JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Sun ZFS Storage 7000 System Administration Guide
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

Preface

1.  Introduction

2.  Status

3.  Configuration

4.  Services

Services

Introduction

Data Services

Directory Services

System Settings

Remote Access

Security

BUI

Viewing a Specific Service Screen

Enabling a Service

Disabling a Service

Defining Properties

Viewing Service Logs

CLI

Selecting a Service

Viewing a Service's State

Enabling a Service

Disabling a Service

Setting Properties

Viewing Service Logs

Service Help

NFS

Introduction

Properties

Kerberos Realms

Logs

Analytics

CLI

Tasks

NFS Tasks

iSCSI

Introduction

Properties

Authentication

Authorization

Targets and Initiators

CLI

Tips

Troubleshooting

SMB

Introduction

Properties

Share Properties

NFS/SMB Interoperability

DFS Namespaces

Autohome Rules

Local Groups

Local Accounts

MMC Integration

Event Viewer

Share Management

Users, Groups and Connections

Services

CLI

Adding autohome rules

Adding a user to a local group

Tasks

SMB Tasks

FTP

Introduction

Properties

FTP Properties

General Settings

Security Settings

Logs

Tasks

FTP Tasks

HTTP

Introduction

Properties

Authentication and Access Control

Logs

Tasks

HTTP Tasks

NDMP

Introduction

Local vs. Remote Configurations

Backup Formats and Types

Backing up with "dump" and "tar"

Backing up with "zfs"

Incremental backups

Properties

Logs

SFTP

Introduction

Properties

SFTP Port

Logs

Tasks

SFTP Tasks

Virus Scan

Introduction

Properties

File Extensions

Scanning Engines

Logs

Tasks

Virus Scan Tasks

NIS

Introduction

Properties

Logs

Tasks

NIS Tasks

LDAP

Introduction

Properties

Custom Mappings

Logs

Tasks

LDAP Tasks

Active Directory

Introduction

Properties

Join Domain

Join Workgroup

Domains and Workgroups

LDAP Signing

Windows Server 2008 Support

Section A: Kerberos issue (KB951191)

Section B: NTLMv2 issue (KB957441)

Section C: Note on NTLMv2

BUI

CLI

Tasks

Active Directory Tasks

Identity Mapping

Concepts

Identity Mapping Concepts

Mapping Modes

IDMU

Directory-based Mapping

Identity Mapping Directory-based Mapping

Properties

Name-based Mapping

Identity Mapping Name-based Mapping

Name-based Mapping Rules

Case Sensitivity

Mapping Persistence

Domain-Wide Rules

Deny Mappings

Mapping Rule Directional Symbols

Ephemeral Mapping

Best Practices

Testing Mappings

Examples

Tasks

Identity Mapping Tasks

DNS

Introduction

Properties

CLI

Logs

Active Directory and DNS

Non-DNS Resolution

DNS-Less Operation

IPMP

Introduction

Properties

Logs

Tasks

NTP

Introduction

Properties

Validation

Authentication

BUI

CLI

BUI Clock

Tips

Tasks

NTP Tasks

Remote Replication

Introduction

Dynamic Routing

RIP and RIPng Dynamic Routing Protocols

Logs

Phone Home

Introduction

Oracle Single Sign-On Account

Properties

Web Proxy

Registration

Status

Service state

Logs

SNMP

Introduction

Properties

MIBs

Sun FM MIB

Sun AK MIB

Tasks

SNMP Tasks

SMTP

Introduction

Properties

Logs

Service Tags

Introduction

Properties

System Identity

Introduction

Properties

Logs

SSH

Introduction

Properties

Logs

Tasks

SSH Tasks

Shadow Migration

Introduction

Properties

Managing Shadow Migration

Syslog

Introduction

Properties

Classic Syslog: RFC 3164

Updated Syslog: RFC 5424

Message Format

Alert Message Format

Receiver Configuration Examples

Configuring a Solaris Receiver

Configuring a Linux Receiver

5.  Shares

6.  Analytics

7.  Integration

Glossary

NFS

Introduction

Network File System (NFS) is an industry standard protocol to share files over a network. The Sun ZFS Storage Appliance supports NFS versions 2, 3, and 4. For more information on how the filesystem namespace is constructed, see the filesystem namespace section.

Properties

Property
Description
Minimum supported version
Use this drop-down list to control which versions of NFS the appliance supports.
Maximum supported version
Use this drop-down list to control which versions of NFS the appliance supports.
Maximum # of server threads
Define the maximum number of concurrent NFS requests (from 20 to 1000). This should at least cover the number of concurrent NFS clients that you anticipate.
Grace period
Define the number of seconds that all clients have to reclaim locks after an appliance reboot (from 15 to 600). During this period, the NFS service only processes reclaims of old locks. All other requests for service must wait until the grace period is over, which by default is 90. Reducing this value allows NFS clients to resume operation more quickly after a server reboot, but reducing the value also increases the probability that a client cannot recover all its locks.
Custom NFSv4 identity domain
Use this property to define the domain for mapping NFSv4 users and group identities. If you do not set this property, the appliances uses DNS to obtain the identity domain, first by checking for a _nfsv4idmapdomain DNS resource record, and then by falling back to the DNS domain itself.
Enable NFSv4 delegation
Select this property to allow clients to cache files locally and make modifications without contacting the server. This option is enabled by default and typically results in better performance; but in rare circumstances it can cause problems. You should only disable this setting after careful performance measurements of your particular workload and after validating that the setting has a measurable performance benefit. This option only affects NFSv4 mounts.
Kerberos realm
A realm is logical network, similar to a domain, that defines a group of systems that are under the same master KDC. Realm names can consist of any ASCII string. Usually, your realm name is the same as your DNS domain name, except that the realm name is in uppercase. Using this convention helps you differentiate problems with the Kerberos service from problems with the DNS namespace, while still using a name that is familiar.
Kerberos master KDC
In each realm, you must include a server that maintains the master copy of the principal database. The most significant difference between a master KDC and a slave KDC is that only the master KDC handles database administration requests. For instance, you must change a password or add a new principal on the master KDC.
Kerberos slave KDC
The slave contains duplicate copies of the principal database. Both the master KDC server and the slave KDC server create tickets that are used to establish authentication.
Kerberos admin principal
This property identifies the client. By convention, a principal name is divided into three components: the primary, the instance, and the realm. You can specify a principal as joe, joe/admin, or joe/admin@ENG.EXAMPLE.COM.
Kerberos admin password
Define the password for the admin principal.

Changing services properties is documented in the BUI and CLI sections of Services.

Setting the NFS minimum and maximum versions to the same value causes the appliance to only communicate with clients using that version. This may be useful if you find an issue with one NFS version or the other (such as the performance characteristics of an NFS version with your workload), and you want to force clients to only use the version that works best.

Kerberos Realms

Configuring a Kerberos realm creates certain service principals and adds the necessary keys to the system's local keytab. The NTP service must be configured before configuring Kerberized NFS. The following service principals are created and updated to support Kerberized NFS:

host/node1.example.com@EXAMPLE.COM
nfs/node1.example.com@EXAMPLE.COM

If you clustered your appliances, principals and keys are generated for each cluster node:

host/node1.example.com@EXAMPLE.COM
nfs/node1.example.com@EXAMPLE.COM
host/node2.example.com@EXAMPLE.COM
nfs/node2.example.com@EXAMPLE.COM

If these principals have already been created, configuring the realm resets the password for each of those principals. If you configured your appliance to join an Active Directory domain, you cannot configure it to be part of a Kerberos realm.

For information on setting up KDCs and Kerberized clients, see http://download.oracle.com/docs/cd/E19253-01/816-4557/setup-8/index.html. After setting NFS properties for Kerberos, change the Security mode on the Shares->Filesystem->Protocols screen to a mode using Kerberos.

The following ports are used by the appliance for Kerberos.

Logs

These logs are available for the NFS service:

Log
Description
network-nfs-server:default
Master NFS server log
appliance-kit-nfsconf:default
Log of appliance NFS configuration events
network-nfs-cbd:default
Log for the NFSv4 callback daemon
network-nfs-mapid:default
Log for the NFSv4 mapid daemon - which maps NFSv4 user and group credentials
network-nfs-status:default
Log for the NFS statd daemon - which assists crash and recovery functions for NFS locks
network-nfs-nlockmgr:default
Log for the NFS lockd daemon - which supports record locking operations for files

To view service logs, refer to the Logs section from Services.

Analytics

You can monitor NFS activity in the Analytics section. This includes:

Note: When the NFS server reboots or fails over the filename is unknown at the server until a new open from the client. The file appears as unknown in Analytics worksheets.

CLI

The following table describes the mapping between CLI properties and the BUI property descriptions above.

CLI Property
BUI Property
version_min
Minimum supported version
version_max
Maximum supported version
nfsd_servers
Maximum # of server threads
grace_period
Grace period
mapid_domain
Custom NFSv4 identity domain
enable_delegation
Enable NFSv4 delegation
krb5_realm
Kerberos Realm
krb5_kdc
Kerberos master KDC
krb5_kdc2
Kerberos slave KDC
krb5_admin
Kerberos admin principal

Tasks

NFS Tasks

Sharing a Filesystem over NFS

  1. Go to the Configuration->Services screen.
  2. Check that the NFS service is enabled and online. If not, enable the service.
  3. Got to the Shares screen and edit an existing share or create a new share.
  4. Click the Protocols tab of the share you are editing and check that NFS sharing is enabled. You can also configure the NFS share mode (read/read+write) in this screen.
Copyright © 2009, 2011, 2012, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next