Overview
Nasuni Data Service (NDS) provides access to data stored on Nasuni volumes via an S3 interface.
This guide explains how to:
Deploy UniFS as a Service (UaaS) in AWS (NDS is a component of the UaaS platform).
Enable and configure NDS for one or more volumes.
Retrieve connection information.
Update an existing deployment.
Audience and Scope
This document is intended for administrators who manage Nasuni environments and AWS resources.
You should be comfortable with the following:
The Nasuni Management Console (NMC).
AWS concepts.
PowerShell 7+.
Power Tools for AWS.
Prerequisites
Ensure you have the following prerequisites before beginning.
Nasuni
UaaS serial number and authentication code.
Serial numbers & authentication codes are available in the Nasuni Portal.
Note: NDS is available at no additional cost. Contact your Account Manager to request licensing for NDS.
Registration of your AWS Account ID(s) with Nasuni.
Provide this information when requesting licensing.
NMC version 25.1 or higher.
Nasuni Edge Appliance (NEA) version 10.0.1 or higher.
The target volumes must be shared (Remote Access enabled) via the NMC.
AWS or Azure object storage for the target volumes.
Important: Connecting to object storage in a different cloud provider or region than your NDS deployment will generate cloud egress costs, billed to you by AWS or Azure. Whenever possible, deploy NDS in the same provider and region as the object storage to avoid these charges.
Software
PowerShell 7.0 or higher.
AWS Tools for PowerShell version 4.0 or higher.
AWS Tools in PowerShell
Run the following commands in PowerShell to install the required software:
Install-Module -Name AWS.Tools.Installer -Force
Install-AWSToolsModule AWS.Tools.CloudFormation,AWS.Tools.DynamoDBv2,AWS.Tools.SecurityToken,AWS.Tools.EventBridge,AWS.Tools.S3 -ForceAWS Account and Permissions
Ensure you have the following AWS account and permissions:
An active AWS account.
Administrator-level IAM access scoped to the tagged resource group used for deployment.
Connectivity between resources; refer to NDS for AWS - Supported Parameters & Limits.
Permission to use AWS services within your deployment. Refer to the example below for guidance on configuring permissions in your AWS account.
Sample IAM policy with all required permissions to access a “virtual” bucket alias provided by NDS.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowObjectLambdaAccess", "Effect": "Allow", "Action": [ "s3-object-lambda:Get*", "s3-object-lambda:List*" ], "Resource": "*" }, { "Sid": "AllowStandardAccessPointAccess", "Action": [ "s3:Get*", "s3:List*" ], "Effect": "Allow", "Resource": "*", "Condition": { "ForAnyValue:StringEquals": { "aws:CalledVia": [ "s3-object-lambda.amazonaws.com" ] } } }, { "Sid": "AllowLambdaInvocation", "Action": [ "lambda:InvokeFunction" ], "Effect": "Allow", "Resource": "*", "Condition": { "ForAnyValue:StringEquals": { "aws:CalledVia": [ "s3-object-lambda.amazonaws.com" ] } } } ] }
Configure VPC Endpoints (Optional)
If your deployment targets an AWS VPC, it is recommended to configure VPC endpoints for accessing S3 and DynamoDB without traversing the NAT Gateway:
https://docs.aws.amazon.com/vpc/latest/privatelink/create-interface-endpoint.html
Download & Verify the NDS Setup Script
Download the latest NDS Setup Script here: NDS-AWS-Setup.ps1.
In PowerShell, verify by printing the help text:
./NDS-AWS-Setup.ps1 -Help
Important: The script creates and maintains each deployment’s state in a file named
{StackName}-state.json. Keep both the script and its JSON file(s) together for future updates.Without the JSON file, future updates to the deployment are not possible.
1. New Deployment
Complete the following steps for a new deployment of UaaS/NDS in AWS.
1a. Collect Inputs
Begin by collecting the following inputs:
Parameter | Description |
|---|---|
-StackName | UaaS stack name used for NDS |
-SerialNumber | Available UaaS serial number from Nasuni Portal |
-AuthCode | Matching authentication code for the serial number |
-Region | AWS region (ideally co‑located with the Nasuni volume(s) object storage to avoid egress fees) Tip: List AWS regions from PowerShell: |
If deploying into a VPC, collect the following additional info:
Parameter | Description |
|---|---|
-VpcId | VPC Identifier to deploy into (optional) |
-SubnetIds | Comma-separated list of Subnets within the provided VPC (optional) |
1b. Validate Prerequisites and Connectivity to AWS
Before starting a new deployment, confirm that you have met all PowerShell prerequisites and are authenticated to your AWS account.
In PowerShell, run the following to perform a validation:
./NDS-AWS-Setup.ps1 -ValidateOnly -Region <REGION>The following success message means you’re ready to start the Deployment. If there are any errors, resolve them before continuing.
