This chapter includes these sections:
An overview of some of the tasks that you can perform with the Nasuni Edge Appliance, along with links to further information.
Note: If this Nasuni Edge Appliance is under the control of the Nasuni Management Console, for many of these tasks, you use the Nasuni Management Console to view information or perform actions. For details, see the Nasuni Management Console Guide.
A list of available actions on the Nasuni Edge Appliance user interface and the Nasuni Management Console.
Starting with the Nasuni Edge Appliance
Installing the Nasuni Edge Appliance
Important: Installing third-party software on Nasuni appliances is not allowed.
The Nasuni Edge Appliance is already installed on Nasuni hardware appliances.
Installing and configuring the Nasuni Edge Appliance on a virtual platform is a simple and straightforward process.
First, download and install the software on your virtual platform. There are specific instructions for Microsoft Azure, Amazon EC2, Google Cloud Platform, Microsoft Hyper-V, Nutanix, Scale HyperCore, and VMware ESXi.
For your platform, run the Install Wizard, including entering the Serial Number and Authorization Code, found at https://account.nasuni.com/account/serial_numbers/. The Serial Number and Authorization Code are also found on the Account Serial Numbers page of the Nasuni Management Console. See the Nasuni Edge Appliance Initial Configuration Guide.
Important: Authorization codes (also called “Auth codes”) are intended for a single use, and are not permanent. Authorization codes change if the associated serial number is used successfully, if the authorization code is refreshed via the NMC (Account Status --> Serial Numbers, then click Refresh), and if the authorization code is regenerated via the NOC (visit https://account.nasuni.com/account/serial_numbers/, then click show, then click regen).
A best practice for Nasuni Edge Appliances is to join an Active Directory or LDAP domain as soon as installation is complete. For details, see “Directory Services”.
Important: You cannot enable both Active Directory and LDAP Directory Services for a Nasuni Edge Appliance.
Recovery
You can perform the procedure to recover a Nasuni Edge Appliance for a genuine emergency, or when moving the Nasuni Edge Appliance to another location. See “Recovery”.
Creating new volumes
You use volumes to manage data. There are two types of volumes: local volumes that are “owned” by the local Nasuni Edge Appliance, and remote volumes that belong to other Nasuni Edge Appliances. If you do not already have a volume set up, you can create a new "owned" local volume.
Tip: For Nasuni recommendations for volume configuration, see “Volume Configuration”.
Note: You use the Nasuni Management Console to perform this task.
Important: The Edge Appliance that “owns” a volume (which is the Edge Appliance that created the volume) is called the “owning Appliance” or the “volume owner”. The volume owner has certain special features with respect to its owned volume. In particular, the following functions are not available if the volume owning Appliance is offline:
Creating volume.
Global File Acceleration: enabling or disabling.
Global File Lock: enabling or disabling.
Health check for volume.
Protocol: changing or adding.
Remote Access: enabling and disabling settings.
Safe Delete: enabling or disabling.
Shared volume: connecting and disconnecting.
Snapshot Directory Access: enabling or disabling.
Snapshot Retention: enabling, disabling, or changing.
Volume Quota and Volume Quota Rules.
Cloud I/O.
Before creating a new "owned" local volume, ensure that you have the encryption keys you would like to use. Nasuni recommends creating and uploading your own OpenPGP-compatible encryption keys (“Adding (Importing or Uploading) Encryption Keys”). (For security reasons, encryption keys that you upload cannot be downloaded from the system.)
Otherwise, you can specify generating a new OpenPGP-compatible encryption key when you create the new volume. Nasuni also recommends safeguarding your encryption keys yourself. You can download generated encryption keys for safeguarding (“Downloading (Exporting) Generated Encryption Keys”). Alternatively, you can escrow encryption keys with Nasuni (“Escrowing Encryption Keys with Nasuni”).
Important: The time necessary to generate an encryption key can vary widely, depending on the hardware (real or virtual) that the Nasuni Edge Appliance is executing on.
Encryption keys are generated in the background, so as to not block use of the Nasuni Edge Appliance during generation.
