All Products
Search

This Product

    Cloud Storage Gateway:Manage a cross-zone HA file gateway in the CSG console

    Document Center

    Cloud Storage Gateway:Manage a cross-zone HA file gateway in the CSG console

    Last Updated:Nov 10, 2025

    This topic describes how to create a cross-zone high availability (HA) file gateway and configure shares for the file gateway in the Cloud Storage Gateway (CSG) console.

    Prerequisites

    1. An Alibaba Cloud account is created and real-name verification for the account is complete. For more information, see Create an Alibaba Cloud account.

      Note

      We recommend that you create a RAM user and log on to the CSG console as the RAM user.

    2. CSG is activated. If CSG is not activated, follow the on-screen instructions in the CSG console to activate CSG.

    3. A virtual private cloud (VPC) is available in the region where you want to create the file gateway. For more information, see Create a VPC with an IPv4 CIDR block.

    4. An ECS instance is created on the VPC in the region where you want to create the file gateway.

      Note

      If your on-premises host is connected to the VPC over an Express Connect circuit, you can also perform the steps by using the host.

    5. An Object Storage Service (OSS) bucket is created. For more information, see Get started with the OSS console.

      Important

      • We recommend that you use a zone-redundant storage (ZRS) bucket, which ensures continuous data access even if a zone becomes unavailable.

      • File gateways support the following storage classes of OSS buckets: Standard, Infrequent Access (IA), and Archive. File gateways do not support OSS buckets for which back-to-origin routing is configured.

      • We recommend that you never associate a gateway with an Archive bucket. If files written from a file gateway to OSS are expected to be infrequently modified, we recommend that you store the files in a Standard or IA bucket first and move them to Archive or Cold Archive by using a lifecycle rule. This reduces unnecessary restoration operations and optimizes storage costs and efficiency.

      • When a client writes a file to a file gateway, the gateway records at least two actions: writing the file and setting the file modification time. The gateway merges the two actions where possible. However, the gateway may still initiate multiple operations on the object to the bucket where the object is stored. The CopyObject operation is called to store the file modification time as a piece of metadata of the object in the bucket. If the object is an Archive or Cold Archive object, this operation requires object restoration, which takes some time to complete. This increases the time required for object uploads and can even cause upload failures if not enough time is left to upload data from the cache.

    Create a cross-zone HA file gateway

    1. On the Gateways page of the CSG console, click Create.

    2. In the Create Gateway wizard, configure parameters as described in the following table and retain default settings for unmentioned parameters.

      Configuration example

      Step

      Parameter

      Description

      Gateway Information

      Parameter

      Specify a name for the gateway. The name must be 1 to 60 characters in length, and can contain letters, digits, underscores (_), hyphens (-), and periods (.). It must start with a letter.

      Region

      Select Alibaba Cloud.

      Type

      Select File Gateway.

      Region

      Select the region of the file gateway.

      Important

      Cross-zone HA file gateways are available only in the China (Beijing, Shanghai, Hangzhou, Shenzhen,HongKong) regions.

      Cross-zone High Availability

      Select Yes to enable the cross-zone high availability feature.

      Gateway Configurations

      VPC

      Select the VPC on which you want to deploy the gateway.

      Note

      The VPC must be the one in which your ECS instance or on-premises host is located.

      vSwitch of Primary Node

      Select the vSwitch for the primary node.

      Important

      • The vSwitches of the primary and secondary nodes must reside in different zones.

      • A cross-zone HA file gateway is deployed in the region of the vSwitch for the primary node and the region of the vSwitch for the secondary node.

      • If no gateway resource is available in the zone where the specified vSwitch resides, create a vSwitch in another zone in the region.

      vSwitch of Secondary Node

      Select the vSwitch for the secondary node.

      Important

      • The vSwitches of the primary and secondary nodes must reside in different zones.

      • A cross-zone HA file gateway is deployed in the region of the vSwitch for the primary node and the region of the vSwitch for the secondary node.

      • If no gateway resource is available in the zone where the specified vSwitch resides, create a vSwitch in another zone in the region.

      Edition

      Select a gateway edition. Valid values: Basic, Standard, Enhanced, and Performance Optimized. For more information, see Specifications.

      OSS Endpoint

      Select an endpoint for the region in which the bucket is located.

      Bucket Name

      Specify the bucket. You can select an existing bucket from the drop-down list. You can also select the Subdirectory check box and enter a subdirectory of the bucket in the text box that appears.

      • The name of a subdirectory can contain only letters and digits.

      • The subdirectory can be an existing directory in the OSS bucket or a directory that has not yet been created in the OSS bucket. After you create a share, the specified subdirectory serves as the root directory and stores all related files and directories.

      • A file gateway does not support OSS buckets for which back-to-origin routing is configured.

      • CSG cannot guarantee that only one write operation is performed on an object. Therefore, buckets for which retention policies are configured are not supported.

      Protocol

      Select NFS or SMB based on your business requirements.

      • Use the Network File System (NFS) protocol if you need to access the bucket from a Linux system.

