Network and Storage Protocols
Network and Storage Protocols
Hi, we have a customer looking to move their CIFS file shares from a Windows Server to a NetApp.
There are currently using Windows Server's File Screening feature in Windows File Server Resource Manager to block certain file types. They would like to continue doing this when they move to the Netapp.
I understand FPolicy can do some screening, but that it can also integrate with File Screening Servers to get it's policy data ... can such a server be a Windows Server with the native Microsoft File Screening feature? If so does anyone know where I might find some documentation for setting this feature up?
Many thanks!
--
Mark Lomas
Solved! See The Solution
Hi Mark
When the NetApp Controller provides the CIFS Shares, there is no FSRM available. In order to use the FSRM feature within the Windows Server, it would need to support the FPolicy Feature/API of the NetApp Controller (which is not the case afaik).
You can setup basic file screening within the NetApp System. e.g. to block mp3 files from being stored:
options fpolicy.enable on
fpolicy create mp3blocker screen
fpolicy ext inc set mp3blocker mp3
fpolicy options mp3blocker required on
fpolicy monitor set mp3blocker -p cifs,nfs create,rename
fpolicy enable mp3blocker -f
Thats it,
Peter
PS In worst case they can keep using their Windows Server and attach a LUN to the NetApp (iSCSI/FC), then they can keep using the FSRM but loose the best snapshot technology in the world (or most of it)...
Hi Mark
When the NetApp Controller provides the CIFS Shares, there is no FSRM available. In order to use the FSRM feature within the Windows Server, it would need to support the FPolicy Feature/API of the NetApp Controller (which is not the case afaik).
You can setup basic file screening within the NetApp System. e.g. to block mp3 files from being stored:
options fpolicy.enable on
fpolicy create mp3blocker screen
fpolicy ext inc set mp3blocker mp3
fpolicy options mp3blocker required on
fpolicy monitor set mp3blocker -p cifs,nfs create,rename
fpolicy enable mp3blocker -f
Thats it,
Peter
PS In worst case they can keep using their Windows Server and attach a LUN to the NetApp (iSCSI/FC), then they can keep using the FSRM but loose the best snapshot technology in the world (or most of it)...
One item missing is the fpolicy volume option to limit this to a particualr volume, so to apply only to a volume called homedirs:-
fpolicy vol inc add mp3blocker homedirs
if need to turn it off in a hurry as I just had to do :
fpolicy disable mp3blocker.
I have seen issues here, worked fine initially, then sudenly users could create one file or folder then all files and folder creation blocked
Hello,
is it possible to block not just File Types, but File Patterns?
for Example:
How_to_decrypt.html or How_to_decrypt.*
At Windows File Server I can donwload a List from:
https://fsrm.experiant.ca/api/v1/get
to block all this stuff.
for example
"*.wcry","*.velikasrbija","*.razarac","*.serpent","*.msj","*.szesnl","_DECRYPT_INFO_szesnl.html","000-IF-YOU-WANT-DEC-FILES.html","*.evillock","*.letmetrydecfiles","*.yourransom","*.lambda_l0cked","*.gefickt","*.uk-dealer@sigaint.org ","*.HakunaMatata","*.CRYPTOSHIELD","*.weareyourfriends","MERRY_I_LOVE_YOU_BRUCE.hta"
I can say block these File-extensions, file patterns AND when somebody try to Safe this file send an EMail to xx-it@mycompany.com with a warning an with the name/ip of the user who is trying to safe the ransomware data.
is it possible to implent it on Netapp?