Dell EMC PowerStore Configuring NFS Exports 2.x June 2021 Rev.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2020 - 2021 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents Additional Resources.....................................................................................................................4 Chapter 1: Overview...................................................................................................................... 5 NFS support..........................................................................................................................................................................5 About secure NFS.........................
Preface As part of an improvement effort, revisions of the software and hardware are periodically released. Some functions that are described in this document are not supported by all versions of the software or hardware currently in use. The product release notes provide the most up-to-date information about product features. Contact your service provider if a product does not function properly or does not function as described in this document.
1 Overview This chapter includes the following information. Topics: • • • NFS support About secure NFS Planning considerations NFS support PowerStore T model supports NFSv3 and NFSv4. It also supports secure NFS with Kerberos, for strong authentication. While PowerStore T model supports most of the NFSv4 and v4.1 functionality described in the relevant RFCs, directory delegation and pNFS are not supported.
Planning considerations Review the following information before configuring NFS exports: File storage support is only available with PowerStore T model appliances. File storage is not supported with PowerStore X model appliances. NAS server networks Creating network VLANs and IP addresses is optional for NAS servers. If you plan to create a VLAN for NAS servers, the VLAN cannot be shared with the PowerStore T model management, or storage networks.
2 Create NAS servers This chapter includes the following information. Topics: • • • • • Overview of configuring NAS servers Create a NAS server for NFS (UNIX-only) file systems Configure NAS Server Naming Services Configure NAS server Sharing Protocols Configure Kerberos for NAS server Security Overview of configuring NAS servers Before you can provision file storage on the storage system, a NAS server must be running on the system.
Wizard Screen Description ● At least one NTP server must be configured on the PowerStore appliance to synchronize the date and time. It is recommended that you set up a minimum of two NTP servers per domain to avoid a single point of failure.
Configure the NAS server UNIX Directory Service for NIS You can configure NAS server UNIX Directory Service (UDS) for NIS. 1. Select Storage > NAS Servers > [nas server] > Naming Services > UDS card. 2. If Disabled is on, slide the button to change to Enabled. 3. In the Unix Directory Service drop down, select NIS. 4. Enter an NIS Domain and add the IP Addresses for the NIS servers. 5. Select Apply.
Option Description NOTE: If you use NFS secure with a custom realm, you have to upload a keytab file. 7. Select Retrieve Current Schema to download the ldap.conf file. 8. Edit and save the ldap.conf file. 9. Select Upload New Schema to upload the updated ldap.conf file. 10. Optionally, enable LDAP Secure (Use SSL), and upload the CA certificate.
3. Enable either NFSv3, NFSv4, or both. 4. Optionally, disable, or enable Secure NFS. Extended UNIX credentials are also enabled. 5. Enable or disable Extend Unix credentials. NOTE: Secure NFS supports NFS credentials with more than 16 groups, which is equivalent to the extended UNIX credentials option. ● If this field is selected, the NAS server uses the User ID (UID) to obtain the primary Group ID (GID) and all group GIDs to which it belongs.
Configuring Kerberos for Secure NFS If you are configuring Kerberos for Secure NFS, be aware of the following: ● If configuring the NAS server for NFS only, you must configure the NAS server with a custom realm. If you have configured the NAS server with NFS and SMB, you can use either the AD or custom realm. ● Using LDAPS or LDAP with Kerberos is recommended for increased security. ● A DNS server must be configured at the NAS-server level.
Configure Kerberos security for the NAS server You can configure the NAS server with Kerberos security. If configuring for NFS, DNS and UDS must be configured for the NAS server and all members of the Kerberos realm must be registered in the DNS server. If using a NAS server that is configured for both SMB and NFS, be sure to add the SMB server to the AD domain. 1. Select Storage > NAS Servers > [nas server] > Security > Kerberos. 2. If Disabled is on, slide the button to change to Enabled. 3.
3 Configure NFS Exports This chapter includes the following information: Topics: • • • File systems and NFS Exports overview Create a file system for NFS exports Create an NFS export File systems and NFS Exports overview While creating File Systems and NFS Exports, it is helpful to note the following: ● A NAS server must be configured to support NFS protocol before creating a file system.
Option Description ● No Access — No access permitted to the storage resource or share. ● Read/Write — Hosts have permission to view the contents of the storage resource or share, but not to write to it. ● Read-Only — Hosts have permission to read and write to the NFS datastore or share. NOTE: ESXI hosts must have Read//Write access in order to mount an NFS datastore using NFSv4 with Kerberos NFS owner authentication.
● Local Path must correspond to an existing folder name within the file system that was created from the host-side. ● The value specified in the NFS Export Details, Name field, along with the NAS server name, constitutes the name by which hosts access the export. ● NFS export names must be unique at the NAS server level per protocol. However, you can specify the same name for an SMB share, and NFS exports. 4. Once you approve the settings, click Create NFS Export.
4 Additional NAS Server Features This chapter includes the following. Topics: • • • Set the preferred UNIX Directory Service Configure NAS server networks Enable NDMP Protection and Events Set the preferred UNIX Directory Service After you have created a NAS server, you can set the preferred UNIX Directory Services (UDS) search order for user access. 1. Select Storage > NAS Servers. 2. Select the checkbox in the Name column to the left of the NAS server. 3. Click Modify. 4.
Configure routes for the file interface for external connections You can configure the routes that the file system uses for external connections. You can use the Ping option from the File Interface card to determine if the file interface has access to the external resource. Usually, the NAS server interfaces are configured with a default gateway, which is used to route requests from the NAS server interface to external services.
5 More file system features This chapter includes the following information. Topics: • File system quotas File system quotas You can track and limit drive space consumption by configuring quotas for file systems at the file system or directory level. You can enable or disable quotas at any time, but it is recommended that you enable or disable them during non-peak production hours to avoid impacting file system operations. NOTE: You cannot enable quotas for read-only file systems.
Quota Grace Period The Quota Grace Period, provides the ability to set a specific grace period to each tree quota on a file system. The grace period counts down the time between the soft and hard limit, and alerts the user about the time remaining before the hard limit is met. If the grace period expires you can not write to the file system until more space has been added, even if the hard limit has not been met. You can set an expiration date for the Grace Period.
Add a user quota onto a quota tree Create a user quota on a quota tree to limit or track the amount of storage space that individual users consume on that tree. When you create user quotas on a tree, you can to use the default grace period and default hard and soft limits that are set at the tree-quota level. 1. Select Storage > File Systems > [file system] > Quotas > Tree Quotas. 2. Select a path, and click Add User Quota. 3. On the Add User Quota screen, provide the requested information.