Create an NFS volume for Azure NetApp Files

Azure NetApp Files supports creating volumes using NFS (NFSv3 or NFSv4.1), SMB3, or dual protocol (NFSv3 and SMB, or NFSv4.1 and SMB). A volume's capacity consumption counts against its pool's provisioned capacity.

This article shows you how to create an NFS volume. For SMB volumes, see Create an SMB volume. For dual-protocol volumes, see Create a dual-protocol volume.

Before you begin

Important

If you're using a custom RBAC/IAM role, you must have the Microsoft.Network/virtualNetworks/subnets/read permission configured to create or update a volume.

For more information about permissions and to confirm permissions configuration, see Create or update Azure custom roles using the Azure portal.

  • You must have already set up a capacity pool.
    See Create a capacity pool.

  • A subnet must be delegated to Azure NetApp Files.
    See Delegate a subnet to Azure NetApp Files.

  • The ability to set a volume quota between 50 and 100 GiB is currently in preview. You must register for the feature before you can create a 50 GiB volume.

    1. Register the feature:

      Register-AzProviderFeature -ProviderNamespace Microsoft.NetApp -FeatureName ANF50GiBVolumeSize
      
    2. Check the status of the feature registration:

      Note

      The RegistrationState may be in the Registering state for up to 60 minutes before changing to Registered. Wait until the status is Registered before continuing.

      Get-AzProviderFeature -ProviderNamespace Microsoft.NetApp -FeatureName ANF50GiBVolumeSize
      

      You can also use Azure CLI commands az feature register and az feature show to register the feature and display the registration status.

Considerations

  • Deciding which NFS version to use
    NFSv3 can handle a wide variety of use cases and is commonly deployed in most enterprise applications. You should validate what version (NFSv3 or NFSv4.1) your application requires and create your volume using the appropriate version. For example, if you use Apache ActiveMQ, file locking with NFSv4.1 is recommended over NFSv3.

  • Security
    Support for UNIX mode bits (read, write, and execute) is available for NFSv3 and NFSv4.1. Root-level access is required on the NFS client to mount NFS volumes.

  • User ID mapping in NFSv4.1 for LDAP-enabled and non-LDAP volumes
    To avoid permission issues, including access for a root user, when using NFSv4.1, the ID domain configuration on the NFS client and Azure NetApp Files must match. User ID mapping can use centralized user management with LDAP or use local users for non-LDAP volumes. To configure the ID Domain in Azure NetApp Files for non-LDAP volumes, see Configure NFSv4.1 ID domain for Azure NetApp Files.

Best practice

  • Ensure that you’re using the proper mount instructions for the volume. See Mount a volume for Windows or Linux VMs.

  • The NFS client should be in the same virtual network or peered virtual network as the Azure NetApp Files volume. Connecting from outside the virtual network is supported; however, it will introduce additional latency and decrease overall performance.

  • Ensure that the NFS client is up to date and running the latest updates for the operating system.

Create an NFS volume

  1. Select the Volumes blade from the Capacity Pools blade. Select + Add volume to create a volume.

    Navigate to Volumes

  2. In the Create a Volume window, select Create, and provide information for the following fields under the Basics tab:

    • Volume name
      Specify the name for the volume that you are creating.

      Refer to Naming rules and restrictions for Azure resources for naming conventions on volumes. Additionally, you cannot use default or bin as the volume name.

    • Capacity pool
      Specify the capacity pool where you want the volume to be created.

    • Quota
      Specify the amount of logical storage that is allocated to the volume.

      The Available quota field shows the amount of unused space in the chosen capacity pool that you can use towards creating a new volume. The size of the new volume must not exceed the available quota.

    • Large Volume

      Regular volumes quotas are between 50 GiB and 100 TiB. Large volume quotas range from 50 TiB to 1 PiB in size. If you intend for the volume quota to fall in the large volume range, select Yes. Volume quotas are entered in GiB.

      Important

      If this is your first time using large volumes, you must first register the feature and request an increase in regional capacity quota.

      Regular volumes cannot be converted to large volumes. Large volumes can't be resized to less than 50 TiB. To understand the requirements and considerations of large volumes, see Requirements and considerations for large volumes. For other limits, see Resource limits.

