ONTAP Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

Multi-Store used for multiple domains?

qanderson
‎2011-10-31 01:18 PM
4,812 Views

Ok guys need help on this one... Currently we have "DomainA" with 5000 user accounts and a netapp filer which hosts approx 500 shares... We are splitting by business unit into completely seperate domains... Problem is that people that are going to be moved into "DomainB" are still going to need to access CIFS data on the netapp which is going to remain in "DomainA". There will be no trust between these 2 domains... Will Multi-Store help with this? I've read some documentation that it will help consolidate multiple domains... Sorry, I'm kind of new to netapp administration and not sure if Multi-Store can help or not....  Thanks in Advance!

0 Kudos
View By:
7 REPLIES 7

paulstringfellow
NetApp A-Team
‎2011-10-31 01:56 PM
4,812 Views

Yep absolutely is the answer…

Multistore allows you to “virtualise” your filer, so it can have multiple personalities…these can then be run as pretty much full filers in their own right, so can be added to different domains, act as SAN controllers to push out LUNS to servers in different networks or domains…

The idea behind multistore is that is the foundation for secure multi tenancy, so if you are a hoster for example, they look and act as physically separate filers…

So quick answer to your question is yes, Multistore can certainly help with this, just bear in mind the multistore limit on a 2020 is something like 8 from memory and you will need the multistore licence.

scottgelb
NetApp A-Team
‎2011-10-31 01:57 PM
In response to paulstringfellow
4,812 Views

I think he wants a single vFiler to be a member of 2 domains though which isn't possible.  qanderson can you clarify?

0 Kudos

scottgelb
NetApp A-Team
‎2011-10-31 01:56 PM
4,812 Views

A MultiStore vFiler is similar to a physical controller in that each vFiler can only be a member of one domain.  The ability to join multiple domains is on a per vFiler basis, for example, where 2 different vFilers can be members of different domains but only 1 domain each.

qanderson
‎2011-10-31 02:00 PM
In response to scottgelb
4,812 Views

Thanks for everything so far, @Scott, Im not sure what I need... If I create a vFiler and join it to DomainB can the CIFS shares on the filer be accessed from both Domains?

0 Kudos

scottgelb
NetApp A-Team
‎2011-10-31 02:01 PM
In response to qanderson
4,812 Views

No..not without a trust between them... or local user accounts... you can create up to 96 local accounts independent of the domain.  But the vFiler can join only DomainA or B not both on a per vFiler basis.

0 Kudos

scottgelb
NetApp A-Team
‎2011-10-31 02:00 PM
In response to scottgelb
4,812 Views

We have had use cases where clone or mirror volumes (from vfiler0 the physical controller) between different vFilers to share data...however with different domains the permissions and SIDs wouldn't match on the other side unless you had mappings and then you have to have either a readonly or snapshot in time clone which probably isn't a fit...but is another consideration.

0 Kudos

aborzenkov
‎2011-10-31 07:11 PM
4,812 Views

For how long and how many users need access to “foreign” domain? The following would work – create “shadow user” in Domain A for every user in Domain B that needs access shares in it and let users in Domain B connect to shares as their shadow counterpart. This is a lot of manual administrative work to maintain user list, and there is potential problem with changing passwords for shadow users; but if you need it for short transitional time only, it could work.

Another possibility is to create third domain C and let it trust both A and B. But one way only ☺

0 Kudos
All Community Forums
Public