- What's New
- Function Overview
- Service Overview
-
Billing
- Billing Overview
- Billing Modes
- Billed Items
- Billing Examples
- Billing Mode Changes
- Renewing Subscriptions
- Bills
- Arrears
- Billing Termination
- Cost Management
-
Billing FAQ
- How Do I Purchase SFS?
- How Do I Renew the Service?
- How Do I Check Whether the Subscriber Is in Arrears?
- Can I Purchase SFS Capacity-Oriented Resource Packages When I Still Have Valid Ones in Use?
- How Do I Check the Usage of an SFS Capacity-Oriented Resource Package?
- How Do I Adjust the Size of an SFS Capacity-Oriented Resource Package?
- Do SFS Capacity-Oriented and SFS Turbo Share One Resource Package?
- Getting Started
- User Guide
- Best Practices
-
API Reference
- Before You Start
- API Overview
- Calling APIs
- Calling General Purpose File System APIs
- Getting Started (SFS Capacity-Oriented)
- Getting Started with SFS Turbo
- Getting Started with General Purpose File System
-
SFS Capacity-Oriented APIs
- API Version Queries
- File Systems
- File System Access Rules
- Quota Management
- Expansion and Shrinking
-
Tag Management
- Adding a Tag to a Shared File System
- Deleting a Tag from a Shared File System
- Querying Tags of a Shared File System
- Querying Tags of All File Systems of a Tenant
- Batch Adding Tags to a Shared File System
- Batch Deleting Tags from a Shared File System
- Querying Shared File Systems by Tag
- Querying the Number of Shared File Systems by Tag
- AZ
-
SFS Turbo APIs
- Lifecycle Management
- Connection Management
- Tag Management
- Name Management
- File System Management
-
Storage Interworking Management
- Adding a Backend Target
- Querying Backend Targets
- Obtaining Details About a Backend Target
- Deleting a Backend Target
- Updating the Properties of a Storage Backend
- Updating the Auto Synchronization Policy of a Storage Backend
- Creating an Import or Export Task
- Querying Details About an Import or Export Task
- Listing Import and Export Tasks
- Deleting an Import or Export Task
- Updating a File System
- Directory Management
-
Permissions Management
- Creating a Permission Rule
- Querying Permission Rules of a File System
- Querying a Permission Rule of a File System
- Modifying a Permission Rule
- Deleting a Permissions Rule
- Creating and Binding the LDAP Configuration
- Querying the LDAP Configuration
- Modifying the LDAP Configuration
- Deleting the LDAP Configuration
- Task Management
- General Purpose File System APIs
- Permissions Policies and Supported Actions
- Common Parameters
- Appendix
- SDK Reference
-
Troubleshooting
- Mounting a File System Times Out
- Mounting a File System Fails
- File System Performance Is Poor
- Failed to Create an SFS Turbo File System
- A File System Is Automatically Disconnected from the Server
- A Server Fails to Access a File System
- The File System Is Abnormal
- Data Fails to Be Written into a File System Mounted to ECSs Running Different Types of Operating Systems
- Failed to Mount an NFS File System to a Windows IIS Server
- Writing to a File System Fails
- Error Message "wrong fs type, bad option" Is Displayed During File System Mounting
- Failed to Access the Shared Folder in Windows
-
FAQs
- Concepts
- Specifications
- Restrictions
- Networks
-
Billing
- How Do I Purchase SFS?
- How Do I Renew the Service?
- How Do I Check Whether the Subscriber Is in Arrears?
- Can I Purchase SFS Capacity-Oriented Resource Packages When I Still Have Valid Ones in Use?
- How Do I Check the Usage of an SFS Capacity-Oriented Resource Package?
- How Do I Adjust the Size of an SFS Capacity-Oriented Resource Package?
- Do SFS Capacity-Oriented and SFS Turbo Share One Resource Package?
-
Others
- How Do I Access a File System from a Server?
- How Do I Check Whether a File System on a Linux Server Is Available?
- What Resources Does SFS Occupy?
- Why Is the Capacity Displayed as 10P After I Mount My SFS Capacity-Oriented File System?
- Why the Capacity Is Displayed as 250TB After I Mount My General Purpose File System?
- How Can I Migrate Data Between SFS and OBS?
- Can a File System Be Accessed Across Multiple AZs?
- Can I Upgrade an SFS Capacity-Oriented File System to an SFS Turbo File System?
- Can I Upgrade an SFS Turbo File System from Standard to Standard-Enhanced?
- How Can I Migrate Data Between SFS and EVS?
- Can I Directly Access SFS from On-premises Devices?
- How Do I Delete .nfs Files?
