= Multiprotocol Access from Linux and Windows :toc: :icons: :linkattrs: :imagesdir: ../resources/images == Summary This section will cover multiprotocol access to data on your *Amazon FSx for NetApp ONTAP* volume from Linux and Windows instances. You will mount the volume using NFS protocol from the Linux instance. Next, You will create a *_SMB share_* on the same volume and map it from the Windows instance, and experience the multiprotocol nature of ONTAP which allows access to the same data from Windows and Linux Clients. NOTE: The security style set on your volume determines the permissions that will be enforced for user authentication. Volume security style is inherited from the security style of the root volume of your SVM. During the SVM creation you can choose between Unix, NTFS or Mixed security styles. Even when a volume uses UNIX security style, SMB clients can still access data due to the multiprotocol nature of ONTAP provided they can properly authenticate and authorize the user credentials. The security style only determines the type of permissions ONTAP uses to control access to data and what type of client can modify the permissions. * Setting the security style to *Unix* enforces Unix style permissions. Use this if you are administering the volumes from Unix hosts or if your data volumes are primarily going to be accessed from Unix based servers. * If you are administering your volumes from Windows or if the data is primarily used by Windows applications set the security style to *NTFS*. * If the security style is set to *mixed*, then either Unix or NTFS permissions can be used on files and directories. The effective permissions are based on whichever type of client last modified the permissions. == Duration NOTE: It will take approximately 10 minutes to complete this section. == Access the file system === Mount a volume on a Linux instance IMPORTANT: Read through all steps below before continuing. //image::xxx.gif[align="left", width=600] . Return to the SSH connection of the *FSx for ONTAP Workshop Linux Instance*. + TIP: If the session has timed out, e.g. the session is unresponsive, close the session window and create a new one. Return to the link:https://console.aws.amazon.com/ec2/[Amazon EC2] console. *_Click_* the radio button next to the instance with the name *FSx for ONTAP Workshop Linux Instance*. *_Click_* the *Connect* button. Connect using AWS Systems Manager - *_Select_* *Session Manager* tab and *_click_* the Connect button to open a session in your browser (*recommended*). Alternately, SSH using Terminal client - *_Select_* *SSH client* tab and *_Copy_* the Example SSH command shown and *_click_* Close. ** *_Open_* your terminal application and *_paste_* the SSH command in a terminal window. ** *_Follow_* the prompts to SSH into the instance. + . *_Run_* the following command to see if any NFS volumes have been mounted. + [source,bash] ---- mount | grep nfs ---- + . Do you see any NFS volumes have been mounted? NOTE: No volumes should be mounted at this time. . *_Copy_* the script below into your favorite text editor. Replace the mount point if needed. + [source,bash] ---- MOUNTPOINT=/fsx sudo mkdir ${MOUNTPOINT} sudo mount -t nfs ${NFSENDPOINT}:/vol1 ${MOUNTPOINT} ---- + . *_Run_* below command to set the *user:group* for the mount point. *_Copy_* the command with *ssm-user:ssm-user* if you are using a SSH session from *Session Manager*. *_Copy_* the command with *ec2-user:ec2-user* if you are using a SSH session from your *Terminal*. + [source,bash] ---- sudo chown ec2-user:ec2-user ${MOUNTPOINT} or sudo chown ssm-user:ssm-user ${MOUNTPOINT} ---- + . *_Return_* to the SSH connection of the *FSx for ONTAP Workshop Linux Instance*. + TIP: If the SSH connection has timed out, e.g. the session is unresponsive, close the SSH connection window and create a new one. + . *_Paste_* and run the script you copied to the clipboard in the SSH connection window. . *_Run_* below command to confirm your file system was successfully mounted. + [source,bash] ---- mount | grep ${MOUNTPOINT} ---- + . What is the NFS version used by default to mount the file system? . How do you mount the file system with a different NFS version? . *_Run_* below command to mount the file system using *NFS version 3* or customize the default mount options. + [source,bash] ---- V3MOUNT=/fsxnfsv3 sudo mkdir ${V3MOUNT} sudo mount -t nfs -o vers=3 ${NFSENDPOINT}:/vol1 ${V3MOUNT} ---- + . *_Run_* below command to confirm your file system was