Associating a Namespace with a Replication Group

To associate a namespace to a replication group, you only need to associate the namespace to any cluster in the replication group. After the namespace is associated, the system will automatically create a namespace with the same name in each of the other clusters.

Prerequisites

If the object service uses IAM authentication, you cannot perform namespace association operations on DeviceManager. If you need to associate a namespace with a replication group, create a replication bucket by referring to Creating a Bucket in the Object Service API Reference of the corresponding version.

Procedure

Choose Data Protection > Configuration > Cross-Site DR > Replication Group.
In the function pane, select a replication group from the list on the left and click Operation > Associate Namespace in the upper right corner.
The Create Namespace page is displayed.

Set basic information for the namespace.

Table 1 describes the related parameters.

**Table 1** Namespace parameters
Parameter	Description
Account	Account to which the new namespace belongs.
Name	Name of the new namespace. NOTE: The naming rules of a namespace are as follows: The name must be unique. The name can only consist of letters, digits, underscores (_), hyphens (-), and periods (.), and must contain letters or digits. The name can contain 1 to 255 characters. To enable the object service for a namespace, the namespace name must meet the following rules. Otherwise, the bucket cannot be accessed in virtual hosting mode, and the domain name resolution will fail. In this case, the bucket can be accessed only in path mode. The name can contain only lowercase letters, digits, periods (.), and hyphens (-), and must start and end with a letter or digit. In addition, the name cannot contain the combination of a period and a hyphen (.- or -.), and cannot contain consecutive periods (..). The name can contain 3 to 63 characters.
Storage Pool	Storage pool to which the new namespace belongs.
Redundancy Ratio	Redundancy ratio of the new namespace. It must be the same as that of the owning storage pool. NOTE: This parameter is available only for storage pools that use the EC redundancy policy.
Security Style	Select a security style based on service requirements. Possible options are: Mixed: applies to the scenario where users of CIFS clients (using SMB) and UNIX clients (using NFS/HDFS/DPC) can access and control namespaces. In this style, the permissions are subject to the last permissions set for CIFS clients or UNIX clients. CIFS permissions (NT ACL) and UNIX permissions (UNIX Mode/POSIX ACL/NFSv4 ACL) do not coexist. UNIX: applies to the scenario where UNIX mode bits, POSIX ACLs, or NFSv4 ACLs control user permissions. NOTE: In Mixed style (which supports NT ACLs), if you have configured an NT ACL for a file or directory on a Windows client and switched Mixed to UNIX, the NT ACL in Mixed style will become invalid.

Set the recycle bin function for the namespace.
1. After Recycle Bin is enabled, the system automatically generates the .recyclebininternal directory in the namespace or a dtree of the namespace when files are deleted from the namespace or dtree for the first time. Files are not deleted immediately. Instead, they are moved to the recycle bin and are deleted only after the retention period expires.
  
  After the recycle bin function is enabled, temporary files generated by applications will also be moved to the recycle bin when deleting files.
2. Set the retention period of deleted files of the namespace. If you select Fixed period, you need to set a specific retention period.
  - Both the retention period of the recycle bin and the deletion policy of the namespace take effect on the data in the recycle bin. The data is deleted when either of the two policies is met.
  - The retention period takes effect for both the namespace and HDFS recycle bins.
  - If you select Permanent, files will not be deleted after being moved to the recycle bin. You can go to the .recyclebininternal directory in the namespace to manually delete the files.

Set a directory quota for the namespace.

Table 2 describes the related parameters.

**Table 2** Quota parameters
Parameter		Description
Space Quota	Hard Quota	Space hard quota. If the quota is reached, the system immediately forbids writes and reports an alarm. [Value range] 1 KB to 256 PB The value must be greater than those of Soft Quota and Advisory Quota. NOTE: If the used file space reaches the hard quota, the system forbids writes. If you want the system to report an alarm before writes are forbidden, set a soft quota and an advisory quota.
	Soft Quota	Space soft quota. If the quota is reached, the system reports an alarm but still allows writes. If the soft quota grace period elapses or hard quota is reached, the system immediately forbids writes and reports an alarm. [Value range] 1 KB to 256 PB The value must be greater than that of Advisory Quota and less than that of Hard Quota.
	Advisory Quota	Space advisory quota. If the quota is reached, the system reports an alarm but still allows writes. [Value range] 1 KB to 256 PB The value must be less than those of Soft Quota and Hard Quota.
File Quantity Quota	Hard Quota (K)	File quantity hard quota. If the quota is reached, the system reports an alarm and new files cannot be added. However, operations on existing files are not affected. The unit is thousands. [Value range] 1 to 100,000,000 The value must be greater than those of Soft Quota (K) and Advisory Quota (K). NOTE: If the number of files reaches the hard quota, the system forbids file adding. If you want the system to report an alarm before files cannot be added, set a soft quota and an advisory quota.
	Soft Quota (K)	File quantity soft quota. If the quota is reached, the system reports an alarm but new files can still be added. If the soft quota grace period elapses or hard quota is reached, new files cannot be added and an alarm is reported. The unit is thousands. [Value range] 1 to 100,000,000 The value must be greater than that of Advisory Quota (K) and less than that of Hard Quota (K).
	Advisory Quota (K)	File quantity advisory quota. If the quota is reached, the system reports an alarm but new files can still be added. [Value range] 1 to 100,000,000 The value must be less than those of Soft Quota (K) and Hard Quota (K).
Grace Period	Soft Quota Grace Period (Days)	If the used file space or number of files reaches the soft quota, the system reports an alarm but still allows writes or new files can still be added within this period. If this period elapses, the system immediately forbids writes and new files cannot be added. In addition, an alarm is reported. [Value range] 1 to 4,294,967,294. If this parameter is not specified, the grace period is unlimited. In this case, if the used file space or number of files reaches the soft quota, the system reports an alarm but does not restrict users' writing data or adding new files. NOTE: This parameter can be set only when Soft Quota or Soft Quota (K) is set.

Configure an NFS share.
- The NFS share and CIFS share functions are disabled by default. You are advised not to configure NFS and CIFS shares in this operation but in follow-up operations.
- After the NFS share function is enabled, the object service cannot set the maximum and minimum WORM retention periods at the prefix level in the converged interworking scenario.
- This step can be performed only when the file service is enabled for the storage pool.
1. In Protocol, enable NFS. Then, click Configure in NFS Share.
  The Configure NFS Share page is displayed.
2. Configure access permissions for the NFS share.
  Click Add to add a client. For details, see Adding an NFS Share Client.
  You can click More on the right of a client and select Modify to modify its information.
  
  You can select one or more clients and click Remove, or click More on the right of a client and select Remove, to remove clients.
Configure a CIFS share.
- The NFS share and CIFS share functions are disabled by default. You are advised not to configure NFS and CIFS shares in this operation but in follow-up operations.
- After the CIFS share function is enabled, the object service cannot set the maximum and minimum WORM retention periods at the prefix level in the converged interworking scenario.
- This step can be performed only when the file service is enabled for the storage pool.
1. In Protocol, enable CIFS. Then, click Configure in CIFS Share.
  The Configure CIFS Share page is displayed.
2. Set the name of the CIFS share.
  - The name must be unique.
  - The name cannot contain characters " / \ [ ] : | < > + ; , ? * =, and cannot be ipc$, autohome, ~, or print$ reserved by the system.
  - The name contains 1 to 80 characters.
3. Configure access permissions for the CIFS share.
  Click Add to add a user or user group. For details, see Adding a User or User Group.
  Click More on the right of a user or user group and select Modify to modify the user or user group.
  