- Why My File System Used Space Increases After I Migrate from SFS Capacity-Oriented to SFS Turbo?
- How Can I Improve the Copy and Delete Efficiency with an SFS Turbo File System?
- How Do Second- and Third-level Directory Permissions of an SFS Turbo File System Be Inherited?
- How Do I Deploy SFS Turbo on CCE?
- Videos
-
More Documents
- User Guide (ME-Abu Dhabi Region)
- API Reference (ME-Abu Dhabi Region)
-
User Guide (Paris Region)
- Introduction
- Getting Started
- Management
- Typical Applications
-
Troubleshooting
- Mounting a File System Times Out
- Mounting a File System Fails
- Failed to Create an SFS Turbo File System
- A File System Is Automatically Disconnected from the Server
- A Server Fails to Access a File System
- The File System Is Abnormal
- Data Fails to Be Written into a File System Mounted to ECSs Running Different Types of Operating Systems
- Failed to Mount an NFS File System to a Windows IIS Server
- Writing to a File System Fails
- Error Message "wrong fs type, bad option" Is Displayed During File System Mounting
- Failed to Access the Shared Folder in Windows
-
FAQs
- Concepts
- Specifications
- Restrictions
- Networks
-
Others
- How Do I Access a File System from a Server?
- How Do I Check Whether a File System on a Linux Server Is Available?
- What Resources Does SFS Occupy?
- Why Is the Capacity Displayed as 10P After I Mount My SFS Capacity-Oriented File System?
- Can a File System Be Accessed Across Multiple AZs?
- How Can I Migrate Data Between SFS and EVS?
- Can I Directly Access SFS from On-premises Devices?
- How Do I Delete .nfs Files?
- Why My File System Used Space Increases After I Migrate from SFS Capacity-Oriented to SFS Turbo?
- How Can I Improve the Copy and Delete Efficiency with an SFS Turbo File System?
- How Do Second- and Third-level Directory Permissions of an SFS Turbo File System Be Inherited?
- Other Operations
- Change History
- API Reference (Paris Region)
- User Guide (Kuala Lumpur Region)
- API Reference (Kuala Lumpur Region)
- Glossary
- General Reference
Show all
Copied.
Does the Security Group of a VPC Affect SFS?
A security group is a collection of access control rules for servers that have the same security protection requirements and are mutually trusted in a VPC. After a security group is created, you can create different access rules for the security group to protect the servers that are added to this security group. The default security group rule allows all outgoing data packets. Servers in a security group can access each other without the need to add rules. The system creates a security group for each cloud account by default. Users can also create custom security groups by themselves.
After an SFS Turbo file system is created, the system automatically enables the security group port required by the NFS protocol. This ensures that the SFS Turbo file system can be accessed by your servers and prevents file system mounting failures. The inbound ports required by the NFS protocol are ports 111, 445, 2049, 2051, 2052, and 20048. If you need to change the enabled ports, choose Access Control > Security Groups of the VPC console and locate the target security group.
You are advised to use an independent security group for an SFS Turbo file system to isolate it from service nodes.
You need to add inbound and outbound rules for the security group of an SFS Capacity-Oriented file system. For details, see section "Adding a Security Group Rule" in the Virtual Private Cloud User Guide. In an SFS Capacity-Oriented file system, the inbound ports required by the NFS protocol are ports 111, 2049, 2051, and 2052. The inbound port required by the DNS server is port 53 and that required by the CIFS protocol is port 445.
Example Value
- Inbound rule
Direction
Protocol
Port Range
Source IP Address
Description
Inbound
TCP and UDP
111
IP Address
0.0.0.0/0 (configurable)
One port corresponds to one access rule. You need to add information to the ports one by one.
- Outbound rule
Direction
Protocol
Port Range
Source IP Address
Description
Outbound
TCP and UDP
111
IP Address
0.0.0.0/0 (configurable)
One port corresponds to one access rule. You need to add information to the ports one by one.
NOTE:
The bidirectional access rule must be configured for port 111. The inbound rule can be set to the front-end service IP range of SFS. You can obtain it by running the following command: ping File system domain name or IP address or dig File system domain name or IP address.
For ports 445, 2049, 2050, 2051, and 2052, only the outbound rule needs to be added, which is the same as the outbound rule of port 111.
For the NFS protocol, add an inbound rule to open the TCP&UDP port 111, TCP ports 2049, 2051, and 2052, and UDP&TCP port 20048. For the SMB protocol, add an inbound rule to open TCP port 445.
For the NFS protocol with UDP port 20048 not opened, the time required for mounting may become longer. In this case, you can use the -o tcp option in mount to avoid this issue.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot