Associating a Namespace with a Replication Group

To associate a namespace to a replication group, you only need to associate the namespace to any cluster in the replication group. After the namespace is associated, the system will automatically create a namespace with the same name in each of the other clusters.

Prerequisites

If the object service uses IAM authentication, you cannot perform namespace association operations on DeviceManager. If necessary, create a replication bucket by referring to Object Service API Reference > Operations on Buckets" > Creating a Bucket in the Service Plane API Description for Object of the corresponding version.

Procedure

Choose Data Protection > Configuration > Cross-Site DR > Replication Group.
In the function pane, select a replication group from the list on the left and click Operation > Associate Namespace in the upper right corner.

The Create Namespace page is displayed.

Set basic information for the namespace.

Table 1 describes related parameters.

**Table 1** Namespace parameters
Parameter	Description
Account	Account to which the new namespace belongs.
Name	Name of the new namespace. NOTE: The naming rules of a namespace are as follows: The name must be unique. The name can only consist of letters, digits, underscores (_), hyphens (-), and periods (.), and must contain letters or digits. The name can contain 1 to 255 characters. To enable the object service for a namespace, the namespace name must meet the following rules. Otherwise, the bucket cannot be accessed in virtual hosting mode, and the domain name resolution will fail. In this case, the bucket can be accessed only in path mode. The name can contain only lowercase letters, digits, periods (.), and hyphens (-), and must start and end with a letter or digit. In addition, the name cannot contain the combination of a period and a hyphen (.- or -.), nor contain consecutive periods (..). The name can contain 3 to 63 characters. The name cannot be an IP address.
Storage Pool	Storage pool to which the new namespace belongs.
Redundancy Ratio	Redundancy ratio of the new namespace. It must be the same as that of the owning storage pool. NOTE: This parameter is available only for storage pools that use the EC redundancy policy.
Security Style	Security style to be selected based on service requirements. Possible options are: Mixed: applies to scenarios where users of CIFS clients (using the SMB protocol) and UNIX clients (using the NFS, HDFS, or DPC protocol) can access and control namespaces. In this style, CIFS permissions (NT ACLs) and UNIX permissions (UNIX mode bits, POSIX ACLs, or NFSv4 ACLs) cannot co-exist. Only the latest configured permissions on either CIFS or UNIX clients take effect. Native: applies to the same scenarios as the Mixed style. The difference between the Native style and the Mixed style is that CIFS permissions (NT ACLs) and UNIX permissions (UNIX mode bits, POSIX ACLs, or NFSv4 ACLs) can co-exist and will neither affect nor synchronize with each other in Native style. NTFS: applies to scenarios where Windows NT ACLs control users' permissions. UNIX: applies to scenarios where UNIX mode bits, POSIX ACLs, or NFSv4 ACLs control users' permissions. NOTE: In Mixed style (which supports NT ACLs), if you configure an NT ACL for a file or directory on a Windows client and switch Mixed to UNIX, the NT ACL in Mixed style will become invalid.

Set the recycle bin function for the namespace.

Select Enable or Disable to enable or disable the recycle bin function. After the recycle bin function is enabled, the system automatically generates the .recyclebininternal directory in the namespace or a dtree of the namespace when files are deleted from the namespace or dtree for the first time. Files are not deleted immediately. Instead, they are moved to the recycle bin and are deleted only after the retention period expires.

After the recycle bin function is enabled, temporary files generated by applications will also be moved to the recycle bin during file deletion.

Set recycle bin parameters. Table 2 describes related parameters.

**Table 2** Recycle bin parameters
Parameter	Description
Retention Period	Duration for retaining files in the recycle bin. If you select Fixed period, you need to set a specific retention period. [Value range] Minute: 1 to 4294967295. Hour: 1 to 71582788. Day: 1 to 2982616. NOTE: If you select Permanent, files will not be deleted after being moved to the recycle bin. You can go to the .recyclebininternal directory in the namespace to manually delete the files. The retention period takes effect for both the namespace and HDFS recycle bins.
Recycle Bin Directory Visibility	Whether the recycle bin directory is visible. If this parameter is set to Visible, the system displays the .recyclebininternal directory of the namespace and its dtrees.
Recycle Bin Operation Permission	Select a user who can operate files in the recycle bin. root: Only user root can operate files in the recycle bin. Common user: The system creates a directory for each user based on the user name and user ID. Users have the permission to operate files in their own directories. User root has the permission to operate all users' directories.

Set a directory quota for the namespace.

Table 3 describes related parameters.

**Table 3** Quota parameters
Parameter		Description
Space Quota	Hard Quota	Once the space used by files reaches the hard quota, the system will immediately forbid data writing and report an alarm. [Value range] 1 KB to 256 PB The value must be greater than those of Soft Quota and Advisory Quota. NOTE: After the space used by files reaches the hard quota, the system will forbid data writing. If you want the system to report an alarm before forbidding data writing, set a soft quota or an advisory quota.
	Soft Quota	If the space used by files reaches the soft quota, the system will report an alarm but still allow data writing. After the soft quota grace period elapses or the hard quota is reached, the system will immediately forbid data writing and report an alarm. [Value range] 1 KB to 256 PB The value must be greater than that of Advisory Quota and less than that of Hard Quota.
	Advisory Quota	Once the space used by files reaches the advisory quota, the system will report an alarm but still allow data writing. [Value range] 1 KB to 256 PB The value must be less than those of Soft Quota and Hard Quota.
File Quantity Quota	Hard Quota (K)	Once the file quantity reaches the hard quota, the system will immediately forbid file adding and report an alarm. However, operations on existing files are not affected. The unit of the hard quota has been set to K. [Value range] 1 to 100,000,000 The value must be greater than those of Soft Quota (K) and Advisory Quota (K). NOTE: After the file quantity reaches the hard quota, the system will forbid file adding. If you want the system to report an alarm before forbidding file adding, set a soft quota or an advisory quota.
	Soft Quota (K)	If the file quantity reaches the soft quota, the system will report an alarm but still allow file adding. After the soft quota grace period elapses or the hard quota is reached, the system will immediately forbid file adding and report an alarm. The unit of the soft quota has been set to K. [Value range] 1 to 100,000,000 The value must be greater than the file quantity advisory quota and less than the file quantity hard quota.
	Advisory Quota (K)	If the file quantity reaches the advisory quota, the system will report an alarm but still allow file adding. The unit of the advisory quota has been set to K. [Value range] 1 to 100,000,000 The value must be less than those of Soft Quota (K) and Hard Quota (K).
Grace Period	Soft Quota Grace Period (Days)	If the space used by files or the file quantity reaches the soft quota, the system will report an alarm but still allow data writing or file adding within the grace period. After the grace period elapses, the system will immediately forbid data writing or file adding and report an alarm. [Value range] 1 to 4,294,967,294. If this parameter is not specified, the grace period is unlimited. In this case, if the space used by files or the file quantity reaches the soft quota, the system will report an alarm but still allow data writing data or file adding. NOTE: This parameter can be set only when Soft Quota or Soft Quota (K) is set.

Configure an NFS share.
- The NFS share and CIFS share functions are disabled by default. You are advised not to configure NFS and CIFS shares in this operation but in follow-up operations.
- After the NFS share function is enabled, the maximum and minimum WORM retention periods cannot be set for the object service at the prefix level in the converged interworking scenario.
- This step can be performed only when the file service is enabled for the storage pool.
1. In Protocol, enable NFS. Then, click Configure in NFS Share.
  The Configure NFS Share page is displayed.
2. Configure access permissions for the NFS share.
  Click Add to add a client. For details, see Adding a Client.
  You can click More on the right of a client and select Modify to modify its information.
  
  You can select one or more clients and click Remove, or click More on the right of a client and select Remove, to remove clients.
Configure a CIFS share.
- The NFS share and CIFS share functions are disabled by default. You are advised not to configure NFS and CIFS shares in this operation but in follow-up operations.
- After the CIFS share function is enabled, the maximum and minimum WORM retention periods cannot be set for the object service at the prefix level in the converged interworking scenario.
- This step can be performed only when the file service is enabled for the storage pool.
1. In Protocol, enable CIFS. Then, click Configure in CIFS Share.
  The Configure CIFS Share page is displayed.
2. Set the name of the CIFS share.
  - The name must be unique.
  - The share name cannot contain characters " / \ [ ] : | < > + ; , ? * =, or be reserved name ipc$, autohome, ~, or print$.
  - The name contains 1 to 80 characters.
3. Configure access permissions for the CIFS share.
  Click Add to add a user or user group. For details, see Adding a User or User Group.
  Click More on the right of a user or user group and select Modify to modify the user or user group.
  
