Just getting started with the Isilon and I'm trying to find out if it's possible to define which shares (or IFS sub-directory) can be accessed by a specific SmartConnect zone without relying on access based enumeration.
The intent is to easily configure ZoneA.isilon.emc.com to only see shares 1, 2 and 3, while ZoneB.isilon.emc.com can see shares 4, and 5.
Yes, at least for SMB shares you can use multiple "Access zones" (new in OneFS 7.0), where each access zone ties together only selected shares, SmartZonnect zones/pools and authentication providers.
You need to look into Access Zones. By default Isilon has one Access Zone called "System". You can create a new access zone, associated it with a SmartConnect subnet. Once you do that then that new access zone has an "visible shares" options where you can select which SMB shares the Access Zone can see.
NFS still must use the System access zone.
I'd also mention the default "System" access zone is uses with the default subnet (subnet0:pool0). Do not remove "System" for subnet0:pool0 until you have assigned another subnet to System, or you will lose SSH and WebUI access.