Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
© 2019 QNAP Systems, Inc. All Rights Reserved. 1
Application Notes
Jan 2019
Use QNAP Enterprise Storage ES NAS to
create WORM shared folder - Windows
© 2019 QNAP Systems, Inc. All Rights Reserved. 2
Notices This user manual provides detailed instructions of using the QNAP Enterprise Storage NAS.
Please read carefully and start to enjoy the powerful functions of the Enterprise Storage
NAS.
The QNAP Enterprise Storage NAS is hereafter referred to as the ES NAS or the NAS.
This manual provides the description of all the functions of the ES NAS. The product you
purchased may not support certain functions dedicated to specific models.
Legal Notices All the features, functionality, and other product specifications are subject to change without
prior notice or obligation. Information contained herein is subject to change without notice.
QNAP and the QNAP logo are trademarks of QNAP Systems, Inc. All other brands and
product names referred to are trademarks of their respective holders. Further, the ® or ™
symbols are not used in the text.
Disclaimer Information in this document is provided in connection with QNAP® products. No license,
express or implied, by estoppels or otherwise, to any intellectual property rights is granted by
this document. Except as provided in QNAP's terms and conditions of sale for such products,
QNAP Assumes no liability whatsoever, and QNAP disclaims any express or implied
warranty, relating to sale and/or use of QNAP products including liability or warranties
relating to fitness for a particular purpose, merchantability, or infringement of any patent,
copyright or other intellectual property right.
© 2019 QNAP Systems, Inc. All Rights Reserved. 3
Table of Contents
WORM Overview ........................................................................................................................................... 4
Create shared folder with WORM ............................................................................................................ 4
System architecture .................................................................................................................................................. 4
Server role and network settings list ................................................................................................................. 4
Create WORM shared folder in an existing Pool ............................................................................................ 7
QNAP ES Series NAS WORM Shared Folder function ...................................................................... 13
QNAP WORM architecture ................................................................................................................................... 13
QNAP WORM trigger conditions ....................................................................................................................... 13
QNAP WORM permissions ................................................................................................................................... 13
Verify the WORM shared folder ............................................................................................................ 14
Verify WORM Append Only status .................................................................................................................... 14
Create a WORM Append Only file ................................................................................................................................. 14
Verify Append Only File - Delete Data ........................................................................................................................ 16
Verify Append Only File - Write Data .......................................................................................................................... 16
Verify Append Only File - Delete file ........................................................................................................................... 18
Verify Append Only File - Rename ............................................................................................................................... 19
Verify WORM Immutable status ........................................................................................................................ 20
Create WORM Immutable file ........................................................................................................................................ 20
Verify Immutable File - Delete / Write Data ............................................................................................................ 21
Verify Immutable File - Delete file ............................................................................................................................... 22
Verify Immutable File - Rename ................................................................................................................................... 24
© 2019 QNAP Systems, Inc. All Rights Reserved. 4
WORM Overview
WORM (Write Once, Read Many) is used to avoid modification of saved data. After this feature
is enabled, data in shared folders can only be written, and can not be deleted or modified to
ensure data integrity.
With increasingly stringent regulations on how information is stored, many countries require
government agencies, financial institutions, and health care providers to comply with strict
data archiving regulations. Many of these require storage systems to not tamper with archived
data. This has led to WORM becoming increasingly common.
Good examples are photos, contracts, financial reports, emails, employee information, and other
important documents. They should not be modified once stored. In some professional fields, massive
data needs to be analyzed, and huge amounts of real-time data needs to be recorded and tracked.
WORM technology is ideal for protecting these records, so that they will not be overwritten and can be
saved as a reference for future use.
To meet the security requirements of enterprise storage, QNAP ES Series NAS has added WORM
functionality to help information personnel protect important organizational information. It can provide
substantial benefits to organizations and avoid the risk of breaking relevant information laws.
Create shared folder with WORM
System architecture
Device Description
Storage Units QNAP ES Series NAS (system version QES 1.1.3)
Servers Install VMware ESXi 6.0
a matter of
mouse clicks.
Install Windows Server 2012 R2 to mount the NFS shared folder
IP Settings
As the ESXi host and NFS Server in the NAS connect and communicate with
each other using IP, it is recommended that both the ESXi host and NAS
server be set to static IP addresses.
