Restrictions and best practices for a deployment

There are several restrictions, requirements, and suggested best practices that apply when deploying NAS Bridge. You should be aware of these guidelines when planning a deployment.

Virtual machine resources

The NAS Bridge virtual machine should have 48 GB of RAM, 16 vCPUs, and 100 GB of disk space for the operating system.

Requirements for virtual machines that use NetApp AFF storage
If NAS Bridge is deployed in a virtual machine with storage assigned from a NetApp All Flash FAS (AFF) system, confirm that the FlexVol does not have a tiering policy enabled.
Attention: Never assign storage for NAS Bridge from a FlexVol with an active tiering policy. Outages might occur if storage used by NAS Bridge is tiered to a capacity tier.
Client access protocols
Storage clients must use one of the following protocols to access NAS Bridge 2.2:
  • Network File System (NFS) version 3
  • Server Message Block (SMB) versions 2.1 and 3.0
Note: An "Unsupported operation" error occurs if you attempt to connect to NAS Bridge using an unsupported client access protocol.
Selecting and configuring network services
You must define at least one DNS (Domain Name System) server and one Network Time Protocol (NTP) server.

The following best practices and restrictions apply when configuring these network services:

  • Option 1: Use the Active Directory server to provide DNS and NTP services.

    An Active Directory server is required for SMB file systems. If you anticipate creating one or more SMB file systems, you can use the Active Directory server to provide the DNS and NTP services. The Active Directory server can also be used to authenticate users for NFS access.

    • If you are using a single server, you must specify the same IP address for all three services. You will complete the Active Directory definition after you add the DNS and NTP entries.
    • Make sure that the DNS server (which is the same as the Active Directory server) has the highest DNS priority. If another DNS server is defined with a priority higher than the DNS or the DNS and Active Directory server, unpredictable results can occur.
    • Using the same server for Active Directory and NTP ensures that the NAS Bridge is using the same time as the Active Directory service.
    • Using the same server for Active Directory and DNS ensures that the NAS Bridge can resolve the fully qualified domain name of the Active Directory server.
  • Option 2: Use separate servers for DNS and NTP

    You can specify two separate servers for DNS and NTP. If you anticipate creating one or more SMB file systems, you can use a third server for Active Directory.

    • If you use separate servers for Active Directory and NTP, you must synchronize the time on the two servers to ensure that the NAS Bridge uses the same time as the Active Directory service.

    • If you use separate servers for Active Directory and DNS, you must ensure that the DNS server can resolve the fully qualified domain name of the Active Directory server.

    • If you are using separate servers, you must know the IP address of the actual, dedicated DNS and NTP servers.

  • Because of the tight integration of NAS Bridge and StorageGRID, you should use the same DNS and NTP servers (whether a single Active Directory server or two standalone servers) for both systems.
Separation of the management and data networks

Most storage networks are segregated according to management and data traffic. NAS Bridge supports this separation by allowing multiple LIFs to be defined. You should configure NAS Bridge to maintain the network traffic separation as appropriate for your environment. If you do not need to maintain this separation, you can optionally use a single LIF to handle both the management and data traffic.

Cache devices and network storage
You must associate a cache device with each NFS and SMB file system. The cache devices hold the data maintained in the writeback cache for each file system. Defining one cache device per file system allows the cache data traffic to be separated and performance to be improved. Further, when you use network storage drives to back the cache, recovery and re-creation of NAS Bridge virtual machines can be performed more quickly.

The best practice is to associate each file system with its own dedicated cache device.

Accessibility of StorageGRID and network storage
Initially, you might deploy a single NAS Bridge virtual machine. However, over time you can add or relocate the virtual machines within your organization. To enable the most adaptable network configuration, you should make sure that the StorageGRID system, network services, and network storage can all be accessed from anywhere that a NAS Bridge is deployed or might be deployed in the future.
CloudMirror incompatibility
Platform Services CloudMirror must not be used with NAS Bridge. NAS Bridge requires ordering guarantees and re-baselining which is not available with CloudMirror.
Firewall ports
Depending on your network environment, you may need to make changes to the network configuration. Your firewall and other security devices should allow traffic on the following ports as indicated by the direction relative to the NAS Bridge (inbound to, outbound from):
  • Management and configuration
    • SSH (22) - Inbound
    • HTTP/HTTPS (80, 443) - Inbound
    • SMTP (25) - Outbound
    • NTP (123) - Outbound
    • DNS (53) - Outbound
  • Active Directory
    • DCE endpoint resolution (135) - Outbound
    • LDAP (389) - Outbound
    • msft-gc/msft-gc-ssl (3268, 3269) - Outbound
  • NFS
    • statd (32766) - Inbound
    • mount (32767) - Inbound
    • lockd (32768) - Inbound
    • NFS (2049) - Inbound
    • Portmapper (111) - Inbound
  • SMB
    • 445 - Inbound
  • StorageGRID
    • 8082 - Outbound