version 4.0 | document revision 1
...
From a technical perspective, file migration can be summarized as follows: first, the file content and corresponding metadata are copied to secondary storage as an MWI file/object. Next, the original file is marked as a 'stub' and truncated to zero physical size (while retaining the original logical size for the benefit of users and the correct operation of applications). The resulting stub file will remain remains on primary storage in this state until such time as a user or application requests access to the file content, at which point the data will be is automatically returned to primary storage.
Each stub encapsulates the location of the corresponding MWI data on secondary storage, without the need for a database or other centralized component.
...
DataCore FileFly Admin Portal is the web-based interface that provides central management of a FileFly deployment. It is installed as part of the FileFly Tools package.
When entering the FileFly Admin Portal, the 'Dashboard' will be displayed displays – more on the dashboard in 1.5. The remainder of this section follows the Admin Portal's navigation menu.
...
The 'Servers' page displays the installed and activated agents across the deployment of FileFly. Health information and statistics are provided for each server or cluster node. You will use Use this page when activating the other components in your system.
Click a Server's ellipsis control to:
...
Within a given Source, individual directory subtrees may be included or excluded to provide greater control over which files are eligible for policy operations. Excluded directories will are not be traversed.
In the Source editor, the directory tree may be expanded and explored in the 'Subdirectory Filtering' section. By default, the entire source will be is included.
| Anchor | ||||
|---|---|---|---|---|
|
Destinations are storage locations that Policies may write files to (e.g., locations on the network to which files are Migrated). Platform-specific information for all supported sources is detailed in 5.
Optionally, a Destination may be configured to use Write Once Read Many (WORM) semantics for migration operations. No attempt will be is made thereafter to update the resultant secondary storage objects. This option is useful when the underlying storage device has WORM-like behavior, but is exposed using a generic protocol.
...
A Task schedules one or more Policies for execution. Tasks can be scheduled to run at specific times, or can be run on-demand via the Quick Run control on the 'Dashboard'.
While a Task is running, its status is displayed in the 'Running Tasks' panel of the 'Dashboard'. When Tasks finish they are moved to the 'Recent Tasks' panel.
Operation statistics are updated in real time as the task runs. Operations will automatically be executed in parallel, see E for more details.
If multiple Tasks are scheduled to start simultaneously, Policies on each Source are grouped such that only a single traversal of each file system is required.
...
After completing the installation process, FileFly Tools must be configured via the Admin Portal web interface. The FileFly Admin Portal will be opened automatically and can be found later via the Start Menu.
The web interface will lead you through the process of initial configuration: refer to the 'Notices' panel on the 'Dashboard' to ensure that verify all steps are completed.
| Anchor | ||||
|---|---|---|---|---|
|
...
Installation of the FileFly LinkConnect Server software requires careful configuration of both the NAS / file server and the FileFly LinkConnect Server machines. Instructions are provided in 5.4 for OneFS and 5.2 for Windows file servers. Other devices are not supported.
...
Having deployed one or more LinkConnect Servers, all Windows clients that will need to access link-migrated files will require the LinkConnect Client Driver to be installed as follows:
Ensure Verify the client machine is joined to the Active Directory domain
Run DataCore FileFly LinkConnect Client Driver.exe
Follow the prompts
...
Access to NAS / file server shares containing files that have been link-migrated must use the domain credentials of the logged-in Windows desktop session. When a user accesses a link-migrated file, the client driver will transparently redirect the access to the FileFly LinkConnect Server if required. This redirected access will use the same logged-in Windows desktop session credentials.
Installation of the client driver will enable remote symlink evaluation in Windows. If remote symlink evaluation was disabled prior to client driver installation (this is the default behavior in Windows 10), the driver will continue to prevent remote symlink access for other symlinks. Do not disable remote symlink evaluation (e.g. by group policy) after installation since doing so will cause performing this causes the client driver to stop functioning.
...
Storage locations in DataCore FileFly are referred to by URI. Relationships between files must be maintained over a long period of time. It is therefore advisable to take steps to ensure that Verify the FQDNs used in these URIs are valid long-term, even as individual server roles are changed or consolidated.
In a production deployment, always use Fully Qualified Domain Names (FQDNs) in preference to bare IP addresses.
