You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/storage/files/storage-files-how-to-mount-nfs-shares.md
+24-22Lines changed: 24 additions & 22 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -11,42 +11,44 @@ ms.author: kendownie
11
11
12
12
# Mount NFS Azure file shares on Linux
13
13
14
-
Azure file shares can be mounted in Linux distributions using either the Server Message Block (SMB) protocol or the Network File System (NFS) protocol. This article is focused on mounting with NFS. For details on mounting SMB Azure file shares, see [Use Azure Files with Linux](storage-how-to-use-files-linux.md). For details on each of the available protocols, see [Azure file share protocols](storage-files-planning.md#available-protocols).
14
+
Azure file shares can be mounted in Linux distributions using either the Server Message Block (SMB) protocol or the Network File System (NFS) protocol. This article is focused on mounting with NFS. For details on mounting SMB file shares, see [Use Azure Files with Linux](storage-how-to-use-files-linux.md). For details on each of the available protocols, see [Azure file share protocols](storage-files-planning.md#available-protocols).
15
15
16
16
## Applies to
17
-
18
-
| File share type | SMB | NFS |
19
-
|-|:-:|:-:|
20
-
| Standard file shares (GPv2), LRS/ZRS |||
21
-
| Standard file shares (GPv2), GRS/GZRS |||
NFS Azure file shares are supported in all the same regions that support premium file storage. See [Azure products available by region](https://azure.microsoft.com/explore/global-infrastructure/products-by-region/?products=storage®ions=all).
31
-
32
-
## Step 1: Create an NFS Azure file share
33
-
34
-
If you haven't already done so, [create an NFS Azure file share](storage-files-how-to-create-nfs-shares.md).
36
+
NFS file shares are supported in all the same regions that support SSD file shares. See [Azure Files redundancy support for SSD file shares](./redundancy-premium-file-shares.md).
35
37
36
-
## Step 2: Configure network security
38
+
## Step 1: Configure network security
37
39
38
-
NFS shares can only be accessed from trusted networks. Currently, the only way to secure the data in your storage account is by using a virtual network and other network security settings. Any other tools used to secure data, including account key authorization, Microsoft Entra security, and access control lists (ACLs) can't be used to authorize an NFSv4.1 request.
40
+
NFS file shares can only be accessed from trusted networks. Currently, the only way to secure the data in your storage account is by using a virtual network and other network security settings. Any other tools used to secure data, including account key authorization, Microsoft Entra security, and access control lists (ACLs) can't be used to authorize an NFSv4.1 request.
39
41
40
42
> [!IMPORTANT]
41
-
> The NFSv4.1 protocol runs on port 2049. If you're connecting from an on-premises network, make sure that your client allows outgoing communication through port 2049. If you've granted access to specific VNets, make sure that any network security groups associated with those VNets don't contain security rules that block incoming communication through port 2049.
43
+
> The NFSv4.1 protocol runs on port 2049. If you're connecting from an on-premises network, make sure that your client allows outgoing communication through port 2049. If you grant access to specific VNets, make sure that any network security groups associated with those VNets don't contain security rules that block incoming communication through port 2049.
42
44
43
45
### Create a private endpoint or service endpoint
44
46
45
47
To use NFS Azure file shares, you must either [create a private endpoint](storage-files-networking-endpoints.md#create-a-private-endpoint) (recommended) or [restrict access to your public endpoint](storage-files-networking-endpoints.md#restrict-public-endpoint-access).
46
48
47
49
### Disable secure transfer
48
50
49
-
Azure Files doesn't currently support encryption-in-transit with the NFS protocol and relies instead on network-level security. Therefore, you'll need to disable secure transfer on your storage account.
51
+
Azure Files doesn't currently support encryption-in-transit with the NFS protocol and relies instead on network-level security. Therefore, you need to disable secure transfer on your storage account.
50
52
51
53
1. Sign in to the [Azure portal](https://portal.azure.com/) and access the storage account containing the NFS share you created.
52
54
1. Select **Configuration**.
@@ -63,7 +65,7 @@ To enable hybrid access to an NFS Azure file share, use one of the following net
63
65
-[Configure a Site-to-Site (S2S) VPN](storage-files-configure-s2s-vpn.md).
