All Products
Search
Document Center

File Storage NAS:FAQ about advanced management features

Last Updated:Nov 01, 2024

When can I enable the lifecycle management feature?

  • If the files in a General-purpose NAS file system are accessed 1 to 3 times each month, we recommend that you configure a lifecycle policy to dump the files to the Infrequent Access (IA) storage class. You are charged based on the billable items of the IA storage class.

  • If the files in a General-purpose NAS file system are accessed once or twice each quarter, we recommend that you configure a lifecycle policy to dump the files to the Archive storage class. You are charged based on the billable items of the Archive storage class.

    To further reduce storage costs, you can configure a lifecycle policy for both the IA storage class and the Archive storage class. If files meet the rules configured in the lifecycle policy, Apsara File Storage NAS (NAS) executes the lifecycle policy with the minimal overhead. For more information, see Lifecycle management overview.

Why am I unable to enable the lifecycle management feature for my file system?

If your General-purpose NAS file system was created before June 1, 2020, you cannot enable the lifecycle management feature or configure lifecycle policies for the file system. The lifecycle management feature is unavailable for file systems for which the data encryption feature is enabled.

How do I configure lifecycle policies?

To configure lifecycle policies, you can use the NAS console or call the CreateLifecyclePolicy operation. For more information, see Manage a lifecycle policy and CreateLifecyclePolicy.

How do I disable the lifecycle management feature?

After you enable the lifecycle management feature for a General-purpose NAS file system, you can dump the cold data that has not been accessed for a long period of time to the IA or Archive storage class. The feature helps you reduce storage costs.

If you no longer want to use the lifecycle management feature, perform the following steps to disable the feature:

  1. Log on to the NAS console.

  2. In the left-side navigation pane, choose Lifecycle Management > Lifecycle Policies.

  3. In the top navigation bar, select a region.

  4. On the Lifecycle Policies page, find the lifecycle policy that you want to delete, and click Delete in the Actions column. In the message that appears, click OK.

    After the lifecycle policy is deleted, the data that meets the lifecycle policy is no longer dumped to the IA or Archive storage class. If data has been dumped to the IA or Archive storage class before the policy is deleted, the data remains in the IA or Archive storage class. You are charged based on the storage usage of the IA or Archive storage class.

For more information about how to retrieve data from the IA or Archive storage class to the Standard storage class, see Create a data retrieval task.

Which files can be dumped to the IA or Archive storage class?

A file that meets the following conditions can be dumped to the IA or Archive storage class:

  • A lifecycle policy is configured for the directory in which the file is stored.

  • The size of the file is in the range of 64 KiB to 4.88 TiB.

  • The file is not accessed during the period of time that is specified in the lifecycle policy.

    When you create a lifecycle policy, you can configure a rule to dump the files that are not accessed in the previous 14 days, 30 days, 60 days, or 90 days to the IA storage class. You can also configure a rule to dump the files that are not accessed in the previous 14 days, 30 days, 60 days, 90 days, or 180 days to the Archive storage class. The lifecycle management feature checks whether a file is infrequently accessed based on the atime parameter, which indicates the time when the file was last accessed.

    • The following operations update the atime of a file:

      • Read data from the file.

      • Write data to the file.

    • The following operations do not update the atime of a file:

      • Rename the file.

      • Modify the user, group, mode, or other attributes of the file.

What happens if I configure multiple lifecycle policies for a single directory?

If the files in the directory meet a rule in one of the lifecycle policies, NAS executes the lifecycle policy with the minimal overhead.

What happens if I configure different lifecycle policies for a directory and its parent directory?

If the files in the directory meet a rule in one of the lifecycle policies, NAS executes the lifecycle policy with the minimal overhead.

For example, you configure the following lifecycle policy for a directory: Data that is not accessed in the previous 14 days is dumped to the IA storage class. You configure the following lifecycle policy for its parent directory: Data that is not accessed in the previous 60 days is dumped to the IA storage class. In this case, the files in the directory that are not accessed in the previous 14 days are dumped to the IA storage class. When the system checks for infrequently accessed files based on the lifecycle policy configured for the parent directory, the system skips the files that have already been dumped to the IA storage class.