It is recommended to create DNS aliases for each logical storage role for each server. For example, use different DNS aliases when storing your finance department's data as opposed to your engineering department's data – even if they initially reside on the same server.
...
Using the information from the reports, create a rule to select files for migration. A typical rule might limit migrations to files modified more than six months ago. The reports' long-term trend charts will indicate indicates the amount of data that will be migrated by a 'modified more than n months ago' rule – adjust the age cutoff as necessary to suit your filesystems.
To avoid unnecessary migration of active files, be conservative with your first Migration Rule – it can be updated to migrate more recently modified files on subsequent runs.
Once the Rule has been created:
...
4 describes all FileFly Policy Operations in detail and will help you helps to get the most out of FileFly.
The remainder of this chapter gives guidance on using FileFly in a production environment.
...
Backing up the DataCore FileFly Tools configuration will preserve preserves policy configuration and server registrations as well as per-server settings and storage plugin configuration.
...
| Anchor | ||||
|---|---|---|---|---|
|
Ensure that Verify the server to be restored to has the same FQDN as the original server
If present, uninstall DataCore FileFly Tools
Run the installer: DataCore FileFly Tools.exe
use the same version that was used to generate the backup file
On the 'Installation Type' page, select 'Restore from Backup'
Choose the backup zip file and follow the instructions
Optionally, log files may be restored from server backups to:
C:\Program Files\DataCore FileFly\logs\AdminPortal\
C:\Program Files\DataCore FileFly\logs\DrTool\
...
Each stub on primary storage is linked to a corresponding MWI file on secondary storage. During the normal process of migration and demigration the relationship between stub and MWI file is maintained.
The recommendations below ensure that guarantee the consistency of this relationship is maintained even after files are restored from backup.
| Anchor | ||||
|---|---|---|---|---|
|
Ensure that Verify the restoration of stubs is included as part of your the backup & restore test regimen.
When using Scrub policies, ensure verify the Scrub grace period is sufficient to cover the time from when a backup is taken to when the restore and Post-Restore Revalidate steps are completed (see below).
It is strongly recommended to set the global minimum grace period accordingly to guard against the accidental creation of scrub policies with insufficient grace. This setting may be configured on that FileFly Admin Portal 'Settings' page.
Important: It willis NOT be possible to safely restore stubs or MigLinks from a backup set taken more than one grace period ago.
...
Suspend the scheduler in FileFly Admin Portal
Restore the primary volume
Run a 'Post-Restore Revalidate' policy against the primary volume
To ensure verify all stubs are revalidated, run this policy against the entire primary volume, NOT against the migration source
This policy is not required when only WORM destinations are in use
Restart the scheduler in FileFly Admin Portal
If restoring the primary volume to a different server (a server with a different FQDN), the following preparatory steps will also be are required:
On the 'Servers' page, retire the old server (unless still in use for other volumes)
Install FileFly Agent on the new server
Update Sources as required to refer to the FQDN of the new server
Perform the restore process as above
...
Most enterprise Windows backup software will respect FileFly stubs and will back them up correctly without causing any unwanted demigrations. For some backup software, it may be necessary to refer to the software documentation for options regarding Offline files.
When testing backup software configuration, test that backup of stubs does not cause unwanted demigration.
Additional backup testing may be required if Stub Deletion Monitoring is required. Please refer to E for more details.
...
Generally, antivirus software will does not cause demigrations during normal file access. However, some Some antivirus software will demigrate demigrates files when performing scheduled file system scans.
Prior to production deployment, always check that installed antivirus software does not cause unwanted demigrations. Some software must be configured to skip offline files in order to avoid these inappropriate demigrations. Consult the antivirus software documentation for further details.
If the antivirus software does not provide an option to skip offline files during a scan, DataCore FileFly Agent may be configured to deny demigration rights to the antivirus software. Refer to E for more information.
It may be necessary for some antivirus products to exempt the DataCore FileFly Agent process from real-time protection (scan-on-access). If the exclusion configuration requires the path of the executable to be specified, be sure to update the exclusion whenever FileFly is upgraded (since the path will change changes on upgrade).
| Anchor | ||||
|---|---|---|---|---|
|
...
Requires: Source(s), Rule(s), Destination Included in Community Edition: yes
Migrate file data from selected Source(s) to a Destination. Stub files remain at the Source location as placeholders until files are demigrated. File content will be is transparently demigrated (returned to primary storage) when accessed by a user or application. Stub files retain the original logical size and file metadata. Files containing no data will are not be migrated.
Each Migrate operation will be is logged as a Migrate, Remigrate, or Quick-Remigrate.
A Remigrate is the same as a Migrate except it explicitly recognizes that a previous version of the file had been migrated in the past and that stored data pertaining to that previous version is no longer required and so is eligible for removal via a Scrub policy.
A Quick-Remigrate occurs when a file has been demigrated and NOT modified. In this case it is not necessary to retransfer the data to secondary storage so the operation can be performed very quickly. Quick-remigration does not change the secondary storage location of the migrated data.
Optionally, quick-remigration of files demigrated within a specified number of days may be prevented. This option can be used to avoid quick-remigrations occurring in an overly aggressive fashion.
Additionally, this policy may be configured to pause during the globally configured work hours.
Note: For Sources using a FileFly LinkConnect Server, such as Dell EMC OneFS shares, see 4.9 instead.
...
Disconnect files from destination – remove destination information from demigrated files (both files demigrated by this policy and files that have already been demigrated); it will no longer be is not possible to quick-remigrate these files
A Destination Filter may optionally be specified in order to demigrate/disconnect only files that were migrated to a particular destination
...
Requires: Source(s), Rule(s), Destination Included in Community Edition: yes
Premigrate file data from selected Source(s) to a Destination in preparation for migration. Files on primary storage will are not be converted to stubs until a Migrate or Quick-Remigrate Policy is run. Files containing no data will are not be premigrated.
This can assist with:
...
Premigration is, as the name suggests, intended to be followed by full migration/quick-remigration. If this is not done, a large number of files in the premigrated state may slow down further premigration policies, as the same files are rechecked each time.
By default, files already premigrated to another destination will be are skipped when encountered during a premigrate policy.
This policy may also be configured to pause during the globally configured work hours.
Note: Most deployments will do not use this operation, but will use a combination of Migrate and Quick-Remigrate instead.
...
Requires: Source(s), Rule(s), Destination Included in Community Edition: yes
For platforms that do not support standard stub-based migration, Link-Migrate file data from selected Source(s) to a Destination.
Files at the source location will be are replaced with FileFly-encoded links (MigLinks) which allow client applications to transparently read data without returning files to primary storage. If an application attempts to modify a link, the file will be is automatically returned to primary storage and then modified in-place. Files containing no data will be are skipped by this policy.
MigLinks present the original logical size and file metadata.
Since MigLinks remain links when read by client applications, there is no analogue of quick-remigration for link-migrate.
This policy may be configured to pause during the globally configured work hours.
Note: To perform link-migration to Swarm targets, the destination should use the s3generic scheme, see 5.8.
...
Requires: Source(s), Rule(s) Included in Community Edition: no
Generate a disaster recovery file for DataCore FileFly DrTool by analyzing files at the selected Source(s). FileFly DrTool can use the generated file(s) to recover or update source files.
Note: Recovery files generated from Source will account for renames.
| Anchor | ||||
|---|---|---|---|---|
|
...
Clustered volumes managed by Windows failover clusters are supported. However, the Cluster Shared Volume (CSVFS) feature is NOT supported. On Windows Server 2012 and above, when configuring a 'File Server' role in the Failover Cluster Manager, 'File Server for general use' is the only supported File Server Type. The 'Scale-Out File Server for application data' File Server Type is NOT supported.
When using clustered volumes in FileFly URIs, ensure verify that the resource FQDN appropriate to the volume is specified rather than the FQDN of any individual node.
...
FileFly supports Microsoft Storage Replica.
If Storage Replica is configured for asynchronous replication, a disaster failover effectively reverts the volume to a previous point in time. As such, this kind of failover is directly equivalent to a volume restore operation (albeit to a very recent state).
As with any restore, a Post-Restore Revalidate Policy (see 4.5) should be run across the restored volume within the scrub grace period window. This will ensure verifies correct operation of any future scrub policies by accounting for discrepancies between the demigration state of the files on the (failed) replication source volume and the replication destination volume.
Important: integrate this process into your recovery procedures prior to production deployment of asynchronous storage replication.