Managing the Nasuni Edge Appliance
You have many options for configuring the Nasuni Edge Appliance.
You can configure the Nasuni Edge Appliance to automatically download and install software updates. To prevent automatic software updates from occurring at inconvenient times, you can specify the days and times for automatic software updates to occur, or prevent automatic software updates entirely.
Alternatively, you can manually update the Nasuni Edge Appliance software. See “Software Updates”.
Note: If this Nasuni Edge Appliance is under the control of the Nasuni Management Console, you use the Nasuni Management Console to perform this task.
You can view the status and expiration date of your subscription. You can also refresh your subscription license.
Note: If this Nasuni Edge Appliance is under the control of the Nasuni Management Console, you use the Nasuni Management Console to perform this task.
The Notifications page lets you view and acknowledge Nasuni Edge Appliance messages. See “Notifications”.
Note: If this Nasuni Edge Appliance is under the control of the Nasuni Management Console, you use the Nasuni Management Console to perform this task.
You can configure email alerts, which are sent to your email account from the Nasuni Edge Appliance. You can select various types of alerts to receive.
Managing data
Providing data access to users
You can define the specific data that users can access. You can also define which users can access data.
Note: If this Nasuni Edge Appliance is under the control of the Nasuni Management Console, you use the Nasuni Management Console to perform this task.
You can create a CIFS share, an NFS export, or an FTP/SFTP directory for each directory in the volume that you want to provide access to. You can create many CIFS shares, NFS exports, or FTP/SFTP directories on a volume.
For each CIFS share, NFS export, or FTP/SFTP directory, you can define which volume and which directory within the volume to share, export, or FTP. You can specify Read-Only access. You can limit which hosts can access the CIFS share, NFS export, or FTP/SFTP directory.
For CIFS shares with Active Directory or LDAP security, you can define groups that can access the CIFS share, and specify Read-Write, or Read-Only, or Deny access for each group. You can add users to or remove users from these groups. You can also specify individual users that can access the CIFS share, and specify Read-Write, Read-Only, or Deny access for each individual user.
You can map network drives to CIFS shares in Windows, and mount CIFS shares or NFS exports in Linux or UNIX. You can access FTP/SFTP directories using the FTP/SFTP protocol.
You can also define multiple protocols to access data using CIFS, NFS, and FTP/SFTP.
You can enable Web Access to CIFS shares and NFS exports. This allows users to access data using any supported Web browser. See Web Access.
Note: Web Access is not available with LDAP Directory Services security.
Sharing data between Nasuni Edge Appliances
You share data between Nasuni Edge Appliances by using volumes. If you do not already have a volume set up on the source Nasuni Edge Appliance, you can create a new "owned" local volume.
Note: You use the Nasuni Management Console to perform this task.
Tip: Before adding data to a Nasuni Edge Appliance, it is a Best Practice to clean up historical and orphaned SIDs. This can help prevent later difficulties with permissions. For more details, see Permissions Best Practices.
Caution: If a file or directory is renamed (and its data and permissions remain unchanged) on two different Edge Appliances that share the item’s volume, and both renames occur before the snapshots on the two Edge Appliances, then only one of the renames is effective, namely, the one with the latest snapshot.
This is not considered a merge conflict.
Volumes are not shared by default. First, you need to enable Remote Access on the source volume. You can then specify Read/Write or Read Only access for the destination Nasuni Edge Appliances.
After the source volume has Remote Access enabled, you connect the destination Nasuni Edge Appliances to the source volume.
End users access the data through CIFS shares, NFS exports, or FTP/SFTP directories of the destination volume. You define CIFS shares, NFS exports, or FTP/SFTP directories on the destination volume for users to access. If you created a CIFS share, NFS export, or FTP/SFTP directory automatically when you created a new "owned" local volume, you can check and edit the settings for CIFS shares, NFS exports, or FTP/SFTP directories.
You can schedule when Nasuni syncs (synchronizes) the data between Nasuni Edge Appliances. See “Configuring a Sync Schedule”.