Is a lifecycle policy valid for all data in the specified directory?

Yes, a lifecycle policy valid for all data in the specified directory. If the file data in the specified directory meets the lifecycle policy, the data is automatically dumped to the IA or Archive storage class.

How long does it take to dump a file that meets a lifecycle policy to the IA or Archive storage class?

The time that is required to dump a file to the IA or Archive storage class depends on the storage usage of the file system and the size of the file. After the lifecycle management feature is enabled, a file that meets a specified lifecycle policy is dumped to the IA or Archive storage class within 2 to 24 hours. Subsequent file dumps are performed at a specific point in time every week.

What happens if I rename a directory for which a lifecycle policy is configured?

If you rename a directory for which a lifecycle policy is configured, the lifecycle policy no longer takes effect on the files in the directory. Files that have been dumped to the IA or Archive storage class remain in the IA or Archive storage class.

If you reconfigure a lifecycle policy for the renamed directory, the lifecycle policy takes effect on the files in the directory. The files that meet the lifecycle policy are dumped to the IA or Archive storage class.

What happens if a lifecycle policy is deleted?

If a lifecycle policy is deleted, the files in the specified directory are no longer dumped to the IA or Archive storage class. Files that have been dumped to the IA or Archive storage class remain in the IA or Archive storage class.

Are the files in a directory repeatedly dumped if I delete the existing lifecycle policy and then reconfigure a lifecycle policy for the directory?

No, the files are not repeatedly dumped. After you reconfigure a lifecycle policy, the system checks for infrequently accessed files based on the lifecycle policy and skips the files that have already been dumped to the IA or Archive storage class. This ensures that files are not repeatedly dumped.

Can I read data from and write data to the files that are stored in the IA or Archive storage class?

Yes, you can read data from and write data to the files in the IA or Archive storage class the same way you read data from and write data to other files in a file system. For more information about the performance of different storage classes, see Storage classes of General-purpose NAS file systems.

Which files in my file system are stored in the IA or Archive storage class?

To query the files that are stored in the IA or Archive storage class, you can use the NAS console or call the ListDirectoriesAndFiles operation. For more information, see View the files stored in the IA or Archive storage class and ListDirectoriesAndFiles.

Is the latency of reading data from and writing data to a file in the IA storage class higher than the latency of reading data from and writing data to a file in the Standard storage class?

It depends. For a General-purpose NAS file system (Performance, Premium, or Capacity), when a file in the IA storage class is read for the first time, the latency may be higher than the latency of reading data from a file in the Standard storage class. When the file in the IA storage class is read later, the latency is almost the same as the latency of reading data from a file in the Standard storage class.

The latency of writing data to a file in the IA storage class is almost the same as the latency of writing data to a file in the Standard storage class. For more information about the performance of different storage classes, see Storage classes of General-purpose NAS file systems.

Is the latency of reading data from and writing data to a file in the Archive storage class higher than the latency of reading data from and writing data to a file in the Standard storage class?

It depends. For a General-purpose NAS file system (Performance, Premium, or Capacity), when a file in the Archive storage class is read for the first time, the latency may be higher than the latency of reading data from a file in the Standard storage class. When the file in the Archive storage class is read later, the latency is almost the same as the latency of reading data from a file in the Standard storage class.

The latency of writing data to a file in the Archive storage class is almost the same as the latency of writing data to a file in the Standard storage class. For more information about the performance of different storage classes, see Storage classes of General-purpose NAS file systems.

How am I charged if my files are dumped to the IA storage class?

If your files are dumped to the IA storage class, you are charged based on the billable items of the IA storage class. For more information, see Billing of General-purpose NAS file systems.

How am I charged if my files are dumped to the Archive storage class?

If your files are dumped to the Archive storage class, you are charged based on the billable items of the Archive storage class. For more information, see Billing of General-purpose NAS file systems.

Is cold data in the IA storage class automatically converted to hot data after the cold data is accessed?

No, the cold data is not automatically converted to hot data after it is accessed. After data is dumped to the IA storage class, the data is persistently stored in the IA storage class. If you access cold data in the IA storage class, you are charged for the read and write traffic. For more information, see Billing of General-purpose NAS file systems.

If you need to frequently access data in the IA storage class, we recommend that you create a data retrieval task to retrieve data from specific files or directories to the Standard storage class. If you run the data retrieval task to read the required data, you are charged for the read traffic. For more information, see Create a data retrieval task.

How do I create a data retrieval task to retrieve files from the IA storage class?

To create a data retrieval task, you can use the NAS console or call the CreateLifecycleRetrieveJob operation. For more information, see Create a data retrieval task or CreateLifecycleRetrieveJob.

Is the read or write performance of a file system affected when a data retrieval task is running?

No, the read or write performance of a file system is not affected. You can read or write data as expected when a data retrieval task is running.

Am I charged for a data retrieval task?

Yes, you are charged for a data retrieval task. When you run a data retrieval task, the system reads data from the specified file. You are charged for reading the file from the IA or Archive storage class based on the file size and the storage class. After the data retrieval task is completed, the file is moved to the Standard storage class. You are charged for the storage space occupied by the file. For more information, see Billing of General-purpose NAS file systems.

How am I charged when I back up files that are stored in the IA or Archive storage class?

If you use Cloud Backup to back up files that are stored in the IA or Archive storage class of a General-purpose NAS file system, you are charged based on the billable items of Cloud Backup. For more information, see Billing methods and billable items.

To back up files from the IA or Archive storage class, Cloud Backup reads data from the files. Therefore, you are charged for the read traffic. The traffic fees are included into your NAS bills. For more information, see Billing of General-purpose NAS file systems.

How am I charged when I use a security service to scan files in the IA or Archive storage class?

When a security service such as the anti-ransomware service of Security Center scans files in the IA or Archive storage class of a General-purpose NAS file system, the security service reads data from the files. You are charged for the read traffic. The traffic fees are included into your NAS bills. For more information, see Billing of General-purpose NAS file systems.

Why do I need to use RAM to grant the required permissions when I create a mount target in the classic network?

This is because you must authorize NAS to verify the Elastic Compute Service (ECS) instances that access your file systems. To ensure data security of your file systems, NAS allows only the ECS instances of your Alibaba Cloud account to access your file systems by using the classic network mount target. The file systems and ECS instances must belong to the same Alibaba Cloud account. To verify the ECS instances that access your file systems, you must authorize NAS to obtain the ECS instances of your account in the Resource Access Management (RAM) console.

Important
  • After you complete the authorization, NAS can call only the DescribeInstances operation. NAS uses the ECS instances only for verification.

  • We recommend that you do not delete or modify the AliyunNASDefaultRole role in RAM. Otherwise, exceptions such as mount failures or file system errors may occur.

Why am I unable to view a file system after I log on to the NAS console as a RAM user that has full access permissions on the file system?

  • Issue

    After you log on to the NAS console as a RAM user that has full access permissions on a file system, an error message appears when you go to the File System List page.

  • Cause

    The permissions on tags are not granted to the RAM user. You must configure the permissions of tag:ListTagKeys.

  • Solution

    Use a custom policy to grant the RAM user the permissions on the tags of the file system that you want to access. For more information, see Perform access control based on RAM policies.

    {
        "Statement": [
            {
                "Effect": "Allow",
                "Action": "nas:*",
                "Resource": "acs:nas:*:*:filesystem/0ddaf487b2"
            },
            {
                "Effect": "Allow",
                "Action": "nas:CreateMountTarget",
                "Resource": "acs:vpc:*:*:vswitch/*"
            },
            {
                "Effect": "Allow",
                "Action": "cms:Describe*",
                "Resource": "*"
            },
            {
                "Effect": "Allow",
                "Action": "nas:DescribeFileSystems",
                "Resource": "*"
            },
            {
                "Effect": "Allow",
                "Action": "tag:ListTagKeys",
                "Resource": "*"
            }
        ],
        "Version": "1"
    }

What do I do if the time that is used to grant permissions on an SMB mount directory to a new user in a Windows AD domain is longer than expected?

