+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 19 of 19
Hardware Thread, NFS security on Sun 7110 SAN in Technical; Originally Posted by cookie_monster But could someone still spoof an IP and connect if so it's still limited security for ...
  1. #16
    apaton's Avatar
    Join Date
    Jun 2009
    Location
    Kings Norton
    Posts
    283
    Thank Post
    54
    Thanked 106 Times in 87 Posts
    Rep Power
    36
    Quote Originally Posted by cookie_monster View Post
    But could someone still spoof an IP and connect if so it's still limited security for what could be sensitive data?
    I agree, thus I said its "not 100% robust but if you trust IP address....". A dedicated network/VLAN for NFS traffic will help slightly. I'm sure this is more than enough security for most environments.

  2. #17
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,201
    Thank Post
    392
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    Ok, I just like to have a full understanding of the security implications of any setup I have running.

    Thanks.

  3. #18
    Duke's Avatar
    Join Date
    May 2009
    Posts
    1,017
    Thank Post
    300
    Thanked 174 Times in 160 Posts
    Rep Power
    57
    Quote Originally Posted by apaton View Post
    I will agree its not 100% robust but if you trust IP address and user authentication/mapping (LDAP/NIS/Local users) then your OK.

    With the 7110 storage you get close to this. You can restrict which hosts and/or networks can access the a NFS share, then your down to user permissions/ACL's for fine grain file access.

    I've used this method for XenSever and ESX, this leaves the PUBLIC network open to CIFS and iSCSI only, as already discussed in this thread.
    I thought this was possible too, and at the end of the day this is no worse than the security you have on a Windows server share. However, my question then is what permissions need to be set to allow an ESX host to access an NFS share? In other words, which account do I need to grant access to, is it something like root@esxhost.local, and if so how does the S7000 validate that account?

    Does the NFS Exceptions security just work along the same principles as iSCSI initiator security, in that you allow/deny certain hosts (in this case hostnames rather than initiator names)?

    Cheers,
    Chris

  4. #19
    apaton's Avatar
    Join Date
    Jun 2009
    Location
    Kings Norton
    Posts
    283
    Thank Post
    54
    Thanked 106 Times in 87 Posts
    Rep Power
    36
    Quote Originally Posted by Duke View Post
    my question then is what permissions need to be set to allow an ESX host to access an NFS share? In other words, which account do I need to grant access to, is it something like root@esxhost.local, and if so how does the S7000 validate that account?

    Does the NFS Exceptions security just work along the same principles as iSCSI initiator security, in that you allow/deny certain hosts (in this case hostnames rather than initiator names)?

    Cheers,
    Chris

    ESX mount NFS volumes as the "root" user (UID 0). It term's of NFS "root" is automatically demoted to user "nobody" for security reasons.

    So on the S7000 you can do two things

    1) Create a share with access control of "nobody" and "other"
    2) Under NFS Exceptions select "ROOT ACCESS" check box for specific host


    Andy
    Last edited by apaton; 29th July 2009 at 06:04 PM. Reason: spelling mistake

  5. Thanks to apaton from:

    Duke (30th July 2009)

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Sun Storage 7110
    By Ric_ in forum Hardware
    Replies: 663
    Last Post: 17th August 2012, 07:34 AM
  2. Sun Storage 7110 Performance
    By Ric_ in forum Hardware
    Replies: 64
    Last Post: 7th November 2011, 07:52 PM
  3. XEN Pool with Sun 7110 NFS
    By dan400007 in forum Thin Client and Virtual Machines
    Replies: 7
    Last Post: 30th June 2009, 12:46 PM
  4. Sun 7000 - NFS with ESX How-To?
    By Duke in forum Hardware
    Replies: 0
    Last Post: 12th June 2009, 02:33 PM
  5. Xenserver 5 and SUN 7110 SAN
    By cookie_monster in forum Thin Client and Virtual Machines
    Replies: 9
    Last Post: 1st June 2009, 06:06 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •