Getting Started with Exoscale

Exoscale is a cloud service provider offering infrastructure and platform hosting in Switzerland and across Europe. The File Fabric runs on the Exoscale compute platform and can use Exoscale object storage.

For more information on See The Enterprise File Fabric™ — The Killer Solution for Object Storage !

For evaluation and small to mid-size production environments, the Enterprise File Fabric™ solution is typically deployed as a single virtual machine. The virtual machine includes all components need including application and database containers.

The Enterprise File Fabric solution may also be deployed for High Availability with multiple virtual machines and a separate database.

Please contact us for more information on setting up HA deployments on the Exoscale platform.

For production deployments see also Server Sizing Guide.

You will need the following information before you can complete setup on Exoscale:

• A domain name (recommended)
• License key (required) - A trial key can be requested from Enterprise File Fabric Sign Up.
• Root password (from trial email)
• Open Stack machine image in qcow2 format
• Outbound mail relay information. (recommended)
• Default storage system connectivity details - for example, Exoscale Object Storage (required)
• An Active Directory service account if you are connecting to AD (optional)

You can create an instance from the Exoscale Marketplace or step-by-step from the Exoscale portal.

Since the appliance will be accessible externally you'll need to add firewall rules through a security group. You can add rules to your default security group or create a new one.

Select Compute from the side menu and then select SECURITY GROUPS.

Choose ADD SECURITY GROUP.

Complete the “New Security Group” form and select CREATE GROUP.

• Group Name - filefabric-sg (for example)
• Description - File Fabric firewall rules

Select the newly created security group to add rules:

You can create an instance from the Exoscale Marketplace or step-by-step from the Exoscale portal.

If you are adding step-by-step from within the portal select COMPUTE and from the INSTANCES tab select ADD.

Fill in the following fields:

• Hostname - Use the fully qualified domain name e.g. files.example.com. It can be changed later.
• Template - Select the FileFabric appliance template under the “Other OS” tab.
• Zone - Select the desired data center
• Instance Type - Select Huge (CPU:8 RAM: 32 GB)
• Disk - Select 200 GB
• Keypair - Not supported
• Security Groups - Select filefabric-sg (for example).
• Private Networks - Not required
• IPv6 - Not required
• Anti-Affinity Groups - Not required
• User Data - Not used

Select CREATE.

For more information on sizing see Server Sizing Guide.

The instance can now be accessed at IP address using a standalone SSH client. The username is smeconfiguser and the password you copied from the instance page on the Exoscale portal. For example:

ssh smeconfiguser@54.194.216.200

Check that you can become root. The root password can be found in the trial email.

su -

This will be required to complete the configuration.

For security, change the password for root.

passwd

External applications access the File Fabric through a public endpoint, a fully qualified domain name (FQDN) that resolves to a static public IP address. The public IP address needs to be associated with or routed to the virtual appliance, SSL certificates applied or generated, and ports opened if needed.

We recommend creating an Elastic IP address and associating it with the File Fabric instance as its IP address may change on reboot.

Navigate to COMPUTE > ELASTIC IP. Select ALLOCATE ELASTIC IP to reserve a static IP Address.

Select Add Instance to associate the IP address with the File Fabric appliance.

The appliance is configured, by default, with DHCP and a self-generated untrusted SSL certificate.

In order to use the web, desktop and mobile apps over SSL you will need a trusted SSL certificate associated with the fully qualified domain name.

If you do NOT wish to use SSL for the trial you can disable it.

1. Log in as the Appliance Administrator as per the instructions below.
2. Navigate to Settings > Site Functionality
3. Set Always use HTTPS to No.
4. Set Generate secure server-side links to No.
5. Select Update options at the bottom of the page.

The File Fabric uses named-based virtual hosts to provide multiple protocols for the same ports. For single VM installations, the first domain name is typically the name of the host.

Choose three fully qualified domain names (FQDNs). For example:

• files.example.com - Domain name (service endpoint and website)
• files-webdav.example.com - used for WebDAV service
• files-s3.example.com - used for S3 service

Add DNS type A records that point these domain names to the Elastic IP Address. For example,

Verify that Public DNS records are setup correctly:

curl -Lk http://files.example.com | head
curl -Lk http://files-webdav.example.com | head
curl -Lk http://files-s3.example.com | head

These commands should resolve the domain name, connect to port 80, get redirected to port 443 and return (part of) the web login page:

<!DOCTYPE html>
<html lang="en">
   
<head>
	<!-- title -->
		<title>Home | SME Appliance</title>
	
	<meta content="text/html; charset=utf-8" http-equiv="content-type"/>
	<meta http-equiv="X-UA-Compatible" content="IE=EDGE,IE=11,chrome=1"/>
	<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"/>

If you did not set the hostname when deploying the instance you can change it by editing /etc/hostname. For example,

echo "files.example.com" > /etc/hostname

If you are logged in as root leave root privilege:

[root@files smeconfiguser]# exit

As the smeconfiguser start the configuration server by typing smeconfigserver. You should see a confirmation that the config server is running:

[smeconfiguser@files ~]$ smeconfigserver
Please contact me with a browser on port 8080
Hit Ctrl+C when work is done

Now open your browser to:

http://<your_ip>:8080

Here you only need to configure the three domain names. Click “Configuration” and then “SME Server Hostname Settings”.

