Before you can create and manage SMB volumes, you must review security considerations regarding SMB access. You must also add an Active Directory (AD) connection. Currently, Cloud Volumes Service supports only one AD connection per Google Cloud region. You can only associate a cloud volume in a region with the AD connection in the same region.
The following diagram shows how Cloud Volumes Service works with Windows applications on Google Cloud:
For more information about SMB services provided by Cloud Volumes Service for Google Cloud, see SMB performance FAQs.
Creating an AD connection
You can set up an AD connection for Cloud Volumes Service to an AD configured on Compute Engine or to an on-premises Active Directory service if the on-premises network is connected to Google Cloud.
In the Cloud Console, go to Cloud Volumes.
Click Active Directory connections, and then click Create.
In the Create Active Directory Connection window, enter the following information, and then click Save.
- In the Username and Password fields, enter credentials associated with an account that has privileges to create a computer account in AD.
- In the Domain field, enter the name of the AD domain.
In the DNS server field, enter the DNS server IP address fetched from the AD domain.
The CVS-Performance service type checks all IP addresses listed. The CVS service type uses the first IP address listed.
In the NetBIOS field, enter a name for the AD server. The length of the NetBIOS name must be 10 characters or fewer.
From the Region drop-down list, select a region associated with your AD credentials.
In the Security Privilege Users field, provide a list of comma-separated domain user accounts that require elevated privileges to manage security logs for the Active Directory associated with Cloud Volumes Service. This list is specifically needed for the installation of a SQL server where binaries and system databases are stored on an SMB share. This option is not mandatory if you use an administrator user during installation.
In the Backup Users field, provide either a group or a comma-separated list of users that require access to all files and directories without being a domain administrator.
The Active Directory connection supports NFS extended groups (greater than 16 GIDs) with the CVS-Performance service type by default. However, the use of extended groups disables support for users that exist on the NFS client locally.
If you need support for local users rather than extended groups, select the checkbox for Allow local NFS users with LDAP when creating or editing the Active Directory connection.
Creating an SMB volume
In the Cloud Console, go to Cloud Volumes.
In the Create File System page, complete the following fields:
Name: Enter a display name for the volume.
Service Type: Select either the CVS or CVS-Performance service type, depending on which is appropriate for your workload. Each service type offers different service levels, and the service levels are offered in different regions. For more information, see Service types.
Region: Select a Google Cloud region for your volume. For more information about region selection, see Best practices for Compute Engine region selection.
Zone: Select a Google Cloud zone for your volume. This field applies only to volumes using the CVS service type.
Volume path: Enter the name of the volume path. It must be unique across all your cloud volumes. The system automatically generates a recommended volume path.
- If you selected the CVS service type, select the level of availability for the volume.
- If you selected the CVS-Performance service type, select the level of performance for the volume.
Snapshot: If you want to create a volume based on a snapshot, select the snapshot from the drop-down list. This field applies only to volumes that use the CVS-Performance service type. For more information, see Creating and managing volume snapshots.
Allocated capacity: Set the size of the cloud volume. The minimum size is 1,024 GiB (1 TiB).
Protocol type: Select SMB.
Make snapshot directory (~snapshot) visible: Selecting this option makes your snapshot directory visible to the client as a
~snapshothidden directory in the root of the mapped share and enables Previous Versions access in Windows Explorer. This field applies only to volumes that use the CVS-Performance service type.
Enable SMB encryption: To enable SMB encryption for in-flight SMB3 data, select this option. SMB clients using data without encryption can't access a volume that has this option enabled.
Enable CA share support for SQL server: You can enable continuously available (CA) share support for the SQL server. You should enable this option only for SQL workloads that require continuous availability. This field applies only to volumes that use the CVS-Performance service type.
Hide SMB Share: To enhance security, you can select this option to prevent your volume and data from being viewable by untrusted sources. Selecting this option makes the SMB share non-browsable. This field applies only to volumes that use the CVS-Performance service type.
Shared VPC Configuration: The VPC network can be part of a host project in a shared VPC, or it can be a standalone project. If you have a host project and a shared VPC topology, select the checkbox. For standalone projects, leave the checkbox clear.
VPC Network Name:
Select the network from which the volume will be accessible.
Optionally, you can specify your custom CIDR range by selecting Use Custom Address Range.
If this is the first time that you're setting up the VPC peering for Cloud Volumes Service, you receive the following prompt indicating that you need to set up network peering:
For more information, see Setting up private services access.
Snapshot policy: To manage snapshot policy for the volume, expand Show snapshot policy. Select Allow automatic snapshots, specify the snapshot schedules, and specify the number of snapshots to keep. See Managing snapshot policies for details.
Click Save to create the volume.
The new volume appears in the Volumes list.
Mapping SMB shares from Compute Engine instances
In the Cloud Console, go to the Volumes page.
Click the SMB volume for which you want to map an SMB share.
Scroll to the right, click More more_vert, and then click Mount Instructions.
Follow the instructions in the Mount Instructions for SMB window that appears.
- Monitoring cloud volumes
- Creating and managing volume snapshots
- Reverting a volume using a snapshot
- Backing up and restoring a cloud volume
- Security considerations
- FAQs about NetApp Cloud Volumes Service for Google Cloud
- Resource limits and quotas