Getting Started: Nasuni Access Anywhere On-Premises

last updated Nov 28, 2022

This document walks through deploying and configuring Nasuni Access Anywhere (formerly the Enterprise File Fabric) running in a virtualization environment in your data center or cloud.

For public clouds see specific guides for AWS, Azure, Google, IBM Cloud, Exoscale and Zadara.

See Also:

Prerequisites

You need to prepare/collect the following information before you can complete this configuration guide:

  • Provided with trial email (A trial can be requested from https://www.storagemadeeasy.com/appform/.)
    • Linux smeconfiguser password
    • Linux root user password
    • Appliance appladmin password
    • File Fabric license key
  • Access to request / update DNS names for the appliance (recommended)
  • Outbound mail relay information (recommended)
  • Default storage system connectivity details
  • Active Directory service account, for connecting to AD (optional)

Deployment Architecture

Single Node

For small to mid-size production environments, the Nasuni Access Anywhere Server is typically deployed as a single virtual machine instance, sized for the estimated load.

Multiple Nodes

The platform may also be deployed across multiple virtual machine instances for scalability and high availability.

In this example, a load balancer is introduced to distribute requests across two stateless web nodes. Two additional nodes provide database services in an active/passive configuration. See SME File Fabric HA Setup "2 x 2" With Manual Failover for more information on this example and feel free to contact support to review your specific requirements.

Sizing

Resource Minimum Recommended
Memory 6 GB 8 GB
vCPU 8 8
Disk OS 60 GB 60 GB
Disk DB 100 GB 100 GB

For production deployments see Server Sizing Guide.

For client requirements see Supported Browsers and Client Devices.

Configure Public Endpoint

Applications access the File Fabric through a public endpoint, a fully qualified domain name that resolves to a public IP address. The public IP address will route to the virtual appliance, usually through a firewall or load balancer. SSL certificates need to be applied, and ports opened if needed.

Add DNS Host Records

The File Fabric uses named-based virtual hosts to provide multiple protocols for the same ports. For single VM installations, the first domain name is typically the name of the host.

Choose three fully qualified domain names (FQDNs). For example:

  • files.example.com - primary HTTP/HTTPS services (web app and API)
  • files-webdav.example.com - used for Cloud WebDAV service
  • files-s3.example.com - used for Cloud S3 service (deprecated)

Add DNS type A records for these domain names for the public IP Address. For example,

Type Name Value
A files 35.188.82.62
A files-webdav 35.188.82.62
A files-s3 35.188.82.62

Verify that Public DNS records are setup correctly by pinging each FQDN from the appliance.

ping files.example.com 
ping files-webdav.example.com
ping files-s3.example.com

Configure Static IP Address

Out of the box, the File Fabric appliance comes preconfigured for DHCP. For most environments you will need a static IP address. You can easily do this with tools available on the appliance. If you have DHCP with dynamic DNS enabled, you should be able to simply connect to “appliance.yourcompany.tld”. If not, and you do not know the IP address of the appliance, connect over a console session from your hypervisor.

To identify the IP addresses use:

ip a show dev eth0

Note: If you do not have DHCP enabled on your network, you can run the smenetconf script and assign a static address from the commandline. This must be run as the smeconfiguser.

smenetconf

Required Ports to Open

The appliance requires the following ingress ports:

Type Protocol Port Source Description
SSH TCP 22 My IP SSH for initial configuration
HTTP TCP 8080 My IP Installation website (temporary)
HTTPS TCP 443 Anywhere Main website
HTTP TCP 80 Anywhere Redirects to main website

If you will be accessing the File Fabric using FTP/FTPS or SFTP you'll need to add additional ports.

SSH into Appliance

Log into the appliance through SSH as smeconfiguser. (See trial email for password).

ssh smeconfiguser@<ipaddress>

Check that you can become root. (See trial email for password).

su -

This will be required to complete configuration.

Start SME Config Server

The SME Config Server provides a web interface for configuring network settings including domain names.

If you are logged in as root leave root privilege and as the smeconfiguser start the configuration server by typing smeconfigserver. You should see a confirmation that the config server is running:

smeconfigserver
Please contact me with a browser on port 8080
Hit Ctrl+C when work is done

Now open your browser and navigate to:

http://<your_ip>:8080 

Here you will be able to configure network details, including domain names, and you can apply a custom certificate for secure HTTPS traffic.

Click “Configuration” to get started.

Configure Hostname Settings

Add the three domain names you created DNS entries for here.

Click “Configuration” and then “SME Server Hostname Settings”.

After Saving go to the “Overview” page and scroll down to the bottom to “Apply”. No other changes are required for the appliance.

Follow the prompts on the page to reboot the appliance. If you are not doing this immediately stop the Config Server by typing Control-C in the terminal window.

Once you are finished with smeconfigserver you can remove access to port 8080

SSL Certificates

The appliance includes an untrusted SSL certificate.

To create a trusted SSL/TLS certificate associated with your domain see SSL Certificates.

Configure Appliance

Open a browser to the domain name you assigned, for example:

 https://files.example.com   

If you haven't set a domain name, use your external IP address:

 https://3.234.139.146

You'll see the following login page:

Log into the appliance as appladmin with a password from your trial license:

 User name: appladmin
 Password: <appladminpassword>

License Key

Configure your license key under Settings > License Key.

A trial key can be requested from https://www.storagemadeeasy.com/appform/.

Change Admin Password

We recommend you change the admin password.

Select “Password/Login” from the Main Menu to change the Appliance Administrator password.

After you select “Update password” you will be logged out and need to log back in.

An SMTP server is used by the appliance to send registration and notification emails to users. A daily report and error notices are also emailed to the “Notification Email”.

See SMTP Configuration.

If you do not initially configure an email server remember not to use email notifications when adding users.

Change Appliance Admin Email

With an SMTP server configured you can change the email of the Appliance Admin. Go to the main menu (Hamburger icon) to Password/Login.

You can also set up Two Factor Authentication (2FA) for the Appliance Admin from this screen.

Server Notification Email

Server errors and a daily report are sent to a notification email that must be configured by the Appliance Administrator. The default is not to email reports.

The “Notification Email” setting is on the “SMTP and Filebox Configuration” page that can be found via the menu “Email and Filebox”.

Site Functionality

Here you can enable or disable certain functionality or features. The default settings are generally good for the initial deployment, but please go through the options to familiarize yourself with advanced options. Examples are: Enable in browser editor for inline editing of office documents, enable SFTP access, etc.

If you will be providing SFTP access through the File Fabric's CloudSFTP gateway then you will need to regenerate the File Fabric's SFTP RSA keys. Instructions for doing that can be found here.

Requirements for Creating Users

Users can be created or can be imported from the delegated Active Directory / LDAP / SAML authentication system. A user requires a 'user name' and an email address to be created. In the event that a service account is being used for a user that does not have an email address consider using the User Principle Name (UPN) i.e the name of a system user in an email address format.

Post Installation

For further customizing and securing the appliance see Post Installation Tasks.

Creating Users

To add users and storage providers you first Create an Organization