File IQ Installation for Azure

  • Updated on Apr 14, 2025
  • Published on Jan 9, 2025
  • 40 minute(s) read
  • DM
  • CD
  • ET
 Prev Next

This guide is intended for the IT administrator or person responsible for installing the File IQ Appliance on the Microsoft Azure platform.

General Information

This section includes general information about the File IQ Appliance and technical specifications.

File IQ

The File IQ feature is designed to provide insights and analytics on your file data usage patterns. File IQ enables you to quickly take advantage of several important capabilities, including:

  • File Usage Analytics: Track usage and collaboration patterns across users, departments, file types, volumes, and more. Gain visibility to optimize storage, plan capacity, and facilitate capacity-based chargeback.

  • Health Monitoring: Monitor system component metrics to proactively identify resource contention and capacity limits so administrators can take preventative measures.

  • Forensic Capabilities: Perform historical analysis of file, user, or application activity when troubleshooting issues or investigating information security events.

  • Automated Reporting: Leverage prebuilt reports and dashboards that deliver actionable intelligence to technical and business users and support chargeback reporting.

Key Terms

The following terms are helpful for understanding the File IQ Appliance:

  • Cache: The local storage of the File IQ Appliance. All Volume metadata accessed regularly is kept locally in the File IQ Appliance cache. If the requested metadata is not locally resident, it is staged into the cache and provided for the request.

  • Cloud storage: Internet-based, highly protected, unlimited storage.

  • Event Hubs: A cloud-native data streaming service used to forward events between components of the File IQ Solution.

  • Grafana: Grafana is a multi-platform open-source analytics and interactive visualization web application. It provides charts, graphs, and alerts for the web when connected to supported data sources.

  • Nasuni Edge Appliance (NEA): The virtual or physical Nasuni appliance that integrates with your infrastructure via CIFS (SMB), NFS, FTP/SFTP, or HTTPS/REST protocols. The Nasuni Edge Appliance can be mapped as a network drive.

  • Nasuni Edge Appliance user interface: The Web-based graphical user interface with which you configure and manage the Nasuni Edge Appliance. The Nasuni Edge Appliance user interface is accessible with supported Web browsers, including Mozilla Firefox, Microsoft Edge, Apple Safari, and Google Chrome.

  • File IQ: The File IQ Appliance contains the database, Grafana server, event processing, and volume scanning capabilities that the File IQ Solution uses to give insight into Nasuni Edge Appliance and Volume usage across your Nasuni deployments.

  • Nasuni Management Console (NMC): The Web-accessible appliance with which you can configure and manage multiple Nasuni Edge Appliances. The Nasuni Management Console is accessible with supported Web browsers, including Mozilla Firefox, Microsoft Edge, Apple Safari, and Google Chrome.

  • Nasuni Orchestration Center (NOC): Nasuni’s zero-maintenance control path built on elastic, multi-region cloud services that enables file data to be shared across locations at any scale and without version conflict. The NOC, also referred to as the Nasuni Account Dashboard, provides you with access to File IQ Serial Numbers, which are used to install File IQ.

  • File IQ Dashboard: A custom dashboard deployed within the File IQ Appliance-hosted Grafana to display information gathered by the File System Metadata Service (FSMS) and the File System Event Processor (FSEP).

  • File IQ Service: The File IQ Service collects audit events and forwards them to the File IQ Appliance via the Azure EventHub.

Note: The audit events collected by the File IQ Service are independent of the standard auditing feature enabled on the NEAs.

  • Share/export: An access point to a folder on a volume that can be shared or exported on your network. Access to a CIFS (SMB) share can be customized on a user-level or group-level basis. You can create many shares or exports on a volume for different purposes or audiences.

  • Volume: A set of files and directories (CIFS (SMB), NFS, and FTP/SFTP).

File IQ Solution Specifications

This section contains specifications for configuring the File IQ Appliance.

Supported Web Browsers

The File IQ Appliance supports the following Web browsers:

Browser

Version

Mozilla Firefox

Latest

Google Chrome

Latest

AppleSafari

Latest

Microsoft Edge

Latest

Virtual machine requirements

Contact your Nasuni Account Manager to use the Sizing Tool and determine the right virtual machine requirements for your organization.

Azure Event Hub Regions

The Azure Event Hub created during the File IQ setup must be in one of the following regions:

Australia Central

East US 2

South Central US

Australia Central 2

France Central

South India

Australia East

France South

Southeast Asia

Australia Southeast

Germany North

Spain Central

Brazil South

Germany West Central

Sweden Central

Brazil Southeast

Israel Central

Sweden South

Central India

Italy North

Switzerland North

Central US

Japan East

Switzerland West

China East

Japan West

UAE Central

China East 2

Korea Central

UAE North

China East 3

Korea South

UK South

China North

North Central US

UK West

China North 2

North Europe

West Central US

China North 3

Norway East

West Europe

East Asia

Norway West

West India

East Canada

Poland Central

West US

East Canada

South Africa North

West US 2

East US

South Africa West

West US 3

For complete details on Azure Event Hub regions, see Products available by region.

Note: Azure GovCloud regions do not support Event Hubs.

Installing on the Microsoft Azure Platform

This chapter explains how to install the File IQ Solution on the Microsoft Azure platform.

Tip: Our File IQ Installation and Configuration videos provide a video overview of the installation and configuration process.

Tip: For information about preventing accidental or malicious data deletion, see Appendix B, “Deletion Security ”.

Tip: This document is about deploying virtual machines. It does not cover configuring a storage account for use with Nasuni volumes.

Warning: DO NOT attempt to restore from a virtual machine snapshot or backup. Attempting to restore from a virtual machine snapshot or backup puts the IQ Appliance in an unknown state in relation to the Nasuni Orchestration Center (NOC) and can result in data loss for the File IQ database.

Tip: You should leverage your cloud provider's role-based access and identity access management features as part of your security strategy. Based on your policies, such features can limit or prohibit administrative access to the cloud account.

Important: Nasuni appliances do not use the Microsoft Azure agent, so any functionality that requires the agent (such as the Run command or code injection) is unavailable.

Important: File IQ Appliances must be configured with operational DNS servers and a time server (internal or external) within your environment. The File IQ Appliance is configured with a default time server time.nasuni.com. If you need to use a different time server, the procedure to change the default time server is documented in the Nasuni Edge Appliance Time Configuration section of the Nasuni Edge Administration guide.

Note: The vendor changes their interfaces occasionally with little notice to the users. The exact screens and text on these platforms might change at any time.

Day 1 File IQ Installation Checklist

To complete a day 1 File IQ installation, follow this checklist:

Step

Action

1

Complete the 1. Before you Begin section in this document. Your Account Manager can assist you with this item.

2

Complete the 2. Installing File IQ using the Azure Marketplace section in this document.

3

Complete the 3. Running the File IQ Appliance First Boot Wizard section in this document.

4

Complete the 4. Add the File IQDB Disk to the File IQ Appliance section in this document.

5

Complete the 5. Connect the Nasuni Volumes to the File IQ Appliance section in this document.

6

Complete the 6. Disabling Quality of Service (QoS) for the File IQ Appliance section in this document.

7

Complete the 7. Enabling the File IQ and configuring File IQ Service section in this document.

8

Complete the 8. Accessing the File IQ Dashboards section in this document.

9

For more information, see the following sections:

1. Before you Begin

The following items should be readily available so that you can navigate the File IQ installation and setup process. It is recommended that you complete these requirements before starting or have a way to fulfill them during the installation process.

Note: File IQ does not support a proxy server.

Item

Description

Contact Nasuni

Contact your Account Manager to enable the File IQ license and configure your account for the File IQ Appliance. Use the Sizing Tool for recommendations on the most appropriate Azure instance type.

Azure Login

Authentication and Authorization to your organization’s Azure Account is needed to create the File IQ Virtual Machine.

Azure Region

The Azure region that you wish to install the File IQ Appliance into.

Azure network details for the File IQ virtual machine (VM)

When installing the File IQ virtual machine in Azure, the following items are required for the virtual machine:

  1. Virtual Network

  2. Subnet

  3. Network Security Group

Each organization has its own requirements for how the networking of the virtual machine is fulfilled. Nasuni recommends defining this before you start the installation process.

NMC Login

Authentication and authorization to your organization’s Nasuni Management Console to configure the File IQ for your environment.

NOC Login

Authentication and authorization to your organization’s Nasuni Orchestration Center account to retrieve your File IQ Serial Number and Authorization Code, and to configure the File IQ.

Volumes list

Use at least one volume when setting up File IQ. Ideally, choose one small volume to see the result quickly when you enable the File IQ Appliance.

NEAs list

You need at least one Nasuni Edge Appliance to configure sending activity to the File IQ virtual machine. Ideally, pick an NEA from which you can mount volumes to generate traffic and see it in the File IQ dashboards. The NEA must be running version 9.14.3 or later.

File IQ Serial Number and Authorization Code

The File IQ Appliance Serial Number is located in your Nasuni Account. It is paired with an Authorization Code (Auth Code), which is located in a table at the bottom of the page.

Note: Configuration of the File IQ Appliance and NEAs for File IQ can also be found in this location of your Nasuni Account.

Note: If the File IQ Config menu or File IQ Serial Numbers are unavailable, contact your Nasuni Account Manager to confirm that the File IQ License is correctly configured for your account.

Note: To enable a single sign-on user to access the File IQ Config menu, follow these steps:

1. Log in to account.nasuni.com.
2. Select “SSO Setup” from the Profile dropdown menu.
3. Scroll down to the Create / Update Roles for SSO section.
4. Add the “Customer can set File IQ config” permission to a role so users with that
role can access the File IQ Config menu item.

File IQ username and password

The first boot setup of the File IQ Appliance requires a new username and password. These values are specific to the File IQ Appliance only.

File IQ hostname

When you go through the First Boot Wizard for the File IQ appliance, you must provide a hostname for the machine.

Note: Hostnames longer than 15 characters cannot be added to Active Directory services.

File IQ network details

You must provide the machine's network details when you go through the First Boot Wizard for the File IQ Appliance.

Grafana password

The default password for the Grafana viewer account must be changed during the first usage. Nasuni recommends having a new password ready that aligns with your corporate processes and procedures.

Active Directory credentials

The File IQ Appliance must connect to the same Active Directory domains as the NEAs and volumes configured in the File IQ Appliance. The following information might be necessary:

  • Active Directory domain name

  • Active Directory Primary Domain Controller (PDC) IP address

  • Active Directory Administrator Account username and password

Sizing Tool outputs

The File IQ Sizing Tool provides a Virtual Machine size suggestion, disk sizing, and configuration for Cache and File IQ DB to use when setting up the File IQ Virtual Machine in Azure. Complete the Sizing Tool exercise to receive these outputs before completing the File IQ installation process.

The outputs received from the Sizing Tool include the following recommendations:

  1. File IQ Cache Disk

    • Size

    • IOPS

    • Throughput (MB/s)

  2. File IQ DB disk size

    • Size

    • IOPS

    • Throughput (MB/s)

  3. Azure VM size

  4. Azure VM memory

  5. Azure VM number of CPU Cores

Note: File IQ does not support disk striping on cache or DB disks.

NEA Firewall requirements

The Nasuni Edge Appliance requires access to the Azure Event Hub when you enable File IQ. All network ports and access requirements for the File IQ Service on the NEA are documented in the Firewall and Port Requirements in the Nasuni Edge Appliance section.

Before enabling the File IQ on the NEA, complete the NEA Firewall Requirements for File IQ Service.

File IQ Firewall requirements

When you enable File IQ, the Nasuni Edge Appliance requires access to the Azure Event Hub. The File IQ Appliance section of the Firewall and Port Requirements documents all network ports and access requirements for the File IQ Service on the NEA.

Before you activate File IQ on the File IQ Appliance, complete the File IQ Firewall Requirements for File IQ.

2. Installing File IQ Using the Azure Marketplace

To deploy the File IQ appliance using a virtual machine in Microsoft Azure, use the Azure Marketplace.
Alternatively, to deploy the File IQ appliance using the Azure Virtual Hard Disk, see Appendix C: Installing File IQ using the Azure Virtual Hard Disk.

Important: Nasuni does not have access to your Microsoft Azure account; you must create and maintain your own Microsoft Azure account. To create an account, go to the Microsoft Azure site.

Important: To access Active Directory-enabled volumes, the File IQ Appliance must access the same Active Directory domains as the other Nasuni Edge Appliances connected to the volume. This requires either access to a Domain Controller running in Azure or the necessary network connectivity, such as a VPN connection or Azure ExpressRoute, to an on-premises Domain Controller. Azure Active Directory is not currently supported.

Important: Similarly, to access LDAP-enabled volumes, the File IQ Appliance must be able to access LDAP and Kerberos in the same LDAP domain. You cannot enable Active Directory and LDAP Directory Services for a File IQ Appliance.

Caution: For Installation of the Virtual Machine, port 443 must be open to *.blob.core.windows.net, to perform required Azure virtual machine validation checks during boot and normal operations.

Caution: Do not install Azure extensions. They adversely affect File IQ Appliances.

Important: Nasuni appliances do not use the Microsoft Azure agent, so any functionality that requires the agent (such as the Run command or code injection) is unavailable.

Note: Nasuni supports both Microsoft Azure generation 1 (BIOS) virtual machines and Microsoft Azure generation 2 (UEFI) virtual machines.

To install File IQ from the Azure Marketplace, navigate to the File IQ offer on the Azure Marketplace and create the Virtual Machine for File IQ from that location. You do not need to upload the Virtual Hard Disk file and create an image as part of the process.

To begin the installation of File IQ using the Azure Marketplace, follow these steps:

  1. Log in to the Azure portal: portal.azure.com.

  2. Click the search field at the top of the page.

  3. Enter the search term ‘Marketplace’ and press Enter twice.

  4. In the Search services and Marketplace field, type “File IQ”. Ensure that the Azure services only checkbox is deselected. Press Enter once.
    The File IQ offering is displayed in the search results.

  5. Click Create. Then, from the dropdown list, select the version that you want to create.
    The Create a virtual machine pane appears.

  6. To select an existing Resource Group, click Select existing and then select an existing Resource Group from the list.
    Alternatively, click Create new to create a new Resource Group. Enter a Name for the new Resource Group and click OK.

  7. Enter a Virtual machine name for this virtual machine. The name must be 1 to 64 characters long, using only letters, numbers, hyphens, periods, and underscores. It must also be unique in the resource group.

  8. From the Region dropdown list, select the region for the virtual machine.
    Note: Not all VM sizes are available in all Regions.

    Tip: Legal requirements or your organization’s policies might require data placement in a specific region, or prevent replication outside the region.

  9. (Optional) To specify availability options from the dropdown menu, select the “Availability zone if that is your organization’s policy.

  10. For Size, click See all sizes. The Select a VM size pane appears. Choose the VM size suggested by the File IQ Sizing Tool or a higher VM type, considering vCPUs and RAM, and click Select.

    Note: Do not use a burstable VM.

  11. If available, for Authentication type, select Password.

    1. Enter a Username for the user of this virtual machine.

      Note: This value is not used and does not provide access to the virtual machine.

    2. Enter a Password. Passwords must be at least 13 characters and satisfy complexity requirements.

      Note: This value is not used and does not provide access to the virtual machine.

    3. Confirm the password.

      Note: This value is not used and does not provide access to the virtual machine.

  12. Click Next: Disks. The Disks pane appears.

  13. From the “OS disk type” dropdown, select Premium SSD or Premium SSD v2 if available. Use the default disk size.

  14. Create a cache disk by following this procedure:

    1. Click Create and attach a new disk. The Create a new disk pane appears.

    2. Enter a Name for the disk, giving it a suffix of ‘_cache’. The name must begin with a letter or a number; end with a letter, a number, or an underscore; and contain only letters, numbers, underscores, periods, or hyphens.

    3. For Size, click Change size. The Select a disk size pane appears.

      1. From the Storage type dropdown, select Premium SSD or Premium SSD v2, if available.

      2. Enter the Custom disk size that matches the outputs of the File IQ Cache Disk from the Sizing Tool Outputs section in the 1. Before you Begin section above.

      3. Select the Performance tier option that matches the Nasuni Cache Disk IOPS and MB/s values from the Sizing Tool Outputs section in the 1. Before you Begin section above.

      4. Click OK.

        The disk details are saved, and you return to the Create a new disk pane.

      5. Click OK.

        The disk details are saved, and you return to the Create a virtual machine pane.

  15. Host caching can improve performance under some circumstances.

    Note: Host caching is not supported for disks 4 TiB (4096 GiB) and larger. For this reason, we recommend using 4095 GiB if the File IQ Sizing Tool recommends 4 TiB or 4096 GiB.  For the recently created ‘_cache’ disk, select the Host caching from the following choices:

    • Read/Write: Use host caching for both read and write operations. Nasuni recommends enabling Read/Write host caching.

    • None: Do not use host caching.

    • Read Only: Use host caching only for read operations.

  16. Create the CoW disk by following steps 14 and 15, but use a suffix of ‘_cow’, a size of 64 GB, and the default Performance tier.

    Important: The File IQ Appliance now has 2 data disks added to it. Their relative sizes are important during installation because the NEA (on which the File IQ Appliance is built) allocates disks to various roles based on size.  Nasuni recommends using suffixes for the data disks, so that the names of the disk indicate their expected roles based on their initial sizes.
    For reference, the File IQ Appliance database disk is added later.