...
FileFly Agents must be installed (selecting the migration role during installation) on EACH member server of a DFS Replication Group prior to running migration tasks on any of the group's Replication Folders.
If adding a new member server to an existing Replication Group where FileFly is already in use, FileFly Agent must be installed on the new server first.
When running policies on a Replicated Folder, sources should be defined such that each policy acts upon only one replica. DFSR will replicate replicates the changes to the other members as usual.
Read-only (one-way) replicated folders are NOT supported. However, read-only SMB shares can be used to prevent users from writing to a particular replica as an alternative.
Due to the way DFSR is implemented, care should be taken to avoid writing to stub files that are being concurrently accessed from another replica.
In the rare event that DFSR-replicated data is restored to a member from backup, ensure that verify DFSR services on all members are running and that replication is fully up-to-date (check for the DFSR 'finished initial replication' Windows Event Log message), then run a Post-Restore Revalidate Policy using the same source used for migration.
...
for new Replicated Folders, ensure that verify the 'Primary member' is set to be the original server, not the preseeded copy
both servers must have FileFly Agent installed before preseeding
add a "Process Exclusion" to Windows Defender for robocopy.exe (allow a while for the setting to take effect)
on the source server, preseed by running robocopy with the /b flag (to copy stubs as-is to the new server)
once preseeding is complete and replication is fully up-to-date (check for the DFSR 'finished initial replication' Windows Event Log message), it is recommended to run a Post-Restore Revalidate Policy on the original FileFly Source
...
| Anchor | ||||
|---|---|---|---|---|
|
Robocopy will, by default, demigrate demigrates stubs as they are copied by default. This is the same behavior as Explorer copy-paste, xcopy, etc..
Robocopy with the /b flag (backup mode – must be performed as an administrator) will copy copies stubs as-is.
Robocopy /b is not recommended. If stubs are copied in this fashion, the following must be considered:
for a copy from one server to another, both servers must have DataCore FileFly Agent installed
this operation is essentially a backup and restore in one step, and thus inappropriately duplicates stubs which are intended to be unique
after the duplication, one copy of the stubs should be deleted immediately
run a Post-Restore Revalidate policy on the remaining copy
this process will render renders the corresponding secondary storage files non-scrubbable, even after they are demigrated
to prevent Windows Defender triggering demigrations when the stubs are accessed in this fashion:
always run the robocopy from the source end (the file server with the stubs)
add a "Process Exclusion" to Windows Defender for robocopy.exe (allow a while for the setting to take effect)
...
If a Windows source server is configured to use migration policies and Windows Data Deduplication, it should be noted that a given file can either be deduplicated or migrated, but not both at the same time. FileFly migration policies will automatically skip files that are already deduplicated. Windows skips FileFly stubs when deduplicating.
When using both technologies, it is recommended to configure Data Deduplication and Migration based on file type such that the most efficacious strategy is chosen for each type of file.
Note: Microsoft's legacy Single Instance Storage (SIS) feature is not supported. Do not use SIS on the same server as DataCore FileFly Agent.
...
Symbolic links (symlinks) will be are skipped during traversal of the file system. This ensures that guarantees files are not seen – and thus acted upon – multiple times during a single execution of a given policy. If it is intended that a policy should apply to files within a directory referred to by a symbolic link, either ensure that verify the Source encompasses the real location at the link's destination, or specify the link itself as the Source.
...
| Anchor | ||||
|---|---|---|---|---|
|
Ensure that Verify Windows Defender or any other antivirus product installed on the FileFly LinkConnect Server is configured to omit scanning/screening on the LinkConnect Cache Volume and any Windows file server SMB shares.
...
Each configured MigLink source will be is periodically scanned to perform maintenance tasks such as MigLink ACL propagation and Link Deletion Monitoring (see below).
In an HA configuration, this scanning activity will be is performed by a single caretaker node, as can be seen on the Admin Portal Servers page. A standalone FileFly LinkConnect Server always performs the caretaker role.
...
Link Deletion Monitoring (LDM) identifies secondary storage files that are no longer referenced in order to facilitate recovery of storage space by Scrub Policies. This feature extends not only to MigLinks that are demigrated or directly deleted by the user, but also to other cases such as overwriting a MigLink or renaming a different file over the top of a MigLink.
