Overview

Our File Service Premium offering allows you to create different network share services based on the most common network storage protocols: NFS, SMB and iSCSI:

NFSNetwork File System
SMBServer Message Block
iSCSIInternet Small Computer Systems Interface

NFS

This is an information message

Important

Please note the following important security considerations:

  • NFS is a very well-known and widely accepted file service for years. However, it does not include good security features such as encryption or strong authentication.
  • Please follow these best practices:
    • Be extremely careful with the "share acl/export policy"
    • Only add required IPs
    • Never use large subnet range, unless really needed
    • Use random generated share names, rather than descriptive names
    • If possible only use NFS v4, rather than NFS v3 (needs only 1 firewall port)
    • Currently, there is no possibility for providing access logs for NFS exports.

Required firewall ports

NFS v3

Required firewall ports:

NameProtocolDestination PortsSource PortsScope
portmapperTCP/UDP111anyGlobal
nfsdTCP/UDP635anyGlobal
mountdTCP/UDP2049anyGlobal
nlockmgrTCP/UDP4045anyGlobal
statdTCP/UDP4046anyGlobal

NFS v4:

Required firewall ports:

NameProtocolDestination PortsSource PortsScope
nfsdTCP2049anyGlobal
This is an information message

Additional information

NFS premium is not supported on Windows machines.

Windows NFSv3 clients do not support the network status monitor (NSM) protocol. As a result, Windows NFSv3 client sessions might experience disruptions during storage failover and volume move operations. For that reason there is no support of windows servers and disabled on purpose.

SMB

This is an information message

Important

Please note following:

  • Resource Domain: Only Swisscom-managed resource domain supported.
  • SMB Version: Only SMB version 2.1 until 3.x supported. SMB version 1 is not supported.
  • AD encryption: Only AD encryption type 1 supported.
  • Hostname: Only FQDN supported. Provided by service provider and cannot be adapted.
  • Access-based enumeration: Not supported.
  • DFS Support: Can be used as target (does not replicate itself). No support is granted.
  • Alias support: No alias support in AD/DNS.
  • Subshares: Not supported.
  • ODX is disabled and therefore not supported.
  • Currently, there is no possibility for providing access logs for SMB shares.

Required firewall ports:

NameProtocolDestination PortsSource PortsScope
microsoft-dsTCP445anyGlobal

iSCSI

Required firewall ports:

NameProtocolDestination PortsSource PortsScope
iscsi-targetTCP3260anyGlobal
This is an information message

Important

Please note the following important considerations:

  • We do not support ODX. Please make sure that ODX is disabled on the client. ODX might be activated by default on newer Windows versions.
  • Make sure that iSCSI Multipathing is always activated to both provided IPs and, for Linux clients, 'failback immediate' is set in the multipath configuration.
  • To maximize the performance of your iSCSI connection make sure to enable Jumbo Frames (MTU < 8800) in your OS.
  • Currently, there is no possibility for providing access logs for iSCSI LUNs.

Last Updated: