MicrosoftDocs
diff --git a/‎articles/azure-netapp-files/TOC.yml
Lines changed: 4 additions & 2 deletions b/‎articles/azure-netapp-files/TOC.yml
Lines changed: 4 additions & 2 deletions
diff --git a/‎articles/azure-netapp-files/azure-netapp-files-configure-nfsv41-domain.md
Lines changed: 71 additions & 0 deletions b/‎articles/azure-netapp-files/azure-netapp-files-configure-nfsv41-domain.md
Lines changed: 71 additions & 0 deletions
diff --git a/‎articles/azure-netapp-files/azure-netapp-files-create-volumes.md
Lines changed: 3 additions & 2 deletions b/‎articles/azure-netapp-files/azure-netapp-files-create-volumes.md
Lines changed: 3 additions & 2 deletions
diff --git a/‎articles/azure-netapp-files/azure-netapp-files-mount-unmount-volumes-for-virtual-machines.md
Lines changed: 6 additions & 3 deletions b/‎articles/azure-netapp-files/azure-netapp-files-mount-unmount-volumes-for-virtual-machines.md
Lines changed: 6 additions & 3 deletions
diff --git a/‎articles/azure-netapp-files/azure-netapp-files-solution-architectures.md
Lines changed: 2 additions & 1 deletion b/‎articles/azure-netapp-files/azure-netapp-files-solution-architectures.md
Lines changed: 2 additions & 1 deletion
diff --git a/‎articles/backup/backup-azure-afs-automation.md
Lines changed: 1 addition & 1 deletion b/‎articles/backup/backup-azure-afs-automation.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/backup/backup-azure-arm-userestapi-backupazurevms.md
Lines changed: 1 addition & 1 deletion b/‎articles/backup/backup-azure-arm-userestapi-backupazurevms.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/backup/backup-azure-backup-server-vmware.md
Lines changed: 31 additions & 31 deletions b/‎articles/backup/backup-azure-backup-server-vmware.md
Lines changed: 31 additions & 31 deletions
@@ -47,10 +47,12 @@
     href: azure-netapp-files-set-up-capacity-pool.md
   - name: Delegate a subnet to Azure NetApp Files
     href: azure-netapp-files-delegate-subnet.md
-  - name: Create an NFS volume for Azure NetApp Files
-    href: azure-netapp-files-create-volumes.md
   - name: Create an SMB volume for Azure NetApp Files
     href: azure-netapp-files-create-volumes-smb.md
+  - name: Create an NFS volume for Azure NetApp Files
+    href: azure-netapp-files-create-volumes.md
+  - name: Configure NFSv4.1 default domain for Azure NetApp Files
+    href: azure-netapp-files-configure-nfsv41-domain.md
   - name: Configure export policy for an NFS volume
     href: azure-netapp-files-configure-export-policy.md
   - name: Manage volumes
 