Unlike SDM, LDM requires a number of maintenance scans to determine that a given secondary storage file is no longer referenced. It should be noted that interrupting Interrupting the maintenance process (e.g. by restarting the caretaker node or transitioning the caretaker role) will delay delays the detection of unreferenced secondary storage. For optimal and timely storage space recovery, ensure that verify LinkConnect Servers can run uninterrupted for extended periods.
Warning: in order to avoid LDM incorrectly identifying files as deleted – leading to unwanted data loss during Scrub – it is critical to ensure that verify users cannot move/rename MigLinks out of the scanned portion of the directory tree within the filesystem. This can be achieved by always creating the share used for your 'miglinkSource' at the root of the filesystem. An additional share may be created solely for this purpose.
To utilize LDM, it must first be enabled on a per-share basis.
...
Add the user created above to the local 'Administrators' group
Assign the 'Log on as a service' privilege to this user
Run the DataCore FileFly LinkConnect Server.exe
Follow the prompts to complete the installation
Follow the instructions to activate the installation
the Servers page will report that the server is unconfigured
...
miglinkSourceType must be set to exactly win
MAPPING_NUMBER starts at 0 for the first share mapping in this file – mappings must be numbered consecutively
WIN_FQDN/WIN_SHARE describes the file server share to be mapped
CACHE_SHARE is a LinkConnect Cache Share name (created above)
this value is CASE-SENSITIVE
SUBDIV must be the single decimal digit 1
SECRET_KEY is at least 40 ASCII characters – this key protects against counterfeit link creation
recommendation: use a password generator with 64 'All Chars'
linkDeletionMonitoring.enabled may be set to true or false to enable/disable Link Deletion Monitoring on this share – see warning above
If clients will access the storage via nested sub-shares rather than only the top-level configured MigLink Source share, the known sub-shares should be added as follows:
...
This list of sub-shares can be updated later as more subdirectories are shared. Where MigLink access occurs on unexpected shares, warnings will be are written to the LinkConnect agent.log.
Save the configuration and restart the DataCore FileFly Agent service.
Important: Refer to 3.3.1 to ensure that verify the configuration on this FileFly LinkConnect Server is included in your backup. If the FileFly LinkConnect Server needs to be rebuilt, the secret key will be is required to enable previously link-migrated files to be securely accessed.
...
Add a DFSN namespace:
the namespace must not be hosted on a LinkConnect node
the namespace name must match the LinkConnect Cache Share name exactly (including case)
the namespace must be 'Domain-based'
Add a folder to the namespace:
folder name must be of the form: SUBDIV_MwClC_1 e.g. 1_MwClC_1
Add folder target:
\\NODE\CACHE_SHARE\SUBDIV_MwClC_1
where NODE is a LinkConnect node which exports CACHE_SHARE
where CACHE_SHARE matches the namespace name exactly (including case)
where SUBDIV_MwClC_1 matches the new folder name exactly (including case)
the folder target will already exist exists – it was created by the FileFly LinkConnect Server in the previous section
DO NOT enable replication
For HA configurations, add additional targets to the same folder for the remaining LinkConnect node(s)
...
The LinkConnect configuration, including the secret key, for each FileFly LinkConnect Server will be is synchronized with the FileFly Admin Portal. These details will be are part of your the Admin Portal configuration backup.
However, in In rare cases where the keys have been completely lost and a DataCore FileFly LinkConnect Server needs to be rebuilt, it is possible to temporarily disable the Counterfeit Link Protection (CLP) and re-sign all links with a new key. To enable this behavior, recreate the configuration as above (with a new secret key), and add a line similar to the following:
...
Regular scanning of the configured share mapping will update updates the links present in all scanned links to use the new key, and any user-generated access to these links will function functions without verifying the signatures until the configured cutoff time, specified as Zulu Time (GMT). For a large system, it may be necessary to allow several days before the cutoff, to enable key update to complete. Users may continue to access the system during this period.
...
| Anchor | ||||
|---|---|---|---|---|
|
Ensure that Verify Windows Defender or any other antivirus product installed on FileFly FPolicy Server machines is configured to omit scanning/screening NetApp shares.
