|
|
## Table of contents
|
|
|
|
|
|
[[_TOC_]]
|
|
|
|
|
|
## Introduction
|
|
|
|
|
|
### About the Institutional File Storage service
|
|
|
|
|
|
The Institutional File Storage (IFS) service allows institutions to store and share everyday documents with colleagues. This is aimed at desktop and laptop users who will have access to the storage via a mapped drive on their computer. The data is safely stored on an industry-standard hardware platform in the University's central data centres to protect against data loss. For more information, see [https://help.uis.cam.ac.uk/institutional-file-storage](https://help.uis.cam.ac.uk/institutional-file-storage).
|
|
|
The Institutional File Storage (IFS) service allows institutions to store and share everyday documents with colleagues. This is aimed at desktop and laptop users who will have access to the storage via a mapped drive on their computer. The data is safely stored on an industry-standard hardware platform in the University's central data centres to protect against data loss. For more information, see https://help.uis.cam.ac.uk/institutional-file-storage.
|
|
|
|
|
|
### About this user guide
|
|
|
|
|
|
This document contains step-by-step instructions for the following:
|
|
|
|
|
|
* Provisioning your storage space, using a voucher or a purchase order
|
|
|
* Configuring Storage services.
|
|
|
* Creating Storage Projects (i.e. SMB or NFS shares)
|
|
|
* Modifying storage project, i.e. enable/disable SMB encryption and increase the size
|
|
|
* Deleting a project
|
|
|
* Managing Data Owner, Data Managers, and Data Project Managers
|
|
|
* Extending storage capacity
|
|
|
* Extending the storage duration.
|
|
|
* Provisioning your storage space, using a voucher or a purchase order
|
|
|
* Configuring Storage services.
|
|
|
* Creating Storage Projects (i.e. SMB or NFS shares)
|
|
|
* Modifying storage project, i.e. enable/disable SMB encryption and increase the size
|
|
|
* Deleting a project
|
|
|
* Managing Data Owner, Data Managers, and Data Project Managers
|
|
|
* Extending storage capacity
|
|
|
* Extending the storage duration.
|
|
|
|
|
|
### User support
|
|
|
|
... | ... | @@ -28,27 +29,27 @@ All support requests and feedback should be directed to the dedicated support em |
|
|
|
|
|
Institutional IFS administrators may have one of three roles:
|
|
|
|
|
|
* Data Owner: Assigns space to institutions and oversees institutional use of the IFS. Can delegate most responsibilities to Data Managers.
|
|
|
* Data Manager: Manages IFS space on behalf of a Data Owner.
|
|
|
* Data Project Manager: Responsible for the day-to-day management of the data at the project level. This role is not applicable to NFS shares as full control permissions cannot be set at the NFS share level. The DO or DM, which have full control permission, can give access and set permissions to DPMs manually.
|
|
|
|
|
|
| | DO | DM | DPM |
|
|
|
|---------------------------------------------------------------------------------------------------------|-----|-----|---------------------------|
|
|
|
| **Responsibilities** |
|
|
|
| Can enable and disable user access | :heavy_check_mark: | :heavy_check_mark: | |
|
|
|
| Appoints Data Owner, Data Managers and Data Project Managers | :heavy_check_mark: | :heavy_check_mark: | |
|
|
|
| Sets up initial free spaces for institutions | :heavy_check_mark: | | |
|
|
|
| Validates purchase orders to purchase more space | :heavy_check_mark: | :heavy_check_mark: | |
|
|
|
| Can extend storage capacity and duration | :heavy_check_mark: | :heavy_check_mark: | |
|
|
|
| Can increase storage project space | :heavy_check_mark: | :heavy_check_mark: | |
|
|
|
| Day-to-day management of the data | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
|
|
|
| Acquire funding and raise a purchase order to purchase more space | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
|
|
|
| Maintains compliance with the information management guidelines and requirements that apply to the data | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
|
|
|
| Remove the project data after the storage licence expires | :heavy_check_mark: | :heavy_check_mark: | |
|
|
|
| Antivirus scanning of the data stored on IFS | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
|
|
|
| **Permissions** |
|
|
|
| Full control permissions on all the storage projects (i.e. SMB/NFS shares) | :heavy_check_mark: | :heavy_check_mark: | |
|
|
|
| Can be given full control permissions at the project level | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: (only for SMB shares) |
|
|
|
* Data Owner: Assigns space to institutions and oversees institutional use of the IFS. Can delegate most responsibilities to Data Managers.
|
|
|
* Data Manager: Manages IFS space on behalf of a Data Owner.
|
|
|
* Data Project Manager: Responsible for the day-to-day management of the data at the project level. This role is not applicable to NFS shares as full control permissions cannot be set at the NFS share level. The DO or DM, which have full control permission, can give access and set permissions to DPMs manually.
|
|
|
|
|
|
| | DO | DM | DPM |
|
|
|
|--|----|----|-----|
|
|
|
| **Responsibilities** | | | |
|
|
|
| Can enable and disable user access | :heavy_check_mark: | :heavy_check_mark: | |
|
|
|
| Appoints Data Owner, Data Managers and Data Project Managers | :heavy_check_mark: | :heavy_check_mark: | |
|
|
|
| Sets up initial free spaces for institutions | :heavy_check_mark: | | |
|
|
|
| Validates purchase orders to purchase more space | :heavy_check_mark: | :heavy_check_mark: | |
|
|
|
| Can extend storage capacity and duration | :heavy_check_mark: | :heavy_check_mark: | |
|
|
|
| Can increase storage project space | :heavy_check_mark: | :heavy_check_mark: | |
|
|
|
| Day-to-day management of the data | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
|
|
|
| Acquire funding and raise a purchase order to purchase more space | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
|
|
|
| Maintains compliance with the information management guidelines and requirements that apply to the data | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
|
|
|
| Remove the project data after the storage licence expires | :heavy_check_mark: | :heavy_check_mark: | |
|
|
|
| Antivirus scanning of the data stored on IFS | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
|
|
|
| **Permissions** | | | |
|
|
|
| Full control permissions on all the storage projects (i.e. SMB/NFS shares) | :heavy_check_mark: | :heavy_check_mark: | |
|
|
|
| Can be given full control permissions at the project level | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: (only for SMB shares) |
|
|
|
|
|
|
## Managing DO, DM, and DPM
|
|
|
|
... | ... | @@ -58,13 +59,13 @@ As a DO, to delete a DM, go to **Configure the licence** page, then delete the D |
|
|
|
|
|
Example: delete the DM wh997.
|
|
|
|
|
|
<kbd><img src="uploads/d2cc08b1c5331a60e74e5df97e15de10/image031.png"></kbd>
|
|
|
<kbd>![](uploads/d2cc08b1c5331a60e74e5df97e15de10/image031.png)</kbd>
|
|
|
|
|
|
As a DO, to change the DO (themselves), go to **Configure the license** page, delete the DO wh330 and assign a new one, e.g., wh998\. Then, click **Save**
|
|
|
As a DO, to change the DO (themselves), go to **Configure the license** page, delete the DO wh330 and assign a new one, e.g., wh998. Then, click **Save**
|
|
|
|
|
|
<kbd><img src="uploads/8da500ede96539449f0be95e6f787c46/image032.png"></kbd>
|
|
|
<kbd>![](uploads/8da500ede96539449f0be95e6f787c46/image032.png)</kbd>
|
|
|
|
|
|
<kbd><img src="uploads/071da10deafeb92c5d6d38970a92ac2d/image033.PNG"></kbd>
|
|
|
<kbd>![](uploads/071da10deafeb92c5d6d38970a92ac2d/image033.PNG)</kbd>
|
|
|
|
|
|
Also, as a DM, I can add Data Project Managers (DPM) to the existing projects.
|
|
|
|
... | ... | @@ -72,10 +73,10 @@ Also, as a DM, I can add Data Project Managers (DPM) to the existing projects. |
|
|
|
|
|
UIS have issued vouchers to the Institutions' Data Owners to use for the set-up of the initial quota of non-chargeable storage space. If you have a voucher, you will be able to redeem it in the [Self-Service Gateway / Buy IFS Storage](https://selfservice.uis.cam.ac.uk/storage/IFS/) instead of specifying a purchase order.
|
|
|
|
|
|
* Vouchers can only be used once and will expire by default six months from their issue date. The validity of the voucher (i.e., the period between the issue date and expiry date) can be customised according to the user's requirements. Once the voucher has been redeemed, space can be allocated.
|
|
|
* A purchase order will need to be raised to pay for any additional space for a duration of 1, 3, or 5 years beyond the initial free allocation covered by the voucher.
|
|
|
* The free space granted to University institutions will be extended in duration automatically every year. Free space is provided to the colleges for the first year only and would need to be renewed with a purchase order after one year.
|
|
|
* UIS will generate and provide the institutions with vouchers of the initial free space.
|
|
|
* Vouchers can only be used once and will expire by default six months from their issue date. The validity of the voucher (i.e., the period between the issue date and expiry date) can be customised according to the user's requirements. Once the voucher has been redeemed, space can be allocated.
|
|
|
* A purchase order will need to be raised to pay for any additional space for a duration of 1, 3, or 5 years beyond the initial free allocation covered by the voucher.
|
|
|
* The free space granted to University institutions will be extended in duration automatically every year. Free space is provided to the colleges for the first year only and would need to be renewed with a purchase order after one year.
|
|
|
* UIS will generate and provide the institutions with vouchers of the initial free space.
|
|
|
|
|
|
Example of an IFS voucher:
|
|
|
|
... | ... | @@ -89,195 +90,194 @@ Voucher value and validity can be verified using [Voucher tool](https://rjw57.gi |
|
|
|
|
|
The steps to set up a storage account requires work by the DO/DM as well as the UIS Networks team. The steps are as follows:
|
|
|
|
|
|
| Action | Responsible party |
|
|
|
|----------------------------------------------------|--------------------------------------|
|
|
|
| Obtain the space via the IFS portal (see [Obtain the space via the IFS portal](#get-space)) | Institution |
|
|
|
| Configure local institution firewall (see [Firewall rules configuration](#firewall-config)) | Institution |
|
|
|
| Port block removal (see [Firewall rules configuration](#firewall-config)) | UIS Networks team and/or Institution |
|
|
|
| Configure storage services (see [Services configuration](#svc-config)) | Institution |
|
|
|
| Action | Responsible party |
|
|
|
|--------|-------------------|
|
|
|
| Obtain the space via the IFS portal (see [Obtain the space via the IFS portal](#get-space)) | Institution |
|
|
|
| Configure local institution firewall (see [Firewall rules configuration](#firewall-config)) | Institution |
|
|
|
| Port block removal (see [Firewall rules configuration](#firewall-config)) | UIS Networks team and/or Institution |
|
|
|
| Configure storage services (see [Services configuration](#svc-config)) | Institution |
|
|
|
|
|
|
## Provisioning your IFS storage space
|
|
|
|
|
|
### <a name="firewall-config"></a> Firewall rules configuration
|
|
|
### Firewall rules configuration
|
|
|
|
|
|
Before you can provision storage projects, you will need to configure DNS, SMB/CIFS, NFS and Kerberos services that are needed to access and use your storage space. The Self-Service Gateway portal provides you with features to do so, but as a prerequisite, you will need to make sure that the IFS service can communicate with your local DNS Name Servers, Active Directory and Kerberos services by applying the firewall rules on your institutional firewall.
|
|
|
|
|
|
| Service | Firewall rules |
|
|
|
|-------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|
|
|
|
| [DNS](https://library.netapp.com/ecmdocs/ECMP1155586/html/GUID-D052D155-EF55-4D19-A70F-B9A8FA86A6D3.html) | Required by SMB/NFS shares.<br>Connections from IFS LIF subnet 10.128.2.0/23 on ports: 53 (TCP/UDP) |
|
|
|
| Service | Firewall rules |
|
|
|
|---------|----------------|
|
|
|
| [DNS](https://library.netapp.com/ecmdocs/ECMP1155586/html/GUID-D052D155-EF55-4D19-A70F-B9A8FA86A6D3.html) | Required by SMB/NFS shares.<br>Connections from IFS LIF subnet 10.128.2.0/23 on ports: 53 (TCP/UDP) |
|
|
|
| [Kerberos and LDAP](https://library.netapp.com/ecmdocs/ECMP1155586/html/GUID-9165F61F-5B4E-4955-ACFF-6D919F238255.html) | Required by NFS and SMB shares.<br>Connections from IFS LIF subnet 10.128.2.0/23 on ports: 88 (TCP/UDP), 750 (TCP/UDP), and 389 and 636 (TCP) |
|
|
|
| [SMB/CIFS](https://library.netapp.com/ecmdocs/ECMP1368834/html/GUID-4645E16A-6CB1-4A71-8420-05749894E857.html) | Required by SMB/CIFS shares.<br>Connections to/from IFS LIF subnet 10.128.2.0/23 on ports: 137 and 138 (UDP), and 139 and 445 (TCP) |
|
|
|
| [NFS](https://library.netapp.com/ecmdocs/ECMP1155586/html/GUID-C764CE34-6F5B-42BC-B04B-7001744A44A3.html) | Required by NFS shares.<br>Connections to IFS LIF subnet 10.128.2.0/23 on ports: 111 (TCP/UDP) and 2049 (TCP/UDP) |
|
|
|
|
|
|
There are ACL blocks on switches into some institutions blocking traffic on port 445. To remove this block from your institutions for the IFS, please raise a ticket with the UIS Service Desk ([service-desk@uis.cam.ac.uk](mailto:service-desk@uis.cam.ac.uk)).
