This topic describes how to create a file gateway and configure a share in the Cloud Storage Gateway (CSG) console.

Prerequisites

  1. An Alibaba Cloud account is created and real-name verification is complete. For more information, see Create an Alibaba Cloud account.
    Note We recommend that you log on to the CSG console as a RAM user. For more information, see Use RAM to implement account-based access control.
  2. CSG is activated.

    When you log on to the for the first time, activate the CSG service as prompted.

  3. A virtual private cloud (VPC) is available in the region where you want to create a cloud file gateway. For more information, see Create an IPv4 VPC.
  4. An Elastic Compute Service (ECS) instance is available in the region where you want to create a cloud file gateway. The ECS instance runs in the VPC. For more information, see Create an ECS instance.
    Note If your on-premises host is connected to a VPC by using an Express Connect circuit, you can also manage the file gateway on your on-premises host.
  5. An Object Storage Service (OSS) bucket is created. For more information, see Create buckets.
    Note
    • CSG supports Standard, Infrequent Access (IA), and Archive OSS buckets.
    • If you request to read an archived file from a gateway for which the archive feature is disabled, the system sends a request to restore the file at the same time. No error message is returned. However, latency may exist before you can read the archived file.

Step 1: Create a file gateway

  1. Log on to the CSG console.
  2. Select the region where you want to create a file gateway.
  3. In the left-side navigation pane, click Gateways. On the Current Gateway Cluster page, select the gateway cluster and click Create.
    If you do not have a gateway cluster, click Create Gateway Cluster on the Overview page to create a gateway cluster.
  4. In the Gateway Information step, set the parameters and click Next. The following table describes the parameters.
    Parameter Description
    Name The name of the file gateway that you want to create.
    Location The location where you want to deploy the gateway. Valid values: On-premises and Alibaba Cloud.
    • On-premises: specifies an on-premises file gateway that is deployed in your data center. You can deploy an on-premises file gateway in the CSG console or in the on-premises file gateway console.
    • Alibaba Cloud: specifies a cloud file gateway that is deployed on Alibaba Cloud. You can deploy a cloud file gateway only in the CSG console.
    Type The type of the gateway that you want to create. Select File Gateway.
  5. In the Gateway Configurations step, set the required parameters and click Next.

    If you set Location to Alibaba Cloud, you must set the parameters in this step. The following table describes the parameters.

    Parameter Description
    Edition The edition of the gateway that you want to create. Valid values: Basic, Standard, Enhanced, and Performance Optimized. For more information, see Specifications.
    VPC The VPC in which you want to deploy the gateway.
    Note The specified VPC must be the VPC in which your ECS instance or on-premises host resides.
    VSwitch The vSwitch that is connected to the file gateway.
    Note
    • The specified vSwitch must be the same vSwitch that is connected to your ECS instance or on-premises host.
    • If no gateway is available in the zone where the specified vSwitch resides, create a vSwitch in another zone.
    Public Network Bandwidth The public bandwidth.
    Note
    • By default, Public Network Bandwidth is not selected. If you want to use a gateway that resides in another region, you must select and set the Public Network Bandwidth parameter. For more information, see Upgrade the public bandwidth.
    • Valid values: 6 Mbit/s to 200 Mbit/s.
  6. In the Billing Information step, set the parameters and click Next. The following table describes the parameters.
    Parameter Description
    Billing Method The method that is used by the system to calculate fees for the gateway. Valid values: Pay-as-you-go and Subscription. For more information, see Billable items and billing methods.

    If you select Subscription, you are redirected to the Cloud Storage Gateway (Subscription) page after you create the file gateway. Complete the payment as prompted. For more information, see Purchase a subscription gateway.

    Expiration Policy Select an expiration policy for the gateway. Valid values: Switch to Pay-as-you-go and Release.
  7. In the Confirmation step, verify your settings and click OK.
    • After you create a cloud file gateway, the system completes the deployment in 5 to 10 minutes. If Running is displayed in the Status column, the gateway is activated and deployed.
    • After you create an on-premises file gateway, click Activate Gateway in the Actions column. In the Activate Gateway dialog box, set the required parameters to activate the gateway. For more information, see Activate the gateway.

Step 2: Add a cache disk

Note This section describes how to create a cache disk for a cloud file gateway. To create a cache disk for an on-premises file gateway, you must go to the platform where the on-premises gateway console is deployed. For more information, see Add disks.
  1. Log on to the CSG console.
  2. Select the region where the file gateway resides.
  3. In the left-side navigation pane, click Gateways. On the Current Gateway Cluster page, click the ID of the file gateway to open the Shares page.
  4. In the left-side navigation pane, click Cache. On the Cache page, click Create Cache.
  5. In the Add Cache dialog box, set the following parameters:
    • Capacity: the size of the cache disk that you want to create. Valid values: 40 GB to 32 TB.
    • Type: the type of the cache disk that you want to create. Valid values: Ultra Disk, Standard SSD, and ESSD.
    Note
    • Basic gateway: The maximum cache capacity is 1 TB. PL3 is not available for ESSD cache disks.
    • Standard gateway: The maximum cache capacity is 2 TB.
  6. Click OK.
    If you create a subscription file gateway, you are redirected to the Cloud Storage Gateway Cache Disk (Subscription) page after you create a cache disk. Complete the payment as prompted. For more information, see Purchase a cache disk.

Step 3: Create a share

  1. Log on to the CSG console.
  2. In the upper-left corner, select the region where the file gateway resides.
  3. In the left-side navigation pane, click Gateways. On the Current Gateway Cluster page, click the ID of the file gateway to open the Shares page.
  4. In the left-side navigation pane, click Share. On the Shares page, click Create.
  5. In the Bucket Settings step, set the parameters and click Next. The following table describes the parameters.
    Parameter Description
    Cross-region Binding
    • Yes: You can access a bucket that resides in a different region from the specified gateway.
    • No: You can access only the bucket that resides in the same region as the specified gateway.
    Bucket Region Select a region where the bucket resides.
    Bucket Name You can select an existing bucket from the drop-down list. You can also enter a subdirectory of the bucket in the Subdirectory field.

    The Subdirectory field supports only letters and digits.

    Note
    • In version 1.0.38 and later, you can map the root directory of a file system to a subdirectory of a bucket. This way, you can isolate file access requests.
    • You can specify an existing subdirectory or a subdirectory that does not exist in the bucket. After you create the share, the specified subdirectory serves as the root directory and stores all related files and directories.
    • Back-to-origin buckets are not supported.
    Encrypt Valid values: None, Server-side Encryption, and Gateway-side Encryption.

    If you select Server-side Encryption, you must set the Key ID parameter. You can create a key in the KMS console. For more information, see Create a CMK.

    After you enable the OSS server-side encryption feature, you can bring your own key (BYOK). The system supports keys that are imported from Key Management Service (KMS).

    After you enable the OSS server-side encryption feature, the system uses the imported key to encrypt files that are uploaded to OSS from the shared directory. You can call the GetObject API operation to check whether the specified file is encrypted. If the value of the x-oss-server-side-encryption field is KMS and the value of the x-oss-server-side-encryption-key-id field is the key ID in the response header, the file is encrypted.

    Note
    • Only the users in the whitelist can use this feature. The gateway-side encryption feature is available only for enhanced and advanced gateways. For more information, see Enable gateway encryption.
    • If you create a key in the KMS console, you must select the same region where the specified OSS bucket resides.
    Use SSL to connect Bucket If you select Yes, you can connect to the OSS bucket over SSL.
  6. In the Basic Information step, set the parameters and click Next. The following table describes the parameters.
    Parameter Description
    Share Name The name of the Network File System (NFS) share or Server Message Block (SMB) share that you want to create. If you set the Protocol parameter to NFS, the share name also specifies the virtual path of NFS version 4 (NFSv4).

