NFSv4 version (1)

Next we will mainly explain the content of NFSv4. What are the features of the fourth NFS version? Let's take a look at it. NFS is composed of server software-for example, software running on NetApp storage-client software requiring access to network storage and running on the host. proper operations require that the two ends of the connection, that is, the client and the server are mature and have been correctly implemented. although NetApp is from Data ONTAP? The NFS version 4 of the code library has been released since 6.4. However, it was not until today that NFSv4 has undergone many changes and has been significantly mature that we believe it is applicable to production.

Today, the implementation of the client has stabilized. netApp has also made some important changes and enhancements in Data ONTAP 7.3 to support NFS v4. in this article, we will explore three important features of NFSv4:

· Access Control List (ACL) for security and Windows compatibility)

· Forced security brought about by Kerberos

· Client Cache Delegation

Although this discussion will be widely applied to any NFSv4 implementation, it will also describe some details specific to NetApp and discuss best practices as appropriate.

Access Control List

ACL is one of the most frequently requested features for NetApp customers seeking for greater compatibility with Windows clients. NFSv4 ACL greatly improves NFS security and CIFS interoperability.

ACL allows each user to grant or deny access permissions to each file object. It provides more detailed access control and is more optional than the traditional UNIX mode permission bit. NFSv4 ACLs are based on the NT prototype, but they do not contain owner/group information. the NFSv4 ACL consists of an array of access control entries (ACE), including information about allowed/denied access, permission limit, user name/group name, and tags.

As NetApp has provided ACL support to the CIFS client, additional ACL features in NFSv4 will create some unique considerations. netApp provides three types of quota trees-UNIX, NTFS, and hybrid-for different clients. the NFSv4 ACL processing method depends on the type of the quota tree:

UNIX quota tree

· Valid NFSV4 ACL and mode bit

· Properties cannot be set on Windows clients

· Dominant in UNIX Semantics

NTFS quota tree

· Valid nt acl and mode bits; properties cannot be set on UNIX clients

· NFSv4 ACL is generated from the mode bit of the NFS client that uses the nt acl to access the file

· NT semantics prevails

Hybrid quota tree

· Valid NFSv4 ACL, nt acl, and mode bit

· You can set properties on Windows and UNIX clients.

· NFSv4 ACL is generated from the mode bit for files with NT ACL

Obviously, you should carefully select the type of the quota tree you are using to obtain the expected results:

· NFS only: UNIX quota tree

· Hybrid access: Hybrid quota tree

· Most CIFS access: NTFS quota tree

· Access CIFS only: NTFS quota tree

The only other best practice about ACL is that each ACL. you can increase the number of ECSS in each ACL to a maximum of 192, however, executing such an operation means that it is necessary to convert to an earlier version of Data ONTAP or use SnapMirror to a later version.