  17. Click Next: Networking. The Network Interface pane appears.

  18. Enter the corresponding fields from the Azure network details for the File IQ virtual machine (VM) entry in the 1. Before you Begin section above.

  19. Configure the other settings as appropriate for your solution, including, but not limited to, security group and virtual private cloud.

  20. Click Next: Management. The Management pane appears.

  21. Ensure that Auto-shutdown is set to Off.

  22. For Identity, configure a managed identity to match your desired settings.

  23. Click Next: Monitoring. The Monitoring pane appears.

  24. For Monitoring, ensure that Boot diagnostics is enabled, and select an appropriate storage account. This can aid in troubleshooting.

  25. Configure the other settings as appropriate.

  26. Click Next: Advanced. The Advanced pane appears. Configure to match your desired settings.

  27. Click Next: Tags. Optionally, create tags for your use.

  28. Click Next: Review + create. The Review + create pane appears.

  29. Review all settings. If any settings must be changed, click Previous and change the setting.
    If the settings are correct, click Create to begin the virtual machine creation process.

  30. When the virtual machine is created, it appears in the list of virtual machines with the status of Created, and deployment begins.

  31. When the deployment is finished, the virtual machine's status changes to OK. Click Go to resource.
    Alternatively, click Home in the top left. Click Virtual machines, followed by clicking the new virtual machine.

3. Running the File IQ Appliance First Boot Wizard

To access the newly installed File IQ Appliance, follow this procedure:

  1. Click Home, followed by Virtual machines. (If this does not appear in the list at the top, click More Services or All Services to view more services.) The Virtual machines pane appears.

  2. From the Virtual machines list, click the virtual machine created above. The Overview pane for this virtual machine appears.

  3. If a public IP address was configured, copy the Public IP address.
    If a public IP address was not configured, get a private IP address. If a public IP address is not configured, you must use the private IP address assigned to the VM.

    Note: If the IP address string is blank, click Start. The virtual machine starts, and the IP address appears. It might take a few minutes for the virtual machine to start. You might need to refresh the page to see the IP address appear.

  4. Navigate to the First Boot Wizard for the File IQ Appliance by opening a new browser window.

    1. To access the File IQ Appliance, enter the address in this form: https://<IP address>, where <IP address> is the IP address from step 3 immediately above this step.

    2. The File IQ Appliance user interface appears.

    Note: The File IQ user interface is not explicitly titled, as it uses the same UI and screens as the Edge Appliance (Filer).

  5. Enter the Hostname you defined in the File IQ Hostname. This was defined in the 1. Before you Begin section above.

  6. Complete the remainder of the System Settings defined in the File IQ Network Details as part of the 1. Before you Begin section above.

  7. Click Continue. The Review the Network Settings pane appears.

  8. If all fields are correct, click Continue. The next pane confirms if the File IQ Appliance is Configuring Network Settings. If the File IQ Appliance does not automatically reconnect, try refreshing the page and checking if the File IQ Appliance’s IP address has changed. If so, update in the browser address bar.

  9. The Nasuni Filer Software Update pane appears. Click Continue.

  10. Enter the File IQ Serial Number and Authorization Code obtained under the “File IQ Serial Number and Authorization Code” as part of the 1. Before you Begin section above.

  11. Click Continue. The Add a New Nasuni Filer to your account pane appears.

    Note: If you get an Internal Server Error during this step, it is because you have used a NEA Serial Number instead of an File IQ Serial Number. Nasuni recommends double-checking your Serial Number and trying again. See the 1. Before you Begin section for the correct location to the File IQ Serial Number and Authorization Code values.

  12. Enter “Install New Filer into the Confirmation textbox.

  13. Click Continue. The Accept the Terms of Service and License Agreement pane appears.

  14. Accept the Terms of Service and click Continue. The Enter or accept Filer Name pane appears.

  15. Click Continue. The Nasuni Management Console Detected pane appears.

  16. Enable the Join NMC Management checkbox and click Continue. The Enter a username and password for Administration of this Filer pane appears.

  17. Enter your NMC local account Username and Password, and then Confirm Password. These were obtained in the File IQ Username and Password section of the 1. Before you Begin section above.

  18. Click Continue, the First Boot Wizard is complete, and the File IQ Appliance Management window appears.

    Tip: After the First Boot Wizard finishes and the main user interface (UI) is displayed, you might receive a notification advising that Nasuni suggests keeping the cache size of the File IQ appliance no larger than four times the size of the snapshot space. Disregard this warning, as all volumes are shared in read-only mode with the File IQ appliance.

3.1 Joining the File IQ Appliance to Active Directory

If the volumes you want to scan are protected by Active Directory, you must join your File IQ Appliance to the Active Directory domains to secure these volumes.

Note: The configuration of Active Directory can vary based on different factors, and your specific configuration might require additional settings that are not mentioned in this section. If you encounter any issues while connecting to Active Directory, reach out to your Nasuni Account Manager for assistance.

Follow this procedure to join Active Directory:

  1. Open a Web Browser and access the File IQ Appliance. Enter the address in this form: https://<IP address>, where <IP address> is the IP address from step 3 in the previous section. The File IQ Appliance user interface appears.

  2. Ensure that the hostname of your File IQ Appliance is shorter than 16 characters:

    1. From the Configuration menu, select Network Configuration under the Networking section.

    2. Verify that the hostname in Hostname or FQDN is 15 characters or less.

    3. If required, shorten the hostname and click Save Network Configuration.

    4. Enter your Nasuni admin account details, confirm, and wait for the File IQ Appliance to apply the new settings.

  3. Unless your Active Directory is registered publicly, you must change the File IQ’s DNS server to your Active Directory Primary Domain Controller (PDC).

    1. From the Configuration menu, select Network Configuration under the Networking section.

    2. In Settings Source, under System Settings, select DHCP with Custom DNS.

    3. Leave the Search Domain empty.

    4. Set the Primary DNS server to your Active Directory PDC’s IP address.

    5. Click Save Network Configuration. You must enter your Nasuni admin account details, confirm, and wait for the appliance to apply the new settings.

