Network Storage Data Stores
DDC supports two types of Network Storage types as data stores:
NFS Share - NFS (Unix Network File System) is a distributed file system protocol allowing a user on a client computer to access files over a computer network as if it were a local storage.
SMB/CIFS Share - Common Internet File System (CIFS) is a cross-platform, transport-independent protocol that provides a mechanism for client systems to use file and print services made available by server systems over a network.
Note
SMB/CIFS is supported for Windows only. Currently, the SMB implementation on Linux (Samba) is not supported. Also, we cannot guarantee that NFS type data stores on MAC will work properly.
To add a SMB/CIFS Share data store:
Use a Windows Proxy Agent.
Ensure that the target storage is accessible from the Proxy agent host.
To add a NFS Share data store:
Use a Linux Proxy Agent.
The target storage path must be mounted on the Proxy agent host. For instructions, refer to Mounting an NFS Share.
Note
For both types of these data stores, the credentials to access the target storage must have the minimum permissions required to scan it. Bear in mind that data discovery or scanning of data requires read access.
Adding Network Storage Data Stores
1. Select Type & Category
On the Select Type & Category screen, select Network Storage in Select Data Store Category.
From the Select Network Storage Type dropdown, select NFS Share or SMB/CIFS Share.
Click Next.
2. General Info
Specify the following details:
Data Store Name: Name for the data store.
Description (Optional): Description for the data store.
Location Name: Location of the data store.
Add Location: Click Add Location to add new locations to the Location Name dropdown list. Refer to Adding Locations for detailed steps.
Sensitivity Level (Optional): Sensitivity level for the data store. Refer to Sensitivity Levels for details.
Enable Data Store: Whether to enable the newly added data store. Select the check box to enable the data store.
Click Next.
3. Configure Connection
On the Configure Connection screen, provide the following configuration details for your data store:
NFS Share
Hostname/IP - Provide a valid hostname or IP address of the NFS server. For example, if the NFS shared path is
server_ip:/srv/nfs/share, then enterserver_ipin the field.Share Path - Provide a valid NFS path that begins with a slash ('/'). This is the path of the shared directory on the NFS server. For example, if the NFS shared path is
server_ip:/srv/nfs/share, then enter/srv/nfs/sharein this field.Agent Hostname/IP - Provide a valid hostname or IP address of the host where DDC agent resides. It is mandatory to mount the file share on the host for scanning it.
Mount Point (On Proxy Agent) - Provide a valid directory path on the Proxy host where the NFS Shared Path is mounted. This is the local directory on the proxy agent where the NFS shared directory will be accessible. Note that the name of the local directory may be different from the Share path.
Warning
Mount the NFS export on the mount point on the proxy agent host before running any NFS scan.
Note
Use consistent values in the Hostname/IP field and the mount command on the DDC Proxy Agent. It is not possible to use the server IP address to execute the mount command, and then subsequently use the hostname to create the data store, or vice-versa.
SMB/CIFS Share
Hostname/IP - a valid hostname, IP address, or URI of the data store. For example, if your Windows share path is \\remote-server-name\share-name, enter remote-server-name.
Share Name - a valid Windows share name. These characters are not allowed in the Share Name:
=*?,<>|;:+[]"/\
Caution
Do not confuse the Share Name with the Network Path. In Windows, the Share Name is typically set in the Advanced Sharing settings in the folder sharing properties.
User, Password - provide a valid username and password. Use the appropriate user name format for the target Windows hosts credentials:
<domain\username> - use this format if the Windows host and the Windows agent host reside in the same Active Directory.
<target_hostname\username> - use this format if the Windows host and the Windows agent host do not reside in the same Active Directory.
<username> - use it if the above formats do not work.
Tip
DNS / DNS reverse resolution may increase the time to scan. Make sure that you optimize your DNS resolution or modify the agent's hosts file to skip the external DNS resolution as indicated in this technical note.
The Agent Selection section allows you to specify the minimum and maximum number of proxy agents when adding a data store. Employing a group of agents instead of a single agent to run the scan should improve the scan execution time.
Note
The multiple agent functionality is not supported for the Linux Data Store (NFS Share).
In the Select Number of Agents menu set the number of agents for the data store:
Minimum: Set the minimun number of agents to use to scan the data store. At least that number of proxy agents must be able to connect to the data store.
Maximum: Set the maximum number agents to use to scan the data store.
Warning
As there is no limit on the number of minimum and maximum agents that you can set, you should exercise caution so that you do not impact the system performance by using too many resouces for a single scan.
You will not be able to add a data store if the minimum number of agents cannot be assigned.
A scan will fail if the assigned agent is unavailable after adding the data store.
The minimum number of agents must be less than or equal to the maximum number of agents.
In the Add Label field, add an agent label, by entering a label or removing an existing label. Agent labels represent the agent capabilities.
Note
The Add Label functionality is not supported for the NFS Share Data Store.
Click Next.
4. Add Access Control & Tags
(Optional) Grant the
All groups (default)access for reports. Alternatively, select a group.Click Save.
The data store is added to the Data stores page. If the Ready to Scan column shows Ready, then data store is properly configured.
For more information on Access control and Tags, expand the section below.
Access Control & Tags
Access Control & TagsThe Access Control & Tags screen in the Add Data Store wizard allows you to grant access rights to your data store and add tags. More details below:
ACCESS CONTROL - select user groups that can access the data store. Access to a data store provides ability to see reports that include scans of that data store. The available options are:
All groups: All groups of users can access the data store through reports. This is the default setting.
Selected group/s: Specified user defined groups can access the data store through reports. When this option is selected, select a group from the dropdown list. This list shows existing user defined groups. The user defined groups must already exist on CipherTrust Manager. If no user defined groups exist, ask the administrator to create a group. If needed, you can select multiple groups. Start typing the name of the desired group and select from the suggested groups.
TAGS - select a tag from the Add Tag dropdown list. Please check the list of prebuilt tags in Predefined Tags.
Tip
New tags can also be added. Start typing a new tag, and click the New: <new_tag> link that appears below the drop-down list.
Add as many tags as needed.
To remove a tag, click the close icon in the tag name.
Click Save to create the data store. At any time during the configuration you can click Back to go to any of the previous wizard screens to update the configuration. The newly created data store appears on the Data Stores page. By default, data stores are displayed in alphabetic order by name. Depending on the number of entries per page, you might need to navigate to other pages to view the newly created data store.
