Merge pull request #288357 from khdownie/kendownie101424

prmerger-automator[bot] · web-flow · commit ffc27936b2f1 · 2024-10-14T20:56:38.000Z
add clear steps to NFS mount article
diff --git a/articles/storage/files/storage-files-how-to-mount-nfs-shares.md b/articles/storage/files/storage-files-how-to-mount-nfs-shares.md
@@ -1,11 +1,11 @@
 ---
 title: Mount an NFS Azure file share on Linux
-description: Learn how to mount a Network File System (NFS) Azure file share on Linux, including prerequisites and mount options.
+description: Learn how to mount a Network File System (NFS) Azure file share on Linux, including configuring network security and mount options.
 author: khdownie
 ms.service: azure-file-storage
-ms.custom: linux-related-content
+ms.custom: linux-related-content, references_regions
 ms.topic: how-to
-ms.date: 05/09/2024
+ms.date: 10/14/2024
 ms.author: kendownie
 ---
 
@@ -25,25 +25,28 @@ Azure file shares can be mounted in Linux distributions using either the Server
 
 [!INCLUDE [files-nfs-limitations](../../../includes/files-nfs-limitations.md)]
 
-### Regional availability
+## Regional availability
 
-[!INCLUDE [files-nfs-regional-availability](~/reusable-content/ce-skilling/azure/includes/files-nfs-regional-availability.md)]
+NFS Azure file shares are supported in all the same regions that support premium file storage. See [Azure products available by region](https://azure.microsoft.com/explore/global-infrastructure/products-by-region/?products=storage&regions=all).
 
-## Prerequisites
+## Step 1: Create an NFS Azure file share
 
-- [Create an NFS share](storage-files-how-to-create-nfs-shares.md).
-- Open port 2049 on the client you want to mount your NFS share to.
+If you haven't already done so, [create an NFS Azure file share](storage-files-how-to-create-nfs-shares.md).
 
-    > [!IMPORTANT]
-    > NFS shares can only be accessed from trusted networks.
+## Step 2: Configure network security
 
-- Either [create a private endpoint](storage-files-networking-endpoints.md#create-a-private-endpoint) (recommended) or [restrict access to your public endpoint](storage-files-networking-endpoints.md#restrict-public-endpoint-access).
-- To enable hybrid access to an NFS Azure file share, use one of the following networking solutions:
-    - [Configure a Point-to-Site (P2S) VPN on Linux for use with Azure Files](storage-files-configure-p2s-vpn-linux.md).
-    - [Configure a Site-to-Site VPN for use with Azure Files](storage-files-configure-s2s-vpn.md).
-    - Configure [ExpressRoute](../../expressroute/expressroute-introduction.md).
+NFS shares can only be accessed from trusted networks. Currently, the only way to secure the data in your storage account is by using a virtual network and other network security settings. Any other tools used to secure data, including account key authorization, Microsoft Entra security, and access control lists (ACLs) can't be used to authorize an NFSv4.1 request.
 
-## Disable secure transfer
+> [!IMPORTANT]
+> The NFSv4.1 protocol runs on port 2049. If you're connecting from an on-premises network, make sure that your client allows outgoing communication through port 2049. If you've granted access to specific VNets, make sure that any network security groups associated with those VNets don't contain security rules that block incoming communication through port 2049.
+
+### Create a private endpoint or service endpoint
+
+To use NFS Azure file shares, you must either [create a private endpoint](storage-files-networking-endpoints.md#create-a-private-endpoint) (recommended) or [restrict access to your public endpoint](storage-files-networking-endpoints.md#restrict-public-endpoint-access).
+
+### Disable secure transfer
+
+Azure Files doesn't currently support encryption-in-transit with the NFS protocol and relies instead on network-level security. Therefore, you'll need to disable secure transfer on your storage account.
 
 1. Sign in to the [Azure portal](https://portal.azure.com/) and access the storage account containing the NFS share you created.
 1. Select **Configuration**.
@@ -52,24 +55,21 @@ Azure file shares can be mounted in Linux distributions using either the Server
 
     :::image type="content" source="media/storage-files-how-to-mount-nfs-shares/disable-secure-transfer.png" alt-text="Screenshot of storage account configuration screen with secure transfer disabled." lightbox="media/storage-files-how-to-mount-nfs-shares/disable-secure-transfer.png":::
 
-## Mount options
+### Enable hybrid access through VPN or ExpressRoute (optional)
 
-The following mount options are recommended or required when mounting NFS Azure file shares.
+To enable hybrid access to an NFS Azure file share, use one of the following networking solutions:
 
