Product data
Table Of Contents
- Contents
- Introduction
- Networked Storage Overview
- Storage Concepts and Technologies
- Conclusion
- Obtaining Technical Assistance
- Appendix A
Storage Concepts and Technologies
previously). Users must have an ID on the system in order to open a CIFS, NFS or FTP
connection.
Data privacy is provided by the partitioning of volumes into shares as follows:
• Users and groups must have been granted access to a share in order to see files on that
share.
• Within a share, access is controlled by the group and user read/write permissions,
defaults for which are defined for each share contained on a volume.
• Each user is assigned a profile (either provided by a system directory or defined
locally on the system) and a primary group.
• Users may be added to additional groups (via Add group or Edit group), but the
primary group defines the group ownership for all files created by the user (and from
which quotas are assigned) under each share.
The NSS has built in support to require hosts to authenticate before the host is able to gain
access to the volume. Authentication to a CIFS\SMB Windows share is encrypted.
Encryption is done on a volume basis and is not tied to the end station. The NSS supports
NTLMv1 authentication, which is an encrypted authentication scheme. When operating
within an ADS domain, the Kerberos authentication protocol is used instead of NTLM.
Note
NTLMv2 is more secure encrypted authentication scheme that may be supported in a
future NSS release. Note that Vista clients will attempt to use NTLMv2 by default unless
explicitly configured otherwise. Vista clients should be configured to use NTLMv1.
Data Integrity and Protection
NSS has some built in capabilities that increase data integrity such as hot swapping, file
journaling, hot spares, RAID set failure handling, and Redundant Power Supply Units
(RPSU) options. Data protection features include on disk file encryption and volume locking.
RAID Hot Spares
Linksys NSS products support RAID hot spares, which protects data in the event of one or
multiple hard drive failures. The hot spare drive (or drives) assigned to mirror data written
to the active drives in the NSS system will automatically activate if there is a failure on one or
more of the primary drives.
Data Encryption
Linksys NSS supports on-disk data encryption with the 256-bit Advanced Encryption
Standard [AES] encryption algorithm. Deploying AES data encryption functionality will
allow the business to store traffic on the NSS infrastructure securely without putting
sensitive proprietary information at risk in the event that a drive or unit is stolen.
If data encryption is desired, it must be activated during volume creation. It can not be
turned on after the volume has been created. A password is used to manage access the data.
Passwords must be entered to access an encrypted volume whenever the NSS is started up
(after power cycle, shutdown/reboot). The password can be changed at any time.
2
Warning
Data encryption must be activated during volume creation. Where there is available
storage capacity in the array, a volume size may be increased whether encrypted or not.
However, it is not possible to reduce the encrypted volume size.
White Paper: Network Storage LINKSYS © 2007
15 EDCS-593805 v1.0
A printed copy of this document is considered uncontrolled