Pure Certified FlashBlade©

Support Specialist Certification

Prep

Speaker name
Speaker title
Employing company

@purestorage Date
File System and Object
Store Access

Speaker name
Speaker title
Employing company

@purestorage Date
Agenda Day X – November XX
Subject to change

Session Schedule Session Goals

Lorem Ipsum Dolor Sit Amet 9:00 AM - 9:20 AM

Lorem Ipsum Dolor Sit Amet Lorem Ipsum Dolor

Sit Amet 9:20 AM - 10:20 AM Name, Title - Company Name, Title - Company

Break 10:20 AM - 10:30 AM Relax

Lorem Ipsum Dolor Sit Amet Lorem Ipsum Dolor

Sit Amet 10:30 AM - 11:10 AM Name, Title - Company Name, Title - Company

Lorem Ipsum Dolor Sit Amet 11:10 AM - 11:40 AM Name, Title - Company

Lorem Ipsum Dolor Sit Amet 11:40 AM - 12:10 PM Name, Title - Company

Lorem Ipsum Dolor Sit Amet 12:10 PM - 12:30 PM

Lorem Ipsum Dolor Sit Amet 12:30 PM - 1:00 PM Lorem ipsum dolor sit amet, consectetur adipiscing elit.

©2023 Pure Storage Confidential - Subject to partner NDA Uncomplicate Data Storage, Forever 3
 00 Introduction

01 Administration

2
02 Networking

03 File System and Object Store Access

Course Agenda
04 Directory Services

05 Performance and Capacity Issues

06 Hardware

©2023 Pure Storage Confidential - Subject to Partner NDA 4

 01 Network File System (NFS)

02 Server Message Block (SMB)

File System and
Object Store 03 Simple Storage Service (S3)

Access
Agenda

©2023 Pure Storage Confidential - Subject to Partner NDA 5

Network File System
(NFS)

© 2022 Pure
©2023 Pure Storage
Storage Confidential
Confidential -- Subject
Subject to
to partner
Partner NDA
NDA
Uncomplicate Data Storage, Forever 6
 Following completion of this training you
should be able to:

1
○ Troubleshoot access problems
based on mount options,
permission, export rules and
Learning policies, and NFS version
Objectives 2
differences.
○ Troubleshoot access problems
on NFS client.

©2023 Pure
©2023 Pure Storage
Storage Confidential
Confidential -- Subject
Subject to
to partner
partner NDA
NDA 7
 Mount Options
Mount options are generally not a requirement. Our recommendation is to allow
auto-negotiate and exclude options unless the environment, OS, or VM need
specific variables set, or for optimization.
tcp - FlashBlade does not support UDP as a transfer protocol for NFSv3. If an operating system does
attempt to use UDP this option would be necessary to set.

nolock - NLM is support from Purity//FB 2.0.3+. We recommend leaving this option off for all FlashBlades
on 2.0.3+.

hard - Hard is the default option for most linux systems. We do not recommend using soft mounts unless
there is a very specific reason for it. If an OS or VM is mounting as soft we recommend using the hard
option.

intr or nointr - Allows/Disallows NFS requests to be interrupted if the server goes down or cannot be
reached. This mount option is deprecated after kernel 2.6.25.

©2023 Pure Storage Confidential - Subject to Partner NDA 8

 Mount Options (cont.)
timeo
NFS Timeouts need to be 60 Seconds [timeo=600 (tenths of seconds)] or higher to avoid non-disruptive
processes, such as upgrades, from being impactful. If this is not an OS or VM default this option should be
used.

rsize and wsize

FlashBlade recommends buffers to be 512K to get optimal performance. If the OS or VM has smaller by
default using these flags is recommended.

relatime
FlashBlade only supports relatime if it is specifically set as an option. This sets the atime (access time) of a
file when its modified. We don’t update it on reads.

sec
The sec option sets the security type for the mount. krb5 options are only supported in NFSv4.1.
sys: This is the default mount option with no cryptographic protection.
krb5: Enables Kerberos authentication.
krb5i: Enables Kerberos authentication with integrity checks.
Krb5p: Enables Kerberos authentication with integrity checks and traffic encryption.
©2023 Pure Storage Confidential - Subject to Partner NDA 9
 NFS Mounts
Linux
The general recommendation for modern Linux operating systems is
auto-negotiation with no options.

