Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
cloudproviders:nasuni [2022_08_11 15:14] stevencloudproviders:nasuni [2024_04_25 14:38] (current) – [Guidelines and Notices] smeadmin
Line 1: Line 1:
 ====== Nasuni Connector ====== ====== Nasuni Connector ======
-== last updated on Aug 11, 2022 == 
-Nasuni replaces traditionally isolated, fixed, network-attached storage (NAS) and filesystems with a unified, infinitely scalable, cloud-based global file services platform. Users and applications access this globally shared data through Nasuni Edge appliances deployed in data centers and offices all around the world. The Edge appliances provide local SMB access to data, caching active files and metadata for fast access.  
  
-The Enterprise File Fabric platform extends the Nasuni global file systemsupporting remotemobile, and offline workers+<WRAP center round important 60%> 
 +The latest information on Nasuni Connector configuration can be found at [[https://b.link/Nasuni_Access_Anywhere_Getting_Started|Nasuni_Access_Anywhere_Getting_Started.pdf]]. 
 +</WRAP> 
 + 
 +== last updated June2023 == 
 + 
 +Nasuni replaces traditionally isolatedfixed, network-attached storage (NAS) and filesystems with a unified, infinitely scalable, cloud-based global file services platform. Users and applications access this globally shared data through Nasuni Edge appliances deployed in data centers and offices all around the world. The Edge appliances provide local SMB access to datacaching active files and metadata for fast access
  
-The Nasuni connector has been purpose-built and optimized for the Nasuni global file system. It supports single-sign-onreal-time permission synchronizationidentity propagation, and SMB encryption in addition to standard File Fabric features including real-time refresh and content search.+Nasuni Access Anywhere platform extends the Nasuni global file system, supporting remotemobile, and offline workers
  
-The Nasuni connector was added in v1906.07 of the File Fabric and is only available in the appliance versionFurther enhancements and updates have been added to the Nasuni connector in the 1906.08 service pack release. This should be considered the current pre-requisite service pack to deploy the connector.+The Nasuni connector has been purpose-built and optimized for the Nasuni global file systemIt supports single-sign-on, real-time permission synchronization, identity propagation, and SMB encryption in addition to standard Access Anywhere features including real-time refresh and content search.
  
 ===== Overview ===== ===== Overview =====
  
-The Nasuni connector provides end-users with access to their data stored within the Nasuni platform via the Enterprise File Fabric and its' multiple channels of access, including web, desktop, and mobile. +The Nasuni connector provides end-users with access to their data stored within the Nasuni platform via Nasuni Access Anywhere and its' multiple channels of access, including web, desktop, and mobile. 
  
 {{ :cloudproviders:nasuni:nasuni-sme-arch.png?600 |}} {{ :cloudproviders:nasuni:nasuni-sme-arch.png?600 |}}
  
-The connector binds  Identity and Access Management from the Enterprise File Fabric (integrated via Active Directory / LDAP integration) with the permissions of the underlying file shares to provide users with secure access to the Nasuni data, whilst ensuring that users only see and access data that they have permissions to from the underlying shares. +The connector binds Identity and Access Management from Nasuni Access Anywhere (integrated via Active Directory / LDAP integration) with the permissions of the underlying file shares to provide users with secure access to the Nasuni data, whilst ensuring that users only see and access data that they have permissions to from the underlying shares. 
  
-Nasuni Administrators will continue to manage and maintain file share permissions directly from the Nasuni file shares. Furthermore, any changes made on the Nasuni file shares, whether file, folders, or permissions related are reflected immediately within the Enterprise File Fabric.+Administrators will continue to manage and maintain file share permissions directly from the Nasuni file shares. Furthermore, any changes made on the Nasuni file shares, whether file, folders, or permissions related are reflected immediately within Nasuni Access Anywhere.
  
 ===== Prerequisites ===== ===== Prerequisites =====
  
-Enterprise File Fabric (EFF) requirements: +Nasuni Access Anywhere requirements: 
-  * Version 1906.07 or higher +  * Organization Administrator account (not a member with admin role)
-  * Organization user account with Administrator role+
   * Organization connected to your Active Directory via the LDAP Auth Connector.   * Organization connected to your Active Directory via the LDAP Auth Connector.
   * AD Administrative account   * AD Administrative account
Line 51: Line 54:
   * **Use SMBClient for Listing** - Using the smbclient can have performance benefits and is recommended.   * **Use SMBClient for Listing** - Using the smbclient can have performance benefits and is recommended.
  
-  * **Binding LDAP** - A prerequisite noted for this connector is an already established Active Directory connection via LDAP. This should be the same AD domain that is integrated with your Nasuni Edge Appliance. You should select this Enterprise File Fabric Authentication System from the list.+  * **Binding LDAP** - A prerequisite noted for this connector is an already established Active Directory connection via LDAP. This should be the same AD domain that is integrated with your Nasuni Edge Appliance. You should select this Authentication System from the list.
  
 Before proceeding with the next step, it is advisable to review the number of threads that will be used for the Synchronization. Increasing the thread count can improve the rate at which the storage is indexed. For details on increasing that, [[:provider-synchronization|please see this guide]]. Before proceeding with the next step, it is advisable to review the number of threads that will be used for the Synchronization. Increasing the thread count can improve the rate at which the storage is indexed. For details on increasing that, [[:provider-synchronization|please see this guide]].
Line 57: Line 60:
 Once completed, click **Continue**.  Once completed, click **Continue**. 
  
-At this point, the EFF will connect to the Nasuni Edge Appliance, and perform a Provider Sync of the storage metadata. +At this point, the NAA will connect to the Nasuni Edge Appliance, and perform a Provider Sync of the storage metadata. 
  
 During the phase of Provider Synchronization, the root directory of the provider will be made automatically into a **Shared Team Folder**, and permissions on this directory and its subdirectories will be set according to the permissions of your underlying Nasuni storage.  During the phase of Provider Synchronization, the root directory of the provider will be made automatically into a **Shared Team Folder**, and permissions on this directory and its subdirectories will be set according to the permissions of your underlying Nasuni storage. 
Line 69: Line 72:
 If this option is not present on your Dashboard, then it may need to be enabled from the **appladmin**'s account under **Site Functionality**.  If this option is not present on your Dashboard, then it may need to be enabled from the **appladmin**'s account under **Site Functionality**. 
  
-The Nasuni connector automatically establishes itself as a [[organisationcloud/userstorageandsharedfolders|Shared Team Folder]]. The permissions on its directories and subdirectories will be automatically managed by the EFF+The Nasuni connector automatically establishes itself as a [[admin/userstorageandsharedfolders|Shared Team Folder]]. The permissions on its directories and subdirectories will be automatically managed by the NAA 
  
-When users next login to the EFF, they will observe a team shared folder at the root of their view, with access to the data stored on Nasuni. +When users next login to the NAA , they will observe a team shared folder at the root of their view, with access to the data stored on Nasuni. 
  
 If you need to add multiple Nasuni Edge Appliances, this can be done by repeating the above steps.  If you need to add multiple Nasuni Edge Appliances, this can be done by repeating the above steps. 
  
 ===== Guidelines and Notices ===== ===== Guidelines and Notices =====
 +
 <WRAP center round info 100%> <WRAP center round info 100%>
 Starting with v2106, users who authenticate with SAML can use Nasuni providers.  See [[cloudproviders/saml_for_nasuni_and_smb_mu|this page]] for more information. Starting with v2106, users who authenticate with SAML can use Nasuni providers.  See [[cloudproviders/saml_for_nasuni_and_smb_mu|this page]] for more information.
Line 81: Line 85:
  
 <WRAP center round tip 100%> <WRAP center round tip 100%>
-Because this connector imports and applies access permissions in a way that prevents direct control in the File Fabric, some of the File Fabric's behaviours may differ from the behavior with other connector types.+Because this connector imports and applies access permissions in a way that prevents direct control in Access Anywhere, some of Access Anywhere's behaviours may differ from the behavior with other connector types.
 </WRAP> </WRAP>
  
  
-  * By design, this connector cannot be added by individual org members to create personal providers as it involves creating a Shared Team Folder for the organization's users. \\ \\  +  * By design, this connector cannot be added by individual org members to create personal providers as it involves creating a Shared Team Folder for the organization's users.  
-  * For each Nasuni provider that you add, you will find a shared team folder created in the root of the Organization account. The File Fabric reads the permissions for the file shares, whether you are mounting the root of a file share, or if you are mounting a sub-path of the share. Where DFS is fronting the shares, all users will have access to the DFS root, and the shares within the DFS server will have permissions applied accordingly. \\ \\  +  * For each Nasuni provider that you add, you will find a shared team folder created in the root of the Organization account. Access Anywhere reads the permissions for the file shares, whether you are mounting the root of a file share, or if you are mounting a sub-path of the share. Where DFS is fronting the shares, all users will have access to the DFS root, and the shares within the DFS server will have permissions applied accordingly.  
-  * Generally, Trash and Versioning can be disabled, as the Nasuni file system will handle these capabilities natively. \\ \\  +  * Generally, Trash and Versioning can be disabled, as the Nasuni file system will handle these capabilities natively.  
-  * The top level of a Nasuni share is a Shared Team Folder.  The File Fabric does not allow files in Shared Team Folders (including their descendants) to be made public. \\ \\  +  * The top level of a Nasuni share is a Shared Team Folder.  Access Anywhere does not allow files in Shared Team Folders (including their descendants) to be made public.  
-  * To prevent overloading your LDAP server with repeat requests, caching of user groups and SIDs is done within the EFF. The default cache expiration time is 300 seconds. This can be tuned using the following configuration parameter: \\ \\ +  * To prevent overloading your LDAP server with repeat requests, caching of user groups and SIDs is done within the NAA . The default cache expiration time is 300 seconds. This can be tuned using the following configuration parameter: 
    
 ``` ```
-var $cifsldapcachetime 300;+ffconfig set cifsldapcachetime 300
 ``` ```
-  * The EFF will automatically manage specific mount points on the EFF host machine. Operations performed by users, such as opening, editing and sharing are performed on the individual user's mounts. This underpins the security of the connector. \\ \\ +  * The NAA will automatically manage specific mount points on the NAA host machine. Operations performed by users, such as opening, editing and sharing are performed on the individual user's mounts. This underpins the security of the connector. 
   * It is recommended to have the following configuration option enabled:    * It is recommended to have the following configuration option enabled: 
    
 ``` ```
-var $cifs_passwd = '1';+ffconfig set cifs_passwd 1
 ``` ```
   * If a user receives the message "Password not found for user. Please re-login", they are advised to log-out and re-login again. This occurs when Nasuni shares are added after users have begun authenticating.   * If a user receives the message "Password not found for user. Please re-login", they are advised to log-out and re-login again. This occurs when Nasuni shares are added after users have begun authenticating.
 \\ \\  \\ \\ 
-  * If the password of a user who is using the File Fabric's desktop tools to access storage via this connector changes, she must log in via the web to cause the password to be refreshed, preventing mount errors. As of appliance 2106, end-users will be automatically logged out when passwords on Active Directory if the configuration option on the Authentication System is enabled to check for password changes. \\ \\  +  * If the password of a user who is using Access Anywhere's desktop tools to access storage via this connector changes, she must log in via the web to cause the password to be refreshed, preventing mount errors. As of appliance 2106, end-users will be automatically logged out when passwords on Active Directory if the configuration option on the Authentication System is enabled to check for password changes.  
-  * It is recommended on the first setup to add this connector using your Organization Admin account, and not a 'delegated admin' account.+  * You must add this connector using the Organization Administrator account, not a 'delegated admin' account.
 \\ \\  \\ \\ 
 * The baseDN that you specify for LDAP searches must be high enough in the tree to encompass both all of your users and all of your shares.  Use the domain name as the baseDN or, if you are using another entry at the baseDN, ensure that all  groups for your shares are within the baseDN that you select. * The baseDN that you specify for LDAP searches must be high enough in the tree to encompass both all of your users and all of your shares.  Use the domain name as the baseDN or, if you are using another entry at the baseDN, ensure that all  groups for your shares are within the baseDN that you select.
 \\ \\  \\ \\ 
-* If the password of a user who is using the File Fabric's desktop tools to access storage via this connector changes, she must log in via the web to cause the password to be refreshed, preventing mount errors.+* If the password of a user who is using Access Anywhere's desktop tools to access storage via this connector changes, she must log in via the web to cause the password to be refreshed, preventing mount errors.
 \\ \\  \\ \\ 
-* Share names configured in the File Fabric must match the corresponding names on the storage exactly, including case. If the cases differ then you will experience errors when adding the provider.+* Share names configured in Access Anywhere must match the corresponding names on the storage exactly, including case. If the cases differ then you will experience errors when adding the provider.
 \\ \\  \\ \\ 
-* When a folder is being configured as the root of a share, the full folder path configured in the File Fabric must match the path on the storage exactly, including case.  If there are differences in case then the File Fabric will not be able to fetch and use the storage's access control information.+* When a folder is being configured as the root of a share, the full folder path configured in Access Anywhere must match the path on the storage exactly, including case.  If there are differences in case then Access Anywhere will not be able to fetch and use the storage's access control information.
 \\ \\  \\ \\ 
-* When a user's permissions to access a folder are changed on the storage, that change will not be reflected in File Fabric's metadata until the File Fabric has refreshed its view of the folder.  This may lead, for example, to brief periods when a user appears to continue to have access to a folder's contents although the user's access permission has been removed from the storage.  The storage's permissions will apply, however, if the user attempts to access the contents of the folder during this brief period.+* When a user's permissions to access a folder are changed on the storage, that change will not be reflected in Access Anywhere's metadata until Access Anywhere has refreshed its view of the folder.  This may lead, for example, to brief periods when a user appears to continue to have access to a folder's contents although the user's access permission has been removed from the storage.  The storage's permissions will apply, however, if the user attempts to access the contents of the folder during this brief period.
 \\ \\ \\ \\
  
 <WRAP center round tip 100%> <WRAP center round tip 100%>
  
-After you upgrade your Filer you should either drop all of the mounts on the Filer that are used by the File Fabric or run the File Fabric's flush_mounts.sh script as described [[:multi-user-smb-guide|here]].+After you upgrade your Filer you should either drop all of the mounts on the Filer that are used by Access Anywhere or run Access Anywhere's flush_mounts.sh script as described [[:multi-user-smb-guide|here]].
  
 </WRAP> </WRAP>
© Copyright 2024 Nasuni.