File Access Flashcards
NAS
A distributed file system that enables users to access resources as though on the client system.
NFS or SMB.
NFS exports directories (client issuse mount)
SMB provides shares
Storage VM with FlexVol Volumes
Files are serviced from a storage VM (SVM). Can contain on or more FlexVol Voolumes.
NetAPp FlexVol volume
- Representation of the file system in a NAS envionment
- Container for files in a NAS environment
Qtree
- Partitioning of FlexVol Volumes into smaller segments
- management of quotas, security style, and CIFS oplock settings
NAS data LIFs
- Mutliprotcol (NFS, CIFS, or both)
- Failover or migration to any node in the cluster.
Storage VM with FlexGroup Volumes
- Is a scale-out file system that is contracted from a group of FlexVol volumes
- Meets capacity, performance, and simplicity requirements
- Looks and feels like a normal FlexVol volume to storage administrators and clients
Security styles
- Security Style determines the type of permissions for user authorisation and audit.
- ONTAP software is multiprotocol.If a volume uses the UNIX security style, SMB clients can access data. ONTAP uses NFS
security natively
FlexVol Volumes have 3 security styles.
Unix (typically used to manage and audit for unix clients; supports NFSv3 v4.
NTFS (typically used to manage and audit for windows clients that use SMB (supports NTFS ACL permissions)
Mixed (can be used when clients are allowed to change permissions. Supports the above protocols.
Security Style Review
Security styles do not determine which client types can or cannot access data.
Security styles do not limit the client types that can access data
The security style you choose depends on how you want to report, audit access, and modify permissions
Use the NTFS style , if you want Windows clients to modify the ACL
Use Unix Style if you want to modify NFSv3 or v4
Netapp does not recommend the mixed security style unless you have a specific use case.
Controlling file access
Ontap performs authentication (verify my identity with a trusted source).
After authentication the user is verifyied against the file permissions.
Ontap must communicate with Active Directory or LDAP.
Storage VM root Volume and Junctions
Storage VM root Volume
- Created when the storage VM is created
- Serves as an entry point into the storage VM namespace for NAS clients
- Never store user data in the VM root space
Namespace
- It uses junctions to join volumes together, which enables the volumes to appear in the namespace.
- The top of the file system, or root, is represented by a slash (/)
- Junctions are created to a single location
Namespace architecture - standalone volumes
Every volumes has an insertion point to the root and are directly of the root.
Volume = Mount Path
Root = /
Pro1 = /pro1
Pro2 = /pro2
Pro3 = /pro3
Namespace architecture - Branched Trees
Has multiple insertion points
Volume = Mount path
Root = /
Acct = /acct
Projects = /projects
Pro1 = /projects/pro1
Pro2 = /projects/pro2
Namespace architecture: Volume Move
Is a logical relationship between the volume and the junctions.
Volumes can connect even if moved to another location (and can go over the cluster interconnect).
Namespace protection
To ensure it is protected use a load-sharing mirror copy.
If the SVM root volume becomes unavailable you can promote a load sharing mirror volume.
Or an administrator can restore a data protection copy. Or create a new root volume to give access to the client.
