Use a file gateway in the on-premises console - Cloud Storage Gateway

This topic describes how to use a file gateway in the on-premises console.

Prerequisites

An Alibaba Cloud account is created and real-name verification for the account is complete. For more information, see Create an Alibaba Cloud account.
Note
We recommend that you log on to the CSG console as a RAM user. For more information, see Use RAM to implement account-based access control.
CSG is activated. If CSG is not activated, follow the on-screen instructions in the CSG console to activate CSG.
You have deployed a file gateway on-premises.
An OSS bucket is created. For more information, see Get started by using the OSS console.
Important
- File gateways support the following storage classes of OSS buckets: Standard, Infrequent Access (IA), and Archive. File gateways do not support OSS buckets for which back-to-origin routing is configured.
- We recommend that you do not associate a gateway with an Archive bucket. If files that are written from a file gateway to OSS are infrequently modified, we recommend that you store the files in a Standard or IA bucket first and configure a lifecycle rule that changes the storage class of the files to Archive or Cold Archive. This reduces unnecessary restoration operations and optimizes storage costs and efficiency.
- When a client writes a file to a file gateway, the gateway records at least two actions: writing the file and setting the file modification time. The gateway merges the two actions where possible. However, the gateway may still initiate multiple operations on the object to the bucket where the object is stored. The CopyObject operation is called to store the file modification time as a piece of metadata of the object in the bucket. If the object is an Archive or Cold Archive object, this operation requires object restoration, which takes some time to complete. This increases the time required for object uploads and even causes upload failures if not enough time is left to upload data in the cache.
You have added a disk.

Add a cache

Each shared folder of a file gateway requires a unique cache disk. Therefore, to create multiple shared folders, you must create multiple cache disks. A cache disk lets you upload data from a shared folder to Alibaba Cloud OSS and synchronize data from Alibaba Cloud OSS to your on-premises environment.

In a browser, enter https://<IP address of the file gateway> to access the on-premises file gateway console.
Enter your username and password and click OK.
In the left-side navigation pane, click Caches. On the Caches page, click Create.
In the Create Cache dialog box, set the following parameters.
- Disk: Click Select to choose an available disk.
  Disks are available only after you add disks on the deployment platform.
- File System: This is an optional feature that enables data reuse. If a share is accidentally deleted, this feature lets you restore its data from the cache disk by recreating the share.
  Note
  If no file system exists on the cache disk (that is, the cache disk is empty or not initialized), selecting this option will cause the cache creation to fail.
Click OK.

Bind a cloud resource

Create shared resources that use OSS buckets as backend storage. A file gateway supports multiple cloud resources, with each shared resource corresponding to one bucket.

Note

By default, data written to a Cloud Storage Gateway by a client is uploaded in real time to an OSS bucket. You can also set a synchronization latency when you create a share. The maximum latency is 120 s.

Use the custom or non-custom method to bind a cloud resource as needed.

Non-custom method

In the left-side navigation pane of the on-premises gateway console, click Cloud Resources. Then click Bind.

In the Bind Cloud Resource dialog box, configure the following parameters.

Parameter	Description
Resource Name	Set a name for the cloud resource.
Cross-region Binding	Configure cross-region binding. Select Yes to access an OSS bucket that is in a different region from the file gateway. Select No to access only a bucket that is in the same region as the file gateway. Note To ensure the accuracy of data synchronization, log recording, and operation management between the file gateway and the OSS bucket, you must make sure that their time zones are the same. The time zone of an on-premises file gateway must be the same as the time zone of the OSS bucket.
Region	Select the region where the bucket is located.
Bucket Name	Select the bucket that you want to bind.
Use SSL	If you select Yes, you can use SSL to access the OSS bucket.

Click OK to bind the cloud resource.

Custom method

In the left-side navigation pane of the on-premises gateway console, click Cloud Resources. Then click Bind.

In the Bind Cloud Resource dialog box, configure the following parameters.

