... | ... | @@ -72,7 +72,7 @@ Also, as a DM, I can add Data Project Managers (DPM) to the existing projects. |
|
|
|
|
|
UIS have issued vouchers to the Institutions' Data Owners to use for the set-up of the initial quota of non-chargeable storage space. If you have a voucher, you will be able to redeem it in the [Self-Service Gateway / Buy IFS Storage](https://selfservice.uis.cam.ac.uk/storage/IFS/) instead of specifying a purchase order.
|
|
|
|
|
|
* Vouchers can only be used once and will expire by default six months from their issue date. The validity of the voucher (i.e., the period between the issue date and expiry date) can be customised according to user's requirements. Once the voucher has been redeemed, space can be allocated.
|
|
|
* Vouchers can only be used once and will expire by default six months from their issue date. The validity of the voucher (i.e., the period between the issue date and expiry date) can be customised according to the user's requirements. Once the voucher has been redeemed, space can be allocated.
|
|
|
* A purchase order will need to be raised to pay for any additional space for a duration of 1, 3, or 5 years beyond the initial free allocation covered by the voucher.
|
|
|
* The free space granted to University institutions will be extended in duration automatically every year. Free space is provided to the colleges for the first year only and would need to be renewed with a purchase order after one year.
|
|
|
* UIS will generate and provide the institutions with vouchers of the initial free space.
|
... | ... | @@ -301,7 +301,7 @@ Define the following attributes on that page and click the **Save** button: |
|
|
|
|
|
**Note:** Windows versions 7 and older do not support SMB encryption, so you may need to disable it. It will be possible to disable SMB encryption using the portal at least until the end of support of Windows 7 in January 2020.
|
|
|
|
|
|
Once the Storage Project has been created you will see a confirmation message on screen.
|
|
|
Once the Storage Project has been created you will see a confirmation message.
|
|
|
|
|
|
<kbd><img src="uploads/2d8851c5fd681a9554c559f900f35a06/image022.png"></kbd>
|
|
|
|
... | ... | @@ -321,7 +321,7 @@ You can also create an NFS project by setting the **Project type** to **NFS**. |
|
|
|
|
|
<kbd><img src="uploads/9d2c19ee1f9dcb3275c701956c9acf29/image026.png"></kbd>
|
|
|
|
|
|
The project has been created. Note that Data Project Manager does not exist in NFS projects.
|
|
|
The project has been created. Note that a Data Project Manager does not exist in NFS projects.
|
|
|
|
|
|
<kbd><img src="uploads/c6df48582a72df3800413fd1dfde04f4/image027.png"></kbd>
|
|
|
|
... | ... | @@ -431,7 +431,7 @@ The `servicePrincipalName` would eventually look like the following: |
|
|
|
|
|
<kbd><img src="uploads/2e0c8b7b5339639b6fc9d2ff093e69b1/cifs-spn.PNG"></kbd>
|
|
|
|
|
|
If you are using `BLUE` AD, please contact us to update your CIFS account machine.
|
|
|
If you are using `BLUE` AD, please contact us to update your CIFS server machine account.
|
|
|
|
|
|
## NFSv4 / Kerberos Client configuration
|
|
|
|
... | ... | @@ -449,7 +449,7 @@ A::EVERYONE@:rwaDxtTnNcy |
|
|
|
|
|
To learn about the NFSv4 permissions, please see the [NFSv4 ACLs documentation](https://linux.die.net/man/5/nfs4_acl).
|
|
|
|
|
|
In an IFS storage account, Data Owner (DO) and Data Managers' (DMs) Kerberos identities are mapped to the UNIX user root. So, they are the Owner of all the NFS shares created in the same account. Obviously, if a DO or DM is deleted, their krb-unix name mapping will be dropped. And if a new DO is assigned or a new DM is added, they will automatically get the krb-unix name mapping to root. In addition, machine accounts trying to mount or access the share are mapped to the predefined UNIX user pcuser (User ID: 65535, Primary Group ID: 65535). Otherwise, implicit krb-unix name mapping takes place. Note that the UNIX users root and pcuser are defined locally in the Vserver namespace. [Vserver](https://library.netapp.com/ecmdocs/ECMP1136871/html/GUID-E643017F-041B-4ECC-BEA1-E4D80E26A47E.html) is the NetApp (our backend storage system) object that is associated to a given storage account.
|
|
|
In an IFS storage account, Data Owner (DO) and Data Managers' (DMs) Kerberos identities are mapped to the UNIX user root. So, they are the Owner of all the NFS shares created in the same account. Obviously, if a DO or DM is deleted, their krb-unix name mapping will be dropped. And if a new DO is assigned or a new DM is added, they will automatically get the krb-unix name mapping to root. In addition, machine accounts trying to mount or access the share are mapped to the predefined UNIX user pcuser (User ID: 65535, Primary Group ID: 65535). Otherwise, implicit krb-unix name mapping takes place. Note that the UNIX users root and pcuser are defined locally in the Vserver namespace. [Vserver](https://library.netapp.com/ecmdocs/ECMP1136871/html/GUID-E643017F-041B-4ECC-BEA1-E4D80E26A47E.html) is the NetApp (our backend storage system) object that is associated with a given storage account.
|
|
|
|
|
|
Example: wh999@DOMAIN is a DO, wh998@DOMAIN is a DM. machine$@DOMAIN is a machine account (Computer) and foo@DOMAIN is a User. Here is how they will be mapped:
|
|
|
|
... | ... | |