Data Domain-Managing NFS client access to the protection system with GUI

Enabling NFS services
Enable NFS services to allow the client to access the system using the NFS protocol.
Steps
1. Select Protocols > NFS.
The NFS view opens displaying the Exports tab.
2. Click Enable.


Disabling NFS services
Disable NFS services to prevent the client access to the system using the NFS protocol.
Steps
1. Select the Protocols > NFS tabs.
The NFS view opens displaying the Exports tab.
2. Click Disable.


Creating an export

You can use DD SM’s Create button on the NFS view or use the Configuration Wizard to specify the NFS clients that can
access the /backup, /data/col1/backup,/ddvar, /ddvar/core areas, or the/ddvar/ext area if it exists.
 

About this task

A protection system supports a maximum of 2048 exports, with the number of connections scaling in accordance with system
memory.

NOTE: You have to assign client access to each export separately and remove access from each export separately. For
example, a client can be removed from /ddvar and still have access to /data/col1/backup.

CAUTION: If Replication is to be implemented, a single destination system can receive backups from both CIFS
clients and NFS clients as long as separate directories or MTrees are used for each. Do not mix CIFS and NFS
data in the same area.

Do not use the top level of an MTrree to host an NFS export. Create a subdirectory within the MTree, and specify that
subdirectory as the path for the NFS export.

Steps
1. Select Protocols NFS.
The NFS view opens displaying the Exports tab.
2. Click Create.
3. Enter the pathname in the Directory Path text box (for example, /data/col1/backup/dir1).
NOTE: col1 uses the lower-case letter L followed by the number 1.
4. In the Clients area, select an existing client or click the + icon to create a client.
The Client dialog box is displayed.
a. Enter a server name in the text box.
Enter fully qualified domain names, hostnames, or IP addresses. A single asterisk (*) as a wild card indicates that all
backup servers are to be used as clients.
Note: Exports may be affected by hardware limitations.

NOTE: Clients given access to the /data/col1/backup directory have access to the entire directory. A client
given access to a subdirectory of /data/col1/backup has access only to that subdirectory.
● A client can be a fully-qualified domain hostname, an IPv4 or IPv6 IP address, an IPv4 address with either a netmask
or prefix length, an IPv6 address with prefix length, an NIS netgroup name with the prefix @, or an asterisk (*)
wildcard with a domain name, such as *.yourcompany.com.
● A client added to a subdirectory under /data/col1/backup has access only to that subdirectory.
● Enter an asterisk (*) as the client list to give access to all clients on the network.
b. Select the checkboxes of the NFS options for the client.
General:
● Read-only permission (ro).
● Allow connections from ports below 1024 (secure) (default).
Anonymous UID/GID:
● Map requests from UID (user identifier) or GID (group identifier) 0 to the anonymous UID/GID (root _squash).
● Map all user requests to the anonymous UID/GID (all _squash).
● Use Default Anonymous UID/GID.
Allowed Kerberos Authentication Modes:
● Unauthenticated connections (sec=sys). Select to not use authentication.
● Authenticated Connections (sec=krb5).
NOTE: Integrity and Privacy are supported, although they might slow performance considerably.
c. Click OK.
5. Click OK to create the export.
 

Modifying an export
Change the directory path, domain name, and other options using the GUI.
Steps
1. Select Protocols > NFS.
The NFS view opens displaying the Exports tab.
2. Click the checkbox of an export in the NFS Exports table.
3. Click Modify.
4. Modify the pathname in the Directory Path text box.
5. In the Clients area, select another client and click the pencil icon (modify), or click the + icon to create a client.
a. Enter a server name in the Client text box.
Enter fully qualified domain names, hostnames, or IP addresses. A single asterisk (*) as a wild card indicates that all
backup servers are to be used as clients.
NOTE: Clients given access to the /data/col1/backup directory have access to the entire directory. A client
given access to a subdirectory of /data/col1/backup has access only to that subdirectory.
● A client can be a fully-qualified domain hostname, an IPv4 or IPv6 IP address, an IPv4 address with either a netmask
or prefix length, an IPv6 address with prefix length, an NIS netgroup name with the prefix @, or an asterisk (*)
wildcard with a domain name, such as *.yourcompany.com.
A client added to a subdirectory under /data/col1/backup has access only to that subdirectory.
● Enter an asterisk (*) as the client list to give access to all clients on the network.
b. Select the checkboxes of the NFS options for the client.
General:
● Read-only permission (ro).
● Allow connections from ports below 1024 (secure) (default).
Anonymous UID/GID:
● Map requests from UID (user identifier) or GID (group identifier) 0 to the anonymous UID/GID (root _squash).
● Map all user requests to the anonymous UID/GID (all _squash).
● Use Default Anonymous UID/GID.
Allowed Kerberos Authentication Modes:
● Unauthenticated connections (sec=sys). Select to not use authentication.
● Authenticated Connections (sec=krb5).
NOTE: Integrity and Privacy are not supported.
c. Click OK.
6. Click OK to modify the export.
 

Creating an export from an existing export
Create an export from an existing export and then modify it as needed.
Steps
1. In the NFS Exports tab, click the checkbox of the export you wish to use as the source.
2. Click Create From.
3. Modify the export information, as described in section about modifying an export.
 

Deleting an export
Delete an export from the NFS Exports tab.
Steps
1. In the NFS Exports tab, click the checkbox of the export you wish to delete.
2. Click Delete.
3. Click OK and Close to delete the export.
 

Displaying NFS information
The topics in this section describe how to use the DD System Manager to monitor NFS client status and NFS configuration.

Viewing NFS status
Display whether NFS is active and Kerberos is enabled.
Steps
● Click Protocols > NFS.
The top panel shows the operational status of NFS; for example, whether NFS is currently active and running, and whether
Kerberos mode is enabled.
NOTE: Click Configure to view the Administration > Access > Authentication tab where you can configure Kerberos
authentication.

Viewing NFS exports
See the list of clients allowed to access the protection system.
Steps
1. Click Protocols > NFS.
The Exports view shows a table of NFS exports that are configured for system and the mount path, status, and NFS options
for each export.
2. Click an export in the table to populate the Detailed Information area, below the Exports table.
In addition to the export’s directory path, configured options, and status, the system displays a list of clients.
Use the Filter By text box to sort by mount path.
Click Update for the system to refresh the table and use the filters supplied.
Click Reset for the system to clear the Path and Client filters.

Viewing active NFS clients
Display all clients that have been connected in the past 15 minutes and their mount path.
Steps
● Select the Protocols > NFS > Active Clients tab.
The Active Clients view displays, showing all clients that have been connected in the past 15 minutes and their mount path.
Use the Filter By text boxes to sort by mount path and client name.
Click Update for the system to refresh the table and use the filters supplied.
Click Reset for the system to clear the Path and Client filters.