Scanning file shares

Contributors netapp-tonacki Download PDF of this page

Complete a few steps to start scanning non-NetApp NFS or CIFS file shares directly with Cloud Compliance. These file shares can reside on-premises or in the cloud.

Quick start

Get started quickly by following these steps, or scroll down to the remaining sections for full details.

Number 1 Review file share prerequisites

For CIFS (SMB) shares, ensure that you have credentials to access the shares.

Number 2 Deploy the Cloud Compliance instance

Deploy Cloud Compliance if there isn’t already an instance deployed.

Number 3 Create a group to hold the file shares

The group is a container for the file shares that you want to scan, and it is used as the working environment name for those file shares.

Number 4 Add the file shares

Add the list of file shares that you want to scan. You can add up to 100 file shares at a time.

Reviewing file share requirements

Review the following prerequisites to make sure that you have a supported configuration before you enable Cloud Compliance.

  • The shares can be hosted anywhere, including in the cloud or on-premises. These are file shares that reside on non-NetApp storage systems.

  • There needs to be network connectivity between the Cloud Compliance instance and the shares.

  • Make sure these ports are open to the Cloud Compliance instance:

    • For NFS – ports 111 and 2049.

    • For CIFS – ports 139 and 445.

  • You will need the list of shares you want to add in the format <host_name>:/<share_path>. You can enter the shares individually, or you can supply a line-separated list of the file shares you want to scan.

  • For CIFS (SMB) shares, ensure that you have Active Directory credentials that provide read access to the shares. Admin credentials are preferred in case Cloud Compliance needs to scan any data that requires elevated permissions.

Creating the group for the file shares

You must add a files shares "group" before you can add your file shares. The group is a container for the file shares that you want to scan, and the group name is used as the working environment name for those file shares.

You can mix NFS and CIFS shares in the same group, however, all CIFS file shares in a group need to be using the same Active Directory credentials. If you plan to add CIFS shares that use different credentials, you must make a separate group for each unique set of credentials.

Steps
  1. From the Working Environments Configuration page, click Add Data Source > Add File Shares Group.

    A screenshot of the Scan Configuration page where you can click the Add File Shares Group button.

  2. In the Add Files Shares Group dialog, enter the name for the group of shares and click Continue.

The new File Shares Group is added to the list of working environments.

Adding file shares to a group

You add file shares to the File Shares Group so that the files in those shares will be scanned by Cloud Compliance. You add the shares in the format <host_name>:/<share_path>.

You can add individual file shares, or you can supply a line-separated list of the file shares you want to scan. You can add up to 100 shares at a time.

When adding both NFS and CIFS shares in a single group, you’ll need to run through the process twice - once adding NFS shares, and then again adding the CIFS shares.

Steps
  1. From the Working Environments page, click the Configuration button for the File Shares Group.

    A screenshot of the Scan Configuration page where you can select the Configuration button.

  2. If this is the first time adding file shares for this File Shares Group, click Add your first Shares.

    A screenshot showing the Add your first Shares button to add initial shares to the group.

    If you are adding file shares to an existing group, click Add Shares.

    A screenshot showing the Add Shares button to add more shares to the group.

  3. Select the protocol for the file shares you are adding, add the file shares that you want to scan - one file share per line - and click Continue.

    When adding CIFS (SMB) shares, you need to enter the Active Directory credentials that provide read access to the shares. Admin credentials are preferred.

    A screenshot of the Add File Shares page where you can add the shares to be scanned.

    A confirmation dialog displays the number of shares that were added.

    If the dialog lists any shares that could not be added, capture this information so that you can resolve the issue. In some cases you can re-add the share with a corrected host name or share name.

Result

Cloud Compliance starts scanning the files in the file shares you added, and the results are displayed in the Dashboard and in other locations.

Removing a file share from Compliance scans

If you no longer need to scan certain file shares, you can remove individual file shares from having their files scanned at any time. Just click Remove Share from the Configuration page.

A screenshot showing how to remove a single file share from having its files scanned.