If options are required they are included after the -o flag.

You can check the mount variables while they are mounted by using
grep for the file system name in /proc/mounts.

©2023 Pure Storage Confidential - Subject to Partner NDA 10

 NFS Mounts
Windows
The nfs options are configured before mounting on windows with the Set-NfsClientConfiguration command.

Once set you can check the updated settings using Get-NfsClientConfiguration command.

The mount is then done similar to linux but specifying a drive letter.

©2023 Pure Storage Confidential - Subject to Partner NDA 11

 NFS Mounts
Mac
Mounting on Mac is similar to linux but we do have suggested mount options of raising the timeout,
increasing the read/write buffers, and set nolock to avoid NLM locking issues that can occur on Mac.

Options set for existing mounts can be found using nfsstat -m

©2023 Pure Storage Confidential - Subject to Partner NDA 12

 NFS Mounts
Others
Other operating systems have similar mount configurations and options to linux but do
have known options that are needed to follow best practices.

AIX - default buffer size is 64kb and the timeo is 100 = 10 seconds. These need to be raised to our
recommended settings.

Solaris - wsize and rsize options should be used but versions prior to Solaris 10 ignore larger wsize and
rsize. The default is 32k. This can be changed by updating the bsize limit on the client.

HP-UX - Enable 32-bit inode support in the export. This will be discussed in the next slide.

VMware - Refer to the VMware official best practices and documentation.

©2023 Pure Storage Confidential - Subject to Partner NDA 13

 NFS Export Rules Options
Export rules are similar to mount options and most are interchangeable but export rules are set on the FlashBlade
side rather than being specified on the client mount. There are additional options that can only be set from the
FlashBlade side.

ro - Grants Read-Only permissions to users or groups.

rw - Grants Read-Write permissions to users or groups.

fieldid_32bit - Allows 32-bit inode support for clients (Recommended for HP-UX clients).

nofileid_32bit - Disables 32-bit inode support for clients.

root_squash - Prevents users and groups with root privileges from mapping their privileges to a
file system. All users with UID 0 will be mapped to anonuid and users with a GID 0 to anongid.

no_root_squash - Allows root users and groups to access with root privileges.

©2023 Pure Storage Confidential - Subject to Partner NDA 14

 NFS Export Options (cont.)
all_squash - Maps all UID to anonuid or anongid.

no_all_squash - Prevents the remapping of user and group IDs to anonuid 65534 or anongid 65534. All
users and groups will retain their IDs unless root_squash is also specified.

anonuid - Any user whose UID is aHected by root_squash or all_squash will have their UID mapped to
anonuid. The default anonuid is 65534.

anongid - Any user whose GID is aHected by root_squash or all_squash will have their GID mapped to
anongid. The default anongid is 65534.

atime - Updates an inodes access time when there is a read operation on it.

noatime - Disables inode access time from being updated.

secure - Prevents NFS access to client connections coming from non-reserved ports.

insecure - Allows NFS access to client connections coming from non-reserved ports.

©2023 Pure Storage Confidential - Subject to Partner NDA 15

 NFS Export Rules within Policies
NFS Export Rules support sorting clients by anonymous (*), IP address (IPv4 and IPv6) , CIDR notation, and
netgroups (LDAP, AD, or NIS). This can be configured for each share using the Export Rules box when creating or
editing a file system, or pre-configured policies can be configured to be easily reused.

