Creating a Namespace

Procedure

1. Choose Resources > Resources > Namespace.
2. Select a desired account from the Account drop-down list in the upper left corner.
3. Click Create.

   The Create Namespace page is displayed.

4. Set basic information for the namespace.

   Table 1 describes related parameters.

   Table 1 Namespace parameters

   Parameter	Description
   Name	Name of the new namespace. NOTE: The naming rules of a namespace are as follows: The name must be unique. The name can only consist of letters, digits, underscores (_), hyphens (-), and periods (.), and must contain letters or digits. The name can contain 1 to 255 characters. To enable the object service for a namespace, the namespace name must meet the following rules. Otherwise, the bucket cannot be accessed in virtual hosting mode, and the domain name resolution will fail. In this case, the bucket can be accessed only in path mode. The name can contain only lowercase letters, digits, periods (.), and hyphens (-), and must start and end with a letter or digit. In addition, the name cannot contain the combination of a period and a hyphen (.- or -.), and cannot contain consecutive periods (..). The name can contain 3 to 63 characters. The name cannot be an IP address.
   Storage Pool	Storage pool to which the new namespace belongs.
   Redundancy Ratio	Redundancy ratio of the new namespace. It must be the same as that of the owning storage pool. NOTE: This parameter is available only for storage pools that use the EC redundancy policy.
   Security Style	Select a security style based on service requirements. Possible options are: Mixed: applies to the scenario where users of CIFS clients (using SMB) and UNIX clients (using NFS/HDFS/DPC) can access and control namespaces. In this style, the permissions are subject to the last permissions set for CIFS clients or UNIX clients. CIFS permissions (NT ACL) and UNIX permissions (UNIX Mode/POSIX ACL/NFSv4 ACL) do not coexist. UNIX: applies to the scenario where UNIX mode bits, POSIX ACLs, or NFSv4 ACLs control user permissions. NOTE: In Mixed style (which supports NT ACLs), if you configure an NT ACL for a file or directory on a Windows client and switch Mixed to UNIX, the NT ACL in Mixed style will become invalid.
   Application Type	The following preset application types are provided for typical applications: GENERAL and PACS. NOTE: The picture archiving and communication system (PACS) is applicable to medical imaging scenarios in hospital imaging departments. For details about the PACS, see the Product Description of the corresponding version. GENERAL is the default value and applies to scenarios except those of PACS. For a namespace with the PACS application type, the semantic-layer distribution algorithm is Simplified mode. In this mode, the number of directory fragments is 1. For a namespace with the GENERAL application type, the semantic-layer distribution algorithm is Balanced mode. In this mode, the number of directory fragments is 8. Directory fragmentation is used to divide a directory metadata object into multiple logical metadata objects. The number of directory fragments refers to the number of copies of metadata objects divided from a single directory. Before a directory is fragmented, subfile data and metadata objects in the directory can belong to only one storage node, leading to concentrated pressure on this node. After the directory is fragmented, subfile data and metadata objects in the directory can evenly belong to multiple storage nodes, improving the namespace concurrency capability. Multiple directory fragments are suitable for large directories or directories that contain multiple large files. You can also run the create namespace general command on the CLI to create a namespace with other directory fragments. For details, see the Command Reference of the corresponding version.

5. Set the recycle bin function for the namespace.
   1. Enable Recycle Bin. After the recycle bin function is enabled, the system automatically generates the .recyclebininternal directory in the namespace or a dtree of the namespace when files are deleted from the namespace or dtree for the first time. Files are not deleted immediately. Instead, they are moved to the recycle bin and are deleted only after the retention period expires.
      

      After the recycle bin function is enabled, temporary files generated by applications will also be moved to the recycle bin during file deletion.

   2. Set recycle bin parameters. Table 2 describes related parameters.

      Table 2 Recycle bin parameters

      Parameter	Description
      Retention Period	Duration for retaining files in the recycle bin. If you select Fixed period, you need to set a specific retention period. NOTE: If you select Permanent, files will not be deleted after being moved to the recycle bin. You can go to the .recyclebininternal directory in the namespace to manually delete the files. The retention period takes effect for both the namespace and HDFS recycle bins.
      Recycle Bin Directory Visibility	Whether the recycle bin directory is visible. If this parameter is set to Visible, the system displays the namespace and the .recyclebininternal directory in the dtree of the namespace.
      Recycle Bin Operation Permission	Select a user who can operate files in the recycle bin. root: Only user root can operate files in the recycle bin. Common user: The system creates a directory for each user based on the user name and user ID. Users have the permission to operate files in their own directories. User root has the permission to operate all users' directories.