Adding data to volumes
Tip: Before adding data to a Nasuni Edge Appliance, it is a Best Practice to clean up historical and orphaned SIDs. This can help prevent later difficulties with permissions. For more details, see Permissions Best Practices.
Tip: PST files: Microsoft Outlook Personal Storage (.pst) files are used to store information for Microsoft Outlook email systems. These files contain a large quantity of different types of information, and can grow very large: multi-GB .pst files are common.
Nasuni recommends that you NOT store active Outlook .pst files with the Nasuni Edge Appliance, for a number of reasons:
Whenever a new email arrives, the entire .pst file is marked as unprotected, and the entire very large file must then be uploaded to the cloud again with the next snapshot. This can interfere with the handling of other files, and with data propagation.
The multiple versions of .pst files can increase the cloud usage of such files for a volume.
Microsoft also recommends NOT storing .pst files on networks: https:// docs.microsoft.com/en-US/outlook/troubleshoot/data-files/limits-using-pst-files-over- lan-wan
To help ensure that .pst files are not stored with the Nasuni Edge Appliance, Nasuni recommends that you enable the File Alert Service and include patterns such as *.pst.
There are several ways to add data to volumes.
You can share data from other Nasuni Edge Appliances as described in “Sharing data between Nasuni Edge Appliances”.
You can define Web Access to CIFS shares. This enables users to add data to volumes using any supported Web browser. See Web Access.
You can map network drives to CIFS shares in Windows (see “Mapping a Windows network drive to a CIFS share”), and mount CIFS shares or NFS exports in Linux or UNIX (see “Mounting a CIFS share in Linux or UNIX”and “Mounting an NFS export in Linux or UNIX”). This enables users to add data to volumes using the file management capabilities of Windows, Linux, and UNIX operating systems.
You can access FTP/SFTP directories using the FTP/SFTP protocol. See “Accessing data using the FTP/SFTP protocol”.
Protecting data
A snapshot is a complete picture of the files and folders in your file system at a specific point in time. Snapshots offer data protection by enabling you to recover past versions of a file or to restore an entire file system. You can select when and how frequently to perform snapshots. For example, you can configure snapshots to occur only during off-hours when network usage is low.
Note: With each Nasuni snapshot, configuration information is included, in case it is necessary to recover the Edge Appliance. The configuration information includes volume name, volume GUID, share type, software version, last pushed version, retention type, and permissions policy. The configuration bundle is encrypted in the same way that all your data is encrypted.
If you receive an alert that such backup configurations have failed, this might be due to intermittent network issues, or possibly due to DNS issues. If you see notifications that the Edge Appliance has successfully completed a snapshot after the backup alert, then you can safely ignore the alert.
You can schedule snapshots for whenever suits your system best.
You can also take manual snapshots at any time.
For compliance purposes or your own best practices, you can specify to delete older snapshots from cloud object storage, based on a configured snapshot retention policy for a specific volume.
You can restore a file or folder (for a CIFS or NFS volume, or FTP/SFTP directory) from any location. See “Searching for a Folder or File by Name” and “Restoring Volume, Folder, or Files”.
Managing volumes
The Nasuni Edge Appliance offers many options for managing volumes.
Note: If this Nasuni Edge Appliance is under the control of the Nasuni Management Console, you use the Nasuni Management Console to perform this task.
Volumes should have names that describe what data they contain and that users recognize. You can change the name of a volume. See “Volume Status”.
You can monitor file statistics. See “Data Growth Chart”.
For CIFS and NFS volumes and FTP/SFTP directories, the volume quota (maximum capacity) enables you to limit the amount of storage space for a volume, including snapshots, which helps you to control your storage costs. You can change the volume quota.
The Nasuni Edge Appliance can also send email reports to administrators or to users about which directories are near or over their quota. For details about setting a directory quota, see “Setting Quota or Rule”.
You can delete volumes that are no longer needed.
Nasuni Data API
The Nasuni Data API enables you to perform a variety of actions, including getting data and information, uploading and downloading files, and creating directories. You must enable Sync and Mobile Access for at least one CIFS share. On the NMC, use the Shares page.