@@ -0,0 +1,71 @@
+---
+title: Configure NFSv4.1 default domain for Azure NetApp Files | Microsoft Docs
+description: Describes how to configure the NFS client for using NFSv4.1 with Azure NetApp Files.
+documentationcenter: ''
+author: b-juche
+manager: ''
+editor: ''
+
+ms.assetid:
+ms.service: azure-netapp-files
+ms.workload: storage
+ms.tgt_pltfrm: na
+ms.devlang: na
+ms.topic: conceptual
+ms.date: 11/08/2019
+ms.author: b-juche
+---
+# Configure NFSv4.1 default domain for Azure NetApp Files
+
+NFSv4 introduces the concept of an authentication domain. Azure NetApp Files currently supports root-only user mapping from the service to the NFS client. To use the NFSv4.1 functionality with Azure NetApp Files, you need to update the NFS client.
+
+## Default behavior of user/group mapping
+
+Root mapping defaults to the `nobody` user because the NFSv4 domain is set to `localdomain`. When you mount an Azure NetApp Files NFSv4.1 volume as root, you will see file permissions as follows:  
+
+![Default behavior of user/group mapping for NFSv4.1](../media/azure-netapp-files/azure-netapp-files-nfsv41-default-behavior-user-group-mapping.png)
+
+As the above example shows, the user for `file1` should be `root`, but it maps to `nobody` by default.  This article shows you how to set the `file1` user to `root`.  
+
+## Steps 
+
+1. Edit the `/etc/idmapd.conf` file on the NFS client.   
+    Uncomment the line `#Domain` (that is, remove the `#` from the line), and change the value `localdomain` to `defaultv4iddomain.com`. 
+
+    Initial configuration: 
+    
+    ![Initial configuration for NFSv4.1](../media/azure-netapp-files/azure-netapp-files-nfsv41-initial-config.png)
+
+    Updated configuration:
+    
+    ![Updated configuration for NFSv4.1](../media/azure-netapp-files/azure-netapp-files-nfsv41-updated-config.png)
+
+2. Unmount any currently mounted NFS volumes.
+3. Update the `/etc/idmapd.conf` file.
+4. Restart the `rpcbind` service on your host (`service rpcbind restart`), or simply reboot the host.
+5. Mount the NFS volumes as required.   
+
+    See [Mount or unmount a volume for Windows or Linux virtual machines](azure-netapp-files-mount-unmount-volumes-for-virtual-machines.md). 
+
+The following example shows the resulting user/group change: 
+
+![Resulting configuration for NFSv4.1](../media/azure-netapp-files/azure-netapp-files-nfsv41-resulting-config.png)
+
+As the example shows, the user/group has now changed from `nobody` to `root`.
+
+## Behavior of other (non-root) users and groups
+
+Azure NetApp Files supports local users (users created locally on a host) who have permissions associated with files or folders in NFSv4.1 volumes. However, the service does not currently support mapping the users/groups across multiple nodes. Therefore, users created on one host do not map by default to users created on another host. 
+
+In the following example, `Host1` has three existing test user accounts (`testuser01`, `testuser02`, `testuser03`): 
+
+![Resulting configuration for NFSv4.1](../media/azure-netapp-files/azure-netapp-files-nfsv41-host1-users.png)
+
+On `Host2`, note that the test user accounts have not been created, but the same volume is mounted on both hosts:
+
+![Resulting configuration for NFSv4.1](../media/azure-netapp-files/azure-netapp-files-nfsv41-host2-users.png)
+
+## Next step 
+
+[Mount or unmount a volume for Windows or Linux virtual machines](azure-netapp-files-mount-unmount-volumes-for-virtual-machines.md)
+
@@ -13,7 +13,7 @@ ms.workload: storage
 ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: conceptual
-ms.date: 10/12/2019
+ms.date: 11/08/2019
 ms.author: b-juche
 ---
 # Create an NFS volume for Azure NetApp Files
@@ -38,7 +38,7 @@ A subnet must be delegated to Azure NetApp Files.
   Support for UNIX mode bits (read, write, and execute) is available for NFSv3 and NFSv4.1. Root-level access is required on the NFS client to mount NFS volumes.
 
 * Local user/group and LDAP support for NFSv4.1  
-  Currently, NFSv4.1 supports root access to volumes only. 
+  Currently, NFSv4.1 supports root access to volumes only. See [Configure NFSv4.1 default domain for Azure NetApp Files](azure-netapp-files-configure-nfsv41-domain.md). 
 
 ## Best practice
 
@@ -110,6 +110,7 @@ A subnet must be delegated to Azure NetApp Files.
 
 ## Next steps  
 
+* [Configure NFSv4.1 default domain for Azure NetApp Files](azure-netapp-files-configure-nfsv41-domain.md)
 * [Mount or unmount a volume for Windows or Linux virtual machines](azure-netapp-files-mount-unmount-volumes-for-virtual-machines.md)
 * [Configure export policy for an NFS volume](azure-netapp-files-configure-export-policy.md)
 * [Resource limits for Azure NetApp Files](azure-netapp-files-resource-limits.md)
 
@@ -13,7 +13,7 @@ ms.workload: storage
 ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: conceptual
-ms.date: 03/07/2019
+ms.date: 11/08/2019
 ms.author: b-juche
 ---
 # Mount or unmount a volume for Windows or Linux virtual machines 
@@ -27,5 +27,8 @@ You can mount or unmount a volume for Windows or Linux virtual machines as neces
 
     ![Mount instructions SMB](../media/azure-netapp-files/azure-netapp-files-mount-instructions-smb.png)
 