When you grant permissions on an SMB mount directory to a new user, Windows traverses all files in the SMB mount directory, and then grants the required permissions. This issue may occur due to network latency. To resolve the issue, run a command to grant permissions on multiple files at a time. For example, run the icacls or Set-Acl command. The Set-Acl command is available only in PowerShell. For more information, see icacls or Set-Acl.

How do I verify the correctness of a keytab file?

Before verification, you must regenerate a keytab file and enable the -mapuser parameter.

Important

After the -mapuser parameter is enabled, the mappings between the mount targets of file systems and users that have been configured become invalid. For example, the mapuser parameter maps the someone user to mount target 1 and then maps the someone user to mount target 2. In this case, the someone user can access only mount target 2. Therefore, we recommend that you use the mapuser parameter to map the mount targets of different file systems to different users before the verification.

Sample command

ktpass -princ cifs/file-system-id.region.nas.aliyuncs.com@EXAMPLE.com -ptype KRB5_NT_PRINCIPAL -mapuser alinas@example.com -crypto All -out c:\nas-mount-target.keytab -pass tHeP****d123
  • In the preceding command, example.com is the name of the AD domain that you want to build. You must replace example.com with a lowercase domain name.

  • EXAMPLE.com is the name of the AD domain that you want to build. You must replace EXAMPLE.com with an uppercase domain name.

Procedure

  1. Log on to a Linux client on which the kinit tool is installed.

    Note

    The client must be able to access the AD domain or configure DNS as an AD domain server. For more information about how to configure a Linux client, see Mount and use an SMB file system on a Linux client as an AD domain user.

  2. Add the following content to the /etc/krb5.conf file:

     [realms]
     EXAMPLE.COM = {
         kdc = iZisovkei9i*****.example.com
         admin_server = iZisovkei9i****.example.com
     }
    [domain_realm]
     .example.com = EXAMPLE.COM
     example.com = EXAMPLE.COM

    In the preceding content, iZisovkei9i*****.example is an AD domain server. Replace it with the actual value.

    Note

    If your client runs CentOS, you must also configure the following content:

        default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
        default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
        permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
  3. Run the following command to verify that the client can connect to the AD domain server:

    kinit aliyun.nas@example.com
    • If the command output contains the account information, the Kerberos configuration of the client is correct.

    • If the error KDC replay did not match expectations while getting initial credentials is returned, replace all AD domain names in the /etc/krb5.conf file with uppercase domain names.

  4. Optional. Run the following command to verify that the mount target in the keytab file is the mount target of your file system:

    klist -k -t <keytab file name>.keytab
  5. Run the following command to verify the keytab file:

    kinit -k -t <keytab file name>.keytab cifs/file-system-id.region.nas.aliyuncs.com@EXAMPLE.COM

    In the preceding command, file-system-id.region.nas.aliyuncs.com is the mount target of the file system. Replace it with the actual value. EXAMPLE.COM is the name of the AD domain. Replace it with the actual uppercase name.

    If no error occurs, the keytab file is correct.

How do I obtain an AccessKey pair?

