Overview
This guide explains how to perform configuration on Google Cloud Storage.
For additional information on the initial configuration of the Nasuni Edge Appliance, see the Nasuni Edge Appliance Initial Configuration Guide and the Nasuni Edge Appliance Administration Guide.
Note: Google changes their interfaces occasionally with little notice to the users. The exact screens and text on these platforms might change at any time. For complete information, see https://cloud.google.com/.
Prerequisites
This document assumes that the customer has a Google Cloud Platform subscription and a pre-configured account to use with Google Cloud Storage.
Prerequisites for using Google Cloud Storage include the following:
Port 443 (HTTPS) must be open outbound from the Nasuni Edge Appliance to Google Cloud Storage.
Nasuni Support must enable Google Cloud Storage in the customer license.
Nasuni recommends using the “Service Account HMAC” for keys, not the “User account HMAC”.
Nasuni recommends assigning the “Storage Admin” role as the minimum permission policy.
GCP Organization Policy support with Nasuni
When users configure their cloud credentials on the Nasuni Edge Appliance, Nasuni tries to validate the information by creating and deleting a bucket in the US region (us-central1) by default.
If Organization Policy is enabled within a customer’s GCP environment, the customer must ensure that the ‘US’ region is included on the safelist in the policy, so that Nasuni can successfully create and delete a test bucket as part of the verification credential process.
Creating Google Cloud Storage User Credentials
Important: You must have created a Google Cloud account. See https://cloud.google.com/.
Tip: In the Nasuni model, customers provide their own cloud accounts for storing their data. Customers should leverage their cloud provider's role-based access and identity access management features as part of their overall security strategy. Such features can be used to limit or prohibit administrative access to the cloud account, based on customer policies.
To create Google Cloud Storage credentials, follow these steps:
Log in to Google Cloud at https://cloud.google.com/. The Google Cloud page appears.
In the left-hand column, click Cloud Storage. The Cloud Storage page appears.
In the left-hand column, click Settings. The Settings page appears. Click the Interoperability tab. The Interoperability page appears.
Under “Service account HMAC”, click “Create a key for a service account”. The “Select a service account” dialog box appears.
Select a service account and click “Create key”. The “New service account HMAC key” dialog box appears.
Note: Record the following information to use when configuring Cloud Credentials on the Nasuni Edge Appliance.
This completes the Google Cloud Storage user credential procedure.
Creating minimum permissions
Important: You must have created a Google Cloud account. See https://cloud.google.com/.
Tip: In the Nasuni model, customers provide their own cloud accounts for storing their data. Customers should leverage their cloud provider's role-based access and identity access management features as part of their overall security strategy. Such features can be used to limit or prohibit administrative access to the cloud account, based on customer policies.
Note: Confirm with Nasuni Sales or Support that your Nasuni account is configured for supplying your own Google Cloud Storage credentials.
Nasuni recommends assigning the “Storage Admin” role as the minimum permission policy.
To assign the “Storage Admin” role as the minimum permission policy, follow these steps:
Log in to Google Cloud at https://cloud.google.com/. The Google Cloud page appears.
In the left-hand column, click IAM & Admin. The IAM page appears.
For each Member, edit their permissions. Select the “Storage Admin” role and click Save.
Storage Classes
Nasuni supports the following Google Cloud Storage storage classes.
Standard Storage - This is best for data that is frequently accessed ("hot" data) and/or stored for only brief periods of time.
Nearline Storage - This option offers low-cost, highly durable storage service for storing infrequently accessed data. Nearline Storage is a better choice than Standard Storage in scenarios where slightly lower availability, a 30-day minimum storage duration, and costs for data access are acceptable trade-offs for lowered at-rest storage costs.
Coldline Storage - This option offers very-low-cost, highly durable storage service for storing infrequently accessed data. Coldline Storage is a better choice than Standard Storage or Nearline Storage in scenarios where slightly lower availability, a 90-day minimum storage duration, and higher costs for data access are acceptable trade-offs for lowered at-rest storage costs.
Archive Storage - This option offers the lowest-cost, highly durable storage service for data archiving, online backup, and disaster recovery. Unlike the "coldest" storage services offered by other Cloud providers, your data is available within milliseconds, not hours or days. See retrieval fee associated with this storage class.
Transitioning objects between Nasuni-supported storage classes
Lifecycle policy is transparent to Nasuni and does not require additional intervention when transitioning from one storage class to another. When this feature is enabled, the lifecycle policy applies to the entire bucket and implicitly to the pre-existing ones, but take into consideration that this process may incur charges.
