Network File System (NFS)

Owned by Andrea Harvey
Last updated: Oct 13, 2023
4 min read

On This Page

Overview

The NFS connector in DryvIQ is used to connect to network file systems on computers running Microsoft Windows. The connection has specific permission-related requirements beyond that of the connector Identity. Additional configuration may be needed to allow DryvIQ to use of the NFS Connector. 

Prepare a DryvIQ Manager Service account 

When a DryvIQ scan runs, it is the DryvIQ Manager Service that is connecting to and accessing the content on the NFS platform.  Therefore, the DryvIQ Manager Service needs to be running as a domain account that has the proper permissions to access the content that will be managed by DryvIQ. For proper job function, the account requires read, write, update, and delete privileges. 

Microsoft Server (Optional)

You can optionally create the database before running the installer:

  1. Log into SQL Server Management Studio.

  2. Create a new database.

    • Set the name appropriately (for example, DryvIQ).

    • Do not select an owner.

    • Set the recovery mode to simple.

    • Add the Windows Service Account User to the database.

      • Security > Logins > {Windows Service Account User} > properties > Server Roles > dbcreator or sysadmin

      • Security > Logins > {Windows Service Account User} > properties > User Mapping > DryvIQ > db_owner

Prepare Source environment  

Prepare the source environment by doing the following:

  • Create a Windows domain user account that will be used to access the content and grant main admin privileges to that user on the file server.

  • Ensure the account used to create the NFS Connector has all necessary permissions to edit, copy, delete, and create files and folders.

  • If using IP, ensure that the IP is static and will not change.

Create an NFS Connection

  1. Select Connections > Add connection.

  2. Select Network File System as the platform on the Add connection modal.

  3. Enter the connection information. Reference the table below for details about each field.

  4. Test the connection to ensure DryvIQ can connect using the information entered.

  5. Select Done.

Field

Description

Required

Field

Description

Required

Display as

Enter the display name for the connection. If you will be creating multiple connections, ensure the name readily identifies the connection. The name displays in the application, and you can use it to search for the connection and filter lists.

If you do not add a display name, the connection will automatically be assigned a default name. 

Optional

UNC Path

Enter the UNC path for the connector. The UNC path will be to a folder at least 1 level off the root of the server, for example: \\<server name>\<folder on server> 

You can also use the server IP address, for example: \\<ipaddress>\<folder on server> 

You can locate the information by going to Windows>Control Panel>System and Security>System.

Required

User Name

Enter the user name for the administrator account. You should leave this field blank if you are using integrated authentication.

This needs to be an account with authority to access the content you will to process.

*When creating a NFS connection with a UNC Path containing unicode characters (i.e. \\test\あああ), User Name and Password are REQUIRED.

Optional*

Password

Enter the password for the administrator account. You should eave this field blank if you are using integrated authentication.

*When creating a NFS connection with a UNC Path containing unicode characters (i.e. \\test\あああ), User Name and Password are REQUIRED

Optional*

 

NFS Connection Troubleshooting for Microsoft Windows

When DryvIQ is running on Microsoft Windows, there are some nuances that may affect creating an NFS connection.

Multiple NFS Connections

You cannot create multiple connections to the same location UNC path and multiple users when DryvIQ is running on Windows. The connection creation will fail for the second user because the DryvIQ Platform uses an underlying Windows mechanism that requires unique names for each connection. If a connection to the same location but different user is needed, a workaround is to use the domain name in the UNC path for one connection and the IP address in the UNC path for the second connection.

 

Failed Connection Tests after Correcting Username or Password

There is an underlying Microsoft Windows issue that can cause issues when creating NFS connections. If an attempt is made to create a new NFS connection using an invalid username/password. The connection test will fail, which is expected behavior. Immediately entering the correct username/password may still result in a failed connection test even though it should pass. To prevent this issue, wait about 15 seconds after entering the correct username/password before running the connection test. The extra time allows Windows time to clear out the incorrect credentials and recognize the correct ones that were provided.

 

Understanding the Overshared Flag

The DryvIQ Discovery Scan has a built-in “overshared” permissions flag. When the scan detects access granted to the following groups, the file will be flagged as "overshared."

  • Everyone

  • Domain Users

  • Authenticated Users

Last Accessed Date

DryvIQ processing affects the Last Accessed date for files, but DryvIQ restores the original Last Accessed date after reading the file to preserve this date. If the NFS account used to create the source connection has read-only permissions to the source files, DryvIQ cannot restore the Last Accessed date, so the date will be affected by DryvIQ processing.

DryvIQ Govern Version: 5.9.2
Release Date: December 17, 2024