On Compute Cloud@Customer, the File Storage service provides a durable,
scalable, secure network file system. You can connect to a File Storage service file system from
any Compute Cloud@Customer compute instance in your Virtual Cloud Network (VCN).
File Storage Overview
The File Storage service supports these protocols:
Network File System version 4.1 (NFSv4.1)
Network File System version 4.0 (NFSv4)
Network File System version 3.0 (NFSv3)
Server Message Block (SMBv2 - SMBv3.1) – Requires Active Directory
File Storage Connectivity
You can connect to a File Storage service file system from any instance in your Virtual
Cloud Network (VCN).
Suitable Workloads
The File Storage service is designed to meet the needs of applications and users that need
an enterprise file system across a wide range of use cases, including the following:
General Purpose File Storage: Access to a pool of file
systems to manage growth of structured and unstructured data.
Big Data and Analytics: Run analytic workloads and use shared
file systems to store persistent data.
Lift and Shift of Enterprise Applications: Migrate existing
applications that need NFS storage, such as Oracle Cloud Infrastructure E-Business Suite and
PeopleSoft.
Databases and Transactional Applications: Run test and
development workloads with Oracle Cloud Infrastructure,
MySQL, or other databases.
Backups, Business Continuity, and Disaster Recovery: Host a
secondary copy of relevant file systems from on premises to the cloud for backup and
disaster recovery purposes.
Portable OS Interface (POSIX)-compliant file system
MicroServices and Docker: Deliver stateful persistence for
containers. Easily scale as your container-based environments grow.
Data Protection with Snapshots
The File Storage service supports snapshots for data protection of your file system.
Snapshots are a consistent, point-in-time view of your file systems. Snapshots are
copy-on-write, and scoped to the entire file system. The File Storage service encrypts all
file system and snapshot data at rest. You can take as many snapshots as you need.
For data protection, you can use a tool that supports NFS to copy your data to a different
file system, object storage, or remote location.
For best performance, use the parallel tar (partar) and parallel copy
(parcp) tools provided in the File Storage Parallel File Toolkit for this
purpose. These tools work best with parallel workloads and requests. The Parallel File
Toolkit is available for Oracle Linux, Red Hat Enterprise Linux,
and CentOS. You can use rsync or regular tar for other OS
types. See Installing the Parallel File Tools for more information.
File Storage Objects 🔗
Mount Target
A mount target is an NFS endpoint in a subnet of your choice. The mount target provides the
IP address that's used in the mount command when connecting NFS clients to a file system.
File systems are exported (made available) through mount targets.
For an instance to mount a file system, the instance's Virtual Cloud Network (VCN) must
have a mount target. A VCN can only have one mount target.
You can reuse the same mount target to make many file systems available. To reuse the same
mount target for multiple file systems, create an export in the mount target for each file
system.
Export
Exports control how NFS clients access file systems when they connect to a mount target.
File systems are exported (made available) through mount targets. Each mount target
maintains an export set which contains one or many exports. A file system must have at least
one export in one mount target for compute instances to mount the file system.
Export Set
An export set is a collection of one or more exports that control what file systems the
mount target exports and how those file systems are found using the NFS mount protocol. Each
mount target has an export set. Each file system associated with the mount target has at
least one export in the export set.
Export Path
The export path uniquely identifies the file system within the mount target. The export
path is used by a compute instance to mount (logically attach to) the file system. For more
information, see File Storage Paths.
Export Options
NFS export options are a set of parameters within the export that specify the level of
access granted to NFS clients when they connect to a mount target. An NFS export options
entry within an export defines access for a single IP address or CIDR block range.
File System
In Compute Cloud@Customer, file system refers to a file system that's accessed
by one or more clients over the network. File systems are associated with a single
compartment. File systems must have at least one export in one mount target for any client
to mount and use the file system. Data is added to a file system from the client that has
mounted (has access to) the file system.
Data is added to a file system from the client that has mounted (has access to) the file
system. A file system can have a quota of up to 8 petabytes.
The total number of file systems is limited to 100 per tenancy.
Virtual Cloud Network (VCN)
A private network that you set up in Compute Cloud@Customer, with firewall
rules and specific types of communication gateways that you can choose to use. A VCN covers
a single, contiguous IPv4 CIDR block of your choice.
Subnet
Subnets are subdivisions you define in a VCN (for example, 10.0.0.0/24 and 10.0.1.0/24).
Subnets contain virtual network interface cards (VNICs), which attach to compute instances.
A subnet consists of a contiguous range of IP addresses that don't overlap with other
subnets in the VCN.
