Follow

NAS Configuration

The NAS page allows you to configure the InfiniGuard to present its storage capacity as NAS (network attached storage) shares that are compatible with standard backup applications. You can create NAS shares for use with Windows or Unix/Linux networks. You can also join the InfiniGuard to a Windows domain or workgroup and manage users.

Additional Information

The NAS wizard provides guided assistance for configuring NAS shares (see InfiniGuard Configuration).


Caution

Filenames on NAS shares are limited to a length of 256 bytes. If a filename uses Japanese characters, the filename can be no longer than 85 characters. This is because each Japanese character is represented by 3 bytes.


To access the NAS page, click the Configuration menu, and then click the NAS tab.
The NAS page contains the following tabs

NAS Summary

The NAS Summary page allows you to manage NAS shares on the InfiniGuard DDE. You can view information about existing shares, add or edit shares, and delete shares.

To access the NAS Summary page, on the NAS page, click the Summary tab

NAS Summary Page

Tasks
Use the NAS page to perform the following tasks:

NAS Shares List

The NAS Shares List section displays the following information for all NAS shares on the InfiniGuard DDE:

Shares

The number of shares that have been added to the system.

Maximum

The maximum number of shares that can be added to the system.

NFS

The number of existing shares configured to use the NFS protocol (for Linux networks).

CIFS/SMB

The number of existing shares configured to use the CIFS/SMB protocol (for Windows networks).

Application Specific

The number of existing shares configured to use Oracle Recovery Manager (RMAN).

Share Name

The name of the share.

Protocol

The protocol (CIFS/SMB, NFS, or Application Specific (RMAN)) the share is configured to use.
For NFS shares, the Protocol column displays the commit type of the share (sync for synchronous or async for asynchronous).

Export Path

The export path of the share (different for CIFS/SMB, NFS, and Application Specific (RMAN) shares).

Permissions

The permissions in use on the share (Read & Write or Read Only).

Access

The access type of the share (all hosts or specific users).

Deduplication

The data deduplication state of the share (Enabled or Disabled).

Replication

The current state of replication for the share:

Targets

The targets the share is configured to replicate to.

Description

A brief description of the NAS share (if available).


Additional Information

  • Click a column heading to sort the rows in the table by that column. Click the column heading again to reverse the sort order.
  • Click the Information button [i] next to a share to display detailed information about the share and recent replication activity.

Adding a NAS Share

Add a NAS share to present the storage capacity of the InfiniGuard DDE as a NAS share that is compatible with standard backup applications. You can add up to 128 shares. When you add a share, you must specify whether it uses the NFS protocol (for Linux networks) or the CIFS/SMB protocol (for Windows networks).  

Note

If you are adding a CIFS/SMB share for use with a Windows network, you must configure the Windows domain before adding the new share (see Windows Domain).


To add a NAS share:

  1. Click Add.

The Add NAS Share page displays.

Add NAS Share Page

2. Under NAS Share Settings, enter information about the share:

Name

Enter the name of the NAS share.

Note: NAS share names are not case-sensitive. For example, if you create a share named nas1, you cannot create another share named NAS1 because the system considers the names to be the same.

Description

(Optional) Enter a brief description of the share.

Protocol

Select the export protocol for the share:

  • CIFS/SMB - Select the CIFS/SMB option to use the share on a Windows network.
  • NFS - Select the NFS option to use the share on a UNIX or Linux network.
  • Application Specific - Select the Application Specific option to create an Oracle RMAN share.

Hide from network browsing

(CIFS/SMB shares only) Select the check box to hide the share from network browsing. If selected, you cannot see the share when browsing the network.

Enable no root squash

(NFS shares only) By default, NFS shares change the root user to the nfsnobody user, an unprivileged user account. This is a security feature that prevents privileges from being shared unless specifically requested. If No Root Squash is enabled, remote users are now able to change any file on the shared file system.

Enable deduplication

(CIFS/SMB/NFS shares only) Select the check box to enable data deduplication. Infinidat recommends that you enable data deduplication to optimize disk usage.