  4. Join the File IQ Appliance to Active Directory by following these steps:

    1. From the Configuration menu, select Directory Services under the CIFS & Directory Services section.

    2. Enter the fully qualified Active Directory domain name in the Domain entry field.

    3. Unless instructed by your Nasuni Account Manager, do not change any other fields.

    4. Click Continue. The Confirm/Authenticate Directory Service dialog box appears.

    5. In the Confirm/Authenticate Directory Service dialog box, enter your Active Directory administrator username and password and click Submit.

    6. Wait until the joining process is complete and the Volume Selection page is displayed.

    7. Select all volumes you wish to access from the File IQ appliance and click Continue.

    8. Wait until the volume configuration is complete and the Domain Configuration page is displayed.

    9. Enable all the trusted domains you wish to monitor users from and click Continue.

    10. Wait until the trusted domain configuration is complete and the “Complete the Configuration” page is displayed.

    11. Click Finish to finish the Active Directory configuration.

    12. Wait until the configuration completes.

    13. The display then returns to the Directory Services page and displays Active Directory domain information.

You have successfully joined Active Directory.

4. Add the File IQDB Disk to the File IQ Appliance

Before enabling the File IQ Appliance, add another disk for the File IQ Database, by following this procedure:

  1. Log in to the Nasuni Management Console associated with the File IQ Appliance.

  2. Click Filers.

  3. Click Shutdown & Reboot. The Shutdown and Reboot pane appears.

  4. For the File IQ Appliance, click the associated Shutdown/Reboot action.

  5. The Initiate Shutdown/Reboot of File IQ Appliance pane appears.

  6. Enter ‘Change Filer Power State’ into the Confirmation Phrase textbox.

  7. Select Shut down immediately. Click Shutdown.

  8. The Shutdown and Reboot pane appears. Wait until the Status column for the File IQ Appliance changes to a checkmark before proceeding; at that point, the File IQ Appliance is shut down.

  9. Log in to the Azure portal: portal.azure.com.

  10. Click Home, followed by Virtual machines. (If this does not appear in the list located at the top, click More Services or All Services to view more services.) The Virtual machines pane appears.

  11. Click the File IQ Appliance virtual machine in the list. The virtual machine pane opens.

  12. Click Stop to stop the virtual machine. The Stop this virtual machine dialog box appears. Click Yes. The virtual machine stops.

  13. From the Settings section on the left navigation, click Disks. The Disks pane appears.

  14. Click Create and attach a new disk. A new disk entry appears for inline editing of the Data disks table.

  15. Enter a Name for the disk with a suffix of ‘_fiqdb’. The name must begin with a letter or a number; end with a letter, a number, or an underscore; and contain only letters, numbers, underscores, periods, or hyphens.

  16. From the Storage type dropdown, select Premium SSD or Premium SSD v2, if available.

  17. Enter the Size (GiB) that matches the outputs of the File IQ DB Disk Size from the Sizing Tool Outputs section in the 1. Before you Begin section above.

  18. Enter the Max IOPS that matches the outputs of the File IQ DB Disk Size from the Sizing Tool Outputs section in the 1. Before you Begin section above.

  19. Enter the Max throughput (MB/s) that matches the outputs of the File IQ DB Disk Size from the Sizing Tool Outputs section in the 1. Before you Begin section above.

  20. Host caching can improve performance under some circumstances.

    Note: Host caching is not supported for disks 4 TiB (4096 GiB) and larger. For this reason, we recommend using 4095 GiB if the File IQ Sizing Tool recommends 4 TiB or 4096 GiB.  For the recently created ‘_fiqdb’ disk, select the “Host caching from the following choices:

    • Read/Write: Use host caching for both read and write operations. Nasuni recommends enabling Read/Write host caching.

    • None: Do not use host caching.

    • Read Only: Use host caching only for read operations.

  21. Click Apply. The disk details are saved and applied to the Virtual Machine. Wait for the prompt for completion to display ‘Updated virtual machine’ in the top right corner of the page.

  22. From the top section on the left navigation, click Overview. On the top control bar, click Start.

The File IQ Appliance Virtual Machine starts.

5. Connect the Nasuni Volumes to the File IQ Appliance

Important: A maximum of 19 volumes can be connected to a single File IQ Appliance at a given time.

Note: You might see a "File IQ unhealthy" alert displayed prior to enabling the File IQ service in step 7. This alert is expected and resolves itself after a successful File IQ service enablement.

To share and connect a volume to the File IQ Appliance, follow this procedure:

  1. Log in to the Nasuni Management Console associated with the File IQ Appliance.

  2. Set up remote access for the Volume by following this procedure:

    1. Click Volumes.

    2. Click Remote Access. The Volume Remote Access Setting pane appears.

    3. Select the volumes that you want to share. These should match the Volumes in the Volumes List section in the 1. Before you Begin chapter above. Then click Edit Volumes. The Edit Volume Remote Access Settings dialog box appears.

    4. Ensure that the Enabled toggle is set to On.

    5. For Remote Access Permissions, ensure Custom is selected.

    6. For the File IQ Appliance entry in the Custom Remote Access Permissions section, select Read Only.
      Caution: Be sure to change ONLY the Remote Access entry for the File IQ appliance to Read Only. Be sure to leave the Remote Access entries for the other volumes as they were.

    7. Click Save Remote Access Settings. The Volume Remote Access Setting pane appears.

    8. Wait until the Status for each of the selected volumes changes to a checkmark before proceeding.

  3. Connect the Volumes to the File IQ Appliance by following these steps:

    1. Click Volumes.

    2. Click Connect Volume. The Remotely Accessible Volumes pane appears.

    3. Click Refresh Connections and wait for it to complete.

    4. For the volumes for which you set up remote access to the File IQ Appliance (step 2 above), click Edit Connections. The Connect/Disconnect Volume dialog box appears.

