All Products
Search
Document Center

Cloud Storage Gateway:Manage a cross-zone HA file gateway in the CSG console

Last Updated:Feb 17, 2025

This topic describes how to create a cross-zone high availability (HA) file gateway and configure shares for the file gateway in the Cloud Storage Gateway (CSG) console.

Prerequisites

  1. An Alibaba Cloud account is created and real-name verification for the account is complete. For more information, see Create an Alibaba Cloud account.

    Note

    We recommend that you log on to the CSG console as a RAM user. For more information, see Use RAM to implement account-based access control.

  2. CSG is activated. If CSG is not activated, follow the on-screen instructions in the CSG console to activate CSG.

  3. A virtual private cloud (VPC) is available in the region where you want to create the file gateway. For more information, see Create a VPC with an IPv4 CIDR block.

  4. An Elastic Compute Service (ECS) instance is created on the VPC in the region where you want to create the file gateway. For more information about how to create an ECS instance, see Create an ECS instance.

    Note

    If your on-premises host is connected to the VPC over an Express Connect circuit, you can also perform the steps by using the host.

  5. An Object Storage Service (OSS) bucket is created. For more information, see Get started by using the OSS console.

    Important
    • We recommend that you use a zone-redundant storage (ZRS) bucket, which ensures continuous data access even if a zone becomes unavailable.

    • File gateways support the following storage classes of OSS buckets: Standard, Infrequent Access (IA), and Archive. File gateways do not support OSS buckets for which back-to-origin routing is configured.

    • We recommend that you do not associate a gateway with an Archive bucket. If files that are written from a file gateway to OSS are infrequently modified, we recommend that you store the files in a Standard or IA bucket first and configure a lifecycle rule that changes the storage class of the files to Archive or Cold Archive. This reduces unnecessary restoration operations and optimizes storage costs and efficiency.

    • When a client writes a file to a file gateway, the gateway records at least two actions: writing the file and setting the file modification time. The gateway merges the two actions where possible. However, the gateway may still initiate multiple operations on the object to the bucket where the object is stored. The CopyObject operation is called to store the file modification time as a piece of metadata of the object in the bucket. If the object is an Archive or Cold Archive object, this operation requires object restoration, which takes some time to complete. This increases the time required for object uploads and can even cause upload failures if not enough time is left to upload data from the cache.

Create a cross-zone HA file gateway

  1. On the Gateways page of the CSG console, click Create.

  2. In the Create Gateway wizard, configure parameters as described in the following table and retain default settings for unmentioned parameters.

    Sample configuration

    Step

    Parameter

    Description

    Gateway Information

    Name

    Specify a name for the gateway. The name must be 1 to 60 characters in length, and can contain letters, digits, underscores (_), hyphens (-), and periods (.). It must start with a letter.

    Location

    Select Alibaba Cloud.

    Type

    Select File Gateway.

    Region

    Select the region of the file gateway.

    Important

    Cross-zone HA file gateways are available only in the China (Beijing, Shanghai, Hangzhou, Shenzhen) regions.

    Cross-zone High Availability

    Select Yes to enable the cross-zone high availability feature.

    Gateway Configurations

    VPC

    Select the VPC on which you want to deploy the gateway.

    Note

    The VPC must be the one in which your ECS instance or on-premises host is located.

    vSwitch of Primary Node

    Select the vSwitch for the primary node.

    Important
    • The vSwitches of the primary and secondary nodes must reside in different zones.

    • A cross-zone HA file gateway is deployed in the region of the vSwitch for the primary node and the region of the vSwitch for the secondary node.

    • If no gateway resource is available in the zone where the specified vSwitch resides, create a vSwitch in another zone in the region.

    vSwitch of Secondary Node

    Select the vSwitch for the secondary node.

    Important
    • The vSwitches of the primary and secondary nodes must reside in different zones.

    • A cross-zone HA file gateway is deployed in the region of the vSwitch for the primary node and the region of the vSwitch for the secondary node.

    • If no gateway resource is available in the zone where the specified vSwitch resides, create a vSwitch in another zone in the region.

    Edition

    Select Basic, Standard, Enhanced, or Performance Optimized. For more information, see Specifications.