Note: Data deduplication is enabled by default. You cannot enable or disable data deduplication after the share is added. If data duplication is disabled, then data compression is also disabled.
Note: Deduplication of Application Specific shares is enabled by default.

3. (Optional) Under Replication Settings, specify replication settings.

For more information about configuring replication for a share, or to set up replication for the share at a later time, see Replication.

4. Click Apply.

Additional Information

When you create a CIFS/SMB share, the initial permissions are the same as the default permissions for a Windows 2003 share with the addition of an ACE (Access Control Entry) that permits full access to the share for all authenticated users. Administrators can choose to remove this full access ACE, set up custom permissions, or leave the ACL (Access Control List) as it is if the server is set up in a fully trusted environment.

Editing a NAS Share

Edit a NAS share to modify the settings for the share, for example, to change the description of the share or to select different options.
To edit a NAS share:

  1. Select the share and click Edit.

The Edit NAS Share & Replication Settings page displays

Edit NAS Share & Replication Settings Page

2. Under NAS Share Settings, enter information about the share:

Note

If you are editing a share, only the Description, Enforce read-only access, Hide from network browsing, and Allow all users to access this share options can be changed.


Description (Optional) Enter a brief description of the share.

Enable no root squash

(NFS shares only) By default, NFS shares change the root user to the nfsnobody user, an unprivileged user account. This is a security feature that prevents privileges from being shared unless specifically requested. If No Root Squash is enabled, remote users are now able to change any file on the shared file system.

Enforce read-only access

(CIFS/SMB and NFS shares only) Select the check box to make the share read only. If selected, you cannot write to the share.

Hide from network browsing

(CIFS/SMB shares only) Select the check box to hide the share from network browsing. If selected, you cannot see the share when browsing the network.

Allow all hosts to access this share

(NFS shares only) Select this check box to allow all hosts (NFS share shares) to access the share.

Or clear the check box to allow only specified users or hosts to access the share. To add a user or host to the access list, click Add. Specify the Hostname or IP Address (NFS shares) and the associated permissions (Read Only or Read & Write), and then click Apply.

Additional Information

      • To modify the users that are available in the Workgroup User list, see Share Access .
      • After you add a user or host to the access list, you cannot change their permissions. Instead, select the user or host in the access list and click Delete to remove them from the list.
      • Then add the user or host again with the correct permissions.

3. (Optional) Under Replication Settings, specify replication settings.

For more information about configuring replication for a share, or to set up replication for the share at a later time, see Replication .

4. Click Apply.

Additional Information

If you modify a NAS share that uses the CIFS/SMB protocol, you must restart the CIFS/SMB service for the changes to take effect. To restart the CIFS/SMB service, first disjoin the Windows workgroup, then join it again (see Windows Domain). Restarting the CIFS/SMB service will close all active connections to the share. Most Windows workstations will automatically reconnect, but some applications may be affected.


Deleting a NAS Share

Delete a NAS share if it is no longer needed. When you delete a share, all data stored on the share is lost, and any schedules associated with the share are deleted.

Note

If you delete a share configured for Directory/File Based Replication on the source Dedup Engine, the share is not automatically deleted on the target Dedup Engine. If you do not want to retain the share on the target, you can manually delete it.

To delete a NAS share:

  1. Select the share and click Delete. You can select multiple shares to delete at once.
  2. Click Yes to confirm the deletion.

Windows Domain

The Windows Domain page allows you to join the InfiniGuard DDE to a Windows workgroup or a Windows domain using SMB. To use a NAS share configured for the CIFS/SMB protocol on a Windows network, you must first join the InfiniGuard DDE to a workgroup or a domain. After you join the InfiniGuard DDE to a workgroup or a domain, CIFS/SMB shares are available for use on the Windows network.

To access the Windows Domain page, on the NAS page, click the Windows Domain tab.

