Install and Configure File IQ on AWS EC2

  • Updated on May 4, 2026
  • Published on Jan 13, 2025
  • 52 minute(s) read
  • CD
  • ED
  • DM
 Prev Next

This guide is intended for the IT administrator or person responsible for installing the File IQ Appliance.

Overview and Requirements

This section provides general information about the File IQ Appliance, as well as its technical specifications.

What File IQ Does

The File IQ feature is designed to provide insights and analytics on your file data usage patterns. File IQ enables you to quickly take advantage of several important capabilities, including:

  • File Usage Analytics: Track usage and collaboration patterns across users, departments, file types, volumes, and more. Gain visibility to optimize storage, plan capacity, and facilitate capacity-based chargeback.

  • Health Monitoring: Monitor system component metrics to proactively identify resource contention and capacity limits so administrators can take preventative measures.

  • Forensic Capabilities: Perform historical analysis of file, user, or application activity when troubleshooting issues or investigating information security events.

  • Automated Reporting: Leverage prebuilt reports and dashboards that deliver actionable intelligence to technical and business users and support chargeback reporting.

Key Terms and Components

The following terms are helpful for understanding the File IQ Appliance:

  • Cache: The local storage of the File IQ Appliance. All volume metadata accessed regularly is kept locally in the File IQ Appliance cache. If the requested metadata is not locally resident, it is staged into the cache and provided for the request.

  • Cloud storage: Internet-based, highly protected, unlimited storage.

  • Event Hubs: A cloud-native data streaming service used to forward events between components of the File IQ Solution.

  • Grafana: Grafana is a multi-platform open-source analytics and interactive visualization web application. It provides charts, graphs, and alerts for the web when connected to supported data sources.

  • Nasuni Edge Appliance (NEA): The virtual or physical Nasuni appliance that integrates with your infrastructure via  CIFS ( SMB),  NFS, FTP/SFTP, or HTTPS/REST protocols.  The Nasuni Edge Appliance can be mapped as a network drive.

  • Nasuni Edge Appliance user interface: The Web-based graphical user interface with which you configure and manage the Nasuni  Edge Appliance. The Nasuni Edge Appliance user interface is accessible with supported Web browsers, including Mozilla Firefox, Microsoft Edge,  Apple Safari, and Google Chrome.

  • File IQ: The File IQ Appliance contains the database, Grafana server, event processing, and volume scanning capabilities that the File IQ Solution uses to give insight into Nasuni Edge Appliance and Volume usage across your Nasuni deployments. 

  • Nasuni Management Console  (NMC): The Web-accessible appliance with which you can configure and manage multiple Nasuni Edge Ap pliances. The  Nasuni Management  Console is accessible  with supported Web browsers, including Mozilla Firefox, Microsoft Edge, Apple Safari, and Google Chrome.

  • Nasuni Orchestration Center (NOC): Nasuni’s zero-maintenance control path built on elastic, multi-region cloud services that enables file data to be shared across locations at any scale and without version conflict. The NOC, also referred to as the Nasuni Account Dashboard, provides you with access to File IQ Serial Numbers, which are used to install File IQ.

  • File IQ Dashboard: A custom dashboard deployed within the File IQ Appliance-hosted Grafana to display information gathered by the File System Metadata Service (FSMS) and the File System Event Processor (FSEP).

  • File IQ Service: The File IQ Service collects audit events on the NEA and forwards them to the File IQ Appliance via the Azure EventHub. 

    Note: The audit events collected by the File IQ Service are independent of the standard auditing feature enabled on the NEAs.

  • Share/export: An access point to a folder on a volume that can be shared or exported on your network. Access to a CIFS (SMB) share can be customized on a user-level or group-level basis. You can create many shares or exports on a volume for different purposes or audiences.

  • Volume: A set of files and directories (CIFS  (SMB), NFS, and FTP/SFTP). 

File IQ Solution Specifications

This section contains specifications for configuring the File IQ Appliance.

Supported Web Browsers

The File IQ Appliance supports the following Web browsers:

Browser

Version

Mozilla Firefox

Latest

Google Chrome

Latest

Apple Safari

Latest

Microsoft Edge

Latest

Virtual Machine Requirements

For virtual machine requirements on an already deployed File IQ appliance running version 10.0 and below, proceed directly to Verifying Size Requirements.

The File IQ Appliance must meet minimum specifications starting from the 10.1 release. Each installation of the File IQ Appliance should adhere to these specifications and follow the actions required for specific sizing, as outlined in the following scenarios:

New Installation of File IQ versions 10.3 or newer

  1. Install the File IQ Appliance using the minimum specification.

  2. Connect the volumes until all volumes are processed at least once.

  3. Connect Nasuni Edge Appliances (NEAs) to the File IQ using the Nasuni Portal.

  4. Wait for 7 calendar days of NEA activity to occur within the organization.

  5. Run the Sizing UI at https://FILE-IQ-FQDN:8443/niq/sizing to validate the correct size.

    If necessary, make any recommended sizing adjustments to the Virtual Machine.

New Installation of File IQ version 10.2.x or earlier

  1. Install the File IQ Appliance using the minimum specification.

  2. Connect the volumes until all volumes are processed at least once.

  3. Use the data available at https://FILE-IQ-FQDN:8443/niq/retention_configuration, along with the Sizing Spreadsheet, to validate the correct size.

    If necessary, make any recommended sizing adjustments to the Virtual Machine.

  4. Connect Nasuni Edge Appliances (NEAs) to the File IQ using the Nasuni Portal.

  5. Wait for 7 calendar days of NEA activity to occur within the organization.

  6. Check the data available again at https://FILE-IQ-FQDN:8443/niq/retention_configuration, along with the Sizing Spreadsheet, to validate the correct size.

    If necessary, make any recommended sizing adjustments to the Virtual Machine.

Upgrade an Existing Installation of File IQ to Version 10.3 or newer

Upgrading to File IQ 10.3 or newer from versions before 10.3 requires a minimum amount of free disk space to perform a one-time database optimization at the beginning of the upgrade sequence.

  1. Check that your current installation of File IQ has enough free disk space, as described on the 10.3 Upgrade File IQ Database Optimization page.

  2. Once your upgrade to 10.3 or newer has completed, run the Sizing UI at https://FILE-IQ-FQDN:8443/niq/sizing to validate your current sizing.

  3. Wait for 7 calendar days of NEA activity to occur within the organization.

  4. Run the Sizing UI again to validate the correct size based on usage observed since the upgrade.

    If necessary, make any recommended sizing adjustments to the Virtual Machine.

Upgrade an Existing Installation of File IQ to Version 10.2 or earlier

  1. Use the data available at https://FILE-IQ-FQDN:8443/niq/retention_configuration, along with the Sizing Spreadsheet, to validate the correct size.

    If necessary, make any recommended sizing adjustments to the Virtual Machine before performing the upgrade.

  2. Upgrade to File IQ version 10.2 (or an earlier version).

  3. Wait for 7 calendar days of NEA activity to occur within the organization.

  4. Check the available data again at https://FILE-IQ-FQDN:8443/niq/retention_configuration, along with the Sizing Spreadsheet, to validate the correct size.

    If necessary, make any recommended sizing adjustments to the Virtual Machine.

Verifying Size Requirements

The NMC has a health check for File IQ that indicates whether sizing needs to be adjusted as a result of any of the previous steps, regardless of whether the license is Basic or Premium.

To determine the right virtual machine requirements for the Basic license, follow these steps for versions of File IQ prior to 10.1.3:

  1. Open the Sizing Spreadsheet.

  2. Navigate to the File IQ Events dashboard.

  3. Use the information from the Edge Appliance Activity panel to fill in the Sizing Spreadsheet fields.

  4. Navigate to the Volumes Summary dashboard and use the Volume Summary panel to fill in the Sizing Spreadsheet fields.

    The Sizing Spreadsheet displays your minimum sizing requirements.

    Note: If you need Sizing Spreadsheet assistance, contact your Nasuni Account Manager.

    Otherwise, use the data available at https://FILE-IQ-FQDN:8443/niq/retention_configuration, along with the Sizing Spreadsheet, to determine the appropriate virtual machine requirements for your organization.

