This topic describes how to create a file gateway and configure a share in the Cloud Storage Gateway (CSG) console.

Prerequisites

  1. You have registered an Alibaba Cloud account and passed real-name verification. For more information, see Sign up with Alibaba Cloud.
    Note We recommend that you log on to the CSG console as a RAM user. For more information, see Use RAM to implement account-based access control.
  2. You have activated CSG.

    If this is your first time logging on to the , follow the instructions on the page to activate CSG.

  3. A Virtual Private Cloud (VPC) network is available in the region where you want to create a file gateway on Alibaba Cloud. For more information, see Create an IPv4 VPC.
  4. An Elastic Compute Service (ECS) instance is available in the region where you want to create a file gateway on Alibaba Cloud. The ECS instance runs in the VPC network that you have created. For more information, see Create an ECS instance.
    Note If your local host is connected to an Alibaba Cloud VPC network through a leased line, you can also manage the file gateway on your local host.
  5. You have created an Object Storage Service (OSS) bucket. For more information, see Create buckets.
    Note
    • CSG supports Standard, IA, and Archive OSS buckets.
    • If you do not enable the archive feature when you create a share, you must restore archived files before you can read them.

Step 1: Create a file gateway

  1. Log on to the CSG console.
  2. Select the region where you want to create a file gateway.
  3. On the Gateway Clusters page, select the target gateway cluster, and then click Create.
    If you have not created a gateway cluster, click Create Gateway Cluster on the Overview page to create a gateway cluster.
  4. In the Create Gateway dialog box that appears, set the following parameters and click Next.
    Parameter Description
    Name Specify a name for the gateway.
    Location Specify the location where you want to deploy the gateway. You can select On-premises or Alibaba Cloud.
    • On-premises: The file gateway is deployed in your on-premises data center. You can use either the CSG console or the local file gateway console (a web console) to deploy a file gateway in an on-premises data center.
    • Alibaba Cloud: The file gateway is deployed on Alibaba Cloud. You can use only the CSG console to deploy a file gateway on Alibaba Cloud.
    Type Specify the type of the gateway that you want to create. In this example, select File Gateway.
  5. Click Next to go to the Configure Gateway tab. Set the following parameters and click Next.

    If you have set Location to Alibaba Cloud, you must set the following gateway parameters.

    Parameter Description
    Model Specify the model of the gateway that you want to create. Supported models include Basic, Standard, Enhanced, and Advanced. For more information, see Specifications.
    VPC Specify the VPC network where you want to deploy the gateway.
    Note The gateway and the ECS instance or the local host must be deployed in the same VPC network.
    VSwitch Specify the VSwitch that connects to the gateway.
    Note
    • The gateway and the ECS instance or local host must connect to the same VSwitch.
    • If no gateway is available in the zone where the VSwitch is deployed, create a VSwitch in another zone.
  6. Click Next to go to the Paid Information tab. Set the following parameters and click Next.
    Parameter Description
    Billing Method Supported billing methods include Pay-as-you-go and Subscription. For more information, see Pricing.

    If you select Subscription, after you create the file gateway, you are redirected to the buy page of CSG to settle the payment. For more information, see Purchase Cloud Storage Gateway.

    After Expiration Specify how the the gateway is processed after it expires. You can select Pay-as-you-go or Release After Expiration.
  7. Click Next to go to the Summary tab. Make sure that the specified information is correct, and then click OK.
    • If you choose to deploy the gateway on Alibaba Cloud, the gateway is automatically deployed upon creation. It takes about 5 to 10 minutes to deploy the gateway. If the status of the gateway changes to Running, it indicates that the gateway has been activated and deployed.
    • If you choose to deploy the gateway in an on-premises data center, click Activate Gateway in the Actions column to activate the gateway after it is created. For more information, see Activate the gateway.

Step 2: Add a cache disk

Note This section describes how to add a cache disk to a file gateway deployed on Alibaba Cloud. To add a cache disk to a local file gateway, you must use the platform where the local gateway is deployed. For more information, see Add disks.
  1. Log on to the CSG console.
  2. Select the region where the file gateway is located.
  3. On the Gateway Clusters page, find and click the target file gateway.
  4. Click the Cache tab, and click Create Cache.
  5. In the Add Cache dialog box that appears, set the following parameters:
    • Size: Specify the size of the cache disk that you want to create. Valid values: 40 GB to 32 TB.
    • Type: Select the type of the cache disk that you want to create. Valid values: Ultra Disk and SSD.
  6. Click OK.
    For a subscription-based file gateway, after you create a cache disk, you are redirected to the Cloud Storage Gateway Cache Disk (Subscription) page to settle the payment. For more information, see Purchase a cache disk.

Step 3: Create a share

  1. Log on to the CSG console.
  2. Select the region where the target file gateway is deployed.
  3. On the Gateway Clusters page, find and click the target file gateway.
  4. Click the Share tab, and then click Create.
  5. On the Bucket Setting tab, set the following parameters and click Next.
    Parameter Description
    Cross-Region Binding
    • Yes: You can access OSS buckets that are not deployed in the same region as the gateway.
    • No: You can only access OSS buckets that are deployed in the same region as the gateway.
    Bucket Endpoint Select the endpoint of the target bucket.
    Bucket Name You can select an existing bucket from the drop-down list, or enter a subdirectory of the target bucket in the Path Prefix field.

    The Path Prefix field supports only letters and digits.

    Note
    • Beginning with version 1.0.38, you can map the root directory of a file system to a subdirectory of a bucket to allow separate file access between users.
    • You can specify an existing subdirectory or a subdirectory that does not exist in the bucket. After you create the share, the specified subdirectory works as the root directory, and stores all related files and directories.
    Encryption You can select No Encryption or Server Side Encryption.

    If you select Server Side Encryption, you must also set the CMK ID parameter. You can log on to the KMS console and create a key. For more information, see Create a CMK.

    After you enable OSS server-side encryption, you can provide your own key. The system supports keys imported from Key Management Service (KMS).

    After OSS server-side encryption is enabled, the system automatically uses the imported key to encrypt files uploaded to OSS through the shared directory. You can call the GetObject operation to check whether the specified file has been encrypted. In the response header, if the x-oss-server-side-encryption field value is KMS and the x-oss-server-side-encryption-key-id field value is the key ID, it indicates that the file has been encrypted.

    Note
    • This feature is available to selected users only.
    • When you create a key in the KMS console, you must select the same region as the target OSS bucket.
    Connect to Bucket Using SSL If you select Yes, you can connect to the OSS bucket over SSL.
  6. Click Next to go to the Basic Information tab. Set the following parameters and click Next.
    Parameter Description
    File Shares Name Specify a name for the NFS or SMB share. If you set the Protocol parameter to NFS, the share name also specifies the virtual path of Network File System version 4 (NFSv4).

    The name must be 1 to 32 characters in length and can contain letters and digits. It cannot start with a digit.

    Note Versions earlier than 1.0.35 do not allow you to mount shares to local directories over NFSv3. You must run the showmount -e <IP address of the target gateway> command to obtain the path for mounting the share to the local directory.
    Protocol Select the protocol that is used to connect to OSS buckets. You can select NFS or SMB.
    • The NFS protocol is applicable when you connect to Linux-based OSS resources.
    • The SMB protocol is applicable when you connect to Windows-based OSS resources.
    Cache Select an existing cache disk.
    Note For a cache disk smaller than 5 TB, 20% of the space is used to store metadata. For a cache disk of 5 TB or larger, 1 TB of the space is used to store metadata. For example, if you create a cache disk of 40 GB, the actual available cache space is 32 GB. If you create a cache disk of 20 TB, the actual available cache space is 19 TB.
    User Mapping

    Maps an NFS client user to an NFS server user. This parameter is required only when you set the Protocol parameter to NFS.

