Cloud Storage Benutzerhandbuch - 3. Details
Personal Cloud Storage → Personal storage for employees & students with exclusive access rights
The personal directory (Personal Cloud Storage) is your personal storage space on the online storage. It is accessible via the path \\nas.ads.mwn.de\<identifier>
(e.g. \\nas.ads.mwn.de\ne23mek
).
Only your own directory is visible this way - personal file stores of other users cannot be viewed.
The personal storage offers snapshots as a backup. They provide an easy way to reconstruct accidentally deleted, modified or damaged files or directories. Any user can find and restore older versions by himself (user-controlled recovery) without having to contact an administrator, service desk, etc.
Note: The quota of the personal storage area cannot be increased for individual users. Once a year, a global quota increase of the personal storage areas is decided upon, taking into account various boundary conditions, and a higher quota is introduced if necessary. Information about the current quota can be found here.
To access the storage, please follow the explanations in the section Accessing the Storage.
Employees, students and guests have personal storage space on the Personal Cloud Storage (last updated: ).
- with a maximum capacity of currently 400 GB (= quota) and
- a limit of 1,200,000 files (incl. directories)
Institutional Cloud Storage → Shared storage for faculties, institutions, and projects (restricted share)
Project drives (Institutional Cloud Storage) can be created for collaboration and data exchange with other users. Similar to how each user has a personal storage space (Personal Cloud Storage), it is possible to allocate chairs or individual projects storage space. This can then be shared by a user group managed by a chair administrator. Access rights can be assigned to the shared areas on a fine-grained basis. Please note the information on the sensible use of a project repository as well as the limits of its use.
Faculties or central institutions normally already have their own shared storage. If you want to use a project directory, please contact the IT support of your institution or, if known, your responsible chair administrator. To access the storage, see Accessing the Storage apply analogously.
The project repository is structured based on the organizational structure of the institution. Here at the example of the TUM:
Einrichtung/Fakultät | Kürzel | Share |
Center of Mathematics | MA |
|
Faculty of Economics | WI |
|
Faculty of Civil Engineering and Surveying | BV |
|
Faculty of Architecture | AR |
|
Faculty of Chemistry | CH | \\nas.ads.mwn.de\tuch |
Faculty of Mechanical Engineering | MW |
|
Faculty of Electrical Engineering and Information Technology | EI |
|
Faculty of Computer Science | IN |
|
Weihenstephan Science Center | WZ |
|
... and others | ... |
|
The storage space of a faculty or a central institution can be further subdivided for chairs, departments or special projects. This division is the responsibility of the faculty administrator (also: Information Officer - IO) of the faculty or a representative designated by him. The area for a chair, for example, is given a three-digit abbreviation and receives its own quota. The central administration (abbreviation: ZV) of the TUM (abbreviation: TU) can be reached e.g. at \\nas.ads.mwn.de\tuzv
. It has a subunit "Zentrale Abteilung 7 - EDV" with the abbreviation "ZA7" and the share name "TUZVZA7$". The storage area for file storage "TUZVZA7$" can be reached in two ways:
- Via the share
\\nas.ads.mwn.de\tuzv
of the setup central administration. The storage area of the "ZA7" subunit is then visible here as a folder named "za7
". - Likewise, the "direct" address of the share of the subunit "ZA7" can be specified:
\tuzvza7$.ads.mwn.de
.
Within each project drive (institutional cloud storage) of an organization, there is a directory called "public". All members of the institution (e.g. TUM or LMU) have read access to this directory.
In contrast to the optionally available directory "www-public", a login is required for authentication. Write permissions can be assigned by the partial administrator of the organization.
Temporary Cloud Storage → temporary storage (public share)
The temporary directory can be accessed under the path \\nas.ads.mwn.de\mwntemp
.
All users can each store up to 10 GB or 50,000 files in the temporary file store. This makes it very easy to share documents without using a project folder.
The content of the temporary file storage is automatically deleted after 48 hours, so that no files that are needed for a longer period of time should be stored here. Unlike the other filing areas, only the last 24 hours are saved in snapshots (6 snapshots every 4 hours).
As no rights are set, ALL users of the online storage can access these files!
ISAR Cloud Storage → Integrated Simple ARchive
Accessibility
This page contains alternative texts for images/graphics.
Description
The Integrated Simple ARchive (ISAR) Cloud Storage allows partial administrators of the MWN-ADS to move data from the cloud storage nas.mwn.de to an online archiving area. The data on the ISAR cloud storage is kept online for ten years and additionally backed up in the archive and backup system of the LRZ. After the retention period of 10 years, an automatic sliding deletion of the files from the file system of the ISAR Cloud Storage takes place. After such a deletion, the data is available for another 10 years from the archive and backup system of the LRZ for a restore. Thus, ISAR Cloud Storage provides a convenient way for institutions in the MWN to offload data worthy of retention to a disk system at the LRZ for the long term without having to deal with an archiving system itself.