    5. In the Filers section, enable the File IQ Appliance checkbox.

    6. In the Storage Access section, select Skip creating storage access point.

    7. In the Inherit Setting section, untick the three inherit setting checkboxes.

    8. Click Save Connections. The dialog box closes and returns to the Remotely Accessible Volumes pane.

    9. Wait until the Status column for the Volume changes to a checkmark before proceeding.

  4. Disable Snapshot Schedule for the FILE IQ Appliance and Volumes pairs by following these steps:

    Note: If GFA manages the volume you are connecting to FILE IQ, follow these steps:

    1. Click Volumes Snapshot Schedule. The Volume Snapshot Schedule pane appears.

    2. Select the volumes that you configured remote access for in step 2.

    3. Click Edit Volumes. The Snapshot Schedule dialog box appears.

    4. Set the Enablement Window to On.

    5. Deselect all until all the Days turn from color to grey.

    6. Click Save Configuration. The changes are saved.

      Note: The changes might take up to 10 minutes to apply.

  5. Disable Sync Schedule for the File IQ Appliance and Volumes pairs by following these steps:

    Note: If GFA manages the volume you are connecting to File IQ, skip this step (disabling snap and sync schedules). GFA does not send snapshot or sync recommendations to File IQ for these volumes.

    1. Click Volumes.

    2. Click Sync Schedule. The Sync Schedule pane appears.

    3. Select a volume that you configured remote access for in step 2.

    4. Expand the volume's list to display the associated NEAs and File IQ Appliances.

    5. De-select each item that is not an File IQ Appliance.

    6. Click Edit Volumes. The Snapshot Schedule dialog box appears.

    7. Click Select/Deselect all until all of the Days turn from color to grey.

    8. Click Save Schedule.
      The changes are saved.
      The changes might take up to 10 minutes to apply.

    Note: Repeat steps 1-5 in this section for each Volume to be connected to File IQ.

6. Disabling Quality of Service (QoS) for the File IQ Appliance

To disable the Quality of Service (QoS) for the File IQ Appliance, follow these steps:

  1. Log in to the Nasuni Management Console associated with the File IQ Appliance.

  2. Click Filers.

  3. Click Quality of Service. The Filer Quality of Service pane appears.

  4. Select the File IQ Appliance entry in the table and click Edit Filers. The Quality of Service Settings dialog box appears.

  5. For all existing Quality of Service rules, click the Delete action button.

  6. Click Save Rules. The dialog box closes and returns to the Filer Quality of Service pane.

7.Enabling the File IQ and Configuring File IQ Service

By default, your File IQ service is turned off on the File IQ Appliance. Additionally, the File IQ Service on the NEA is off and is not configured to use any File IQ Appliance.

This section outlines how to enable your File IQ service on the File IQ Appliance and then configure one or more NEAs to send activity information to the File IQ Appliance.

The Nasuni Orchestration Center (NOC) User Interface is used to enable File IQ on the File IQ Appliance and the NEA.

Use this section to perform the following:

  1. Enable the File IQ on the new File IQ Appliance.

  2. Enable File IQ Service and Assign the File IQ Appliance for the NEA.

Before getting started, ensure that the following items from the 1. Before You Begin section are complete for this specific area:

  • NOC Login

  • NMC Login

  • NEAs List

Note: Before proceeding, confirm that the NMC, File IQ Appliance, and NEAs are all started and running.

a. Enabling the File IQ on the New File IQ Appliance

To enable the File IQ Appliance from the NOC UI, follow these steps:

  1. Log in to https://account.nasuni.com

  2. Click the File IQ Config tab. The File IQ pane appears.

  3. In the Configuration section, select the Disabled toggle for the new File IQ Appliance. The toggle becomes enabled, and the label changes to Enabled.

  4. Click Save.

The configuration change is stored.

b. Enabling File IQ Service and Assigning the File IQ Appliance for the NEA

Important: The Nasuni Edge Appliance(s) that are used for data migration or third-party integration purposes should not be enabled to send events to File IQ Appliance(s).

In this section, enable the File IQ Service for each of the NEAs that you have chosen to report activity to the File IQ Appliance. You should have defined each NEA as part of the NEAs List entry in the 1. Before you Begin section above.

To enable the File IQ Service and assign the File IQ Appliance for each of these Nasuni Edge Appliances, follow these steps:

  1. Log in to https://account.nasuni.com.

  2. Click the File IQ Config tab. The File IQ pane appears.

  3. In the Enable File IQ Service on appliances section, click the Disabled toggle for the specific NEAs. The toggle becomes enabled, and its label changes to Enabled.

  4. For the same NEAs, from the Assign File IQs to NEAs dropdown menu, select the new File IQ Appliance.
    The dropdown shows the new File IQ Appliance as assigned to the NEAs.

  5. Click Save.

The configuration change is stored.

c. Forcing the Configuration to be Applied on File IQ Appliance and NEAs

After the configuration is saved, it can take up to 1 hour for the configuration to become active on the File IQ Appliance and NEAs. Instead, you can force the configuration to immediately refresh using the Refresh License feature in the NMC so that you can move on to 8. Accessing the File IQ Dashboard immediately.

To force the configuration to become active, follow these steps:

  1. Log in to the Nasuni Management Console associated with your account.

  2. Click Filers.

  3. Click Refresh License. The Refresh Subscription License pane appears.

  4. Select the same File IQ Appliance and NEAs that you used in steps a. and b. above, and click Update Filers. The Refresh Subscription License dialog box appears.

  5. Click Refresh License. The dialog box closes, and you return to the Refresh Subscription License pane. Wait until the Status column for the values you selected in step 4 has changed to a checkmark before proceeding.

Important: The initial scanning of your volume files begins immediately. This process can take a while, depending on the number of files and directories that must be scanned initially. It can take on the order of 1 hour per million files and directories for this first scan.
Subsequent scans occur every 24 hours after the initial scan. Subsequent scans are much faster, because they only deal with changes to the existing files.

