Configure Share Settings
Topic
This article describes the Configure Share Settings options for Network Attached Storage (NAS) and iSCSI shares.
Environment
- Datto SIRIS
- Datto ALTO
- Datto NAS
Description
Datto Business Continuity & Disaster Recovery (BCDR) appliances can take point-in-time snapshots of the onboard NAS shares that they host and the external NAS shares they protect. To configure the share snapshot settings for your Datto appliance, perform the following steps:
- Access the device GUI.
- Click the File Share tab.
- Navigate to the share to be configured.
- Click Configure Share Settings.
Index
Configuration Settings for NAS Shares
These configuration settings on the device are unique to NAS shares:
This option lets you make a share available globally or limit access. If you set the share to private, you must assign designated users.
NOTE Making a private share public will remove existing assigned users. If you set the share to private again, you must reassign the private users.
NOTE If you receive an error when attempting to access a public share path, it may be due to Windows security policy settings for SMB. You may need to adjust group policy settings. See Guest access in SMB2 and SMB3 disabled by default in Windows (external link)
Manage Share Users provides management options for users and groups assigned to a private share. From this card, users can be added and removed or be granted root access to the share.
- To add a new user, click Add User or Group and select the user from the drop down box.
- To promote a new admin and grant them root share access, check the Admin Rights box next to the user who you would like to promote. Admin access provides full root privileges (read, write and edit).
- To remove a user, click the Trash can icon next to the name of the user whose access you would like to remove.
The user lists is made up of local users on the Datto Device and Domain users (if the device is joined to the domain). Active Directory users, user permissions, and Active Control Lists cannot be managed by the Datto device directly and should instead be managed directly from the Domain Controller. For information on joining a domain, refer to the Windows Networking - Workgroup Mode section of Network Configuration.
- Enable write access for all users: This setting changes the default setting of write access from Creator Only (WACO) to Write Access for All (WAA), which gives all users of the share permission to write to the files and folders within it.
- Enable Apple Filing Protocol (AFP): Allows users with Mac OSX to access and use the share; this option also allows Apple's Time Machine to back up files and folders within the share.
- Enable Apple Filing System (AFS): Enable AFS to allow Time Machine backups over Samba on Mac OS High Sierra or newer. Requires the share to be set to Private with one assigned user.
- Enable Network File System (NFS): Enabling this option enables endpoint machines to access and write to the share as though it were a local volume; for more information about NFS, see Microsoft's Network File System (external link).
- Enable Secure File Transfer Protocol (SFTP): Enables secure transmission of files and folders using SFTP.
An Access Control List, also commonly abbreviated as ACL, lists the permissions attached to a file or object.
EXAMPLE If a file has an ACL that contains (Alice: read,write; Bob: read), this would give Alice permission to read and write the file and Bob to only read it.
There are two major permission sets for files on Datto NAS Shares:
- Write Access for Creator Only (WACO): Provides write access strictly for the creator of the files.
- Write Access for All (WAA): Provides write access for all.
Below is a chart that explains the following:
- What happens to the existing files when a share goes from public to private (vise versa)
- What happens when Write Access for Creator Only gets changed to Write Access for All Users (vise versa)
Change from This... | To This | Apply Change to Existing Files? |
---|---|---|
Public | Private; WACO | No |
Private; WACO | Private; WAA | Yes |
Private; WAA | Private; WACO | No |
Private; WACO | Public | Yes |
Private; WAA | Public | Yes |
NOTE Pre-existing file permissions are always unchanged when a NAS share changes to private, because the Datto NAS does not know exactly what permissions are needed for what files.
If Enable Write Access for All Users button is showing, that means that the share is set up so that Write Access for Creator Only is enabled. That means that all newly created files will be writable only by the creator of the file.
If Enable Write Access for Creator Only button is showing, that means that currently the share is set up so that Write Access for All Users is enabled. That means that all newly created files will be writable by all users.
NOTE Datto NAS shares do not support FTP. SFTP is supported.
Configuration Settings for iSCSI Shares
This configuration setting on the device is unique to iSCSI shares:
To set up CHAP authentication on the iSCSI share, click the Enable CHAP authentication check box, fill out the Chap Username and Secret fields, then click the Save Settings button.
If Mutual Chap Authentication is required, check the appropriate check box and fill out the mutual Chap Username and Secret fields, then click the Save Settings button.
Snapshot settings
The snapshot settings are the same for both NAS and iSCSI shares, with the exception of Secure File Restore, which is only present for NAS shares.
Sync
The Pause Local Snapshots setting allows you to stop local backups for the selected share or all shares on the device. When the Enabled setting is selected, backups for the share will run. When the Paused setting is selected, backups for the share will not run. Preferences for snapshot interval and snapshot schedule will preserve when pausing backups for shares.
NOTE Pausing backups for an agent or share will not suspend billing for it. To modify your billing plan, contact your Datto Sales Executive.
The Pause Cloud Snapshots setting allows you to halt the replication of backups to the Datto Cloud for the selected share or all shares on the device. When the Enabled setting is selected, replication will run. When the Paused setting is selected, replication for the share will not run. Preferences for snapshot interval and snapshot schedule will preserve when pausing replication for shares.
NOTE If your Datto appliance subscribes to SIRIS Private service, you will see the Pause Replication card instead.
The Pause Replication setting allows you to halt the replication of backups to a target SIRIS for the selected share or all shares on the device. When the Enabled setting is selected, replication will run. When the Paused configuration is active, replication for the share will not run. Preferences for snapshot interval and snapshot schedule will preserve when pausing replication for shares.
NOTE If your Datto appliance does not subscribe to SIRIS Private service, you will see the Pause Cloud Snapshots card instead.
The Cloud Snapshot and Retention Policy setting allows you to specify how often your Datto appliance should replicate local backups of the selected share or all shares on the device to the Datto Cloud, and how long those backups should retain on the offsite storage node.
NOTE If your Datto appliance subscribes to SIRIS Private service, you will see the Replication and Retention Policy card instead.
The Replication and Retention Policy setting allows you to specify how often your Datto appliance should replicate local backups of the selected share or all shares on the device to a target SIRIS. It also enables you to designate how long those backups should retain on the target device.
NOTE If your Datto appliance does not subscribe to SIRIS Private service, you will see the Cloud Snapshot and Retention Policy card instead.
The Secure File Restore feature allows you to require credentialed login to SMB shares created for File Restores. When activated, users will be prompted by the Datto appliance to enter the credentials of the account you select before they can access the restore. You can configure secure file restore access at a per-share or global level.
Reporting & Alerting
The Critical Error Alerts setting allows you to specify one or more email addresses which should receive a notification when local snapshots for the selected share are no longer occurring and are unlikely or unable to resume. To enter multiple email addresses, separate each entry in the list with a comma.
The Warning Notices setting allows you to specify one or more email addresses which should receive a notification when the selected share encounters an error condition where a warning state has occurred. For example, a single snapshot for the share may not have taken place, but future snapshots are likely to resume. To enter multiple email addresses, separate each entry in the list with a comma.
The Log Digests setting allows you to specify one or more email addresses which should receive a daily summary of the last 24 hours of activity for the selected share. To enter multiple email addresses, separate each entry in the list with a comma. Your Datto appliance sends logs at midnight (device time). Once you configure this setting, the first log digest will send after the next logging event occurs on your device.
Advanced
Clicking the Force Retention button immediately applies the device's retention policies for the share to its local backups. Learn more here.
The Destroy Live Dataset option will stop any snapshots in progress for the selected share and delete its live disk images from the Datto appliance. It will leave the snapshot chain intact. Selecting this option will result in the share taking a new full backup, which will take up the space of a new full image on your Datto device. Only use this option if the protected share's disks have resized, or if the protected share's disk image is irreparably corrupt.