You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/storage/files/storage-files-how-to-mount-nfs-shares.md
+9-13Lines changed: 9 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -35,24 +35,20 @@ Azure file shares can be mounted in Linux distributions using either the Server
35
35
36
36
NFS file shares are supported in all the same regions that support SSD file shares. See [Azure Files redundancy support for SSD file shares](./redundancy-premium-file-shares.md).
37
37
38
-
## Step 1: Create an NFS file share
39
-
40
-
If you haven't already done so, [create an NFS file share](storage-files-how-to-create-nfs-shares.md).
41
-
42
-
## Step 2: Configure network security
38
+
## Step 1: Configure network security
43
39
44
40
NFS file shares can only be accessed from trusted networks. Currently, the only way to secure the data in your storage account is by using a virtual network and other network security settings. Any other tools used to secure data, including account key authorization, Microsoft Entra security, and access control lists (ACLs) can't be used to authorize an NFSv4.1 request.
45
41
46
42
> [!IMPORTANT]
47
-
> The NFSv4.1 protocol runs on port 2049. If you're connecting from an on-premises network, make sure that your client allows outgoing communication through port 2049. If you've granted access to specific VNets, make sure that any network security groups associated with those VNets don't contain security rules that block incoming communication through port 2049.
43
+
> The NFSv4.1 protocol runs on port 2049. If you're connecting from an on-premises network, make sure that your client allows outgoing communication through port 2049. If you grant access to specific VNets, make sure that any network security groups associated with those VNets don't contain security rules that block incoming communication through port 2049.
48
44
49
45
### Create a private endpoint or service endpoint
50
46
51
47
To use NFS Azure file shares, you must either [create a private endpoint](storage-files-networking-endpoints.md#create-a-private-endpoint) (recommended) or [restrict access to your public endpoint](storage-files-networking-endpoints.md#restrict-public-endpoint-access).
52
48
53
49
### Disable secure transfer
54
50
55
-
Azure Files doesn't currently support encryption-in-transit with the NFS protocol and relies instead on network-level security. Therefore, you'll need to disable secure transfer on your storage account.
51
+
Azure Files doesn't currently support encryption-in-transit with the NFS protocol and relies instead on network-level security. Therefore, you need to disable secure transfer on your storage account.
56
52
57
53
1. Sign in to the [Azure portal](https://portal.azure.com/) and access the storage account containing the NFS share you created.
58
54
1. Select **Configuration**.
@@ -69,7 +65,7 @@ To enable hybrid access to an NFS Azure file share, use one of the following net
69
65
-[Configure a Site-to-Site (S2S) VPN](storage-files-configure-s2s-vpn.md).
You can mount the share using the Azure portal. You can also create a record in the **/etc/fstab** file to automatically mount the share every time the Linux server or VM boots.
75
71
@@ -83,7 +79,7 @@ You can use the `nconnect` Linux mount option to improve performance for NFS Azu
83
79
84
80
:::image type="content" source="media/storage-files-how-to-create-mount-nfs-shares/mount-nfs-file-share-script.png" alt-text="Screenshot of file share connect blade.":::
85
81
86
-
You have now mounted your NFS share.
82
+
The NFS file share is now mounted.
87
83
88
84
### Mount an NFS share using /etc/fstab
89
85
@@ -104,12 +100,12 @@ The following mount options are recommended or required when mounting NFS Azure
104
100
|`vers`| 4 | Required. Specifies which version of the NFS protocol to use. Azure Files only supports NFSv4.1. |
105
101
|`minorversion`| 1 | Required. Specifies the minor version of the NFS protocol. Some Linux distros don't recognize minor versions on the `vers` parameter. So instead of `vers=4.1`, use `vers=4,minorversion=1`. |
106
102
|`sec`| sys | Required. Specifies the type of security to use when authenticating an NFS connection. Setting `sec=sys` uses the local UNIX UIDs and GIDs that use AUTH_SYS to authenticate NFS operations. |
107
-
|`rsize`| 1048576 | Recommended. Sets the maximum number of bytes to be transferred in a single NFS read operation. Specifying the maximum level of 1048576 bytes will usually result in the best performance. |
108
-
|`wsize`| 1048576 | Recommended. Sets the maximum number of bytes to be transferred in a single NFS write operation. Specifying the maximum level of 1048576 bytes will usually result in the best performance. |
109
-
|`noresvport`| n/a | Recommended for kernels below 5.18. Tells the NFS client to use a non-privileged source port when communicating with an NFS server for the mount point. Using the `noresvport` mount option helps ensure that your NFS share has uninterrupted availability after a reconnection. Using this option is strongly recommended for achieving high availability. |
103
+
|`rsize`| 1048576 | Recommended. Sets the maximum number of bytes to be transferred in a single NFS read operation. Specifying the maximum level of 1,048,576 bytes usually results in the best performance. |
104
+
|`wsize`| 1048576 | Recommended. Sets the maximum number of bytes to be transferred in a single NFS write operation. Specifying the maximum level of 1,048,576 bytes usually results in the best performance. |
105
+
|`noresvport`| n/a | Recommended for kernels below 5.18. Tells the NFS client to use a nonprivileged source port when communicating with an NFS server for the mount point. Using the `noresvport` mount option helps ensure that your NFS share has uninterrupted availability after a reconnection. Using this option is recommended for achieving high availability. |
110
106
|`actimeo`| 30-60 | Recommended. Specifying `actimeo` sets all of `acregmin`, `acregmax`, `acdirmin`, and `acdirmax` to the same value. Using a value lower than 30 seconds can cause performance degradation because attribute caches for files and directories expire too quickly. We recommend setting `actimeo` between 30 and 60 seconds. |
111
107
112
-
## Step 4: Validate connectivity
108
+
## Step 3: Validate connectivity
113
109
114
110
If your mount fails, it's possible that your private endpoint wasn't set up correctly or isn't accessible. For details on confirming connectivity, see [Verify connectivity](storage-files-networking-endpoints.md#verify-connectivity).
0 commit comments