For more details, see Nasuni Data API.
Security
Tip: In the Nasuni model, customers provide their own cloud accounts for the storage of their data. You should leverage your cloud provider's role-based access and identity access management features as part of your overall security strategy. Such features can be used to limit or prohibit administrative access to the cloud account, based on your policies.
Handling encryption keys
Encryption keys are used to encrypt your data in cloud object storage. You can use the Nasuni Edge Appliance to manage encryption keys in several ways.
Note: If this Nasuni Edge Appliance is under the control of the Nasuni Management Console, you use the Nasuni Management Console to perform this task.
You can view encryption keys and their settings. See “Encryption Key Management”.
Nasuni recommends creating and uploading your own OpenPGP-compatible encryption keys. You can upload encryption keys to the Nasuni Edge Appliance. (For security reasons, encryption keys that you upload cannot be downloaded from the system.) See “Adding (Importing or Uploading) Encryption Keys”.
Tip: You can also upload encryption keys using the NMC API. This can be useful for automating tasks and for enhancing security. For more details, see Nasuni API Documentation.
Note: If an uploaded encryption key has an associated passphrase, that passphrase is removed from the encryption key when it is uploaded. The Edge Appliance does not need the passphrase in order to use the encryption key. However, if you do not escrow this encryption key, if you ever perform a recovery procedure on the Edge Appliance, you must provide that passphrase when you upload that encryption key during the recovery procedure.
Alternatively, you can specify generating a new OpenPGP-compatible encryption key when you create a new volume.
Important: The time necessary to generate an encryption key can vary widely, depending on the hardware (real or virtual) that the Nasuni Edge Appliance is executing on. Encryption keys are generated in the background, so as to not block use of the Nasuni Edge Appliance during generation.
The next step is to add specific encryption keys to specific volumes.
The next step is to enable (or disable) specific encryption keys for specific volumes.
Nasuni recommends safeguarding your encryption keys yourself. You can download generated encryption keys for safeguarding. See “Downloading (Exporting) Generated Encryption Keys”.
Alternatively, you can escrow uploaded encryption keys with Nasuni. See “Escrowing Encryption Keys with Nasuni”.
Note: All automatically generated encryption keys are automatically escrowed with Nasuni.
You can delete encryption keys that are not necessary for recovery purposes. See “Deleting Encryption Keys”.
Role-based access control
Rather than managing the permissions for performing tasks for each individual user, it is simpler to create groups that have specific combinations of permissions, and then assign users to the appropriate groups. You can define users and groups of users, and then assign specific permissions to each group.
To control who has permission to perform actions on the Nasuni Edge Appliance, you can define users and groups of users, then assign specific permissions. See “Users and Groups”.
To control who has permission to access CIFS shares that have Active Directory or LDAP Directory Services security, you can define users and groups of users, then assign specific permissions.
SSL certificates
The user interface of the Nasuni Edge Appliance is Web-based. In order to secure this Web site, SSL certificates or self-signed certificates are used. You can view or add SSL certificates or a self-signed certificate that you can use when accessing the Nasuni Edge Appliance user interface. See “SSL Server and Client Certificates”.
Antivirus Protection
Nasuni offers the option of protecting data with antivirus scanning, and review of files flagged for violations. Nasuni Edge Appliance Antivirus Protection uses the Clam AntiVirus (ClamAV®) open- source antivirus engine and updates the antivirus definition files multiple times daily. Synchronization with the ClamAV virus database occurs within four hours of an update to that database. If you encounter a false positive, you can report the false positive on Clam AntiVirus’s Report False Positive page.
Important: You use the Nasuni Management Console to configure this feature. See NMC Guide.
Ransomware Detection
Important: You use the Nasuni Management Console to configure this feature. See NMC Guide.
The Ransomware Detection settings implement Nasuni Ransomware Protection. You can view or change the Ransomware Protection setting of volumes.
