Connector Overview
File Access Manager NFS Connector supports Permissions Collection and Data Classification for Linux/Unix servers.
NFS protocol versions
The NFS agent supports the following NFS protocol versions:
- NFSv3 - The agent uses the standard NFSv3 protocol to crawl NFS exports and directory structure.
The agent retrieves and analyzes UNIX-style object permissions.
- NFSv4.1 - The agent uses the standard NFSv4.1 protocol to crawl the NFS pseudo-filesystem.
Identity Collection schemes
The NFS agent supports the following Identity Collection schemes:
- Unix/Linux local users and groups are retrieved through SSH (or Telnet, if SSH is not available).
-
For environments with UNIX-style permissions, identities can be gathered from:
- NIS server.
- List of local users and groups.
-
For environments with NFSv4-style ACL permissions, identities can be gathered from:
- Active Directory domain.
- NIS server.
- List of local users.
Capabilities
This connector enables you to use File Access Manager to access and analyze data stored in NFS and do the following:
- Analyze the structure of your stored data.
- Monitor user activity in the resources.
- Classify the data being stored.
- Verify user permissions on the resources, and compare them against requirements.
- Manage access fulfillment - automated granting and revoking of access - according to rules set in File Access Manager.
- Identity collector – collect IAM users, groups and roles and the connections between them.
Supported Versions
- NFS v3
- NFS v4.1 (including Integrity and Privacy export security types)
NFS Installation Flow Overview
To install the NFS connector:
- Configure all the prerequisites.
- Add a new NFS application in the Business Website.
-
Install the required services:
- Activity Monitor- This is the activity collection engine, used by all connectors that support activity monitoring.
- Permissions Collector - If you are using EC2 login, the collector should be installed on the EC2 instance.
- Data Classification Collector
Important
Installing the permissions collector and data classification services is optional and should only be installed by someone with a full understanding of File Access Manager deployment architecture.