System

Time Settings -

See Time settings

Hardware Activation

EVO’s expansion hardware (including all drives and added Ethernet) must be activated to work properly in the EVO environment. This guarantees that the hardware used is the tested and approved hardware for the EVO system. All EVO base units are authorized to activate the first two drive quads by default. Additional hardware is activated using an Activation code provided by SNS.

Once activations are authorized, this page is used to activate the expansion hardware.

Warning

The addition of any expansion hardware to EVO requires prior authorization from SNS.

Expansion quad licensing

_images/expansion_quad_licensing.png

EVO includes authorization for two quads by default. Additional quads may be authorized for expansion and activated at this page.

Warning

Deactivating a quad is a destructive operation. Only deactivate a quad if the intent is for EVO to treat the disks as unformatted drives needing to be activated.

Deactivate missing quads

_images/deactivate_missing_quads.png

Hardware changes, such as moving disks between EVOs, may lead to a situation where EVO finds information about quads that is not part of its current configuration, or is expecting to find quad information that is not present on the installed data drives. Only deactivate any quads listed in this section if the current EVO configuration is known to be good and extraneous information is to be removed.

Warning

Once deactivated, any missing quads cannot be reactivated.

Ethernet expansion connectivity licensing

_images/ethernet_licensing.png

Any network hardware changes will need to be authorized and activated (or deactivated if removed). Each network port on an adapter is treated as a device according to its MAC address, and may be activated/deactivated in this section.

Activated keys

_images/activated_keys.png

Hardware expansion keys that have been activated are displayed in this section

Network -

See Network

Disks & Pools -

See Disks & Pools

Logical Disks -

See Logical Disks

Pools -

See Pools

Advanced

Ethernet bonding parameters

Ethernet bonding is typically referred to as link aggregation, and the default values are expected for most environments, with LACP being the default and most common method enabled on network switches.

_images/ethernet_bonding_parameters.png

Bonding mode - 802.3ad is the default, compatible with LACP. Some environments may have a need to set up a different aggregation protocol, and choices available are balance-rr, active-backup, balance-xor, broadcast, balance-tlb, and balance-alb. The implications for each mode are outside the scope of this document.

Xmit hash policy - For 802.3ad mode, the Xmit Hash Policy controls the distribution of client workstations across EVO’s bonded ports. The Xmit Hash Policy can be set to MAC (layer-2) or MAC+IP (layer-2-and-3). Both policies are compliant with the 802.3ad specification.

LACP rate - This value is the rate at which LACP packets are sent. In the default mode, LACP PDUs are sent each second until the devices synchronize, after which they’re sent every 30 seconds. When LACP fast is set, PDUs are still sent every second following synchronization. There are pros and cons to each approach, since a timeout not be immediately corrected using the slow rate, while the fast rate will add mostly unneeded network traffic, and may not handle a timeout with any significant difference. Most switches use the same default, so this value should only be changed to match a switch using fast rate.

Note

The LACP rate does not directly translate to communication speed (slow may in fact be good).

Certificate Authority

_images/certificate_authority.png

Use this card to upload the SSL/TLS certificate when joining EVO to LDAP. See LDAP for more configuration information.

NAS Recycle Bin

A recycle bin is included and enabled by default for local EVO SMB shares. By default, files are permanently deleted after one week in the recycle bin.

_images/NAS_recycle_bin.png

The retention time for SMB user-deleted content can be selected from the drop-down menu.

_images/recycle_retention.png

Warning

The recycle functionality applies to content deleted over SMB. Other methods of modifying content (Slingshot, other protocols) will not use SMB, and will therefore not send content to the recycle bin.

Graphs settings

_images/graphs_settings.png

This provides options for the reporting of system statistics in the collapsible display at the top of the interface.

Click the pencil to edit the settings:

_images/edit_graphs.png

Show last - 15 minutes (default), 30 minutes, 1 hour

CPU and Storage graphs autoscaling - Toggles automatic scaling to fit default display values (off by default)

Global Masks

_images/global_masks.png

If Project locking is enabled for any NAS share(s), EVO will automatically lock the file types in this list when accessed via read/write by an SMB user. The most common file types where this behavior may be expected are enabled by default, and it’s possible to add or remove file extensions for custom locking behavior.

NAS Configuration

_images/NAS_configuration.png

SMB max xmit - This sets the maximum transmit size for SMB requests accepted by the server (determined by client). The default value is 65535 (maximum allowed).

SMB max credits - Credits determine the amount of simultaneously allowed client requests. The default value is 65535 (maximum allowed).

SMB workgroup - This is a peer-to-peer local network for SMB-connected machines. By default, the workgroup name will be WORKGROUP, which should update automatically if needed, for example by joining Active Directory.

SMB protocol - SMB3 is used by default, with the option to lower to SMB2 if required by legacy clients.

SMB multichannel - Disabled by default. When configured, SMB multichannel allows a client to use more than one NIC to communicate with the server. This should only be enabled if the network and clients have been configured to support it.