Windows Domain Page

Tasks

Use the Windows Domain page to perform the following tasks:

Joining a Windows Workgroup

Join a Windows workgroup to add the DDE to a workgroup on a Windows network. After you join a workgroup, CIFS/SMB shares are available for use on the Windows network.

To join a Windows workgroup:

  1. Enter the following information about the Windows domain:

Domain Type

Select Workgroup.

Domain/Workgroup Name

Enter the workgroup name.
The workgroup name can be the name of an existing workgroup or a new workgroup (for example, Workgroup or Sales).

2. Click Apply.

Additional Information

When an SMB server is joined to a workgroup, share security is managed directly from the remote management console. For a CIFS/SMB share, security is provided through the read only or read/write access to the share. By default, when a CIFS/SMB share is created, the default security setting allows access for all users. Any access restrictions on individual users can be managed by editing a share on the NAS Summary page (see Editing a NAS Share).

Joining a Windows Domain

Join a Windows domain to add the DDE to a Windows network using Active Directory. After you join a domain, CIFS/SMB shares are available for use on the Windows network.
Before joining a Windows domain, make sure the date and time on the DDE is correct and is synchronized with the Active Directory Services (ADS) server. The time difference between the DDE and the ADS server (domain controller) must be less than 300 seconds. Infinidat recommends using the same NTP server for the DDE and the ADS server to keep them synchronized.

To join a Windows domain:

  1. Enter the following information about the Windows domain:

Domain Type

Select Active Directory.

Domain/Workgroup Name

Enter the domain name.

Primary Domain Controller

Select an option for the Primary Domain Controller (PDC):

  • Use DNS Discovery - Discover the PDC automatically.
  • Specify Address - Enter the fully qualified name or the IP address of the PDC.

Organization Unit

(Optional) Enter the name of the organizational unit in the domain.
The DDE will become a member of this organization.

Administrator Name

Enter Administrator or any user that has the right to join the domain.
By default, any user belonging to the Administrators group or the Domain Admins group has the right to join the domain. In addition, any user can join the domain if they are specifically delegated this right by a member of the Administrators group.

Administrator Password

Enter the password for the user entered above.

2, Click Apply.

Additional Infirmation

When the system is joined to the Active Directory domain, share security is managed by the MMC (Microsoft Management Console) that is running on the domain controller. By default, when a CIFS/SMB share is created, the default security setting allows access for all users. Any access restrictions on individual users must be managed from the MMC.

Disjoining a Workgroup or Domain

Disjoin a workgroup or a domain to remove the InfiniGuard DDE from a Windows workgroup or domain. After you disjoin the workgroup or domain, CIFS/SMB shares are no longer available for use on the Windows network To disjoin a workgroup or domain, click Disjoin.

Share Access

The Share Access page allows you to manage workgroup users when the InfiniGuard DDE is joined to a Windows workgroup, or manage share administrators when the DDE is joined to a Windows domain using Active Directory. You can add users or administrators, change user privileges, and delete users or administrators. Available users or administrators can be granted access to NAS shares configured for the CIFS/SMB protocol.

Note

You must join a Windows workgroup or domain before you can add workgroup users or share administrators (see Windows Domain). The Share Access page is different depending on whether the DDE is joined to a workgroup or domain.

To access the Share Access page, on the NAS page, click the Share Access tab.

Share Access Page (Windows Workgroup)

Tasks

Use the Share Access page to perform the following tasks:

Workgroup Users or Share Administrators

If the InfiniGuard DDE is joined to a Windows workgroup, the Workgroup Users section displays the following information about workgroup users:

Username

The name of the workgroup user.

Administrator Privileges

The privileges of the workgroup user (Yes if the user has administrator privileges, No if they do not.)

Description

A brief description of the workgroup user (if available).


If the DDE is joined to a Windows domain using Active Directory, the Share Administrators section displays the following information about share administrators:

User or Group NameThe fully qualified name of the user or group.

