Configuring File Accesser Devices

Create a pool of the Native File Accesser Devices and create a new Native file system on the pool.

About this task

File Accesser Device Registrations appear at the bottom of the Manager UI home page. Users are directed to the Bulk Edit Device Site page after approval (per existing behavior). Users are then directed to the Bulk Edit Device Alias page (per existing behavior). Approved File Accesser devices appear in the left navigation pane. File Accesser Device Registrations appear at the bottom of the Manager UI home page.

A file system is the logical unit that encompasses a collection of file data and metadata transferred over the Native File Interfaces (currently NFSv3) by using shares. Each file system is mapped to a unique IBM Cloud Object Storage Vault where file data is stored. The Settled Writes function can enable a true Active Archive that is not subject to accidental or malicious modifications or deletes.

Procedure

  1. Create Access Pool.
    Note: For optimal communication between Accesser and File Accesser devices, contact IBM® Support.
  2. Create Storage Pool.
    Note: Work with IBM Support to create the appropriate Vault Template for your use case.
    • Using SecureSlice™ impacts performance.
    • Named Index is not used by File Accesser devices and must be disabled.
    • Recovery Listing is not used by File Accesser devices and should be disabled.
    • Create vault templates against Storage Pools that use Zone Storage.
  3. Select File Accesser devices for this pool.
    Note: All selected File Accesser devices must be located in the same physical location, which are designated by Site. The Site designation is an important concept for File Accesser devices. All File Accesser devices at a particular Site participate in a unified metadata database cluster with each device that shares responsibility for storing portions of the metadata database. Metadata information is stored in a redundant fashion and can be on any of the File Accesser devices at a particular Site, regardless of File Server Pool membership. A minimum of three File Accesser devices must be included in a site.

    IBM Cloud Object Storage supports the use of two Sites along with File Accesser devices. Each site contains a complete set of metadata, replicated in each location defined by the devices in a Site. The amount of metadata storage at each location is identical and it is recommended that the same number of File Accesser devices be deployed at each of the Sites used.

  4. Create Vault Template.
    Note: Associate Vault Template with created Access Pool.
  5. Right-click in the left navigation pane and click Create File Server Pool to create a pool of File Accesser Devices.
    A minimum of three File Accesser devices should be deployed in the initial File Server Pool for operation in a production environment. Each device runs metadata services where metadata information is stored with three copies ensure data durability.
    Note: This requirement should be adhered to but is not enforced by the Manager.

    The Configure File Server Pool page (a grouping of file Accesser Devices) is displayed. Users can add File Accesser Devices, create File Systems, and create Shares.

    After File Server Pool creation, on the Monitor File Server Pool page, a message displays "One or more devices in this File Server Pool are still in the joining phase" for few minutes.

    Note: Contact customer support if the message does not disappear (how long it takes depends on the number of devices in the file server pool).

    The Create file system page is displayed. Recall that Vault Templates must exist.

  6. Enter the Name (50 characters max) for the file system.

    The name cannot be blank and must be unique regarding other File Systems. Users should name the file system and select the wanted associated Vault Template. A Vault is created automatically by using the selected Vault Template.

    Note: The first character must not be a number, the entire name must be ASCII printable (character codes 32-127), and the name must be unique regarding other file systems in the Cloud Object Storage system.
  7. Select whether SSL is to be used to communicate with the Vault. [Default = Enabled].

    By default Use SSL is selected. This option uses system-generated certificates over SSL for communication between the File Accesser and Accesser devices. This option provides the most secure method of communication between devices, but impacts communication performance. Clear this option for maximum performance.

    Note: If this option is cleared, Anonymous Access must be enabled on the vault that was created for the file system. Modify this setting under Vault configuration of the vault with the same name as the file system.
  8. Select the Vault Template to be used for this file system.
    Note:
    The vault uses the name of the template. Only a single template can be selected. When you create a Vault template:
    • Packed Storage or Zone Storage vaults should be enabled.
    • Named Index and Recovery Listing are not used by File Accesser devices and should be disabled.
    • SecureSlice might slightly degrade performance, depending on Accesser hardware and work load.
  9. Enable the Settle Time. [Default = Disabled]
    A system administrator can opt to define a Settle Time. The file/directory will become read only after the settle time passes.

    A user that matches an override UID or an override GID is able to edit the file/directory. If a settled file/directory is edited, the settle time is reset for the entity and its parent, and normal POSIX permissions apply until the settle time expires again.

    Important: The settle time cannot be changed or disabled after a file system is created, and cannot be enabled on existing file systems. If no settle time is provided, the function is disabled for the file system.
  10. Enter the UID Override [Optional].

    Valid values are any positive integer and zero. A Not Defined value means that users in the GID Override group can bypass the settled writes function. The UID Override is a UID mapped to the user that can bypass the settled writes function.

    If the user is the user with the defined UID, then they are able to write/delete files, including settled files. A blank value means that any user with a matching override GID is able to bypass settled files.

  11. Enter the GID Override [Optional].

    Valid values are any positive integer and zero. A Not Defined value means a user that matches the UID Override can bypass the settled writes function. The GID Override is a GID mapped to the set of users that can bypass the settled writes function.

    If the user is in the group with the defined GID, then they are able to write/delete files, including settled files. A blank value for a user that matches the override UID is able to bypass settled files.

  12. Create a Share.
    The file system is created. Users must now enable the file system by creating a Share.
  13. Click Create Share to display the Create Share page.
    Creating a “Share” adds an NFSv3 export to an existing file system.
  14. Name the Share and select the File System in the drop-down menu that you want to associate with the Share.
    If you want the share to be “Read Only”, select this check box. If you want the Share to be read/write, leave it cleared.
    Note: Use Root is selected by default. This option creates a Share at the root of the file system. For a newly created file system, no other option is available. Shares that are created against existing File Systems with content can be created against any directory.
  15. Locate directory for Share.
    If you clear the Use Root option, a directory browser is displayed. Use this browser to locate the directory in which to create the wanted Share. This option applies to Shares being created on file systems with existing directories.
    Note: If a user deletes a directory that was selected as a Share from a higher-level NFS mount, the share becomes invalid. In this circumstance, the Share must be removed from the Manager by an administrator.
  16. Click Save.
    The share is now created and a user can now mount by using the IP of g1, g2, or g3 (File Accesser 1, 2, or 3).
  17. Create shares of subdirectories.

What to do next

Users can now monitor the current state, view the configuration, and edit the configuration of File Accesser Devices.