-If you are using NFSv4.1, use the following command to mount your file system: 
-`sudo mount -t nfs -o rw,hard,rsize=65536,wsize=65536,vers=4.1,tcp,sec=sys $MOUNTTARGETIPADDRESS:/$VOLUMENAME $MOUNTPOINT`
+If you are using NFSv4.1, use the following command to mount your file system:  
+
+`sudo mount -t nfs -o rw,hard,rsize=65536,wsize=65536,vers=4.1,tcp,sec=sys $MOUNTTARGETIPADDRESS:/$VOLUMENAME $MOUNTPOINT`  
+
+See [Configure NFSv4.1 default domain for Azure NetApp Files](azure-netapp-files-configure-nfsv41-domain.md).
@@ -13,7 +13,7 @@ ms.workload: storage
 ms.tgt_pltfrm: na
 ms.devlang: na
 ms.topic: conceptual
-ms.date: 08/26/2019
+ms.date: 11/08/2019
 ms.author: b-juche
 ---
 # Solution architectures using Azure NetApp Files
@@ -34,6 +34,7 @@ This article provides references to best practices that can help you understand
 * [High availability for SAP NetWeaver on Azure VMs on SUSE Linux Enterprise Server with Azure NetApp Files for SAP applications](https://docs.microsoft.com/azure/virtual-machines/workloads/sap/high-availability-guide-suse-netapp-files)
 * [Azure Virtual Machines high availability for SAP NetWeaver on Red Hat Enterprise Linux with Azure NetApp Files for SAP applications](https://docs.microsoft.com/azure/virtual-machines/workloads/sap/high-availability-guide-rhel-netapp-files)
 * [SAP HANA scale-out with standby node on Azure VMs with Azure NetApp Files on SUSE Linux Enterprise Server](https://docs.microsoft.com/azure/virtual-machines/workloads/sap/sap-hana-scale-out-standby-netapp-files-suse)
+* [SAP HANA Azure virtual machine storage configurations](https://docs.microsoft.com/azure/virtual-machines/workloads/sap/hana-vm-operations-storage)
 
 ## Talon solutions
 
 
@@ -271,7 +271,7 @@ Azure file share snapshots are used while the backups are taken, so usually the
 
 ### Using on-demand backups to extend retention
 
-On-demand backups can be used to retain your snapshots for 10 years. Schedulers can be used to run on-demand PowerShell scripts with chosen retention and thus take snapshots at regular intervals every week, month, or year. While taking regular snapshots refer to the [limitations of on-demand backups](https://docs.microsoft.com/azure/backup/backup-azure-files-faq#how-many-on-demand-backups-can-i-take-per-file-share-) using Azure backup.
+On-demand backups can be used to retain your snapshots for 10 years. Schedulers can be used to run on-demand PowerShell scripts with chosen retention and thus take snapshots at regular intervals every week, month, or year. While taking regular snapshots, refer to the [limitations of on-demand backups](https://docs.microsoft.com/azure/backup/backup-azure-files-faq#how-many-on-demand-backups-can-i-take-per-file-share) using Azure backup.
 
 If you are looking for sample scripts, you can refer to the sample script on GitHub (<https://github.com/Azure-Samples/Use-PowerShell-for-long-term-retention-of-Azure-Files-Backup)> using Azure Automation runbook that enables you to schedule backups on a periodic basis and retain them even up to 10 years.
 
 
@@ -163,7 +163,7 @@ In the example, the above values translate to:
 
 ### Enabling protection for the Azure VM
 
-After the relevant VM is "cached" and "identified", select the policy to protect. To know more about existing policies in the vault, refer to [list Policy API](https://docs.microsoft.com/rest/api/backup/backuppolicies/list). Then select the [relevant policy](https://docs.microsoft.com/rest/api/backup/protectionpolicies/get) by referring to the policy name. To create policies, refer to [create policy tutorial](backup-azure-arm-userestapi-createorupdatepolicy.md). "DefaultPolicy" is selected in the below example.
+After the relevant VM is "cached" and "identified", select the policy to protect. To know more about existing policies in the vault, refer to [list Policy API](https://docs.microsoft.com/rest/api/backup/backuppolicies/list). Then select the [relevant policy](https://docs.microsoft.com/rest/api/backup/protectionpolicies(2019-05-13)/get) by referring to the policy name. To create policies, refer to [create policy tutorial](backup-azure-arm-userestapi-createorupdatepolicy.md). "DefaultPolicy" is selected in the below example.
 
 Enabling protection is an asynchronous *PUT* operation that creates a 'protected item'.
 
 
@@ -1,7 +1,6 @@
 ---
 title: Back up VMware VMs with Azure Backup Server
-description: Use Azure Backup Server to back up VMware VMs running on a VMware vCenter/ESXi server.
-
+description: In this article, learn how to use Azure Backup Server to back up VMware VMs running on a VMware vCenter/ESXi server.
 author: dcurwin
 manager: carmonm
 ms.service: backup
@@ -61,7 +60,7 @@ Set up a secure channel as follows:
    - The root certificate file with an extension that begins with a numbered sequence like .0 and .1.
    - The CRL file has an extension that begins with a sequence like .r0 or .r1. The CRL file is associated with a certificate.
 
-         ![Downloaded certificates](./media/backup-azure-backup-server-vmware/extracted-files-in-certs-folder.png)
+    ![Downloaded certificates](./media/backup-azure-backup-server-vmware/extracted-files-in-certs-folder.png)
 
 6. In the **certs** folder, right-click the root certificate file > **Rename**.
 
@@ -77,7 +76,7 @@ Set up a secure channel as follows:
 
 10. On the **Certificate Store** page, select **Place all certificates in the following store**, and then click **Browse** to choose the certificate store.
 
-         ![Certificate storage](./media/backup-azure-backup-server-vmware/cert-import-wizard-local-store.png)
+    ![Certificate storage](./media/backup-azure-backup-server-vmware/cert-import-wizard-local-store.png)
 
 11. In **Select Certificate Store**, select **Trusted Root Certification Authorities** as the destination folder for the certificates, and then click **OK**.
 
@@ -95,11 +94,11 @@ If you have secure boundaries within your organization, and don't want to use th
 
 1. Copy and paste the following text into a .txt file.
 
-      ```text
+       ```text
       Windows Registry Editor Version 5.00
       [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Data Protection Manager\VMWare]
       "IgnoreCertificateValidation"=dword:00000001
-      ```
+       ```
 
 2. Save the file on the Azure Backup Server machine with the name **DisableSecureAuthentication.reg**.
 
@@ -125,7 +124,7 @@ The Azure Backup Server needs a user account with permissions to access v-Center
    - To select the VirtualMachine privileges, you need to go several levels into the parent child hierarchy.
    - You don't need to select all child privileges within a parent privilege.
 
-             ![Parent child privilege hierarchy](./media/backup-azure-backup-server-vmware/cert-add-privilege-expand.png)
+    ![Parent child privilege hierarchy](./media/backup-azure-backup-server-vmware/cert-add-privilege-expand.png)
 
 ### Role permissions
 
@@ -160,7 +159,7 @@ VirtualMachine.State.RemoveSnapshot | VirtualMachine.State.RemoveSnapshot
 
 2. In the **vCenter Users and Groups** panel, select the **Users** tab, and then click the add users icon (the + symbol).
 
-         ![vCenter Users and Groups panel](./media/backup-azure-backup-server-vmware/usersandgroups.png)
+    ![vCenter Users and Groups panel](./media/backup-azure-backup-server-vmware/usersandgroups.png)
 
 3. In **New User** dialog box, add the user information > **OK**. In this procedure, the username is BackupAdmin.
 
@@ -216,7 +215,7 @@ Add the vCenter Server to Azure Backup Server.
 
 2. In **Production Server Addition Wizard** > **Select Production Server type** page, select **VMware Servers**, and then click **Next**.
 
-         ![Production Server Addition Wizard](./media/backup-azure-backup-server-vmware/production-server-add-wizard.png)
+    ![Production Server Addition Wizard](./media/backup-azure-backup-server-vmware/production-server-add-wizard.png)
 
 3. In **Select Computers**  **Server Name/IP Address**, specify the FQDN or IP address of the VMware server. If all the  ESXi servers are managed by the same vCenter, specify the vCenter name. Otherwise, add the ESXi host.
 
@@ -261,7 +260,7 @@ Add VMware VMs for backup. Protection groups gather multiple VMs and apply the s
     - When you select a folder, or VMs or folders inside that folder are also selected for backup. You can uncheck folders or VMs you don't want to back up.
 1. If a VM or folder is already being backed up, you can't select it. This ensures that duplicate recovery points aren't created for a VM.
 
-         ![Select group members](./media/backup-azure-backup-server-vmware/server-add-selected-members.png)
+    ![Select group members](./media/backup-azure-backup-server-vmware/server-add-selected-members.png)
 
 1. In **Select Data Protection Method** page, enter a name for the protection group, and protection settings. To back up to Azure, set short-term protection to **Disk** and enable online protection. Then click **Next**.
 
