Creating a Namespace

Prerequisites

• Namespaces with the same name cannot be created under the same account, but can be created under different accounts. To create namespaces with the same name for different accounts, all nodes must be upgraded to 8.2.0 or later.
• To enable the function of allowing namespaces with the same name to be created for different accounts, run the change space ops cmd=sameFsName args=set,1 command. This function is disabled by default. For details, see the Command Reference of the corresponding version. Before performing this operation, check whether the configuration of related modules needs to be modified.
  

  After the function of allowing namespaces with the same name to be created is enabled, it cannot be disabled.

  The following is an example of enabling this function:

  admin:/>change space ops cmd=sameFsName args=set,1
  DANGER: You are about to modify the sameFsName switch.
  This operation will change the status of the sameFsName switch, which may affect services or data.
  When the sameFsName switch is turned on, namespaces with the same name can be created under different accounts, and the DPC mounting mode changes.
  If multiple namespaces with the same name exist, to mount the namespaces to the local directory of the DPC node, you need to specify an account name and run the following command:
      mount -t dpc [-o options] account_name:/fsname /localdirectory.
  Warning: The sameFsName switch cannot be disabled after being enabled.
  Suggestion: Before performing this operation, confirm whether related module configurations need to be modified.
  Have you read danger alert message carefully?(y/n)y
  Are you sure you really want to perform the operation?(y/n)y
    lsid : 0                                                               
    ret  : 0                                                               
    info : lsid: 327725, ret = 0, set global SameFsNameSwitch: 1, type: 140
           lsid: 327727, ret = 0, set global SameFsNameSwitch: 1, type: 140
           lsid: 327726, ret = 0, set global SameFsNameSwitch: 1, type: 140

Procedure

1. Choose Resources > Resources > Namespace.
2. Select a desired account from the Account drop-down list in the upper left corner.
3. Click Create.

   The Create Namespace page is displayed.

4. Set basic information for the namespace.

   Table 1 describes related parameters.

   Table 1 Namespace parameters

   Parameter	Description
   Name	Name of the new namespace. NOTE: The naming rules of a namespace are as follows: The name must be unique. The name can only consist of letters, digits, underscores (_), hyphens (-), and periods (.), and must contain letters or digits. The name can contain 1 to 255 characters. To enable the object service for a namespace, the namespace name must meet the following rules. Otherwise, the bucket cannot be accessed in virtual hosting mode, and the domain name resolution will fail. In this case, the bucket can be accessed only in path mode. The name can contain only lowercase letters, digits, periods (.), and hyphens (-), and must start and end with a letter or digit. In addition, the name cannot contain the combination of a period and a hyphen (.- or -.), nor contain consecutive periods (..). The name can contain 3 to 63 characters. The name cannot be an IP address.
   Storage Pool	Storage pool to which the new namespace belongs.
   Redundancy Ratio	Redundancy ratio of the new namespace. It must be the same as that of the owning storage pool. NOTE: This parameter is available only for storage pools that use the EC redundancy policy.
   Security Style	Security style to be selected based on service requirements. Possible options are: Mixed: applies to scenarios where users of CIFS clients (using the SMB protocol) and UNIX clients (using the NFS, HDFS, or DPC protocol) can access and control namespaces. In this style, CIFS permissions (NT ACLs) and UNIX permissions (UNIX mode bits, POSIX ACLs, or NFSv4 ACLs) cannot co-exist. Only the latest configured permissions on either CIFS or UNIX clients take effect. Native: applies to the same scenarios as the Mixed style. The difference between the Native style and the Mixed style is that CIFS permissions (NT ACLs) and UNIX permissions (UNIX mode bits, POSIX ACLs, or NFSv4 ACLs) can co-exist and will neither affect nor synchronize with each other in Native style. NTFS: applies to scenarios where Windows NT ACLs control users' permissions. UNIX: applies to scenarios where UNIX mode bits, POSIX ACLs, or NFSv4 ACLs control users' permissions. NOTE: In Mixed style (which supports NT ACLs), if you configure an NT ACL for a file or directory on a Windows client and switch Mixed to UNIX, the NT ACL in Mixed style will become invalid. In the HDFS service scenario, if you need to enable SmartTakeover for a namespace, set the security style of the namespace to UNIX.
   Application Type	Preset application type provided for typical applications. The value can be GENERAL or PACS. NOTE: The picture archiving and communication system (PACS) is applicable to medical imaging scenarios in hospital imaging departments. For details about the PACS, see the Product Description of the corresponding version. GENERAL is the default value and applies to scenarios except those of PACS. For a namespace with the PACS application type, the semantic-layer distribution algorithm is Simplified mode. In this mode, the number of directory fragments is 1. For a namespace with the GENERAL application type, the semantic-layer distribution algorithm is Balanced mode. In this mode, the number of directory fragments is 8. Directory fragmentation is used to divide a directory metadata object into multiple logical metadata objects. The number of directory fragments refers to the number of copies of metadata objects divided from a single directory. Before a directory is fragmented, subfile data and metadata objects in the directory can belong to only one storage node, leading to concentrated pressure on this node. After the directory is fragmented, subfile data and metadata objects in the directory can evenly belong to multiple storage nodes, improving the namespace concurrency capability. Dividing a directory into multiple fragments is suitable for large directories or directories that contain multiple large files. You can also run the create namespace general command on the CLI to create a namespace with other directory fragments. For details, see the Command Reference of the corresponding version.

