This topic describes how to access an Apsara File Storage NAS file system from a local IDC by using an NAT gateway.

Background information

You can directly mount a file system only on an ECS instance that resides in the same region as the file system. For example, an NFS or SMB file system that you create in China (Hangzhou) can only be mounted on an ECS instance that resides in China (Hangzhou). You cannot directly mount the file system on an ECS instance that resides in a different region such as China (Qingdao) or on a local server. To enable such a mount, you can use Express Connect to establish a connection. For a mount on a local server, you can establish a connection between the local IDC and the Virtual Private Cloud (VPC) where the file system resides. For a cross-region mount, you can establish a connection between the VPC where the ECS instance resides and the VPC where the file system resides. However, high costs incur for establishing the connection.

If you have deployed a VPN gateway in your local IDC, we recommend that you use Alibaba Cloud VPN Gateway to connect your local IDC to Apsara File Storage NAS. For more information, see Access an Apsara File Storage NAS file system from a local data center by using VPN Gateway.

If you only need to upload a small amount of data from your local IDC to Apsara File Storage NAS, we recommend that you use NAT Gateway to establish a connection.

The following figure shows the network topology that is adopted when NAT Gateway is used to establish a connection between a local IDC and Apsara File Storage NAS.Network topology
  • Advantage: easy to configure
  • Disadvantage:
    • In terms of security, any user who has an Elastic IP address (EIP) can create a mount target that relates to the EIP because connections are established between EIPs and VPCs.
    • Each combination of an EIP and port applies only to a mount target. If you want to create multiple mount targets, you must create multiple EIPs.

Create a file system and a mount target

  1. Log on to the Apsara File Storage NAS console.
  2. Create a file system. For more information, see Create a file system.
  3. Create a mount target in a VPC. For more information, see Add a mount target.

Configure an NAT gateway

You can follow these steps to mount an Apsara File Storage NAS file system on a Windows or Linux local host that is connected to the Internet. After the file system is mounted, you can use your local host to upload files to or download files from the file system.

  1. Log on to the VPC console.
  2. Create an NAT gateway. For more information, see Create a NAT Gateway.
    Note You must select the VPC where the Apsara File Storage NAS file system resides.
  3. Attach an EIP to the NAT gateway. For more information, see Associate an EIP with a NAT Gateway.
  4. Create a destination network address translation (DNAT) entry. For more information, see Create a DNAT entry.

    The required settings are described as follows:

    • Public IP Address: specifies the public IP address that is generated when you create an EIP.
    • Private IP Address: specifies the IP address of the mount target for the file system.

      You can use an ECS instance to ping the endpoint of the mount target to retrieve the IP address.

      ping file-system-id.region.nas.aliyuncs.com
    • Port: We recommend that you select All Ports. You can also select a port for your NFS or SMB file system.
  5. Mount the file system on your local host.
    Note
    • To mount an NFS file system, you must first install an NFS client. For more information, see Step 1: Install an NFS client.
    • Before mounting an SMB file system, you must enable Workstation and TCP/IP NetBIOS Helper services. For more information, see Prerequisites.
    • Run the following command to mount an NFS file system.
      mount -t nfs4 10.10.10.1:/ /mnt
      • 10.10.10.1 is the public IP address generated when you create an EIP. Replace the IP address as needed.
      • /mnt is the mount directory. Replace the directory as needed.
    • Run the following command to mount an SMB file system.
      net use D: \\10.10.10.1\myshare
      • D: is the target drive letter on which you need to mount a file system. Replace the drive letter as needed.
      • 10.10.10.1 is the public IP address generated when you create an EIP. Replace the IP address as needed.
      • myshare is the name of the shared SMB directory. You cannot change the name.
  6. Verify the mount result.
    • NFS file system

      The mount is successful if the following result is displayed after you run the mount command. You can read data from and write data to the files of the NFS file system.

      Mount result
    • SMB file system

      The mount is successful if you can access the SMB file system from your local Windows Explorer. You can read data from and write data to the files of the SMB file system.

      Mount result

Differences between the NAT Gateway solution and the VPN Gateway solution

The following table illustrates the differences between the two solutions.

Item NAT Gateway VPN Gateway
Configuration Easy: You can configure all settings in the Alibaba Cloud console. Complex: You must configure a VPN gateway in the Alibaba Cloud console and configure a client-side VPN gateway in a local IDC.
Security Poor Excellent
Flexibility Restricted: Each EIP can only map one mount target. You can access all Apsara File Storage NAS mount targets without the need of EIPs.
Scenarios Establish temporary connections to transfer a small amount of data. Establish a long-term connection that is required between a local IDC and Apsara File Storage NAS.