NetApp is storage systems that give excellently reliable file services to Microsoft Windows clients by making use Common Internet File System protocol of CFIS. NetApp is powered by NetApp Data ONTAP software. The optimization of file service by ONTAP data is carried out by combining Write Anywhere File Layout file system (WAFL) and microkernel design designed to network data access.
NetApp Storage systems are created to work compatibility with Microsoft Windows environments. It works either as Network-Attached Storage (NAS) or Storage Area Network (SAN). In certain scenario, these functions work simultaneously. You can monitor and administer the storage system through native Windows management components since NetApp look and act like Microsoft Windows member servers.
For the most part, NetApp is able to operate in Windows workgroup mode or Windows domain mode. In workgroup authentication, local Windows client can access and it doesn’t depend on a domain controller, whereas in domain authentication, the client does negotiate the highest possible security level as the connection to the storage system is established.
Within the authenticating stage, there are two options of principal levels of security; Basic security and Extended security. Basic security works based on Windows NT LAN Manager or NTLMv2, while Extended security makes use Windows 2000 Kerberos employment. Computers that run on Windows operating system will negotiate which authentication method will be supported when the session-setup sequence is on the fly.
What about the authentication in Microsoft Windows NT LAN? NetApp Storage system will make connection with domain controller of Windows NT 4.0, Windows 2000, Windows 2003, Windows 2008, or Windows8R2 using NTLM to make further verification the user’s supplied authorizations. The verification includes the user name, a challenge sent to the client, and a response received from the client.
Afterward, user’s password will be retrieved by domain controller from the Security Account Manager database and the password is used to encrypt the challenge. The encrypted challenge is then compared with the response computed by the client by domain controller. The successful NTLM authentication is signaled when the comparisons are identical.
Domain controller will still need to send the response back to the storage system for successful authentication. This way, the storage system can give permission to user to access the file system based on particular access permissions.
Additionally, NetApp als allows you to use file screening capability that you can create file screening policies to manage the type of data you can store on the system based on file type. Two major methods to enable file screening in Data ONTAP are native file blocking and third-party file screening software.