5. Set the recycle bin function for the namespace.
   1. Select Enable or Disable to enable or disable the recycle bin function. After the recycle bin function is enabled, the system automatically generates the .recyclebininternal directory in the namespace or a dtree of the namespace when files are deleted from the namespace or dtree for the first time. Files are not deleted immediately. Instead, they are moved to the recycle bin and are deleted only after the retention period expires.
      

      After the recycle bin function is enabled, temporary files generated by applications will also be moved to the recycle bin during file deletion.

   2. Set recycle bin parameters. Table 2 describes related parameters.

      Table 2 Recycle bin parameters

      Parameter	Description
      Retention Period	Duration for retaining files in the recycle bin. If you select Fixed period, you need to set a specific retention period. [Value range] Minute: 1 to 4294967295. Hour: 1 to 71582788. Day: 1 to 2982616. NOTE: If you select Permanent, files will not be deleted after being moved to the recycle bin. You can go to the .recyclebininternal directory in the namespace to manually delete the files. The retention period takes effect for both the namespace and HDFS recycle bins.
      Recycle Bin Directory Visibility	Whether the recycle bin directory is visible. If this parameter is set to Visible, the system displays the .recyclebininternal directory of the namespace and its dtrees.
      Recycle Bin Operation Permission	Select a user who can operate files in the recycle bin. root: Only user root can operate files in the recycle bin. Common user: The system creates a directory for each user based on the user name and user ID. Users have the permission to operate files in their own directories. User root has the permission to operate all users' directories.

