Skip to main content
BlueXP classification

Scan file shares with BlueXP classification

Contributors netapp-tonacki amgrissino netapp-ahibbard

Complete a few steps to start scanning NFS or CIFS file shares from Google Cloud NetApp Volumes and from older NetApp 7-mode systems. These file shares can reside on-premises or in the cloud.

Note Scanning data from non-NetApp file shares is not supported in the BlueXP classification core version.

Prerequisites

Review the following prerequisites to make sure that you have a supported configuration before you enable BlueXP classification.

  • The shares can be hosted anywhere, including in the cloud or on-premises. CIFS shares from older NetApp 7-Mode storage systems can be scanned as file shares.

    Note that BlueXP classification can't extract permissions or the "last access time" from 7-Mode systems. Additionally, because of a known issue between some Linux versions and CIFS shares on 7-Mode systems, you must configure the share to use only SMB v1 with NTLM authentication enabled.

  • There needs to be network connectivity between the BlueXP classification instance and the shares.

  • You can add a DFS (Distributed File System) share as a regular CIFS share. However, because BlueXP classification is not aware that the share is built upon multiple servers/volumes combined as a single CIFS share, you might receive permission or connectivity errors about the share when the message really only applies to one of the folders/shares that is located on a different server/volume.

  • For CIFS (SMB) shares, ensure that you have Active Directory credentials that provide read access to the shares. Admin credentials are preferred in case BlueXP classification needs to scan any data that requires elevated permissions.

    If you want to make sure your files "last accessed times" are unchanged by BlueXP classification scans, we recommend that the user has Write Attributes permissions in CIFS or write permissions in NFS. If possible, we recommend making the Active Directory configured user part of a parent group in the organization which has permissions to all files.

  • You will need the list of shares you want to add in the format <host_name>:/<share_path>. You can enter the shares individually, or you can supply a line-separated list of the file shares you want to scan.

Create the group for the file shares

You must add a files shares "group" before you can add your file shares. The group is a container for the file shares that you want to scan, and the group name is used as the working environment name for those file shares.

You can mix NFS and CIFS shares in the same group; however, all CIFS file shares in a group need to be using the same Active Directory credentials. If you plan to add CIFS shares that use different credentials, you must make a separate group for each unique set of credentials.

Steps
  1. From the BlueXP classification menu, select Configuration.

  2. From the Configuration page, select Add Working Environment > Add File Shares Group.

  3. In the Add Files Shares Group dialog, enter the name for the group of shares and select Continue.

Result

The new File Shares Group is added to the list of working environments.

Add file shares to a group

You add file shares to the File Shares Group so that the files in those shares will be scanned by BlueXP classification. You add the shares in the format <host_name>:/<share_path>.

You can add individual file shares, or you can supply a line-separated list of the file shares you want to scan. You can add up to 100 shares at a time.

When adding both NFS and CIFS shares in a single group, you'll need to run through the process twice - once adding NFS shares, and then again adding the CIFS shares.

Steps
  1. From the BlueXP classification menu, select Configuration.

  2. From the Working Environments tile on the Configuration page, select the Configuration button for the File Shares Group.

    A screenshot showing the Configuration button for the File Shares Group.

  3. If this is the first time adding file shares for this File Shares Group, select Add your first Shares.

    A screenshot showing the Add your first Shares button to add initial shares to the group.

    If you are adding file shares to an existing group, select the group, select Configuration and select Add Shares.

  4. Select the protocol for the file shares you are adding.

    A screenshot showing the options to add NFS or CIFS shares to the group

  5. Add the file shares that you want to scan (one file share per line).

    When adding CIFS (SMB) shares, you need to enter the Active Directory credentials that provide read access to the shares. Admin credentials are preferred.

  6. Select Continue.

    A confirmation dialog displays the number of shares that were added.

    If the dialog lists any shares that could not be added, capture this information so that you can resolve the issue. In some cases you can re-add the share with a corrected host name or share name.

  7. Do one of the following to enable or disable scans:

    • To enable mapping-only scans on file shares, select Map.

    • To enable full scans on file shares, select Map & Classify.

    • To disable scanning on file shares, select Off.

  8. If you don't care if the last access time is reset, turn the Scan when missing "write attributes" permissions switch ON and all files are scanned regardless of the permissions.

    The switch at the top of the page for Scan when missing "write attributes" permissions is disabled by default. This means that if BlueXP classification doesn't have write attributes permissions in CIFS, or write permissions in NFS, that the system won't scan the files because BlueXP classification can't revert the "last access time" to the original timestamp. Learn more.

Result

BlueXP classification starts scanning the files in the file shares you added, and the results are displayed in the Dashboard and in other locations.

Track the scanning progress

You can track the progress of the initial scan.

  1. Select Configuration menu.

  2. Select the Working Environment configuration.

    The progress of each scan is shown as a progress bar.

  3. Hover over the progress bar to see the number of files scanned relative to the total files in the volume.

Remove a file share from compliance scans

If you no longer need to scan certain file shares, you can remove individual file shares from having their files scanned at any time.

Steps
  1. From the BlueXP classification menu, select Configuration.

  2. Select the working environment.

  3. Select Configuration.

  4. From the Configuration page, select the Actions Actions icon for the file share you want to remove.

  5. From the Actions menu, select Remove Share.