Fileset considerations for creating protocol data exports

You can create exports on the entire file system, on sub-directories of a file system, or on filesets.

A fileset is a file system object that enables you to manage data at a finer granularity than the file system. You can perform administrative operations such as defining quotas, creating snapshots, and defining file placement policies and rules, and specifying inode space values at the fileset level, especially when the fileset is independent.

In IBM Storage Scale, you can create exports even without filesets. Depending on your data management strategy, choose either of the following ways to create exports:

Create exports on the entire file system or on sub-directories of the file system

In this option, the export represents a large space. You can create independent filesets over the directories in this space and have finer control over the export directory paths. Universities and organizations that require a departmental multi-tenancy solution can choose this option.

Review the following example to better understand this option.

As a storage administrator of an organization, you want to create separate storage space for every department and user of the organization:

Export the root directory of the file system.
```
mmnfs export add /gpfs/fs0
```
Note: You can create a sub-directory in the root directory and export it. For example: mmnfs export add /gpfs/fs0/home

For more information, see mmnfs command.
Create independent filesets in the root directory, linked to the subdirectory /gpfs/fs0/home.
In the following example, it is assumed that there is a user user1 that is a part of the group group/HR.
```
mmcrfileset fs0 hr_fileset --inode-space=new
mmlinkfileset fs0 hr_fileset -J /gpfs/fs0/home/hr
mmcrfileset fs0 user1_fileset --inode-space=new
mmlinkfileset fs0 user1_fileset -J /gpfs/fs0/home/user1
```
For more information, see the following commands.
- mmcrfileset command
- mmlinkfileset command
Similarly, create independent filesets for other departments and users.
You can assign quota to each user and department via the independent filesets.

The NFS and SMB clients can now mount the export and access their directories.

Access to the data in the export directories is controlled via the group and user ACLs. In this case, only the users who are in group HR, which has group ACLs to read/write into the hr directory, can access the directory. The user user1 who is in the group group/HR can perform read/write to the user1 directory and the hr directory.

Create exports on the entire file system

Create exports on independent filesets

In this option, the independent filesets represent discrete projects. One or more exports can be created on each fileset. You can apply the Information Lifecycle Management (ILM) policies over the filesets to automate the placement and management of file data. You can protect the export data by granting access permissions to specific workstations or IP addresses. Also, data in the exports can be preserved by the independent fileset's snapshot policy.

Review the following example to better understand this option.

You are a storage administrator of a private cloud hosting storage system that stores webcam data. You want to ensure that a webcam has access only to its storage directory. Also, you want the data analyzers to access all data so that they can look for activity and generate analytical reports.

Create an independent fileset web_cam_data.

mmcrfileset fs0 web_cam_data --inode-space=new
mmlinkfileset fs0 web_cam_data -J /gpfs/fs0/web_cam_data

Data from all webcams is stored in /gpfs/fs0/web_cam_data.

Create exports for both webcams.

mkdir /gpfs/fs0/web_cam_data/camera1
mkdir /gpfs/fs0/web_cam_data/camera2
mmnfs export add "/gpfs/fs0/web_cam_data/camera1“ -c "198.51.100.2(Access_Type=RW);203.0.113.2(Access_Type=RO);203.0.113.3(Access_Type=RO)" 
mmnfs export add "/gpfs/fs0/web_cam_data/camera2“ -c "198.51.100.3(Access_Type=RW);203.0.113.2(Access_Type=RO);203.0.113.3(Access_Type=RO)"

The webcam1 (IP: 198.51.100.2) mounts and records data to the camera1 export and the webcam2 (IP: 198.51.100.3) mounts and records data to the camera2 export. The data analyzers (IP: 203.0.113.2 and 203.0.113.3) are given 'Read Only' type access to both exports. Thus, the data is accessible only from the specified IP addresses.