Difference between revisions of "Using Network Attached Storage - NAS"
| [unchecked revision] | [checked revision] |
Ltalaschus (talk | contribs) |
|||
| (57 intermediate revisions by 5 users not shown) | |||
| Line 1: | Line 1: | ||
| − | + | Network Attached Storage (NAS) systems provide file-based access to their own local storage to remote clients via special network protocols. In Microsoft Windows environments, the SMB or CIFS protocol is typically used to access files on a remote system. Throughout this article, the term ''NAS'' represents any computer system that is capable of sharing its own local storage via SMB or CIFS protocol, may it be a traditional Windows file server, a Linux server with a running Samba service, or a dedicated physical or virtual appliance with its own operating system and management interface. | |
| − | + | <p class="msnote">'''Please note:''' A storage system attached via FibreChannel, iSCSI, or other block-level storage protocols, is called Storage Area Network (SAN) storage. SAN storage is used like any other local disk (also referred to as Direct Attached Storage or DAS); no further configuration is needed to let MailStore Server store its data on it.</p> | |
| − | |||
| − | |||
| − | + | MailStore Server can utilize NAS systems to store its production data or as target for its backup data. In general, it is recommended to store production data locally for best performance, stability and reliability, and to use NAS systems for backup data. | |
| − | + | Irregardless of where the production data is stored, the archive can always be accessed from other client computers by using MailStore Client, MailStore Web Access, MailStore Outlook Add-in, or IMAP compatible email clients via the integrated IMAP Server as described in [[Accessing the Archive]]. | |
| − | + | To ensure successful operation, the NAS should meet the following prerequisites: | |
| − | + | * <span class="mswarning">The NAS must not be turned off, disconnected or put into standby mode at any time, as long as there is a MailStore Server service accessing the data on the NAS. Otherwise, data corruption may occur, which can lead to irreparable loss of data.</span> | |
| + | * If possible, disable "Opportunistic Locking" for network shares on which production data is to be stored. | ||
| + | * The shared directories on the NAS should be excluded from any server-side anti-virus scanning, real-time backups, file level replication, or anything else that could prevent MailStore from accessing any file at any time. | ||
| + | * When moving an existing MailStore database, the available disk space should be twice the size of the current archive. | ||
| − | + | == Creating a Network Share == | |
| − | + | The follow three steps are needed to setup a network share that can be used by MailStore Server: | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | + | * Create a dedicated folder for the MailStore data to reside in on the NAS. | |
| − | + | * Share that folder if it is not already inside a shared folder on the network, via SMB or CIFS protocol. Please consult the vendor's documentation on how to share a folder on the network. | |
| + | * As described below, authorize either a computer or user object to access the network share and the data therein. | ||
| − | + | === Authorizing a Computer Object === | |
| + | As the MailStore Server service runs under the account of the ''SYSTEM'' user on the Windows operating system, the ''SYSTEM'' user is identified by the computer object (e.g. SERVER01$) where MailStore Server is installed on when accessing network resources. Thus permissions to access the network share must be granted to the corresponding computer object. | ||
| − | + | <p class="msnote">'''Please note:''' Granting access to computer objects requires all involved systems to be part of an Active Directory domain. If this requirement cannot be satisfied, or the NAS system does not support granting access to computer objects at all, use the instructions in the [[Using_Network_Attached_Storage_(NAS)#Authorizing a User Object|Authorizing a User Object]] section instead.</p> | |
| − | * | + | |
| − | * Create a | + | * Grant the computer object full control over the network share. This enables the local system account of the computer on which MailStore Server is installed to access the network share. |
| − | * Grant permissions | + | *: [[File:Tech_netshares_01.png|center]] |
| − | + | * If file system permissions are required on the shared directory, grant the computer object full control here as well. | |
| − | * | + | *: [[File:Tech_netshares_02.png|center]] |
| − | * | + | |
| − | * | + | === Authorizing a User Object === |
| + | * Create a user object either locally on the NAS system or in a directory service (e.g. Active Directory) that is used by the NAS to authenticate users. | ||
| + | * Grant the user object full control over the directory share. | ||
| + | *: [[File:Tech_netshares_04.png|center]] | ||
| + | * If file system permissions are required, grant the user object full control here as well. | ||