      • Use the Server Message Block (SMB) protocol if you need to access the bucket from a Windows system.

      Share Name

      Specify a name for the share. If you set the Protocol parameter to NFS, the share name is also used as the virtual path of the share when the mount operation is performed based on NFSv4.

      Note

      The name must be 1 to 32 characters in length, and can contain letters, digits, underscores (_), hyphens (-), and periods (.). It must start with a letter.

      User Mapping

      Specify the user mapping between the NFS client and the NFS server. Configure this parameter only if you set Protocol to NFS.

      • none: The NFS client user is not mapped to the nobody user on the NFS server.

      • root_squash: The NFS client that uses the root identity is mapped to the nobody user on the NFS server.

      • all_squash: The NFS client is mapped to the nobody user on the NFS server, regardless of the identity that the client uses.

      • all_anonymous: The NFS client is mapped to the anonymous user on the NFS server, regardless of the identity that the client uses.

      Note

      This parameter is available only when you set Protocol to NFS.

      Reverse Sync

      Select whether to synchronize metadata of objects in the bucket to your local device. The reverse synchronization feature is helpful in scenarios such as disaster recovery, data recovery, and data sharing.

      Note

      During a reverse synchronization process, the system scans all objects in the bucket. If the bucket contains a large number of objects, you are charged for calling the OSS API. For more information, see OSS pricing.

      Reverse Sync Interval

      If you set Reverse Sync to Yes, you must set the Reverse Sync Interval parameter. Valid values: 15 to 36000. Unit: seconds.

      Note

      If the bucket contains a large number of objects, we recommend that you set the interval to a value greater than 3,600 seconds. Otherwise, repeated scans result in frequent OSS API calls. This causes an increase in fees generated by OSS API calls.

      Cache Disk Type

      Only ESSD is supported. You can choose from three performance levels (PLs): PL1, PL2, and PL3. For more information, see ESSDs.

      Cache Capacity

      • The capacity of a cache disk for a Basic gateway ranges from 100 GB to 4,096 GB.

      • The capacity of a cache disk for a Standard gateway ranges from 100 GB to 8,192 GB.

      • The capacity of a cache disk for an Enhanced or Performance Optimized gateway ranges from 100 GB to 32,768 GB.

      Billing Information

      Billing Method

      Select Pay-as-you-go. For more information, see Billable items and billing methods.

    3. In the Confirmation step, verify your settings and click Completed.

      Important

      • The automatic gateway deployment takes about 5 to 10 minutes to complete. When the gateway status is Healthy, the cross-zone HA file gateway is deployed.

      • After the cross-zone HA file gateway is created, the share specified in the gateway creation process is created, and a virtual IP address is automatically configured for the primary node. If the share no longer meets your requirements, create another share. For more information, see Attach a cache disk and Create a share.

    Attach a cache disk

    1. On the Gateways page, click the ID of the gateway. On the page that appears, click Caches > Create Cache.

    2. Specify cache disk specifications by using Cache Calculator or Custom Cache settings.

      • Cache Calculator: Cache disk settings are automatically recommended based on your application requirements.

      • Custom Cache: You need to manually configure a cache disk type and capacity.

        Note

        • Capacity

          The supported capacity range of a cache disk varies with the gateway edition:

          • Basic: 100 GB to 4,096 GB

          • Standard: 100 GB to 8,192 GB

          • Enhanced or Performance Optimized: 100 GB to 32,768 GB

        • Type

          Only ESSD is supported. You can choose from three performance levels (PLs): PL1, PL2, and PL3. For more information, see ESSDs.

    Create a share

    1. On the Gateways page, click the ID of the file gateway. On the Shares tab, click Create.

    2. In the Bucket Settings step, configure the parameters described in the following table and click Next.

      Bucket Settings

      Parameter

      Description

      OSS Endpoint

      Select an endpoint for the region in which the bucket is located.

      Bucket Name

      Specify a bucket. You can select an existing bucket from the drop-down list. You can also select the Subdirectory check box and enter a subdirectory of the bucket in the text box that appears.

      Note

      • The name of a subdirectory can contain only letters and digits.

      • You can specify an existing subdirectory or a subdirectory that does not exist in the bucket. After you create a share, the specified subdirectory serves as the root directory and stores all related files and directories.

      • A file gateway does not support OSS buckets for which back-to-origin routing is configured.

      • CSG cannot guarantee that only one write operation is performed on an object. Therefore, buckets for which retention policies are configured are not supported.

      Use SSL to Connect Bucket

      If you select Yes, the bucket is connected over SSL.

    3. In the Basic Information step, configure the parameters described in the following table and click Next.

      Basic Information

      Parameter

      Description

      Mount IP

      The IP address used to mount the share.

      Note

      The IP address is the virtual IP address of the vSwitch for the primary node.

      Share Name

      Specify a name for the share. If you set the Protocol parameter to NFS, the share name is also used as the virtual path of the share when the mount operation is performed based on NFSv4.

      Note

      The name must be 1 to 32 characters in length, and can contain letters, digits, underscores (_), hyphens (-), and periods (.). It must start with a letter.