©2023 Pure Storage Confidential - Subject to Partner NDA 16

 Access Control Styles
Summary of Access Control Styles

Purity//FB 3.1.1+ allows Style SafeGuard Client Behavior

control styles to govern how
Enabled Disabled NFSv3 NFSv4.1 SMB
file systems with multiple
protocols handle
permissions and access. SMB N/A Access based on translated SMB ACL. Managed by Client

NFS Mode bit Mode bit change Managed by Client. Access based on
This works alongside ACLs change is results in removing translated NFS ACL
merged the ACL
to manage file and into ACL
directories permissions at Shared Last permission modification wins. Access based on translated ACL.
lower levels.

Independent N/A NFS clients enforce NFS permissions. SMB clients enforce
Only mode bits allowed. SMB ACL

Mode Bits Last permission modification wins. Access is translated and

reduced to mode bits granularity only.

©2023 Pure Storage Confidential - Subject to Partner NDA 17

 ACLs and ACEs
● An Access Control List (ACL) is made up of 1,820 Access Control Entries
(ACEs) and three OGE (Owner, Group, Everyone) entries that define who can
access a file and the permissions allowed. The ACL is applied to a file or
directory that uses to list to determine where to grant access and allowed
permissions.

● ACEs consist of four fields separated by colons in the order of

type:flags:principal:permission - EXAMPLE: A:d:[email protected]:rxtncy

● Only NFSv4.1 supports ACLs

©2023 Pure Storage Confidential - Subject to Partner NDA 18

 ACLs and ACEs (cont.)
Ace Type signifies if defined permissions are to be allowed (A) or denied (D).
● A:d:user@domain:rxtncy -> ALLOW these permissions
● D:g:group@domain:rwx -> DENY these permissions

Ace Principal defines who the permissions apply to.

● A named user - EXAMPLE: A::[email protected]:rwx

● A named group - EXAMPLE: A:g:[email protected]:rwx
● Special OGE principals - EXAMPLE: A::OWNER@:rwx

○ OWNER@ - the owner

○ GROUP@ - the owning group
○ EVERYONE@ - everyone else

©2023 Pure Storage Confidential - Subject to Partner NDA 19

 ACLs and ACEs (cont.)
ACE Flags define both inheritance (whether or not child objects inherit this ACE) and whether the
ACE is defining permissions for a group.

Flag Name Function

d directory-inherit New subdirectories will have the same ACE.

f file-inherit New files will have the same ACE minus the inheritance flags.

n No-propagate New subdirectories will inherit the ACE minus the inheritance flags.
inherit

i inherit-only New files and subdirectories will have this ACE but the ACE for the
directory with the flag is null.

g group Signifies that this ACE defines permissions for the members of a group.

©2023 Pure Storage Confidential - Subject to Partner NDA 20

 ACLs and ACEs (cont.)
Ace Permissions define what permissions the specified principal will be allowed/denied.

Permission Function Permission Function

r Read-data (files) / list-directory (directories) T Write the attributes of the file/directory.

w Write-data (files) / create-file (directories) n Read the named attributes of the file/directory.

a Append-data (files) / create-subdirectory (directories) N Write the named attributes of the file/directory.

x Execute (files) / change-directory (directories) c Read the file/directory ACL.

d Delete the file/directory. C Write the file/directory ACL.

D Delete-child - remove a file/subdirectory from a directory. o Change ownership of the file/directory.

t Read the attributes of the file/directory. y Synchronize - allow clients to use synchronous I/O with the server.

©2023 Pure Storage Confidential - Subject to Partner NDA 21

 ACLs and ACEs (cont.)
Installing nfs4_*acl tools:
● RPM: sudo yum -y install nfs4-acl-tools
● DEBIAN: sudo apt install nfs4-acl-tools

Listing NFS ACLs

Changing NFS ACLs

©2023 Pure Storage Confidential - Subject to Partner NDA 22

 Locking
NFSv3
NFSv3 is a stateless protocol and does not support native file locking. It utilizes the
external protocol Network Lock Manager (NLM)

• The NLM protocol works with the NFSv3 protocol to ensure file locks are visible
across all NFS clients and to help coordinate client access to files.