Antivirus access to NetApp files will interfere with the correct operation of the FileFly FPolicy Server software. Antivirus protection should still be provided on client machines and/or the NetApp Vservers themselves as normal.
...
| Anchor | ||||
|---|---|---|---|---|
|
For each Vserver, ensure that verify 'Management Access' is allowed for at least one network interface. Check the network interface in OnCommand System Manager –- if Management Access is not enabled, create a new interface just for Management Access. Note that using the same interface for management and data access may cause firewall problems.
Management authentication may be configured to use either passwords or client certificates. Management connections may be secured via TLS – this is mandatory when using certificate-based authentication.
For password-based authentication:
...
Close any SMB sessions open to Vserver(s) before proceeding
Ensure Verify the SMB Privileged User has the 'Log on as a service' privilege
Run the DataCore FileFly NetApp FPolicy Server.exe
Follow the prompts to complete the installation
Follow the instructions to activate the installation
...
| Anchor | ||||
|---|---|---|---|---|
|
Ensure Verify the netapp_clustered.cfg file has been copied to the correct location on all FileFly FPolicy Server machines
C:\Program Files\DataCore FileFly\data\FileFly Agent\netapp_clustered.cfg
Restart the DataCore FileFly Agent service on each machine
...
Unix Symbolic links (also known as symlinks or softlinks) may be created on a Filer via an NFS mount. Symbolic links will are not be seen during FileFly Policy traversal of a NetApp file system (since only shares which hide symbolic links are supported for traversal). If it is intended that a policy should apply to files within a folder referred to by a symbolic link, ensure that verify the Source encompasses the real location at the link's destination. A Source URI may NOT point to a symbolic link – use the real folder that the link points to instead.
Client-initiated demigrations via symbolic links will operate as expected.
...
Check all configuration using troubleshooting steps described above
Ensure Verify the FileFly FPolicy Server has no other SMB sessions to Vservers
run net use from Windows Command Prompt
remove all mapped drives
Reboot the server
Retry the failed operation
Check for new errors in agent.log
...
| Anchor | ||||
|---|---|---|---|---|
|
Ensure that Verify Windows Defender or any other antivirus product installed on the FileFly LinkConnect Server is configured to omit scanning/screening on the LinkConnect Cache Volume and any OneFS SMB shares.
...
Link Deletion Monitoring (LDM) identifies secondary storage files that are no longer referenced in order to facilitate recovery of storage space by Scrub Policies. This feature extends not only to MigLinks that are demigrated or directly deleted by the user, but also to other cases such as overwriting a MigLink or renaming a different file over the top of a MigLink.
Unlike SDM, LDM requires a number of maintenance scans to determine that a given secondary storage file is no longer referenced. It should be noted that interrupting the maintenance process (e.g. by restarting the caretaker node or transitioning the caretaker role) will delay the detection of unreferenced secondary storage. For optimal and timely storage space recovery, ensure that verify LinkConnect Servers can run uninterrupted for extended periods.
Warning: in order to avoid LDM incorrectly identifying files as deleted – leading to unwanted data loss during Scrub – it is critical to ensure that verify users cannot move/rename MigLinks out of the scanned portion of the directory tree within the filesystem. This can be achieved by always creating the share used for your 'miglinkSource' at the root of the filesystem. An additional share may be created solely for this purpose.
To utilize LDM, it must first be enabled on a per-share basis.
...
This list of sub-shares can be updated later as more subdirectories are shared. Where MigLink access occurs on unexpected shares, warnings will be written to the LinkConnect agent.log.
Save the configuration and restart the DataCore FileFly Agent service.
Important: Refer to 3.3.1 to ensure that verify the configuration on this FileFly LinkConnect Server is included in your backup. If the FileFly LinkConnect Server needs to be rebuilt, the secret key will be is required to enable previously link-migrated files to be securely accessed.
...
Swarm storage locations are accessed via a configured endpoint FQDN. Add several Swarm storage node IP addresses to DNS under a single endpoint FQDN (4-8 addresses are recommended). If Swarm domains are in use, the FQDN must be the name of the domain in which the FileFly data will be stored. If domains are NOT in use (i.e. data will be stored in the default cluster domain), it is strongly recommended that the FQDN be the name of the cluster for best Swarm performance.
When using multiple Swarm domains, ensure verify that each domain FQDN is added to DNS as described above.
