Home > Storage > PowerScale (Isilon) > Product Documentation > Protocols > PowerScale OneFS NFS Design Considerations and Best Practices > NFSv4.x pseudo-file system
The OneFS cluster supports the NFSv4.x pseudo-file system in compliance with the RFC3530 standard. NFSv4.x servers present all the exported file systems within a single hierarchy. When the server exports a portion of its namespace, the server creates a pseudo-file system which is a structure containing only directories. It has a unique file system id (fsid) that allows a client to browse the hierarchy of an exported file system. An NFSv4.x client can use LOOKUP and READDIR operations to browse seamlessly from one export to another. The clients’ view of a pseudo-file system will be limited to paths to which the clients has permission to access.
To have a better understanding about pseudo-file system, assume an OneFS cluster has the following directory structure, shown as Figure 10.
Consider a scenario where an application on a server need to access portions of the directories (assuming /ifs/home/user01, /ifs/home/user02, and /ifs/data/marketing) but require mounting these directories using a single mount point to access the files. To satisfy the requirement of the application, we will export these directories separately. Meanwhile, there is an export for /ifs/data/engineer, and this export is not accessible by the application.
In NFSv4.x, the export list and the server hierarchy are disjointed, as illustrated in Figure 11. When the cluster exports the portions of directories, the server creates a pseudo-file system to allow the client to access the authorized exported paths from a single common root. The client only needs to mount the appropriate path of the pseudo-file system, for example, mount the /ifs to the client directly, and the client can access any one of the export paths that are required by the application.
If NFSv3 is used in this scenario, the client must export the entire /ifs namespace to allow the application access data in the disjoint directories with a single mount point. This will result in a huge security problem as the whole OneFS cluster namespace is exposed to the client and the client can even access the data that is not used for the application.
The pseudo-file system is a considerable advantage for its access security and flexibility of limiting only part of the namespace that the client can see and access. Use NFSv4.x pseudo-file system instead of NFSv3 in a similar scenario above to provide a more secure access control.
Note: In NFSv3, a client browsing the server exports is provided through the MOUNT protocol, every export has its own root file handle. When the client running the command showmount –e server_address to obtain the exports list on the server, the MOUNT protocol will enumerate the server’s exports list and return to the client. In NFSv4.x, a client browses the server exports which uses the same root handle through the pseudo-file system, so in an NFSv4.x environment, showmount command is not supported to get an exports list on server.