• NLM locks are advisory locks. Advisory means that NFS client applications must
check for the existence of a lock to coordinate access.

• The NLM service is enabled on FlashBlade by default and cannot be disabled.

©2023 Pure Storage Confidential - Subject to Partner NDA 23

 Locking
NFSv4.1
NFSv4.1 is a stateful protocol with file locking natively supported.

• It uses a lease-based model to provide file lock guarantees and manage their
resources.

• A client must establish a client ID and at least one session ids before it is allowed
to perform any operations that open a file or acquire a byte-range locks.

• Byte-range locking is used to serialize activity to a range of bytes within a file.

©2023 Pure Storage Confidential - Subject to Partner NDA 24

 Troubleshooting
Connectivity
Ping and Traceroute discussed in the previous module are good indicators that a client can reach
the FlashBlade but its possible a firewall or some other networking could be getting the way of port
connectivity. We can check that using telnet.
FlashBlade to host. Run from a blade datavip:
telnet -b <dataVIP> <client> 2049

Client to FlashBlade dataVIP - most clients:

telnet <client> 2049

©2023 Pure Storage Confidential - Subject to Partner NDA 25

 Troubleshooting
Mounts
There are common errors we see on FlashBlade with either NFS not mounting, or receiving
errors once a file system has mounted.

● No such host - The IP or hostname is incorrect or DNS cannot resolve the

hostname.
● NFS server is not responding - NFS is restarting on the FlashBlade. This
will happen during non-disruptive events. The NFS server will continue
retrying. For an NDU event this is expected to take less than 60 seconds at
most.
● Stale file handle - The file or directory being accessed no longer exists.
● No such file or directory - File system has not been specified correctly, or
permissions are incorrect.
● Permission denied - Commonly caused by permission problems due to
no_root_squash/no_all_squash and users accessing the share.
©2023 Pure Storage Confidential - Subject to Partner NDA 26
Knowledge Check:
Question 1
What is a primary difference between NFSv3 and NFSv4.1?

NFSv3 is not supported on newer operating systems.

NFSv4.1 utilizes NLM.
NFSv3 only supports 32-bit inodes.

NFSv4.1 supports ACLs.

©2023 Pure Storage Confidential - Subject to Partner NDA 27

Knowledge Check:
Question 1
What is a primary difference between NFSv3 and NFSv4.1?

NFSv3 is not supported on newer operating systems.

NFSv4.1 utilizes NLM.
NFSv3 only supports 32-bit inodes.

NFSv4.1 supports ACLs.

©2023 Pure Storage Confidential - Subject to Partner NDA 28

Server Message Block
(SMB)

© 2022 Pure
©2023 Pure Storage
Storage Confidential
Confidential -- Subject
Subject to
to partner
Partner NDA
NDA
Uncomplicate Data Storage, Forever 29
 Following completion of this training you
should be able to:

1
○ Troubleshoot access problems
based on mount options,
permissions, export policies, and
Learning SMB version differences.
Objectives 2
○ Troubleshoot access problems
on SMB client.
3
○ Configure user permissions in
Active Directory.
©2023 Pure
©2023 Pure Storage
Storage Confidential
Confidential -- Subject
Subject to
to partner
partner NDA
NDA 30
 SMB Modes
RFC-2307:
Active Directory for multi-protocol (SMB and NFS on one share) support for. The uidNumber and guiNumber attributes
are required to be set to access SMB shares.
AD-AUTO:
Recommended for SMB-only customers. The FlashBlade handles UID and GID mapping so it does not need to be set
on the AD side. This doesn’t allow SMB and NFS interoperability.
Native SMB:
This simplifies the configuration -
• If RFC2307 is configured in Active Directory, Native SMB uses the UID/GID attributes in Active Directory to get
the UID/GID mapping to Windows SIDs.
• If RFC2307 is not configured in Active Directory, Native SMB creates a synthesized UID/GID from the Windows
SID.

RFC-2307 and AD-AUTO are being deprecated. Native SMB is the default mode for any new installations in 4.1.x+.
These modes do not exist in 4.3.0+ and the FlashBlade is required to convert to Native SMB mode before upgrading to
any versions beyond that.

©2023 Pure Storage Confidential - Subject to Partner NDA 31

 DACLs, SACLs, and ACEs
The following three ACE types supported by all securable objects.

• Access-denied ACE: Used in a discretionary access control list (DACL) to deny

access rights to a user or group.
• Access-allowed ACE: Used in a DACL to allow access rights to a trustee.
• System-audit ACE: Used in a system access control list (SACL) to generate an
audit record when the trustee attempts to exercise the specified access rights.

Windows allows full access to everyone unless a discretionary access control list (DACL).
A DACL rejects all permissions to all users and groups aside from those permissions
specifically set in it.

A SACL defines which access-granted or access-denied events are to be recorded for

auditing.
©2023 Pure Storage Confidential - Subject to Partner NDA 32
 Policies
• The default SMB share policy is _smb_share_allow_everyone.
• The rules in a policy are based on principal names of users or groups and the
active directories directory service is required for lookup and validation of the
SMB user and group names.
• A policy can be applied to multiple shares, but a share can only have one
policy.
• If a policy has no rules or is disabled, everyone is denied access.
• Share policies are least privilege based. The “deny” rules will always be
respected over an overlapping allow rule.

©2023 Pure Storage Confidential - Subject to Partner NDA 33

 Permissions
4.1.0 and above
In Purity//FB 4.1.0+ permissions are based on SMB Share Policies on the FlashBlade. These allow read-write and
read-only permissions based on Client IP, CIDR, FQDN, Hostname or *.

©2023 Pure Storage Confidential - Subject to Partner NDA 34

 Permissions
3.3.x and lower
On Purity//FB 3.3.x and lower a new file system with SMB protocol enabled has open ownership and permissions that
need to be modified to meet any security requirements.

1. With Administrator privileges from a Windows server, open File Explorer and navigate to the
SMB share folder. In the example below, the share folder is called 'test-smb' on the FlashBlade
system called ‘nas1’.
2. Right click on the test-smb share
folder and select Properties.

©2023 Pure Storage Confidential - Subject to Partner NDA 35

 Permissions
3.3.x and lower (cont.)
3. Next, select the Security tab and select the Advanced button.
4. By default, the owner of the SMB share folder is Root (Unix User). From the Windows client,
change the owner of the share folder to the appropriate user, for example Administrator.

©2023 Pure Storage Confidential - Subject to Partner NDA 36

 Permissions
3.3.x and lower (cont.)
5. By default, the Principal 'Everyone' has Full control. Change these permissions to a level
appropriate for this share folder, for example 'Read only'.
6. Add any permissions needed for other Principals.

©2023 Pure Storage Confidential - Subject to Partner NDA 37

 Accessing Shares
UNC
A share can be access by typing the Universal Naming Convention
(UNC) directly into a file explorer address using either:

\\<FQDN>\<share>
\\<server>\<share>

©2023 Pure Storage Confidential - Subject to Partner NDA 38

 Accessing Shares
Add a network location
Adding a network location is essentially bookmarking a UNC location.
1. Under “This PC” in windows explorer choose the Add a network
location option.
2. Type in the address \\<server>\<share> or
\\<FQDN>\<share>

©2023 Pure Storage Confidential - Subject to Partner NDA 39

 Accessing Shares
Add a network location (continued)
3. Select a custom location if preferred.
4. Verify the share shows up under network
locations.

©2023 Pure Storage Confidential - Subject to Partner NDA 40

 Accessing Shares
Mapping a network drive is similar to adding a network location but assigns a drive
letter to the share.