...
Important: Prior to production deployment, please confirm with DataCore that the chosen device or service has been is certified for compatibility to ensure that verify it will be is covered by your the support agreement.
Prerequisites:
...
The S3 protocol supports a virtual-host-style bucket access method, for example https://bucket.s3.example.com rather than only https://s3.example.com/bucket. This facilitates connecting to a node in the correct region for the bucket, rather than requiring a redirect.
Generally the 'Use Virtual Host Access' option should be enabled (the default) to ensure verify optimal performance and correct operation. However, if If the generic S3 endpoint in question does not support this feature at all, Virtual Host Access may be disabled.
Note: When using Virtual Host Access in conjunction with HTTPS (recommended) it is important to ensure that verify the endpoint's TLS certificate has been created correctly. For example, if the endpoint FQDN is s3.example.com, the certificate must contain Subject Alternative Names (SANs) for both s3.example.com and *.s3.example.com.
...
ACL - Access Control List; file/folder/share level metadata encapsulating permissions granted to users or other entities
CA - Certificate Authority; specifically an X.509 certificate which issues (signs) other certificates such that during certificate validation a chain of trust may be established by verifying the signatures along the certificate chain up to a trusted Root CA certificate, e.g. to facilitate secure connection to a webserver - see also Root CA
Caretaker - a specific node within a cluster performing maintenance tasks to run on a single node at a time
CLP - Counterfeit Link Protection
Demigrate - to return migrated file content data to its original location, e.g. in response to user access
DFS - Microsoft's Distributed File System; comprised of DFSN and DFSR
DFSN - DFS Namespace; a Windows mechanism allowing for the presentation of multiple SMB shares as a single logical share
DFSR - DFS Replication; an SMB share-based file replication technology, see also Storage Replica as an alternative from Windows Server 2016 onwards
DR - Disaster Recovery
Enterprise CA - a privately-created Root Certificate Authority, promulgated as a trusted Root CA across an organization
FPolicy - a component of NetApp Data ONTAP which enables extension of native Filer functionality by other applications
FPolicy Server - a server which connects a NetApp Filer via the FPolicy protocols in order to provide extended functionality
FQDN - Fully Qualified Domain Name, e.g. server1.example.com
GUID - Globally unique identifier
HA - High-Availability; specifically the provision of redundant instances of a resource in a manner which ensures guarantees availability of service, even in the event of the failure of a particular instance
LDM - Link Deletion Monitoring
Link-Migrate - to transparently relocate file content data to secondary storage, replacing the original file with a MigLink
MigLink - a placeholder for a file that has been Link-Migrated; applications accessing the MigLink will be are transparently redirected to the corresponding FileFly LinkConnect Server to facilitate data access
Migrate - to transparently relocate file content data to secondary storage without removing the file itself; the existing file becomes a stub
MWI file - a file on secondary storage which encapsulates the file content data of a corresponding primary storage stub file or MigLink
NTP - Network Time Protocol, a protocol for clock synchronization between computer systems over a network
Quick-Remigrate - to quickly return a previously demigrated (but unmodified) file back to its migrated state without the need to re-transfer file content data
Root CA - a Certificate Authority at the end (root) of a chain of certificates; a Root CA is self-signed and must be trusted per se by the validating server (e.g. by inclusion in the computer's Trusted Root Certificate Authorities store)
Recovery File - a text file describing the relationships between stubs/MigLinks and their corresponding MWI files
Scheduler - the Admin Portal component responsible for starting scheduled Tasks
SDM - Stub Deletion Monitoring
Self-Signed Certificate - an X.509 certificate which is not attested to by another Certificate Authority, i.e. its Issuer is the same as its Subject; such certificates include Root CAs as well as 'standalone' self-signed server certificates such as may be created automatically during an application's installation process. Self-signed server certificates should generally be replaced with properly issued certificates from a trusted source.
Stub - a file whose content data has been transparently migrated to a secondary storage location
Storage Replica - a Windows Server volume replication technology offering synchronous or asynchronous replication modes
Syslog - a protocol used to send system log or event messages, e.g. to a centralized Syslog collector
TLS - Transport Layer Security; a protocol used for establishing secure connections between servers (formerly known as SSL)
UUID - Universally unique identifier