| + | *: [[File:Tech_netshares_05.png|center]] | ||
| + | |||
| + | == Installing MailStore Server while using a NAS system == | ||
| + | * Install MailStore Server on the desired machine. Detailed instructions can be found in the [[Installation]] section if the MailStore manual. | ||
| + | * Open the [[MailStore Server Service Configuration]]. | ||
| + | * Stop the MailStore Server service. | ||
| + | * Navigate to ''General'' and enter the full path to a directory on the network share provided by the NAS system in UNC notation (<code>\\computer\sharename\directory</code>). In the example below, the name of the NAS system is NAS01, the name of the share is MailStore, and the directory is MailArchive. | ||
| + | |||
| + | [[File:Tech_netshares_06.png|center|550px]] | ||
| + | |||
| + | If a computer object was granted access to the network share, the MailStore service can be started by clicking on ''Start'' in the MailStore Server Service Configuration interface. | ||
| + | |||
| + | If a user object was granted access to the network share, proceed with the next section. | ||
| + | |||
| + | == Connecting to Network Shares == | ||
| + | If a user object has been granted access on the network share, MailStore Server must establish a connection to the share during startup using this user object. Proceed as follows to configure access to the network share for the MailStore Server service: | ||
| + | |||
| + | * On the MailStore Server computer, open the [[MailStore Server Service Configuration]]. | ||
| + | * Click on ''Network Shares''. | ||
| + | * Click on ''Add...'' | ||
| + | * Enter the path for the network share on the NAS system into the ''Share Path'' field in UNC notation (<code>\\computer\sharename</code>). | ||
| + | * Enter the username and password of the corresponding user object that has access to the network share into the ''User Name'' and ''Password'' fields.<br/><br/><div class="msnote">'''Important notice:''' It is highly recommended to always put the corresponding computer or domain name in front of the username, e.g. <code>computer\username</code> where <code>computer</code> has to be the host name of the NAS, or, if applicable, <code>domain\username</code> where <code>domain</code> has to be the name of the Active Directory domain the NAS has joined and where the user object exists.</div> | ||
| + | *:[[File:Tech_netshares_07.png|center|550px]] | ||
| + | * Click on ''OK''. | ||
| + | * The MailStore Server service can now be started by clicking on ''Start'' in the MailStore Server Service Configuration interface. | ||
| + | |||
| + | <p class="msnote">'''Please note:''' Due to the different security contexts of the MailStore Server service and the MailStore Server Service Configuration application, the user interface does not provide any test functionality and thus checking the ''Event Viewer'' for potential error messages is recommended after starting the service.</p> | ||
| + | |||
| + | == Moving the archive to a Network Share == | ||
| + | |||
| + | Moving the archive to a network share is described in the article [[Moving_the_Archive#Moving_the_Archive_to_a_Network_Share|Moving the Archive]]. | ||
| + | |||
| + | == Writing a backup to a Network Share == | ||
| + | |||
| + | * [[#Creating_a_Network_Share|Create a network share]] on the NAS system first. | ||
| + | * If a user object has been granted permissions on the share, you have to configure a [[#Connecting_to_Network_Shares|connection to a network share]]. | ||
| + | * Follow the instructions from the [[Backup_and_Restore#Using_the_MailStore_Integrated_Backup_Feature|backup article]]. | ||
| + | |||
| + | == Troubleshooting == | ||
| + | In case of errors or problems the [[MailStore_Server_Service_Configuration#Event_Viewer|event viewer]] or [[MailStore_Server_Service_Configuration#Debug_Log|debug log]] can be used to troubleshoot. | ||
| + | |||
| + | [https://cs.mailstore.com/index.php?/Knowledgebase/Article/View/73/10/debugging-nas-connection-issues Debugging NAS connection issues] | ||
| + | |||
| + | [https://cs.mailstore.com/index.php?/Knowledgebase/Article/View/99/10/a-mailstore-database-residing-on-a-network-share-cannot-be-opened Opportunistic Locking] | ||
[[de:Verwendung_von_Network_Attached_Storage_(NAS)]] | [[de:Verwendung_von_Network_Attached_Storage_(NAS)]] | ||
| + | [[en:Using Network Attached Storage (NAS)]] | ||
Revision as of 12:07, 30 August 2021
Network Attached Storage (NAS) systems provide file-based access to their own local storage to remote clients via special network protocols. In Microsoft Windows environments, the SMB or CIFS protocol is typically used to access files on a remote system. Throughout this article, the term NAS represents any computer system that is capable of sharing its own local storage via SMB or CIFS protocol, may it be a traditional Windows file server, a Linux server with a running Samba service, or a dedicated physical or virtual appliance with its own operating system and management interface.