6. Set a directory quota for the namespace.
   Table 3 describes related parameters.

   Table 3 Quota parameters

   Parameter		Description
   Space Quota	Hard Quota	Once the space used by files reaches the hard quota, the system will immediately forbid data writing and report an alarm. [Value range] 1 KB to 256 PB The value must be greater than those of Soft Quota and Advisory Quota. NOTE: After the space used by files reaches the hard quota, the system will forbid data writing. If you want the system to report an alarm before forbidding data writing, set a soft quota or an advisory quota.
   	Soft Quota	If the space used by files reaches the soft quota, the system will report an alarm but still allow data writing. After the soft quota grace period elapses or the hard quota is reached, the system will immediately forbid data writing and report an alarm. [Value range] 1 KB to 256 PB The value must be greater than that of Advisory Quota and less than that of Hard Quota.
   	Advisory Quota	Once the space used by files reaches the advisory quota, the system will report an alarm but still allow data writing. [Value range] 1 KB to 256 PB The value must be less than those of Soft Quota and Hard Quota.
   File Quantity Quota	Hard Quota (K)	Once the file quantity reaches the hard quota, the system will immediately forbid file adding and report an alarm. However, operations on existing files are not affected. The unit of the hard quota has been set to K. [Value range] 1 to 100,000,000 The value must be greater than those of Soft Quota (K) and Advisory Quota (K). NOTE: After the file quantity reaches the hard quota, the system will forbid file adding. If you want the system to report an alarm before forbidding file adding, set a soft quota or an advisory quota.
   	Soft Quota (K)	If the file quantity reaches the soft quota, the system will report an alarm but still allow file adding. After the soft quota grace period elapses or the hard quota is reached, the system will immediately forbid file adding and report an alarm. The unit of the soft quota has been set to K. [Value range] 1 to 100,000,000 The value must be greater than the file quantity advisory quota and less than the file quantity hard quota.
   	Advisory Quota (K)	If the file quantity reaches the advisory quota, the system will report an alarm but still allow file adding. The unit of the advisory quota has been set to K. [Value range] 1 to 100,000,000 The value must be less than those of Soft Quota (K) and Hard Quota (K).
   Grace Period	Soft Quota Grace Period (Days)	If the space used by files or the file quantity reaches the soft quota, the system will report an alarm but still allow data writing or file adding within the grace period. After the grace period elapses, the system will immediately forbid data writing or file adding and report an alarm. [Value range] 1 to 4,294,967,294. If this parameter is not specified, the grace period is unlimited. In this case, if the space used by files or the file quantity reaches the soft quota, the system will report an alarm but still allow data writing data or file adding. NOTE: This parameter can be set only when Soft Quota or Soft Quota (K) is set.

7. Determine whether to enable the DPC function of the namespace. After this function is enabled, the namespace can be mounted to a DPC node.
   

   • After the DPC function is enabled, the maximum and minimum WORM retention periods cannot be set for the object service at the prefix level in the converged interworking scenario.
   • DPC cannot be enabled when a namespace is created and associated with a replication group.
   • When Service Type is set to Intelligent video and image, Backup and archiving, or Media, DPC cannot be enabled.

8. Configure an NFS share.
   

   • The NFS share function is disabled by default. It is recommended that an NFS share be configured not in this operation but in follow-up operations.
   • After the NFS share function is enabled, the maximum and minimum WORM retention periods cannot be set for the object service at the prefix level in the converged interworking scenario.
   • This step can be performed only when the file service is enabled for the storage pool.
   1. Enable NFS and click Configure.

      The Configure NFS Share page is displayed.

   2. Configure access permissions for the NFS share.
      Click Add to add a client. For details, see Adding a Client.

      

      • You can click More on the right of a client and select Modify to modify its information.
      • You can select one or more clients and click Remove, or click More on the right of a client and select Remove, to remove clients.
   3. Click OK.

9. Configure a CIFS share.
   

   • The CIFS share function is disabled by default. It is recommended that a CIFS share be configured not in this operation but in follow-up operations.
   • After the CIFS share function is enabled, the maximum and minimum WORM retention periods cannot be set for the object service at the prefix level in the converged interworking scenario.
   • This step can be performed only when the file service is enabled for the storage pool.
   1. Enable CIFS and click Configure.

      The Configure CIFS Share page is displayed.

   2. Set the name of the CIFS share.
      

      • The name must be unique.
      • The share name cannot contain special characters "/\[]:|<>+;,?*=#, start or end with a space, or be reserved name ipc$, autohome, ~, or print$.
      • The name contains 1 to 80 characters.
   3. Click Advanced and set advanced properties of the CIFS share. Table 4 describes related parameters.

