Merge pull request #238003 from normesta/protocols

prmerger-automator[bot] · web-flow · commit 32ef803acf84 · 2023-06-02T16:45:36.000Z
AZNFS updates to NFS content + some SFTP table adjustments
diff --git a/articles/storage/blobs/network-file-system-protocol-support-how-to.md b/articles/storage/blobs/network-file-system-protocol-support-how-to.md
@@ -7,7 +7,7 @@ author: normesta
 ms.subservice: blobs
 ms.service: storage
 ms.topic: conceptual
-ms.date: 02/14/2023
+ms.date: 05/12/2023
 ms.author: normesta
 ms.reviewer: yzheng
 ---
@@ -72,9 +72,34 @@ The following image shows the squash options as they appear in the Azure portal.
 > [!div class="mx-imgBorder"]
 > ![Screenshot that shows squash options in the Azure portal.](./media/network-file-system-protocol-how-to/squash-options-azure-portal.png)
 
-## Step 5: Mount the container
+## Step 5: Install the AZNFS Mount Helper package
 
-Create a directory on your Linux system, and then mount the container in the storage account.
+The AZNFS Mount Helper package helps Linux NFS clients to reliably access Azure Blob NFS shares even when the IP address of the endpoint changes. This package runs a background job called `aznfswatchdog` which monitors changes to the endpoint IP address for the mounted shares. If a change is detected, this background job updates the Destination Network Address Translation (DNAT) rules. To learn more, see [AZNFS Mount Helper](https://github.com/Azure/AZNFS-mount/).
+
+1. Determine whether the AZNFS Mount Helper package is installed on your client.
+
+   ```
+   systemctl is-active --quiet aznfswatchdog && echo -e "\nAZNFS mounthelper is installed! \n"
+   ```
+
+   If the package is installed, then the message `AZNFS mounthelper is installed!` appears.
+
+2. If the package is not yet installed, then use the following command to install it. 
+
+   ```
+   wget -O - -q https://github.com/Azure/AZNFS-mount/releases/latest/download/aznfs_install.sh | bash
+   ```
+
+   > [!NOTE]
+   > AZNFS is supported on following Linux distributions:
+   > - Ubuntu (18.04 LTS, 20.04 LTS, 22.04 LTS)
+   > - Centos7, Centos8
+   > - RedHat7, RedHat8, RedHat9
+   > - Rocky8, Rocky9
+
+## Step 6: Mount the container
+
+Create a directory on your Linux system and then mount the container in the storage account.
 
 1. On your Linux system, create a directory:
 
@@ -89,10 +114,10 @@ Create a directory on your Linux system, and then mount the container in the sto
      1. Create an entry in the /etc/fstab file by adding the following line:
   
         ```
-        <storage-account-name>.blob.core.windows.net:/<storage-account-name>/<container-name>  /nfsdata    nfs defaults,sec=sys,vers=3,nolock,proto=tcp,nofail    0 0
+        <storage-account-name>.blob.core.windows.net:/<storage-account-name>/<container-name>  /nfsdata    aznfs defaults,sec=sys,vers=3,nolock,proto=tcp,nofail    0 0
         ```
 
-     1. Run the following command to immediately process the /etc/fstab entries and attempt to mount the preceding path:
+     2. Run the following command to immediately process the /etc/fstab entries and attempt to mount the preceding path:
  
         ```
         mount /nfsdata
@@ -101,8 +126,11 @@ Create a directory on your Linux system, and then mount the container in the sto
    - For a temporary mount that doesn't persist across reboots, run the following command: 
     
      ```
-     mount -o sec=sys,vers=3,nolock,proto=tcp <storage-account-name>.blob.core.windows.net:/<storage-account-name>/<container-name>  /nfsdata
-     ```
+     mount -t aznfs -o sec=sys,vers=3,nolock,proto=tcp <storage-account-name>.blob.core.windows.net:/<storage-account-name>/<container-name>  /nfsdatain 
+     ``` 
+     
+     > [!TIP]
+     > By using the `-t aznfs` mount option, you ensure that the NFS client always remains correctly connected to the storage endpoint even if the endpoint IP changes after the mount. NFS shares that are mounted by using the `-t nfs` mount option might become disconnected from the storage endpoint if the IP address of that endpoint changes.
 
 ## Resolve common errors
 
@@ -118,6 +146,11 @@ Create a directory on your Linux system, and then mount the container in the sto
 |`mount: /nfsdata: bad option;`| Install the NFS helper program by using `sudo apt install nfs-common`.|
 |`Connection Timed Out`| Make sure that client allows outgoing communication through ports 111 and 2048. The NFS 3.0 protocol uses these ports. Makes sure to mount the storage account by using the Blob service endpoint and not the Data Lake Storage endpoint. |
 
+## Limitations and troubleshooting for AZNFS Mount Helper
+
+See [AZNFS Mount Helper](https://github.com/Azure/AZNFS-mount/).
+
+
 ## See also
 
 - [Network File System (NFS) 3.0 protocol support for Azure Blob Storage](network-file-system-protocol-support.md)
diff --git a/articles/storage/blobs/secure-file-transfer-protocol-support.md b/articles/storage/blobs/secure-file-transfer-protocol-support.md
@@ -109,13 +109,13 @@ put logfile.txt
 
 You can use many different SFTP clients to securely connect and then transfer files. Connecting clients must use algorithms specified in table below. 
 
-| Host key <sup>1</sup> | Key exchange | Ciphers/encryption | Integrity/MAC | Public key |
-|----------|--------------|--------------------|---------------|------------|
-| rsa-sha2-256 <sup>2</sup> | ecdh-sha2-nistp384 | aes128-gcm@openssh.com | hmac-sha2-256 | ssh-rsa <sup>2</sup> |
-| rsa-sha2-512 <sup>2</sup> | ecdh-sha2-nistp256 | aes256-gcm@openssh.com | hmac-sha2-512 | ecdsa-sha2-nistp256 |
-| ecdsa-sha2-nistp256 | diffie-hellman-group14-sha256 | aes128-ctr| hmac-sha2-256-etm@openssh.com | ecdsa-sha2-nistp384 |
-| ecdsa-sha2-nistp384 | diffie-hellman-group16-sha512 | aes192-ctr | hmac-sha2-512-etm@openssh.com | 
-|| diffie-hellman-group-exchange-sha256 | aes256-ctr ||
+| Type | Algorithm |
+|--|--|
+| Host key <sup>1</sup> | rsa-sha2-256 <sup>2</sup><br>rsa-sha2-512 <sup>2</sup><br>ecdsa-sha2-nistp256<br>ecdsa-sha2-nistp384 |
+| Key exchange |ecdh-sha2-nistp384<br>ecdh-sha2-nistp256<br>diffie-hellman-group14-sha256<br>diffie-hellman-group16-sha512<br>diffie-hellman-group-exchange-sha256|
+| Ciphers/encryption |aes128-gcm@openssh.com<br>aes256-gcm@openssh.com<br>aes128-ctr<br>aes192-ctr<br>aes256-ctr|
+| Integrity/MAC |hmac-sha2-256<br>hmac-sha2-512<br>hmac-sha2-256-etm@openssh.com<br>hmac-sha2-512-etm@openssh.com|
+| Public key |ssh-rsa <sup>2</sup><br>ecdsa-sha2-nistp256<br>ecdsa-sha2-nistp384|
 
 <sup>1</sup>    Host keys are published [here](secure-file-transfer-protocol-host-keys.md).
 <sup>2</sup>    RSA keys must be minimum 2048 bits in length.