Minimum Specifications

The minimum specifications for the File IQ Appliance are as follows:

Item

Size

Notes

vCPUs

16

-

Memory

32 GiB

-

Nasuni Cache Disk

569 GB

MB/s 150 ; IOPS 2,300

Nasuni COW Disk

64 GB

MB/s 150 ; IOPS 2,300

File IQ DB Disk

1.1 TB

MB/s 150 ; IOPS 5,000

VM Size

AWS: c5a.4xlarge

Azure: D16ls_v5

GCP: n2d custom

-

  • On AWS EC2, only use EBS-Only virtual machines

  • On AWS EC2, for best performance use Provisioned IOPS SSD (io2) for high-intensity I/O

Deploy File IQ in the Amazon EC2 Platform

This chapter explains how to install the File IQ Solution on the Amazon EC2 platform.

Tip: This document is about deploying virtual machines. It does not cover configuring a storage account for use with Nasuni volumes.

Warning: DO NOT attempt to restore from a virtual machine snapshot or backup. Attempting to restore from a virtual machine snapshot or backup puts the IQ Appliance in an unknown state in relation to the Nasuni Orchestration Center (NOC) and requires a recovery process. This might result in data loss.

Tip: Nasuni recommends leveraging your cloud provider's role-based access and identity access management features as part of your security strategy. Based on your policies, such features can limit or prohibit administrative access to the cloud account.

Important: File IQ Appliances must be configured with operational DNS servers and a time server (internal or external) within your environment. The File IQ Appliance is configured with a default time server time.nasuni.com. If you need to use a different time server, the procedure to change the default time server is documented in the Nasuni Edge Appliance Time Configuration section of the Nasuni Edge Administration guide.

Note: Vendors change their interfaces occasionally with little notice to the users. The exact screens and text on these platforms might change at any time.

Tip: Check out the File IQ Installation and Configuration videos for a general reference on the File IQ installation process. Your specific hypervisor installation will include unique steps not included in this video reference series.

Day 1 File IQ Installation Checklist

To complete a day 1 File IQ installation, follow this checklist:

Step

Action

1

Complete the 1. Prerequisites section in this document. Your Account Manager can assist you with this item.

2

Complete the 2. Installing File IQ using the Amazon EC2 AMI section in this document.

3

Complete the 3. Running the File IQ Appliance First Boot Wizard section in this document.

4

Complete the 4a. Set the Escrow Passphrase for the File IQ Appliance section in this document.

For File IQ Appliances on 10.0 and below, always complete the 4b. Add the File IQDB to the File IQ Appliance section in this document.

5

Complete the 5. Connect the Nasuni Volumes to the File IQ Appliance section in this document.

6

Complete the 6. Disabling Quality of Service (QoS) for the File IQ Appliance section in this document.

7

Complete the 7. Enabling the File IQ and configuring File IQ Service section in this document.

8

Complete the 8. Accessing the File IQ Dashboards section in this document.

9

For more information, see the following sections:

1. Prerequisites

The following items should be readily available to help you navigate the File IQ installation and setup process. It is recommended that you complete these requirements before starting or have a way to fulfill them during the installation process.

Item

Description

Contact Nasuni

Contact your Account Manager to enable the File IQ license and configure your account for the File IQ Appliance.

Virtual Machine Requirements

Process the Virtual Machine Requirements section above to ensure you have the necessary sizing information before proceeding to installation or upgrade.

The main information used for the Virtual Machine requirements will be:

  1. File IQ Cache disk

    • Size

    • IOPS

    • Throughput (MB/s)

  2. File IQ DB disk size

    • Size

    • IOPS

    • Throughput (MB/s)

  3. AWS EC2 VM size

  4. AWS EC2 VM memory

  5. AWS EC2 VM number of CPU Cores

Important: File IQ does not support disk striping on the Cache or File IQ DB disks.

AWS Login

Authentication and Authorization to your organization’s Amazon EC2 Account is needed to create the File IQ Virtual Machine.

AWS Network details for the File IQ virtual machine (VM)

When installing the File IQ virtual machine in Amazon EC2, the following items are required for the virtual machine:

  1. VPC  

  2. Subnet

  3. Security Group

Each organization has its own requirements for how the virtual machine's networking is fulfilled. Nasuni recommends defining this before you start the installation process.

NMC Login

Authentication and authorization to your organization’s Nasuni Management Console to configure the File IQ for your environment.

Nasuni Portal Login

Authentication and authorization to your organization’s Nasuni Portal account to retrieve your File IQ Serial Number and Authorization Code, and to configure the File IQ.

Volumes List

Use at least one volume when setting up File IQ.

Note: Some customers may not use this feature and will not require this item for setup.

NEAs List

You need at least one Nasuni Edge Appliance to configure sending activity to the File IQ virtual machine. Ideally, pick an NEA from which you can mount volumes to generate traffic and see it in the File IQ dashboards. The NEA must be running version 9.14.3 or later.

Note: Some customers may not use this feature and will not require this item for setup.

File IQ Serial Number and Authorization Code

From the Nasuni Portal

To locate the File IQ Appliance Serial Number from the Nasuni Portal, navigate to Setup > Serial Numbers > File IQ. It is paired with an associated Authorization Code (Auth Code).

Configuration of the File IQ Appliance and NEAs for File IQ can be found by navigating to Appliance Services > File IQ Configuration.

If the File IQ Config menu or File IQ Serial Numbers are unavailable, contact your Nasuni Account Manager to confirm that the File IQ License is correctly configured for your account.

Note: To enable a single sign-on user to access the File IQ Config menu, refer to the Portal documentation.

File IQ Username and Password

The first boot setup of the File IQ Appliance requires a new username and password. These values are specific to the File IQ Appliance only.

File IQ Hostname

When you go through the First Boot Wizard for the File IQ appliance, you must provide a hostname for the machine.

Note: Hostnames longer than 15 characters cannot be added to Active Directory services.

File IQ Network Details

You must provide the machine's network details when you go through the First Boot Wizard for the File IQ Appliance.

Grafana Password

The default password for the Grafana viewer account must be changed during the first usage. Nasuni recommends having a new password ready that aligns with your corporate processes and procedures.

Active Directory credentials

The File IQ Appliance must connect to the same Active Directory domains as the NEAs and volumes configured in the File IQ Appliance. The following information might be necessary:

  • Active Directory domain name.

  • Active Directory Primary Domain Controller (PDC) IP address.

  • Active Directory Administrator Account username and password

NEA Firewall requirements

The Nasuni Edge Appliance requires access to the Azure Event Hub when you enable File IQ. All network ports and access requirements for the File IQ Service on the NEA are documented in the Firewall and Port Requirements in the Nasuni Edge Appliance section.  

Before enabling the File IQ on the NEA, complete the NEA Firewall Requirements for File IQ Service.

File IQ Firewall requirements

When you enable File IQ, the Nasuni Edge Appliance requires access to the Azure Event Hub. The File IQ Appliance section of the Firewall and Port Requirements documents all network ports and access requirements for the File IQ Service on the NEA.  

Before you activate File IQ on the File IQ Appliance, complete the File IQ Firewall Requirements for File IQ.

Proxy Server Details

When configuring a proxy to access HTTPS resources on the Internet, proxy server details can be configured during the First Boot Wizard for the File IQ Appliance.

Note: Connectivity to Azure Event Hubs cannot be proxied; direct connectivity to Azure services is required. For more information, see the following Before You Begin items: NEA Firewall Requirements and File IQ Firewall Requirements.

2. Installing File IQ Using the Amazon EC2 AMI

This step describes how to install the File IQ Appliance using the File IQ Amazon Machine Image (AMI) from portal.nasuni.com.

Important: You must create and maintain your own AWS account because Nasuni does not have access. To gain access to the Nasuni AMIs, contact Nasuni Technical Support with your AWS account number. To create an EC2 account, visit http://aws.amazon.com/ec2/.

Tip: In the Nasuni model, customers provide their own cloud accounts for storing their data. As part of their overall security strategy, customers should leverage their cloud provider's role-based access and identity access management features. These features can limit or prohibit administrative access to the cloud account based on company policies. 

Important: File IQ Appliances must be configured with operational DNS servers and a time server (internal or external) within your environment. The File IQ Appliance is configured with a default time server time.nasuni.com. If you need to use a different time server, the procedure to change the default time server is documented in the Nasuni Edge Appliance Time Configuration section of the Nasuni Edge Administration guide.

Important: To access Active Directory-enabled volumes, the File IQ Appliance must be connected to an Active Directory server in the same Active Directory Forest. This requires part of your Active Directory infrastructure to run on the EC2 platform. 