1c. Start the Deployment
Run the following command to begin the deployment:.\NDS-AWS-Setup.ps1 -Action New-Deployment -StackName <STACK> -SerialNumber <SN> -AuthCode <AC> -Region <REGION>
If deploying into a VPC:.\NDS-AWS-Setup.ps1 -Action New-Deployment -StackName <STACK> -SerialNumber <SN> -AuthCode <AC> -Region <REGION> -VpcId <VPC ID> -SubnetIds <SUBNET IDS>
If you need help with syntax, run the following script in PowerShell:./NDS-AWS-Setup.ps1 -Help
Note: It takes approximately ten minutes for the initial deployment to complete. The script opens the deployment status in AWS for you to follow.
When the deployment is complete, you’ll see the following in PowerShell:
1d. Configure NDS in Nasuni Portal
With NDS deployed in AWS, the next step is to configure it in the Nasuni Portal.
Log in to the Nasuni Portal: https://portal.nasuni.com/
Navigate to Cloud Services → UniFS as a Service, and click on your newly deployed stack to open it.
In the left pane under Services, click Nasuni Data Service (NDS).
Click the Enable NDS button on the right.
Attach at least one volume following the instructions in 3a. Attach a Volume below.
(Optional) You can add rules to define path inclusions and exclusions for the volume. These rules determine which data are presented via NDS. The rules do not modify the volume (NDS is read-only). Exclude rules always take precedence over include rules. All paths are recursive and cover paths below the one that is specified in the rule. Follow the instructions in 3c. Configure Rules for Path Inclusions/Exclusions below if desired.
2. Update Deployment
Use the NDS Setup script to update your existing UaaS/NDS deployment, preserving your configuration. Release notes are available here: UniFS™ as a Service (UaaS) Release Notes.
To check the version of your deployment:
Log in to the Nasuni Portal: https://portal.nasuni.com/
Navigate to Cloud Services → UniFS as a Service.
Locate your deployment and version or build number.
2a. Collect Inputs
Collect the following inputs:
Parameter | Description |
|---|---|
-StackName | Existing AWS stack name for your UaaS/NDS deployment.
|
2b. Start the Update
Run the script in PowerShell:./NDS-AWS-Setup.ps1 -Action Update-Deployment -StackName <STACK>
If you need help with syntax, run the following script in PowerShell:./NDS-AWS-Setup.ps1 -Help
Note: It takes approximately ten minutes for the update to complete. The script opens the deployment status in AWS for you to follow.
When the deployment is complete, you’ll see the following in PowerShell:.png)
3. Manage an existing NDS deployment
Complete the following steps to modify the volumes enabled for NDS, and update their included or excluded path configurations.
Access NDS Management
To complete all subsequent operations, first access NDS management in Nasuni Portal:
Log in to Nasuni Portal: https://portal.nasuni.com/.
Navigate to Cloud Services → UniFS as a Service.
Locate your deployment and click to open it.
In the left pane under Services, click Nasuni Data Service (NDS)
Note: Allow up to 15 minutes for the operations below to take affect after being configured.
3a. Attach a Volume
Click Attach new volume, then select a volume to present through NDS.
Note: Only volumes meeting the prerequisites noted above under Prerequisites - Nasuni can be selected.
The volume appears in the Volumes list.
Follow NDS Volume Registration to complete the volume registration. This step must be completed for every volume attached to NDS.
Note: This is a one-time step for each volume, unless you change/rotate your credentials for the object storage in AWS/Azure. In that case, you will lose access to the volume via NDS until you complete this step again.
Wait up to 15 minutes, and then refresh the page. A new item, Bucket Alias, has been added to the volume and is used when connecting to NDS and accessing the volume.
Tip: If your connection to NDS requires a complete server name rather than just the bucket name/alias, format the server name like this:
bucketalias.s3.amazonaws.com
3b. Detach a Volume
Click the Detach button to remove the volume from NDS.
Note: This has no effect on the volume itself and does not delete data.
3c. Configure Rules for Path Inclusions and Exclusions
You can add rules to define path inclusions or exclusions for the volume. These rules determine which data are presented via NDS and do not modify the volume (NDS is read-only).
Exclude rules always take precedence over include rules.
All paths are recursive and cover paths below the one that is specified in the rule.
To configure rules for path inclusions and exclusions, follow these steps:
Click Add Rule, and choose Exclude or Include. Enter the desired path relative to the volume's root, following the example shown in the box. Consider excluding
/.nasuniwhich is a system directory.
Example:/topfolder/secondfolder
Click Done.
Click Save Changes.
3d. Modify a Rule for Path Inclusions/Exclusions
To modify a rule for path inclusions and exclusions, follow these steps:
For the volume and rule you want to modify, click the ellipses … next to the existing rule.
Choose Edit Path or Delete Rule.
Click Done.
Click Save Changes.