      Protocol

      Specify the protocol that you use to connect to the OSS bucket. Valid values: NFS, SMB.

      • Use the NFS protocol if you need to access the bucket from a Linux system.

      • Use the SMB protocol if you need to access the bucket from a Windows system.

      Cache

      Select an existing cache disk.

      Note

      Cache disk space is distributed based on the following rules:

      • For a cache disk with a capacity of no more than 5 TB, 20% of that capacity is reserved for metadata storage. For example, if you attach a 40 GB cache disk, the actual space available for data storage is 32 GB.

      • For a cache disk with a capacity of more than 5 TB, 1 TB is reserved for metadata storage. For example, if you attach a 20 TB cache disk, the actual space available for data storage is 19 TB.

      User Mapping

      Specify the user mapping between the NFS client and the NFS server.

      • none: The NFS client user is not mapped to the nobody user on the NFS server.

      • root_squash: The NFS client that uses the root identity is mapped to the nobody user on the NFS server.

      • all_squash: The NFS client is mapped to the nobody user on the NFS server, regardless of the identity that the client uses.

      • all_anonymous: The NFS client is mapped to the anonymous user on the NFS server, regardless of the identity that the client uses.

      Note

      This parameter is available only when you set Protocol to NFS.

      Browsable

      Specify whether the share can be accessed by using Network Neighborhood.

      Note

      This parameter is available only if you set Protocol to SMB.

      Windows Permission Support

      Specify access control settings for the SMB share.

      Note

      • This parameter is available only if you set Protocol to SMB.

      • To enable Windows permission support, you must add the gateway to an AD domain first.

      Add to Sync Group

      Specify whether to add the share to a synchronization group. If you add the share to a synchronization group, the reverse synchronization feature is automatically disabled for the share. After you add the share to a synchronization group, all changes made to the data stored in the OSS bucket that corresponds to the share are synchronized to the on-premises client on which the share is mounted.

      Note

      • To enable this feature, create a synchronization group first. Make sure that the synchronization group and the share use the same OSS bucket. For more information, see Configure express synchronization.

      • Only Standard, Enhanced, and Performance Optimized gateways support the express synchronization feature.

      • The express synchronization feature relies on Simple Message Queue (formerly MNS) and incurs SMQ fees. For more information, see Configure express synchronization.

      Advanced Settings

      After you select the Advanced Settings check box, the Advanced Settings step appears.

    4. In the Advanced Settings step, configure the parameters described in the following table and click Next.

      Advanced Settings

      Parameter

      Description

      Mode

      Cache Mode: In this mode, the on-premises cache disk stores only metadata and the data that is frequently accessed. Full data is stored in the OSS.

      Fragmentation Optimization

      For applications that frequently and randomly read or write a small amount of data, enabling fragmentation optimization prevents file fragmentation issues of file systems. This feature is in an experimental phase. You should decide whether to enable this feature based on your actual application requirements.

      Bypass Cache Read

      By default, if a cache miss occurs for a read request to a share, the gateway downloads the requested data from the associated OSS bucket to the cache disk. This process involves a certain level of data prefetching. However, if read requests are completely random reads and the size of the cache disk is far smaller than the size of data in the OSS bucket, prefetching data to the cache disk may not deliver satisfactory performance. In this case, consider enabling this feature. We recommend that you enable this feature only when it is necessary.

      Upload Optimization

      If you select Yes, cached data is cleared in real time. This feature is suitable for cloud backup scenarios.

      Reverse Sync

      Select whether to synchronize metadata of objects in the bucket to your local device. The reverse synchronization feature is helpful in scenarios such as disaster recovery, data recovery, and data sharing.

      Note

      • During a reverse synchronization process, the system scans all objects in the bucket. If the bucket contains a large number of objects, you are charged for calling the OSS API. For more information, see OSS pricing.

      • If you select the Add to Sync Group check box in the Basic Information step, the Reverse Sync parameter is unavailable.

      Reverse Sync Interval

      If you set Reverse Sync to Yes, you must set the Reverse Sync Interval parameter. Valid values: 15 to 36000. Unit: seconds.

      Note

      If the bucket contains a large number of objects, we recommend that you set the interval to a value greater than 3,600 seconds. Otherwise, repeated scans result in frequent OSS API calls. This causes an increase in fees generated by OSS API calls.

      Ignore Deletions

      If you select Yes, the data that is deleted from the on-premises cache disk is not deleted from the OSS bucket. Full data is stored in the OSS.

      NFS V4 Optimization

      Select whether to optimize the upload efficiency if the share is mounted to an NFSv4 file system. If you select Yes, you cannot mount the share to an NFSv3 file system.

      Note

      This parameter is available only to an NFS share.

      Sync Latency

      Specify a period of time to delay the upload of files. This setting prevents frequent on-premises modifications from creating a large number of fragments in OSS. Default value: 5. Maximum value: 120. Unit: seconds.

    5. In the Confirmation step, check the configuration information. If nothing is wrong, click Completed.

    Access a share

    After creating a share, access it from the client. For more information, see Access shares.