how to backpass nfs share to esxi

[John Doe]

hi folks,

how do I share a freenas nfs mount to esxi in a safe way?
I got it running, to access the nfs share from esxi, but I assume this is a security nightmare and everyone in the network can access.
what is best practice?

EDIT:
basically I followed this
http://www.vmwareandme.com/2013/12/step-by-step-guide-how-to-configure.html

I assume, everyone in that network range can have access to the share isn´t it?

 

[rvassar]

You can open the advanced options and constrain the share to just your ESXi's IP address, not a range or subnet. That's not much, but... It's not referred to as "No File Security" for nothing!

FWIW - NFS as a datastore is kind of slow. I used it for a while, but dumped it as soon as I could get iSCSI running on a private SAN. I used 10GbE cards with a SFP+ cable loopback attached, but you can use a spare 1GbE NIC just as easily. Just give it a private address static IP, that isn't in use elsewhere. It doesn't need to route anywhere.

 

[HoneyBadger]

FWIW - NFS as a datastore is kind of slow. I used it for a while, but dumped it as soon as I could get iSCSI running on a private SAN.

https://www.ixsystems.com/community...xi-nfs-so-slow-and-why-is-iscsi-faster.12506/

 

[rvassar]

https://www.ixsystems.com/community...xi-nfs-so-slow-and-why-is-iscsi-faster.12506/

I'm ex-Sun... Not a 1st string dev engineer, but a lab sysadmin turned QA... I used to eat lunch with one of the the NFSv4 RFC authors kind of regularly. The problem with this write up is, it blames ESX. It's not ESX... O_SYNC is actually mandated in the RFC's for NFS, and ESX follows the RFC's... Other clients perhaps not so much... But... It's the reason for the original NFS accelerator product, the Sun "Prestoserve" card...