- Notes, cautions, and warnings
- Introduction
- Revision history
- Initial configuration and setup
- Performing common tasks
- Displaying system information at a glance
- Managing block storage
- Protection domains
- Fault sets
- Storage data servers
- Storage pools
- Acceleration pools
- Devices
- Volumes
- NVMe targets
- Hosts
- Managing file storage
- Overview of configuring NAS servers
- About file system storage
- File protection
- Create a protection policy
- Create snapshot rules
- Create a snapshot
- Assign a protection policy to a file system
- Unassign a protection policy
- Modify a protection policy
- Delete a protection policy
- Modify a snapshot rule
- Delete a snapshot rule
- Refresh a file system using snapshot
- Restore a file system from a snapshot
- Protecting a block storage environment
- Snapshots
- Create snapshots
- Overwrite volume content from a snapshot
- Set bandwidth and IOPS limits for snapshots
- Lock and unlock snapshots
- Delete snapshots
- Map snapshots
- Unmap snapshots
- Increase the size of a snapshot
- Migrate a snapshot vTree
- Pause snapshot vTree migration
- Roll back snapshot vTree migration
- Set snapshot vTree migration priority
- Snapshot policies
- Remote protection
- Extract and upload certificates
- Journal capacity
- Add a peer system
- Restart the replication cluster
- SDRs
- Replication consistency group
- Replication direction and mapping
- Create an RCG
- Map RCG target volumes to hosts
- Unmap a host from RCG target volumes
- Set the target to inconsistent mode
- Set the target to consistent mode
- Modify RPO
- Add a replication pair to an RCG
- Pause replication for an RCG
- Resume replication for an RCG
- Create a snapshot of an RCG volume
- Add an RCG snapshot policy
- Perform a failover
- Reverse replication
- Restore replication
- Test Failover
- Stop a failover test
- Freeze an RCG
- Unfreeze an RCG
- Activate an RCG
- Terminate replication in an RCG
- Delete an RCG
- Pause creation of an initial copy
- Resume creation of initial copy
- Set copying priority
- Unpair from RCG
- Snapshots
- Performing lifecycle operations for a resource group
- Deploying a resource configuration in a resource group
- Basic tasks
- Deploying a resource group
- Adding an existing resource group
- Updating a resource group with new firmware and software
- Viewing a compliance report
- Entering and exiting service mode
- Replacing a drive
- Replacing NVDIMM node or battery
- Reconfiguring MDM roles
- Migrating vCLS VMs to shared storage
- Adding components to a resource group
- Resize a volume
- Removing resources from a resource group
- Adding NVMe/TCP storage access
- Additional resource group management tasks
- Basic tasks
- Preparing a template for a resource group deployment
- Basic tasks
- Additional template management tasks
- Deploying a resource configuration in a resource group
- Managing resources
- Basic tasks
- Additional resource management tasks
- Monitoring events and alerts
- Configuring system settings
- User management
- Repositories
- Getting started
- Networking
- Events and alerts
- License management
- Security
- Serviceability
- Software upgrade
- PowerFlex Manager user interface reference
- Additional administration activities
- Retrieving logs for the PowerFlex nodes
- Retrieving logs for PowerFlex components
- Retrieving additional PowerFlex logs
- Enabling audit logging
- Managing storage devices using CloudLink
- Understanding NVMe over TCP load balancing
- Managing NAS server configuration
- Migrating to NVMe/TCP on ESXi
Dell PowerFlex 4.5.x Administration Guide
NAS server security
You can configure the security settings for a NAS server from the card.
Kerberos
Kerberos is a distributed authentication service designed to provide strong authentication with secret-key cryptography. It works on the basis of "tickets" that allow nodes communicating over a non-secure network to prove their identity in a secure manner. When configured to act as a secure NFS server, the NAS server uses the RPCSEC_GSS security framework and Kerberos authentication protocol to verify users and services.- Using Kerberos with NFS requires that DNS and a UDS, are configured for the NAS server and that all members of the Kerberos realm are registered in the DNS server.
- For authentication Kerberos can be configured with either a custom realm, or with Active Directory (AD).
- The storage system must be configured with an NTP server. Kerberos relies on the correct time synchronization between the KDC, servers, and the client network.
Configuring Kerberos for Secure NFS
If you are configuring Kerberos for Secure NFS, be aware of the following:
- If configuring the NAS server for NFS only, you must configure the NAS server with a custom realm. If you have configured the NAS server with NFS and SMB, you can use either the AD or custom realm.
- Using LDAPS or LDAP with Kerberos is recommended for increased security.
- A DNS server must be configured at the NAS-server level. All members of the Kerberos realm, including the KDC, NFS server, and NFS clients, must be registered in the DNS server.
- The NFS client hostname FQDN and NAS server FQDN must be registered in the DNS server. Clients and servers must be able to resolve any member of the Kerberos realm's FQDNs to an IP address.
- The FQDN part of the NFS client SPN must be registered in the DNS server.
- A keytab file must be uploaded to your NAS server when configuring Secure NFS.
NOTE:
- Use the Retrieve Ketyab File to download a keytab file you have previously uploaded to the NAS server.
- Use the Upload the Keytab File to upload the keytab file after you have validated the content.
Antivirus (Common AntiVirus Agent (CAVA))
Available for SMB servers only.
Common AntiVirus Agent (CAVA) provides an antivirus solution to clients using a NAS server. It uses an industry-standard SMB protocol in a Microsoft Windows Server environment. CAVA uses third-party antivirus software to identify and eliminate known viruses before they infect files on the storage system.
Antivirus software is important because the storage system is resistant to the invasion of viruses because of its architecture. The NAS server runs data access in real-time using an embedded operating system. Third parties are unable to run programs containing viruses on this operating system. Although the operating system software is resistant to viruses, Windows clients that access the storage system require virus protection. Virus protection on clients reduces the chance that they will store an infected file on the server, and protects them if they open an infected file. This antivirus solution consists of a combination of the operating system software, CAVA agent, and a third-party antivirus engine. The CAVA software and a third-party antivirus engine must be installed on a Windows Server in the domain.
Antivirus support for CAVA is disabled by default. To enable CAVA:
- Click the Disabled button and click Apply.
- If you do not have a current CAVA configuration file available:
- Click Retrieve Current Configuration.
- Complete the CAVA configuration file template.
- Upload the CAVA current configuration file.
- Click Enabled to start antivirus support.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\