SMB async - Disabled by default. SMB async can increase the number of concurrent file operations, though EVO uses the sendfile feature instead of SMB-specific asynchronous I/O. This setting should be enabled if SMB multichannel is enabled. It may not be enabled if sendfile is enabled.

Use sendfile - Enabled by default. This allows for more efficient calls to the file system for oplocked files. Disable in order to use SMB multichannel with SMB async.

FTP type - If a share is created with FTP access, it will allow SFTP connections only by default. This may be changed to FTP or FXP if needed.

TCP Scaling

_images/TCPscaling.png

TCP scaling factor - Default scaling factor is 8, and may be set to any value between 4 and 14.

_images/TCP_scaling_options.png

TCP window scaling is already enabled on any modern operating system, and workstations and EVO will continually negotiate in an attempt to determine the largest window size they can use for communication, based on ever-changing network variables. Adjusting the scaling factor may result in improved or worsened communication and resource usage. The default value is well-balanced and generally sufficient for most environments.

File Navigator

_images/file_navigator.png

EVO’s File Navigator provides navigation and administrative options for content on shares. Select a file to see the available actions.

By default, any user granted read/write for a share will have those permissions for all content on the share, with “EVO” as the owner. Changing the owner and editing ACLs changes the permission scheme to allow for more granular permissions control; however, care should be taken when adjusting permissions, especially when working with nested content (recursive permissions) and inheritance.

ACL permissions do not travel with files when copied to a different location, and should inherit the permissions at the destination directory. Depending on the user’s permissions, the implications of these changes may not be obvious. It’s recommended to set, or at least confirm, any modified permissions using EVO’s File Navigator.

Warning

Modifying ACLs from a Mac workstation is not supported.

Warning

ACLs are not supported by ShareBrowser in this version.

_images/change_owner.png

Change owner - Choose the user to grant ownership, and if applicable, set the permission recursively to apply it to all subdirectories and files within.

_images/create_permissions.png

Edit ACL - Add advanced security settings by user or group and optionally enable inheritance to replace all child object permission entries with inheritable permission entries from the selected object.

Warning

Slingshot replication jobs do not consider ACLs (file-level permissions), so user visibility and access permission for replicated content needs to be managed at the target destination.

Power & UPS

This system is designed to remain “up” and online for very long durations. In fact, leaving it up and running is preferable to shutting it down very frequently. If everything is working normally but you prefer to routinely reboot, then a schedule of approximately every 12-24 weeks is more than sufficient.

One short push of the front panel Power button will also initiate the shutdown process, which normally takes a few minutes. If you have an expansion chassis, it is designed to remain powered on even when the main unit has been powered down.

Power

_images/power.png

This section provides reboot and shutdown options. Shutdown can also be initiated with a tap of the power button on the chassis.

APC UPS configuration -

See APC UPS Configuration

Hardware Profile

The Hardware Profile page identifies and provides statistics for internal components. Output may differ based on EVO model.

_images/cpu.png

CPU - Displays CPU type and core total

_images/controllers.png

RAID controllers - Shows disk controller(s), serial and model numbers. The first controller is enumerated 0.

_images/system_memory.png

System memory - Shows total system memory, size and number of modules installed

_images/ethernet.png

Ethernet - Displays model and firmware information for onboard and any added Ethernet expansion hardware

_images/sensors.png

Sensors - Individual CPU core temperatures are displayed, as well as a combined temperature value for the CPU.

Admin Settings

Networking settings

_images/networking_settings.png

HTTP web-configuration port - 80 is the default and standard port for http communication. Manually changing this port will impact any applications that expect to use port 80.

Enable HTTPS is disabled by default and requires additional configuration to enable. See Server certificate below

HTTPS web-configuration port - 443 is the default and standard port for https communication. Manually changing this port will impact any applications that expect to use port 443.

Warning

Do not enable HTTPS until prepared to do so with the required certificate. Workstations will require additional configuration in order to reach EVO once HTTPS is enabled.

Primary administrator

_images/primary_administrator.png

Current login - EVO administrator name is masked

Current password - EVO administrator password is masked

Click the pencil to edit the primary administrator credentials.

_images/primary_admin_edit.png

Current login - Enter the current primary EVO administrator name (admin)

Current password - Enter the current primary EVO administrator password (adminpw111)

New login - Enter the new primary EVO administrator name

New password - Enter the new primary EVO administrator password

Re-type new password - Confirm the new primary EVO administrator password

Server certificate

_images/server_certificate.png

A server certificate needs to be uploaded to EVO in order to enable https communication between EVO and workstations. Configuring secure web communication requires server and client validate each other by means of a certificate of trust. The certificate can be self-signed or granted by a certificate authority.

Click the three dots to choose to add the card to the Home page, create a new certificate, or import/export an existing certificate.

_images/certificate_options.png

Create certificate

Adding a certificate allows for establishment of secure channels using HTTPS between server and users, whereby they’re able to safely determine the computer they’re communicating with is in fact the one it claims to be.

_images/create_certificate.png

Create self-signed certificate - This allows for any user to create and sign a certificate, as a certificate authority. In addition to adding the signed certificate to EVO, client machines must be configured to explicitly trust the self-signed certificate.