  Select one or more users or user groups and click Remove, or click More on the right of a user or user group and select Remove to remove added users or user groups.
Configure the HDFS service.
- This step can be performed only when the HDFS service is enabled for the storage pool.
- When Service Type is set to Intelligent video and image or Backup and archiving, the HDFS service is not supported.
1. In Protocol, enable HDFS.
2. Select the zone associated with the namespace.
  1. In Associate with Zone, click Select.
    The Associate with Zone (HDFS) page is displayed.
  2. Select the subnet to which the access zone to be associated with belongs.
  3. Select the access zone to be associated.
    If no subnet is configured, you can click Create to create one. For details, see Creating a Subnet.
    
    If a subnet has been configured, you can click Modify in Subnet to modify the subnet parameters. For details, see Modifying a Subnet.
    
    After creating a subnet, you can click Create to create an access zone. For details, see Creating an Access Zone.
  4. Click OK.
Configure the object service. The object service is enabled by default and cannot be disabled.
1. Configure bucket permissions for the namespace. Possible options are:
  - Private
    The owner of the bucket (the account that creates the bucket) has full control of the bucket. Other users cannot access the bucket without authorization.
  - Public Read
    Any user can read objects in the current bucket, and only the bucket owner (the account that creates the bucket) can write objects.
  - Public Read and Write
    Any user can read, write, and delete objects written by the bucket owner (the account that creates the bucket). Unauthorized users cannot read objects written by other accounts but can write or delete objects.
    
    For data security, Public Read or Public Read and Write is not recommended.
Click Advanced and set advanced information about the namespace.
1. Select whether to enable Automatic Update of Atime. Atime indicates the time when the namespace is accessed. After this function is enabled, the system updates the atime based on the value of Update Frequency.
  
  Enabling Automatic Update of Atime compromises system performance.
2. After enabling Automatic Update of Atime, you need to set the update frequency of atime. The value can be Hourly or Daily.

Select a case sensitivity mode based on Table 4.

If the file service is disabled, only Case-insensitive is supported.
The case sensitivity mode cannot be modified after the namespace creation is complete.

**Table 4** Case sensitivity recommendations
Protocol	Case Sensitivity	Function Restriction or Impact
NFS/DPC	Case-sensitive	None.
NFS/DPC	Case-insensitive	None.
CIFS	Case-sensitive (not recommended)	The storage system can only process file names carried in client requests in Case-sensitive mode. In addition, the storage system returns case-sensitive file names in its responses that need to carry file names to the client. If the client cannot correctly identify case-sensitive file names, the following circumstances may occur in some special scenarios: Run the ren <src> <dest> command in the cmd window. If a file with the same name as the <src> file exists (for example, in Case-insensitive mode, file_A and file_a in the same directory), the client may display a message indicating that a file with the same name exists or no file can be found. In Explorer, right-click the file file in a folder and choose Delete from the shortcut menu. If a file with the same name (for example, File) exists in the folder, the File file may be wrongly deleted and the file file still remains after the deletion due to the cache eviction policy of the client. In this case, if you access the file file, a message indicating that the file does not exist will be displayed. Then, refresh the page. The File file is restored and the file file disappears. Run the del <dest> command in the cmd window. If a file with the same name as the <dest> file exists (for example, file_A and file_a), the file deleted may not be the <dest> file you intended to delete. For example, the file deleted after you run the del file_A command may be the file_a file. CAUTION: If the preceding scenarios have no impact on services or the impact is acceptable, before enabling the CIFS protocol, you are advised to choose the Case-sensitive mode, enable the recycle bin function of the namespace, and set a proper retention period to reduce the probability of data loss caused by abnormal client behaviors.
CIFS	Case-insensitive (recommended)	None.
Object/HDFS	Case-sensitive (recommended)	None.
Object/HDFS	Case-insensitive (not recommended)	The listing operation of the HDFS or object protocol returns results in case-insensitive lexicographical order, which is different from that of the standard protocol.
CAUTION: If interworking between the CIFS protocol and the HDFS or object protocol is required, you need evaluate the service impact of the functions that are unavailable in this scenario in advance and select a case sensitivity mode with the minimum impact. If you cannot evaluate the impact on services, contact technical support engineers.

