No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

OceanStor 2600 V3 Video Surveillance Edition V300R006 Basic Storage Service Configuration Guide for File

This document is applicable to OceanStor OceanStor 2600 V3 Video Surveillance Edition. This document describes the basic storage services and explains how to configure and manage basic storage services for storage system.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Planning File System Shares

Planning File System Shares

File systems can be shared using four protocols: NFS, CIFS, FTP, and HTTP. Homedir shares are a type of CIFS shares.

Planning NFS Shares

Table 2-8 lists items to be planned for NFS shares.

Table 2-8 NFS share planning

Planned Item

Subitem

Requirement

Network

Storage system IP address

The storage system provides shared space for a client through a logical interface (LIFa).

Client IP address

The client and storage system are accessible and can ping each other.

IP address of a maintenance terminal

The maintenance terminal and storage system are accessible and can ping each other.

NIS or LDAP domain

Collect the domain server's IP address and domain information. Ensure that the domain server and storage system reside on the same network and can ping each other.

Domain

Non-domain, NIS domain, or LDAP domain

Plan a non-domain environment, NIS domain, or LDAP domain based on site requirements. Generally, configure a domain environment for a large-sized enterprise or an enterprise that requires high security.

NOTE:

For V300R006C50 and later versions, in a domain environment, if the number of owning user groups for a user exceeds 16, run the change service nfs_config extended_groups_switch=enable command in the corresponding vStore on the storage system to enable the extended user group function. Run the change service nfs_config extended_groups_limit=? command to set the maximum number of owning user groups for the user. For details, see the command reference specific to your product model. Before enabling this function, ensure that both the host and storage system have been added in to an LDAP or NIS domain.

Permission

-

Plan a user's permissions for accessing a file system.

  • When NFSv3 is used, a storage system supports User, Group, Other (UGO) permissions, and ACL permissions are disabled by default. UGO permissions include Execute, Read, and Write.
NOTE:

To enable ACL permissions, run the admin:/>change service nfs support_v3_enabled=on v3_acl_enabled=on command and remount NFS shares.

  • When NFSv4 is used, a storage system supports both UGO and ACL permissions. ACL permissions include List Directories, Read Data, and Write Data.

Quota

(Optional) Quota for file system's quota trees.

Quotas can be defined only for file system's quota trees based on customer requirements.

a: A LIF is created on an Ethernet port, bond port, or VLAN. Each LIF is configured with an IP address.

NOTE:

If a firewall is deployed, ensure that the RPCBIND service on a client is properly running (that is, the client listens to TCP/UDP port 111) to provide RPC port mapping service. In addition, ensure that firewall rules allow the storage system to initiate connection requests and send messages to the client. For example, when an NFSv3 client uses Network Lock Manager (NLM) to request the block lock service from a storage system, the storage system randomly selects a port from ports 1 to 65535, establishes a connection to the client through the port, and notifies the client that a block lock is successfully added.

Planning CIFS Shares

Table 2-9 lists the items to be planned for CIFS shares.

Table 2-9 CIFS share planning

Planned Item

Subitem

Requirement

Network

Storage system IP address

The storage system provides shared space for a client through a logical interface (LIFa).

Client IP address.

The client and storage system are accessible and can ping each other.

IP address of a maintenance terminal

The maintenance terminal and storage system are accessible and can ping each other.

(Optional) AD domain

Collect IP addresses and host names of the AD domain server and DNS server. The servers and storage system must reside on the same network and can ping each other.

Domain environment

AD domain or non-domain environment

Plan an AD domain or non-domain environment based on onsite requirements. The advantages of the AD domain and non-domain environments are described as follows:

  • AD domain: A storage system can be seamlessly integrated with an AD domain. Domain users can directly access the shared space, and no local users need to be created.
  • Non-domain: No domain environments need to be set up.

Authentication mode

Local, domain, or global authentication

Plan an authentication mode based on the domain environment (AD domain or non-domain environment).

  • Local authentication: Local users are used to authenticate user identity.
  • Domain authentication: Domain servers are used to authenticate user identity.
  • Global authentication: Local authentication is used first. If local authentication does not pass, domain authentication is used.

Share mode

CIFS share

In CIFS share mode, a file system or its quota tree is shared among authenticated users including local and domain authentication users. Users have their permissions set by the storage system for accessing CIFS shares.

Homedir

In Homedir share mode, a file system is shared to a specific user as an exclusive directory. The user can only access the exclusive directory named after its user name.

User

-

Local authentication user or domain user.

User group

-

Local authentication user group or domain user group.

Permission

Permission of a user or user group to access a share

Plan a user's permission to access a CIFS share. Possible permissions are:

  • Read-only, enabling a user to:
    • Read the CIFS share and its subdirectories.
    • Execute executable files.
  • Read and write, enabling a user to:
    • Perform operations that are allowed by the read-only permission.
    • Create and delete shared files and subdirectories.
    • Modify file contents.
  • Full control, enabling a user to:
    • Perform operations that are allowed by the read and write permission.
    • Modify ACLs of files and subdirectories in the CIFS share.
  • Forbidden: A user is forbidden to access the CIFS share.

Quota

(Optional) Quota for file system's quota trees

Quotas can be defined only for file system's quota trees based on customer requirements.

a: A LIF is created on an Ethernet port, bond port, or VLAN. Each LIF is configured with an IP address.

NOTE:

By default, the storage system uses port 445 to provide the CIFS share service (port 139 is not supported) for external devices. Therefore, if a firewall is deployed, port 445 must be enabled for clients.

Planning Cross-Protocol Share Access

A storage system allows NFS and CIFS shares to be configured for the same file system concurrently. The storage system uses the user mapping function to allow users to access shared files across protocols (CIFS-NFS) used by clients on different platforms.

Planning FTP Shares

For details, see Overview.

Planning HTTP Shares

Ensure that a shared file system is online.

Translation
Download
Updated: 2019-07-12

Document ID: EDOC1100021203

Views: 44682

Downloads: 68

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next