= Multiprotocol Access from Linux and Windows :toc: :icons: :linkattrs: :imagesdir: ../resources/images == Summary This section will cover multiprotocol access to data on your *Amazon FSx for NetApp ONTAP* volume from Linux and Windows instances. You will mount the volume using NFS protocol from the Linux instance. Next, You will create an *_SMB share_* on the same volume and map it from the Windows instance, and experience the multiprotocol nature of ONTAP which allows access to the same data from Windows and Linux Clients. Although it's not part of this workshop, you can also utilize macOS clients as well. NOTE: The security style set on your volume determines the permissions that will be enforced for user authentication. Volume security style is inherited from the security style of the root volume of your SVM. During the SVM creation you can choose between Unix, NTFS or Mixed security styles. You can also choose to use a different volume security style then the SVM when creating a volume. For example, the SVM root volume may be set to Unix security style but when creating a new volume it can be set to the security style of NTFS. Even when a volume uses UNIX security style, SMB clients can still access data due to the multiprotocol nature of ONTAP provided they can properly authenticate and authorize the user credentials. The security style only determines the type of permissions ONTAP uses to control access to data and what type of client can modify the permissions. * Setting the security style to *Unix* enforces Unix style permissions. Use this if you are administering the volumes from Unix hosts or if your data volumes are primarily going to be accessed from Unix based servers. The data will remain accessible to Windows based clients. * If you are administering your volumes from Windows or if the data is primarily used by Windows applications set the security style to *NTFS*. The data will remain accessible to Unix based clients. * If the security style is set to *mixed*, then either Unix or NTFS permissions can be used on files and directories. The effective permissions are based on whichever type of client last modified the permissions. IMPORTANT: Mixed security style is not required for multi-protocol access or needed in most scenarios. == Duration NOTE: It will take approximately 5 minutes to complete this section. == Diagram You will be using resources deployed in the *Primary VPC* for this section of the workshop. image::primary-architecture.png[align="center"] == Step-by-step Guide (Mounting Volume on Linux Instance) === Mount volume on the Linux Instance IMPORTANT: Read through all steps below before continuing. //image::xxx.gif[align="left", width=600] . *_Return_* to the Session Manager connection of your *FSx for ONTAP Workshop Linux Instance*. + TIP: If the Session Manager window has timed out, e.g. the session is unresponsive, close the session window and create a new one. Return to the link:https://console.aws.amazon.com/ec2/[Amazon EC2] console. *_Click_* the radio button next to the instance with the name *FSx for ONTAP Workshop Linux Instance*. *_Click_* the *Connect* button. Connect using AWS Systems Manager - *_Select_* *Session Manager* tab and *_click_* the Connect button to open a session in your browser. Change the shell back to bash by typing the command ***bash*** and then return. + . *_Run_* the following command to see if any NFS volumes have been mounted. + [source,bash] ---- mount | grep nfs ---- + . Do you see any NFS volumes have been mounted? + NOTE: No volumes should be mounted at this time. + . *_Run_* the below commands to mount the NFS export. Replace the mount point if needed. + [source,bash] ---- sudo mkdir ${MOUNTPOINT} sudo mount -t nfs ${NFSENDPOINT}:/vol1_primary ${MOUNTPOINT} ---- + . *_Run_* below command to set the *user:group* Unix permissions for the mount point. *_Copy_* the command and paste it into your *Session Manager* window. + [source,bash] ---- sudo chown ssm-user:ssm-user ${MOUNTPOINT} ---- + . *_Run_* below command to confirm your file system was successfully mounted. + [source,bash] ---- mount | grep ${MOUNTPOINT} ---- + . What is the NFS version used by default to mount the file system? . *_Copy_* the script below and run the script to create a new directory and file in your NFS mount. + [source,bash] ---- mkdir ${MOUNTPOINT}/${DIRNAME} echo "This file is used for multi-protocol access demo" >> ${MOUNTPOINT}/${DIRNAME}/multiprotocol-demo.txt cat ${MOUNTPOINT}/${DIRNAME}/multiprotocol-demo.txt ---- == Step-by-step Guide (Create a CIFS