How Can We Help?

Categories

NetApp – SVM Export Policy for VMware over NFS

Created On
Last Updated On
byAndré M. Clark
Print
You are here:
< All Topics

The following is an example NetApp export policy to create for a storage virtual machine (SVM) used to host VMware over NFS datastores. The policies below are based on TR-4597: VMware vSphere with ONTAP Best Practices. The settings below also represent performing the configuration from the command line (CLI) and not via the ONTAP tools for VMware vSphere or System Manager.

Additionally, this is the preferred export policy rule to Configure for ONTAP to allow VAAI over NFS.

NOTE: For security purposes and as an operational recommendation, limit the export policy rules to either the ESXi host(s) or the subnet(s), in CIDR format, for the NFS vmkernel of the host(s).

Create new Read-Only policy & rules for SVM root

vserver export-policy create -vserver <SVM> -policyname vmware-root
vserver export-policy rule create -vserver <SVM> -policyname vmware-root -clientmatch <address> -protocol nfs -rorule sys -rwrule never -superuser sys
vserver export-policy rule show -vserver <SVM>

Create new policy & rules for Datastore volumes

vserver export-policy create -vserver <SVM> -policyname vmware-access
vserver export-policy rule create -vserver <SVM> -policyname vmware-access -clientmatch <address> -protocol nfs -rorule sys -rwrule sys -superuser sys
vserver export-policy rule show -vserver <SVM>

NOTE: If the NetApp NFS Plug-In for VMware VAAI is used, the protocol should be set as nfs when the export policy rule is created or modified. The NFSv4 protocol is required for VAAI copy offload to work, and specifying the protocol as nfs automatically includes both the NFSv3 and the NFSv4 versions.

Enabling VAAI over NFS support

Make sure that the vStorage feature has been enabled on the SVM:

nfs modify -vserver <SVM> -vstorage enabled
nfs show -fields vstorage

Create the export policy rule; this will be attached to the default policy and should be the only rule.

vserver export-policy rule create -vserver <SVM> -policy default -clientmatch 0.0.0.0/0 -rorule any -rwrule any -superuser any -anon 0

Validate all settings

vserver export-policy show -vserver <SVM>
vserver export-policy rule show -vserver <SVM>
nfs show -fields vstorage
Table of Contents