Audience
This guide is intended for the IT architect or person planning the deployment of Web Access to provide remote access and file sharing.
This guide applies to Nasuni Edge Appliance 10.1 and higher.
Overview
Web Access is a web-based file management tool included with the Nasuni Edge Appliance that provides remote file access and secure file sharing. Customers with an Advanced Web Access License can access Local Edit, which allows documents to be viewed and edited in local desktop applications. They can also email shared links and protect links with one-time passwords.
Components
The Web Access server component runs within a Nasuni Edge Appliance (NEA), typically behind a firewall, internet gateway or application gateway.
The web client runs in any modern web browser, on both desktop and mobile devices. Users access the web client over the internet, without the need for a VPN.
The Nasuni Local Edit application runs on macOS or Windows desktops. It communicates with Web Access securely over HTTPS.
The Nasuni Management Console (NMC) provides configuration and administration for Web Access and connectivity to Active Directory. For those with an Advanced Web Access License, the NMC also provides email services.
NEA Requirements
The Web Access application runs within a Nasuni Edge Appliance (NEA).
Considerations include the following:
The Web Access application is designed for remote and distributed users to access over the Internet without a VPN.
Web Access requires port 443 to be open from the internet (inbound access). For more information, see Firewall and Port Requirements.
Additionally, an Application Proxy can be used. For more information, see Azure Entra ID Application Proxy.
Nasuni recommends enabling Web Access on a dedicated Nasuni Edge Appliance (NEA). A dedicated NEA provides easier workload management and allows for deployment outside the office, such as in a data center.
The Edge Appliance must be configured to be managed through a Nasuni Management Console (NMC).
Sizing
Technical Specifications | Small | Medium | Large |
|---|---|---|---|
Max Users* | 1000 | 2000 | 4000 |
VM Type |
|
| Azure - F32s v2 AWS - c6id.8xlarge GCP - c2d-highcpu-32 |
CPU (min) | 8 | 16 | 32 |
RAM (min) | 16 | 32 | 64 |
Disk Type * Azure | Premium SSD gp3 SSD Persistent | Premium SSD gp3 SSD Persistent | Premium SSD gp3 SSD Persistent |
Cache Disk Capacity (GiB) | 2000 | 2000 | 2000 |
COW Disk Capacity (GiB) | 256 GiB | 256 GiB | 256 GiB |
*Max Users – This is the estimated maximum number of active users the system can handle. The calculation assumes that each active user sends one request every 5 seconds. Since roughly 7% of these users would have a request pending at any point in time, we can estimate the maximum number of “concurrent users” as 7% of the maximum number of “active users”.
Cloud Deployment
Web Access can be enabled for Edge Appliances deployed to the public cloud. Follow the guidelines for installing the NEA on your cloud platform. The NMC must also be installed if it has not already been deployed.
For more information, see:
Public IP Address
The appliance requires a static public IP address and must allow only incoming traffic on port 443 (ingress). On cloud platforms, this is typically accomplished by allocating a static IP address and configuring the network policies for HTTPS (port 443).
For more information, see:
Application Load Balancers
Web Access can be deployed behind an application load balancer (ALB). An ALB can offload encryption and decryption, can make it easier to manage TLS/SSL certificates, and can integrate with other services for enhanced security and performance.
Note that Web Access does not support “load balancing” across multiple NEA nodes, each running Web Access. Selecting more than one target NEA results in sessions failing and shared links not functioning.
Nasuni provides Qualified support* for the following load balancing solutions:
AWS Application Load Balancer
AWS CloudFront
Azure Front Door
GCP HTTPS Load Balancer
By default, Web Access restricts sessions to the same IP address. Since requests coming through load balancers originate from different IP addresses, this needs to be changed.
To request that Restrict Session IP be disabled for Web Access, contact Nasuni Support.
*Qualified support means the solution has been tested and we've confirmed it works; however, it might include documented caveats. If an issue arises, Nasuni undertakes troubleshooting to identify and resolve the issue. However, an incompatibility might be identified that cannot be resolved immediately and might require a future roadmap enhancement, either within our product or in the vendor’s technology, to achieve full compatibility.
NFS Exports
To access data in an NFS export, enable the SMB (CIFS) protocol for the NFS volume in order to create a share. For more information, see Using Multiple Protocols.