      

      Both the retention period of the recycle bin and the deletion policy of the namespace take effect on the data in the recycle bin. The data is deleted when either of the two policies is met.

6. Set a directory quota for the namespace.
   Table 3 describes related parameters.

   Table 3 Quota parameters

   Parameter		Description
   Space Quota	Hard Quota	Space hard quota. If the quota is reached, the system immediately forbids writes and reports an alarm. [Value range] 1 KB to 256 PB The value must be greater than those of Soft Quota and Advisory Quota. NOTE: If the used file space reaches the hard quota, the system forbids writes. If you want the system to report an alarm before writes are forbidden, set a soft quota and an advisory quota.
   	Soft Quota	Space soft quota. If the quota is reached, the system reports an alarm but still allows writes. If the soft quota grace period elapses or hard quota is reached, the system immediately forbids writes and reports an alarm. [Value range] 1 KB to 256 PB The value must be greater than that of Advisory Quota and less than that of Hard Quota.
   	Advisory Quota	Space advisory quota. If the quota is reached, the system reports an alarm but still allows writes. [Value range] 1 KB to 256 PB The value must be less than those of Soft Quota and Hard Quota.
   File Quantity Quota	Hard Quota (K)	File quantity hard quota. If the quota is reached, the system reports an alarm and new files cannot be added. However, operations on existing files are not affected. The unit is thousands. [Value range] 1 to 100,000,000 The value must be greater than those of Soft Quota (K) and Advisory Quota (K). NOTE: If the number of files reaches the hard quota, the system forbids file adding. If you want the system to report an alarm before files cannot be added, set a soft quota and an advisory quota.
   	Soft Quota (K)	File quantity soft quota. If the quota is reached, the system reports an alarm but new files can still be added. If the soft quota grace period elapses or hard quota is reached, new files cannot be added and an alarm is reported. The unit is thousands. [Value range] 1 to 100,000,000 The value must be greater than that of Advisory Quota (K) and less than that of Hard Quota (K).
   	Advisory Quota (K)	File quantity advisory quota. If the quota is reached, the system reports an alarm but new files can still be added. [Value range] 1 to 100,000,000 The value must be less than those of Soft Quota (K) and Hard Quota (K).
   Grace Period	Soft Quota Grace Period (Days)	If the used file space or number of files reaches the soft quota, the system generates an alarm but still allows users' writing data or adding new files within this period. If this period elapses, the system immediately forbids writes and new files cannot be added. In addition, an alarm is reported. [Value range] 1 to 4,294,967,294. If this parameter is not specified, the grace period is unlimited. In this case, if the used file space or number of files reaches the soft quota, the system reports an alarm but does not restrict users' writing data or adding new files. NOTE: This parameter can be set only when Soft Quota or Soft Quota (K) is set.

7. Determine whether to enable the DPC function of the namespace. After this function is enabled, the namespace can be mounted to the DPC node.
   

   • After the DPC function is enabled, the maximum and minimum WORM retention periods cannot be set for the object service at the prefix level in the converged interworking scenario.
   • DPC cannot be enabled when a namespace is created and associated with a replication group.
   • When Service Type is set to Intelligent video and image, Backup and archiving, or Media, DPC is not supported.

8. Configure an NFS share.
   

   • The NFS share function is disabled by default. It is recommended that an NFS share is configured not in this operation but in follow-up operations.
   • After the NFS share function is enabled, the maximum and minimum WORM retention periods cannot be set for the object service at the prefix level in the converged interworking scenario.
   • This step can be performed only when the file service is enabled for the storage pool.
   1. Enable NFS and click Configure.

      The Configure NFS Share page is displayed.

   2. Configure access permissions for the NFS share.
      Click Add to add a client. For details, see Adding an NFS Share Client.

      

      • You can click More on the right of a client and select Modify to modify its information.
      • You can select one or more clients and click Remove, or click More on the right of a client and select Remove, to remove clients.
   3. Click OK.