To launch the AMI from the AWS Dashboard page, follow these steps: 

  1. If your AWS account ID can access the Nasuni AMIs, continue to step 2.
    If not, follow this procedure to enable your AWS account ID to access the Nasuni AMIs. Alternatively, request Nasuni Technical Support to enable your AWS account ID to access the Nasuni AMIs. 

    1. Log in to your Nasuni account Web site ( https://portal.nasuni.com/) and click Install Software.

      The Installs page appears.

    2. Click Amazon EC2 or scroll down to the Nasuni AMIs on EC2 area. 

    3. In the text box, enter the 12-digit AWS account IDs permitted to access the Nasuni AMIs. Separate AWS account IDs by commas. 

    4. Click Submit. These AWS account IDs are granted access to the Nasuni AMIs. 

      Note: Access can take up to 5 minutes to be granted. If access has not been given after 5 minutes, contact Nasuni Technical Support. 

  2. Go to the Amazon Web Services EC2 console at https://console.aws.amazon.com/ec2/. The EC2 Dashboard page appears.

  3. In the left-hand column, click AMIs. The AMIs page appears. 

  4. The File IQ AMI appears in the list of AMIs.

    Tip: If the File IQ AMI is not visible on the list of AMIs, navigate to the filter area at the top of the page and click Owned by Me or Public Images, then click Private Images from the dropdown list. The File IQ AMI should appear in the list of AMIs.  If not, type “Nasuni” in the Search text box and press Enter. The File IQ AMI should appear in the list of AMIs. 

  5. From the list of AMIs, choose the most up-to-date AMI version for File IQ. 

  6. Select the check box to the left of the correct Nasuni AMI entry and click Launch instance from AMI (upper right corner). 
    The Launch an instance screen appears.

  7. In the Name text box, enter a name for this instance. 

    Note: You can add tags (key and value pairs) by clicking Add additional tags.

  8. In the Application and OS Images (Amazon Machine Image) area, verify that the correct AMI has been chosen. If necessary, you can change your AMI selection here. 

  9. In the Instance type area, select an instance type with a suitable number of virtual CPU processors and memory.

    Important: The File IQ Sizing Tool provides a suggestion for the Virtual Machine size to use when setting up the File IQ Virtual Machine in EC2.

  10. In the Key pair (login) area, leave the Key pair name empty.

  11. In the Network settings area, click Edit to update. 

    1. From the VPC dropdown list, select the VPC to use. 

    2. From the Subnet dropdown list, select the subnet corresponding to the VPC you selected.

    3. From the Auto-assign public IP dropdown list, select Disable. You can assign a public IP to the File IQ Appliance; however, the File IQ can operate effectively with a private IP address.

    4. Use the Firewall (security groups) area to configure security, as follows. 

      Warning: Running the File IQ on the Amazon EC2 platform is like running these systems outside of your business. Unused ports, including the SSH port and port 222, should not be exposed to the public Internet.

      Minimally, the following ports should be exposed to the hosts that access them:

      Outbound: Amazon EC2 does not enable restricting outbound traffic. Nasuni recommends allowing outgoing traffic to all hosts on all ports for the File IQ.

      Inbound: Here are recommendations for the following ports:

      • Port 222 SSH: This port is implicitly closed. If Nasuni Customer Support requests that you open it, open it temporarily to all clients and ranges.

      • Port 443 TCP: Used to administer the Nasuni Appliance (see step e.iv).

      • Port 8443 TCP: Used to administer the File IQ Appliance. Open to clients who need to use the Nasuni administration interface (see step e.iii).

      • Port 3000 HTTPS: Used to access the File IQ Dashboards (see step e.v).

    5. Select Create security group or use an existing security group designed for Nasuni products.

      1. In the Security group name text box, enter a name for this security group. For example, “Nasuni”. 

      2. In the Description text box, enter a description for this security group, such as “Nasuni appliance security.” 

      3. Update the security group rule.

        1. In the Type combo box, select Custom TCP.

        2. In the Port range text box, type “8443”. 

        3. In the Source type, select Custom.

        4. In the Source text box, type “0.0.0.0/0”. 

      4. Click Add security group rule. The new rule appears.

        1. In the Type combo box, select HTTPS.

          Note: For HTTPS, port 443 is entered automatically.

        2. In the Source type, select Custom.

        3. In the Source text box, type “0.0.0.0/0”

      1. Click Add security group rule. The new rule appears.

        1. In the Type combo box, select Custom TCP.

        2. In the Port range text box, type “3000”. 

        3. In the Source type, select Custom.

        4. In the Source text box, type “0.0.0.0/0”. 

      Tip: Add additional rules as required. Nasuni recommends restricting access to only the ports and incoming hosts you use. 

  12. The Configure storage area allows you to manage the disk for the virtual machine. By default, four disks are automatically provisioned. Skip this section if you are using a version below 10.1, as the resizing of EBS Volumes for the File IQ Appliance is performed in Appendix E: Resize the File IQ Appliance EBS Volumes after completing the first boot wizard.

    Important: Do not modify any setting in the Configure storage section, because it might interfere with the File IQ Appliance installation process.

  13. Use the Advanced details area for additional configuration. 

    1. From the Shutdown behavior dropdown list, select Stop

      Caution: Ensure that the Shutdown behavior is not set to Terminate. Instance termination renders the File IQ Appliance inoperable and can lead to data loss. 

    2. Placement groups can help minimize the network latency between the File IQ Appliance and EC2 workloads. By default, when launching a new EC2 instance, the EC2 service attempts to spread all your instances across underlying hardware to minimize correlated failures.
      Placement groups influence the placement of interdependent instances at no additional charge. AWS offers three placement group strategies. The Cluster placement group strategy works best to minimize latency. You can add the instance to an existing placement group or create a new one using the Cluster placement group strategy.
      You can also change the placement group, as described here.

  14. Use the Summary area to verify and change configuration. 
    In the Number of Instances text box, use the default value “1”.  

  15. Click Launch instance. A dialog appears, allowing you to select an existing key pair or create a new one.

  16. Select Proceed without key pair and click Launch instance. The instance is launched.

  17. At the bottom of the screen, click View all instances. The Instances screen appears. 

  18. If the Instances screen does not appear, click Instances in the left-hand column. The new instances appear in the list of instances.

  19. Select the check box to the left of the instance. The Instance State displays Running

    Note: Details of the selected instance appear at the bottom of the screen. Click the Status and alarms, Monitoring, and Tags tabs to examine their information. 

  20. Name the EBS volumes:

    1. After the instance is running, navigate to the EC2 dashboard.

    2. Access the Instances section and click the File IQ Appliance instance for which you need to name the volumes.

    3. On the instance details page, click the Storage tab, where the list of volumes is attached to this instance.

    4. For each volume, click on the Volume ID column to access the volume details page, and click on the Name column to add a descriptive name. The descriptive name of each volume (such as “File IQdb”) should be prefixed with the File IQ Instance name as a best practice. For example:

      1. In the release prior to 10.1

        1. The EBS Volume with a size = 32 GB should be named “<File IQ_instance_name>_os” for the OS disk.

        2. The EBS Volume with a size = 10 GB should be named “<File IQ_instance_name>_cow” for the COW disk.

        3. The EBS Volume with a size = 30 GB should be named “<File IQ_instance_name>_fiqdb” for the File IQ database disk.

        4. The EBS Volume with a size = 40 GB should be named “<File IQ_instance_name>_cache” for the cache disk.

      2. In the release from 10.1+

        1. The EBS Volume with a size = 32 GB should be named “<File IQ_instance_name>_os” for the OS disk.

        2. The EBS Volume with a size = 10 GB should be named “<File IQ_instance_name>_cow” for the COW disk.

        3. The EBS Volume with a size = 30 GB should be named “<File IQ_instance_name>_cache” for the cache disk.

        4. The EBS Volume with a size = 40 GB should be named “<File IQ_instance_name>_fiqdb” for the File IQ database disk.

        After a volume is renamed, click your browser's back button to return to the list of volumes for your File IQ Instance, then proceed to the next volume rename step.

        Important: The File IQ Appliance relative sizes are important during installation because the NEA (on which the File IQ Appliance is built) allocates disks to various roles based on size.  Nasuni recommends using suffixes for the data disks, so that the names of the disk indicate their expected roles based on their initial sizes. The File IQ DB Disk is the largest, the Cache Disk is the next largest, and the COW Disk is the smallest.

The deployment of the File IQ Appliance instance is complete.

