In this article from the HPE StoreOnce install series we are going to review the steps to create a StoreOnce NAS Share. For the purpose of this deployment in our home lab we are using the HPE StoreOnce VSA appliance which ships with the free 1 TB license. At the time of writing the version we can download is 3.16.2-1712.1.
This version includes enhancements and bug fixes from the previous version together with the ability to create NAS Shares, Catalyst Stores and also emulate Virtual Tape Libraries (VTL). This article will cover the steps for creating a StoreOnce NAS Share we can use not just to store our data for longer retention. This also makes the perfect target for Backup applications. Thus strengthening the flexibility of a Disk to Disk Backup. In addition we can also benefit from built-in de-deduplication and encryption. The free version of the HPE StoreOnce VSA also allows for the replication between different appliances by simply creating mappings between source and target Shares or Catalyst Stores.
Although the StoreOnce supports both CIFS and NFS Shares, this article will focus on how to:
- Create an HPE StoreOnce NAS Share
- Join HPE StoreOnce to Active Directory Domain
- Add Active Directory Users and Groups
- Review settings for a HPE StoreOnce NAS Share
- Add Permissions to HPE StoreOnce NAS Share
- Mount HPE StoreOnce NAS Share on Windows
- Conclusions
Create an HPE StoreOnce NAS Share
Here we are with the creation of the StoreOnce NAS Share. Before proceeding it is worth taking a look and familiarise with the CIFS Server settings available from the Navigator > StoreOnce > NAS.
HPE StoreOnce supports 3 types of authentications when granting permissions to the CIFS Shares. None, User and AD. With the first one meaning no authentication is required, on the remaining two we can decide if the authentication will be against a user created locally on the StoreOnce appliance. Or simply leverage users and groups from Active Directory domain. What we need to consider is that the settings applied here will be valid for all the CIFS Shares we are going to create on this appliance. To change the authentication we can simply click on Edit button to choose the desired one. Whereas in User mode the users can be created locally (upon selection of this mode) in the case of AD we are going to select them from Active Directory.
For this scenario we are going to use the integration with Active Directory. What it is important to notice at this point is that by selecting this feature will create a new Computer Object in AD under “Computers” which would usually be named after the “System ID”. We can review the System ID in the Navigator > StoreOnce > Name.
Unfortunately this name cannot be changed as automatically created during first setup with a deployment script. Another component to consider is to create a DNS entry as joining the StoreOnce to the Active Directory domain will not automatically create this record. Of course this will help with DNS name resolution when working with Network Shares.
Join HPE StoreOnce to Active Directory Domain
Let’s select the AD option. Provide the full domain name and click on Update.
At this point the message appears warning that changing the authentication type will affect any Backup or Restore job. Since we are not running any job at the moment we are good to go!
Let’s provide an AD account with either Domain Admins rights or the permission to join new Computers to the Domain.
Add Active Directory Users and Groups
At this point if the Domain join process is successful we should see something similar to the screenshot below showing details about the authentication, domain name consisting of Domain Controller, IP Address and connection status. We can still review and edit the info where necessary. At the bottom of the screen there is a list of built-in Administrator user and group.
It’s now time to add a Domain User or Group we want to grant read and write access to the Share. Ideally we want to add a single user for better granularity. This user for example can also be part of the application we use to run Backups to Disk.
This part is now complete. Next would be to create the actual HPE StoreOnce NAS Share.
Review settings for a HPE StoreOnce NAS Share
As soon as we move to Navigator > StoreOnce > NAS > Shares we can view the existing shares (none at the moment!) plus the option to add new ones with the create button.
As soon as we hit on “Create” a new CIFS Share is created with the default settings as per screenshot below. So for each CIFS share we can set the following parameters:
Name:Â The name that will be used to identify the share in Windows
Description:Â A text description of the share (optional)
Access Protocol:Â CIFS or NFS
Share Version:Â Shares can be configured as version 2 (default) or version 1. The major difference is in the maximum number of items per Share permitted: 25,000 for version 1 and 1,000,000 for version 2. Also it is possible to go from v1 to v2 but not backwards.
Write Protection: disables access to Backup applications to further write on the Share. The jobs will fail automatically
Deduplication Enabled: Can enable de-duplication. Active by default.
Encryption Enabled: Can enable encryption.
Physical Data Size Quota: Indicates the amount of data actually written to disk after de-duplication.
Logical Data Size Quota: Indicates the amount of data actually written to disk before de-duplication.
Backup Application: It is possible to choose a Backup Application from the drop-down list. It does not affect the performances. It is only for statistical purposes (optional).
Backup Data Type:Â It is possible to choose a Backup Data type from the drop-down list. It does not affect the performances. It is only for statistical purposes (optional).
In the permission tab no extra information needs to be provided. Active Directory manages the authentication for this Share.
In the last tab we can also take note of the Network Path. We’ll need this later on when mounting the StoreOnce NAS Share on Windows.
Add Permissions to HPE StoreOnce NAS Share
We now have an active StoreOnce NAS Share. We need to add permissions to this Share. The easiest way to do this is to use the Microsoft Management Console (MMC) to edit the Share Permissions directly. So from any Computer part of the same domain we simply issue the mmc.exe command and from the File menu simply add the “Shared Folders” snap-in as in the picture below:
Next step is to specify the name or IP address of the server offering the CIFS Share. In my case I have created a DNS record for “StoreOnce”. This looks something similar to the one below.
In my case the CIFS share is called HPE_Share. Next is to right click and select the Properties.
From the Sharing Permissions tab let’s add a User or Group from Active Directory Domain. I would recommend a single User for security and granularity.
As soon as we add the intended users, the next step is to grant the Permissions to the CIFS Share. Since I will be using a User for Backup Jobs which involve Read/Write operations I will grant Full Control.
Mount HPE StoreOnce NAS Share on Windows
It’s now time to test the HPE StoreOnce NAS Share. The quickest way to do so will be to mount the CIFS Share on a Windows computer. From the Windows Explorer > Ribbon > Map Network Drive. Let’s enter the detail as shown in the Network Path field in StoreOnce NAS Share. Eventually we can also use the DNS (A) record associated to it.
We can authenticate with the same user configured in the Share Permission tab earlier on.
If everything is working as according to plan we now get access to the StoreOnce NAS Share. As a test we can simply create a text file thus assessing the Read/Write permissions.
Conclusions
This concludes this quick article on how to create HPE StoreOnce NAS Shares. As we can see the process is very easy. One recommendation though: Shares created on a De-duplication device such as HPE StoreOnce are not suitable for “General Purpose File Shares”. They offer instead a convenient Disk to Disk (D2D) Backup solution which integrates sophisticated algorithm for de-duplication and encryption of the data. Of course these are compelling features for Backup Strategy Plans where Backup data needs to be stored for longer retention periods and also offer mechanism for quick restores in order to reduce RPO and RTO times.
Anybody have any luck enabling symbolic links in Linux on an NFS share from StoreOnce? Looks like another customer was not able to create symbolic links on this appliance over NFS.
https://github.com/pgbackrest/pgbackrest/issues/592