Overview
Our File Service Premium offering allows you to create different network share services based on the most common network storage protocols: NFS, SMB and iSCSI. It also provides a indelible backup service for your shares, which can be configured for 30 (30xDay), 90(90xDay) and 365(30xDay, 53xWeekly) days.
iSCSIInternet Small Computer Systems Interface NFS
This is an information messageImportant
Please note the following important security considerations:
- NFS is a very well-known and widely accepted file service for years. However, it does not include good security features such as encryption or strong authentication.
- Please follow these best practices:
- Be extremely careful with the "share acl/export policy"
- Only add required IPs
- Never use large subnet range, unless really needed
- Use random generated share names, rather than descriptive names
- If possible only use NFS v4, rather than NFS v3 (needs only 1 firewall port)
- Currently, there is no possibility for providing access logs for NFS exports.
Required firewall ports
NFS v3
Required firewall ports:
Name | Protocol | Destination Ports | Source Ports | Scope |
---|
portmapper | TCP/UDP | 111 | any | Global |
nfsd | TCP/UDP | 635 | any | Global |
mountd | TCP/UDP | 2049 | any | Global |
nlockmgr | TCP/UDP | 4045 | any | Global |
statd | TCP/UDP | 4046 | any | Global |
NFS v4:
Required firewall ports:
Name | Protocol | Destination Ports | Source Ports | Scope |
---|
nfsd | TCP | 2049 | any | Global |
This is an information messageNFS premium is not supported on Windows machines.
Windows NFSv3 clients do not support the network status monitor (NSM) protocol. As a result, Windows NFSv3 client sessions might experience disruptions during storage failover and volume move operations. For that reason there is no support of windows servers and disabled on purpose.
SMB
This is an information messageImportant
Please note following:
- Resource Domain: Only Swisscom-managed resource domain supported.
- SMB Version: Only SMB version 2.1 until 3.x supported. SMB version 1 is not supported.
- AD encryption: Only AD encryption type 1 supported.
- Hostname: Only FQDN supported. Provided by service provider and cannot be adapted.
- Access-based enumeration: Not supported.
- DFS Support: Can be used as target (does not replicate itself). No support is granted.
- Alias support: No alias support in AD/DNS.
- Subshares: Not supported.
- ODX is disabled and therefore not supported.
- Currently, there is no possibility for providing access logs for SMB shares.
Required firewall ports:
Name | Protocol | Destination Ports | Source Ports | Scope |
---|
microsoft-ds | TCP | 445 | any | Global |
iSCSI
Required firewall ports:
Name | Protocol | Destination Ports | Source Ports | Scope |
---|
iscsi-target | TCP | 3260 | any | Global |
This is an information messageImportant
Please note the following important considerations:
- We do not support ODX. Please make sure that ODX is disabled on the client. ODX might be activated by default on newer Windows versions.
- Make sure that iSCSI Multipathing is always activated to both provided IPs and, for Linux clients, 'failback immediate' is set in the multipath configuration.
- To maximize the performance of your iSCSI connection make sure to enable Jumbo Frames (MTU < 8800) in your OS.
- Currently, there is no possibility for providing access logs for iSCSI LUNs.