3. Running the File IQ Appliance First Boot Wizard

To access the newly installed File IQ Appliance on Amazon EC2, follow these steps:

  1. Navigate to the EC2 Dashboard by clicking the Services menu at the top of the AWS Management Console and selecting EC2.

  2. From the navigation pane on the left, click Instances. The list of your EC2 instances displays.

  3. Locate and click the EC2 instance you previously created for the File IQ Appliance. The details pane for this instance appears, showing an overview under the Details tab.

  4. Obtain the IP Address under the Details tab:

    1. If a public IP address has been assigned to your instance, you can locate it under the Public IPv4 address field.

    2. If no public IP address is assigned, locate the Private IPv4 addresses field instead. To connect using a private IP, you must be within the same network, for example, a VPN or another EC2 instance within the same VPC.

      Note: If both the Public IPv4 address and Private IPv4 addresses are present, you can use either one.

    3. If the IP address field is empty or the instance is not running, click Instance State, followed by Start Instance.

      Note: It might take a few minutes for the instance to launch and for the IP address to be displayed. Refresh the page to see the updated information.

  5. Navigate to the First Boot Wizard for the File IQ Appliance by opening a new browser window.

    1. To access the File IQ Appliance, enter the address in this form: https://<IP address>, where <IP address> is the IP address from step 4.

    2. The Enter the Network Parameters for this Filer page appears.
       

  6. Enter the Hostname defined in the File IQ Hostname. This was defined in the 1. Prerequisites section.

  7. Complete the remainder of the System Settings defined in the File IQ Network Details as part of the 1. Prerequisites section above.

  8. Click Continue. The Review the Network Settings pane appears.

  9. If all fields are correct, click Continue. The next pane confirms if the File IQ Appliance is Configuring Network Settings. If the File IQ Appliance does not automatically reconnect, try refreshing the page and checking if the File IQ Appliance’s IP address has changed. If so, update the browser address bar.

  10. The Nasuni Filer Software Update pane appears. Click Continue.

  11. Enter the File IQ Serial Number and Authorization Code obtained under the File IQ Serial Number and Authorization Code as part of the 1. Prerequisites section above.

  12. Click Continue. The Add a New Nasuni Filer to your account pane appears.

    Note: If you get an Invalid serial number or access code provided during this step, it is because you have used a NEA Serial Number instead of an File IQ Serial Number. Nasuni recommends double-checking your Serial Number and trying again. See the 1. Prerequisites section for the correct location to the File IQ Serial Number and Authorization Code values.

  13. Enter Install New Filer into the Confirmation textbox.

  14. Click Continue. The Accept the Terms of Service and License Agreement pane appears.

  15. Accept the Terms of Service and click Continue. The Enter or accept Filer Name pane appears.

  16. Click Continue. The Nasuni Management Console Detected pane appears.

  17. Enable the Join NMC Management checkbox and click Continue. The Enter a username and password for Administration of this Filer pane appears.

  18. Enter your NMC local account Username and Password, and then Confirm Password. These were obtained in the File IQ Username and Password section of the 1. Prerequisites section above.

  19. Click Continue, the First Boot Wizard is complete, and the File IQ Appliance Management window appears.

3.a. Joining the File IQ Appliance to Active Directory

If the volumes you want to scan are protected by Active Directory, you must join your File IQ Appliance to the Active Directory domains to secure these volumes.

Note: The configuration of Active Directory can vary based on different factors, and your specific configuration might require additional settings that are not mentioned in this section. If you encounter any issues while connecting to Active Directory, contact Nasuni Support or your Account Manager for assistance.

Follow this procedure to join Active Directory:

  1. Open a Web Browser and access the File IQ Appliance. Enter the address in this form: https://<IP address>:8443, where <IP address> is the IP address from step 3 in the previous section. The File IQ Appliance user interface appears.

  1. Ensure that the hostname of your File IQ Appliance is shorter than 15 characters:

    1. From the Configuration menu, select Network Configuration under the Networking section.

    2. Verify that the hostname in Hostname or FQDN is 15 characters or less.

    3. If required, shorten the hostname and click Save Network Configuration.

    4. Enter your Nasuni admin account details, confirm, and wait for the File IQ Appliance to apply the new settings.

  2. Enter the IP address for your primary DNS server in the Primary DNS server text box. You must enter a valid hostname or IP address.

    1. From the Configuration menu, select Network Configuration under the Networking section.

    2. In Settings Source, under System Settings, select DHCP with Custom DNS.

    3. Leave the Search Domain empty.

    4. Set the Primary DNS server to your Active Directory PDC’s IP address.

    5. Click Save Network Configuration. You must enter your Nasuni admin account details, confirm, and wait for the appliance to apply the new settings.

  3. Join the File IQ Appliance to Active Directory by following these steps:

    1. From the Configuration menu, select Directory Services under the CIFS & Directory Services section.

    2. Enter the fully qualified Active Directory domain name in the Domain entry field.

    3. Unless instructed by the Nasuni Support or your Account Manager, do not change any other fields.

    4. Click Continue. The Confirm/Authenticate Directory Service dialog box appears.

    5. In the Confirm/Authenticate Directory Service dialog box, enter your Active Directory administrator username and password and click Submit.

    6. Wait until the joining process is complete and the Volume Selection page is displayed.

    7. Select all volumes you wish to access from the File IQ appliance and click Continue.

    8. Wait until the volume configuration is complete and the Domain Configuration page is displayed.

    9. Enable all the trusted domains you wish to monitor users from and click Continue.

    10. Wait until the trusted domain configuration is complete and the “Complete the Configuration” page is displayed.

    11. Click Finish to finish the Active Directory configuration.

    12. Wait until the configuration completes.

    13. The display then returns to the Directory Services page and displays Active Directory domain information.

You have successfully joined Active Directory.

4a. Set the Escrow Passphrase for the File IQ Appliance (10.0+)

Important: In order to use DR capabilities a backup of the File IQ Appliance configuration needs to happen. Setting the escrow passphrase enables the backup.

Note: In order to use the Nasuni File IQ Database backup feature DR needs to be configured for the File IQ Appliance.

To set the escrow key for the File IQ Appliance, follow this procedure:

  1. Log in to the Nasuni Management Console associated with the File IQ Appliance.

  2. Click Filers.

  3. Click Escrow Passphrase. The Filer Escrow Passphrase pane appears.

  4. Select the File IQ Appliance entry in the table and click Edit 1 Filer. The Set Escrow Passphrase dialog box appears.

  5. Enter the same passphrase for both Escrow Passphrase and Confirm Passphrase.

  6. Click Set Passphrase. The dialog box closes and returns to the Filer Escrow Passphrase pane.

If you do not use the Nasuni Escrow Service, instead of setting an escrow passphrase, you can upload your own encryption keyfile and set it as a recovery backup key:

  1. Log in to the File IQ appliance web UI.

  2. From the Configuration menu, select Encryption Keys.

  3. Click Upload Encryption Keys.

  4. Choose your externally generated OpenPGP keyfile.

  5. Enter the Key Passphrase if the keyfile has been secured with a passphrase.

  6. Click Import Key.

  7. Ensure the key has been imported, and click Set backup key to set it as a recovery backup key.

4b. Add the File IQDB disk to the File IQ Appliance

Important: These steps are only applicable to File IQ Appliances prior to the 10.1 release.

Before enabling the File IQ Appliance, add another disk for the File IQ Database, by following this procedure:

  1. Log in to the Nasuni Management Console associated with the File IQ Appliance.

  2. Click Filers.

  3. Click Shutdown & Reboot. The Shutdown and Reboot pane appears.

  4. For the File IQ Appliance, click the associated Shutdown/Reboot action. The Initiate Shutdown/Reboot of File IQ Appliance pane appears.

  5. Enter ‘Change Filer Power State’ into the Confirmation Phrase textbox.

  6. Select Shut down immediately. Click Shutdown. The Shutdown and Reboot pane appears. Wait until the Status column for the File IQ Appliance changes to a checkmark before proceeding; at that point, the File IQ Appliance is shut down.

  7. Go to the Amazon Web Services EC2 console at: https://console.aws.amazon.com/ec2/. The EC2 Dashboard page appears.

  8. Click Instances under the Instances section in the left-hand menu and click on your File IQ Appliance.

  9. Take note of the Instance ID and Availability Zone to use in a later step.

  10. Click Volumes under the Elastic Block Store section in the left-hand menu

  11. Click Create volume. The Create Volume pane appears.

    1. Volume Type: Nasuni recommends using Provisioned IOPS SSD (io2) for the File IQ DB volume.

    2. Size: Use the File IQ Sizing Tool to estimate the size of the Nasuni File IQ DB volume.

    3. IOPS: Use the File IQ Sizing Tool to estimate the IOPS of the Nasuni File IQ DB volume.

    4. Throughput: Not applicable if you select Provisioned IOPS SSD (io2) for Volume Type. Otherwise, use the File IQ Sizing Tool to estimate the throughput of the Nasuni File IQ DB volume.

    5. Availability Zone: Must match the Availability Zone of your File IQ Appliance.

  12. Select the newly created volume from the list of Volumes.

  13. Click Actions and then Attach volume.

    1. Instance: Enter the Instance ID, which was copied in step 9, and select your File IQ Appliance.

    2. Device Name: Select /dev/sdd as the device name.

  14. Click Attach.

  15. Click Instances under the Instances section in the left-hand menu and click on your File IQ Appliance.

  16. With the instance selected, click the Instance state dropdown menu at the top of the page.

  17. Click Start instance from the dropdown options. It might take a few minutes for the instance to start. You might need to refresh the page to see the updated information

The File IQ Appliance Virtual Machine starts.

5. Connect the Nasuni Volumes to the File IQ Appliance

Important: For the Basic version of File IQ a maximum of 19 volumes can be connected to a File IQ Appliance for metadata analysis. For the Premium version of File IQ a maximum of 47 volumes can be connected to a File IQ Appliance for metadata analysis. If these limits are exceeded, then the metadata analysis stops until the number of connected volumes for metadata analysis falls within the specific range. 

Note: The File IQ Appliance Administration UI Status > Subscription Status pane does not accurately reflect the Max Volumes / Filer values based on the settings above. You should ignore the value Max Volumes / Filer in the Status > Subscription Status pane.

Note: You might see a "File IQ unhealthy" alert displayed prior to enabling the File IQ service in step 7. This alert is expected and resolves itself after a successful File IQ service enablement.

Note: If you are using third-party tools that scan Nasuni volumes using a dedicated NEA, then do not connect that NEA to FIQ, because it can affect the Last Accessed time recorded by FIQ.

To share and connect a volume to the File IQ Appliance for metadata analysis, follow this procedure:

  1. Log in to the Nasuni Management Console associated with the File IQ Appliance.

  2. Set up remote access for the Volume by following this procedure:

    1. Click Volumes.

    2. Click Remote Access. The Volume Remote Access Setting pane appears.

    3. Select the volumes that you want to share. These should match the Volumes in the Volumes List section in the 1. Prerequisites section above.

    4. Click Edit Volumes. The Edit Volume Remote Access Settings dialog box appears.

    5. Ensure that the Enabled toggle is set to On.

    6. For Remote Access Permissions, select Custom.

    7. For the File IQ Appliance entry in the Custom Remote Access Permissions section, select Read Only

      Caution: Ensure that you change only the Remote Access entry for the File IQ appliance to Read Only. Be sure to leave the Remote Access entries for the other volumes unchanged.

    8. Click Save Remote Access Settings. The Volume Remote Access Setting pane appears.

    9. Wait until the Status for each of the selected volumes changes to a check mark before proceeding.

  3. Connect the Volumes to the File IQ Appliance by following these steps:

    1. Click Volumes.

    2. Click Connect Volume. The Remotely Accessible Volumes pane appears.

    3. Click Refresh Connections and wait for the process to complete.

    4. For the volumes for which you set up remote access to the File IQ Appliance (step 2 above), click Edit Connections. The Connect/Disconnect Volume dialog box appears.

    5. In the Filers section, enable the File IQ Appliance checkbox.

    6. In the Storage Access section, select Skip creating storage access point.

    7. In the Inherit Setting section, untick the three inherit setting checkboxes.

    8. Click Save Connections. The dialog box closes and returns to the Remotely Accessible Volumes pane.

    9. Wait until the Status column for the Volume changes to a checkmark before proceeding.

  4. Disable Snapshot Schedule for the FILE IQ Appliance and volume pairs by following one of these sets of steps:

    1. For volumes not managed by GFA, follow these steps:

      1. Click Volumes.

      2. Click Snapshot Schedule. The Volume Snapshot Schedule pane appears.

      3. Expand the volumes for which you configured remote access in step 2.

      4. For each expanded, select each item that is a File IQ Appliance.

      5. Click Edit Volumes. The Snapshot Schedule dialog box appears.

      6. Click Select/Deselect all until all of the Days turn from color to grey.

        Note: The Allow All Day option can remain selected. Because no days are selected, this setting does not apply.

      7. Click Save Configuration. The changes are saved.

        Note: The changes might take up to 10 minutes to apply.

    2. For volumes managed by GFA, follow these steps:

      1. Click Volumes.

      2. Click Snapshot Schedule. The Volume Snapshot Schedule pane appears.

      3. Select the volumes for which you configured remote access in step 2.

      4. For each selected volume, expand its list to display the associated NEAs and File IQ Appliances.

      5. Deselect each item that is not a File IQ Appliance.

      6. Click Edit Volumes. The Snapshot Schedule dialog box appears.

      7. Set the Enablement window to On.

      8. Deselect all until all the Days turn from color to grey.

        Note: The Allow All Day option can remain selected. Because no days are selected, this setting does not apply.

      9. Click Save Configuration. The changes are saved.

        Note: The changes might take up to 10 minutes to apply.

  5. Disable Sync Schedule for the File IQ Appliance and Volumes pairs by following these steps:

    1. Click Volumes.

    2. Click Sync Schedule. The Sync Schedule pane appears.

    3. Select a volume for which you configured remote access in step 2.

    4. Expand the volume's list to display the associated NEAs and File IQ Appliances.

    5. Deselect each item that is not a File IQ Appliance.

    6. Click Edit Volumes. The Sync Schedule dialog box appears.

    7. Click Select/Deselect all until all of the Days turn from colored to grey.

    8. Click Save Schedule. The changes are saved and might take up to 10 minutes to apply.

      Note: Repeat steps c-h in this section for each Volume connected to File IQ.

6. Disabling Quality of Service (QoS) for the File IQ Appliance

It is recommended to disable Quality of Service (QoS) for the File IQ Appliance, as the main workloads involve synchronizing content to the File IQ Appliance, and the system wants to ensure this process happens as quickly as possible.

To disable the Quality of Service (QoS) for the File IQ Appliance, follow these steps:

  1. Log in to the Nasuni Management Console associated with the File IQ Appliance.

  2. Click Filers.

  3. Click Quality of Service. The Filer Quality of Service pane appears.

  4. Select the File IQ Appliance entry in the table and click Edit Filers. The Quality of Service Settings dialog box appears.

  5. For all existing Quality of Service rules, click Delete.

  6. Click Save Rules. The dialog box closes and returns to the Filer Quality of Service pane.

7. Enable File IQ in Nasuni Portal and Configure Edge Appliances

By default, your File IQ service is turned off on the File IQ Appliance. Additionally, the File IQ Service on the NEA is off and is not configured to use any File IQ Appliance.

This section outlines how to enable your File IQ Product on the File IQ Appliance and then configure one or more NEAs to send activity information to the File IQ Appliance.

Use the Nasuni Portal to enable File IQ on the File IQ Appliance and the NEA.

Use this section to perform the following:

  1. Enable the File IQ Product on the new File IQ Appliance.

  2. Enable File IQ Service and Assign the File IQ Appliance for the NEA.

Before getting started, ensure that the following items from the 1. Prerequisites section are complete for this specific area:

Note: Before proceeding, confirm that the NMC, File IQ Appliance, and NEA(s) are all started and running.

a. Enabling the File IQ on the New File IQ Appliance

Use the Nasuni Portal to enable File IQ on the File IQ Appliance.

Nasuni Portal

To enable the File IQ Appliance from the Nasuni Portal, follow these steps:

  1. Log in to the Nasuni Portal.

  2. Navigate to Appliance Services > File IQ Configuration.

  3. Click the File IQ Appliance in the table list. The checkbox becomes Enabled.

  4. From the Enable/Disable drop-down menu, click Enable Selected. The State changes to Enabled for the File IQ Appliance in the table list. This action is automatically saved.

The configuration change is stored.

b. Enabling File IQ Service and Assigning the File IQ Appliance for the NEA

Important: The Nasuni Edge Appliance(s) that are used for data migration or third-party integration purposes should not be enabled to send events to File IQ Appliance(s).

In this section, enable the File IQ Service for each of the NEAs that you have chosen to report activity to the File IQ Appliance. You should have defined each NEA as part of the NEAs List entry in the 1. Prerequisites section above.

Use the Nasuni Portal to enable the File IQ service and assign the File IQ Appliance for the NEA.

Nasuni Portal

To enable the File IQ Service and assign the File IQ Appliance for each of these Nasuni Edge Appliances from the Nasuni Portal, follow these steps:

  1. Log in to the Nasuni Portal.

  2. Navigate to Appliance Services > File IQ Configuration.

  3. Click the Edge entry in the Configuration items on the left of the page.

  4. Click the Edge name in the table list. The checkbox becomes Enabled.

  5. From the Enable/Disable drop-down menu, click on Enable Selected. The State changes to Enabled for the Edge name in the table list. This action is automatically saved.

  6. Click the Assign/Unassign File IQ button. The File IQ Assignment panel appears.

  7. From the drop-down list, select the name of the File IQ Appliance that you want to assign the previously selected Edge entries.

  8. Click Save.

The configuration change is stored.

c. Forcing the Configuration to be Applied to the File IQ Appliance and Nasuni Edge Appliance

After the configuration is saved, it can take up to 1 hour for the configuration to become active on the File IQ Appliance and NEAs. Instead, you can force the configuration to immediately refresh using the Refresh License feature in the NMC so that you can move on to 8. Accessing the File IQ Dashboards immediately.

To force the configuration to become active, follow these steps:

  1. Log in to the Nasuni Management Console associated with your account.

  2. Click Filers.

  3. Click Refresh License. The Refresh Subscription License pane appears.

  4. Select the same File IQ Appliance and NEAs that you used in steps a. and b. above, and click Update Filers. The Refresh Subscription License dialog box appears.

  5. Click Refresh License. The dialog box closes, and you return to the Refresh Subscription License pane. Wait until the Status column for the values you selected in step 4 has changed to a checkmark before proceeding.

Important: The initial scanning of your volume files begins immediately. This process can take a while, depending on the number of files and directories to be scanned initially. This process can take approximately 1 hour per million files and directories for the initial scan. Subsequent scans occur every 24 hours after the initial scan. Subsequent scans are significantly faster because they only process changes to the existing volumes. To view the progress of the volume scans, use the System Status dashboard > Volume Scan Detailed Status panel and Service Support dashboard > Volume Scan State Logs panel.

8. Accessing the File IQ Dashboards

The results of scanning the selected volumes appear in numerical and graphical form on the File IQ Dashboards. For details about File IQ Dashboards, see File IQ Dashboards.

The File IQ Dashboards contain all the information for NEA activity and volume metadata that the File IQ Appliance receives and produces.

To access the File IQ Dashboards, follow this procedure:

  1. Open a new browser window.

  2. Enter the address in this form: 

    https://<FILE-IQ-FQDN>:3000

    where <FILE-IQ-FQDN> is the FQDN of the File IQ Appliance, assigned in 3. Running the File IQ Appliance First Boot Wizard. The File IQ Dashboard user interface appears.

  3. In the Email or username field, enter “Viewer”.

    Caution: Do not rename the Grafana viewer account. The Initialization program expects the viewer account to be present. If the viewer account is not present, the Initialization of the viewer account recreates the viewer account with the default password.

  4. In the Password field, enter “nasuni_IQ_2024!”.

    Note: Nasuni highly recommends updating the default password for the Grafana viewer account during the first usage.

  5. Click Log in. The system logs you into the File IQ Dashboard, and the Home page appears.

  6. It is important to change the default password. To change the password, follow this procedure:

    1. Click the avatar icon at the top right of the File IQ Dashboard. A context menu is displayed.

    2. In the context menu, click Change password. The Change Password pane appears.

    3. In the Old Password textbox, enter the original default password “nasuni_IQ_2024!”.

    4. Enter the new password into the New password and Confirm password text boxes. Click Change Password. The password is saved, and a dialog appears in the top right corner with the text User password changed.

    5. Click Home in the top left corner to return to the Home page.

9. Nasuni File IQ Status and File IQ Appliance Health

This section describes the Nasuni File IQ Status tool that is shipped with the File IQ Appliance.

a. File IQ Status Tooling

The File IQ Status tool, shipped with the File IQ Appliance, offers key insights into the operational health of the File IQ Appliance installation. At any point during the setup of the File IQ Appliance or afterward, the File IQ Status displays the health of key sections of the File IQ Appliance.

Each line has three possible status values:

  • Healthy: Indicated by a Green tick symbol. No action is required in this case.

  • Unhealthy: Indicated by a Red x symbol. Action is required in this case.

  • Informational: Indicated by a Yellow triangle with an exclamation point inside. Action might be required depending on the organization’s use case for File IQ.

Note: Informational items do not cause a health check to return as an error condition.

The Unhealthy and Information points are accompanied by a detailed text on the problem space and links to the Nasuni documentation to address them.

As the installation of File IQ progresses, it is recommended to run File IQ Status to ensure the setup is functional. Depending on when you run the File IQ Status tool, warnings and errors might be expected. For example, before enabling File IQ on the Portal, it is expected that the check for this does not pass.

b. File IQ Appliance Health

The File IQ Appliance reports its health to the NMC and uses the File IQ Status Tooling as the basis for the information. If the NMC reports a File IQ Appliance as unhealthy, the File IQ Status tool provides the customer with the cause of the problem, as well as remediation materials.

To view the current health of the File IQ Appliance in the NMC, follow this procedure:

  1. Log in to the Nasuni Management Console (NMC) associated with your account.

  2. Click Filers.

  3. Click the name of the File IQ Appliance in the table at the bottom of the page. The File IQ Appliance Details pane appears.

  4. The Health section is displayed at the bottom right of the pane.

c. File IQ Status Messaging

The list of health items that the File IQ Status can provide is outlined in the following table:

Name

Description

Since version

Health Item *

Premium Only **

Check Tag

Nasuni File IQ configured check

Indicates that the File IQ appliance has been configured for Audit Events at the NOC and has had a volume shared via the NMC.

10.2

Yes

No

CONFIGURATION

Nasuni File IQ Enabled in NOC

Indicates that the File IQ appliance has been enabled in the Nasuni Portal UI or NOC UI.

9.15

Yes

No

CONFIGURATION

Nasuni File IQ database filesystem created

Indicates that the file system for the File IQ DB has been created.

9.15

Yes

No

SYSTEM

Nasuni Appliance filesystem sizes

Indicates that the size of the disks on the File IQ Appliance meet the expected size ratios.

9.15

Yes

No

SYSTEM

Nasuni File IQ sizing

Indicates that the virtual machine is sized appropriately based on the data stored in the system at the time.

10.0

Yes

No

SYSTEM

Nasuni File IQ database filesystem usage

Indicates that the File IQ DB disk has adequate space. ≥90% full = unhealthy; ≥85% full = informational.

9.15

Yes

No

FSMS

Nasuni File IQ database created

Indicates that the File IQ Database has been created on the File IQ Appliance.

9.15

Yes

No

SYSTEM

Nasuni File IQ database running

Indicates that the File IQ Database service is running successfully.

9.15

Yes

No

SYSTEM

Nasuni File IQ database extensions installed

Indicates that the required File IQ Database extensions have been installed.

10.2

Yes

No

SYSTEM

Nasuni File IQ Appliance connected to Directory Service

Indicates that the File IQ Appliance is connected to an Active Directory service.

9.15

No

No

CONFIGURATION

Nasuni volumes mounted

Indicates that volumes have been connected to the File IQ Appliance for metadata analysis.

9.15

Yes

No

FSMS

Nasuni volumes mounted Read-only

Indicates that the volumes connected to the File IQ Appliance for metadata analysis are connected as read-only.

9.15

Yes

No

FSMS

Nasuni File IQ event queue created

Indicates that the File IQ Appliance has successfully created the Event Queue required for NEA communication.

9.15

Yes

No

FSEP

Nasuni File IQ event queue connectivity

Indicates that the File IQ Appliance has successfully connected to the Event Queue for NEA communication.

9.15

Yes

No

FSEP

Nasuni audit events received

Indicates that the File IQ Appliance is successfully receiving activity data from one or more NEAs.