|
|
|
| [SMB/CIFS](https://library.netapp.com/ecmdocs/ECMP1368834/html/GUID-4645E16A-6CB1-4A71-8420-05749894E857.html) | Required by SMB/CIFS shares.<br>Connections to/from IFS LIF subnet 10.128.2.0/23 on ports: 137 and 138 (UDP), and 139 and 445 (TCP) |
|
|
|
| [NFS](https://library.netapp.com/ecmdocs/ECMP1155586/html/GUID-C764CE34-6F5B-42BC-B04B-7001744A44A3.html) | Required by NFS shares.<br>Connections to IFS LIF subnet 10.128.2.0/23 on ports: 111 (TCP/UDP) and 2049 (TCP/UDP) |
|
|
|
|
|
|
If you use the UIS Managed Firewall Service, please contact the UIS Service Desk ([service-desk@uis.cam.ac.uk](mailto:service-desk@uis.cam.ac.uk)) to ensure the appropriate firewall rules are put in place. This must be done by the DO.
|
|
|
There are ACL blocks on switches into some institutions blocking traffic on port 445. To remove this block from your institutions for the IFS, please raise a ticket with the UIS Service Desk (service-desk@uis.cam.ac.uk).
|
|
|
|
|
|
### <a name="get-space"></a> Obtain the space via the IFS portal
|
|
|
If you use the UIS Managed Firewall Service, please contact the UIS Service Desk (service-desk@uis.cam.ac.uk) to ensure the appropriate firewall rules are put in place. This must be done by the DO.
|
|
|
|
|
|
1. Go to the Self-Service Gateway portal: [https://selfservice.uis.cam.ac.uk/](https://selfservice.uis.cam.ac.uk/)
|
|
|
### Obtain the space via the IFS portal
|
|
|
|
|
|
1. Go to the Self-Service Gateway portal: https://selfservice.uis.cam.ac.uk/
|
|
|
2. In the **Institutional File Store** section (bottom left) click the **Choose** button:
|
|
|
|
|
|
<kbd><img src="uploads/687a58af96e851f4de3b13cf349e02e3/image004.png"></kbd>
|
|
|
<kbd>![](uploads/687a58af96e851f4de3b13cf349e02e3/image004.png)</kbd>
|
|
|
|
|
|
3. Enter how many terabytes you want and click the **Get Quote** button. You will be redirected to the payment page:
|
|
|
|
|
|
<kbd><img src="uploads/687030863771ec5bbf2dfaae07069770/image005.png"></kbd>
|
|
|
<kbd>![](uploads/687030863771ec5bbf2dfaae07069770/image005.png)</kbd>
|
|
|
|
|
|
4. [_Example demonstrates payment by UIS-provided voucher – you can also pay by Purchase Order_] Click the **Voucher** tab:
|
|
|
4. \[_Example demonstrates payment by UIS-provided voucher – you can also pay by Purchase Order_\] Click the **Voucher** tab:
|
|
|
|
|
|
<kbd><img src="uploads/1062d587aa13c769c553f2b96708a2cb/image006.png"></kbd>
|
|
|
<kbd>![](uploads/1062d587aa13c769c553f2b96708a2cb/image006.png)</kbd>
|
|
|
|
|
|
5. Paste in your voucher code and click the **Submit** button:
|
|
|
|
|
|
<kbd><img src="uploads/2277b27eaa7dff647eb43e07899720be/image007.png"></kbd>
|
|
|
<kbd>![](uploads/2277b27eaa7dff647eb43e07899720be/image007.png)</kbd>
|
|
|
|
|
|
6. The voucher is validated and you will be redirected to the confirmation page. Click the **Continue** button:
|
|
|
|
|
|
<kbd><img src="uploads/82a9df8e9999bcffabdec395c7859196/image008.png"></kbd>
|
|
|
<kbd>![](uploads/82a9df8e9999bcffabdec395c7859196/image008.png)</kbd>
|
|
|
|
|
|
You will be redirected to _Configure the licence_ page to set the DO and DM(s). The DO will receive a confirmation email containing a link to accept the Terms & Conditions:
|
|
|
|
|
|
<kbd><img src="uploads/f62747df447c7bbbc5b0e76d645b75b3/image009.png"></kbd>
|
|
|
<kbd>![](uploads/f62747df447c7bbbc5b0e76d645b75b3/image009.png)</kbd>
|
|
|
|
|
|
Click the **I agree** button to accept the Terms & Conditions:
|
|
|
|
|
|
<kbd><img src="uploads/2fcceb467e75341e8caa9f10164ccbeb/image010.png"></kbd>
|
|
|
<kbd>![](uploads/2fcceb467e75341e8caa9f10164ccbeb/image010.png)</kbd>
|
|
|
|
|
|
You can also add a **Data Manager** by visiting the **Licence page** by clicking **View Licence**:
|
|
|
|
|
|
<kbd><img src="uploads/3e92ece5c6d965adf510d4f13d235f7a/image011.png"></kbd>
|
|
|
<kbd>![](uploads/3e92ece5c6d965adf510d4f13d235f7a/image011.png)</kbd>
|
|
|
|
|
|
Click **Save**. Then the DM should accept the T&Cs so that their state moves to **Ready**:
|
|
|
|
|
|
<kbd><img src="uploads/c4a19c22f4f6dce0a822a0cb3493c0c9/image012.png"></kbd>
|
|
|
<kbd>![](uploads/c4a19c22f4f6dce0a822a0cb3493c0c9/image012.png)</kbd>
|
|
|
|
|
|
Meanwhile, the DO and DM(s) will receive a confirmation email containing a link to accept the Terms & Conditions. See the email below as an example:
|
|
|
|
|
|
<kbd><img src="uploads/cd201754ba4d9970629aa41804bab7f5/image013.png"></kbd>
|
|
|
<kbd>![](uploads/cd201754ba4d9970629aa41804bab7f5/image013.png)</kbd>
|
|
|
|
|
|
## <a name="svc-config"></a> Services configuration
|
|
|
## Services configuration
|
|
|
|
|
|
The IFS needs to be aware of a number of services in order to provide shares to your institution. In order to create storage projects, the DO or DM should start with the Vserver Configuration. The [Vserver](https://library.netapp.com/ecmdocs/ECMP1136871/html/GUID-E643017F-041B-4ECC-BEA1-E4D80E26A47E.html) is a virtual storage server that resides in our storage backend and is associated with your storage account.
|
|
|
|
|
|
On the **My Account** page click **Vserver Configuration** to choose which service you wish to configure:
|
|
|
|
|
|
<kbd><img src="uploads/6a4876a192b1bf9c0bb05ab1ebd679fd/image014.png"></kbd>
|
|
|
<kbd>![](uploads/6a4876a192b1bf9c0bb05ab1ebd679fd/image014.png)</kbd>
|
|
|
|
|
|
Each tab in the screenshot below presents a form for a service configuration. You can also click on [**Configure All Services**](#sh-6-7) to configure all the services with BLUE Active Directory settings:
|
|
|
|
|
|
<kbd><img src="uploads/eda4b7d7a476d907bacc79ca164e90f1/image015.png"></kbd>
|
|
|
<kbd>![](uploads/eda4b7d7a476d907bacc79ca164e90f1/image015.png)</kbd>
|
|
|
|
|
|
The services to be configured are illustrated in the following table.
|
|
|
|
|
|
| Service | Notes|
|
|
|
|--------------------------------------|-----|
|
|
|
| DNS (see [DNS Service](#dns-service))| Required for NFS and SMB shares.|
|
|
|
| CIFS Server (see [CIFS Server](#cifs-server))| Required for NFS and SMB shares. Note that CIFS server must be configured if you want to bind the LDAP Client using the CIFS server credentials.|
|
|
|
| NFS Service (see [NFS Service](#nfs-service))| To configure the NFS server running on the Vserver. Required for NFS and SMB shares (NFS service is required to create export policy on the CIFS shares).|
|
|
|
| Kerberos Realm (see [Kerberos Realm](#krb-realm))| To enable Kerberos authentification for NFS clients. Only required for NFS shares. For Kerberos authentification against SMB shares, update the Service Principal Name (SPN) attribute of the CIFS machine account on your AD (e.g., using [ADSI Edit](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc773354(v=ws.10)?redirectedfrom=MSDN)) to contain the CIFS SPN whose format should be: cifs/_CIFS interface DNS name_. If your account is bound to BLUE AD, please let us know. |
|
|
|
| LDAP Client (see [LDAP Client](#ldap-client)) | To enable access the external LDAP servers. Only required for NFS shares.|
|
|
|
| Kerberos NFS Interface (see [Kerberos NFS Interface](#krb-nfs-iface)) | To enable Kerberos authentification for NFS. Only required for NFS shares.|
|
|
|
| Service | Notes |
|
|
|
|---------|-------|
|
|
|
| DNS (see [DNS Service](#dns-service)) | Required for NFS and SMB shares. |
|
|
|
| CIFS Server (see [CIFS Server](#cifs-server)) | Required for NFS and SMB shares. Note that CIFS server must be configured if you want to bind the LDAP Client using the CIFS server credentials. |
|
|
|
| NFS Service (see [NFS Service](#nfs-service)) | To configure the NFS server running on the Vserver. Required for NFS and SMB shares (NFS service is required to create export policy on the CIFS shares). |
|
|
|
| Kerberos Realm (see [Kerberos Realm](#krb-realm)) | To enable Kerberos authentification for NFS clients. Only required for NFS shares. For Kerberos authentification against SMB shares, update the Service Principal Name (SPN) attribute of the CIFS machine account on your AD (e.g., using [ADSI Edit](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc773354(v=ws.10)?redirectedfrom=MSDN)) to contain the CIFS SPN whose format should be: cifs/_CIFS interface DNS name_. If your account is bound to BLUE AD, please let us know. |
|
|
|
| LDAP Client (see [LDAP Client](#ldap-client)) | To enable access the external LDAP servers. Only required for NFS shares. |
|
|
|
| Kerberos NFS Interface (see [Kerberos NFS Interface](#krb-nfs-iface)) | To enable Kerberos authentification for NFS. Only required for NFS shares. |
|
|
|
|
|
|
### <a name="dns-service"></a> DNS Service
|
|
|
### DNS Service
|
|
|
|
|
|
This form allows you to create or modify the DNS configuration of the Vserver associated with your storage account.
|
|
|
|
|
|
Configuration parameters:
|
|
|
|
|
|
* DNS search domains: A list of DNS domains such as 'sales.bar.com'.
|
|
|
* DNS name servers: IPv4 addresses of name servers such as '131.111.8.37'.
|
|
|
* SMB interface DNS name: **populated automatically**.
|
|
|
* SMB interface IP address and netmask: **populated automatically**.
|
|
|
* NFS interface DNS name: **populated automatically.**
|
|
|
* NFS interface IP address and netmask: **populated automatically.**
|
|
|
* DNS search domains: A list of DNS domains such as 'sales.bar.com'.
|
|
|
* DNS name servers: IPv4 addresses of name servers such as '131.111.8.37'.
|
|
|
* SMB interface DNS name: **populated automatically**.
|
|
|
* SMB interface IP address and netmask: **populated automatically**.
|
|
|
* NFS interface DNS name: **populated automatically.**
|
|
|
* NFS interface IP address and netmask: **populated automatically.**
|
|
|
|
|
|
For instance, to configure the DNS service, click the **DNS Service** tab and choose between using the BLUE settings your own settings and click **Configure DNS Service**. The following screenshot shows what you see if you use BLUE settings.
|
|
|
|
|
|
<kbd><img src="uploads/a2d49d0391c58f4aaa5ca47a054cdcc2/image016.png"></kbd>
|
|
|
<kbd>![](uploads/a2d49d0391c58f4aaa5ca47a054cdcc2/image016.png)</kbd>
|
|
|
|
|
|
After a few seconds, a message should be displayed to indicate that the configuration has succeeded. Otherwise, you will need to check your input or contact us.
|
|
|
|
|
|
<kbd><img src="uploads/a4dc9824d42fe7969f21f5445124eff9/image017.png"></kbd>
|
|
|
<kbd>![](uploads/a4dc9824d42fe7969f21f5445124eff9/image017.png)</kbd>
|
|
|
|
|
|
### <a name="cifs-server"></a> CIFS Server
|
|
|
### CIFS Server
|
|
|
|
|
|
This form allows you to configure and setup CIFS services on the Vserver associated with your storage account.
|
|
|
|
|
|
Configuration parameters:
|
|
|
|
|
|
* Active Directory Domain: The fully qualified domain name of the Windows Active Directory the CIFS server belongs to. Example: cifs.domain.com.
|
|
|
* Active Directory Organisational Unit: The organisational unit within the Active Directive domain to associate with the CIFS server.
|
|
|
* Active Directory Account Username: The username of the account used to add the CIFS server to the Directory. This part of the credential only needs to be supplied if the domain is being modified.
|
|
|
* Active Directory Account Password: The password for the account used to add the CIFS server to the Active Directory. This part of the credential only needs to be supplied if the domain is being modified.
|
|
|
* Active Directory Domain: The fully qualified domain name of the Windows Active Directory the CIFS server belongs to. Example: cifs.domain.com.
|
|
|
* Active Directory Organisational Unit: The organisational unit within the Active Directive domain to associate with the CIFS server.
|
|
|
* Active Directory Account Username: The username of the account used to add the CIFS server to the Directory. This part of the credential only needs to be supplied if the domain is being modified.
|
|
|
* Active Directory Account Password: The password for the account used to add the CIFS server to the Active Directory. This part of the credential only needs to be supplied if the domain is being modified.
|
|
|
|
|
|
### <a name="nfs-service"></a> NFS Service
|
|
|
### NFS Service
|
|
|
|
|
|
This form allows you to create and modify an NFS configuration on the Vserver associated with your storage account.
|
|
|
|
|
|
Configuration parameters:
|
|
|
|
|
|
* NFSv4 ID domain: NFSv4 ID mapping domain.
|
|
|
* Permitted Encryption Types: List of permitted encryption types for Kerberos over NFS.
|
|
|
* NFSv4 ID domain: NFSv4 ID mapping domain.
|
|
|
* Permitted Encryption Types: List of permitted encryption types for Kerberos over NFS.
|
|
|
|
|
|
### <a name="krb-realm"></a> Kerberos Realm
|
|
|
### Kerberos Realm
|
|
|
|
|
|
This form allows modifying a Kerberos Realm configuration on a Vserver.
|
|
|
|
|
|
Configuration parameters:
|
|
|
|
|
|
* Kerberos Realm: Kerberos Realm name.
|
|
|
* KDC IP Address: IP address of the Key Distribution Centre (KDC) server for this Kerberos realm.
|
|
|
* KDC Port: TCP port on the KDC to be used for Kerberos communication. The default for this parameter is 88.
|
|
|
* KDC Vendor: The vendor of the Key Distribution Centre (KDC) server. If the configuration uses a Microsoft Active Directory (AD) domain for authentication, this field should be "Microsoft".
|
|
|
* Admin Server IP: IP address of the host where the Kerberos administration daemon is running. This is usually the master KDC. If specified, this should be the same as the KDC IP Address if the KDC Vendor is "Microsoft"
|
|
|
* Password Server IP: IP address of the host where the Kerberos password-changing server is running. Typically, this is the same as the host indicated in the Admin Server IP.
|
|
|
* AD Server Name: Hostname of the Active Directory Domain Controller (DC). This is a mandatory parameter if the KDC Vendor is "Microsoft".
|
|
|
* AD Server IP: IP Address of the Active Directory Domain Controller (DC). This is a mandatory parameter if the kdc-vendor is "Microsoft".
|
|
|
* Kerberos Realm: Kerberos Realm name.
|
|
|
* KDC IP Address: IP address of the Key Distribution Centre (KDC) server for this Kerberos realm.
|
|
|
* KDC Port: TCP port on the KDC to be used for Kerberos communication. The default for this parameter is 88.
|
|
|
* KDC Vendor: The vendor of the Key Distribution Centre (KDC) server. If the configuration uses a Microsoft Active Directory (AD) domain for authentication, this field should be "Microsoft".
|
|
|
* Admin Server IP: IP address of the host where the Kerberos administration daemon is running. This is usually the master KDC. If specified, this should be the same as the KDC IP Address if the KDC Vendor is "Microsoft"
|
|
|
* Password Server IP: IP address of the host where the Kerberos password-changing server is running. Typically, this is the same as the host indicated in the Admin Server IP.
|
|
|
* AD Server Name: Hostname of the Active Directory Domain Controller (DC). This is a mandatory parameter if the KDC Vendor is "Microsoft".
|
|
|
* AD Server IP: IP Address of the Active Directory Domain Controller (DC). This is a mandatory parameter if the kdc-vendor is "Microsoft".
|
|
|
|
|
|
### <a name="ldap-client"></a> LDAP Client
|
|
|
### LDAP Client
|
|
|
|
|
|
This form allows you to create or modify a Lightweight Directory Access Protocol (LDAP) client configuration on the Vserver associated with your storage account.
|
|
|
|
|
|
Configuration parameters:
|
|
|
|
|
|
* Active Directory Domain: The Active Directory Domain Name for this LDAP configuration. The option is ONLY applicable for configurations using Active Directory LDAP servers.
|
|
|
* LDAP Servers: List of LDAP Servers to use for this configuration. The option is NOT applicable for configurations using Active Directory Domain parameter.
|
|
|
* Session Security: This indicates the level of security for LDAP communications. Possible values:
|
|
|
* "none" - No Signing or Sealing
|
|
|
* "sign" - Sign LDAP traffic
|
|
|
* "seal" - Seal and Sign LDAP traffic
|
|
|
* Bind as CIFS server: If True, the Vserver will use the CIFS server's credentials bind to the LDAP server.
|
|
|
* Minimum authentication level: The minimum authentication level that can be used to authenticate with the LDAP server. Possible values:
|
|
|
* "anonymous" - Anonymous bind
|
|
|
* "simple" - Simple bind
|
|
|
* "sasl" - Simple Authentication and Security Layer (SASL) bind
|
|
|
* Bind Distinguished Name: The Bind Distinguished Name (DN) is the LDAP identity used during the authentication process by the clients. This is required if the LDAP server does not support anonymous binds. This field is not used if "Bind as CIFS server" is set to "True".
