• Multiprotocol file sharing

    PDF

    Multiprotocol file sharing

    About multiprotocol file sharing in Unity

    To access data files shared by a NAS server over a network, host clients mainly use two file protocols: SMB and NFS. The SMB protocol is used mainly by Windows clients, and the NFS protocol is used mainly by UNIX clients. The NFS and SMB protocols have many differences, including those described in the following table:

    NFS
    SMB
    Lock policy
    Uses a User Identifier (UID) and Group Identifier (GID).

    NFSv3 range locks are advisory and NFSv4 range locks are advisory or mandatory (default).

    Uses a security Identifier (SID).

    SMB range locks are mandatory.

    User authentication
    Handled by one of the following:
    • A previous local login to another Unix system
    • A UNIX Directory Service (NIS or LDAP), which looks up a user's UID/GID
    • Local password and group files, which look up a user's UID/GID
    Handled by Active Directory, which looks up a user's SID. This requires NTP and DNS.
    Security rules
    Uses the UNIX credential associated with the authenticated user to check mode bits (NFSv3) or to check access rights in the NFSv4 ACL.
    Uses the Windows credential associated with the authenticated user to check the SMB Access ACL.
    Rename policy
    Allows renaming a component of an open file.
    Forbids renaming a component of an open file.

    Unity supports a mixed NFS and SMB environment by providing simultaneous access to the same data for both NFS (v3 and v4) and SMB. You configure multiprotocol functionality by creating a NAS server that is enabled for multiprotocol, and then creating a multiprotocol file system off of this NAS server. Once you create the file system, you can create both NFS and SMB shares on that file system.

    Note the following about multiprotocol functionality in Unity:

    • A multiprotocol NAS server supports multiprotocol file systems only. You cannot create an SMB-only or NFS-only file system on a multiprotocol NAS server.
    • A file system can support multiprotocol, SMB-only, or NFS-only access. Multiprotocol file systems enable access from SMB and NFS to a single file system simultaneously.

    To configure multiprotocol functionality, you must join the NAS server to a Windows Active Directory domain and configure a UNIX Directory Service (LDAP or NIS) or local password and group files for the NAS server, or both. To use LDAP it must adhere to the IDMU, RFC2307, or RFC2307bis schemas. Some examples include AD LDAP with IDMU, iPlanet, OpenLDAP. Also, the LDAP server must be configured properly to provide UIDs for each user. For example, on IDMU, the administrator must go in to the properties of each user and add a UID to the UNIX Attributes tab.

    The user names in an NFS environment and those in an SMB environment must match character for character. If there are discrepancies in the user names, you can configure a user mapping file (ntxmap) to map each NFS name to the corresponding SMB name, and each SMB name to the the corresponding NFS name. You can also configure default UNIX and Windows account names. The system uses the default Windows account name when it cannot find a match for an SMB name on NFS, and the default UNIX account name when it cannot find a match for an NFS name on SMB.

    When you configure a file system that supports multiprotocol access, you must also select an access policy to manage user access control for the file system. For detailed information about how security and file access works in a multiprotocol environment, see Chapter 2, "Deep dive: File system security and access in a multiprotocol environment."

    Figure 1 shows the high-level steps required for configuring multiprotocol file sharing.

    Figure 1. High-level steps for configuring multiprotocol file sharing
    Steps for configuring multiprotocol file share

    Steps for configuring multiprotocol file sharing (continued)
    Once you configure a multiprotocol NAS server, you cannot reconfigure the NAS server to support NFS-only or SMB-only file sharing.
    Additional documents

    If you still have questions about multiprotocol after reading this document, see the following documents on the support site:

    • Configuring Hosts to Access SMB File Systems: Provides instructions for setting up Windows hosts with clients that need to access SMB file system storage on a system with a Unity Operating Environment.
    • Configuring Hosts to Access NFS File Systems: Instructions for setting up the Citrix XenServer hosts, Linux hosts, or Solaris hosts with clients that need to access NFS file system storage on a system with a Unity Operating Environment.
    • Unisphere CLI User Guide: Describes commands to use in scripts for automating routine tasks.
    • Service Commands Technical Notes: Describes commands to use for servicing the storage system.