9. Configure a CIFS share.
   

   • The CIFS share function is disabled by default. It is recommended that a CIFS share is configured not in this operation but in follow-up operations.
   • After the CIFS share function is enabled, the maximum and minimum WORM retention periods cannot be set for the object service at the prefix level in the converged interworking scenario.
   • This step can be performed only when the file service is enabled for the storage pool.
   1. Enable CIFS and click Configure.

      The Configure CIFS Share page is displayed.

   2. Set the name of the CIFS share.
      

      • The name must be unique.
      • The share name cannot contain characters " / \ [ ] : | < > + ; , ? * =, or be reserved name ipc$, autohome, ~, or print$.
      • The name contains 1 to 80 characters.
   3. Configure access permissions for the CIFS share.
      Click Add to add a user or user group. For details, see Adding a User or User Group.

      

      • Click More on the right of a user or user group and select Modify to modify the user or user group.
      • Select one or more users or user groups and click Remove, or click More on the right of a user or user group and select Remove to remove added users or user groups.
   4. Click OK.

10. Configure an FTP share.
    

    • The FTP share function is disabled by default. It is recommended that an FTP share is configured not in this operation but in follow-up operations.
    • This operation is available only when the file, object, or HDFS service is enabled for the storage pool.
    • Before configuring an FTP share, enable the FTP service and set the FTP share authentication type. For details, see Managing the FTP Service and Setting an Authentication Type.
    1. Enable FTP and click Configure.

       The Configure FTP Share page is displayed.

    2. Set the name of the FTP share.
       

       • The name must be unique.
       • The share name cannot contain characters "/\[]:|<>+;,?*=#, start or end with a space, or be reserved name ipc$, autohome, ~, or print$.
       • The name contains 1 to 80 characters.
    3. Configure access permissions for the FTP share.
       Click Add to add a user. For details, see Adding a User.

       

       • Click More on the right of a user and select Modify to modify the user's permissions.
       • Select a user and click Remove, or click More on the right of the user and select Remove to remove the user.
    4. Click OK.

11. Configure the HDFS service.
    

    • This step can be performed only when the HDFS service is enabled for the storage pool.
    • When Service Type is set to Intelligent video and image or Backup and archiving, the HDFS service is not supported.
    1. In Protocol, enable HDFS.
    2. Select the zone associated with the namespace.
       1. In Associate with Zone, click Select.

          The Associate with Zone (HDFS) page is displayed on the right.

       2. Select the subnet to which the access zone to be associated with belongs.
       3. Select the access zone to be associated.
          

          • If no subnet is configured, you can click Create to create one. For details, see Creating a Subnet.
          • If a subnet has been configured, you can click Modify in Subnet to modify the subnet parameters. For details, see Modifying a Subnet.
          • After creating a subnet, you can click Create to create an Access zone. For details, see Creating an Access Zone.
       4. Click OK.

12. Configure the object service.
    

    • The object protocol can be enabled only when the object service is enabled for the storage pool and POE authentication is used. If IAM authentication is used, the object protocol cannot be enabled.
    • The object service is supported only when Service Type is set to Intelligent video and image and a license that supports SmartInterworking is imported. The object service is not supported in IVS scenarios.
    1. In Protocol, enable Object.
    2. Configure bucket permissions for the namespace. Possible options are:
       • Private

         The owner of the bucket (the account that creates the bucket) has full control of the bucket. Other users cannot access the bucket without authorization.

       • Public Read

         All users can read objects in the bucket, and only the owner of the bucket (the account that creates the bucket) has the write permission.

       • Public Read and Write

         All users can read, write, and delete objects written by the owner of the bucket (the account that creates the bucket). Unauthorized users cannot read objects written by other accounts but can write or delete objects.

         

         For data security, you are advised to select Private.

13. Click Advanced and set advanced information about the namespace.
    1. Select whether to enable Automatic Update of Atime. Atime indicates the time when the namespace is accessed. After this function is enabled, the system updates the atime based on the value of Update Frequency.
       

       Enabling Automatic Update of Atime compromises system performance.

    2. After Automatic Update of Atime enabled, you need to set the update frequency of atime. The value can be Hourly or Daily.

