Application Integration
cancel
Showing results for 
Search instead for 
Did you mean: 

Default iGroup security setting

smilerspeaking136
Occasional Contributor

Default iGroup security setting

G'Morning,

Just getting into Nimble - coming NetApp background, playing with a base C220.

Is it possible to set the default iGroup security setting?

Example - out of the box, a NetApp filer when a new Volume is provisioned it automatically exports this via NFS. (our PS will always turn this off..)

I've been testing the Nimble integration tools etc, the datastore I had provisioned via the vCenter Plugin was unrestricted - which was a shock when I came round to testing with a 2008R2 VM and the Datastore was available. Following that any other volume I created manually all we unrestricted - I've got into the habbit of setting this now, but it's a concern I have rolling this out to customers.

Our SE said this wasn't possible, but I was curious if anyone knew of any magic or real world solutions.

Thanks

Sparkles

4 REPLIES
pdavies34
Valued Contributor

Re: Default iGroup security setting

Mike,

RFE is open to change current options, these will be confirmed later but would encourage anyone who thinks "Unrestricted Access" is undesirable as the first fallback option in both GUI/CLI, please add to this thread with your comments.

Unrestricted access is seen as a desirable troubleshooting option, perhaps it should only be avaialble as an advanced or hidden feature?

Should default access be "none" or should we force an Initiator Group to be created.  Is forcing an IG always possible if you don't yet know the iqn of a new server etc....  Would a default built in "null" IG Group help here? 


All comments/suggestions welcome.


Phil


jrich52352
Trusted Contributor

Re: Default iGroup security setting

I can see both sides of it... once you know its open and unrestricted then you know to deal with it.. and i guess from a troubleshooting aspect its helpful. but clearly its dangerous

Maybe just slap some big red text that says its open to all?

jwagner137
Advisor

Re: Default iGroup security setting

My two cents, I like Justins idea of putting a warning stating that unrestricted is open to all, but i'd also have it default to none.

amirul93
Advisor

Re: Default iGroup security setting

I've seen a few customers who have provisioned via the vCenter plugin also (which sets the volume to unrestricted access) and inadvertently left it as such as they haven't realised or gone into the volume access settings to check.

Further to your comments, I think it would be a good idea to provide an option to pick from a list of initiator groups on the system or allow you to create a new one (bearing in mind the points you make regarding knowing the IQN, etc) so in that case even an empty group would be good, which the administrator can populated with the actual IQN later. I think setting the volume to unrestricted access by default is potentially dangerous, therefore better to set the volume with No Access in that instance. I don't believe there is any reason to hide the Unrestricted Access option as it is invaluable for quick troubleshooting.