  1. Log on to the Alibaba Cloud Management Console by using your Alibaba Cloud account.
  2. Move the pointer over the profile picture in the upper-right corner of the page that appears and click AccessKey Management.
  3. In the Note dialog box, click Use Current AccessKey Pair or Use AccessKey Pair of RAM User.
    Note dialog box
    • Obtain the AccessKey pair of the Alibaba Cloud account
      1. Click Use Current AccessKey Pair.
      2. On the AccessKey Pair page, click Create AccessKey.
      3. In the View Secret dialog box, view the AccessKey ID and AccessKey secret. You can click Download CSV File to download the AccessKey pair or click Copy to copy the AccessKey pair. Create an AccessKey pair
    • Obtain the AccessKey pair of a RAM user
      1. Click Use AccessKey Pair of RAM User. Then, you are redirected to the Users page of the RAM console.
      2. On the Users page of the RAM console, find the RAM user whose AccessKey pair you want to obtain.
        Note If you do not have a RAM user, create one first. For more information, see Create a RAM user.
      3. Click the name of the RAM user in the User Logon Name/Display Name column.
      4. In the User AccessKeys section of the Authentication tab, click Create AccessKey.
      5. In the View Secret dialog box, view the AccessKey ID and AccessKey secret. You can click Download CSV File to download the AccessKey pair or click Copy to copy the AccessKey pair. Create AccessKey
        Note
        • An AccessKey secret is displayed only after you click Create AccessKey. You cannot query the AccessKey secret in subsequent operations. Therefore, you must back up your AccessKey secret.
        • If your AccessKey pair is leaked or lost, you must create another AccessKey pair. You can create a maximum of two AccessKey pairs for each RAM user.

How can I use the server-side encryption feature of NAS?

When you create a file system, you can set the Encryption Type parameter to NAS-managed Key or Custom Key (KMS) based on your business requirements. For more information, see Create a General-purpose NAS file system in the NAS console and Create an Extreme NAS file system in the NAS console.

Can I enable the server-side encryption feature for an existing file system?

No, you cannot. You can enable the server-side encryption feature only when you create a file system.

Can I disable the server-side encryption feature for a file system?

No, you cannot. The server-side encryption feature takes effect immediately after it is enabled. You cannot disable the feature.

Can I change the key that is used to encrypt a file system?

No, you cannot. When you create a file system, a key is specified to encrypt the file system. The key cannot be changed.

Which data encryption method do I need to select, NAS-managed keys or custom keys?

Both data encryption methods use Key Management Service (KMS) to host keys and use the envelope encryption mechanism to prevent unauthorized data access.

If you want to use Bring Your Own Key (BYOK) to meet specific security requirements, you can use custom keys. For other scenarios, we recommend that you use NAS-managed keys.

Important

If a custom key that is used to encrypt a NAS file system is disabled or deleted, the NAS file system cannot be accessed.

Does the server-side encryption feature of NAS support the SM4 algorithm?

No, the server-side encryption feature does not support the SM4 algorithm. Server-side encryption uses the industry-standard AES-256 algorithm to generate keys. These keys are used to protect static data in file systems. To prevent against unauthorized data access, server-side encryption uses the envelope encryption mechanism. The keys of server-side encryption are generated and managed by KMS. KMS allows you to ensure the confidentiality, integrity, and availability of keys. For more information, see Use envelope encryption to encrypt and decrypt local data.

If a CMK that is applied to a NAS file system is accidentally disabled or deleted, how can I resume access to the data of the NAS file system?

  • If you disable a customer master key (CMK), re-enable the CMK.

  • If you have scheduled a task to delete a key, cancel the scheduled task. For more information, see Schedule a key deletion task.

  • If the key material of a BYOK key is deleted, re-upload the original key material. For more information, see Import key material.

  • If a CMK is deleted, the CMK cannot be restored. In this case, the data of the related file system cannot be accessed.

After I enable the server-side encryption feature, do I need to use an application to decrypt data each time I access the data?

No, you do not need to use an application to decrypt data after you enable the server-side encryption feature. NAS automatically encrypts and decrypts data. You do not need to perform these operations by using an application.

Is the performance of a file system affected after the server-side encryption feature is enabled for the file system?

Yes, the performance of the file system is affected. After the server-side encryption feature is enabled for a file system, NAS encrypts data that is written to the file system. When you read data from the file system, the data is automatically decrypted. The read and write performance of a file system is affected by the size of the data block that is accessed during each read or write operation. For example, you have two file systems of the same storage class. The performance of the file system for which the server-side encryption feature is enabled decreases by 5% to 25% compared with the performance of the other file system. For more information, see What is the read and write performance of a file system related to?