|
|
|
* Bind Password: The password to be used with the Bind Distinguished Name.
|
|
|
* LDAP schema: LDAP schema to use for this configuration.
|
|
|
* Base DN: Indicates the starting point for searches within the LDAP directory tree.
|
|
|
|
|
|
### <a name="krb-nfs-iface"></a> Kerberos NFS Interface
|
|
|
* Active Directory Domain: The Active Directory Domain Name for this LDAP configuration. The option is ONLY applicable for configurations using Active Directory LDAP servers.
|
|
|
* LDAP Servers: List of LDAP Servers to use for this configuration. The option is NOT applicable for configurations using Active Directory Domain parameter.
|
|
|
* Session Security: This indicates the level of security for LDAP communications. Possible values:
|
|
|
* "none" - No Signing or Sealing
|
|
|
* "sign" - Sign LDAP traffic
|
|
|
* "seal" - Seal and Sign LDAP traffic
|
|
|
* Bind as CIFS server: If True, the Vserver will use the CIFS server's credentials bind to the LDAP server.
|
|
|
* Minimum authentication level: The minimum authentication level that can be used to authenticate with the LDAP server. Possible values:
|
|
|
* "anonymous" - Anonymous bind
|
|
|
* "simple" - Simple bind
|
|
|
* "sasl" - Simple Authentication and Security Layer (SASL) bind
|
|
|
* Bind Distinguished Name: The Bind Distinguished Name (DN) is the LDAP identity used during the authentication process by the clients. This is required if the LDAP server does not support anonymous binds. This field is not used if "Bind as CIFS server" is set to "True".
|
|
|
* Bind Password: The password to be used with the Bind Distinguished Name.
|
|
|
* LDAP schema: LDAP schema to use for this configuration.
|
|
|
* Base DN: Indicates the starting point for searches within the LDAP directory tree.
|
|
|
|
|
|
### Kerberos NFS Interface
|
|
|
|
|
|
This form allows you to create and modify Kerberos configuration information for the NFS Logical Network Interface on the Vserver associated with your storage account.
|
|
|
|
|
|
Configuration parameters:
|
|
|
|
|
|
* Organisational Unit.
|
|
|
* Service Principal Name: Kerberos service principal name.
|
|
|
* Administrator Username.
|
|
|
* Administrator Password.
|
|
|
* Organisational Unit.
|
|
|
* Service Principal Name: Kerberos service principal name.
|
|
|
* Administrator Username.
|
|
|
* Administrator Password.
|
|
|
|
|
|
### Use BLUE settings for service configuration
|
|
|
|
|
|
To configure all services at once with the Default Settings of BLUE Active Directory, click **Configure All Services** and **Confirm** in the **Vserver Configuration** page.
|
|
|
|
|
|
<kbd><img src="uploads/e42b00029d8d5c0ae2689fee0d132920/image018.png"></kbd>
|
|
|
<kbd>![](uploads/e42b00029d8d5c0ae2689fee0d132920/image018.png)</kbd>
|
|
|
|
|
|
All services have been configured successfully as shown below.
|
|
|
|
|
|
<kbd><img src="uploads/5577f64521e0bfc64b23cac8872edf11/image019.png"></kbd>
|
|
|
<kbd>![](uploads/5577f64521e0bfc64b23cac8872edf11/image019.png)</kbd>
|
|
|
|
|
|
## Creating a Storage Project
|
|
|
|
... | ... | @@ -287,54 +287,53 @@ Storage projects may either be SMB or NFS. This can be performed by the DO or DM |
|
|
|
|
|
To create a project, on **My Account** page, click **Unallocated**.
|
|
|
|
|
|
<kbd><img src="uploads/1482b89ca7a1932bece339f97745c56e/image020.png"></kbd>
|
|
|
<kbd>![](uploads/1482b89ca7a1932bece339f97745c56e/image020.png)</kbd>
|
|
|
|
|
|
### SMB shares
|
|
|
|
|
|
Define the following attributes on that page and click the **Save** button:
|
|
|
|
|
|
* Project name (e.g. _Inst1-Project1_)
|
|
|
* Project size
|
|
|
* Project type: CIFS or SMB
|
|
|
* Whether or not to use SMB encryption for SMB shares.
|
|
|
* You can specify a DPM for SMB share. DPM is not applicable for NFS shares.
|
|
|
* Project name (e.g. _Inst1-Project1_)
|
|
|
* Project size
|
|
|
* Project type: CIFS or SMB
|
|
|
* Whether or not to use SMB encryption for SMB shares.
|
|
|
* You can specify a DPM for SMB share. DPM is not applicable for NFS shares.
|
|
|
|
|
|
**Note:** Windows versions 7 and older do not support SMB encryption, so you may need to disable it. It will be possible to disable SMB encryption using the portal at least until the end of support of Windows 7 in January 2020.
|
|
|
|
|
|
Once the Storage Project has been created you will see a confirmation message.
|
|
|
|
|
|
<kbd><img src="uploads/2d8851c5fd681a9554c559f900f35a06/image022.png"></kbd>
|
|
|
<kbd>![](uploads/2d8851c5fd681a9554c559f900f35a06/image022.png)</kbd>
|
|
|
|
|
|
The DO and DM will receive a confirmation email containing a link to access the storage.
|
|
|
|
|
|
<kbd><img src="uploads/8da03bd385e8753a77af06e1b95d8890/image023.png"></kbd>
|
|
|
<kbd>![](uploads/8da03bd385e8753a77af06e1b95d8890/image023.png)</kbd>
|
|
|
|
|
|
The **Configure the storage** page is updated with the Storage Project details.
|
|
|
|
|
|
You can also add a Data Project Manager as shown below.
|
|
|
|
|
|
<kbd><img src="uploads/f93b3850db8a8bd13563cc166855888a/image025.png"></kbd>
|
|
|
<kbd>![](uploads/f93b3850db8a8bd13563cc166855888a/image025.png)</kbd>
|
|
|
|
|
|
### NFS share
|
|
|
|
|
|
You can also create an NFS project by setting the **Project type** to **NFS**.
|
|
|
|
|
|
<kbd><img src="uploads/9d2c19ee1f9dcb3275c701956c9acf29/image026.png"></kbd>
|
|
|
<kbd>![](uploads/9d2c19ee1f9dcb3275c701956c9acf29/image026.png)</kbd>
|
|
|
|
|
|
The project has been created. Note that a Data Project Manager does not exist in NFS projects.