ISAR Cloud Storage is not a substitute for server or file storage backup! For this purpose, please use the archive and backup system of the LRZ.
Setup
The ISAR Cloud Storage is accessible via the "Fully Qualified Domain Name" (FQDN) isar.mwn.de. The folder structure on the ISAR Cloud Storage is based on the faculty and chair structure on the cloud storage nas.mwn.de. A dedicated folder 01_ISAR is set up below each chair to store files for online archiving and cannot be modified. Only folders and files below the 01_ISAR folder are backed up through the archive and backup system and retained for an additional 10 years.
Partial administrator:s cannot customize NTFS permissions. Permission to access ISAR Cloud Storage is controlled by the respective institution's MNFKLS1GM-ISAR Admins group in MWN-ADS. The authorization for the ISAR Cloud Storage must be requested via the IT support of the TUM or the LRZ.
Write access
Write access for the ISAR Cloud Storage is exclusively reserved for partial administrators and cannot be delegated further.
Reading access
A reading access for members of the respective institution can be set up via the respective group MWNFKLS1GM-ISAR-READERS in the subarea of the institution in MWN-ADS. The membership in the "readers" group can be managed by the partial administrators themselves.
Usage
Partial administrators can currently access the ISAR Cloud Storage storage area from throughout MWN. We recommend accessing ISAR Cloud Storage and filing data via the management server managementserver. All conventional methods under Windows are supported. However, please note the restrictions on path length with Windows Explorer. Please do not store many millions of single small files, but pack these files accordingly, as the maximum number of files is limited for performance reasons.
After transferring the data to the ISAR Cloud Storage, the files are automatically written to the archive and backup system of the LRZ on tape with a time delay. It is recommended to keep the files online for at least another four weeks until the data is written to tape. When naming the storage folder on the ISAR Cloud Storage, partial administrators should ensure that the names are unique in order to make it easier to find files again and to prevent files from being accidentally overwritten in the backup system.
Windows Explorer
You can copy the files to be archived to the ISAR Cloud Storage as usual using the Windows Explorer. However, you should consider the limitation for the path length of 255 characters with Windows Explorer. The path length can lead to problems, which is why we do not recommend using Windows Explorer for deeper folder structures.
File manager Totalcommander
As a replacement for Windows Explorer for transferring files, we recommend the file manager Totalcommander preinstalled on managementserver. The tool can be found as a desktop shortcut on the management server managementserver. Totalcommander can handle long paths (no limitation of path length to 255 characters like Windows Explorer). The user will be notified if the path length exceeds 255 characters, but the file manager will copy the files anyway.
Easy copying of files with drag and drop:
Compare folder structures via "Commands - Synchronize directory ...":
Command line - Robocopy
For experienced partial administrators who are familiar with the use of command lines, the use of Robocopy is recommended. With this tool, folder structures can be transferred easily. A detailed summary is provided at the end of the process.
Transferring the Project Data folder and its contents to ISAR Cloud Storage into a Project Data folder:
Robocopy.exe \\nas.ads.mwn.de\mnfk\ls1\Projektdaten \\isar.mwn.de\mnfk\ls1\01_ISAR\Projektdaten /e
Mirror the Project Data folder and its contents, deleting all files that are too much on the target system:
Robocopy.exe \\nas.ads.mwn.de\mnfk\ls1\Projektdaten \\isar.mwn.de\mnfk\ls1\01_ISAR\Projektdaten /mir
Verification that all files have been transferred from the Project Data folder without transferring any files:
Robocopy.exe \\nas.ads.mwn.de\mnfk\ls1\Projektdaten \\isar.mwn.de\mnfk\ls1\01_ISAR\Projektdaten /e /l /ns /ndl /fp
Logs
Below the directory 00_LOGS of each facility there is information about the last TSM backup runs of the facility and an extract of all data backed up for the area in the respective TSM node. The log files and extracts are also backed up to the respective TSM node of the facility. The logs will be available as of 4/1/2019. Prior to this date, only limited backup logs exist.
ISAR_Archived
In the directory \\isar.ads.mwn.de\MNFK\LS1\00_LOGS\ISAR_Archived an extract of all files backed up in the TSM node of your institution is created and stored once a week. You will find information when the file was backed up and the exact path to the file.
ISAR_BackupLogs
A scheduler on the ISAR starts a backup of the data twice a day. The volumes are backed up one after the other. Depending on the load due to the newly added data the single volumes are processed. The log about the last TSM backup runs is stored in the directory \\isar.ads.mwn.de\MNFK\LS1\00_LOGS\ISAR_BackupLogs. The backup logs are named with the timestamp and can be found online in the directory for seven days.
Best practice, bad practice, and wrong usage of the Cloud Storage
While institutional cloud storage is quite excellent for document storage and workgroup use, it is not a good solution for every deployment. This article lists the most important criteria for useful, not recommended and wrong uses:
Useful applications of cloud storage
Replacement of local file servers for documents
Small workgroups with 10-100 employees often have their own file servers with a few terabytes of storage space. These can easily be migrated to the institutional cloud storage (project storage). The local file servers can then be dissolved.
Workgroup-, department-, university- wide projects
If employees from different departments of a university are to work together in a project, one of the participating institutes can release part of its own storage area for the project and grant access rights to all project employees.
MWN-wide file access
You have access to your data within the entire MWN. The LRZ ensures that local firewalls within the Munich Scientific Network also allow traffic to the file services to pass through to the LRZ Cloud Storage. This is not easy to implement with own file servers, because the CIFS typical ports are often blocked. If local firewalls at the chair (or/and the own computer) block access, the responsible administrators must be asked to enable access for the CIFS ports and IP addresses.
Remote Access
Access to the file services is possible worldwide via the LRZ VPN. Since the file services support SMB 2.x and 3.x, the performance over WAN lines is quite good. If no VPN is available, the data can be accessed with a web browser via the web disk (https://webdisk.ads.mwn.de).
Storage for CIP pools
Zentrale Rechnerräume können für die Dateidienste konfiguriert werden. Damit können die Benutzer sehr einfach von jedem Rechner im CIP-Pool auf ihre Dateien zugreifen.
Disrecommended usage of cloud storage
Server operation on the file services
If applications with intensive I/O with individual files (measurement data analysis, translating programs, etc.) are run on the LRZ Cloud Storage and the processing computer is located locally, performance losses are to be expected. Test whether the performance is acceptable for you. If the load on the storage systems increases too much, the LRZ reserves the right to throttle the corresponding storage area in terms of IOPs and/or data throughput. Alternatively, you should consider either keeping the server and data local or moving both to an LRZ hosted environment.
Storage for large media and sensor data
File services are less well suited for large media and sensor data as well as for storing data from GPU/GPGPU-systems (e.g. AI-applications. etc. ) because the storage systems were not designed for this purpose. If you decide to keep or purchase a local file server, we recommend that the file server be integrated into the central Active Directory. Backup should be performed using the LRZ offerings.
When it comes to archiving data for a longer period of time (good scientific practice), we recommend using the archive and backup service of the LRZ or the ISAR Cloud Storage.
Image-based encryption
It is not recommended to use image-based encryption on the file services on a larger scale (e.g. Truecrypt with very large directories). Due to the way these encryption methods work, only one large file is created from the entire directory tree, which can only be handled as a whole by the file server. Restoring individual files from the original directory using snapshots is therefore only possible in a roundabout way. In addition, several people can no longer access the encrypted area at the same time.
If you consider encryption necessary, we recommend the use of file-based encryption methods (e.g. PGP). With any encryption, attention must be paid to the long-term management of the keys. A key loss means the irretrievable loss of the data.
Incorrect usage of cloud storage
There are some use cases where we explicitly advise against using the central storage.
Database server on project storage
It is not recommended to operate multi-user databases or other applications with parallel access by multiple users/instances on the LRZ Cloud Storage. The technical configuration (activated oplocks) is optimized for normal file operation and can lead to problems up to and including data loss in the event of connection interruptions.
However, there are no objections to storing e.g. simple Access databases that are operated in single-user mode.
Backup
The project storage is not to be used for storing backups. For this purpose, the LRZ offers specific solutions that not only provide a longer retention period (at least 6 months instead of 4 weeks), but are also optimized for this purpose.
Home directories for Linux/Unix
Native home directories for Linux/Unix servers are currently not possible, since no NFS is offered and the CIFS clients do not support some Unix specialties (soft links). However, it is easily possible to provide project storage or personal storage as a subdirectory in the home directory. The CIFS semantics then also cause no problems when sharing e.g. office documents.
Offline Folder
Offline folders repeatedly cause problems in daily operation, since synchronization with the storage system is sometimes interrupted or no longer functions properly. This can lead to files not being saved or only older versions of a file being saved on the storage system. For this reason, the use of offline folders is NOT recommended!