note: The vendor changes their interfaces occasionally with little notice to the users. The exact screens and text on these platforms might change at any time.

Starting the Amazon EC2 VM

You can start a stopped Amazon EC2 VM of the File IQ Appliance on the virtual platform.

To start a stopped Amazon EC2 VM, follow these steps:

1. Open your web browser and navigate to: https://console.aws.amazon.com/ec2/.

2. Once logged in, navigate to the EC2 Dashboard.

3. On the EC2 Dashboard, click Instances in the left-hand navigation pane. A list of your EC2 instances displays.

4. In the list of instances, locate the File IQ Appliance instance you want to start. You can identify it by its Instance ID, Name tag, or other details set during its creation or previous configuration.

5. Select the instance by clicking the checkbox next to its name.

6. With the instance selected, click the Instance State dropdown menu at the top of the page.

7. Click Start instance from the dropdown options.

Note: This might require a few minutes to launch, or a page refresh to see the updated information.

Status of the Amazon EC2 VM

To view the status of the Amazon EC2 VM of the File IQ Appliance, follow these steps:

1. After starting the instance, monitor its status in the Instance state column of the Instances list.

2. The instance might take a few minutes to change from Stopped to Pending to Running.

3. Once the instance status is Running, it indicates that the system has completed the boot process. However, additional time might be required for the operating system to load and for any startup tasks to be completed. To determine operational readiness, monitor the Status check column for any system and instance checks to pass, confirming that all services and applications are fully functional and ready for use.

Shutting Down the Amazon EC2 VM

To shut down the Amazon EC2 VM, follow these steps:

1. Log in to the Nasuni Management Console associated with the File IQ Appliance.

2. Click Filers.

3. Click Shutdown & Reboot. The Shutdown and Reboot pane appears.

4. For the File IQ Appliance, click the associated Shutdown/Reboot action.

5. The Initiate Shutdown/Reboot of File IQ Appliance pane appears.

6. Enter “Change Filer Power State” into the Confirmation Phrase textbox.

7. Select the Option to Shut down immediately. Click Shutdown. The Shutdown and Reboot pane appears.

8. Wait until the Status column for the File IQ Appliance changes to a checkmark before processing and the File IQ Appliance shuts down.

Appendix D: Uninstalling the Amazon EC2 VM

This section describes uninstalling the File IQ Appliance from the Amazon EC2 platform.

Note: Vendors change their interfaces occasionally with little notice to the users. The exact screens and text on these platforms might change at any time.

Uninstalling the File IQ Appliance

To uninstall the File IQ Appliance on the Amazon EC2 VM platform, follow these steps:

1. After logging in to https://console.aws.amazon.com/ec2/, navigate to the EC2 Dashboard.

2. Click Instances in the left-hand navigation pane to view your EC2 instances.

3. Locate the File IQ Appliance VM you want to uninstall and click the checkbox next to its name.

4. From the Instance State dropdown menu, select Stop instance to ensure the VM is stopped.

5. Confirm the action by clicking Stop in the confirmation dialog.

6. With the instance still selected, click Actions.

7. Navigate to Instance State and then select Terminate instance.

8. A confirmation dialog box appears with a list of associated EBS volumes. Note the EBS Volume identifiers. This list of volume identifiers might be used to identify the list of volumes to be deleted.

9. Confirm your intention to delete the instance by clicking Terminate. This action permanently deletes the VM.

Terminating the virtual machine might not delete the EBS volumes associated with it.

To delete the associated EBS volumes, follow these steps:

1. After terminating the instance, navigate to Volumes in the left-hand navigation pane.

2. Look for any volume names prefixed with the File IQ Instance name ,or use the list of volume identifiers provided in the Terminate instance confirmation dialog.

3. Select the volumes in the Volumes table view.

4. If any of the volumes are still associated with the terminated instance, click Actions.

   1. Select Detach volume, and a confirmation dialog appears.

   2. Click Detach. The associated volumes are no longer associated with the terminated instance and are ready to be deleted.

   3. Confirm that the volumes are selected in the Volumes table view.

5. Click Actions and select Delete volume. A confirmation dialog with a list of volume identifiers appears.

6. Type “delete” in the Confirmation field.

7. Confirm the deletion by clicking Delete.

8. Revisit the Instances and Volumes sections to ensure that the instances and volumes have been successfully deleted.

Appendix E: Resizing the File IQ EBS Volumes

This section describes how to resize the File IQ Appliance EBS volumes from the Amazon EC2 platform.

Note: Vendors change their interfaces occasionally with little notice to the users. The exact screens and text on these platforms might change at any time.

Important: Only EBS volumes can be increased.

Prerequisites:

• The File IQ Instance installation is complete.

• The File IQ EBS volumes are correctly named using the prefixing of the volume names (such as “File IQdb”) with the File IQ Instance name. For more information, see step 22 of 2. Installing File IQ using the Amazon EC2 AMI.

To resize the File IQ EBS volumes, follow these steps:

1. Log in to the Nasuni Management Console associated with the File IQ Appliance.

2. Click Filers.

3. Click Shutdown & Reboot. The Shutdown and Reboot pane appears.

4. For the File IQ Appliance, click the associated Shutdown/Reboot action. The Initiate Shutdown/Reboot of File IQ Appliance pane appears.

5. Enter ‘Change Filer Power State’ into the Confirmation Phrase textbox.

6. Select Shut down immediately, and click Shutdown. The Shutdown and Reboot pane appears.

7. Wait until the File IQ Appliance's Status column changes to a checkmark before proceeding; at that point, the appliance is shut down.

8. Go to the Amazon Web Services EC2 console at: https://console.aws.amazon.com/ec2/. The EC2 Dashboard page appears.

9. Click Volumes in the left-hand navigation pane to view your list of EBS volumes.

10. The list of volumes displays. By filtering the list of volumes using the File IQ Instance name, locate the File IQ EBS volumes you need to resize.

11. For each of the volumes displayed in the list that you want to resize, execute the following steps:

    1. Select the Volume checkbox that you want to change.

    2. From the Actions dropdown menu, select Modify volume. The editor for the volume appears.

    3. Via the Volume editor, you can update:

       1. The Volume type. Nasuni recommends:

          1. Using Provisioned IOPS SSD for both the File IQ cache volume and File IQ DB volumes.

          2. Using General Purpose SSD for both the Operating System and COW volumes.

       2. The volume's Size. Use the File IQ Sizing Tool to estimate the size of the Nasuni Cache and File IQ DB volumes.

       3. The volume's IOPS value. Use the File IQ Sizing Tool to set this value.

       4. The Throughput value (MiB/s).

          Note: This option is available when the volume type is set to gp3.

    4. Click Modify. A confirmation dialog box appears. Ignore the message indicating that the file system must be extended to the new volume size. The File IQ appliance automatically detects when the EBS volume is extended and adjusts the file system accordingly.

    5. Click Modify. The volume update is triggered, and the list of all the volumes is displayed.

12. On the left panel, click Instances. The list of Instances is displayed, and the same File IQ instance previously modified should remain selected. If not, reselect the File IQ Instance to display the detailed view of the Instance.

13. With the instance selected, click the Instance state dropdown menu at the top of the page.

14. Click Start instance from the dropdown options. It might take a few minutes for the instance to start. You might need to refresh the page to see the updated information.

The File IQ Appliance Virtual Machine starts.