14. Select a case sensitivity mode based on Table 4.
    

    • If the file service is disabled, only Case-insensitive is supported.
    • The case sensitivity mode cannot be modified after the namespace creation is complete.

    Table 4 Case sensitivity recommendations

    Protocol	Case Sensitivity	Function Restriction or Impact
    NFS/FTP/DPC	Case-sensitive	None.
    	Case-insensitive	None.
    CIFS	Case-sensitive (not recommended)	The storage system can only process file names carried in client requests in Case-sensitive mode. In addition, the storage system returns case-sensitive file names in its responses that need to carry file names to the client. If the client cannot correctly identify case-sensitive file names, the following circumstances may occur in some special scenarios: Run the ren <src> <dest> command in the cmd window. If a file with the same name as the <src> file exists (for example, in Case-insensitive mode, file_A and file_a in the same directory), the client may display a message indicating that a file with the same name exists or no file can be found. In Explorer, right-click the file file in a folder and choose Delete from the shortcut menu. If a file with the same name (for example, File) exists in the folder, the File file may be wrongly deleted and the file file still remains after the deletion due to the cache eviction policy of the client. In this case, if you access the file file, a message indicating that the file does not exist will be displayed. Then, refresh the page. The File file is restored and the file file disappears. Run the del <dest> command in the cmd window. If a file with the same name as the <dest> file exists (for example, file_A and file_a), the file deleted may not be the <dest> file you intended to delete. For example, the file deleted after you run the del file_A command may be the file_a file. CAUTION: If the preceding scenarios have no impact on services or the impact is acceptable, before enabling the CIFS protocol, you are advised to choose the Case-sensitive mode, enable the recycle bin function of the namespace, and set a proper retention period to reduce the probability of data loss caused by abnormal client behaviors.
    	Case-insensitive (recommended)	None.
    Object/HDFS	Case-sensitive (recommended)	None.
    	Case-insensitive (not recommended)	The listing operation of the HDFS or object protocol returns results in case-insensitive lexicographical order, which is different from that of the standard protocol.
    CAUTION: If interworking between the CIFS protocol and the HDFS or object protocol is required, you need evaluate the service impact of the functions that are unavailable in this scenario in advance and select a case sensitivity mode with the minimum impact. If you cannot evaluate the impact on services, contact technical support engineers.

15. Set the display mode of the space occupied by directories or files when the ls -l command is executed. For details, see Table 5.

    Table 5 Directory and file space display

    Directory Space Display	Current Directory	File in Current Directory	Subdirectory in Current Directory	Subdirectory File
    Space occupied by a directory	√	X	X	X
    Space occupied by all files in the current directory	X	√	X	X
    Space occupied by all files in the current directory and its subdirectories	X	√	X	√
    √: The space size is displayed. X: The space size is not displayed.

16. Enable QoS Policy. Select the QoS policy to be configured for the namespace from the QoS Policy drop-down list.
    

    You can click Create to create a QoS policy.

17. Set the data security and protection functions of the namespace.

    Table 6 describes related parameters.