@@ -285,40 +284,40 @@ Add VMware VMs for backup. Protection groups gather multiple VMs and apply the s
    - **Automatically grow:** If you turn on this setting, if data in the protected group outgrows the initial allocation, Azure Backup Server tries to increase the disk size by 25 percent.
    - **Storage pool details:** Shows the status of the storage pool, including total and remaining disk size.
 
-         ![Review disk allocation](./media/backup-azure-backup-server-vmware/review-disk-allocation.png)
+    ![Review disk allocation](./media/backup-azure-backup-server-vmware/review-disk-allocation.png)
 
 1. In **Choose Replica Creation Method** page, specify how you want to take the initial backup, and then click **Next**.
    - The default is **Automatically over the network** and **Now**.
    - If you use the default, we recommend that you specify an off-peak time. Choose **Later** and specify a day and time.
    - For large amounts of data or less-than-optimal network conditions, consider replicating the data offline by using removable media.
 
-         ![Choose replica creation method](./media/backup-azure-backup-server-vmware/replica-creation.png)
+    ![Choose replica creation method](./media/backup-azure-backup-server-vmware/replica-creation.png)
 
 1. In **Consistency Check Options**, select how and when to automate the consistency checks. Then click **Next**.
       - You can run consistency checks when replica data becomes inconsistent, or on a set schedule.
       - If you don't want to configure automatic consistency checks, you can run a manual check. To do this, right-click the protection group > **Perform Consistency Check**.
 
 1. In **Specify Online Protection Data** page, select the VMs or VM folders that you want to back up. You can select the members individually, or click **Select All** to choose all members. Then click **Next**.
 
-          ![Specify online protection data](./media/backup-azure-backup-server-vmware/select-data-to-protect.png)
+    ![Specify online protection data](./media/backup-azure-backup-server-vmware/select-data-to-protect.png)
 
 1. On the **Specify Online Backup Schedule** page, specify how often you want to back up data from local storage to Azure.
 
     - Cloud recovery points for the data will be generated according to the schedule. Then click **Next**.
     - After the recovery point is generated, it is transferred to the Recovery Services vault in Azure.
 
-          ![Specify online backup schedule](./media/backup-azure-backup-server-vmware/online-backup-schedule.png)
+    ![Specify online backup schedule](./media/backup-azure-backup-server-vmware/online-backup-schedule.png)
 
 1. On the **Specify Online Retention Policy** page, indicate how long you want to keep the recovery points that are created from the daily/weekly/monthly/yearly backups to Azure. then click **Next**.
 
     - There's no time limit for how long you can keep data in Azure.
     - The only limit is that you can't have more than 9999 recovery points per protected instance. In this example, the protected instance is the VMware server.
 
-          ![Specify online retention policy](./media/backup-azure-backup-server-vmware/retention-policy.png)
+    ![Specify online retention policy](./media/backup-azure-backup-server-vmware/retention-policy.png)
 
 1. On the **Summary** page, review the settings, and then click **Create Group**.
 
-         ![Protection group member and setting summary](./media/backup-azure-backup-server-vmware/protection-group-summary.png)
+    ![Protection group member and setting summary](./media/backup-azure-backup-server-vmware/protection-group-summary.png)
 
 ## VMWare vSphere 6.7
 
@@ -330,25 +329,26 @@ To back up vSphere 6.7, do the following:
 
 - Set the registry keys as follows:
 
-```text
- Windows Registry Editor Version 5.00
+       ```text
+
+        Windows Registry Editor Version 5.00
 
-[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727]
-"SystemDefaultTlsVersions"=dword:00000001
-"SchUseStrongCrypto"=dword:00000001
+        [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727]
+       "SystemDefaultTlsVersions"=dword:00000001
+       "SchUseStrongCrypto"=dword:00000001
 
-[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
-"SystemDefaultTlsVersions"=dword:00000001
-"SchUseStrongCrypto"=dword:00000001
+       [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
+       "SystemDefaultTlsVersions"=dword:00000001
+       "SchUseStrongCrypto"=dword:00000001
 
-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
-"SystemDefaultTlsVersions"=dword:00000001
-"SchUseStrongCrypto"=dword:00000001
+       [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
+       "SystemDefaultTlsVersions"=dword:00000001
+       "SchUseStrongCrypto"=dword:00000001
 
-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
-"SystemDefaultTlsVersions"=dword:00000001
-"SchUseStrongCrypto"=dword:00000001
-```
+       [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
+       "SystemDefaultTlsVersions"=dword:00000001
+       "SchUseStrongCrypto"=dword:00000001
+       ```
 
 ## Next steps