Limiting share access by SmartConnect Zones

Just getting started with the Isilon and I'm trying to find out if it's possible to define which shares (or IFS sub-directory) can be accessed by a specific SmartConnect zone without relying on access based enumeration.

The intent is to easily configure ZoneA.isilon.emc.com to only see shares 1, 2 and 3, while ZoneB.isilon.emc.com can see shares 4, and 5.

Thanks!

0 Kudos
2 Replies
Peter_Sero
4 Beryllium

Re: Limiting share access by SmartConnect Zones

Yes, at least for SMB shares you can use multiple "Access zones" (new in OneFS 7.0), where each access zone ties together  only selected shares, SmartZonnect zones/pools  and authentication providers.

-- Peter

Re: Limiting share access by SmartConnect Zones

You need to look into Access Zones.  By default Isilon has one Access Zone called "System".  You can create a new access zone,  associated it with a SmartConnect subnet.  Once you do that then that new access zone has an "visible shares" options where you can select which SMB shares the Access Zone can see.

NFS still must use the System access zone.

I'd also mention the default "System" access zone is uses with the default subnet (subnet0Smiley Tongueool0). Do not remove "System" for subnet0Smiley Tongueool0 until you have assigned another subnet to System,  or you will lose SSH and WebUI access.

0 Kudos