Before you run Cloud Storage Gateway (CSG) instances, read the following instructions carefully.

File gateways

  • We recommend that you do not frequently interrupt the upload of large files to Network File System (NFS) or Server Message Block (SMB) shares. The system uploads files by using multipart uploads. If you interrupt the upload of large files, the associated Object Storage Service (OSS) bucket generates file fragments. These fragments account for the capacity of the OSS bucket. Therefore, the storage usage of the OSS bucket is slightly larger than the total file size. You can use the automatic fragment deletion policy supported by OSS to manage file fragments. For more information, see Manage parts.
  • The cache capacity of a share is calculated as follows: Recommended local cache capacity = [Application bandwidth (MB/s) - Backend bandwidth of the gateway (MB/s)] × Write duration (seconds) × 1.2.

    To require an excellent I/O throughput when you use a local cache disk, you can estimate the total amount of hot data. Compare the total amount of hot data with the recommended local cache capacity, and select the larger value as the capacity of the local cache disk.

  • To write large files through a file gateway, the size of each file must be smaller than 30% of the cache disk capacity. You cannot write multiple large files at the same time. Otherwise, the cache disk space will be exhausted.
  • File gateway version 1.0.37 and earlier support the file size of 1.2 TB or smaller. Files larger than 1.2 TB cannot be uploaded to OSS. File gateway version 1.0.38 and later support the file size of 30 TB or smaller. When you upload a file larger than 2 TB, we recommend that the Internet bandwidth be 500 MB/s or higher, or that you connect to Alibaba Cloud through a leased line. Otherwise, upload timeouts may occur.
  • File gateways support sparse files. If you fail to upload a sparse file to a file gateway, run the following command to convert the format of the sparse file:
    dd if=<sparse file name> of=<sparse file name> conv=notrunc bs=1M

    The size of the sparse file cannot exceed the available capacity of the cache disk.

  • Names of file gateways and directories must be encoded in UTF-8. Currently, file gateways only support file and directory names that are encoded in UTF-8. Other formats are not supported. For example, if you mount an NFS share of a file gateway to a Windows client, the system fails to create most of the files and directories that have a Chinese name. A 0x8007045D error is reported.
  • If single files exceed 256 MB in a file gateway, we recommend that you disable versioning for the associated OSS bucket. Otherwise, timeouts may occur when the gateway uploads metadata to the associated bucket and the performance of the gateway may be reduced.

File gateways deployed on Alibaba Cloud

  • The CSG console adopts the HTTPS protocol. Network storage protocols such as NFS and SMB require special ports. Therefore, you must configure the firewall or security group rules for the CSG console to support these ports.
    • CSG supports AD and LDAP domains. Therefore, you must configure certain ports to support the following protocols: Lightweight Directory Access Protocol (LDAP), Active Directory (AD), Domain Name System (DNS), and Kerberos. To set security group rules, you must configure CIDR blocks and security groups. For more information, see Add security group rules.

      In the same Virtual Private Cloud (VPC) network and under the same Alibaba Cloud account, if a gateway and a domain server fall into different security groups, you can configure security group rules to authorize connections between these two security groups. Afterward, you must add the following rules to the security group of the domain server: TCP 53/636 and UDP 53/636.

    • To support NFS and SMB, configure the corresponding service ports listed in the following table in the inbound rule of the security group of CSG. After you create a file gateway on Alibaba Cloud, the security group has these ports configured by default. Configure ports for LDAP and AD in the inbound rules of the security group of the domain server.
      Protocol Port
      HTTPS 443 and 8080
      NFS 111 (UDP and TCP), 875 (UDP and TCP), 892 (UDP and TCP), 2049 (UDP and TCP), 32887 (UDP and TCP), 32888 (UDP and TCP), and 32889 (UDP and TCP)
      SMB 137 (UDP), 138 (UDP), 139 (TCP), 389 (TCP), 445 (TCP), and 901 (TCP)
      SSH 22
      LDAP 389 (UDP and TCP) and 636 (UDP)
      AD 445 (UDP and TCP)
      DNS 53 (UDP and TCP)
      Kerberos 88 (UDP and TCP)
  • The synchronization bandwidth of a file gateway is determined by the OSS bandwidth. OSS supports the bandwidth of 10 Gbit/s or lower. The bandwidth slightly varies among clusters in different regions. For more information, request the OSS customer service in each region.
  • After you create a file gateway on Alibaba Cloud, the gateway has a security group that is prefixed with Cloud_Storage_Gateway_Usage configured by default. Do not use this security group when you create ECS instances.
  • When OSS stores more than one million files, we recommend that you set the interval of remote sync to longer than 3,600 seconds.
  • Version 1.0.36 and later automatically specify a Multipurpose Internet Mail Extensions (MIME) type in the OSS metadata based on the file suffix.
  • If remote sync is enabled, local empty directories that are not uploaded to Alibaba Cloud may be deleted by remote sync during a scan cycle. You can create the directories again to address this issue.
  • By default, the upload bandwidth of gateways deployed on Alibaba Cloud is 1 Mbit/s. These gateways access OSS buckets across regions over the Internet. As a result, the data transmission performance may not be stable.

Local file gateways

  • To use file gateways deployed in on-premises data centers, you must open the following ports in the firewall of your client.
    Protocol Port
    HTTPS 443
    NFS 111 (UDP and TCP), 875 (UDP and TCP), 892 (UDP and TCP), 2049 (UDP and TCP), 32887 (UDP and TCP), 32888 (UDP and TCP), and 32889 (UDP and TCP)
    SMB 137 (UDP), 138 (UDP), 139 (TCP), 389 (TCP), 445 (TCP), and 901 (TCP)
    SSH 22
    LDAP 389 (UDP and TCP) and 636 (UDP)
    AD 445 (UDP and TCP)
    DNS 53 (UDP and TCP)
    Kerberos 88 (UDP and TCP)

Block gateways

  • The cache capacity of Internet Small Computer Systems Interface (iSCSI) volumes is calculated as follows: Recommended local cache capacity = [Application bandwidth (MB/s) - Backend bandwidth of the gateway (MB/s)] × Write duration (s) × 1.2.

    To require an excellent I/O throughput when you use a local cache disk, you can estimate the total amount of hot data. Compare the total amount of hot data with the recommended local cache capacity, and select the larger value as the capacity of the local cache disk.

  • The synchronization bandwidth of a block gateway is determined by the OSS bandwidth. OSS supports the bandwidth of 10 Gbit/s or lower. The bandwidth slightly varies among clusters in different regions. For more information, request the OSS customer service in each region.
  • The default input/output operations per second (IOPS) are determined by the backend disk capacity. An ultra disk supports the bandwidth of 110 MB/s or lower. An SSD disk supports the bandwidth of 230 MB/s or lower.
  • To use block gateways, you must open the following ports in the firewall of your client.
    • Block gateways deployed on Alibaba Cloud
      Protocol Port
      iSCSI 860 (TCP) and 3260 (TCP)
    • Block gateways deployed in on-premises data centers
      Protocol Port
      HTTPS 443
      iSCSI 860 (TCP) and 3260 (TCP)