  Select one or more users or user groups and click Remove, or click More on the right of a user or user group and select Remove to remove added users or user groups.
Configure the HDFS service.
- This step can be performed only when the HDFS service is enabled for the storage pool.
- When Service Type is set to Intelligent video and image, the HDFS service is not supported.
1. In Protocol, enable HDFS.
2. Select the zone associated with the namespace.
  1. In Associate Zone, click Select.
    The Associate Zone page is displayed on the right.
  2. Select the subnet to which the Access zone to be associated with belongs.
  3. Select the Access zone to be associated.
    If no subnet is configured, you can click Create to create one. For details, see Creating a Subnet.
    
    If a subnet has been configured, you can click Modify in Subnet to modify the subnet parameters. For details, see Modifying a Subnet.
    
    After creating a subnet, you can click Create to create an Access zone. For details, see Creating an Access Zone.
  4. Click OK.
Configure the object service. The object service is enabled by default and cannot be disabled.
1. Configure bucket permissions for the namespace. Possible options are:
  - Private
    The owner of the bucket (the account that creates the bucket) has full control of the bucket. Other users cannot access the bucket without authorization.
  - Public Read
    All users can read objects in the bucket, and only the owner of the bucket (the account that creates the bucket) has the write permission.
  - Public Read and Write
    All users can read, write, and delete objects written by the owner of the bucket (the account that creates the bucket). Unauthorized users cannot read objects written by other accounts but can write or delete objects.
    
    For data security, you are advised to select Private.
Click Advanced and set advanced information about the namespace.
1. Select whether to enable Automatic Update of Atime. Atime indicates the time when a namespace is accessed. After this function is enabled, the system updates the Atime based on the value of Update Frequency.
  
  Enabling Automatic Update of Atime compromises system performance.
2. After Automatic Update of Atime enabled, you need to set the update frequency of Atime. The value can be Hourly or Daily.

Select a case sensitivity mode based on Table 3.

If the file service is disabled, only Case-insensitive is supported.
The case sensitivity mode cannot be modified after the namespace creation is complete.

**Table 3** Case sensitivity recommendations
Protocol	Case Sensitivity	Function Restriction or Impact
NFS/DPC	Case-sensitive	None.
NFS/DPC	Case-insensitive	None.
CIFS	Case-sensitive (not recommended)	The storage system can only process file names carried in client requests in Case-sensitive mode. In addition, the storage system returns case-sensitive file names in its responses that need to carry file names to the client. If the client cannot correctly identify case-sensitive file names, the following circumstances may occur in some special scenarios: Run the ren <src> <dest> command in the cmd window. If a file with the same name as the <src> file exists (for example, in Case-insensitive mode, file_A and file_a in the same directory), the client may display a message indicating that a file with the same name exists or no file can be found. In Explorer, right-click the file file in a folder and choose Delete from the shortcut menu. If a file with the same name (for example, File) exists in the folder, the File file may be wrongly deleted and the file file still remains after the deletion due to the cache eviction policy of the client. In this case, if you access the file file, a message indicating that the file does not exist will be displayed. Then, refresh the page. The File file is restored and the file file disappears. Run the del <dest> command in the cmd window. If a file with the same name as the <dest> file exists (for example, file_A and file_a), the file deleted may not be the <dest> file you intended to delete. For example, the file deleted after you run the del file_A command may be the file_a file. CAUTION: If the preceding scenarios have no impact on services or the impact is acceptable, before enabling the CIFS protocol, you are advised to choose the Case-sensitive mode, enable the recycle bin function of the namespace, and set a proper retention period to reduce the probability of data loss caused by abnormal client behaviors.
CIFS	Case-insensitive (recommended)	None.
Object/HDFS	Case-sensitive (recommended)	None.
Object/HDFS	Case-insensitive (not recommended)	The listing operation of the HDFS or object protocol returns results in case-insensitive lexicographical order, which is different from that of the standard protocol.
CAUTION: If interworking between the CIFS protocol and the HDFS or object protocol is required, you need evaluate the service impact of the functions that are unavailable in this scenario in advance and select a case sensitivity mode with the minimum impact. If you cannot evaluate the impact on services, contact technical support engineers.

Enable QoS Policy. Select the QoS policy to be configured for the namespace from the QoS Policy drop-down list.

You can click Create to create a QoS policy.

Set the data security and protection functions of the namespace.

Table 4 describes the related parameters.

**Table 4** Data security and protection parameters
Parameter	Description
Snapshot Directory Visibility	Whether the directory of namespace snapshots is visible. If this parameter is set to Visible, the system displays the .snapshot directory in the namespace.
Cross-Site DR	This function is enabled by default.
Replication Group	Name of the replication group to which the namespace is to be bound.
Data Encryption	Whether to enable the data encryption function. After this function is enabled, the system generates a key to encrypt the data written to the namespace. NOTE: Data encryption is supported only after an advanced license is imported. Data encryption can be configured for a namespace only during the creation of the namespace. In addition, it cannot be disabled once being enabled. Before enabling data encryption for a namespace, enable data encryption for the account. After data encryption is enabled, the I/O performance of non-encrypted services will be affected. Confirm that this function needs to be enabled.
Encryption Algorithm	After Data Encryption is enabled, you need to select an encryption algorithm. The value can be XTS-AES-128, XTS-AES-256, or XTS-SM4. NOTE: The encryption algorithm can be configured only during namespace creation and cannot be modified after that. XTS-SM4 can be selected only after a license supporting the SM algorithm is imported. XTS-SM4 is supported only in the Chinese mainland.
Synchronize	After this function is enabled, data encryption will be enabled for the corresponding namespaces in remote clusters in the replication group and the selected encryption algorithm will be used. Ensure that data encryption has been enabled for the corresponding accounts in the remote clusters. NOTE: This parameter is available only when both Cross-Site DR and Data Encryption are enabled. It can be configured only during namespace creation and cannot be disabled after being enabled. This parameter is not displayed when the object service uses IAM authentication.
Audit Log	Whether to enable the audit log function of the namespace. After this function is enabled, the system logs operations of the namespace. NOTE: This function can be set only when the data pilot service is enabled for the storage pool.
Record Type	After the audit log function is enabled, set the operation type to be recorded in audit logs. Possible options are Create, Delete, and Rename.

Configure SmartIndexing. After SmartIndexing is enabled, the system creates indexes for the system metadata and custom metadata fields of files in the namespace. You can search for a list of files through metadata.

This function can be set only when the data pilot service is enabled for the storage pool.

Set the WORM attribute of a namespace. That is, data is written once and read multiple times. You can set a protection period for a file. During the protection period, the file can be read but cannot be modified or deleted. After the protection period expires, the file can be deleted.

When creating a namespace, if you associate the namespace with a replication group and disable WORM, WORM cannot be enabled after the namespace is created.

Enable WORM.

Select a policy mode. Possible options are:

Enterprise: used by enterprises to implement internal control. The retention period and permissions of common users and privileged users are set to ensure secure data access security and prevent data tampering, protecting archived files and data of enterprises. Common users cannot modify, rename, or delete files within the retention period. Privileged users (system administrators) cannot modify or rename files within the retention period, but they can use the privilege to delete files. Common users and system administrators cannot modify or rename files whose retention period expires, but can read or delete the files.

Table 5 describes the related parameters.

**Table 5** Parameters of the Enterprise policy mode
Parameter	Description
Max. Retention Period	Maximum protection period supported by a specified namespace.
Min. Retention Period	Minimum protection period supported by a specified namespace.
Default Retention Period	Default protection period after a file enters the protection state.
Auto Lock	After this function is enabled, if a file is not modified within the default waiting time, the file automatically enters the locked state.
Legal Hold File Modification	Common users and privileged users cannot delete legal hold files within the retention period. After the function is enabled, the retention periods of the legal hold files can be modified.

None: indicates the None mode, which means that uploaded objects are not protected by default.
After Legal Hold File Modification is enabled, the retention periods of the legal hold files can be modified.

Click OK.
Confirm your operation as prompted.