share) IMPORTANT: Read through all steps below and watch the quick video if available before continuing. . *_Run_* the command below to SSH to the cluster management endpoint of your *Primary* FSx for ONTAP file system. + [source,bash] ---- ssh ${ADMINUSER}@${MGMTENDPOINT} ---- + . *_Create_* a *CIFS share* to share the *multiprotocol* directory using CIFS/SMB protocol with Windows Clients. + [source,bash] ---- vserver cifs share create -vserver svm01-primary -share-name multiprotocol -path /vol1_primary/multiprotocol ---- + . *_Run_* the below command to check if the share was created successfully. + [source,bash] ---- vserver cifs share show -vserver svm01-primary ---- + . You should be able to see the */vol1_primary/multiprotocol* exported as *_CIFS share_* with name *multiprotocol*. + TIP: If you created a SVM with NTFS or MIXED security style then you can create CIFS share from an Windows EC2 Instance ( *_Run_* *fsmgmt.msc* -> *_Right-click_* *Connect to another computer* and Enter the SMB DNS name for your SVM. *_Right-click_* on *shares* -> *new share* and follow the steps to create a new share. . *_Run_* the command below to quit the ONTAP CLI session. + [source,bash] ---- quit ---- == Step-by-step Guide (Map share to Windows Instance) === Map share to Windows Instance ==== Connect to the Windows instance via the Network Load Balancer . Go to the link:https://console.aws.amazon.com/ec2/home?#LoadBalancers[AWS Load Balancers] console and *_click_* on the name of the Network Load Balancer *WinRDPNLB*. . Make sure you are in the *AWS Region* of your workshop environment. If you need to change the *AWS Region* of the Amazon FSx console, in the top right corner of the browser window *_click_* the region name next to *Support* and *_click_* the appropriate *AWS Region* from the drop-down menu. . *_Click_* the image:copy-to-clipboard.png[align="left",width=20] shortcut next to the *DNS Name* of the *WinRDPNLB* Network Load Balancer under the *Details* section. . *_Launch_* your remote desktop application and create a new connection to the Network Load Balancer *DNS name* copied earlier as the host name of the new connection. + Tip: Windows users can use the built-in *Remote Desktop Connection* tool and Mac users can download the *Microsoft Remote Desktop* app available from the Mac App Store. If you're unfamiliar with *Remote Desktop* you can go to the link:https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-desktop-clients[Microsoft Remote Desktop client] page. + . Open the link:https://console.aws.amazon.com/secretsmanager/[AWS Secrets Manager] console. + TIP: *_Context-click (right-click)_* the link above and open the link in a new tab or window to make it easy to navigate between this GitHub workshop and AWS console. + . *_Click_* the *Secret name* link for *ADPassword-*. . *_Scroll_* to the *Secret value* section and *_click_* the *Retrieve secret value* button. . Use the *Secret key/value* pairs of *username* and *password* as the credentials to authenticate to the *FSx for ONTAP Workshop Windows Instance* for the remote desktop session. . Once connected to the Windows instance *_launch_* *File Explorer*. . *_Context-click (right-click)_* *This PC* and *_select_* *Map network drive...* . Map the file share using the following information: + [cols="3,10"] |=== | *Drive* a| Z: | *Folder* a| This is the UNC path of *multiprotocol* share. Return to the link:https://console.aws.amazon.com/fsx/[Amazon FSx] console, *_click_* the link to the *Primary* file system and *_select_* the *Storage virtual machines* tab. *_Click_* the link to the SVM name *svm01-primary* and then *_click_* the image:copy-to-clipboard.png[align="left",width=20] shortcut next to the *SMB DNS name* to *_copy_* the *SMB DNS Name* to the clipboard. Add the \\ to the first part of the UNC path and then paste in the *SMB DNS name* from the clipboard. *_Add_* *\multiprotocol* to the end of the *SMB DNS Name* to complete the UNC path to the multiprotocol share. (e.g. \\SVM01-PRIMARY.EXAMPLE.COM\multiprotocol). | *Reconnect at sign-in* a| Leave checked | *Connect using different credentials* a| Leave unchecked |=== + . In the *File Explorer* window of the *Z:* drive you should see the file *multiprotocol-demo.txt* which was created on the NFS mount point on your Linux instance. . *_Double-Click_* to open the file *multiprotocol-demo.txt* and see if you can read the contents of the file. == Next section Click the link below to go to the next section. image::data-protection.png[link=../04-data-protection/, align="left",width=420]