Table of Contents

Multiprotocol File Access Workflow

The Multiprotocol File Access workflow enables you to set up multiprotocol file access for UNIX and Windows clients when the security style of the volume is NTFS, UNIX, or Mixed (both NTFS and UNIX). It enables you to provision storage, create NTFS or UNIX security-style volumes, and create shares and exports to the provisioned volumes.

The following sections provide details about the workflow and how to execute the workflow:

Prerequisites for executing the Multiprotocol File Access workflow

You must ensure that certain requirements are met before executing the Multiprotocol File Access workflow. You must be a cluster administrator for executing this workflow.

  • Your system must be running ONTAP.
    Note: This workflow is qualified to work with ONTAP 8.2.1 and later.
  • OnCommand Workflow Automation (WFA) 3.0 must be installed.
  • You must have added any version of OnCommand Unified Manager from 6.1 through 9.5 or Active IQ Unified Manager 9.6 or later as a data source in WFA and obtained the latest Unified Manager data.
  • You must have created the CIFS and NFS servers for the storage virtual machine (SVM) on which you want to create SMB shares and NFS exports.
  • You must have created at least one data LIF for the SVM on which the NFS and CIFS servers are configured.
  • The data LIF must be reachable by clients that need to access data.
  • The cluster time must be synchronized with an NTP server.
  • DNS must be configured on the SVM.
  • DNS entries on the DNS server must exist that map the CIFS server name to existing data LIFs used by the CIFS server.
  • A network path from the CIFS server to the Active Directory domain controllers must be created.
  • Name mapping between Windows and UNIX users must be configured and validated.

What happens when you execute the Multiprotocol File Access workflow

The Multiprotocol File Access workflow enables you to select an SVM, create an aggregate, create a volume and apply the appropriate security style (NTFS, UNIX, or Mixed), create an export policy and export rules, and apply the export policy to the volume, create an SMB share, and configure share permissions.

Based on your volume's security style, you should verify your configuration from an appropriate administration host and target client.

Note: The workflow does not include the verification procedure.

The following illustration displays the tasks involved in executing the workflow:


Image displays tasks performed in the Multiprotocol File Access workflow.

Executing the Multiprotocol File Access workflow

Executing the Multiprotocol File Access workflow enables you to set up multiprotocol file access for UNIX and Windows clients when the security style of the volume is NTFS, UNIX, or Mixed (both NTFS and UNIX).

Before you begin

You must have reviewed the requirements for executing the workflow.

About this task

You should have the following input parameters available for executing the workflow:

  • Cluster name
  • SVM name
  • File access type: UNIX, NTFS, or Mixed
  • If you want to create an aggregate:
    • Node name
    • Aggregate name
    • Aggregate RAID type
    • Number of disks to create the aggregate
  • Extended volume style (FlexVol or FlexGroup), volume name, size, and junction path
  • Encrypt Volume (optional)
  • If you want to select UNIX security style for your volume:
    • Name of the export policy
    • Export rule details: client match, read-only security type, and read/write security type
  • If you want to select NTFS security style for your volume:
    • Name of the CIFS share
    • Required user access permission to the share

Steps

  1. Log in to WFA by providing the necessary credentials.
  2. Click Portal > Storage Provisioning > Multiprotocol File Access.
    Tip: You can use the filter () to locate the workflow.
  3. Click the Execute icon ().
    The Execute Workflow 'Multiprotocol File Access' dialog box is displayed.
  4. Select the cluster name.
  5. Select the file access type from the drop-down list.
  6. Select an existing SVM from the drop-down list.
  7. Provide the aggregate details:
    If you are... Do this…
    Using an existing aggregate Select an appropriate aggregate from the drop-down list.
    Creating an aggregate

    Enter the following values:

    • Node name
    • Aggregate name
    • RAID type
    • Disk count
  8. Provide volume details, such as extended volume style (FlexVol or FlexGroup), volume name, size, security style, and junction path. Ensure the Encrypt Volume check box is selected.
    If you are... Do this...
    Selecting volume style as FlexVol Go to the next step.
    Note: For FlexVol, if the volume is "thick" (that is, space guarantee is other than none), then the FabricPool will be discarded from the selection list in the "List Of Aggregate" field.
    Selecting volume style as FlexGroup Create an aggregate list:
    1. Select the aggregates in the Aggregate List* from the available List Of Aggregates (Read Only).

      You can select one or more aggregates for the Aggregate List*. You can also use the same aggregate multiple times in the list.

    2. Enter the number of constituent volumes you want to create per aggregate for FlexGroup in the Aggregate List Multiplier.
    Note: ONTAP 9.4 and earlier does not support the creation of FlexGroup on the FabricPool.
  9. Based on the volume security style you specified, provide the following values:
    If you have selected... Do this...
    UNIX

    Specify the following export policy and rule details:

    • Export policy name
    • Client specification
    • Read-only rule
    • Read/write rule
    • Superuser rule
    NTFS

    Specify the following CIFS share and user access details:

    • Name of the CIFS share
    • Name of the users or group
    • Appropriate access levels
    Mixed Specify the following details:
    • Export policy and rules
    • CIFS share and user access details
  10. Optional: Select the Encrypt Volume checkbox to encrypt the volume.
    Encrypt Volume supports the Volume Granular Encryption functionality. By default, it is unchecked. This functionality is only supported on FlexVol volumes.
  11. Optional: Click Preview to validate your workflow before executing it.
  12. Click Execute.
    You can also schedule the workflow for execution at a later date and time by selecting the Choose Date and Time for Execution check box.

After you finish

After executing the workflow, based on the volume security style, you should verify your configuration from the corresponding client. For UNIX security style, test the NFSv3 access from a UNIX client. For NTFS security style, test the SMB/CIFS access from a Windows client.