    • none: NFS client users are not mapped to "nobody" on the NFS server.
    • root_squash: restricts root user permissions. NFS clients using the root identity are mapped to "nobody" on the NFS server.
    • all_squash: restricts all user permissions. No matter what identity an NFS client uses, it is always mapped to "nobody" on the NFS server.
    • all_anonymous: restricts all user permissions. No matter what identity an NFS client uses, it is always mapped to "anonymous" on the NFS server.
    Support Archive You can enable this feature only if you set Protocol to NFS and User Mapping to none.
    • If you select Yes, archiving is enabled. Reading an archived file initiates a request to restore the file. The request will not trigger any error message, but will increase the latency to read the file.
    • If you select No, archiving is disabled. Reading an archived file initiates a request to restore the file. You must restore the archived file first. Otherwise, an error message appears.
    Note File gateways of the Basic model do not support the Archive feature.
    Browsable Specify whether the share can be discovered by Network Neighborhood.
    Windows ACL The Windows access control list. For more information, see Enable Windows access-based enumeration.
    Join Sync Group If you enable the express sync feature for the share and add it to a sync group, any changes made to the data stored in the associated OSS bucket will be synchronized to the local client of the share. After you select the Join Sync Group check box, the Remote Sync check box is cleared automatically.
    Note
    • To enable this feature, create a sync group first. Make sure that the sync group and the share use the same OSS bucket. For more information about creating a sync group, see Express synchronization.
    • Currently, only standard, enhanced, and advanced gateways support the express synchronization feature.
    • The express sync feature must work with Alibaba Cloud Message Service. After you add a share to a sync group, service fees of Message Service are incurred. For more information, see the background information in Express synchronization.
    Advanced Settings After you select Advanced Settings, the Advanced Settings tab appears.
  7. On the Advanced Settings tab, set the following parameters, and then click Next.
    Parameter Description
    Mode
    • Replication Mode: In this mode, two backups of all data are created. One is stored in the local cache disk and the other is stored in the associated OSS bucket.
    • Cache Mode: In this mode, the backup stored in the local cache disk only contains metadata and frequently accessed user data. The backup stored in the OSS bucket contains all data.
    Transfer Acceleration This feature accelerates the data transfer rate across regions by using the Internet bandwidth of the gateway. Before you use this feature, make sure that the associated OSS bucket already has this feature enabled.
    Optimize Fragments Specify whether to optimize the performance for applications that frequently and randomly read and write small amounts of data. You can enable this feature based on your needs.
    Direct IO Data is directly read from and written to the cache disk.
    Optimize Upload This feature releases the cache in real time. You can enable this feature if you synchronize only backups to the cloud.
    Enable Remote Sync Specify whether to synchronize metadata stored in the OSS bucket to the local cache disk. This feature is suitable for use in disaster recovery, data restoration, and data sharing scenarios.
    Note
    • During remote synchronization, the system scans all objects in the bucket. If the number of objects is large, fees are incurred for calling the OSS API. For more information, see Pricing of OSS.
    • If you have selected the Join Sync Group check box on the Basic Information tab, this option is unavailable.
    Remote Sync Time Interval If you set Enable Remote Sync to Yes, you need to set the Remote Sync Time Interval parameter. Valid values: 15 to 36000. Default value: 36000. Unit: seconds.
    Note If the bucket contains a large number of objects, we recommend that you set the interval to longer than 3,600 seconds. Otherwise, repeated scans frequently call the OSS API, incurring a large amount of fees.
    Ignore Delete During the data synchronization process, the OSS bucket ignores all data deletion operations. The backup stored in the OSS bucket contains all data.
    Sync Delay You can specify a period of time to delay the upload of files that you have modified and closed. The Sync Delay feature avoids OSS file fragmentation caused by frequent local modifications. The default value is 5 seconds and the maximum is 120 seconds.
    Replication Mode Advanced Settings If you set Cache Mode to Replication Mode, you can select the Replication Mode Advanced Settings check box. The Replication Mode Advanced tab appears.
  8. On the Replication Mode Advanced tab, set the following parameters, and then click Next.
    Parameter Description
    Configure Replication Directories This parameter specifies the files on which replication mode is applied.
    • If you do not select this check box, replication mode is applied to all data in the share.
    • After you select the check box, click Add Directory to add directories. Replication mode is applied to the specified directories, and the rest of the data adopts the cache mode.
    Note
    • If you change the mode of a directory from cache to replication, files under the directory can be synchronized only if the data replication feature is also enabled. We recommend that you enable data replication.
    • You can specify relative directories under the shared root directory. For example, if the target directory is /mnt/myshare/mydir/, and the mount point is /mnt/myshare, you can enter /mydir/.
    Data Replication By default, the remote sync and the express sync features synchronize the metadata between the OSS bucket and the local cache. The data replication feature allows you to replicate files to the local client. After you enable Remote Sync or Express synchronization, you can select Yes to enable Data Replication in replication mode.
    Note
    • Data replication in replication mode requires the capacity of the cache disk to be 1.1 times larger than the file size to be replicated. Specify the cache capacity properly based on the expected growth of the bucket usage.
    • If this is your first time enabling data replication, a full scan is triggered. This process may reduce the performance of the gateway. Enable data replication during off-peak hours and wait for the system to replicate all the data.
    • Data replication allows only a single user to write data to the bucket and multiple users to read data from the bucket simultaneously. If multiple users access the bucket at the same time (whether through the gateway or direct access to the OSS bucket), only a single user is allowed to upload files to the bucket, and other users can only download data. Data loss may occur if multiple users write data to while multiple users read data from the bucket at the same time. Proceed with caution.
    Download Limit After you enable Data Replication in replication mode, set this parameter. The download speed must not be lower than 0 MB/s and not be higher than 1,280 MB/s. If you set this parameter to 0 MB/s, it indicates that the download speed is not limited.
    Remote Sync Time Interval After you enable Data Replication in replication mode, set this parameter. Valid values: 3600 to 36000. Default value: 36000. Unit: seconds.
    Note
    • If the bucket contains a large number of objects, we recommend that you set the interval to longer than 3,600 seconds. Otherwise, repeated scans may frequently call the OSS API, incurring a large amount of fees.
    • Remote sync is triggered only when the shared directory is accessed. To make sure that existing and incremental data in the shared directory can be synchronized to the local client when no user accesses the directory, we recommend that you enable express sync. For more information, see Express synchronization.
  9. Click Next to go to the Summary tab, make sure that the specified information is correct, and then click OK.
  10. After you create the share, you can access the share from a client. For more information, see Access NFS shares.