Server role and network settings list
Server Network Settings
Role IP Description
ESXi server A 192.168.2.60 VMware ESXi host
© 2019 QNAP Systems, Inc. All Rights Reserved. 5
Data Network 1.1.1.60 10G Data port in ESXi host
Virtual Machine 192.168.2.105 Windows Server 2012 R2
© 2019 QNAP Systems, Inc. All Rights Reserved. 6
Storage Network Settings
Setting Value Description
SCA Management IP 192.168.2.50 Management IP of controller A
SCA Ethernet1 IP 1.1.1.9 Data port 1 IP of controller A
SCA Ethernet2 IP 1.1.2.9 Data port 2 IP of controller A
SCB Management IP 192.168.2.51 Management IP of controller B
SCB Ethernet1 IP 1.1.1.10 Data port 1 IP of controller B
SCB Ethernet2 IP 1.1.2.10 Data port 2 IP of controller B
Pool at SCA Pool1 RAID6 pool at controller A
© 2019 QNAP Systems, Inc. All Rights Reserved. 7
Create WORM shared folder in an existing Pool
You must complete the following steps before creating a shared folder with WORM functionality.
Refer to the link below to complete the process.
1. Add the server to the QNAP ES Series NAS whitelist
2. Create RAID and Storage Pool
Link: Set up a VMware ESXi Datastore via NFS with QNAP Enterprise-Class ES NAS
Step 1: Log in to QES and click “Shared Folders”.
© 2019 QNAP Systems, Inc. All Rights Reserved. 8
Step 2: Click “Storage Space" (1), select a storage pool (2), click the "Create" button and select
"New Shared Folder” (3).
Step 3: Enter the desired WORM folder name. In "Storage Settings", set the WORM storage
quota, and select other options according to different application scenarios. If there are no
special requirements, you can just select the default values.
© 2019 QNAP Systems, Inc. All Rights Reserved. 9
Step 4: Find "WORM Settings” and click “Edit”.
Step 5: Check WORM and select "Compliance" in the drop-down menu.
© 2019 QNAP Systems, Inc. All Rights Reserved. 10
Step 6: Set the retention period of the WORM folder. In this example, it is set to 1 day, meaning
the WORM restrictions can only be removed after 1 day. After setting the retention period, click
"Apply" to create the WORM folder.
Note: WORM folder type:
- Enterprise: Folders can only be written, but cannot be deleted, modified or restored.
You can remove the shared folder through QES or CLI commands.
- Compliance: Folders can only be written, but cannot be deleted, modified or restored.
To remove a folder, you must take the Storage Pool offline and remove the Pool.
© 2019 QNAP Systems, Inc. All Rights Reserved. 11
© 2019 QNAP Systems, Inc. All Rights Reserved. 12
Step 7: The WORM folder will appear in the list of shared folders. Click the folder name to enter
"Shared Folder Manager". As the WORM type is set as “Compliance”, the remove option (in
“Actions”) is disabled.
The steps to create the WORM folder are now complete.
© 2019 QNAP Systems, Inc. All Rights Reserved. 13
QNAP ES Series NAS WORM Shared Folder function
QNAP WORM architecture
After enabling QNAP WORM in the shared folder, any file in this folder can be set to
"Immutable" or "Append Only". The difference is as follows:
Description
Append
Only
You can add data, but not modify, delete, or rename it.
Immutable You cannot add, modify, delete or rename it.
QNAP WORM trigger conditions
Description
Append
Only
In Windows: the file is empty and the file attribute is set to Read-only, then
the file is “Append Only”.
Immutable In Windows: there is data inside the file, and the file attribute is set to
Read-only, then the file is “Immutable”.
QNAP WORM permissions
Below is description of QNAP WORM permissions
WORM status is similar to denied permissions in ACL, but there are some differences. The main
difference is as follows
a. If a folder uses WORM, then even users with the highest privileges ("administrator" or
"root") cannot change the WORM status of files contained within.
b. If a child directory (Child) triggers WORM state, the parent directory will be unable to be
renamed and deleted, and this is true for any folder level: as long as the WORM state is
triggered, the parent folder will be unable to be renamed and deleted.
c. When the WORM folder retention period expires, the "remove privilege" and "delete child
privilege" will be automatically granted.
For details, please refer to the following table:
Write data
(rename
child)
Append
data
(add
child)
Delete
(delete folder,
delete child)
Renam
e
Rename
parent
NONE ○ ○ ○ ○ ○
© 2019 QNAP Systems, Inc. All Rights Reserved. 14
AppendO
nly X ○ X, (WORM expiry is ○) X X
Immutab
le X X X, (WORM expiry is ○) X X
Verify the WORM shared folder
Verify WORM Append Only status
Create a WORM Append Only file
Step 1: Mount the WORM folder to a Windows PC
Open any folder in Windows, enter the WORM folder Shared Path “\\1.1.1.9\WORM”, and enter
your ES NAS user credentials.