9.15

No

No

FSEP

Nasuni volumes have snapshot and sync disabled

Indicates that all volumes connected to the File IQ Appliance have sync and snap schedules disabled.

10.0

Yes

No

FSMS

Nasuni File IQ system memory size check

Indicates that there have been no recent cores for the File IQ process and no Out of Memory (OOM) situation.

10.0

Yes

No

SYSTEM

Nasuni File IQ cache usage

Indicates that the Cache disk on the File IQ Appliance has adequate space.

10.0

Yes

No

FSEP

Nasuni File IQ Event Hub Partitions check

Indicates that the Event Queue processing is utilizing all available system capacity.

10.0

Yes

No

SYSTEM

Nasuni File IQ Database Backup Configuration

Indicates the File IQ Database backup is configured and enabled on the system.

10.1

Yes

No

BACKUP

Nasuni File IQ Database Backup Status

Indicates that the File IQ Database backup has been successfully run on the File IQ Appliance.

10.1

Yes

No

BACKUP

Nasuni File IQ Database Backup Available

Indicates that the File IQ Database backup is accessible in the cloud storage.

10.1

Yes

No

BACKUP

Nasuni File IQ Database WAL Archiving Status

Indicates that the File IQ Database backup of the Write Ahead Logs (WAL) is keeping up with workload.

10.1

Yes

No

BACKUP

Nasuni File IQ Single Sign-On Configuration

Indicates that the SSO feature has been configured for the File IQ Dashboard.

10.1

Yes

No

SSO

Nasuni File IQ Single Sign-On health check

Indicates that the SSO feature for the File IQ Dashboard is passing health checks and is operational.

10.1

Yes

No

SSO

Nasuni File IQ Apache check

Indicates that the Apache web server is available.

10.2

Yes

No

API

Nasuni File IQ FSEP service check

Indicates that the File IQ Event Processor is running correctly.

10.2

Yes

No

FSEP

Nasuni File IQ FSMS service check

Indicates that the File IQ Metadata Service is running correctly.

10.2

Yes

No

FSMS

Nasuni File IQ FSAGG service check

Indicates that the File IQ Event Aggregation service is running correctly.

10.2

Yes

No

FSAGG

Nasuni File IQ Reporting service check

Indicates that the Reporting Service is running on the File IQ Appliance.

10.1

Yes

No

REPORTING

Nasuni Appliance Backup Key set up

Indicates that the Escrow Passphrase has been set for the File IQ Appliance.

10.0

Yes

No

SYSTEM

Nasuni Appliance Backup available

Indicates that the File IQ Appliance’s configuration has been backed up to the NOC and is DR ready.

10.0

Yes

No

SYSTEM

Nasuni File IQ Reporting cron job configured

Indicates that the cron job that schedules the Reports has been configured on the File IQ Appliance.

10.1

Yes

Yes

REPORTING

Nasuni File IQ Report staging volume configured

Indicates that a Volume has been connected to store reports generated by the Reporting Service.

10.1

Yes

Yes

REPORTING

Nasuni File IQ Report staging path configured

Indicates that an absolute directory path on the volume used by the Reporting Service has been configured.

10.1

Yes

Yes

REPORTING

Nasuni File IQ Report execution failures during previous 24 hours

Indicates that the Reporting Service has had no failures in executing reports within the past 24 hours.

10.1

Yes

Yes

REPORTING

Nasuni File IQ Indexer service check

Indicates that the File IQ Indexer service is running correctly.

10.2

Yes

Yes

INDEXING

Nasuni Advanced Metadata Filtering health check

Indicates that the Advance Metadata Filtering ran without an error for all configured volumes.

10.2

Yes

Yes

INDEXING

Nasuni File IQ API service check

Indicates that the File IQ API service is running correctly.

10.2

Yes

Yes

INDEXING

* The health item indicates whether this item might raise a health problem for the NMC.

** The health item varies between the Basic and Premium versions of the File IQ Appliance.

Appendix A: Firewall Configuration

The File IQ Appliance and Nasuni Edge Appliance both require access to the Microsoft Azure Event Hub API. For configuration instructions, see Firewall and Port Requirements.

Appendix B: Deletion Security

The Amazon cloud storage platform offers several safeguards to prevent or mitigate unwanted deletion. You might choose to employ some or all these safeguards.

For specific recommendations and guidelines on managing and safeguarding EC2 instances and associated disks (EBS volumes), AWS provides targeted documentation that can help protect these resources from accidental or unauthorized deletion.

For more information directly related to managing EC2 instances and EBS volumes, see the following resources:

  1. Amazon EC2 Documentation. This section includes detailed information on managing instances, including permissions and lifecycle considerations: Amazon EC2 Documentation

  2. Amazon EBS Documentation. Covers all aspects of managing Elastic Block Store volumes, including backups, encryption, and preventing accidental deletion: Amazon EBS Documentation

  3. AWS Using IAM to Manage Access to Amazon EC2 Resources. Provides guidelines on how to create and manage IAM policies for EC2 resources, crucial for preventing unauthorized access or deletion: Manage Access to EC2 Resources

  4. Preventing Unintended Resource Deletion with AWS Rule Locks. While not limited to just EC2 and EBS, this guide explains how to use rule locks to prevent accidental deletion: Rule Locks.

Storage Redundancy

Carefully consider the best redundancy options for your data and your organization. Considerations might include legally mandated data locations and geographic proximity to other resources.

To achieve this, Amazon provides Regions and Availability Zones, AWS Local Zones, Data Replication Options, and Automation and Scaling Capabilities. For more information, see Resilience in Amazon EC2.

Locking Resources

Locking resources in AWS is critical to ensuring that essential components are not accidentally modified or deleted. AWS offers various mechanisms to control and restrict these operations, enhancing security and governance across your AWS environment.

Resource Locking Features in AWS

  1. AWS Resource Locks: Lock your resources to prevent accidental deletion or modification. Achieve this using IAM policies that restrict delete permissions and other critical operations.

  2. IAM Policies:

    1. Prevent Deletion: Configure IAM policies to deny the deletion of specific resources. Specify actions that cannot be executed, effectively implementing a CanNotDelete lock.

    2. Read-Only Access: Set read-only access policies to resources to prevent modifications.

  3. Permissions Required: Specific permissions to alter IAM policies or service configurations are required to create or manage locks. Typically, only users with administrative privileges (AdministratorAccess) or those explicitly granted permissions can manage these locks.

  4. Inheritance: Locks in AWS are not inherited through resource hierarchy (like resource groups) by default. Each resource needs a specific lock or IAM policy to ensure protection.

For more information, see Controlling access to AWS resources using policies.

Protecting Attached Resources in AWS

AWS incorporates several safeguards to prevent the unintended deletion of resources that are currently in use or attached to other services, ensuring data integrity and operational continuity.

Features for Protecting Attached Resources in AWS

  1. Amazon EC2 and EBS volumes:

    1. Prevention of Deletion: AWS does not allow the deletion of an Amazon Elastic Block Store (EBS) volume when attached to a running instance. This safeguard ensures that active data is not accidentally removed.

    2. Deletion Protection: Configure Amazon EC2 instances with deletion protection to prevent accidental termination through the AWS Management Console, CLI, or API.

  2. Leased Resources: AWS provides similar protections via resource-locking features and permissions management.

  3. Permissions and Policies: In AWS, IAM policies are critical in preventing resource deletion. Define policies restricting users' ability to delete important resources like EC2 instances, EBS volumes, and more.

For more information, see Amazon EC2 and Amazon EBS.

Appendix C: Controlling the EC2 File IQ VM

Virtual platforms offer the ability to control various aspects of your File IQ Appliance. This section presents procedures for these control functions. Because these controls depend on third-party virtual platforms, you should follow the procedures for your specific virtual platform.

Note: The vendor changes their interfaces occasionally with little notice to the users. The exact screens and text on these platforms might change at any time.

Starting the Amazon EC2 VM

You can start a stopped Amazon EC2 VM of the File IQ Appliance on the virtual platform.

To start a stopped Amazon EC2 VM, follow these steps:

  1. Open your web browser and navigate to: https://console.aws.amazon.com/ec2/.

  2. Once logged in, navigate to the EC2 Dashboard.

  3. On the EC2 Dashboard, click Instances in the left-hand navigation pane. A list of your EC2 instances displays.

  4. In the list of instances, locate the File IQ Appliance instance you want to start. You can identify it by its Instance ID, Name tag, or other details set during its creation or previous configuration.