    OSS Endpoint

    Select an endpoint for the region in which the bucket is located.

    Bucket Name

    Specify the bucket. You can select an existing bucket from the drop-down list. You can also select the Subdirectory check box and enter a subdirectory of the bucket in the text box that appears.

    • The name of a subdirectory can contain only letters and digits.

    • The subdirectory can be an existing directory in the OSS bucket or a directory that has not yet been created in the OSS bucket. After you create a share, the specified subdirectory serves as the root directory and stores all related files and directories.

    • A file gateway does not support OSS buckets for which back-to-origin routing is configured.

    • CSG cannot guarantee that only one write operation is performed on an object. Therefore, buckets for which retention policies are configured are not supported.

    Protocol

    Select NFS or SMB based on your business requirements.

    • Use the Network File System (NFS) protocol if you need to access the bucket from a Linux system.

    • Use the Server Message Block (SMB) protocol if you need to access the bucket from a Windows system.

    Share Name

    Specify a name for the share. If you set the Protocol parameter to NFS, the share name is also used as the virtual path of the share when the mount operation is performed based on NFSv4.

    Note

    The name must be 1 to 32 characters in length, and can contain letters, digits, underscores (_), hyphens (-), and periods (.). It must start with a letter.

    User Mapping

    Specify the user mapping between the NFS client and the NFS server. You can configure this parameter only if you set Protocol to NFS.

    • none: The NFS client user is not mapped to the nobody user on the NFS server.

    • root_squash: The NFS client that uses the root identity is mapped to the nobody user on the NFS server.

    • all_squash: The NFS client is mapped to the nobody user on the NFS server regardless of the identity that the client uses.

    • all_anonymous: The NFS client is mapped to the anonymous user on the NFS server regardless of the identity that the client uses.

    Note

    This parameter is available only when you set Protocol to NFS.

    Reverse Sync

    Select whether to synchronize metadata of objects in the bucket to your local device. The reverse synchronization feature is helpful in scenarios such as disaster recovery, data recovery, and data sharing.

    Note

    During a reverse synchronization process, the system scans all objects in the bucket. If the bucket contains a large number of objects, you are charged for calling the OSS API. For more information, see OSS pricing.

    Reverse Sync Interval

    If you set Reverse Sync to Yes, you must set the Reverse Sync Interval parameter. Valid values: 15 to 36000. Unit: seconds.

    Note

    If the bucket contains a large number of objects, we recommend that you set the interval to a value greater than 3,600 seconds. Otherwise, repeated scans result in frequent OSS API calls. This causes an increase in fees generated by OSS API calls.

    Cache Disk Type

    Select Ultra Disk, Standard SSD, or ESSD based on your business requirements.

    Cache Capacity

    • The capacity of a cache disk for a Basic gateway ranges from 100 GB to 4,096 GB.

    • The capacity of a cache disk for a Standard gateway ranges from 100 GB to 8,192 GB.

    • The capacity of a cache disk for an Enhanced or Performance Optimized gateway ranges from 100 GB to 32,768 GB.

    Billing Information

    Billing Method

    Select Pay-as-you-go. For more information, see Billable items and billing methods.

  3. In the Confirmation step, verify your settings and click Completed.

    Important
    • The automatic gateway deployment takes about 5 to 10 minutes to complete. When the gateway status is Healthy, the cross-zone HA file gateway is deployed.

    • After the cross-zone HA file gateway is created, the share specified in the gateway creation process is created, and a virtual IP address is automatically configured for the primary node. If the share no longer meets your requirements, create another share. For more information, see Attach a cache disk and Create a share.

Attach a cache disk

  1. On the Gateways page, click the ID of the gateway. On the page that appears, click Caches > Create Cache.

  2. Specify cache disk specifications by using Cache Calculator or Custom Cache settings.

    Note
    • Capacity

      • The capacity of a cache disk for a Basic gateway ranges from 100 GB to 4,096 GB.

      • The capacity of a cache disk for a Standard gateway ranges from 100 GB to 8,192 GB.

      • The capacity of a cache disk for an Enhanced or Performance Optimized gateway ranges from 100 GB to 32,768 GB.

    • Type

      Select Ultra Disk, Standard SSD, or ESSD based on your business requirements.

Create a share

  1. On the Gateways page, click the ID of the file gateway. On the Shares tab, click Create.

  2. In the Bucket Settings step, configure the parameters described in the following table and click Next.

    Bucket Settings

    Parameter

    Description

    OSS Endpoint

    Select an endpoint for the region in which the bucket is located.

    Bucket Name

    Specify a bucket. You can select an existing bucket from the drop-down list. You can additionally select the Subdirectory check box and enter a subdirectory of the bucket in the text box that appears.

    Note
    • The name of a subdirectory can contain only letters and digits.

    • You can specify an existing subdirectory or a subdirectory that does not exist in the bucket. After you create a share, the specified subdirectory serves as the root directory and stores all related files and directories.

    • A file gateway does not support OSS buckets for which back-to-origin routing is configured.

    • CSG cannot guarantee that only one write operation is performed on an object. Therefore, buckets for which retention policies are configured are not supported.

    Encrypt

    Select whether to use encryption. You can select None or Server-side Encryption.

    If you select Server-side Encryption, you must specify a Key ID and an Encryption Algorithm. You can create a customer master key (CMK) in the Key Management Service (KMS) console. For more information, see Create a CMK. Encryption algorithms AES256 and SM4 are supported.

    If you enable the server-side encryption feature in OSS, you can bring your own key (BYOK). Keys that are imported from KMS are supported. After you enable the server-side encryption feature, the system encrypts files that are uploaded to OSS from the share by using the specified key. You can call the GetObject operation to check whether the specified object is encrypted. If the value of the x-oss-server-side-encryption field is KMS and the value of the x-oss-server-side-encryption-key-id field is the key ID, the object is encrypted.

    Important
    • Only users on the whitelist can use this feature.

    • When you create a CMK in the KMS console, you must select the region in which the OSS bucket resides.

    Use SSL to Connect Bucket

    If you select Yes, the bucket is connected over SSL.

  3. In the Basic Information step, configure the parameters described in the following table and click Next.

    Basic Information

    Parameter

    Description

    Mount IP

    The IP address used to mount the share.

    Note

    The IP address is the virtual IP address of the vSwitch for the primary node.

    Share Name

    Specify a name for the share. If you set the Protocol parameter to NFS, the share name is also used as the virtual path of the share when the mount operation is performed based on NFSv4.

    Note

    The name must be 1 to 32 characters in length, and can contain letters, digits, underscores (_), hyphens (-), and periods (.). It must start with a letter.

    Protocol

    Specify the protocol that you use to connect to the OSS bucket. You can select NFS or SMB.

    • Use the NFS protocol if you need to access the bucket from a Linux system.

    • Use the SMB protocol if you need to access the bucket from a Windows system.

    Cache

    Select an existing cache disk.

    Note

    Cache disk space is distributed based on the following rules:

    • For a cache disk with a capacity of no more than 5 TB, 20% of that capacity is reserved for metadata storage. For example, if you attach a 40 GB cache disk, the actual space available for data storage is 32 GB.

    • For a cache disk with a capacity of more than 5 TB, 1 TB is reserved for metadata storage. For example, if you attach a 20 TB cache disk, the actual space available for data storage is 19 TB.

    User Mapping

    Specify the user mapping between the NFS client and the NFS server.

    • none: The NFS client user is not mapped to the nobody user on the NFS server.

    • root_squash: The NFS client that uses the root identity is mapped to the nobody user on the NFS server.

    • all_squash: The NFS client is mapped to the nobody user on the NFS server regardless of the identity that the client uses.

    • all_anonymous: The NFS client is mapped to the anonymous user on the NFS server regardless of the identity that the client uses.

    Note

    This parameter is available only when you set Protocol to NFS.

    Archive

    Select whether to enable the archive feature.

    • If you select Yes, the archive feature is enabled. You can use the archive feature to archive and restore files in a share.

    • If you select No, the archive feature is disabled.

    Note
    • This parameter is available only if you set Protocol to NFS and User Mapping to none.

    • Basic file gateways do not support the archive feature.

    • If you request to read an archived file from a gateway for which the archive feature is disabled, a request to restore the file is still initiated. If the file gateway uses an NFS share, no error is returned, but a certain level of I/O latency occurs. If the file gateway uses an SMB share, a short-lived error occurs, and the read operation is successful after the restoration process is complete.

    Browsable

    Specify whether the share can be accessed by using Network Neighborhood.

    Note

    This parameter is available only if you set Protocol to SMB.

    Windows Permission Support

    Specify access control settings. For more information about permission control, see Enable Windows permission support.

    Note
    • This parameter is available only if you set Protocol to SMB.

    • To enable Windows permission support, you must add the gateway to an AD domain first.

    Add to Sync Group

    Specify whether to add the share to a synchronization group. If you add the share to a synchronization group, the reverse synchronization feature is automatically disabled for the share. After you add the share to a synchronization group, all changes made to the data stored in the OSS bucket that corresponds to the share are synchronized to the on-premises client on which the share is mounted.

    Note
    • To enable this feature, create a synchronization group first. Make sure that the synchronization group and the share use the same OSS bucket. For more information, see Configure express synchronization.

    • Only Standard, Enhanced, and Performance Optimized gateways support the express synchronization feature.

    • The express synchronization feature relies on Simple Message Queue (formerly MNS) and incurs SMQ fees. For more information, see Configure express synchronization.

    Advanced Settings

    After you select the Advanced Settings check box, the Advanced Settings step appears.

  4. In the Advanced Settings step, configure the parameters described in the following table and click Next.

    Advanced Settings

    Parameter

    Description

    Mode

    Cache Mode: In this mode, the on-premises cache disk stores only metadata and the data that is frequently accessed. Full data is stored in the OSS.

    Fragmentation Optimization

    For applications that frequently and randomly read or write a small amount of data, enabling fragmentation optimization prevents file fragmentation issues of file systems. This feature is an experimental option. You should decide whether to enable this feature based on your actual application requirements.

    Bypass Cache Read

    By default, if a cache miss occurs for a read request to a share, the gateway downloads the requested data from the associated OSS bucket to the cache disk. This process involves a certain level of data prefetching. However, if read requests are completely random reads and the size of the cache disk is far smaller than the size of data in the OSS bucket, prefetching data to the cache disk may not deliver satisfactory performance. In this case, consider enabling this feature. We recommend that you enable this feature only when it is necessary.

    Upload Optimization

    If you select Yes, cached data is cleared in real time. This feature is suitable for cloud backup scenarios.

    Reverse Sync

    Select whether to synchronize metadata of objects in the bucket to your local device. The reverse synchronization feature is helpful in scenarios such as disaster recovery, data recovery, and data sharing.

    Note
    • During a reverse synchronization process, the system scans all objects in the bucket. If the bucket contains a large number of objects, you are charged for calling the OSS API. For more information, see OSS pricing.

    • If you select the Add to Sync Group check box in the Basic Information step, the Reverse Sync parameter is unavailable.

    Reverse Sync Interval

    If you set Reverse Sync to Yes, you must set the Reverse Sync Interval parameter. Valid values: 15 to 36000. Unit: seconds.

    Note

    If the bucket contains a large number of objects, we recommend that you set the interval to a value greater than 3,600 seconds. Otherwise, repeated scans result in frequent OSS API calls. This causes an increase in fees generated by OSS API calls.

    Ignore Deletions

    If you select Yes, the data that is deleted from the on-premises cache disk is not deleted from the OSS bucket. Full data is stored in the OSS.

    NFS V4 Optimization

    Select whether to optimize the upload efficiency if the share is mounted to an NFSv4 file system. If you select Yes, you cannot mount the share to an NFSv3 file system.

    Note

    This parameter is available only to an NFS share.

    Sync Latency

    Specify a period of time to delay the upload of files. This setting prevents frequent on-premises modifications from creating a large number of fragments in OSS. Default value: 5. Maximum value: 120. Unit: seconds.

  5. In the Confirmation step, check the configuration information. If nothing is wrong, click Completed.

Access a share

After you create a share, you can access the share from the client. For more information, see Access shares.