    The name must be 1 to 32 characters in length, and can contain letters and digits. The name cannot start with a digit.

    Protocol The name of the protocol that you want to use to connect to OSS buckets. Valid values: NFS and SMB.
    • You can use the NFS protocol if you need to access OSS buckets from a Linux operating system.
    • You can use the SMB protocol if you need to access OSS buckets from a Windows operating system.
    Cache Select an existing cache disk.
    Note For a cache disk whose capacity is less than 5 TB, 20% of the space is used to store metadata. For a cache disk whose capacity is 5 TB or larger, 1 TB of the space is used to store metadata. For example, if you create a cache disk whose capacity is 40 GB, the available cache space is 32 GB. If you create a cache disk whose capacity is 20 TB, the available cache space is 19 TB.
    User Mapping

    Maps an NFS client user to an NFS server user. This parameter is available only if you set Protocol to NFS.

    • none: NFS client users are not mapped to the nobody user on the NFS server.
    • root_squash: restricts the use of root user permissions. NFS clients that use the root identity are mapped to the nobody user on the NFS server.
    • all_squash: restricts the use of all user permissions. No matter what identity an NFS client uses, the client is mapped to the nobody user on the NFS server.
    • all_anonymous: restricts the use of all user permissions. NFS clients are mapped to the nobody user on the NFS server regardless of the identity that is used by the clients.
    Archive This parameter is available only if you set Protocol to NFS and User Mapping to none.
    • If you select Yes, the archive feature is enabled. You can use the archive management tool to archive and restore files in a share.
    • If you select No, the archive feature is disabled. You cannot use the archive management tool to manage files. If you request to read data from an archived file, the system sends a request to restore the file. No error message is returned. However, latency may exist before you can read the archived file.
    Note Basic file gateways do not support the archive feature.
    Browsable Specifies whether the share can be accessed by using Network Neighborhood.
    Windows Permission Support The Windows access control list. For more information, see Enable Windows access-based enumeration.
    Add to Sync Group You can enable the express synchronization feature for the share and add the share to a synchronization group. Then, all changes to the data that is stored in the associated OSS bucket are synchronized to the on-premises client of the share. After you select the Add to Sync Group check box, the Reverse Sync check box is automatically cleared.
    Note
    • Before you can enable this feature, you must create a synchronization group first. Make sure that the synchronization group and the share use the same OSS bucket. For more information about how to create a synchronization group, see Express synchronization.
    • Only Standard, Enhanced, and Performance Optimized gateways support the express synchronization feature.
    • You must use the express synchronization feature together with Alibaba Cloud Message Service. After you add a share to a sync group, you are charged when you use Message Service. For more information, see the "Context" section in Express synchronization.
    Advanced Settings After you select the Advanced Settings check box, the Advanced Settings step appears.
  7. In the Advanced Settings step, set the required parameters and click Next. The following table describes the parameters.
    Parameter Description
    Mode
    • Replication Mode: In this mode, two backups are created for all data. One backup is stored on the on-premises cache disk and the other backup is stored in the associated OSS bucket.
    • Cache Mode: In this mode, the backup that is stored on the on-premises cache disk contains only metadata and the user data that is frequently accessed. The backup that is stored in the OSS bucket contains all data.
    Transfer Acceleration This feature uses the public bandwidth of the gateway to accelerate the data transfer speed across regions. Before you use this feature, make sure that the transfer acceleration feature is enabled for the associated OSS bucket.
    Fragmentation Optimization Specifies whether to optimize the performance for applications that frequently and randomly read and write small amounts of data. Proceed with caution.
    Direct IO Mode Data is directly read from and written to the cache disk.
    Upload Optimization If you select Yes, cached data is cleared in real time. You can enable this feature if you synchronize only backups to the cloud.
    Reverse Sync Specifies whether to synchronize metadata stored in the OSS bucket to the on-premises cache disk. You can use this feature in scenarios, such as disaster recovery, data restoration, and data sharing.
    Note