8.Accessing the File IQ Dashboards

The results of scanning the selected volumes appear in numerical and graphical form on the File IQ Dashboards. For details about File IQ Dashboards, see File IQ Dashboards.

The File IQ Dashboards contain all the information for NEA activity and volume metadata that the File IQ Appliance receives and produces. To access the File IQ Dashboards, follow this procedure:

  1. Open a new browser window.

  2. Enter the address in this form:
    https://<File IQ Appliance IP address>:3000

    where <File IQ Appliance IP address> is the IP address of the File IQ Appliance, assigned in 3. Running the File IQ Appliance First Boot Wizard. The File IQ Dashboard user interface appears.

  3. In the Email or username field, enter “Viewer”.

    Caution: Do not rename the Grafana viewer account. The Initialization program expects the viewer account to be present. If the viewer account is not present, the Initialization of the viewer account recreates the viewer account with the default password.

  4. In the Password field, enter “nasuni_IQ_2024!”.

    Note: Nasuni highly recommends updating the default password for the Grafana viewer account during the first usage.

  5. Click Log in. The system logs you into the File IQ Dashboard, and the Home page appears.

  6. It is important to change the default password. To change the password, follow this procedure:

    1. Click the avatar icon at the top right of the File IQ Dashboard. A context menu is displayed.

    2. In the context menu, click Change password. The Change Password pane appears.

    3. In the Old Password textbox, enter the original default password “nasuni_IQ_2024!”.

    4. Enter the new password into the New password and Confirm password text boxes. Click Change Password.
      The password is saved, and a dialog appears in the top right corner with the text User password changed.

    5. Click Home in the top left corner to return to the Home page.

Appendix A: Firewall Configuration

The File IQ Appliance and Nasuni Edge Appliance both require access to the Microsoft Azure Event Hub API. For configuration instructions, see Firewall and Port Requirements.

Appendix B: Deletion Security

The Microsoft Azure cloud storage platform offers several safeguards to prevent or mitigate unwanted deletion. You might choose to employ some or all these safeguards. For more information, see Security Recommendations for Blob storage.

Storage Redundancy

Carefully consider the best redundancy options for your data and your organization. Considerations might include legally mandated locations for data, as well as geographic proximity to other resources.

Toward this end, Microsoft offers locally redundant storage (LRS), zone-redundant storage (ZRS), geo-redundant storage (GRS), and geo-zone-redundant storage (preview) (GZRS). For details, see Azure Storage redundancy.

Locking Resources

Lock a subscription, a resource group, or a resource to prevent other users in your organization from accidentally deleting or modifying critical resources. You can set the lock level to CanNotDelete or ReadOnly.

  • CanNotDelete: Authorized users can still read and modify a resource, but they cannot delete the resource.
    In the portal, this lock is called Delete.

  • ReadOnly: Authorized users can read a resource, but they cannot modify or delete. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.
    In the portal, this lock is called Read-only.

A resource inherits any lock from its parent.

To create or delete management locks, you must have access to Microsoft.Authorization/* or Microsoft.Authorization/locks/* actions. Of the built-in roles, only the Owner role and the User Access Administrator role are granted those actions.

For more information, see Lock resources to prevent unexpected changes.

Attaching to a VM

Azure prevents the deletion of a disk that is attached to a VM. It also prevents the deletion of containers and storage accounts with a page blob attached to a VM.

In addition, leased blobs cannot be deleted without breaking the lease first. Leased blobs that are not attached to a VM prevent deletion of the blob but do not prevent deletion of the container or storage account.

These features protect disks, containers, storage accounts, and blobs from unwanted deletion.

For more information, see Troubleshoot storage resource deletion errors.

“Soft Delete” Helps Recover Deleted Data

Soft delete enables you to recover your data when blobs or blob snapshots are deleted. This protection extends to blob data that is erased due to an overwrite.

When data is deleted, it transitions to a soft deleted state instead of being permanently erased.

When soft delete is on, and you overwrite data, a soft deleted snapshot is generated to save the state of the overwritten data.

You can configure the amount of time soft deleted data is recoverable before it is permanently expired.

Soft delete is off by default. Nasuni recommends enabling soft delete with a retention period of 30 days.

Soft delete does not save your data in cases of container or account deletes.

For more information, see Soft delete for blobs.

Appendix C: Installing File IQ using the Azure Virtual Hard Disk

The File IQ Appliance can be deployed from a Virtual Hard Disk (VHD) file downloaded from the Nasuni Orchestration Center (NOC). This is an alternative to using the Azure Marketplace option. There are two steps to installing the File IQ Appliance from the VHD file:

  1. Create an image from the Azure Virtual Hard Disk file.

  2. Installing the File IQ Appliance using an image.

Important: These steps assume that you have uploaded the File IQ Azure VHD file to a Storage Account Blob container in Azure before starting the process. The Storage Account Blob container must be in the same region where you want to create the File IQ Virtual Machine.

Creating an image from the Azure Virtual Hard Disk file

To install the VHD file on Azure as a Virtual Machine, Nasuni recommends creating an image from the VHD file so that the image acts as a template and can be deployed multiple times.

To create an image of the installation software, follow this procedure:

  1. Log in to the Azure portal: portal.azure.com.

  2. Click Home, then click Images. (If Images do not appear in the list located at the top, click More Services or All Services to view more services). The Images pane appears.

  3. Click + Create. The Create image pane appears.

  4. From the Subscription dropdown list, select your subscription.

  5. To select an existing Resource Group, click Select existing and then select an existing Resource Group from the list.
    Alternatively, create a new Resource Group by clicking Create new, entering a Name for the new Resource Group, and clicking OK.

  6. Enter a Name for this image. The name must begin with a letter or a number; end with a letter, a number, or an underscore; and contain only letters, numbers, underscores, periods, or hyphens.

  7. From the Region dropdown list, select the region where you deployed the File IQ Azure VHD.

  8. (Optional) Specify Zone resiliency.

  9. For the OS type, select Linux.

  10. For the VM generation, select the VM Generation as follows:

    1. For legacy BIOS-based instance types, select Gen 1.

    2. For UEFI-based instance types (most recent instance types), select Gen 2.

    Note: Azure generations are described here.

    Note: The File IQ sizing tool suggests all virtual machine sizes as generation 2, but Nasuni supports both Microsoft Azure generation 1 (BIOS) virtual machines and Microsoft Azure generation 2 (UEFI) virtual machines.

  11. For Storage blob, click Browse. Navigate to the Storage Account Blob container that contains the VHD file, and click Select. The path to the uploaded VHD file appears in the Storage blob field.

  12. From the Account type dropdown list, select Premium SSD, or the option most appropriate for your performance requirements.

  13. From the Host caching dropdown list, select Read/write.

  14. Click Review + create, followed by Create. The image creation process begins.

  15. When the image creation is completed, the status displays Your deployment is complete. Click Go to resource to go back to the Images page.

  16. The image appears in the list of images. If the image does not appear in the list, refresh the page.

Installing the File IQ Appliance using an image

After creating the image from the VHD file, use the created image to deploy the File IQ Virtual Machine.

To create the virtual machine, follow this procedure:

  1. Log in to the Azure portal: portal.azure.com

  2. Click Home, then click Images. (If Images does not appear in the list located at the top, click More Services or All Services to view more services.)
    The Images pane appears.

  3. From the list of images, click the image created as part of the previous section, which opens the Image pane.

  4. Click + Create VM. The Create virtual machine pane appears.

  5. Follow the section 2. Installing File IQ using the Azure Marketplace, starting at step 6 on page 14.

    1. In the Basics step of the Create a virtual machine wizard, there is a License Type dropdown field. Select the value Other from the options.

Appendix D: Controlling the Microsoft Azure VM

Virtual platforms allow you to control various aspects of your File IQ Appliance. This chapter presents procedures for these control functions. Because these controls depend on third-party virtual platforms, follow the procedures for your specific virtual platform.

Note: The vendor changes their interfaces occasionally with little notice to the users. The exact screens and text on these platforms might change at any time.

Starting the Microsoft Azure VM

Start a stopped Microsoft Azure VM of the File IQ Appliance on the virtual platform.

To start a stopped Microsoft Azure VM, follow these steps:

  1. Navigate to the Microsoft Azure dashboard and click Virtual Machines in the left-hand column.
    A list of virtual machines appears.

  2. Select the virtual machine.

  3. Navigate to the top of the screen and click Start. The state changes to Starting, followed by Running, and the virtual machine starts.

Status of the Microsoft Azure VM

You can view the status of the Microsoft Azure VM of the File IQ Appliance on the virtual platform.

To view the status of the Microsoft Azure VM of the File IQ Appliance, follow these steps:

  1. Navigate to the Microsoft Azure dashboard and click Virtual Machines, located in the left column.

  2. Select the virtual machine from the list.
    The virtual machine page appears.

  3. Click Monitoring.
    Information appears, including graphs of activity, status, DNS name, public virtual IP address, and details about the disks.

Shutting down the Microsoft Azure VM

The Microsoft Azure VM of the File IQ Appliance can be shut down from the virtual platform.

Note: You can also shut down the File IQ Appliance using the Shutdown or Power button available on every page. If you shut down the virtual machine this way, it is not deprovisioned in Azure, and the virtual machine still incurs costs as if it were running.

To shut down the Microsoft Azure VM, follow these steps:

  1. Log in to the Nasuni Management Console associated with the File IQ Appliance.

  2. Click the Filers menu item.

  3. Click Shutdown & Reboot. The Shutdown and Reboot pane appears.

  4. For the File IQ Appliance, click the associated Shutdown/Reboot action.

  5. The Initiate Shutdown/Reboot of File IQ Appliance pane appears.

  6. Enter ‘Change Filer Power State’ into the Confirmation Phrase textbox.

  7. Select the Option to Shut down immediately. Click Shutdown.

  8. The Shutdown and Reboot pane appears. Wait until the Status column for the File IQ Appliance changes to a checkmark before proceeding; at that point, the File IQ Appliance is shut down.

  9. Navigate to the Microsoft Azure dashboard and click Virtual Machines in the left-hand column. A list of virtual machines appears.

  10. Select the virtual machine.

  11. Navigate to the top of the screen and click Stop. The state changes to Stopping, then to Stopped. The virtual machine shuts down.

Appendix E: Uninstalling the Microsoft Azure VM

This section describes uninstalling the File IQ Appliance from the Microsoft Azure platform.

Note: The vendor changes their interfaces occasionally with little notice to the users. The exact screens and text on these platforms might change at any time.

To uninstall the File IQ Appliance on the Microsoft Azure platform, follow these steps:

  1. Navigate to the Microsoft Azure dashboard page and click Virtual Machines in the left-hand column.
    A list of virtual machines appears.

  2. Select the virtual machine.

  3. Navigate to the top of the screen and select Delete.

    Caution: Deleting a File IQ Appliance deletes the Microsoft Azure VM and all data. Any data not preserved via a snapshot is permanently lost.

  4. A dialog box appears, confirming whether you are sure you want to delete the virtual machine.

  5. Click Delete.

Deleting the virtual machine might not delete the data disks associated with it.

To delete the data disks, follow these steps:

  1. Navigate to the Home page and click Disks.

  2. A list of disks appears. File IQ disks are ones where the suffix ends in ‘_fiqdb’. Select the disk to delete from the list. The Attached To entry should be blank.

  3. Click the name of the disk that you want to delete.

  4. Navigate to the top of the page and click Delete.

  5. Two menu choices display. Select Delete the associated VHD.

  6. A dialog box appears, confirming if you want to delete the disk. Click Yes.

  7. To delete additional data disks, repeat steps 2-6.

Related articles