Nasuni provides unmatched recovery capabilities for customers impacted by ransomware attacks as part of its base platform. Nasuni Ransomware Protection extends these built-in capabilities by
identifying ransomware attacks on files anywhere within your Nasuni environment, and alerting administrators about ransomware attacks before they cause significant damage. This enables you to identify the impacted files and culprit users, so you can recover smarter and even faster without having to pay ransom.
You can enable or disable Ransomware Protection at the volume level. For details, see Nasuni Ransomware Protection.
Firewall protection
You can limit traffic to the Nasuni Edge Appliance user interface and the Nasuni Support SSH port, which provides firewall protection. See “Firewall”.
For details about ports and firewalls, see Firewall and Port Requirements.
Changing performance
There are a number of ways that you can change the performance of the system.
The Quality of Service (QoS) settings specify the inbound and outbound bandwidth for moving data to and from the Nasuni Edge Appliance.
Tip: Nasuni recommends setting the Quality of Service to the limit of the total bandwidth, or slightly higher (so that bandwidth is not being limited). If the Quality of Service is too low, it can cause delays in propagation and snapshots.
Nasuni does not recommend setting the Quality of Service to Unlimited, because a setting of Unlimited disables traffic shaping, which prioritizes and allocates bandwidth to different types of traffic (such as user activity, snapshots, and merges), so that no traffic is denied bandwidth.
Tip: Set the inbound Quality of Service to the highest value possible. An ‘unlimited’ inbound Quality of Service can affect Nasuni’s load balancing or workload prioritization capacities.
Snapshots are slower during periods of lower bandwidth. Local user read/write operations are not affected. Limiting the bandwidth of inbound and outbound data between specific hours can help decrease network congestion.
The cache is the local storage of the Nasuni Edge Appliance. All data and metadata that are accessed regularly are kept locally in the cache. By default, the amount of local cache space reserved for new writes is managed automatically, using an advanced algorithm to optimize cache usage. However, you can override the amount of local cache space reserved for new writes in order to suit your company’s workload. Reserving a large portion of the cache for new writes allows snapshots to complete more rapidly, but reduces the amount of data that is kept locally. Conversely, reserving a small portion of the cache for new writes allows keeping more data locally, but increases the time for completing snapshots. To view unprotected files in the cache, see “Unprotected Files”.
Frequent snapshots increase the system load significantly. You can change when and how frequently snapshots occur.
Pinning a folder forces a folder to remain in the local cache at all times. This can improve performance and reduce the time necessary to return accessed data to clients. See “Pinning Folders in the Cache”. To view unprotected files in the cache, see “Unprotected Files”.
Alternatives for configuring your Nasuni Edge Appliance
For many settings on the Nasuni Edge Appliance, you can perform the configuration either with the Nasuni Edge Appliance user interface or with the Nasuni Management Console. The following tables show which settings you can configure with which user interface.
Configuring using Nasuni Edge Appliance user interface
Some actions can only be performed using the Nasuni Edge Appliance user interface, not with the Nasuni Management Console.
Affected item | On Nasuni Edge Appliance Action: Menu |
Network | Edit: Configuration → Network Configuration |
Firewall | Edit: Configuration → Firewall |
SSL certificates | Add, Delete, Set, View: Configuration → SSL Certificates |
HTTPS proxy | Edit: Configuration → HTTPS Proxy |
Configuring using either user interface or the NMC
Some actions can be performed using either the Nasuni Edge Appliance user interface or the Nasuni Management Console.