Is the available storage capacity of a file system reduced if I enable server-side encryption at rest for the file system?

No, the available storage capacity of the file system is not reduced. The Advanced Encryption Standard (AES) is a block cipher that uses the automatic padding mechanism. Data that is encrypted at rest with automatic padding does not occupy the available storage capacity of the file system.

Does NAS support the inotify subsystem?

No, NAS does not support the inotify subsystem. The inotifywait and rsync commands are commonly used together to back up and synchronize data in real time. However, the inotifywait command cannot be run as expected on NAS file systems due to the implementation of the inotify subsystem.

  • How inotifywait works

    The inotifywait command is a user-mode interface of the Linux inotify subsystem that is implemented at the Virtual File System (VFS) layer. After you run the inotifywait command, file changes are monitored at the VFS layer. If a file is created, deleted, or modified, the name of the file and the type of the operation are returned to the user-mode inotifywait process. Then, the inotifywait command returns the information about the operation.

  • Known issues

    The inotify subsystem is implemented at the VFS layer of the kernel. Therefore, the inotifywait process on a Network File System (NFS) client of an NFS file system cannot detect the operations that other clients perform on the file system. For example, a NAS file system is mounted on Client A and Client B at the same time. On Client A, when you start an inotifywait process to listen to the mount directory, the following issues may occur:

    • The inotifywait process can detect the operations that Client A performs on the files of the file system.

    • The inotifywait process cannot detect the operations that Client B performs on the files of the file system.

  • Alternative solution

    You can use the File Alteration Monitor (FAM) subsystem as an alternative solution to prevent the issues. The FAM subsystem is a repository that is used to listen to files or directories. FAM is implemented in user mode. An FAM daemon scans the directories in a file system on schedule to detect file changes. However, the FAM subsystem has the following drawbacks:

    • You must write code to call the required FAM operation on your client.

    • If you want to monitor a large number of files, the performance of the FAM subsystem may be compromised. A large number of resources may be consumed and the timeliness of file monitoring cannot be ensured.

If I cancel a file backup job, are the backup files of the job still retained?

No, if you cancel a running backup job, all the backup files of the job are deleted from the backup vault. If you still need to back up these files, create another backup job.

Backup files in completed backup jobs are not affected.

If I cancel a restore job, are the restored files of the job retained after the restore job is canceled?

Yes, if you cancel a restore job, the restored files of the job are still stored in a specified directory. Other files of the job are no longer restored.

How is the free-trial period for backing up NAS files calculated?

You can use the file backup feature free of charge for 30 days, starting from the day on which you create the first backup plan for a NAS file system.

For example, if you created a backup plan named backup01 for File System A on May 1, 2021, you can use the file backup feature free of charge until May 30, 2021. After the free-trial period expires, you can delete the backup plan. If you want to continue using the backup plan, you must pay for the backup plan. For more information, see Billing methods and billable items.

Are deleted files temporarily stored in the recycle bin?

If you enable the recycle bin feature, the deleted files or directories are temporarily stored in the recycle bin, including but not limited to the following files and directories:

  • The files that you deleted from NAS file systems on compute nodes, such as ECS instances and containers. For example, if you run the rm -f test01.text command to delete the test01.text file, the test01.text file is dumped to the recycle bin.

  • The files or directories that are automatically deleted by applications from NAS file systems on compute nodes. For example, if an application runs the os.remove("test02.text") Python code to delete the test02.text file, the test02.text file is dumped to the recycle bin.

  • The files or directories that are deleted when you call the POSIX rename function. For example, the test_a.txt file and the test_b.txt file reside in the same directory. If you run the mv test_a.txt test_b.txt command, the test_b.txt file is dumped to the recycle bin.

  • The temporary files that are created when applications use NAS files. For example, if you run the vim command to edit a file, the .swp and .swpx temporary files are dumped to the recycle bin.