|
|
|
|
|
|
<kbd><img src="uploads/c6df48582a72df3800413fd1dfde04f4/image027.png"></kbd>
|
|
|
|
|
|
<kbd>![](uploads/c6df48582a72df3800413fd1dfde04f4/image027.png)</kbd>
|
|
|
|
|
|
To access the NFS share from your client, please follow the instructions in [NFSv4 / Kerberos Client configuration](#h-11).
|
|
|
|
|
|
On the **My account** page, DOs and DMs are able to see all the projects.
|
|
|
|
|
|
<kbd><img src="uploads/b2a83e24bf7bbe61b319cf909a1857a2/image028.png"></kbd>
|
|
|
<kbd>![](uploads/b2a83e24bf7bbe61b319cf909a1857a2/image028.png)</kbd>
|
|
|
|
|
|
However, DPMs can only view the projects that only belong to them.
|
|
|
|
|
|
<kbd><img src="uploads/69bd441c2b98f111218e531840d176f5/image029.png"></kbd>
|
|
|
<kbd>![](uploads/69bd441c2b98f111218e531840d176f5/image029.png)</kbd>
|
|
|
|
|
|
Please remember to lock down the permissions on the projects you have created.
|
|
|
|
... | ... | @@ -346,7 +345,7 @@ On the **My Account** page, click the link to the Storage Project you want to de |
|
|
|
|
|
Click the **red cross icon** next to the Project name. Then type the **Project name** into the text field in the confirmation form to confirm and finally click the **Delete Project** button.
|
|
|
|
|
|
<kbd><img src="uploads/2f604f26f40c0b2bb1a5c55db34f4b56/image030.png"></kbd>
|
|
|
<kbd>![](uploads/2f604f26f40c0b2bb1a5c55db34f4b56/image030.png)</kbd>
|
|
|
|
|
|
## Managing storage capacity and duration
|
|
|
|
... | ... | @@ -360,21 +359,21 @@ This is done by the DO or DM(s). |
|
|
|
|
|
Go to **Configure the licence** page and click the **Increase My Storage Size** button:
|
|
|
|
|
|
<kbd><img src="uploads/cff6f36f95ec88fa76498e555bbdaf29/image037.png"></kbd>
|
|
|
<kbd>![](uploads/cff6f36f95ec88fa76498e555bbdaf29/image037.png)</kbd>
|
|
|
|
|
|
In the pop-up dialogue box, enter how many additional TB you want, select an activation date from the date drop-down menu, and click the **Get Quote** button:
|
|
|
|
|
|
<kbd><img src="uploads/50f269976ab697f0ccf1b0bfa56bdc8d/image040.png"></kbd>
|
|
|
<kbd>![](uploads/50f269976ab697f0ccf1b0bfa56bdc8d/image040.png)</kbd>
|
|
|
|
|
|
You will be redirected to the payment page. Enter your purchase order number (or click the **Voucher** link to enter a voucher code, tick the checkbox to accept the Terms & Conditions, and click the **Pay** button:
|
|
|
|
|
|
<kbd><img src="uploads/b1c78be260333640aac687b9b1c2019b/image042.png"></kbd>
|
|
|
<kbd>![](uploads/b1c78be260333640aac687b9b1c2019b/image042.png)</kbd>
|
|
|
|
|
|
When the payment is processed, you will see the payment confirmation page.
|
|
|
|
|
|
You will be redirected to the **Configure the licence** page where you will see the original **Full licence** and the newly purchased **Size Extension** licence:
|
|
|
|
|
|
<kbd><img src="uploads/7c60abe24c868527ecc6dfbe599df101/image044.png"></kbd>
|
|
|
<kbd>![](uploads/7c60abe24c868527ecc6dfbe599df101/image044.png)</kbd>
|
|
|
|
|
|
### Extending storage duration
|
|
|
|
... | ... | @@ -382,19 +381,19 @@ This is done by the DO or DM. |
|
|
|
|
|
Go to the **Configure the licence** page and click the **Extend My Storage Duration** button:
|
|
|
|
|
|
<kbd><img src="uploads/3e5dcf36ef215d1d125a8e475621733e/image045.png"></kbd>
|
|
|
<kbd>![](uploads/3e5dcf36ef215d1d125a8e475621733e/image045.png)</kbd>
|
|
|
|
|
|
In the pop-up dialogue box, you will see your storage capacity shown. Use the drop-down menu to select how long you wish to extend it for, and click the **Get Quote** button:
|
|
|
|
|
|
<kbd><img src="uploads/6547419e685b65ce76ff5de2923f1239/image046.png"></kbd>
|
|
|
<kbd>![](uploads/6547419e685b65ce76ff5de2923f1239/image046.png)</kbd>
|
|
|
|
|
|
You will be redirected to the payment page. Enter your purchase order number (or click the **Voucher** link to enter a voucher code – see page 9), click the checkbox to accept the Terms & Conditions, and click the **Pay** button:
|
|
|
|
|
|
<kbd><img src="uploads/bcc3b0c05cb01eace5bdd6ac1203a9fc/image047.png"></kbd>
|
|
|
<kbd>![](uploads/bcc3b0c05cb01eace5bdd6ac1203a9fc/image047.png)</kbd>
|
|
|
|
|
|
After the payment process passed you will be redirected to the **Configure the licence** page, where you will see the **Duration Extension** license listed:
|
|
|
|
|
|
<kbd><img src="uploads/291725d64974677be89042660330cdab/image048.png"></kbd>
|
|
|
<kbd>![](uploads/291725d64974677be89042660330cdab/image048.png)</kbd>
|
|
|
|
|
|
### Increasing the size of a Storage Project
|
|
|
|
... | ... | @@ -404,32 +403,82 @@ From the **My Account** page, click the name of the Storage Project you want to |
|
|
|
|
|
Adjust the **Project size** slider to show the number of TB you want to increase to:
|
|
|
|
|
|
<kbd><img src="uploads/13a158400a6b21f283f904fe36b125a2/image050.png"></kbd>
|
|
|
<kbd>![](uploads/13a158400a6b21f283f904fe36b125a2/image050.png)</kbd>
|
|
|
|
|
|
Click the **Save** button. You will see a confirmation message on the screen:
|
|
|
|
|
|
<kbd><img src="uploads/39d4c6e5a6da63327ed7a01d936bf0f5/image051.png"></kbd>
|
|
|
<kbd>![](uploads/39d4c6e5a6da63327ed7a01d936bf0f5/image051.png)</kbd>
|
|
|
|
|
|
A few seconds later, the DO receives an email confirming that the project size has been increased:
|
|
|
|
|
|
<kbd><img src="uploads/5d93d9606114af41b845b8d8191ebb13/image052.png"></kbd>
|
|
|
<kbd>![](uploads/5d93d9606114af41b845b8d8191ebb13/image052.png)</kbd>
|
|
|
|
|
|
The DO, DM or DPM can now enable or disable the SMB encryption for accessing the Storage Project by ticking the **SMB encryption** checkbox and clicking the **Save** button:
|
|
|
|
|
|
<kbd><img src="uploads/be8de847e0f2dc26c34d36f7daf08ae5/image053.png"></kbd>
|
|
|
<kbd>![](uploads/be8de847e0f2dc26c34d36f7daf08ae5/image053.png)</kbd>
|
|
|
|
|
|
SMB encryption will be enabled/disabled and a confirmation message will appear on the screen, e.g.:
|
|
|
|
|
|
<kbd><img src="uploads/7cca996d50213703cd7e9e8ce0f31deb/image054.png"></kbd>
|
|
|
<kbd>![](uploads/7cca996d50213703cd7e9e8ce0f31deb/image054.png)</kbd>
|
|
|
|
|
|
### Graphical representation of the the Space Utilization
|
|
|
|
|
|
1. Utilization of the License
|
|
|
![image](uploads/eec5d9bc16d0cf4eaf4122808d529324/image.png)
|
|
|
- Volume Total Space – Total amount of space for which the user requested a License.