After Saving go to the “Overview” page and scroll down to the bottom to “Apply”. No other changes are required for the appliance.

Follow the prompts on the page to reboot the appliance. If you are not doing this immediately stop the Config Server by typing Control-C in the terminal window.

This section creates and configures SSL certificates from Let's Encrypt. If you are using your own certificates (or a different service) you can use the smeconfigserver service above to add certificates.

Log back into the rebooted appliance.

ssh smeconfiguser@files.example.com

Elevate to the root user.

sudo bash

Run the following command:

certbot --no-redirect --authenticator standalone --installer apache --pre-hook "systemctl stop httpd" --post-hook "systemctl start httpd" 

Note: The appliance will be inaccessible during the request which may be up to a minute.

This command will prompt for an email address. It’s important to give this information so that an admin can be notified in the future if there are issues automatically renewing the certificate.

Please also agree to the Terms of Service. It is not necessary to share the provided email with the Electronic Frontier Foundation.

Certbot will automatically detect what FQDNs are setup for the Enterprise File Fabric and prompt for which should be included in the certificate.

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: files.example.com
2: files-s3.example.com
3: files-webdav.example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input 
blank to select all options shown (Enter 'c' to cancel):

After successful completion, the Enterprise File Fabric will automatically start using the new certificates. These certificates will last for 90 days, so the final step is to setup automated renewal.

A Let’s Encrypt certificate is valid for 90 days, and can be automatically renewed within 30 days of expiration. A simple cron job will run daily and handle renewals.

Please Note: The File Fabric will be inaccessible during the renewal. Please ensure that the renewal time is during off hours. Downtime will only occur every 60 days when a renewal is required and may last up to one minute.

While still logged in as root run the following command to add a cron job.

crontab -e

In the example below the renewal attempt will process at 2:30AM. The Enterprise File Fabric ships with the timezone set to UTC. You can set the cron jobs to run at the time of your choosing, but do not change the File Fabric's timezone.

30 2 * * * /bin/certbot renew >> /var/log/letsencrypt/le-renew.log

This will create a crontab entry for a cron job that will handle the renewals and write its output to a log file.

You can use https://www.ssllabs.com/ to test the certificate after updating the certificate as well as the server's SSL configuration.

Open a browser to the domain name you assigned:

 https://files.example.com   

If you haven't set a domain name, use your external IP address:

 https://3.234.139.146

You'll see the following login page:

Log into the appliance as appladmin with a password from your trial license:

 User name: appladmin
 Password: appladminpassword

Configure your license key under Settings > License Key.

A trial key can be requested from https://www.storagemadeeasy.com/appform/.

Select “Password/Login” from the Main Menu to change the Appliance Administrator password.

After you select “Update password” you will be logged out and need to log back in.

An SMTP server is used by the appliance to send registration and notification emails to users. A daily report and error notices are also emailed to the “Notification Email”.

See SMTP Configuration.

If you do not initially configure an email server remember not to use email notifications when adding users.

With an SMTP server configured you can change the email of the Appliance Admin which will require a confirmation email.

Go to the main menu (Hamburger icon) to Password/Login to change the Account Email.

You can also set up Two Factor Authentication (2FA) for the Appliance Admin from this screen.

Server errors and a daily report are sent to a notification email that must be configured by the Appliance Administrator. The default is not to email reports.

The “Notification Email” setting is on the “SMTP and Filebox Configuration” page that can be found via the menu “Email and Filebox”.

An organization is a tenant within the appliance and is created by the Appliance Administrator.

The File Fabric platform uses templates for organizations, in order for us to create our organization, we need to pick a template, before we do, let’s review.

Login as the Appliance Administrator.

Click “User Packages” and then click the pencil to modify “Organisation Cloud 20 Users” This is a good template to start from. Scroll down to the “Extra options” section and add “Content Search Enabled” and Dropfolders. Use “Crtl-Click“ to add to the selection.

Login as the Appliance Administrator.

In the hamburger menu, select “Users” and then “Add a User”.

On the Add a User screen create your Organization admin user. (This will also be your organization.)

1. User Login: The Organization short name and superuser's username. We recommend the domain name of your company such as “smestorage.com”.
2. E-mail: Email address of organizational admin, must be unique to the system, do not use your own.
3. Password:
4. Name (Company Name): Full organization name.
5. Package: The user package template from earlier.
6. We do not need to split the license between organizations, leave the last field empty.

Click Save.

Log out as the appladmin user, and log back in as the user you just created. You will first see the “Add Storage Provider” screen. You have to add storage before you can continue setup. The first storage added is the “default storage” used for internal files such as generated image thumbnails. The default storage can be changed in the future.

Select Open S3 - S3 Compatible Cloud and follow the instructions on the next couple of screens. Use an endpoint of the format https://sos-ZONE.exo.io substituting ZONE with the proper zone. For example, https://sos-ch-dk-2.exo.io.

See Adding an S3 Compatible Cloud Provider for more information.

An authentication provider can be added to allow users to log in using their corporate credentials. See Authentication Services for more information.

Once this is complete you can:

• Add users
• Share files
• …

For more information see Nasuni Access Anywhere