    Table 6 Data security and protection parameters

    Parameter	Description
    Snapshot Directory Visibility	Whether the directory of namespace snapshots is visible. If this parameter is set to Visible, the system displays the .snapshot directory in the namespace.
    Cross-Site DR	Whether to enable the cross-site DR function. After this function is enabled, data in a bucket is replicated based on the primary/standby relationship in a replication group. NOTE: Replication can be enabled only during namespace creation and cannot be disabled after being enabled. Before enabling cross-site DR, enable the object protocol. This parameter is not displayed when the object service uses IAM authentication. When Service Type is set to General, cross-site DR can be configured only after an advanced license is imported. When Service Type is set to Intelligent video and image, cross-site DR is not supported. Cross-site DR cannot be configured for namespaces for which the remote replication feature has been configured. Cross-site DR cannot be configured for namespaces for which a compression policy has been configured. Cross-site DR cannot be configured for namespaces for which the DPC function has been enabled.
    Replication Group	Select the replication group to be bound to a namespace. The replication group cannot be changed after being bound. NOTE: Replication groups can be selected only after cross-site DR is enabled. If the required replication group does not exist, create one by following instructions provided in Creating a Replication Group. This parameter is not displayed when the object service uses IAM authentication. If you need to bind a replication group, create a replication bucket by referring to Object Service API Reference > Operations on Buckets" > Creating a Bucket in the Service Plane API Description for Object of the corresponding version.
    Data Encryption	Whether to enable the data encryption function. After this function is enabled, the system generates a key to encrypt the data written to the namespace. NOTE: Data encryption is supported only after an advanced license is imported. Data encryption can be configured for a namespace only during the creation of the namespace. In addition, it cannot be disabled once being enabled. Before enabling data encryption for a namespace, enable data encryption for the account. After data encryption is enabled, the I/O performance of non-encrypted services will be affected. Confirm that this function needs to be enabled. When the object protocol is enabled for the namespace, data encryption and SSE-C server-side encryption cannot be used at the same time. Double encryption severely affects performance. If data encryption is enabled, the object protocol no longer supports SSE-C server-side encryption for individual objects. Standard SmartCompression and data encryption are mutually exclusive and cannot be enabled at the same time.
    Encryption Algorithm	After data encryption is enabled, you need to select an encryption algorithm. The value can be XTS-AES-128, XTS-AES-256, or XTS-SM4. NOTE: The encryption algorithm can be configured only during namespace creation and cannot be modified after that. XTS-SM4 can be selected only after a license supporting the SM algorithm is imported. XTS-SM4 is supported only in the Chinese mainland.
    Synchronize	After this function is enabled, data encryption will be enabled for the corresponding namespaces in remote clusters in the replication group and the selected encryption algorithm will be used. Ensure that data encryption has been enabled for the corresponding accounts in the remote clusters. NOTE: This parameter is available only when both Cross-Site DR and Data Encryption are enabled. It can be configured only during namespace creation and cannot be disabled after being enabled. This parameter is not displayed when the object service uses IAM authentication.

18. Set Tiered Storage.
    1. Enable Tiered Storage.
    2. In the Heterogeneous Device area, select a heterogeneous device that has been added to the storage system. If no heterogeneous device is available, add one by following the instructions provided in Adding a Heterogeneous Device.
    3. In the Target Bucket Name area, enter the name of the bucket on the heterogeneous device.
    4. Determine whether to enable the Retrieve Entire File Upon Direct Read function. When a client initiates a request to read data from a file that has been migrated to a heterogeneous device using SmartTier, the storage system will read the file data from the heterogeneous device by default. After this function is enabled, the storage system will automatically retrieve the entire file during data read from the heterogeneous device and retain the file locally (for one day by default) to improve the performance of continuous reads in a short period of time. However, this will occupy service bandwidth. Therefore, you are advised to enable this function when you have sound network conditions and need to read one file multiple times.
       

       • Ensure that the target bucket is in the account used by the heterogeneous device to provide services.
       • The target bucket name contains 1 to 255 characters.
       • The target bucket name can contain only letters, digits, hyphens (-), underscores (_), and periods (.), and must contain letters or digits.
       • Cross-site DR replication buckets can be bound to heterogeneous buckets only at one site.
       • You are advised not to bind different namespaces to the same heterogeneous bucket. Otherwise, data may overwrite each other.

19. Set audit log items. Enabling Audit Log Items allows the system to record audit logs of operations related to the WORM feature of the namespace by default. To record audit logs of other operations related to the namespace, select the corresponding audit log items.
    The audit log items include Create, Delete, Read, Write, Open, Close, Rename, List folders, Obtain properties, Set properties, Obtain security properties, Set security properties, Obtain extension properties, Set extension properties, and Concatenate files.

    

    • To ensure that the selected audit log items take effect, choose Settings > Data Security > Audit Log to enable the audit log function.
    • If too many audit logs are generated for the audit log items and the audit log collection speed is lower than the audit log writing speed, the temporary buffer space may be insufficient, which may cause service interruption. You are advised to properly configure the items to be audited. For example, configure only Create, Delete, and Write for the namespace.

20. Configure SmartIndexing. After SmartIndexing is enabled, the system creates indexes for the system metadata and custom metadata fields of files in the namespace. You can search for a list of files through metadata.
    

    This function can be set only when the data pilot service is enabled for the storage pool.