|
|
|
- Total Available Space – Total amount of space available for users will be able to write data.
|
|
|
- Volume Used Space – Total amount of space utilized by the user in the license. It will be the sum of space utilized by number of projects within the license.
|
|
|
- Volume Snapshot reserve - 5% of the total requested license space will be reserved for the snapshot which will be beneficial in the scenario of file corruption.
|
|
|
- Snapshot overflow space – Amount of space overflow from the reserved space.
|
|
|
|
|
|
**Formula: (Licensed space) Volume Total Space = Volume Used Space + Total Available Space + Snapshot space**
|
|
|
|
|
|
Snapshot space:
|
|
|
- 5% of the total requested space is reserved for snapshot
|
|
|
- **NOTE**: _If the rate of change of data is high for a large amount of space and greater than reserved space then the snapshot will overflow from the reserved space to available space._
|
|
|
|
|
|
|
|
|
2. Utilization of the Projects within the Licence.
|
|
|
|
|
|
![image](uploads/0fbd15108699d3f67b917460d4c10fe0/image.png)
|
|
|
|
|
|
### Change the snapshot policy
|
|
|
This feature is beneficial for the snapshot scenario, If the users are aware that the much older data wouldn’t be relevant because of a higher rate of change of data then the user could use the policy which will change the retention period of the snapshot and free up the older snapshot.
|
|
|
|
|
|
From the combo box, the user can use the following options:-
|
|
|
1. ifs-snapshot-policy [ DEFAULT ] – Monthly Count:12, Daily Count 30 and hourly:24
|
|
|
- This policy will retain snapshots of the last 12 months’
|
|
|
2. ifs-snapshot-policy-moderate– Monthly Count: 6, Daily Count 30 and hourly:24
|
|
|
- This policy will retain snapshots of the last 6 months’
|
|
|
3. ifs-snapshot-policy- relax– Monthly Count:3, Daily Count 30 and hourly:24
|
|
|
- This policy will retain snapshots of the last 3 months’
|
|
|
|
|
|
**>>Select the "My account" in Home page**
|
|
|
![image](uploads/9dac498d93c353fcd5096f57951ffc22/image.png)
|
|
|
|
|
|
**>>Select the vserver configuration of IFS account**
|
|
|
|
|
|
![image](uploads/1da94ed7d3ac21f9a2da35b8fd7c2908/image.png)
|
|
|
|
|
|
**>>Select the snapshot policy tab**
|
|
|
|
|
|
![image](uploads/84fc8952767bb32d767772ed530802b1/image.png)
|
|
|
|
|
|
**>>Select the desire policy from the listed combo box.**
|
|
|
|
|
|
![image](uploads/ab3331e5315c0144882602c752eb9456/image.png)
|
|
|
|
|
|
**>>Apply the desired snapshot policy**
|
|
|
|
|
|
## Enable Kerberos authentication for CIFS shares
|
|
|
|
|
|
In order to access your shares with Kerberos authentication, you have to add the CIFS service principal name in the `servicePrincipalName` field of the CIFS server machine account created in your AD.
|
|
|
|
|
|
The CIFS service principal name would usually have the format `cifs/<DNS Name of your CIFS network interface>`. For instance, for the CIFS interface `ifs-prod-381-cifs.ifs.uis.private.cam.ac.uk`, the CIFS principal name would be `cifs/ifs-prod-381-cifs.ifs.uis.private.cam.ac.uk`.
|
|
|
|
|
|
The `servicePrincipalName` would eventually look like the following:
|
|
|
|
|
|
<kbd><img src="uploads/2e0c8b7b5339639b6fc9d2ff093e69b1/cifs-spn.PNG"></kbd>
|
|
|
<kbd>![](uploads/2e0c8b7b5339639b6fc9d2ff093e69b1/cifs-spn.PNG)</kbd>
|
|
|
|
|
|
If you are using `BLUE` AD, please contact us to update your CIFS server machine account.
|
|
|
|
... | ... | @@ -464,7 +513,7 @@ Only Kerberos 5, Kerberos 5i, and Kerberos 5p are allowed as authentication meth |
|
|
|
|
|
### Mounting the NFS share
|
|
|
|
|
|
We've set up an NFS share in a test Vserver called **ifs_dev_4**. The share path is **/ifs_dev_4_vol/ifs_dev_4_vol_44 and is** accessible through the NFS interface **[ifs-dev-4-nfs.ifs.uis.private.cam.ac.uk](http://ifs-dev-4-nfs.ifs.uis.private.cam.ac.uk)**.
|
|
|
We've set up an NFS share in a test Vserver called **ifs_dev_4**. The share path is **/ifs_dev_4_vol/ifs_dev_4_vol_44 and is** accessible through the NFS interface **ifs-dev-4-nfs.ifs.uis.private.cam.ac.uk**.
|
|
|
|
|
|
The following configuration has been tested on Ubuntu 18.04 LTS and RHEL 7.7 (Maipo). Note that it could be slightly different on other OS versions.
|
|
|
|
... | ... | |