  • The application log files that are automatically rotated. For example, if you use NGINX to configure automatic log rotation, up to 20 log files can be retained. If the test.log. 19 log file is rotated to the test.log. 20 log file, the original test.log. 20 log file is dumped to the recycle bin.

Note

If you overwrite a file but do not delete the file, the file is not dumped to the recycle bin. For example, if you call the open() function to open a file and write data to the file in w+ mode, the original file is not dumped to the recycle bin.

Can I restore a file from the recycle bin to the original directory of the file system if the directory is renamed?

Yes, you can restore a file from the recycle bin to its original directory regardless of whether the directory is renamed. This is because a restore job is performed based on the FileId of the original directory. For example, after the recycle bin feature is enabled, you delete the file1.txt file from the dir1 directory and change the directory name from dir1 to dir2. In the recycle bin of the NAS console, the directory tree indicates that the file1.txt file resides in the dir2 directory. After you restore the file from the recycle bin, the directory tree indicates that the file1.txt file is stored in the dir2 directory on the compute node.

Which way is faster, restoring files from the recycle bin or restoring files from Cloud Backup?

When you restore files from the recycle bin, NAS migrates only the metadata of the files but not copy the files. Therefore, restoring files from the recycle bin is faster than restoring files from Cloud Backup.

Am I charged for using the recycle bin feature?

No, you are not charged for using the recycle bin feature. However, you are charged for the storage space occupied by temporary files in the recycle bin based on the pricing of the original storage class. For example, after you delete a file from a Capacity NAS file system, you are charged for the file based on the unit price of storage in the Capacity NAS file system. After you delete a file from the IA storage class, you are charged for the file based on the unit price of storage in the IA storage class. For more information, see Billing of General-purpose NAS file systems.

How do I query files in the recycle bin?

You can use the NAS console to query the files that are temporarily stored in the recycle bin and the time at which the files are deleted. For more information, see the "Query files in the recycle bin" operation described in Recycle bin.

Can I read data from or write data to the files in the recycle bin?

No, you cannot read data from or write data to the files or directories in the recycle bin. You can only query deleted files and directories. If you enable the recycle bin feature, deleted files are temporarily retained in the recycle bin. Before you can read data from or write data to the files in the recycle bin, you must restore the files from the recycle bin. For more information, see Recycle bin.

Does the deleted General-purpose NAS files in the recycle bin occupy the file quantity or storage space of a NAS file system?

No, the file quantity of a NAS file system does not include the number of deleted files that are temporarily stored in the recycle bin. The deleted files do not occupy the storage space of the file system either. For more information about the storage capacity and file quantity supported by each storage class of NAS file systems, see Limits.

Note

Files that are temporarily stored in the recycle bin are billed based on the original storage class. For more information, see Billing of General-purpose NAS file systems.

Why did an error occur when I called a CloudMonitor API operation to query the monitoring data of a NAS file system?

This issue may occur if the value of the MetricName parameter is invalid. NAS allows you to use CloudMonitor to monitor the performance and capacity of a NAS file system in real time. The following table describes the metrics that you can monitor. For more information, see View the performance data of a NAS file system.

  • Capacity monitoring

    MetricName

    Metric

    Unit

    Description

    AlignedSize

    Data volume of a General-purpose NAS file system (excluding the IA storage class)

    bytes

    The volume of the data that is stored in a file system within a specified period of time. The value does not include the volume of the data that is stored in the IA storage class.

    SecondaryAlignedSize

    Data volume of the IA storage class

    bytes

    The volume of the data that is stored in the IA storage class within a specified period of time after the lifecycle management feature is enabled for a file system.

    ExtremeCapacity

    Total storage space of an Extreme NAS file system

    bytes

    The total capacity of an Extreme NAS file system within a specified period of time.

    ExtremeCapacityUsed

    Data volume of an Extreme NAS file system

    bytes

    The volume of data that is stored in an Extreme NAS file system within a specified period of time.

