HPE Community
Application Integration
1826337 Members
2814 Online
109692 Solutions
New Discussion

Default iGroup security setting

 
smilerspeaking136
Occasional Contributor

‎07-22-2013 03:06 AM

‎07-22-2013 03:06 AM

Default iGroup security setting

G'Morning,

Just getting into Nimble - coming NetApp background, playing with a base C220.

Is it possible to set the default iGroup security setting?

Example - out of the box, a NetApp filer when a new Volume is provisioned it automatically exports this via NFS. (our PS will always turn this off..)

I've been testing the Nimble integration tools etc, the datastore I had provisioned via the vCenter Plugin was unrestricted - which was a shock when I came round to testing with a 2008R2 VM and the Datastore was available. Following that any other volume I created manually all we unrestricted - I've got into the habbit of setting this now, but it's a concern I have rolling this out to customers.

Our SE said this wasn't possible, but I was curious if anyone knew of any magic or real world solutions.

Thanks

Sparkles

Labels:
Reply
4 REPLIES 4
pdavies34
Valued Contributor

‎07-22-2013 05:35 AM

‎07-22-2013 05:35 AM

Re: Default iGroup security setting

Mike,

RFE is open to change current options, these will be confirmed later but would encourage anyone who thinks "Unrestricted Access" is undesirable as the first fallback option in both GUI/CLI, please add to this thread with your comments.

Unrestricted access is seen as a desirable troubleshooting option, perhaps it should only be avaialble as an advanced or hidden feature?

Should default access be "none" or should we force an Initiator Group to be created.  Is forcing an IG always possible if you don't yet know the iqn of a new server etc....  Would a default built in "null" IG Group help here? 


All comments/suggestions welcome.


Phil


Reply
jrich52352
Trusted Contributor

‎07-22-2013 09:05 AM

‎07-22-2013 09:05 AM

Re: Default iGroup security setting

I can see both sides of it... once you know its open and unrestricted then you know to deal with it.. and i guess from a troubleshooting aspect its helpful. but clearly its dangerous

Maybe just slap some big red text that says its open to all?

Reply
jwagner137
Advisor

‎09-18-2013 09:33 AM

‎09-18-2013 09:33 AM

Re: Default iGroup security setting

My two cents, I like Justins idea of putting a warning stating that unrestricted is open to all, but i'd also have it default to none.

0 Kudos
Reply
amirul93
Advisor

‎09-20-2013 12:15 PM

‎09-20-2013 12:15 PM

Re: Default iGroup security setting

I've seen a few customers who have provisioned via the vCenter plugin also (which sets the volume to unrestricted access) and inadvertently left it as such as they haven't realised or gone into the volume access settings to check.

Further to your comments, I think it would be a good idea to provide an option to pick from a list of initiator groups on the system or allow you to create a new one (bearing in mind the points you make regarding knowing the IQN, etc) so in that case even an empty group would be good, which the administrator can populated with the actual IQN later. I think setting the volume to unrestricted access by default is potentially dangerous, therefore better to set the volume with No Access in that instance. I don't believe there is any reason to hide the Unrestricted Access option as it is invaluable for quick troubleshooting.


0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.