SLAG! 🛡️ an invisble layer of protection 🔒 - Part 2

Part 1 SLAG! 🛡️ an invisble layer of protection 🔒 Varun S ・ Mar 5 #aws #cloudstorage #fsx #security Use Cases for SLAG: Intellectual property protection by auditing and controlling all users' access at the storage level Storage for financial services companies, including banking and trading groups Government services with separate file storage for individual departments Universities protecting all student files Configuring SLAG in Amazon FSx for NetApp ONTAP This guide assumes you already have a Storage Virtual Machine (SVM) joined to the Active Directory "fsxnad" and SMB share exists. For the purpose of the guide - the SVM is "fsx" and volume/share is "vol2_clone". Get the File System Management Endpoint SSH with fsxadmin Create Security Descriptor vserver security file-directory ntfs create -vserver fsx -ntfs-sd sd_slag_demo Optimize DACL (remove defaults and add as needed) When a new security descriptor is added there are default DACL's included (shown below). Add or Remove DACLs as