      Table 4 Advanced parameters of the CIFS share

      Parameter	Description
      Description	Description of the CIFS share. NOTE: The description can be left blank or contain up to 255 characters.
      Create Default ACL	Determine whether to add a default ACL. This function creates a default ACL (full control rights to everyone; applied to the current directory, its subdirectories, and files in them) for a shared CIFS root directory if the directory has no ACL. You can change the default ACL in follow-up operations. To retain the UNIX mode bits, disable this function.
      Notify	After this function is enabled, a client's modification operations on a directory, such as adding a directory, adding a file, modifying the directory, and modifying a file, can be detected by other clients that are accessing this directory or the parent directory of this directory. Results of the modification operations are displayed after the page is automatically refreshed.
      Continuously Available	This option is used to enable or disable the SMB Failover feature. Continuously Available takes effect only after oplock is enabled. If oplock of the CIFS service is disabled, go to the CIFS Service tab page and enable it. NOTE: The SMB Failover feature takes effect only after you enable the oplock configuration item and run command change service cifs smb_global_ca_enable= yes on the CLI to enable the SMB service continuity function for tenants.
      SMB3 Encryption	Determine whether to enable SMB3 encryption. After this function is enabled, the system encrypts the share to ensure data security, but performance deteriorates. NOTICE: Enabling this function affects SMB3 service performance. Check whether this function needs to be enabled. After SMB3 encryption is enabled, only SMB3 clients can access shares by default.
      Unencrypted Client Access	After this function is enabled, clients that do not have encryption capabilities can access the share. NOTICE: After this function is enabled, clients of earlier versions (for example, Windows 7) are allowed to access shares where SMB3 encryption is enabled in plaintext. Check whether this function needs to be enabled. This function takes effect only after the SMB3 encryption function is enabled.
      Oplock	Opportunistic locking (oplock) is a mechanism used to improve client access efficiency and locally buffer files before they are sent to shared storage. This function is not recommended in the following scenarios: Scenarios that have high requirements for data integrity. If oplock is enabled in such scenarios, the local cache of the client may be lost due to network interruption or client faults. If the upper-layer service software does not have a mechanism to ensure data integrity, recovery, or retry, data loss may occur. Scenarios where multiple clients access the same file. If oplock is enabled in such scenarios, system performance will be adversely affected. NOTE: Oplock for a share takes effect only when both oplock for the account and oplock for the share are enabled.
      Lease	Lease allows a client to lock a file using a lease key, and the file locking can be canceled by the server. NOTE: Only clients of SMB 2.1 and later versions support lease. Run the change service cifs enable_leasev2=yes command to enable lease. Lease for a share takes effect only when both lease for the account and lease for the share are enabled.
      ABE	Access-based enumeration. Enabling this function hides files and folders that users do not have permissions to access. NOTE: SMB2 and SMB3 support the ABE function, but SMB1 does not.
      Show Previous Version	After the function of displaying previous versions is enabled, a client can display previous versions and supports version rollback.

   4. Configure access permissions for the CIFS share.
      Click Add to add a user or user group. For details, see Adding a User or User Group.

      

      • Click More on the right of a user or user group and select Modify to modify the user or user group.
      • Select one or more users or user groups and click Remove, or click More on the right of a user or user group and select Remove to remove added users or user groups.
   5. Click OK.

10. Configure an FTP share.
    

    • The FTP share function is disabled by default. It is recommended that an FTP share be configured not in this operation but in follow-up operations.
    • This operation is available only when the file, object, or HDFS service is enabled for the storage pool.
    • Before configuring an FTP share, enable the FTP service and set the FTP share authentication type. For details, see Managing FTP Shares and Setting an Authentication Type.
    1. Enable FTP and click Configure.

       The Configure FTP Share page is displayed.

    2. Set the name of the FTP share.
       

       • The name must be unique.
       • The share name cannot contain characters "/\[]:|<>+;,?*=#, start or end with a space, or be reserved name ipc$, autohome, ~, or print$.
       • The name contains 1 to 80 characters.
    3. Configure access permissions for the FTP share.
       Click Add to add a user. For details, see Adding a User.

