William,
Dirk is right, however if all you want to do is host a database on your filer there's no need to spend the money on a Multistore license.
I've been doing this for over four years now (long before vfilers/multistore).
Just create a dedicated Gigabit Ethernet network segment (seperate switch or port VLAN or simple crossover cable). Create a separate IP range for the dedicated "storage network". Here you can be creative and use jumbo frames (large MTU) if your switch supports it to improve large transfer performance. Because it's a seperate physical network the large frames won't be seen by your routers so you can use them safely.
For NFS databases, simply set up a seperate identity in your hosts file for the filer on the storage network and you're done.
For CIFS (Windows) things are a little more complicated.
If you're using SQL Server 7.0 or 2000, set the trace flag to allow UNC paths ("dbcc traceon 1807").
The only catch is that the UNC path (or mapped drive letter for Sybase/Informix/Oracle) must use the actual dedicated network IP address, not a name or you'll get a "network path not found". Using a LMHOSTS #PRE definition doesn't help here as the issue is the authentication path to the domain controller. (Named paths force a direct DC lookup first to get a token to send with the open file request, IP address paths force the target device to do the lookup itself which is what we need in this case).
So, to access your tablespace files the path might be something like "\192.168.1.100\SQL$\MSSQL"
Certainly the share is still available on both networks - which is what you are trying to avoid, however you use can use the ACL's and hidden shares to reduce or eliminate the risk of user access to the share over the LAN.
This approach is recommended in several of the NetApp database integration technical reports available on www.netapp.com
regards,
Alan McLachlan Senior Systems Engineer Storage Management Solutions ASI Solutions www.asi.com.au Ph +61 2 6230 1566 Fax +61 2 6230 5343 Mobile +61 428 655644 e-mail amclachlan@asi.com.au
-----Original Message----- From: Dirk Schmiedt [mailto:Dirk.Schmiedt@munich.netsurf.de] Sent: Wednesday, 16 July 2003 9:44 PM To: Holland, William L Cc: 'toasters@mathworks.com' Subject: Re: Restricting volume access to specific network interfaces
Holland, William L wrote:
Is it possible to restrict access to volumes/qtrees/shares to specific network interfaces? For instance, I create a volume and/or qtree to host a database. I don't want it to be accessed via the onboard 10/100
connection,
instead I only want it to be accessible by a dedicated GbE connection i.e. e4a.
Hello William
Yes. You'll have to buy a MultiStore / VFiler license. This will give you the ability to use multiple independent routing tables for different physical and/or virtual network interfaces, named "IP spaces". Then you create a vfiler and assign your qtrees/volumes and the selected ip space to it, configure the protocol NFS, CIFS, RSH and you are done.
Smile & regards! Dirk
**** ASI Solutions Disclaimer **** The material transmitted may contain confidential and/or privileged material and is intended only for the addressee. If you receive this in error, please notify the sender and destroy any copies of the material immediately. ASI will protect your Privacy according to the 10 Privacy Principles outlined under the new Privacy Act, Dec 2001.
This email is also subject to copyright. Any use of or reliance upon this material by persons or entities other than the addressee is prohibited.
E-mails may be interfered with, may contain computer viruses or other defects. Under no circumstances do we accept liability for any loss or damage which may result from your receipt of this message or any attachments. **** END OF MESSAGE ****