1. Under This PC in windows

explorer select Map
network drive…
2. Type in the address
\\<server>\<share> or
\\<FQDN>\<share>
3. Select a drive letter - by
default this is Z:
4. Optional: Enable Reconnect
at sign-in and/or Connect
using different
credentials.

©2023 Pure Storage Confidential - Subject to Partner NDA 41

 Accessing Shares
Map network drive…

5. Verify the mapped network

drive share shows up under
This PC.

©2023 Pure Storage Confidential - Subject to Partner NDA 42

 Troubleshooting
Connectivity
Like NFS, Ping and Traceroute discussed in the previous module are good indicators that a
client can reach the FlashBlade but its possible a firewall or some other networking could
be getting the way of port connectivity. We can check that using telnet.
FlashBlade blade to the client IP:
telnet -b <dataVIP> <client> 445

From the client to FlashBlade dataVIP usings Windows telnet client.

©2023 Pure Storage Confidential - Subject to Partner NDA 43

Knowledge Check:
Question 2
What is the recommended (soon required) SMB mode?

AD-AUTO.
Independent.
RFC-2307.

Native.

©2023 Pure Storage Confidential - Subject to Partner NDA 44

Knowledge Check:
Question 2
What is the recommended (soon required) SMB mode?

AD-AUTO.
Independent.
RFC-2307.

Native.

©2023 Pure Storage Confidential - Subject to Partner NDA 45

S3: Simple Storage
Service

© 2022 Pure
©2023 Pure Storage
Storage Confidential
Confidential -- Subject
Subject to
to partner
Partner NDA
NDA
Uncomplicate Data Storage, Forever 46
 Following completion of this training you
should be able to:

1
○ Configure accounts, users,
access keys, and buckets.
2
○ Configure versioning.
Learning 3
○ Configure replication.
Objectives

©2023 Pure
©2023 Pure Storage
Storage Confidential
Confidential -- Subject
Subject to
to partner
partner NDA
NDA 47
 Identity and Access Management
(IAM)
• FlashBlade does not support external authentication providers, but does have
native Identity and Access Management (IAM) capabilities.

• Access Key and Secret Key features provide user authentication capabilities.
Policies and Rules provide authorization capabilities. Together these two
provide a robust, native, IAM capability.

©2023 Pure Storage Confidential - Subject to Partner NDA 48

 Policies
Best Practices
• Avoid predefined policies and create custom policies for better permission management.
• Don’t assign a user with full access (S3/*) unless absolutely necessary.
• If versioning is enabled, assign users the Object Version Delete policy to allow deleting
older versions.
• Break out operations into multiple rules based on the target, and to populate the target
resource field when adding the rule.

©2023 Pure Storage Confidential - Subject to Partner NDA 49

 Policies
Security
When a user is only going to be managing objects it is recommended to only
give them the following permissions:

• purepolicy/bucket-list
• purepolicy/object-lock
• purepolicy/object-read
• purepolicy/object-write
• purepolicy/version-delete

©2023 Pure Storage Confidential - Subject to Partner NDA 50

 Accessing Buckets CLI/Clients
s3cmd
Run s3cmd --configure and fill
out the information. The Access
key, Secret Key, and Endpoint
are the only required fields. The
endpoint is one of the dataVIPs
on the FlashBlade.

Once the configuration is

complete the user the access
and secret key belong to will be
able to run commands based on
their access.

©2023 Pure Storage Confidential - Subject to Partner NDA 51

 Accessing Buckets CLI/Clients
S3 Browser

1. Fill in a Display name. This field is required, but is cosmetic.

2. Change the account type to S3 Compatible Storage.
3. Enter the REST Endpoint. This is one of the FlashBlade dataVIPs
4. Enter the Access Key ID, and Secret Access Key.
5. Optional: Enable Use secure transfer if a SSL being utilized.
6. Click Add new account.