You can mount the share using the Azure portal. You can also create a record in the **/etc/fstab** file to automatically mount the share every time the Linux server or VM boots.
69
71
@@ -77,7 +79,7 @@ You can use the `nconnect` Linux mount option to improve performance for NFS Azu
77
79
78
80
:::image type="content" source="media/storage-files-how-to-create-mount-nfs-shares/mount-nfs-file-share-script.png" alt-text="Screenshot of file share connect blade.":::
79
81
80
-
You have now mounted your NFS share.
82
+
The NFS file share is now mounted.
81
83
82
84
### Mount an NFS share using /etc/fstab
83
85
@@ -98,12 +100,12 @@ The following mount options are recommended or required when mounting NFS Azure
98
100
|`vers`| 4 | Required. Specifies which version of the NFS protocol to use. Azure Files only supports NFSv4.1. |
99
101
|`minorversion`| 1 | Required. Specifies the minor version of the NFS protocol. Some Linux distros don't recognize minor versions on the `vers` parameter. So instead of `vers=4.1`, use `vers=4,minorversion=1`. |
100
102
|`sec`| sys | Required. Specifies the type of security to use when authenticating an NFS connection. Setting `sec=sys` uses the local UNIX UIDs and GIDs that use AUTH_SYS to authenticate NFS operations. |
101
-
|`rsize`| 1048576 | Recommended. Sets the maximum number of bytes to be transferred in a single NFS read operation. Specifying the maximum level of 1048576 bytes will usually result in the best performance. |
102
-
|`wsize`| 1048576 | Recommended. Sets the maximum number of bytes to be transferred in a single NFS write operation. Specifying the maximum level of 1048576 bytes will usually result in the best performance. |
103
-
|`noresvport`| n/a | Recommended for kernels below 5.18. Tells the NFS client to use a non-privileged source port when communicating with an NFS server for the mount point. Using the `noresvport` mount option helps ensure that your NFS share has uninterrupted availability after a reconnection. Using this option is strongly recommended for achieving high availability. |
103
+
|`rsize`| 1048576 | Recommended. Sets the maximum number of bytes to be transferred in a single NFS read operation. Specifying the maximum level of 1,048,576 bytes usually results in the best performance. |
104
+
|`wsize`| 1048576 | Recommended. Sets the maximum number of bytes to be transferred in a single NFS write operation. Specifying the maximum level of 1,048,576 bytes usually results in the best performance. |
105
+
|`noresvport`| n/a | Recommended for kernels below 5.18. Tells the NFS client to use a nonprivileged source port when communicating with an NFS server for the mount point. Using the `noresvport` mount option helps ensure that your NFS share has uninterrupted availability after a reconnection. Using this option is recommended for achieving high availability. |
104
106
|`actimeo`| 30-60 | Recommended. Specifying `actimeo` sets all of `acregmin`, `acregmax`, `acdirmin`, and `acdirmax` to the same value. Using a value lower than 30 seconds can cause performance degradation because attribute caches for files and directories expire too quickly. We recommend setting `actimeo` between 30 and 60 seconds. |
105
107
106
-
## Step 4: Validate connectivity
108
+
## Step 3: Validate connectivity
107
109
108
110
If your mount fails, it's possible that your private endpoint wasn't set up correctly or isn't accessible. For details on confirming connectivity, see [Verify connectivity](storage-files-networking-endpoints.md#verify-connectivity).
Copy file name to clipboardExpand all lines: articles/storage/files/storage-files-identity-ad-ds-enable.md
+12-6Lines changed: 12 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -19,12 +19,18 @@ This article describes the process for enabling Active Directory Domain Services
19
19
To enable AD DS authentication over SMB for Azure file shares, you need to register your Azure storage account with your on-premises AD DS and then set the required domain properties on the storage account. To register your storage account with AD DS, you create a computer account (or service logon account) representing it in your AD DS. Think of this process as if it were like creating an account representing an on-premises Windows file server in your AD DS. When the feature is enabled on the storage account, it applies to all new and existing file shares in the account.
20
20
21
21
## Applies to
22
-
23
-
| File share type | SMB | NFS |
24
-
|-|:-:|:-:|
25
-
| Standard file shares (GPv2), LRS/ZRS |||
26
-
| Standard file shares (GPv2), GRS/GZRS |||
0 commit comments