Security Rules
Security rules are virtual firewall rules for your VCN. Your VCN comes with a default
security list, and you can add more. These security lists provide ingress and egress rules
that specify the types of traffic allowed in and out of the compute instances. You can
choose whether a particular rule is stateful or stateless. Security list rules must be set
up so that clients can connect to file system mount targets.
Another method for applying security rules is to set them up in a network security group
(NSG), and then add the mount target to the NSG. Unlike security list rules that apply to
all VNICs in the subnet, NSGs apply only to resource VNICs you add to the NSG.
Snapshots
Snapshots provide a consistent, point-in-time view of your file system, and you can take as
many snapshots as you need. Each snapshot reflects only data that changed from the previous
snapshot.
File Storage Paths 🔗
The File Storage service uses these kinds of paths:
Export Paths are part of the information contained in an
export that makes a file system available through a mount target.
The export path is automatically generated when you create an export, and it uniquely
identifies the file system within the mount target.
Note – When you create an export from the CLI, you must specify a --path<path> argument. The path you specify is recorded but not used for mounting file systems. Compute Cloud@Customer auto-generates a path that's used to mount the file system.
Export path syntax:
/export/<file-system-OCID-unique-string>
where:
/export/ – Is the beginning of the export path.
<file-system-OCID-unique-string> – Is the unique character string portion of the file system's OCID.
The export path is used by a file system client to mount (logically attach to) the file
system. This path is unrelated to any path within the file system or the client
instance. It exists solely as a way to distinguish one file system from another within a
single mount target.
Example of an export path in a client's mount command:
sudo mount -t nfs \
-o nfsvers=4.0 192.0.2.0:/export/d0v812zdp48onybubehhx1c67i4p3mjfth5avt3z2rkn50uqpbce3fhsa8nm /mnt/fs
In this mount command example, 192.0.2.0 is the mount target IP
address./export/d0v812zdp48onybubehhx1c67i4p3mjfth5avt3z2rkn50uqpbce3fhsa8nm
is the unique export path that was specified when the file system was associated with a
mount target during creation.
Export paths can't be edited after the export is created.
Mount Point Paths are paths within a client instance to a
locally accessible directory to which the remote file system is mounted.
In this mount command example, /mnt/fs is the path to the directory on
the client instance on which the external file system is mounted.
sudo mount -t nfs \
-o nfsvers=4.0 192.0.2.0:/export/d0v812zdp48onybubehhx1c67i4p3mjfth5avt3z2rkn50uqpbce3fhsa8nm /mnt/fs
File System Paths are paths to directories within the file
system, and contain the contents of the file system. When the file system is mounted,
you can create any directory structure within it.
VCN Security Rules for File Storage 🔗
On Compute Cloud@Customer, before you can mount a file system, you must
configure security rules to allow traffic to the mount target's VNIC using specific protocols
and ports.
The Networking service offers two virtual firewall features that both use security rules to
control traffic at the packet level. The two features are:
Security lists: The original virtual firewall feature from
the Networking service. When you create a VCN, a default security list is also created.
Add the required rules to the security list for the subnet that contains the mount
target.
Network security groups (NSGs): A subsequent feature designed
for application components that have different security postures. Create an NSG that
contains the required rules, and then add the mount target to the NSG. Each mount target
can belong to up to five (5) NSGs.
Important
You can use security lists alone, network security groups alone, or both together. It
depends on your particular security needs.
If you choose to use both security lists and network security groups, the set of rules
that applies to a given mount target VNIC is the combination of these items:
The security rules in the security lists associated with the VNIC subnet
The security rules in all NSGs that the VNIC is in
It doesn't matter which method you use to apply security rules to the mount target VNIC,
as long as the ports for protocols necessary for File Storage are correctly configured in
the rules applied.
On Compute Cloud@Customer, when configuring the File Storage service, you
might need to know the ports that are used for a service or protocol.
This table lists the port numbers used for networking services that support File Storage.
When you configure security lists and network security groups for the File Storage service,
use the port numbers for the particular service you are using. For example, for NFS configure
ports 2048–2050 for TCP and UDP.
Service
Protocol
Port
RPC
TCP, UDP
111
NFS
TCP, UDP
2048, 2049, 2050
lockd
TCP, UDP
4045
mountd
TCP, UDP
20048
SMB
TCP, UDP
445
LDAP
TCP, UDP
389
Kerberos
TCP, UDP
88
DNS
TCP, UDP
53
Deleting File System Resources Overview 🔗
On Compute Cloud@Customer, you can't delete a file system resource that has
dependencies.
File Systems
You can delete a file system if it's not a parent file system. If it's a parent file
system, all descendant snapshots and clones must first be deleted.
Snapshots
A parent snapshot can't be deleted. A snapshot that isn't a parent can be deleted.
Clones
A parent clone can't be deleted. A clone that isn't a parent can be deleted.