© 2019 QNAP Systems, Inc. All Rights Reserved. 15
Step 2: Enter this directory and create an empty Notepad file named "AppendOnly".
Step 3: Right-click the file, select “Properties” and check Read-only. This file will become
Append Only.
© 2019 QNAP Systems, Inc. All Rights Reserved. 16
Verify Append Only File - Delete Data
Step 1: Enter the number "12345" in the “AppendOnly” file, save the file, and close it
Step 2: Open the “AppendOnly” file again, delete the end numbers "45", save the file and close it
Step 3: Open the “AppendOnly” file again, you will find that the file has returned to its original
state "12345". Verify Append Only state, unable to delete data.
Verify Append Only File - Write Data
Step 1: Enter the number "6789" after "12345" in the “AppendOnly” file, save the file, and close
it
NOTE: Read-only access affects the files in the folder (not the entire folder). You
can enable WORM settings for folders through QES.
Reference: Microsoft, Folder read-only behavior.
© 2019 QNAP Systems, Inc. All Rights Reserved. 17
© 2019 QNAP Systems, Inc. All Rights Reserved. 18
Step 2: Open the “AppendOnly” file. It will display "123456789", confirming that data can be
written to the file in the Append Only state.
Verify Append Only File - Delete file
Step 1: Right click the “AppendOnly” file, select “Delete”, and click “Yes” to confirm deletion.
Step 2: We can see that the folder currently shows no “AppendOnly” file.
Step 3: Click the refresh button in the top-right corner. The “AppendOnly” file will appear again,
confirming that the file cannot be deleted in the Append Only state.
© 2019 QNAP Systems, Inc. All Rights Reserved. 19
Verify Append Only File - Rename
Step 1: Right click the “AppendOnly” file and select “Rename”.
Step 2: Change the file name to "QNAP" and press Enter. The "File Access Denied - Append
Only" alert window will appear. We do not have permission to change the file name, confirming
that file name cannot be changed in Append Only state.
© 2019 QNAP Systems, Inc. All Rights Reserved. 20
Verify WORM Immutable status
Create WORM Immutable file
Step 1: In the WORM folder, create an empty Notepad file named "Immutable". Open this file,
enter the number "12345", and then save the file.
Step 2: Right-click the file, select “Properties” and check Read-only. This file will become
Immutable.
© 2019 QNAP Systems, Inc. All Rights Reserved. 21
Verify Immutable File - Delete / Write Data
Step 1: Open the "Immutable” file, delete the number "45", then save the file
Step 2: The Save As new file prompt will appear. You must save this file with a different
filename.
Step 3: Save as a new file and rename the file to "Immutable_Modify".
Step 4: Repeat the above steps, and instead of deleting numbers, try adding some numbers. The
NOTE: Immutable and Append Only filetrigger mode,
While creating a new file, when the file is saved without any content, check read only ->
Append Only
While creating a new file, when the file is edited and saved with content, check read only ->
Immutable
For a file to be Immutable, the file must be checked Read-only after editing and saving, then
the file will trigger the Immutable state.
Append Only state can only be triggered when the file is "blank" while checking Read-Only
© 2019 QNAP Systems, Inc. All Rights Reserved. 22
original file still cannot be overwritten, and can only be saved as a new file. This confirms that
deleting/writing data is not possible in the Immutable state, as you can only save as a new file,
thus the original file is protected.
Verify Immutable File - Delete file
Step 1: Right click on the “Immutable” file, select “Delete”, and click “Yes” to confirm deletion.
Step 2: We can see that the folder currently shows no “Immutable” file.
Step 3: Click the refresh button in the top-right corner. The “Immutable” file will appear again,
confirming that the file cannot be deleted in the Immutable state.
NOTE: Immutable state does not allow file modification at all.
© 2019 QNAP Systems, Inc. All Rights Reserved. 23
© 2019 QNAP Systems, Inc. All Rights Reserved. 24
Verify Immutable File - Rename
Step 1: Right click the “Immutable” file and select “Rename”.
Step 2: After attempting to change the file name, you will receive a "File Access Denied” error.
We do not have permission to change the file name, confirming that file name cannot be
changed in the Immutable state.