    • In a reverse synchronization process, the system scans all objects in the bucket. If the number of objects exceeds the limit, you are charged when you call the OSS API. For more information, see OSS pricing.
    • If you select the Add to Sync Group check box in the Basic Information step, the Reverse Sync parameter is unavailable.
    Reverse Sync Interval If you set Reverse Sync to Yes, you must also set the Reverse Sync Interval parameter. Valid values: 15 to 36000. Default value: 36000. Unit: seconds.
    Note If the bucket contains a large number of objects, we recommend that you set the interval to a value that is greater than 3,600 seconds. If the interval is less than 3,600 seconds, repeated scans are performed, which results in frequent OSS API calls. This increases the amount of fees.
    Ignore Deletions If you select Yes, the data that is deleted from the on-premises cache disk is not deleted from the OSS bucket. The OSS bucket retains all data.
    NFS V4 Optimization Specifies whether to improve the upload efficiency of NFSv4 files. If you select Yes, you cannot mount an NFSv3 file system on your on-premises host.
    Sync Latency Specify a synchronization latency to upload modified and closed files. The Sync Latency feature prevents OSS file fragments that are caused by frequent on-premises modifications. Default value: 5. Maximum value: 120. Unit: seconds.
    Replication Mode Advanced Settings This parameter is available only if you set Mode to Replication Mode. After you select the Replication Mode Advanced Settings check box, the Replication Mode Advanced Settings step appears.
  8. In the Replication Mode Advanced Settings step, set the parameters and click Next. The following table describes the parameters.
    Parameter Description
    Configure Directory in Replication Mode Specify the files to which the replication mode applies.
    • If you do not select this check box, the replication mode applies to all data in the share.
    • After you select the check box, click Add Directory to add directories. The replication mode applies to the specified directories. The cache mode is used for other data.
    Note
    • After you change the mode of a directory from cache to replication, you can synchronize the files in the directory only if the data download feature is enabled. We recommend that you enable the data download feature in replication mode.
    • You can specify relative directories in the shared root directory. For example, if the actual directory is /mnt/myshare/mydir/ and the mount point is /mnt/myshare, you can enter /mydir/.
    Data Download By default, the reverse synchronization and express synchronization features synchronize the metadata between the OSS bucket and the on-premises cache disk. The data download feature allows you to download data in replication mode. After you enable the Reverse Sync or Express synchronization feature, you can set Data Download to Yes.
    Note
    • If you download data in replication mode, the capacity of the cache disk must be 110% larger than the size of the files that you want to replicate. You must specify the cache capacity based on the expected growth of the bucket usage.
    • When you enable the data download feature for the first time, a full scan is triggered. This process may reduce the performance of the gateway. We recommend that you enable the data download feature during off-peak hours and wait for the system to replicate all data.
    • The data download feature allows only one user to write data to the bucket, and multiple users to read data from the bucket at the same time. If multiple users access the bucket at the same time over the gateway or OSS bucket, only one user can upload files to the bucket. Other users can only download data. If multiple users write data to and read data from the bucket at the same time, data loss may occur. Proceed with caution.
    Download Speed Limit This parameter is available only if you enable the Data Download feature in replication mode. The download speed must be in the range of 0 MB/s to 1,280 MB/s. If you set this parameter to 0 MB/s, the download speed is unlimited.
    Reverse Sync Interval This parameter is available only if you enable the Data Download feature in replication mode. Valid values: 3600 to 36000. Default value: 36000. Unit: seconds.
    Note
    • If the bucket contains a large number of objects, we recommend that you set the interval to a value that is greater than 3,600 seconds. If the interval is less than 3,600 seconds, repeated scans are performed, which results in frequent OSS API calls. This increases the amount of fees.
    • Reverse synchronization is triggered only when you access the directory. To make sure that the data in other directories can be downloaded and new data can be downloaded in real time, use the Express synchronization feature.
  9. In the Confirmation step, confirm your settings and click OK.

Access a share

After you create a share, you can access the share from a client. For more information, see Access shares.