Affected item | On Nasuni Edge Appliance Action: Menu | On Nasuni Management Console Action: Menu |
Nasuni Edge Appliance Operations | ||
Manual software update | Update: Filers → Software Update | |
Subscription status | Refresh: Account Status → Refresh License | |
Send diagnostics to Nasuni | Send: Filers → Send Diagnostics | |
Shutdown | Shutdown: Filers → Shutdown & Reboot | |
Folder Operations | ||
Auto cache | Enable: File Browser → select folder | Enable: Volumes → File System Browser → select folder |
Pinning folder | Pin folder: File Browser → select volume | Enable: Volumes → File System Browser → select folder |
Volume Operations | ||
File | Browse, Search, Restore, Bring into cache: File Browser → select volume | Volumes → File Browser |
Folder | Browse, Search, Restore, Bring into cache: File Browser → select volume | Volumes → File Browser |
Nasuni Edge Appliance Configuration | ||
Place Edge Appliance in NMC control | View List: Filers | |
Remote Support Service | Enable: Filers → Remote Support | |
Active Directory domain | Join: Configuration → General Settings Edit: Configuration → Directory Services | View: Filers → Security Settings |
LDAP directory Services | Join: Configuration → General Settings Configure, View, Update: Configuration → Directory Services | |
Time Zone, Server | Edit: Configuration → Time Configuration | Edit: Filers → Time Configuration |
Cache | Edit: Filers → Cache Settings | |
Encryption Keys | Upload, Download, Escrow, Delete, View: Configuration → Encryption Keys | Upload, Send, Escrow, Delete, View: Filers → Encryption Keys |
Automatic Software Updates | Edit: Filers → Automatic Updates | |
Quality of Service | Edit: Filers → Quality of Service | |
Affected item | On Nasuni Edge Appliance Action: Menu | On Nasuni Management Console Action: Menu |
Users and Groups | Add, Delete, Edit: Configuration → Users/ Groups | Add, Delete, Edit: Console Settings → Users/Groups |
Description | Edit: Filers → Description | |
Password | Edit: Configuration → Change Password | Edit: Console Settings → Users/ Groups → Edit User |
Volume Configuration | ||
Volume | Browse: File Browser → select volume | Create, Delete, Connect, Disconnect, Rename: Volumes |
Encryption Keys (Volume) | Add, Enable: Volumes → Encryption Keys | |
CIFS share | Disconnect client, Reset authentication cache, Reset clients: Status → CIFS Status | Create, Delete, Edit, Status: Volumes → Shares Status: Filers → CIFS |
NFS export | Create, Delete, Edit: Volumes → Exports Status: Filers → NFS | |
FTP directory | Create, Delete, Edit: Volumes → FTP Directories Status: Filers → FTP | |
Quota | Edit: Volumes → Quota Report: Filers → Quota Reports | |
Auto cache | Enable: Volumes → Sync Schedule | |
Sync scheduling Snapshot scheduling | Edit: Volumes | |
Snapshot directory access File Alert Service | Enable: Volumes | |
Edge Appliance Monitoring | ||
SNMP monitoring | Edit: Filers → SNMP Settings | |
Hardware appliance status | View: Home → Hardware Health View: Filers → Hardware | |
Traffic groups Physical ports | View: Filers → Network → Network | |
Unprotected files | View: Volumes → Unprotected Files | |
Notifications | Search, Acknowledge, Delete: Notifications | |
Volume Monitoring | ||
Size Data not yet protected Data growth | Status, Chart: Volumes | |
Snapshot status | View: Volumes → Last Snapshot | |
Configuring using the Nasuni Management Console
Some actions can only be performed using the Nasuni Management Console, not with the Nasuni Edge Appliance user interface.
Affected item | On Nasuni Management Console Action: Menu |
Automatic Software Updates | Edit: Console Settings → Automatic Updates |
Cloud Credentials | Configure: Account → Cloud Credentials |
Description | Edit: Console Settings → Description |
Edit: Console Settings → Email Settings | |
Firewall | Edit: Console Settings → Firewall |
HTTPS proxy | Edit: Console Settings → Proxy |
Manual software update | Update: Console Settings → Software Update |
Network | Edit: Console Settings → Networking |
Notifications | Search, Acknowledge, Delete: Notifications |
Password | Edit: user → Change Password |
Remote Access | Enable: Volumes → Remote Access |
Remote Support Service | Edit: Console Settings → Remote Support |
Send diagnostics to Nasuni | Send: Console Settings → Send Diagnostics |
SNMP monitoring | Edit: Console Settings → SNMP Monitoring |
SSL certificates | Add, Delete, View: Console Settings → SSL Certificates |
Time Zone, Time Server | Edit: Console Settings → Time Configuration |
Users and Groups | Add, Delete, Edit, View: Console Settings → Users / Groups |