Enable QoS Policy. Select the QoS policy to be configured for the namespace from the QoS Policy drop-down list.

You can click Create to create a QoS policy.

Set the data security and protection functions of the namespace.

Table 5 describes related parameters.

**Table 5** Data security and protection parameters
Parameter	Description
Snapshot Directory Visibility	Whether the directory of namespace snapshots is visible. If this parameter is set to Visible, the system displays the .snapshot directory in the namespace.
Cross-Site DR	This function is enabled by default.
Replication Group	Name of the replication group to which the namespace is to be bound.
Data Encryption	Whether to enable the data encryption function. After this function is enabled, the system generates a key to encrypt the data written to the namespace. NOTE: Data encryption is supported only after an advanced license is imported. Data encryption for a namespace can be configured only when the namespace is created, and cannot be disabled once enabled. Before enabling data encryption for a namespace, enable data encryption for the account. After data encryption is enabled, the I/O performance of non-encrypted services will be affected. Confirm that this function needs to be enabled. When the object protocol is enabled for the namespace, data encryption and SSE-C server-side encryption cannot be used at the same time. Double encryption severely affects performance. If data encryption is enabled, the object protocol no longer supports SSE-C server-side encryption for individual objects.
Encryption Algorithm	After Data Encryption is enabled, you need to select an encryption algorithm. The value can be XTS-AES-128, XTS-AES-256, or XTS-SM4. NOTE: The encryption algorithm can be configured only during namespace creation and cannot be modified after that. XTS-SM4 can be selected only after a license supporting the SM algorithm is imported. XTS-SM4 is supported only in the Chinese mainland.
Synchronize	After this function is enabled, data encryption will be enabled for the corresponding namespaces in remote clusters in the replication group and the selected encryption algorithm will be used. Ensure that data encryption has been enabled for the corresponding accounts in the remote clusters. NOTE: This parameter is available only when both Cross-Site DR and Data Encryption are enabled. It can be configured only during namespace creation and cannot be disabled after being enabled. This parameter is not displayed when the object service uses IAM authentication.
Audit Log	Whether to enable the audit log function of the namespace. After this function is enabled, the system logs operations of the namespace. NOTE: This function can be set only when the data pilot service is enabled for the storage pool.
Record Type	After the audit log function is enabled, set the operation type to be recorded in audit logs. Possible options are Create, Delete, and Rename.

Configure SmartIndexing. After SmartIndexing is enabled, the system creates indexes for the system metadata and custom metadata fields of files in the namespace. You can search for a list of files through metadata.

This function can be set only when the data pilot service is enabled for the storage pool.

Set the WORM attribute of a namespace. That is, data is written once and read multiple times. You can set a protection period for a file. During the protection period, the file can be read but cannot be modified or deleted. After the protection period expires, the file can be deleted.

When creating a namespace, if you associate the namespace with a replication group and disable WORM, WORM cannot be enabled after the namespace is created.

Enable WORM.

Select a policy mode. Possible options are:

Enterprise: used by enterprises to implement internal control. The retention period and permissions of common users and privileged users are set to ensure secure data access security and prevent data tampering, protecting archived files and data of enterprises. Common users cannot modify, rename, or delete files within the retention period. Privileged users (system administrators) cannot modify or rename files within the retention period, but they can use the privilege to delete files. Common users and system administrators cannot modify or rename files whose retention period expires, but can read or delete the files.

Table 6 describes related parameters.

**Table 6** Parameters of the Enterprise policy mode
Parameter	Description
Max. Retention Period	Maximum protection period supported by a specified namespace.
Min. Retention Period	Minimum protection period supported by a specified namespace.
Default Retention Period	Default protection period after a file enters the protection state.
Auto Lock	After this function is enabled, if a file is not modified within the default waiting time, the file automatically enters the locked state.
Legal Hold File Modification	Common users and privileged users cannot delete legal hold files within the retention period. After the function is enabled, the retention periods of the legal hold files can be modified.

None: indicates the None mode, which means that uploaded objects are not protected by default.
After Legal Hold File Modification is enabled, the retention periods of the legal hold files can be modified.

Click OK.
Confirm your operation as prompted.