2 Replies Latest reply: Apr 4, 2014 11:47 PM by Mark RSS

Limiting share access by SmartConnect Zones

JWeinsheimer

Just getting started with the Isilon and I'm trying to find out if it's possible to define which shares (or IFS sub-directory) can be accessed by a specific SmartConnect zone without relying on access based enumeration.

 

The intent is to easily configure ZoneA.isilon.emc.com to only see shares 1, 2 and 3, while ZoneB.isilon.emc.com can see shares 4, and 5.

 

 

 

Thanks!

  • 1. Re: Limiting share access by SmartConnect Zones
    Peter Serocka

    Yes, at least for SMB shares you can use multiple "Access zones" (new in OneFS 7.0), where each access zone ties together  only selected shares, SmartZonnect zones/pools  and authentication providers.

     

    -- Peter

  • 2. Re: Limiting share access by SmartConnect Zones
    Mark

    You need to look into Access Zones.  By default Isilon has one Access Zone called "System".  You can create a new access zone,  associated it with a SmartConnect subnet.  Once you do that then that new access zone has an "visible shares" options where you can select which SMB shares the Access Zone can see.

     

    NFS still must use the System access zone.

     

    I'd also mention the default "System" access zone is uses with the default subnet (subnet0:pool0). Do not remove "System" for subnet0:pool0 until you have assigned another subnet to System,  or you will lose SSH and WebUI access.