Skip to content

Connector Overview

File Access Manager NFS Connector supports Permissions Collection and Data Classification for Linux/Unix servers.

NFS protocol versions

The NFS agent supports the following NFS protocol versions:

  • NFSv3 - The agent uses the standard NFSv3 protocol to crawl NFS exports and directory structure.

The agent retrieves and analyzes UNIX-style object permissions.

  • NFSv4.1 - The agent uses the standard NFSv4.1 protocol to crawl the NFS pseudo-filesystem.

Identity Collection schemes

The NFS agent supports the following Identity Collection schemes:

  • Unix/Linux local users and groups are retrieved through SSH (or Telnet, if SSH is not available).
  • For environments with UNIX-style permissions, identities can be gathered from:

    • NIS server.
    • List of local users and groups.
  • For environments with NFSv4-style ACL permissions, identities can be gathered from:

    • Active Directory domain.
    • NIS server.
    • List of local users.

Capabilities

This connector enables you to use File Access Manager to access and analyze data stored in NFS and do the following:

  • Analyze the structure of your stored data.
  • Monitor user activity in the resources.
  • Classify the data being stored.
  • Verify user permissions on the resources, and compare them against requirements.
  • Manage access fulfillment - automated granting and revoking of access - according to rules set in File Access Manager.
  • Identity collector – collect IAM users, groups and roles and the connections between them.

Supported Versions

  • NFS v3
  • NFS v4.1 (including Integrity and Privacy export security types)

NFS Installation Flow Overview

To install the NFS connector:

  1. Configure all the prerequisites.
  2. Add a new NFS application in the Business Website.
  3. Install the required services:

    • Activity Monitor- This is the activity collection engine, used by all connectors that support activity monitoring.
    • Permissions Collector - If you are using EC2 login, the collector should be installed on the EC2 instance.
    • Data Classification Collector

Important

Installing the permissions collector and data classification services is optional and should only be installed by someone with a full understanding of File Access Manager deployment architecture.