Parameter	Description
Resource Name	Set a name for the cloud resource.
Use Custom Region	Select Use Custom Region.
Endpoint	The endpoint of the OSS bucket. Example: oss-cn-hangzhou.aliyuncs.com
Bucket Name	Enter the name of the OSS bucket that you want to bind.
Access Key ID	Enter your AccessKey ID.
Access Key Secret	Enter your AccessKey secret.
Use SSL	If you select Yes, you can use SSL to access the OSS bucket.

Click Confirm to bind the cloud resource.

Create a share

On-premises file gateways support NFS shares and SMB shares. Select a share type based on your requirements. This topic uses an NFS share as an example.

Install an NFS client.
Return to the on-premises file gateway console. On the NFS page, click Create.

In the Create NFS Share dialog box, specify the following configurations and click OK.

Parameter	Description
Share Name	The virtual path of the NFS protocol. If you use NFSv4, you can directly mount the share using the share name. If you use NFSv3, you must obtain the virtual path by running the `showmount -e <gateway IP address>` command.
Read/Write Client IPs	The IP addresses or CIDR blocks of clients that are allowed to access the NFS share with read and write permissions. Example: 192.168.10.10 or 192.168.0.0/24. You can enter multiple IP addresses or CIDR blocks. The IP addresses or CIDR blocks of clients that are allowed to access the NFS share with read-only permissions. Example: 192.168.10.10 or 192.168.0.0/24. You can enter multiple IP addresses or CIDR blocks.
Read-only Client IPs
User Mapping	Set the mapping between NFS client users and NFS server users. Note This parameter is available only when you set Protocol to NFS. none: The NFS client user is not mapped to the nobody user on the NFS server. root_squash: The NFS client that uses the root identity is mapped to the nobody user on the NFS server. all_squash: The NFS client is mapped to the nobody user on the NFS server regardless of the identity that the client uses. all_anonymous: The NFS client is mapped to the anonymous user on the NFS server regardless of the identity that the client uses.
Enabled	Enable the NFS share. To disable the NFS share, select No.
Data Access Mode	The mode includes cache mode and replication mode. Replication Mode: All data is saved in two copies. One copy is saved in the on-premises cache and the other is saved in OSS. Cache Mode: The on-premises cache stores full metadata and frequently accessed user data. The full data is stored in OSS.
Enable Reverse Sync	Synchronize metadata from OSS to the on-premises environment. This feature is suitable for disaster recovery and data restoration/sharing scenarios. Note Remote sync scans all objects in the bucket. If the number of objects is large, you are charged for calling the OSS API.
Bucket Name	Select a created bucket.
Path Prefix	Enter a subdirectory of the bucket. A subdirectory name can contain only letters and digits. Note From version 1.0.38, you can map the root directory of a file system to a subdirectory of an OSS bucket to isolate access. The subdirectory can be an existing directory in the OSS bucket or a directory that has not been created in the OSS bucket. After the share is created, this subdirectory is used as the root directory, and subsequent files and directories are created in this directory.
Use Metadata	After you use a metadata disk, the data disk is separated from the metadata disk. The metadata disk is used to store the metadata of the shared folder. If you select Yes, you must select the corresponding Metadata Disk and Data Disk. If you select No, you must select the corresponding Cache Disk. Note Only users on the whitelist can use this feature.
Ignore delete	File deletion operations are not synchronized to OSS to prevent accidental operations. The full data is stored in OSS.
NFS V4 Optimization	Improve the upload efficiency when you mount a share using NFS v4. After you enable this option, you will no longer be able to mount the share using NFS v3.
Sync Delay	Specify a period of time to delay the upload of files. This setting prevents frequent on-premises modifications from creating a large number of parts in OSS. Default value: 5s. Maximum value: 120s.
Max Write Speed	The maximum write speed is 1280 MB/s. The default value is 0, which indicates that the speed is not limited.
Max Upload Speed	The maximum upload speed is 1280 MB/s. The default value is 0, which indicates that the speed is not limited. Note If you limit the speed, the maximum upload speed cannot be less than the maximum write speed.
Fast Cache Reclaim	If you select Yes, cached data is cleared in real time. This feature is suitable for cloud backup scenarios.

Click OK.

Access a share

After you create a share, use an NFS client to access the NFS shared folder.