       

       • Click More on the right of a user and select Modify to modify the user's permissions.
       • Select a user and click Remove, or click More on the right of the user and select Remove to remove the user.
    4. Click OK.

11. Configure the HDFS service.
    

    • This step can be performed only when the HDFS service is enabled for the storage pool.
    • When Service Type is set to Intelligent video and image or Backup and archiving, the HDFS service is not supported.
    1. In Protocol, enable HDFS.
    2. Select the zone associated with the namespace.
       1. In Associate with Zone, click Select.

          The Associate with Zone (HDFS) page is displayed on the right.

       2. Select the subnet to which the access zone to be associated with belongs.
       3. Select the access zone to be associated.
          

          • If no subnet is configured, you can click Create to create one. For details, see Creating a Subnet.
          • If a subnet has been configured, you can click Modify in Subnet to modify the subnet parameters. For details, see Modifying a Subnet.
          • After creating a subnet, you can click Create to create an access zone. For details, see Creating an Access Zone.
       4. Click OK.

12. Configure the object service.
    

    • The object protocol can be enabled only when the object service is enabled for the storage pool and POE authentication is used. If IAM authentication is used, the object protocol cannot be enabled.
    • The object service is supported only when Service Type is set to Intelligent video and image and a license that supports SmartInterworking is imported.
    • If different accounts have namespaces with the same name, the object protocol can be enabled for only one namespace in the same cluster.
    1. In Protocol, enable Object.
    2. Configure bucket permissions for the namespace. Possible options are:
       • Private

         The owner of the bucket (the account that creates the bucket) has full control of the bucket. Other users cannot access the bucket without authorization.

       • Public Read

         Any user can read objects in the current bucket, and only the bucket owner (the account that creates the bucket) can write objects.

       • Public Read and Write

         Any user can read, write, and delete objects written by the bucket owner (the account that creates the bucket). Unauthorized users cannot read objects written by other accounts but can write or delete objects.

         

         For data security, Public Read or Public Read and Write is not recommended.

13. Click Advanced and set advanced information about the namespace.
    1. Select whether to enable Automatic Update of Atime. Atime indicates the time when the namespace is accessed. After this function is enabled, the system updates the atime based on the value of Update Frequency.
       

       Enabling Automatic Update of Atime compromises system performance.

    2. After enabling Automatic Update of Atime, you need to set the update frequency of atime. The value can be Hourly or Daily.

14. Select a case sensitivity mode based on Table 5.
    

    • If the file service is disabled, only Case-insensitive is supported.
    • The case sensitivity mode cannot be modified after the namespace creation is complete.

    Table 5 Case sensitivity recommendations

    Protocol	Case Sensitivity	Function Restriction or Impact
    NFS/FTP/DPC	Case-sensitive	None.
    	Case-insensitive	None.
    CIFS	Case-sensitive (not recommended)	The storage system can only process file names carried in client requests in Case-sensitive mode. In addition, the storage system returns case-sensitive file names in its responses that need to carry file names to the client. If the client cannot correctly identify case-sensitive file names, the following circumstances may occur in some special scenarios: In the cmd window, when you run the ren src dest command to rename a file (src indicates the original file name, and dest indicates the new file name), if a file with the same name as the src file exists (for example, in Case-insensitive mode, file_A and file_a in the same directory), the client may display a message indicating that a file with the same name exists or no file can be found. In the file explorer window, when you right-click the file file in a folder and choose Delete from the shortcut menu, if a file with the same name (for example, File) exists in the folder, the File file may be wrongly deleted and the file file remains undeleted after the deletion operation due to the cache eviction policy of the client. In this case, if you access the file file, a message indicating that the file does not exist will be displayed. Then, refresh the page. The File file is restored and the file file disappears. In the cmd window, when you run the del dest command to delete a file (dest indicates the name of the file to be deleted), if a file with the same name as the dest file exists (for example, file_A and file_a), the deleted file may not be the dest file as expected. For example, the file deleted after you run the del file_A command may be the file_a file. NOTICE: If the preceding scenarios have no impact on services or the impact is acceptable, before enabling the CIFS protocol, you are advised to choose the Case-sensitive mode, enable the recycle bin function of the namespace, and set a proper retention period to reduce the probability of data loss caused by abnormal client behaviors.
    	Case-insensitive (recommended)	None.
    Object/HDFS	Case-sensitive (recommended)	None.
    	Case-insensitive (not recommended)	The listing operation of the HDFS or object protocol returns results in case-insensitive lexicographical order, which is different from that of the standard protocol.
    NOTICE: If interworking between the CIFS protocol and the HDFS or object protocol is required, you need evaluate the service impact of the functions that are unavailable in this scenario in advance and select a case sensitivity mode with the minimum impact. If you cannot evaluate the impact on services, contact technical support engineers.