©2023 Pure Storage Confidential - Subject to Partner NDA 52

 Path-Hosted and Virtual-Hosted Style
Requests
Path-hosted:
This is the suggested way of accessing S3 objects. FlashBlade S3 can be accessed
under any configured hostnames and IP addresses where AWS has a small set of
well-defined endpoint names.

To use path-hosted style requests configure your S3 client's endpoint URL using
your FlashBlade data VIP or a domain that resolves to it.
Path-hosted example: http://FlashBlade_dataVIP

Virtual-hosted
Support for Virtual-hosted style S3 requests are limited on FlashBlade. If the
FlashBlade receives an http request to a datavip with the host name
BUCKETNAME.s3.amazonaws.com it treats this as a virtual-hosted request and uses
BUCKETNAME as the bucket name.

Virtual-hosted example: http://BUCKETNAME.s3.amazonaws.com

©2023 Pure Storage Confidential - Subject to Partner NDA 53
 Versioning and Lifecycle
Versioning allows for multiple variants of an object in the same bucket. Lifecycle would be used to control
versioned copies of objects space usage.

With versioning enabled any object that is modified moves the unmodified object to a separate non-current
version. Versioning can be suspended but it can not be disable on a bucket once enabled.

• Versioning can be enabled from Storage > Object Storage. Click on the options button at the end of
the buckets row and click “Enable Versioning…”, then click enable

©2023 Pure Storage Confidential - Subject to Partner NDA 54

Knowledge Check:
Question 3
How is an S3 virtual-hosted path style utilized?

Utilizes s3.amazonaws.com requests.

Utilizes built in virtual machines for requests.
Utilizes the FlashBlade data virtual IP for requests.

Utilizes trusted domains for requests.

©2023 Pure Storage Confidential - Subject to Partner NDA 55

Knowledge Check:
Question 3
How is an S3 virtual-hosted path style utilized?

Utilizes s3.amazonaws.com requests.

Utilizes built in virtual machines for requests.
Utilizes the FlashBlade data virtual IP for requests.

Utilizes trusted domains for requests.

©2023 Pure Storage Confidential - Subject to Partner NDA 56

Conclusion

© 2022 Pure
©2023 Pure Storage
Storage Confidential
Confidential -- Subject
Subject to
to partner
Partner NDA
NDA
Uncomplicate Data Storage, Forever 57
Recap

One Two Three

NFS SMB S3
• Troubleshoot access problems • Troubleshoot access problems • Configure accounts, users,
based on mount options, based on mount options, access keys, and buckets
permission, export rules and permissions, export policies, • Configure versioning
policies, and NFS version and SMB version differences • Configure replication
differences • Troubleshoot access problems
• Troubleshoot access problems on SMB client
on NFS client • Configure user permissions in
Active Directory

©2023 Pure Storage Confidential - Subject to partner NDA Uncomplicate

Uncomplicate Data
Data Storage,
Storage, Forever
Forever 2358
Questions?

© 2022 Pure
©2023 Pure Storage
Storage Confidential
Confidential -- Subject
Subject to
to partner
Partner NDA
NDA
Uncomplicate Data Storage, Forever 59
© 2023 Pure Storage, Inc. All rights reserved. Pure Storage, the Pure P Logo, and the marks on the Pure
Trademark List at https://www.purestorage.com/legal/productenduserinfo.html are trademarks of Pure Storage,
Inc. Other names are trademarks of their respective owners.

The Pure Storage products and programs described in this documentation are distributed under a license
agreement restricting the use, copying, distribution, and decompilation/reverse engineering of the products. No
part of this documentation may be reproduced in any form by any means without prior written authorization from
Pure Storage, Inc. and its licensors, if any. Pure Storage may make improvements and/or changes in the Pure
Storage products and/or the programs described in this documentation at any time without notice.

THIS DOCUMENTATION IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS
AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FINESS FOR A PARTICULAR
PURPOSE, OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE
HELD TO BE LEGALLY INVALID. PURE STORAGE SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL
DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE OR USE OF THIS DOCUMENTATION. THE
INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.