Adding a Workgroup User or Share Administrator

Add a workgroup user or share administrator to be able to grant that user or administrator access to CIFS/SMB shares.

Windows Workgroup

To add a workgroup user for a Windows workgroup:

  1. Click Add.

The Add Workgroup User page displays

Add Workgroup User Page

2.Enter information about the workgroup user:

User Name

Enter the name of the workgroup user.

Password

Enter the password for the workgroup user.

Confirm Password

Enter the password again to confirm it.

Description

(Optional) Enter a brief description of the workgroup user.

Grant Administrator Privileges

Select the check box to add the workgroup user to the Windows Administrators group.
This allows the workgroup user to override certain permissions settings and prevents the workgroup user from being locked out of shares or directories.

3. Click Apply.

After you create a workgroup user, you can grant the user access to a NAS share (see Share Access).

Windows Domain

To add a share administrator for a Windows domain:

  1. Click Add.

The Add Share Administrator page displays 

2. Enter the Fully Qualified User or Group Name of the share administrator.

3. Click Apply.

Use the MMC (Microsoft Management Console) to manage users (see ADS Share Permissions).

Editing a Workgroup User

Edit a workgroup user to change the user's password or description, or to change the user's administrator privileges.

Note

You cannot edit a share administrator. Instead, delete the share administrator, then add a new share administrator.

To edit a workgroup user:

  1. Select the user and click Edit.

The Edit Workgroup User page displays

Edit Workgroup User Page

2. Enter information about the workgroup user:

Note

If you are editing a workgroup user, you cannot change the User Name.

User Name

(Optional) Select a different workgroup user to edit.

Password

Enter the password for the workgroup user.

Confirm Password

Enter the password again to confirm it.

Description

(Optional) Enter a brief description of the workgroup user.

Grant Administrator Privileges

Select the check box to add the workgroup user to the Windows Administrators group.
This allows the workgroup user to override certain permissions settings and prevents the workgroup user from being locked out of shares or directories.

3. Click Apply.

Deleting a Workgroup User or Share Administrator

Delete a workgroup user or share administrator if the user or administrator no longer needs to access CIFS/SMB shares.

To delete a workgroup user or share administrator, select the user or administrator and click Delete. You can select multiple users or administrators to delete at once.

ADS Share Permissions

To manage user access to CIFS/SMB shares when the DDE is joined to a Windows domain, use the MMC (Microsoft Management Console). Log onto the MMC on the domain controller and access a share's properties to set share permissions for users.


Additional Information

In some cases, when you view file permissions on a Windows system, you will not see the user and group information. Instead you will see the SID (security ID) which appears as a series of numbers. This occurs when you move files (for example, using a backup utility or DOS xcopy) from one system to another system, and the user and group from the source system do not exist on the target system.

Often users and groups are unique to a particular scope, such as a Windows system or an ADS domain. As a result, some assigned permissions might not be available on the target system because the associated user and group do not exist there. However, common groups (for example, Administrators, Users, and Everyone) are recognized on most Windows systems and domains.

Advanced Setting

The Advanced Setting page allows you to enable or disable advanced SMB settings.

To access the Advanced Setting page, on the NAS page, click the Advanced Setting tab .

Advanced Setting Page


To enable or disable advanced SMB settings:

  1. Select the check box to enable, or clear the check box to disable, the following settings:

Enable Opportunistic Locking - (Enabled by default) Opportunistic locking lets clients lock files and locally cache information without the risk of another user changing the file. This increases performance for many file operations, but it may decrease performance in other operations because the server that grants the opportunistic lock must manage the breaking of that lock when another user requests access to the file.

Note

System performance may decrease if Opportunistic Locking is disabled.

Enable SMB Server signing - (Disabled by default) SMB server signing improves security on
Windows networks by requiring clients to provide a security signature to connect to a server. If the DDE is joined to a Windows domain that is configured to require signing, you should enable SMB server signing.

2. Click Apply.

Was this article helpful?
0 out of 0 found this helpful

0 out of 0 found this helpful

Comments