15. Set the display mode of the space occupied by directories or files when the ls -l command is executed. For details, see Table 6.

    Table 6 Directory and file space display

    Directory Space Display	Current Directory	File in Current Directory	Subdirectory in Current Directory	Subdirectory File
    Space occupied by a directory	√	×	×	×
    Space occupied by all files in the current directory	×	√	×	×
    Space occupied by all files in the current directory and its subdirectories	×	√	×	√
    √: The space size is displayed. ×: The space size is not displayed.

16. Enable QoS Policy. Select the QoS policy to be configured for the namespace from the QoS Policy drop-down list.
    

    You can click Create to create a QoS policy.

17. Set the data security and protection functions of the namespace.

    Table 7 describes related parameters.

    Table 7 Data security and protection parameters

    Parameter	Description
    Snapshot Directory Visibility	Whether the directory of namespace snapshots is visible. If this parameter is set to Visible, the system displays the .snapshot directory in the namespace.
    Cross-Site DR	Whether to enable the cross-site DR function. After this function is enabled, data in a bucket is replicated based on the primary/standby relationship in a replication group. NOTE: Replication can be enabled only during namespace creation and cannot be disabled after being enabled. Before enabling cross-site DR, enable the object protocol. This parameter is not displayed when the object service uses IAM authentication. When Service Type is set to General, cross-site DR can be configured only after an advanced license is imported. When Service Type is set to Intelligent video and image, cross-site DR is not supported. Cross-site DR cannot be configured for namespaces for which the remote replication feature has been configured. Cross-site DR cannot be configured for namespaces for which a compression policy has been configured. Cross-site DR cannot be configured for namespaces for which the DPC function has been enabled.
    Replication Group	Select the replication group to be bound to a namespace. The replication group cannot be changed after being bound. NOTE: Replication groups can be selected only after cross-site DR is enabled. If the required replication group does not exist, create one by following instructions provided in Creating a Replication Group. This parameter is not displayed when the object service uses IAM authentication. If you need to bind a replication group, create a replication bucket by referring to Object Service API Reference > Operations on Buckets" > Creating a Bucket in the Service Plane API Description for Object of the corresponding version.
    Data Encryption	Whether to enable the data encryption function. After this function is enabled, the system generates a key to encrypt the data written to the namespace. NOTE: Data encryption is supported only after an advanced license is imported. Data encryption for a namespace can be configured only when the namespace is created, and cannot be disabled once enabled. Before enabling data encryption for a namespace, enable data encryption for the account. After data encryption is enabled, the I/O performance of non-encrypted services will be affected. Confirm that this function needs to be enabled. When the object protocol is enabled for the namespace, data encryption and SSE-C server-side encryption cannot be used at the same time. Double encryption severely affects performance. If data encryption is enabled, the object protocol no longer supports SSE-C server-side encryption for individual objects. Standard SmartCompression and data encryption are mutually exclusive and cannot be enabled at the same time.
    Encryption Algorithm	After Data Encryption is enabled, you need to select an encryption algorithm. The value can be XTS-AES-128, XTS-AES-256, or XTS-SM4. NOTE: The encryption algorithm can be configured only during namespace creation and cannot be modified after that. XTS-SM4 can be selected only after a license supporting the SM algorithm is imported. XTS-SM4 is supported only in the Chinese mainland.
    Synchronize	After this function is enabled, data encryption will be enabled for the corresponding namespaces in remote clusters in the replication group and the selected encryption algorithm will be used. Ensure that data encryption has been enabled for the corresponding accounts in the remote clusters. NOTE: This parameter is available only when both Cross-Site DR and Data Encryption are enabled. It can be configured only during namespace creation and cannot be disabled after being enabled. This parameter is not displayed when the object service uses IAM authentication.

18. Set Tiered Storage. Determine whether to enable the Tiered Storage function. After enabling this function:
    1. In the Heterogeneous Device area, select a heterogeneous device that has been added to the storage system. If no heterogeneous device is available, add one by following the instructions provided in Adding a Heterogeneous Device.
    2. In the AK Alias area, select the alias of the AK account of the heterogeneous device.
    3. In the Target Bucket Name area, enter the name of the bucket on the heterogeneous device.
    4. Determine whether to enable the Retrieve Entire File Upon Direct Read function. When a client initiates a request to read data from a file that has been migrated to a heterogeneous device using SmartTier, the storage system will read the file data from the heterogeneous device by default. After this function is enabled, the storage system will automatically retrieve the entire file during data read from the heterogeneous device and retain the file locally (for one day by default) to improve the performance of continuous reads in a short period of time. However, this will occupy service bandwidth. Therefore, you are advised to enable this function when you have sound network conditions and need to read one file multiple times.
       

       • Ensure that the target bucket is in the account used by the heterogeneous device to provide services.
       • The target bucket name contains 1 to 255 characters.
       • The target bucket name can contain only letters, digits, hyphens (-), underscores (_), and periods (.), and must contain letters or digits.
       • Cross-site DR replication buckets can be bound to heterogeneous buckets only at one site.
       • You are advised not to bind different namespaces to the same heterogeneous bucket. Otherwise, data may overwrite each other.

19. Set audit log items. Enabling Audit Log Items allows the system to record audit logs of operations related to the WORM feature of the namespace by default. To record audit logs of other operations related to the namespace, select the corresponding audit log items.
    The audit log items include Create, Delete, Read, Write, Open, Close, Rename, List folders, Obtain properties, Set properties, Obtain security properties, Set security properties, Obtain extension properties, Set extension properties, and Concatenate files.

    

    • To ensure that the selected audit log items take effect, choose Settings > Data Security > Audit Log to enable the audit log function.
    • If too many audit logs are generated for the audit log items and the audit log collection speed is lower than the audit log writing speed, the temporary buffer space may be insufficient, which may cause service interruption. You are advised to properly configure the items to be audited. For example, configure only Create, Delete, and Write for the namespace.

20. Configure SmartIndexing. After SmartIndexing is enabled, the system creates indexes for the system metadata and custom metadata fields of files in the namespace. You can search for a list of files through metadata.
    

    This function can be set only when the data pilot service is enabled for the storage pool.

21. Set the small-directory performance mode. The small-directory performance mode uses the access nodes as owning nodes of metadata without directory fragmentation, reducing file access I/O forwarding and improving file access performance. To obtain better performance experience, you are advised to:
    • Use DNS domain names for mounting and ensure that the number of clients is greater than that of storage nodes to balance the mounting.
    • Balance the directory creation requests of each client. Do not create directories only on a few clients.
    • Balance the access requests of each directory. Do not bring continuous heavy access pressure to a single directory.
    • Apply the NFS, CIFS, or FTP protocol.
      