_images/create_self-signed_certificate.png

The values entered here are rather arbitrary, as the certificate is manually validated by clients.

Common name - Enter a name to act as the certificate authority

E-mail - Enter an email address to associate with the authority

Country - Select country

State/Province - Enter state or province if applicable

City - Enter city

Organization - Enter a name for reference

Department - Enter a name for reference

Create certificate signing request - Create a certificate signing request to use for certificate signing by a certificate authority.

_images/create_CSR.png

The values entered here are required for review by the certificate authority.

Common name - Enter a name to associate with the certificate

E-mail - Enter an email address to associate with the certificate

Country - Select country

State/Province - Enter state or province if applicable

City - Enter city

Organization - Enter a name for reference

Department - Enter a name for reference

Click NEXT, then Click DOWNLOAD to export your certificate signing request. Send this certificate signing request to a third-party certificate authority for their signing. Once your certificate has been issued, choose Import certificate from the Server certificate card.

Renew certificate - Create a new private key and certificate signing request to renew your certificate.

_images/renew_certificate.png

  1. The existing private key and certificate will be deleted, and a new private key will be created. Click NEXT if you would like to proceed.

  2. Fill in information as described in Create certificate signing request.

  3. Download CSR

Once a certificate is in place, https can be enabled at Networking settings.

Warning

Since a self-signed certificate is not provided by a trusted certificate authority, client workstations have no means for automatic trust verification and will need an exclusion added for trusting the self-signed certificate.

Import certificate

_images/import_certificate.png

Import signed CSR - Use this to import a self-signed certificate following EVO creation of a certificate signing request.

Import certificate - This option allows for import of an existing certificate and private key.

Warning

Until a certificate is in place, HTTP will be used for upload, so ensure your connection is isolated.

_images/import_existing_cert.png

Drag & drop the files or click Choose File and browse to upload each. The certificate format may be .pem or .crt, and the key may be .pem or .key format.

Export certificate

Click Export certificate to download EVO’s server certificate (evo-web.crt) for import to another device’s trusted certificates (such as macOS Keychain or Windows Trusted Root Certification Authorities).

Restrict EVO UI access

By default, EVO’s administrative interface is available via any of its Ethernet ports, or any device with a network path to EVO. It’s additionally possible to restrict administrative access to a single Ethernet port, which may be isolated from the rest of the local network.

Restrict EVO UI access - Disabled by default. Enable to restrict interface access to a single Ethernet port.

Allowed interface - Choose the Ethernet port you’d like to reserve for administrative access.

Secondary administrators

While the Primary EVO administrator has access to all interface functionality, it may be useful to protect these credentials and create one or more secondary administrators with limited additional permissions for common administrative tasks, such as the ability to create a new share, without permission to delete one.

Click the pencil to manage the list of secondary administrators.

Add an administrator - Enter or choose a name from the list.

Display language

EVO offers localization options. Select English or Simplified Chinese from the drop-down menu to change the interface language. Contact SNS if you’re interested in adding support for another language.

Long-lived tokens

If multiple EVOs are configured (federated), long-lived tokens can assist with automatic reconnection in the event of interrupted communication (reboot, for example). If a token expires, federation may require reconfiguration.

Firewall

Firewall rules may be added directly to EVO to restrict port access by client IP according to inclusion and/or exclusion rules. Logic for multiple rules and policies can be implemented by changing the order in which the rules are applied.

Protocol - Select TCP or UDP. Some communication methods expect both transport types, requiring an additional rule.

Ports - Select All, specify a port or comma-separated list of ports, or define a port range

Address - Select All to apply to all client IP addresses, single host by IP or hostname, or define a subnet using CIDR notation

Policy - Select Allow or Deny to specify whether packets that meet the defined conditions should be accepted or dropped.

Warning

It is possible to inadvertently add a rule that blocks all access to the interface. As a protection, saving an added rule applies it for five minutes, after which changes will be automatically rolled back. This allows for rules to be fully tested before committing them. Once functionality for the added rule(s) is confirmed, click commit to apply the rule set.

User Auditing

SMB User Auditing may be enabled to track operations on the file system by users.

_images/user_auditing.png

User auditing - displays current auditing status, disabled by default. Contact technical support if you’re interested in enabling this functionality.

Limitations and caveats - Auditing is an advanced feature, which requires particular attention on the part of the administrator. Please note:

Enabling this feature will impact performance. The more activity on your system, the more events logged, the more probable it is that performance will be noticeably affected. Log files written by this system will be rotated every 7 days and therefore must be copied daily to a different system. Securing, backing up, and analyzing log files is your responsibility. The audit function is intended to capture user activity. Certain automated, system-level functions may not be logged. The auditing feature supports operations within the SMB protocol, exclusively. File operations spanning multiple storage shares/systems/devices (including those that use Slingshot) may not be comprehensively logged, may be logged among multiple systems, or may be logged in multiple formats. ShareBrowser metadata operations are not audited.

Note

User Auditing is available for the SMB protocol exclusively. File modifications by other means are not tracked by the User Auditing feature.

Cloud VPN -

See Cloud VPN.