Please note: A storage system attached via FibreChannel, iSCSI, or other block-level storage protocols, is called Storage Area Network (SAN) storage. SAN storage is used like any other local disk (also referred to as Direct Attached Storage or DAS); no further configuration is needed to let MailStore Server store its data on it.
MailStore Server can utilize NAS systems to store its production data or as target for its backup data. In general, it is recommended to store production data locally for best performance, stability and reliability, and to use NAS systems for backup data.
Irregardless of where the production data is stored, the archive can always be accessed from other client computers by using MailStore Client, MailStore Web Access, MailStore Outlook Add-in, or IMAP compatible email clients via the integrated IMAP Server as described in Accessing the Archive.
To ensure successful operation, the NAS should meet the following prerequisites:
- The NAS must not be turned off, disconnected or put into standby mode at any time, as long as there is a MailStore Server service accessing the data on the NAS. Otherwise, data corruption may occur, which can lead to irreparable loss of data.
- If possible, disable "Opportunistic Locking" for network shares on which production data is to be stored.
- The shared directories on the NAS should be excluded from any server-side anti-virus scanning, real-time backups, file level replication, or anything else that could prevent MailStore from accessing any file at any time.
- When moving an existing MailStore database, the available disk space should be twice the size of the current archive.
The follow three steps are needed to setup a network share that can be used by MailStore Server:
- Create a dedicated folder for the MailStore data to reside in on the NAS.
- Share that folder if it is not already inside a shared folder on the network, via SMB or CIFS protocol. Please consult the vendor's documentation on how to share a folder on the network.
- As described below, authorize either a computer or user object to access the network share and the data therein.
Authorizing a Computer Object
As the MailStore Server service runs under the account of the SYSTEM user on the Windows operating system, the SYSTEM user is identified by the computer object (e.g. SERVER01$) where MailStore Server is installed on when accessing network resources. Thus permissions to access the network share must be granted to the corresponding computer object.
Please note: Granting access to computer objects requires all involved systems to be part of an Active Directory domain. If this requirement cannot be satisfied, or the NAS system does not support granting access to computer objects at all, use the instructions in the Authorizing a User Object section instead.
- Grant the computer object full control over the network share. This enables the local system account of the computer on which MailStore Server is installed to access the network share.
- If file system permissions are required on the shared directory, grant the computer object full control here as well.
Authorizing a User Object
- Create a user object either locally on the NAS system or in a directory service (e.g. Active Directory) that is used by the NAS to authenticate users.
- Grant the user object full control over the directory share.
- If file system permissions are required, grant the user object full control here as well.
Installing MailStore Server while using a NAS system
- Install MailStore Server on the desired machine. Detailed instructions can be found in the Installation section if the MailStore manual.
- Open the MailStore Server Service Configuration.
- Stop the MailStore Server service.
- Navigate to General and enter the full path to a directory on the network share provided by the NAS system in UNC notation (
\\computer\sharename\directory). In the example below, the name of the NAS system is NAS01, the name of the share is MailStore, and the directory is MailArchive.
If a computer object was granted access to the network share, the MailStore service can be started by clicking on Start in the MailStore Server Service Configuration interface.
If a user object was granted access to the network share, proceed with the next section.
If a user object has been granted access on the network share, MailStore Server must establish a connection to the share during startup using this user object. Proceed as follows to configure access to the network share for the MailStore Server service:
- On the MailStore Server computer, open the MailStore Server Service Configuration.
- Click on Network Shares.
- Click on Add...
- Enter the path for the network share on the NAS system into the Share Path field in UNC notation (
\\computer\sharename). - Enter the username and password of the corresponding user object that has access to the network share into the User Name and Password fields.Important notice: It is highly recommended to always put the corresponding computer or domain name in front of the username, e.g.
computer\usernamewherecomputerhas to be the host name of the NAS, or, if applicable,domain\usernamewheredomainhas to be the name of the Active Directory domain the NAS has joined and where the user object exists. - Click on OK.
- The MailStore Server service can now be started by clicking on Start in the MailStore Server Service Configuration interface.
Please note: Due to the different security contexts of the MailStore Server service and the MailStore Server Service Configuration application, the user interface does not provide any test functionality and thus checking the Event Viewer for potential error messages is recommended after starting the service.
Moving the archive to a network share is described in the article Moving the Archive.
- Create a network share on the NAS system first.
- If a user object has been granted permissions on the share, you have to configure a connection to a network share.
- Follow the instructions from the backup article.
Troubleshooting
In case of errors or problems the event viewer or debug log can be used to troubleshoot.