21. Set the small-directory performance mode. The small-directory performance mode uses the access nodes as owning nodes of metadata without directory fragmentation, reducing file access I/O forwarding and improving file access performance. To obtain better performance experience, you are advised to:
    • Use DNS domain names for mounting and ensure that the number of clients is greater than that of storage nodes to balance the mounting.
    • Balance the directory creation requests of each client. Do not create directories only on a few clients.
    • Balance the access requests of each directory. Do not bring continuous heavy access pressure to a single directory.
    • Apply the NFS, CIFS, or FTP protocol.
      

      If the preceding conditions are not met, node or directory hotspots may occur, causing performance deterioration. In this case, you are advised not to enable this mode.

22. Set the WORM attribute of a namespace. That is, data is written once and read multiple times. You can set a protection period for a file. During the protection period, the file can be read but cannot be modified or deleted. After the protection period expires, the file can be deleted.
    

    When creating a namespace, if you associate the namespace with a replication group and disable WORM, WORM cannot be enabled after the namespace is created.

    1. Enable WORM.
    2. Select a policy mode. Possible options are:
       

       After the policy mode is set to Compliance, it cannot be changed to Enterprise or None.

       • Enterprise: used by enterprises to implement internal control. The retention period and permissions of common users and privileged users are set to ensure secure data access security and prevent data tampering, protecting archived files and data of enterprises. During the retention period, common users cannot modify, rename, or delete files. Privileged users (system administrators) cannot modify or rename files, but can use their privileges to delete files. After the retention period expires, common users and system administrators cannot modify or rename files, but can read or delete files.

         Table 7 describes related parameters.

       • Compliance: applies to archiving scenarios where data protection mechanisms are implemented as required by laws and regulations. During the retention period, common users and system administrators cannot modify, delete, or rename files. After the retention period expires, common users and system administrators cannot modify or rename files, and common users can but system administrators cannot delete files.

         Table 7 describes related parameters.

         Table 7 Compliance and enterprise WORM policy mode parameters

         Parameter	Description
         Max. Retention Period	Maximum protection period supported by a specified namespace.
         Min. Retention Period	Minimum protection period supported by a specified namespace.
         Default Retention Period	Default protection period after a file enters the protection state.
         Auto Lock	After this function is enabled, if a file is not modified within the default waiting time, the file automatically enters the locked state.
         Legal Hold File Modification	Common users and privileged users cannot delete legal hold files within the retention period. After the function is enabled, the retention periods of the legal hold files can be modified.

       • None: indicates the None mode, which means that uploaded objects are not protected by default.

         After Legal Hold File Modification is enabled, the retention periods of the legal hold files can be modified.

23. Set a standard SmartCompression policy.
    

    • Standard SmartCompression policies configured on DeviceManager apply only to foreground services. Therefore, the Standard SmartCompression switch refers to the foreground standard SmartCompression switch, the Hot Pool Compression switch refers to the hot pool switch for foreground standard SmartCompression policies, and Compression Algorithm refers to foreground standard SmartCompression algorithms.
    • It is recommended that standard SmartCompression be used for warm and cold data. Enabling this function for production services may cause performance degradation. You are advised not to enable it when high performance is required.
    • Videos, audios, images, encrypted/compressed data, and PDF/XML data cannot be compressed.
    

    • Standard SmartCompression can be enabled only after a license supporting standard SmartCompression is imported.
    • Standard SmartCompression and data encryption are mutually exclusive and cannot be enabled at the same time.
    • When Service Type is set to Intelligent video and image or Media, standard SmartCompression is not supported.
    1. Enable Standard SmartCompression. After this function is enabled, the system compresses data written to the namespace based on the selected compression algorithm.
    2. When enabling standard SmartCompression, you need to set the parameters listed in Table 8.

       Table 8 Standard SmartCompression parameters

       Parameter	Description
       Hot Pool Compression	Whether to enable hot pool compression. If this function is enabled, data written to the cold, warm, and hot storage pools is compressed. If this function is disabled, only data written to the warm and cold storage pools is compressed.
       Compression Algorithm	Compression algorithms can be Capacity-oriented or Performance-oriented. Capacity-oriented: More capacity space is saved, but service performance may be affected. Performance-oriented: Performance-oriented algorithms provide a lower compression ratio than capacity-oriented algorithms, but have higher performance in an all-SSD storage pool.

24. Click OK.
25. Confirm your operation as prompted.