- Notes, cautions, and warnings
- Introduction to this guide
- PowerScale scale-out NAS
- General cluster administration
- General cluster administration overview
- User interfaces
- Connecting to the cluster
- Licensing
- Certificates
- Cluster identity
- Cluster date and time
- SMTP email settings
- Configuring the cluster join mode
- File system settings
- Security hardening
- Cluster monitoring
- Monitoring cluster hardware
- Events and alerts
- Cluster maintenance
- SRS Summary
- Access zones
- Authentication
- Authentication overview
- Authentication provider features
- Security Identifier (SID) history overview
- Supported authentication providers
- Active Directory
- LDAP
- NIS
- Kerberos authentication
- File provider
- Local provider
- Multi-factor Authentication (MFA)
- Multi-instance active directory
- LDAP public keys
- Managing Active Directory providers
- Managing LDAP providers
- Managing NIS providers
- Managing MIT Kerberos authentication
- Managing file providers
- Managing local users and groups
- Administrative roles and privileges
- Identity management
- Home directories
- Home directories overview
- Home directory permissions
- Authenticating SMB users
- Home directory creation through SMB
- Home directory creation through SSH and FTP
- Home directory creation in a mixed environment
- Interactions between ACLs and mode bits
- Default home directory settings in authentication providers
- Supported expansion variables
- Domain variables in home directory provisioning
- Data access control
- File sharing
- File sharing overview
- SMB security
- SMB shares in access zones
- SMB Multichannel
- SMB share management through MMC
- SMBv3 encryption
- SMB server-side copy
- SMB continuous availability
- SMB file filtering
- Symbolic links and SMB clients
- Anonymous access to SMB shares
- Managing SMB settings
- Managing SMB shares
- Create an SMB share
- Modify SMB share permissions, performance, or security
- Delete an SMB share
- Limit access to /ifs share for the Everyone account
- Configure anonymous access to a single SMB share
- Configure anonymous access to all SMB shares in an access zone
- Add a user or group to an SMB share
- Configure multi-protocol home directory access
- NFS security
- FTP
- HTTP and HTTPS security
- File filtering
- Auditing
- Snapshots
- Snapshots overview
- Data protection with SnapshotIQ
- Snapshot disk-space usage
- Snapshot schedules
- Snapshot aliases
- File and directory restoration
- Best practices for creating snapshots
- Best practices for creating snapshot schedules
- File clones
- Snapshot locks
- Snapshot reserve
- Writable snapshots
- SnapshotIQ license functionality
- Creating snapshots with SnapshotIQ
- Managing snapshots
- Restoring snapshot data
- Managing snapshot schedules
- Managing snapshot aliases
- Managing with snapshot locks
- Configure SnapshotIQ settings
- Set the snapshot reserve
- Managing changelists
- Deduplication with SmartDedupe
- Data replication with SyncIQ
- SyncIQ data replication overview
- Replication policies and jobs
- Replication snapshots
- Data failover and failback with SyncIQ
- Recovery times and objectives for SyncIQ
- Replication policy priority
- SyncIQ license functionality
- Replication for nodes with multiple interfaces
- Restrict SyncIQ source nodes
- Creating replication policies
- Managing replication to remote clusters
- Initiating data failover and failback with SyncIQ
- Performing disaster recovery for older SmartLock directories
- Managing replication policies
- Managing replication to the local cluster
- Managing replication performance rules
- Managing replication reports
- Managing failed replication jobs
- Data Encryption with SyncIQ
- Data layout with FlexProtect
- Large file size support
- NDMP backup and recovery
- NDMP backup and recovery overview
- NDMP two-way backup
- NDMP three-way backup
- Support for NDMP sessions on Generation 6 hardware
- Setting preferred IPs for NDMP three-way operations
- NDMP multi-stream backup and recovery
- Snapshot-based incremental backups
- NDMP backup and restore of SmartLink files
- NDMP protocol support
- Supported DMAs
- NDMP hardware support
- NDMP backup limitations
- NDMP performance recommendations
- Excluding files and directories from NDMP backups
- Configuring basic NDMP backup settings
- Managing NDMP user accounts
- NDMP environment variables overview
- Managing NDMP contexts
- Managing NDMP sessions
