APPLICATION NOTE

Using DirectControl with Network Appliance (NetApp) Filers

Integrating NetApp Servers and Centrify DirectControl to Enable Active Directory Users to Access Remote Shares with a Consistent User ID and Name Mapping

Published: 19 June 2006

NetApp storage systems help enterprises to provide a highly available and scaleable data storage service that delivers a higher level of data protection at a much lower cost of ownership. However, in a mixed environment where both Windows and UNIX systems need to access common files or directories, there is a need for a common security model to control access. DirectControl provides the interface to this common authentication method for non-Windows computers in an Active Directory environment.

Through proper configuration of the NetApp storage system, you can share a common volume to both a Windows network using the CIFS file- sharing protocol and a UNIX network using the NFS file-sharing protocol. Since it is possible for the user to access the same shared volume from either Windows or a UNIX system using two different file sharing protocols (CIFS and NFS), it is important that a mapping exists between the UNIX and Windows identities in order to preserve proper ownership and permission settings for files. If the user is accessing the volume from a Windows machine, the user's Windows identity is used. If the user is accessing the volume using NFS, the user's UNIX identity is used.

DirectControl provides an identity mapping mechanism centrally managed within Active Directory that links a user's Windows account to a UNIX profile containing the user's UNIX account attributes. This mapping can then be used by the NetApp server to provide consistent ownership and access rights to files and directories accessed by the user. This application note describes the various ways to integrate the NetApp servers with the mapping data that DirectControl maintains for users and groups.