Note: As of 4th April 2025, GCP’s Lifecycle rules only support the following conditions when moving between storage tiers, and this includes:
Age
CreatedBefore
CustomTimeBefore
DaysSinceCustomTime
DaysSinceNoncurrentTime
IsLive
MatchesStorageClass
MatchesPrefix and MatchesSuffix
NoncurrentTimeBefore
NumberOfNewerVersions
See Configuration examples for Object Lifecycle Management and Object lifecycle behavior to learn about lifecycle rule behaviors and cost considerations when transitioning between storage classes.
Dual-region and Multi-region bucket support
Nasuni fully supports both Google dual-region and multi-region today.
A dual-region consists of two separate regions, each containing multiple zones, providing access to the combined zones of both regions. Since each region typically has at least three zones, a dual region would have a minimum of six zones in total. When choosing the right geo-redundancy option, it is important to note that Multi-Regional and Dual-Regional bucket options may store the same number of file copies.
The difference is that Multi-Regional makes no guarantees about which regions your 2nd (and n+1) copies will be stored in. Whereas, Dual-Regional buckets, however, guarantee the exact regions your copies will be stored in. Because Dual-Regional buckets can make these guarantees, they can make certain performance promises and will generally be much more performant than Multi-Regional.
However, there are some important considerations:
The copy to the second region is asynchronous, and the bucket and credentials are preserved.
Failover is automatic, but customers must contact Nasuni support. Nasuni looks for specific objects to determine recovery points. Thus, a Nasuni engineer must manually identify the appropriate successful snapshot by gathering information from the customer.
The endpoint, credentials, and bucket name remain the same. However, if objects are missing, snapshots cannot be taken or retrieved.
Google Gen3 Instance Type Support
Nasuni supports Gen3 Instance Type for Nasuni Edge Appliance Deployment.
This enhancement provides improved performance, scalability, and cost-efficiency, enabling customers to take full advantage of the latest cloud infrastructure advancements for their file services needs.
Nasuni Cloud Credential configuration
Nasuni provides a Nasuni Connector for Google.
Tip: If you have a requirement to change Cloud Credentials on a regular basis, use the following procedure, preferably outside office hours:
Obtain new credentials. Credentials typically consist of a pair of values, such as Access Key ID and Secret Access Key, Account Name and Primary Access Key, or User and Secret.
On the Cloud Credentials page, edit the cloud credentials to use the new credentials.
The change in cloud credentials is registered on the next snapshot that contains unprotected data.
Manually performing a snapshot also causes the change in cloud credentials to be registered, even if there is no unprotected data for the volume.After each Edge Appliance has performed such a snapshot, the original credentials can be retired with the cloud provider.
Warning: Do not retire the original credentials with the cloud provider until you are certain that they are no longer necessary. Otherwise, data might become unavailable.
To configure Nasuni for Google Cloud Storage, follow these steps:
Ensure that port 443 (HTTPS) is open between the Nasuni Edge Appliance and the object storage solution.
Select Configuration. On NMC, select Account.
Select Cloud Credentials.
Select Add New Credentials, then select Google Cloud Storage from the drop-down menu.
Enter the credentials for Google Cloud Storage, including the following:
Name: A name for this set of credentials, which is used for display purposes.
Access Key ID: The Google Cloud Storage Access Key ID for this set of credentials.
Secret Access Key: The Google Cloud Storage Secret Access Key for this set of credentials.
Hostname: The hostname for the location of the cloud service provider. The default hostname is storage.googleapis.com
Verify SSL Certificates: Use the default On setting.
Notes: Optional information to save.
Tip: Be careful changing existing credentials. The connection between the Nasuni Edge Appliance and the container could become invalid, causing loss of data access.
Credential editing is to update access after changes to the Access Key ID or the Secret Access Key on the Google Cloud Storage.
Click Save Credentials.
At this point, you can begin adding volumes to the Nasuni Edge Appliance.
Adding volumes complete
To add volumes to your Nasuni system, follow these steps:
Select Volumes, then select Add New Volume. The Add New Volume page appears.
Enter the following information for the new volume:
Name: Enter a human-readable name for the volume.
Cloud Provider: Select Google Cloud Storage.
Credentials: Select the Cloud Credentials that you defined in step 5 for this volume, such as ObjectStorageCluster1.
For the remaining options, select what is appropriate for this volume.Select Save.
You have successfully created a new volume on your Nasuni Edge Appliance.