  5. Select the instance by clicking the checkbox next to its name.

  6. With the instance selected, click the Instance State dropdown menu at the top of the page.

  7. Click Start instance from the dropdown options.

Note: This might require a few minutes to launch, or a page refresh to see the updated information.

Status of the Amazon EC2 VM

To view the status of the Amazon EC2 VM of the File IQ Appliance, follow these steps:

  1. After starting the instance, monitor its status in the Instance state column of the Instances list.

  2. The instance might take a few minutes to change from Stopped to Pending to Running.

  3. Once the instance status is Running, it indicates that the system has completed the boot process. However, additional time might be required for the operating system to load and for startup tasks to complete. To determine operational readiness, monitor the Status check column for any system and instance checks to pass, confirming that all services and applications are fully functional and ready for use.

Shutting Down the Amazon EC2 VM

To shut down the Amazon EC2 VM, follow these steps:

  1. Log in to the Nasuni Management Console associated with the File IQ Appliance.

  2. Click Filers.

  3. Click Shutdown & Reboot. The Shutdown and Reboot pane appears.

  4. For the File IQ Appliance, click the associated Shutdown/Reboot action.

  5. The Initiate Shutdown/Reboot of File IQ Appliance pane appears.

  6. Enter “Change Filer Power State” into the Confirmation Phrase textbox.

  7. Select the Option to Shut down immediately. Click Shutdown. The Shutdown and Reboot pane appears.

  8. Wait until the Status column for the File IQ Appliance changes to a checkmark before processing and the File IQ Appliance shuts down.

Appendix D: Uninstalling the Amazon EC2 VM

This section describes uninstalling the File IQ Appliance from the Amazon EC2 platform.

Note: Vendors change their interfaces occasionally with little notice to the users. The exact screens and text on these platforms might change at any time.

Uninstalling the File IQ Appliance

To uninstall the File IQ Appliance on the Amazon EC2 VM platform, follow these steps:

  1. After logging in to https://console.aws.amazon.com/ec2/, navigate to the EC2 Dashboard.

  2. Click Instances in the left-hand navigation pane to view your EC2 instances.

  3. Locate the File IQ Appliance VM you want to uninstall and click the checkbox next to its name.

  4. From the Instance State dropdown menu, select Stop instance to ensure the VM is stopped.

  5. Confirm the action by clicking Stop in the confirmation dialog.

  6. With the instance still selected, click Actions.

  7. Navigate to Instance State and then select Terminate instance.

  8. A confirmation dialog box appears with a list of associated EBS volumes. Note the EBS Volume identifiers. This list of volume identifiers might be used to identify the list of volumes to be deleted.

  9. Confirm your intention to delete the instance by clicking Terminate. This action permanently deletes the VM.

Terminating the virtual machine might not delete the EBS volumes associated with it.

To delete the associated EBS volumes, follow these steps:

  1. After terminating the instance, navigate to Volumes in the left-hand navigation pane.

  2. Look for any volume names prefixed with the File IQ Instance name ,or use the list of volume identifiers provided in the Terminate instance confirmation dialog.

  3. Select the volumes in the Volumes table view.

  4. If any of the volumes are still associated with the terminated instance, click Actions.

    1. Select Detach volume, and a confirmation dialog appears.

    2. Click Detach. The associated volumes are no longer associated with the terminated instance and are ready to be deleted.

    3. Confirm that the volumes are selected in the Volumes table view.

  5. Click Actions and select Delete volume. A confirmation dialog with a list of volume identifiers appears.

  6. Type “delete” in the Confirmation field.

  7. Confirm the deletion by clicking Delete.

  8. Revisit the Instances and Volumes sections to ensure that the instances and volumes have been successfully deleted.

Appendix E: Resizing the File IQ EBS Volumes

This section describes how to resize the File IQ Appliance EBS volumes from the Amazon EC2 platform.

Note: Vendors change their interfaces occasionally with little notice to the users. The exact screens and text on these platforms might change at any time.

Important: Only EBS volumes can be increased.

Prerequisites:

  • The File IQ Instance installation is complete.

  • The File IQ EBS volumes are correctly named using the prefixing of the volume names (such as “File IQdb”) with the File IQ Instance name. For more information, see step 20 of 2. Installing File IQ using the Amazon EC2 AMI.

To resize the File IQ EBS volumes, follow these steps:

  1. Log in to the Nasuni Management Console associated with the File IQ Appliance.

  2. Click Filers.

  3. Click Shutdown & Reboot. The Shutdown and Reboot pane appears.

  4. For the File IQ Appliance, click the associated Shutdown/Reboot action. The Initiate Shutdown/Reboot of File IQ Appliance pane appears.

  5. Enter ‘Change Filer Power State’ into the Confirmation Phrase textbox.

  6. Select Shut down immediately, and click Shutdown. The Shutdown and Reboot pane appears.

  7. Wait until the File IQ Appliance's Status column changes to a checkmark before proceeding; at that point, the appliance is shut down.

  8. Go to the Amazon Web Services EC2 console at: https://console.aws.amazon.com/ec2/. The EC2 Dashboard page appears.

  9. Click Volumes in the left-hand navigation pane to view your list of EBS volumes.

  10. The list of volumes displays. By filtering the list of volumes using the File IQ Instance name, locate the File IQ EBS volumes you need to resize.

  11. For each of the volumes displayed in the list that you want to resize, execute the following steps:

    1. Select the Volume checkbox that you want to change.

    2. From the Actions dropdown menu, select Modify volume. The editor for the volume appears.

    3. Via the Volume editor, you can update:

      1. The Volume type. Nasuni recommends:

        1. Using Provisioned IOPS SSD for both the File IQ cache volume and File IQ DB volumes.

        2. Using General Purpose SSD for both the Operating System and COW volumes.

      2. The volume's Size. Use the File IQ Sizing Tool to estimate the size of the Nasuni Cache and File IQ DB volumes.

      3. The volume's IOPS value. Use the File IQ Sizing Tool to set this value.

      4. The Throughput value (MiB/s).

        Note: This option is available when the volume type is set to gp3.

    4. Click Modify. A confirmation dialog box appears. Ignore the message indicating that the file system must be extended to the new volume size. The File IQ appliance automatically detects when the EBS volume is extended and adjusts the file system accordingly.

    5. Click Modify. The volume update is triggered, and the list of all the volumes is displayed.

  12. On the left panel, click Instances. The list of Instances is displayed, and the same File IQ instance previously modified should remain selected. If not, reselect the File IQ Instance to display the Instance's detailed view.

  13. With the instance selected, click the Instance state dropdown menu at the top of the page.

  14. Click Start instance from the dropdown options. It might take a few minutes for the instance to start. You might need to refresh the page to see the updated information.

The File IQ Appliance Virtual Machine starts.

Appendix E: HTTPS Proxy Configuration

For more information on the HTTPS proxy configuration, see Chapter 11 of the NEA.

Appendix F: Next Steps

After successfully installing the File IQ appliance version 10.1+, Nasuni recommends completing the following File IQ Basic or Premium post-installation configuration steps to ensure your environment is secure, resilient, and fully optimized for visibility and analytics.

File IQ Basic

If you are using File IQ Basic, complete these steps:

  • Configure File IQ Database Backups: Ensure regular backups are configured for the File IQ database to protect against data loss and support recovery scenarios.

  • Configure Encryption Key and De-Escrow Passphrase: Set up the encryption key and securely store the de-escrow passphrase. These are required for recovering your File IQ environment in the event of a failure.

  • Review File IQ Dashboards: Familiarize yourself with the File IQ Basic dashboards in Grafana to understand baseline activity, volume usage, and event data.

  • Configure File IQ SSO: Integrate Single Sign-On (SSO) to streamline authentication and align with your organization’s identity management policies.

  • Evaluate File IQ Premium: Contact your Nasuni Account Manager to learn more about its features and how they can provide additional insights and automation.

File IQ Premium

If you are using File IQ Premium, complete these additional steps:

  • Configure File IQ Alerts: Set up alerts to proactively monitor key events, anomalies, or thresholds within your environment.

  • Configure File IQ Reporting: Enable and customize reports to deliver actionable insights to stakeholders on a scheduled basis.

  • Review File IQ Premium Dashboards: Explore enhanced dashboards for deeper visibility into file activity, user behavior, and system trends.

Related articles