    ExtremeInodeLimit

    Maximum number of files in an Extreme NAS file system

    N/A

    The maximum number of files that can be created in an Extreme NAS file system within a specified period of time.

    ExtremeInodeUsed

    Number of used files in an Extreme NAS file system

    N/A

    The number of files that have been created in an Extreme NAS file system within a specified period of time.

    RecycleSecondaryAlignedSize

    Volume of IA data in the recycle bin

    bytes

    The volume of IA data that is stored in the recycle bin of a file system within a specified period of time.

    RecycleAlignedSize

    Data volume of General-purpose NAS recycle bin (excluding the IA storage class)

    bytes

    The volume of the data that is stored in the recycle bin of a file system within a specified period of time. The value does not include the volume of the data that is stored in the IA storage class.

    FileCount

    Number of files

    N/A

    The number of files in a file system, excluding folders.

    OfflineReadQuantity

    Read traffic of the IA storage class

    bytes

    The read traffic that is generated when you access data in the IA storage class after the lifecycle management feature is enabled.

    OfflineWriteQuantity

    Write traffic of the IA storage class

    bytes

    The write traffic that is generated when you access data in the IA storage class after the lifecycle management feature is enabled.

  • Performance monitoring

    MetricName

    Metric

    Unit

    Description

    IopsRead

    Read IOPS

    requests/s

    The average read IOPS of a file system within a specified period of time.

    IopsWrite

    Write IOPS

    requests/s

    The average write IOPS of a file system within a specified period of time.

    ThruputRead

    Read throughput

    bytes/s

    The average read throughput per second of a file system within a specified period of time.

    ThruputWrite

    Write throughput

    bytes/s

    The average write throughput per second of a file system within a specified period of time.

    LatencyRead

    Read latency

    ms

    The average read latency per millisecond of a file system within a specific period of time.

    LatencyWrite

    Write latency

    ms

    The average write latency per millisecond of a file system within a specific period of time.

    QpsMeta

    Metadata QPS

    requests/s

    The average number of times that a file system requests metadata per second within a specific period of time.

What are the relationships between an access point policy and the system policies AliyunNASFullAccess and AliyunNASReadOnlyAccess?

Policy

Description

Access point policy

Access point policies are policies provided by NAS for access point clients. Access point policies can be used to grant permissions to different RAM users or RAM roles without the need to use the AliyunNASReadOnlyAccess or AliyunNASFullAccess system policy. Access point policies can meet your fine-grained requirements to a greater extent, realizing more flexible access control.

Access point clients support the following permissions:

  • nas:ClientMount: the permission to mount a file system and read data.

  • nas:ClientWrite: the permission to write data. This permission must be configured together with the nas:ClientMount permission to mount a file system, read data from the file system, and write data to the file system.

  • nas:ClientRootAccess: the permission to access a file system as a root user.

    • If you are not granted this permission, you are granted the least permissions as the nobody user when you access a file system as a root user.

    • If a POSIX user is bound to the access point, the POSIX user is also affected by the nas:ClientRootAccess permission. For example, if the POSIX user is bound as the root user but is not granted the nas:ClientRootAccess permission, all the POSIX users who perform I/O operations after a file system is mounted over the access point are finally granted the least permissions as the nobody user.

    • The nobody user has the least permissions on Linux and can access only the public content of the file system. This ensures the security of the file system.

AliyunNASReadOnlyAccess

A system policy that grants read-only permissions on a NAS file system.

A RAM user or RAM role that has the permissions can only view the information about the file system. The RAM user or RAM role does not have the execute permissions or access permissions on the access point client.

AliyunNASFullAccess

A system policy that grants full management permissions on a NAS file system. To ensure the security of your NAS file system, we recommend that you do not grant the permissions to a RAM user or RAM role.

A RAM user or RAM role that has the permissions can delete the NAS file system, modify the NAS file system, and enable the recycle bin feature. If an access point policy is configured, the RAM user or RAM role has the permissions to access the access point client by default.