Deployment guidelines

There are several requirements, suggested best practices, and restrictions for NAS Bridge deployment. You should be aware of these guidelines when planning a deployment.

Virtual machine resources

The NAS Bridge virtual machine requires 48 GB of RAM, 16 vCPUs, and 200 GB disk space (which includes 100 GB for the system disk and 100 GB for the upgrade disk). Before installing NAS Bridge, make sure these resources are available on the ESXi hosts.

Requirements for virtual machines that use NetApp AFF storage
If NAS Bridge is deployed in a virtual machine with storage assigned from a NetApp AFF system, confirm that the volume does not have a FabricPool tiering policy enabled. Disabling FabricPool tiering for volumes used with NAS Bridge nodes simplifies troubleshooting and storage operations.
Requirements for virtual machines that use high availability (HA) and Live Migration
When using the HA and VMware vMotion (Live Migration) features, you must define at least one Network Time Protocol (NTP) server and set an accurate clock time for the ESX hosts.
Client access protocols
Storage clients must use one of the following protocols to access NAS Bridge 2.3:
  • Network File System (NFS) version 3
  • Server Message Block (SMB) versions 2.1 and 3.0
Note: An "Unsupported operation" error occurs if you attempt to connect to NAS Bridge using unsupported client access protocols.
Selecting and configuring network services
You must define at least one DNS (Domain Name System) server and one Network Time Protocol (NTP) server.

The following best practices and restrictions apply when configuring these network services:

  • Option 1: Use the Active Directory server to provide DNS and NTP services.

    An Active Directory server is required for SMB file systems. If you anticipate creating one or more SMB file systems, you can use the Active Directory server to provide the DNS and NTP services. The Active Directory server can also be used to authenticate users for NFS access.

    • If you are using a single server, you must specify the same IP address for all three services. You will complete the Active Directory definition after you add the DNS and NTP entries.
    • Make sure that the DNS server (which is the same as the Active Directory server) has the highest DNS priority. If another DNS server is defined with a priority higher than the DNS or the DNS and Active Directory server, unpredictable results can occur.
  • Option 2: Use separate servers for DNS and NTP

    You can specify two separate servers for DNS and NTP. If you anticipate creating one or more SMB file systems, you can use a third server for Active Directory.

    • If you use separate servers for Active Directory and NTP, you must synchronize the time on the two servers to ensure that NAS Bridge uses the same time as the Active Directory service.

    • If you use separate servers for Active Directory and DNS, you must ensure that the DNS server can resolve the fully qualified domain name of the Active Directory server.

    • If you are using separate servers, you must know the IP address of the actual, dedicated DNS and NTP servers.

  • Because of the tight integration of NAS Bridge and StorageGRID, you should use the same DNS and NTP servers (whether a single Active Directory server or two standalone servers) for both systems.
Separation of the management and data networks

Most storage networks are segregated according to management and data traffic. NAS Bridge supports this separation by allowing multiple LIFs to be defined. You should configure NAS Bridge to maintain the network traffic separation as appropriate for your environment. If you do not need to maintain this separation, you can optionally use a single LIF to handle both the management and data traffic.

Cache devices and network storage
You must associate a cache device with each NFS and SMB file system. The cache devices hold the data maintained in the writeback cache for each file system. Defining one cache device per file system separates the cache data traffic and improves performance. Further, when you use network storage drives to back the cache, NAS Bridge recovery can be performed more quickly.

The best practice is to associate each file system with its own dedicated cache device.

Attention: You must size the cache appropriately for the file system. If the cache size in inadequate, the client might not be able to access the file system. For guidelines for adding and sizing cache devices, see the instructions for administering NAS Bridge.
Accessibility of StorageGRID and network storage
Initially, you might deploy a single NAS Bridge virtual machine. However, over time you can add or relocate the virtual machines within your organization. To enable the most adaptable network configuration, you should make sure that the StorageGRID system, network services, and network storage can all be accessed from anywhere that a NAS Bridge is deployed or might be deployed in the future.
CloudMirror incompatibility
Platform Services CloudMirror must not be used with NAS Bridge. NAS Bridge requires ordering guarantees and re-baselining, which are not available with CloudMirror.
Firewall ports
Depending on your network environment, you may need to make changes to the network configuration. Your firewall and other security devices should allow traffic on the following ports, where Inbound indicates to the NAS Bridge, and Outbound indicates from the NAS Bridge.
Purpose Port Description and Number Direction
Management and configuration SSH (22) - Inbound Inbound
HTTP/HTTPS (80, 443) Inbound
SMTP (25) Outbound
NTP (123) Outbound
DNS (53) Outbound
Active Directory DCE endpoint resolution (135) Outbound
LDAP (389) Outbound
msft-gc/msft-gc-ssl (3268, 3269) Outbound
NFS statd (32766) Inbound
mount (32767) Inbound
lockd (32768) Inbound
NFS (2049) Inbound
Portmapper (111) Inbound
SMB 445 Inbound
StorageGRID 8082 Outbound (to StorageGRID Gateway Network port)