Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
how to appropirately manage default export policy on cdot?
2015-04-23
08:51 AM
6,609 Views
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The default export policy is wild open to all hosts (0.0.0.0/0), if a rule is created under this policy with specified clients, then we should be alright, this is how I understood.
My question is, should we ever use the default policy, or in what situation, it could be used. I would say we should not use it.
What would you say?
5 REPLIES 5
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Default policy does not contain any rule, so access is denied by default. There no universal answer whether you should add rules to default policy or define your own - it all depends on your specific requirements.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OK. Would it cause any issues if I use one volume - one policy, which means everytime I create a volume I will assigned a new policy specifically to the volume?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The idea behind having central policies is to enable easier administration by reusing policies.
In my opinion adding one policy per volume would defeat that purpose and would make your system cumbersom to administrate.
Just as a side note: There is a limit to the maximum number of export policies you can create depending on the cluster size:
https://fieldportal.netapp.com/Core/DownloadDoc.aspx?documentID=139294&contentID=273354
https://fieldportal.netapp.com/Core/DownloadDoc.aspx?documentID=139296&contentID=273359
https://fieldportal.netapp.com/Core/DownloadDoc.aspx?documentID=139298&contentID=273360
I think there is no one answer fits it all, as already posted.
hope that helps.
cheers chriz
P.S. if you feel this post is useful, please KUDO or “accept as a solution" so other people may find it faster.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Understand that there is no one answer fits it all.
However, I am looking for a rule of thumb in creating exporting policy, if there is such. For instance, may be one policy for all related applications / projects /clients? Would that be a common rule?
Thanks for sharing.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes I think your suggestion is great.
Create an export-policy per Client / Application
cheers chriz
P.S. if you feel this post is useful, please KUDO or “accept as a solution" so other people may find it faster.