      If the preceding conditions are not met, node or directory hotspots may occur, causing performance deterioration. In this case, you are advised not to enable this mode.

22. Set the WORM attribute of the namespace. That is, data is written once and read multiple times. You can set a protection period for a file. During the protection period, the file can be read but cannot be modified or deleted. After the protection period expires, the file can be deleted.
    

    When creating a namespace, if you associate the namespace with a replication group and disable WORM, WORM cannot be enabled after the namespace is created.

    Determine whether to enable WORM. After enabling this function, select a policy mode. Possible options are:

    

    After the policy mode is set to Compliance, it cannot be changed to Enterprise or None.

    • Enterprise: used by enterprises to implement internal control. The retention period and permissions of common users and privileged users are set to ensure secure data access security and prevent data tampering, protecting archived files and data of enterprises. During the retention period, common users cannot modify, rename, or delete files. Privileged users (system administrators) cannot modify or rename files, but can use their privileges to delete files. After the retention period expires, common users and system administrators cannot modify or rename files, but can read or delete files.

      Table 8 describes related parameters.

    • Compliance: applies to archiving scenarios where data protection mechanisms are implemented as required by laws and regulations. During the retention period, common users and system administrators cannot modify, delete, or rename files. After the retention period expires, common users and system administrators cannot modify or rename files, and common users can but system administrators cannot delete files.

      Table 8 describes related parameters.

      Table 8 Compliance and enterprise WORM policy mode parameters

      Parameter	Description
      Max. Retention Period	Maximum protection period supported by a specified namespace.
      Min. Retention Period	Minimum protection period supported by a specified namespace.
      Default Retention Period	Default protection period after a file enters the protection state.
      Auto Lock	After this function is enabled, if a file is not modified within the default waiting time, the file automatically enters the locked state.
      Legal Hold File Modification	Common users and privileged users cannot delete legal hold files within the retention period. After the function is enabled, the retention periods of the legal hold files can be modified.

    • None: indicates the None mode, which means that uploaded objects are not protected by default.

      After Legal Hold File Modification is enabled, the retention periods of the legal hold files can be modified.

23. Set a standard SmartCompression policy.
    

    • Standard SmartCompression policies configured on DeviceManager apply only to foreground services. Therefore, the Standard SmartCompression switch refers to the foreground standard SmartCompression switch, the Hot Pool Compression switch refers to the hot pool switch for foreground standard SmartCompression policies, and Compression Algorithm refers to foreground standard SmartCompression algorithms.
    • It is recommended that standard SmartCompression be used for warm and cold data. Enabling this function for production services may cause performance degradation. You are advised not to enable it when high performance is required.
    • Videos, audios, images, encrypted/compressed data, and PDF/XML data cannot be compressed.
    • Standard SmartCompression can be enabled only after a license supporting standard SmartCompression is imported.
    • Standard SmartCompression and data encryption are mutually exclusive and cannot be enabled at the same time.
    • When Service Type is set to Intelligent video and image or Media, standard SmartCompression is not supported.
    1. Enable Standard SmartCompression. After this function is enabled, the system compresses data written to the namespace based on the selected compression algorithm.
    2. When enabling standard SmartCompression, you need to set the parameters listed in Table 9.

       Table 9 Standard SmartCompression parameters

       Parameter	Description
       Hot Pool Compression	Whether to enable hot pool compression. If this function is enabled, data written to the cold, warm, and hot storage pools is compressed. If this function is disabled, only data written to the warm and cold storage pools is compressed.
       Compression Algorithm	Compression algorithms can be Capacity-oriented or Performance-oriented. Capacity-oriented: More capacity space is saved, but service performance may be affected. Performance-oriented: Performance-oriented algorithms provide a lower compression ratio than capacity-oriented algorithms, but have higher performance in an all-SSD storage pool.

24. Click OK.
25. Confirm your operation as prompted.