- Managing NDMP Fibre Channel ports
- Managing NDMP preferred IP settings
- Managing NDMP backup devices
- NDMP dumpdates file overview
- NDMP restore operations
- Sharing tape drives between clusters
- Managing snapshot based incremental backups
- Managing cluster performance for NDMP sessions
- Managing CPU usage for NDMP sessions
- File retention with SmartLock
- SmartLock overview
- Compliance mode
- Enterprise mode
- SmartLock directories
- Replication and backup with SmartLock
- SmartLock license functionality
- SmartLock considerations
- Set the compliance clock
- View the compliance clock
- Creating a SmartLock directory
- Managing SmartLock directories
- Managing files in SmartLock directories
- Set a retention period through a UNIX command line
- Set a retention period through Windows Powershell
- Commit a file to a WORM state through a UNIX command line
- Commit a file to a WORM state through Windows Explorer
- Override the retention period for all files in a SmartLock directory
- Delete a file committed to a WORM state
- View WORM status of a file
- Protection domains
- Data-at-rest-encryption
- Data-at-rest encryption overview
- Self-encrypting drives
- Data security on self-encrypting drives
- Data migrations and upgrades to a cluster with self-encrypting drives
- Enabling external key management
- Migrate nodes and SEDs to external key management
- Chassis and drive states
- Smartfailed drive REPLACE state
- Smartfailed drive ERASE state
- S3 Support
- SmartQuotas
- SmartQuotas overview
- Quota types
- Default quota type
- Usage accounting and limits
- Disk-usage calculations
- Quota notifications
- Quota notification rules
- Quota reports
- Creating quotas
- Managing quotas
- Managing quota notifications
- Email quota notification messages
- Managing quota reports
- Basic quota settings
- Advisory limit quota notification rules settings
- Soft limit quota notification rules settings
- Hard limit quota notification rules settings
- Limit notification settings
- Quota report settings
- Storage Pools
- Storage pools overview
- Storage pool functions
- Autoprovisioning
- Node pools
- Virtual hot spare
- Spillover
- Suggested protection
- Protection policies
- SSD strategies
- Other SSD mirror settings
- Global namespace acceleration
- L3 cache overview
- Tiers
- File pool policies
- Managing node pools in the web administration interface
- Managing L3 cache from the web administration interface
- Managing tiers
- Creating file pool policies
- Managing file pool policies
- Configure default file pool protection settings
- Default file pool requested protection settings
- Configure default I/O optimization settings
- Default file pool I/O optimization settings
- Modify a file pool policy
- Prioritize a file pool policy
- Create a file pool policy from a template
- Delete a file pool policy
- Monitoring storage pools
- Pool-based tree reporting in FSAnalyze (FSA)
- System jobs
- Networking
- Networking overview
- About the internal network
- About the external network
- Configuring the internal network
- Managing groupnets
- Managing external network subnets
- Managing IP address pools
- Managing SmartConnect Settings
- Managing network interface members
- Managing node provisioning rules
- Managing routing options
- Managing DNS cache settings
- Managing TCP ports
- NFS3oRDMA
- Partitioned Performance Monitoring
- Antivirus
- Antivirus overview
- On-access scanning
- ICAP Antivirus policy scanning
- Individual file scanning using ICAP
- WORM files and antivirus
- Antivirus scan reports
- ICAP servers
- CAVA servers
- ICAP threat responses
- CAVA threat responses
- Configuring global antivirus settings
- Managing ICAP servers
- Managing CAVA servers
- Add and connect to a CAVA server
- List or view CAVA servers
- Modify CAVA connection settings
- Disable connection to a CAVA server
- Delete connection to a CAVA server
- Add a job to a CAVA server
- View an IP pool in a CAVA server
- Create an Active Directory authentication provider for the AvVendor access zone
- Update the role in the access zone
- Scan CloudPool files in a CAVA server
- Create an antivirus policy
- Managing ICAP antivirus policies
- Managing antivirus scans
- Managing antivirus threats
- Managing antivirus reports
- File System Explorer
PowerScale OneFS Web Administration Guide
Create an NFS export
You can create NFS exports to share files in OneFS with UNIX-based clients.
The NFS service runs in user space and distributes the load across all nodes in the cluster. This enables the service to be highly scalable and support thousands of exports. As a best practice, however, you should avoid creating a separate export for each client on your network. It is more efficient to create fewer exports, and to use access zones and user mapping to control access.
- Click .
- Click Create export.
-
For the
Directory paths setting, type or browse to the directory that you want to export.
You can add multiple directory paths by clicking Add another directory path for each additional path.
- Optional: In the Description field, type a comment that describes the export.
- Optional:
Specify the NFS clients that are allowed to access the export.
You can specify NFS clients in any or all of the client fields, as described in the following table. A client can be identified by host name, IPv4 or IPv6 address, subnet, or netgroup. IPv4 addresses mapped into the IPv6 address space are translated and stored as IPv4 addresses to remove any possible ambiguities.
You can specify multiple clients in each field by typing one entry per line.
NOTE If you do not specify any clients, all clients on the network are allowed access to the export. If you specify clients in any of the rule fields, such as Always read-only clients, the applicable rule is only applied to those clients. However, adding an entry to Root clients does not stop other clients from accessing the export.If you add the same client to more than one list and the client is entered in the same format for each entry, the client is normalized to a single list in the following order of priority:
- Root clients
- Always read-write clients
- Always read-only clients
- clients
Setting Description Clients Specifies one or more clients to be allowed access to the export. Access level is controlled through export permissions. Always read-write clients Specifies one or more clients to be allowed read/write access to the export regardless of the export's access-restriction setting. This is equivalent to adding a client to the Clients list with the Restrict access to read-only setting cleared. Always read-only clients Specifies one or more clients to be allowed read-only access to the export regardless of the export's access-restriction setting. This is equivalent to adding a client to the Clients list with the Restrict access to read-only setting selected. root clients Specifies one or more clients to be mapped as root for the export. This setting enables the following client to mount the export, present the root identity, and be mapped to root. Adding a client to this list does not prevent other clients from mounting if clients, read-only clients, and read-write clients are unset. -
Select the export permissions setting to use:
- Enable read-write acces
- Restrict actions to read-only.
-
Specify user and group mappings.
Select Use custom to limit access by mapping root users or all users to a specific user and group ID. For root squash, map root users to the username nobody.
-
Locate the
Security types setting. Set the security type to use. UNIX is the default setting.
Click Use custom to select one or more of the following security types:
- UNIX (system)
- Kerberos5
- Kerberos5 Integrity
- Kerberos5 Privacy
NOTE The default security flavor (UNIX) relies upon having a trusted network. If you do not completely trust everything on your network, then the best practice is to choose a Kerberos option. If the system does not support Kerberos, it will not be fully protected because NFS without Kerberos trusts everything on the network and sends all packets in cleartext. If you cannot use Kerberos, you should find another way to protect the Internet connection. At a minimum, do the following:- Limit root access to the cluster to trusted host IP addresses.
- Make sure that all new devices that you add to the network are trusted. Methods for ensuring trust include, but are not limited to, the following:
- Use an IPsec tunnel. This option is very secure because it authenticates the devices using secure keys.
- Configure all of the switch ports to go inactive if they are physically disconnected. In addition, make sure that the switch ports are MAC limited.
-
Specify file name limit. 255 B is the default setting.
Click Use custom to set your preferred file name limit.
-
Click
Advanced settings to configure advanced NFS export settings.
Do not change the advanced settings unless it is necessary and you fully understand the consequences of these changes.
- Click Create export.
The new NFS export is created and shown at the top of the
NFS Exports list.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\