successfully mounted. + [source,bash] ---- mount | grep ${V3MOUNT} ---- + * You should see the volume mounted with NFS version 3. + . *_Run_* below command to unmount the NFSv3 mount. + [source,bash] ---- sudo umount ${V3MOUNT} ---- + . *_Copy_* the script below and run the script to create a new directory and file in your NFS mount. + [source,bash] ---- DIRNAME=multiprotocol mkdir ${MOUNTPOINT}/${DIRNAME} echo "This file is used for multi-protocol access demo" >> ${MOUNTPOINT}/${DIRNAME}/multiprotocol-demo.txt cat ${MOUNTPOINT}/${DIRNAME}/multiprotocol-demo.txt ---- + === Create a CIFS share IMPORTANT: Read through all steps below and watch the quick video if available before continuing. . *_Return_* to the SSH connection of your *FSx for ONTAP Workshop Linux Instance* and SSH to the file system management endpoint of your file system to create a *ONTAP CLI* session. + [source,bash] ---- ssh ${ADMINUSER}@${MGMTENDPOINT} ---- + . *_Create_* a *CIFS share* to share the *multiprotocol* directory using CIFS/SMB protocol with Windows clients. + [source,bash] ---- vserver cifs share create -vserver svm01 -share-name multiprotocol -path /vol1/multiprotocol ---- + . *Run* the following command to check if the share was created successfully. + [source,bash] ---- vserver cifs share show -vserver svm01 ---- + . You should be able to see the */vol1/multiprotocol* exported as *_CIFS share_* with name *multiprotocol*. TIP: If you created a SVM with NTFS or MIXED security style then you can create CIFS share from an Windows EC2 Instance ( *_Run_* *fsmgmt.msc* -> *_Right-click_* *Connect to another computer* and Enter the SMB DNS name for your SVM. *_Right-click_* on *shares* -> *new share* and follow the steps to create a new share. === Map a share to the Windows instance ==== Connect to the Windows instance . Go back to the Amazon EC2 console, *_Click_* *Instances (running)* . *_Click_* the radio button next to the instance with the name *FSx for ONTAP Workshop Windows Instance*. . *_Copy_* the *Public DNS (IPv4)* name of the *FSx for ONTAP Workshop Windows Instance*. . Launch your remote desktop application and create a new connection. * Windows Users - use the built-in *Remote Desktop Connection* application. * Mac Users - use the link:https://apps.apple.com/us/app/microsoft-remote-desktop/id1295203466?mt=12/[Microsoft Remote Desktop] app available from the Mac App Store. . Use the DNS name copied above as the host name of the new connection. . Start a remote desktop session to the new connection (you will retrieve the *user name* and *password* from *AWS Secrets Manager*). . Open the link:https://console.aws.amazon.com/secretsmanager/[AWS Secrets Manager] console. + TIP: *_Context-click (right-click)_* the link above and open the link in a new tab or window to make it easy to navigate between this GitHub workshop and AWS console. + . *_Click_* the *Secret name* link for *Password-*. . *_Scroll_* to the *Secret value* section and *_click_* the *Retrieve secret value* button. . Use the *Secret key/value* pairs of *username* and *password* as the credentials to authenticate to the *FSx for ONTAP Workshop Windows Instance* for the remote desktop session. . *_Launch_* *File Explorer*. . *_Context-click (right-click)_* *This PC* and *_select_* *Map network drive...* . Map the file share using the following information: + [cols="3,10"] |=== | *Drive* a| Z: | *Folder* a| This is the UNC path of *multiprotocol* share. Return to the link:https://console.aws.amazon.com/fsx/[Amazon FSx] console, *_click_* the link to the file system and *_select_* the *Storage virtual machines* tab. *_Click_* *SVM Name* and then *_click_* the image:copy-to-clipboard.png[align="left",width=20] shortcut next to the *SMB DNS name* to *_copy_* the *SMB DNS Name* to the clipboard and paste it as the first part of the UNC path. *_Add_* *\multiprotocol* to the end of the *SMB DNS Name* to complete the UNC path to the multiprotocol share. (e.g. \\svm01.example.com\multiprotocol). | *Reconnect at sign-in* a| Leave checked | *Connect using different credentials* a| Leave unchecked |=== + . In the *File Explorer* window of the *Z:* drive you should see the file *multiprotocol-demo.txt* which was created on the NFS mount point on your Linux instance. . *_Double-Click_* to open the file *multiprotocol-demo.txt* and see if you can read the contents of the file. == Next section Click the link below to go to the next section. image::flexclone.jpg[link=../05-flexclone/, align="left",width=420]