Skip to main content

Enable or disable secure NFS client access with TLS

Contributors netapp-mwallis netapp-dbagwell

You can improve the security of NFS connections by configuring NFS over TLS to encrypt all data sent over the network between the NFS client and ONTAP. This increases the security of NFS connections. You can configure this on an existing storage VM enabled for NFS.

Note NFS over TLS is available in ONTAP 9.15.1 as a public preview. As a preview offering, NFS over TLS is not supported for production workloads in ONTAP 9.15.1.

Enable TLS

You can enable TLS encryption for NFS clients to increase security of data in transit.

Before you begin

Refer to the requirements for NFS over TLS.

  1. Click Storage > Storage VMs, select the storage VM, and then click Settings.

  2. In the NFS tile, click NFS over TLS settings.

  3. In the NFS over TLS settings area, select an NFS network interface for which you want to enable TLS.

  4. Click the Options icon for that interface.

  5. Click Enable.

  6. In the Network interface TLS configuration dialog, include a certificate for use with TLS by selecting one of the following options:

    • Installed certificate: Choose a previously installed certificate from the drop-down list.

    • New certificate: Choose a common name for the certificate.

    • External CA-signed certificate: Follow the instructions to paste the contents of your certificate and private key into the boxes.

  7. Click Save.

Disable TLS

You can disable TLS for NFS clients if you no longer need the enhanced security for data in transit.

Steps
  1. Click Storage > Storage VMs, select the storage VM, and then click Settings.

  2. In the NFS tile, click NFS over TLS settings.

  3. In the NFS over TLS settings area, select an NFS network interface for which you want to disable TLS.

  4. Click the Options icon for that interface.

  5. Click Disable.

  6. In the resulting confirmation dialog, select Disable.