    • Throughput (MiB/S)
      If the volume is created in a manual QoS capacity pool, specify the throughput you want for the volume.

      If the volume is created in an auto QoS capacity pool, the value displayed in this field is (quota x service level throughput).

    • Enable Cool Access, Coolness Period, and Cool Access Retrieval Policy
      These fields configure Azure NetApp Files storage with cool access. For descriptions, see Manage Azure NetApp Files storage with cool access.

    • Virtual network
      Specify the Microsoft Azure Virtual Network from which you want to access the volume.

      The Virtual Network you specify must have a subnet delegated to Azure NetApp Files. The Azure NetApp Files service can be accessed only from the same Virtual Network or from a virtual network that's in the same region as the volume through virtual network peering. You can also access the volume from your on-premises network through Express Route.

    • Subnet
      Specify the subnet that you want to use for the volume.
      The subnet you specify must be delegated to Azure NetApp Files.

      If you have not delegated a subnet, you can select Create new on the Create a Volume page. Then in the Create Subnet page, specify the subnet information, and select Microsoft.NetApp/volumes to delegate the subnet for Azure NetApp Files. In each Virtual Network, only one subnet can be delegated to Azure NetApp Files.

      Create subnet

    • Network features
      In supported regions, you can specify whether you want to use Basic or Standard network features for the volume. See Configure network features for a volume and Guidelines for Azure NetApp Files network planning for details.

    • Encryption key source You can select Microsoft Managed Key or Customer Managed Key. See Configure customer-managed keys for Azure NetApp Files volume encryption and Azure NetApp Files double encryption at rest about using this field.

    • Availability zone
      This option lets you deploy the new volume in the logical availability zone that you specify. Select an availability zone where Azure NetApp Files resources are present. For details, see Manage availability zone volume placement.

    • If you want to apply an existing snapshot policy to the volume, select Show advanced section to expand it, specify whether you want to hide the snapshot path, and select a snapshot policy in the pull-down menu.

      For information about creating a snapshot policy, see Manage snapshot policies.

      Show advanced selection

      Note

      By default, the .snapshot directory path is hidden from NFSv4.1 clients. Enabling the Hide snapshot path option will hide the .snapshot directory from NFSv3 clients; the directory will still be accessible.

  3. Select Protocol then complete the following actions:

    • Select NFS as the protocol type for the volume.

    • Specify a unique file path for the volume. This path is used when you create mount targets. The requirements for the path are as follows:

      • For volumes not in an availability zone or volumes in the same availability zone, it must be unique within each subnet in the region.
      • For volumes in availability zones, it must be unique within each availability zone. This feature is currently in preview and requires you to register the feature. For more information, see Manage availability zone volume placement.
      • It must start with an alphabetical character.
      • It can contain only letters, numbers, or dashes (-).
      • The length must not exceed 80 characters.
    • Select the Version (NFSv3 or NFSv4.1) for the volume.

    • If you are using NFSv4.1, indicate whether you want to enable Kerberos encryption for the volume.

      Additional configurations are required if you use Kerberos with NFSv4.1. Follow the instructions in Configure NFSv4.1 Kerberos encryption.

    • If you want to enable Active Directory LDAP users and extended groups (up to 1024 groups) to access the volume, select the LDAP option. Follow instructions in Configure AD DS LDAP with extended groups for NFS volume access to complete the required configurations.

    • Customize Unix Permissions as needed to specify change permissions for the mount path. The setting does not apply to the files under the mount path. The default setting is 0770. This default setting grants read, write, and execute permissions to the owner and the group, but no permissions are granted to other users.
      Registration requirement and considerations apply for setting Unix Permissions. Follow instructions in Configure Unix permissions and change ownership mode.

    • Optionally, configure export policy for the NFS volume.

    Specify NFS protocol

  4. Select Review + Create to review the volume details. Select Create to create the volume.

    The volume you created appears in the Volumes page.

    A volume inherits subscription, resource group, location attributes from its capacity pool. To monitor the volume deployment status, you can use the Notifications tab.

Next steps