-| **Mount option** | **Recommended value** | **Description** |
-|******************|***********************|*****************|
-| `vers` | 4 | Required. Specifies which version of the NFS protocol to use. Azure Files only supports NFS v4.1. |
-| `minorversion` | 1 | Required. Specifies the minor version of the NFS protocol. Some Linux distros don't recognize minor versions on the `vers` parameter. So instead of `vers=4.1`, use `vers=4,minorversion=1`. |
-| `sec` | sys | Required. Specifies the type of security to use when authenticating an NFS connection. Setting `sec=sys` uses the local UNIX UIDs and GIDs that use AUTH_SYS to authenticate NFS operations. |
-| `rsize` | 1048576 | Recommended. Sets the maximum number of bytes to be transferred in a single NFS read operation. Specifying the maximum level of 1048576 bytes will usually result in the best performance. |
-| `wsize` | 1048576 | Recommended. Sets the maximum number of bytes to be transferred in a single NFS write operation. Specifying the maximum level of 1048576 bytes will usually result in the best performance. |
-| `noresvport` | n/a | Recommended. Tells the NFS client to use a non-privileged source port when communicating with an NFS server for the mount point. Using the `noresvport` mount option helps ensure that your NFS share has uninterrupted availability after a reconnection. Using this option is strongly recommended for achieving high availability. |
-| `actimeo` | 30-60 | Recommended. Specifying `actimeo` sets all of `acregmin`, `acregmax`, `acdirmin`, and `acdirmax` to the same value. Using a value lower than 30 seconds can cause performance degradation because attribute caches for files and directories expire too quickly. We recommend setting `actimeo` between 30 and 60 seconds. |
+- [Configure a Point-to-Site (P2S) VPN](storage-files-configure-p2s-vpn-linux.md).
+- [Configure a Site-to-Site (S2S) VPN](storage-files-configure-s2s-vpn.md).
+- Configure [ExpressRoute](../../expressroute/expressroute-introduction.md).
 
-## Mount an NFS share using the Azure portal
+## Step 3: Mount an NFS Azure file share
 
-> [!NOTE]
-> You can use the `nconnect` Linux mount option to improve performance for NFS Azure file shares at scale. For more information, see [Improve NFS Azure file share performance](nfs-performance.md#nconnect).
+You can mount the share using the Azure portal. You can also create a record in the **/etc/fstab** file to automatically mount the share every time the Linux server or VM boots.
+
+### Mount an NFS share using the Azure portal
+
+You can use the `nconnect` Linux mount option to improve performance for NFS Azure file shares at scale. For more information, see [Improve NFS Azure file share performance](nfs-performance.md#nconnect).
 
 1. Once the file share is created, select the share and select **Connect from Linux**.
 1. Enter the mount path you'd like to use, then copy the script.
@@ -79,7 +79,7 @@ The following mount options are recommended or required when mounting NFS Azure
 
 You have now mounted your NFS share.
 
-## Mount an NFS share using /etc/fstab
+### Mount an NFS share using /etc/fstab
 
 If you want the NFS file share to automatically mount every time the Linux server or VM boots, create a record in the **/etc/fstab** file for your Azure file share. Replace `YourStorageAccountName` and `FileShareName` with your information.
 
@@ -89,9 +89,23 @@ If you want the NFS file share to automatically mount every time the Linux serve
 
 For more information, enter the command `man fstab` from the Linux command line.
 
-### Validate connectivity
+### Mount options
+
+The following mount options are recommended or required when mounting NFS Azure file shares.
+
+| **Mount option** | **Recommended value** | **Description** |
+|******************|***********************|*****************|
+| `vers` | 4 | Required. Specifies which version of the NFS protocol to use. Azure Files only supports NFSv4.1. |
+| `minorversion` | 1 | Required. Specifies the minor version of the NFS protocol. Some Linux distros don't recognize minor versions on the `vers` parameter. So instead of `vers=4.1`, use `vers=4,minorversion=1`. |
+| `sec` | sys | Required. Specifies the type of security to use when authenticating an NFS connection. Setting `sec=sys` uses the local UNIX UIDs and GIDs that use AUTH_SYS to authenticate NFS operations. |
+| `rsize` | 1048576 | Recommended. Sets the maximum number of bytes to be transferred in a single NFS read operation. Specifying the maximum level of 1048576 bytes will usually result in the best performance. |
+| `wsize` | 1048576 | Recommended. Sets the maximum number of bytes to be transferred in a single NFS write operation. Specifying the maximum level of 1048576 bytes will usually result in the best performance. |
+| `noresvport` | n/a | Recommended. Tells the NFS client to use a non-privileged source port when communicating with an NFS server for the mount point. Using the `noresvport` mount option helps ensure that your NFS share has uninterrupted availability after a reconnection. Using this option is strongly recommended for achieving high availability. |
+| `actimeo` | 30-60 | Recommended. Specifying `actimeo` sets all of `acregmin`, `acregmax`, `acdirmin`, and `acdirmax` to the same value. Using a value lower than 30 seconds can cause performance degradation because attribute caches for files and directories expire too quickly. We recommend setting `actimeo` between 30 and 60 seconds. |
+
+## Step 4: Validate connectivity
 
-If your mount failed, it's possible that your private endpoint wasn't set up correctly or isn't accessible. For details on confirming connectivity, see [Verify connectivity](storage-files-networking-endpoints.md#verify-connectivity).
+If your mount fails, it's possible that your private endpoint wasn't set up correctly or isn't accessible. For details on confirming connectivity, see [Verify connectivity](storage-files-networking-endpoints.md#verify-connectivity).
 
 ## NFS file share snapshots
 
@@ -271,7 +285,6 @@ To mount an NFS Azure file share snapshot to a Linux VM (NFS client) and restore
    
 The files and directories from the snapshot should now be available in the `/media/nfs/restore` directory.
 
-## Next steps
+## Next step
 
-- Learn more about Azure Files with [Planning for an Azure Files deployment](storage-files-planning.md).
-- If you experience any issues, see [Troubleshoot NFS Azure file shares](/troubleshoot/azure/azure-storage/files-troubleshoot-linux-nfs?toc=/azure/storage/files/toc.json).
+- If you experience any issues, see [Troubleshoot NFS Azure file shares](/troubleshoot/azure/azure-storage/files-troubleshoot-linux-nfs?toc=/azure/storage/files/toc.json).
