configuring cifs
DESCRIPTION
Configuring CIFS. Upon completion of this module, you should be able to: Configure the Data Mover for a Windows environment Create and Join a CIFS Server to a Windows Domain Export a file system as a CIFS Share Describe UserMapper Basics. Module 12: Configuring CIFS. - PowerPoint PPT PresentationTRANSCRIPT
Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 1
Configuring CIFS
Upon completion of this module, you should be able to:• Configure the Data Mover for a Windows environment• Create and Join a CIFS Server to a Windows Domain• Export a file system as a CIFS Share• Describe UserMapper Basics
Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 2
Module 12: Configuring CIFS
During this lesson the following topics are covered:• Preparing for CIFS• Creating a CIFS server• Creating a CIFS share
Lesson 1: Overview of Configuring VNX for CIFS
Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 3
• Configure IP networking Interface addressing Routing
• Configure Network Services DNS – Dynamic DNS
recommended NTP
• Configure Virtual Data Mover Best practice for CIFS
• Configure a file system Provides file storage space
Preparing for CIFS
Virtual Data Mover
cge-1-0192.168.65.12
DataFS
/Sales
Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 4
Virtual Data Mover
CIFSServer
VNX_CIFS01
Click icon to add picture• Start the CIFS service Runs on physical Data Mover
• Create a CIFS server on VDM Uses an available interface for
network communications CIFS server binds to interface
name
• Join CIFS server to the Windows Domain CIFS server created in domain
OU EMC Celerra
Configuring CIFS: CIFS Server
cge-1-0192.168.65.12
CIFS
OUEMC Celerra
VNX_CIFS01
DataFS
/Sales
Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 5
Virtual Data Mover
CIFSServer
VNX_CIFS01
Click icon to add picture• Create CIFS share From prepared file system CIFS server makes share
available on network to clients
• CIFS is now configured on VNX CIFS server is available to
Microsoft network File storage available to CIFS
clients though the CIFS share
Configuring CIFS: Storage
cge-1-0192.168.65.12
CIFS
DataFS
/Sales
OUEMC Celerra
VNX_CIFS01
/DataFS/Sales shared as Sales_data
Sales_data
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
During this lesson the following topics were covered:• Preparing for CIFS• Creating a CIFS server• Creating a CIFS share
Lesson 1: Summary
Configuring CIFS 6
Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS
Configuring CIFS
During this lesson the following topics are covered:• Starting CIFS• Creating a CIFS Server • Joining a CIFS Server to the domain• Verifying CIFS server status
Lesson 2: Create and Join a CIFS Server to a Windows Domain
7
Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS
CIFS Management in UnisphereStorage > Shared Folders > CIFS
8
Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 9
Starting CIFSStorage > Shared Folders > CIFSTasks tree > Configure CIFS link
Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS
Create a CIFS Server
Storage > Shared Folders > CIFS > CIFS Servers tab > Create
10
Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS
• CIFS Server Properties: Displays status with the
domain
CIFS Server Status
11
Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS
CIFS Servers in the Windows Environment
12
• CIFS server in Active Directory
• CIFS server in Dynamic DNS
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
During this lesson the following topics were covered:• Starting CIFS• Creating a CIFS Server • Joining a CIFS Server to the domain• Verifying CIFS server status
Lesson 2: Summary
Configuring CIFS 13
Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 14
Configuring CIFS
During this lesson the following topics are covered:• Exporting a file system as a CIFS share• Creating a top-level file system share• Creating shares using Windows tools
Lesson 3: File System Access via CIFS
Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS
• Exporting a file system pathname as a CIFS share• Provide a “share” name
CIFS Shares
15
CIFSServer
Designs
Sales
File System
DataFS
Engineering
SalesStructural
West
/DataFS/Engineering shared as Designs
/DataFS/Sales shared as Sales
/DataFS/shared as hidden share Top$
lost+found.etc
Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS
Exporting a File System as a CIFS Share: Unisphere
Storage > Shared Folders > CIFS > Shares tab Create
16
Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS
Exporting a File System as a CIFS Share: Windows• Initial top-level share created with Unisphere must be in place!
Computer Management > select CIFS Server
17
System Tools > Shared Folders > Share > New Share
Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS
Unisphere Display of CIFS Shares• VNX shares created with Microsoft tools displayed in Unisphere
18
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
During this lesson the following topics were covered:• Exporting a file system as a CIFS share• Creating a top-level file system share• Creating shares using Windows tools
Lesson 3: Summary
Configuring CIFS 19
Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 20
Configuring CIFS
During this lesson the following topics are covered:• Stopping/restarting the CIFS service • Modifying CIFS server interfaces • Moving a VDM with a CIFS server• CIFS restrictions with VDM
Lesson 4: CIFS Operational Considerations
Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS
CIFS Servers Interface Considerations• Interface “stealing” is:
Possible between CIFS Servers on the same Physical Data Mover Possible between CIFS Servers on the same Virtual Data Mover Not possible between CIFS Servers on different Data Movers
(Physical or Virtual)• Interfaces are not changed for Default CIFS Servers
Default CIFS Servers automatically use interfaces that are not currently used by any other CIFS Servers
• When a CIFS Server interface is disabled CIFS shares that are connected through this interface will no longer
be accessible Shares need to be reconnected through new interface
21
Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS
• Assigning an already used Interface to a CIFS server:
Stealing CIFS Server Interface
22
New CIFS Server VNX_CIFS02 being
configured
Interface already in use by VNX_CIFS01
Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS
Start/Stop the CIFS Service• Stop and Restart CIFS service after Changes
WINS settings for legacy NT4 domains Other CIFS related changes
See Configuring and Managing CIFS on VNX
• Stopping CIFS service stops all CIFS servers On physical Data Mover and its VDMs
23
CIFS
Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS
Moving a VDM with a CIFS Server• Target physical Data Mover
must have interface with same name CIFS server binds to interface
name
24
• Name resolution: Different IP addresses
Dynamic DNS updates Client DNS cache flush
Same IP address Down inactive interface
Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS
CIFS Restrictions with VDMs• VDM containing a CIFS server cannot
be loaded onto physical Data Mover with a “default CIFS server Default CIFS servers use all available
interfaces• VDM CIFS server cannot provide
antivirus functionality Antivirus functionality is provided by
“global” CIFS server from physical Data Mover
• Refer to Configuring Virtual Data Movers on VNX document for other restrictions
25
Virtual Data Mover
CIFSServer
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
During this lesson the following topics were covered:• Stopping/restarting the CIFS service • Modifying CIFS server interfaces • Moving a VDM with a CIFS server• CIFS restrictions with VDM
Lesson 4: Summary
Configuring CIFS 26
Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 27
Configuring CIFS
During this lesson the following topics are covered:• Explain Usermapper basic operations• Explain Usermapper configuration
Lesson 5: Usermapper
Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS
Mapping method
VNX FSUID/GID
User Mapping with VNX• Method for uniquely identifying users and groups accessing the
VNX with file access protocols (CIFS and NFS) Windows SIDs UNIX/Linux UIDs and GIDs
• VNX requires UIDs and GIDs UxFS based file system file and directory permissions Mapping required for CIFS only & mixed CIFS/NFS environments
28
User/Group SIDs UID/GID
UID/GID
WindowsCIFS
UNIX/LinuxNFS
Copyright © 2014 EMC Corporation. All Rights Reserved.
Mapping method
User Mapping Methods• Variety of methods available
Supporting various user environments Internal and external to VNX
Configuring CIFS 29
Mapping Method
UserEnvironment Location Enabled By
Usermapper CIFS only VNX Data Mover default
Microsoft IdMU CIFS and NFS Windows AD nsswitch.conf(LDAP)
Microsoft SFU CIFS and NFS Windows AD nsswitch.conf(LDAP)
OpenLDAP/iPlanet CIFS and NFS UNIX/Linux
LDAP servernsswitch.conf
(LDAP)VNX UNIX User Management CIFS and NFS Windows AD CIFS ADMap
parameter
NIS CIFS and NFS NIS server Data Mover network settings
Local Files CIFS and NFS VNX Data Mover
Data Mover passwd/group files
ntxmap CIFS and NFS VNX Data Mover ntxmap.conf
Copyright © 2014 EMC Corporation. All Rights Reserved.
Data Mover Data Mover
User Mapping and Secure Mapping• Secmap records (caches) SID to UID/GID mappings provided by
user mapping methods Does not generate mappings Used for resolving subsequent user mapping
Is persistent mapping Present on all physical and virtual Data Movers Mapping entries displayed with CLI only
Configuring CIFS 30
Mapping method
Secmap Secmap
Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS
Start secmap
NIS
LDAP
Active Directory
Usermapper
Local user& group files
Was the user added?
End
Usermapper generates UID or
GID and ads it to its database
User is authenticated
The access to CIFS share is allowed
An error is generated
Yes
No
No
No
No
No
No
No
Yes
Yes
Yes
Yes
Yes
Yes
1
User Mapping Search Order
31
Default mapping search order1
nsswitch.conf 2
ntxmap 3
# /.etc/nsswitch.conf :#passwd: files ldap nisgroup: files ldap nishosts: dns nis filesnetgroup: files nis
2
ntxmap
3No
Yes
Copyright © 2014 EMC Corporation. All Rights Reserved.
Usermapper Overview • A user mapping method which runs on a VNX for File
Mapping method used for CIFS-only user environments Automatically generates UIDs/GIDs for Windows user/group SIDs
Database maintains mappings UID and GID values start at 32768 and increase
Custom ranges can be configured in usrmap.cfg file (not recommended)
Configuring CIFS 32
Data MoverData MoverUsermapper
Service
Secmap Secmap
Copyright © 2014 EMC Corporation. All Rights Reserved.
Data Mover 2 Data Mover 3
Data Mover 2 Data Mover 3
Data Mover 2 Data Mover 3
Usermapper Roles• Primary Usermapper
One per VNX environment Generates user mappings By default runs on Data Mover 2
• Secondary Usermapper One per each additional VNX Queries Primary Usermapper for
mapping• Usermapper client
All other VNX Data Movers Query Primary/Secondary for user
mappings
Configuring CIFS 33
Secmap
Primary Usermapper
Secmap
Secmap
Secondary Usermapper
Secmap
Secmap
Primary/Secondary
Secmap
UsermapperClient
Copyright © 2014 EMC Corporation. All Rights Reserved.
Data Mover 2
Data Mover 2
Data Mover 2
Primary Usermapper Operations• Multiple VNXs: one Primary, two
Secondary Usermappers1. User1 accesses DM2 on VNX12. Primary Usermapper generates &
records UID for user1 SID3. Secmap records mapping
Configuring CIFS 34
User1
Secmap
Sec. Usermapper
VNX3
Secmap
Sec. Usermapper
VNX2
Secmap
Primary UsermapperUser1 SID: UID 32768
VNX1
User1 SID: UID 32768
2
3
User1 SID1
Copyright © 2014 EMC Corporation. All Rights Reserved.
• Multiple VNXs: one Primary, two Secondary Usermappers1. User2 accesses DM2 on VNX22. Secondary queries Primary for mapping3. Primary generates & records UID for user2 SID4. Secmap on VNX1 DM2 records mapping5. Primary replies with mapping6. Secondary records User2 mapping7. Secmap on VNX2 DM2 records mapping
Data Mover 2
Data Mover 2Data Mover 2
Secondary Usermapper Operations
Configuring CIFS 35
User2
VNX3
Secmap
Sec. Usermapper
VNX2
Secmap
Primary UsermapperUser1 SID: UID 32768
VNX1
User1 SID: UID 32768
3
4
User2 SID1
Sec. Usermapper
Secmap
Mapping Query2
Mapping reply 5
7
User2 SID: UID 32769
User2 SID: UID 32769
User2 SID: UID 32769
User2 SID: UID 32769
6
Copyright © 2014 EMC Corporation. All Rights Reserved.
Data Mover 2 Data Mover 2
Data Mover 2
• Multiple VNXs: one Primary, two Secondary Usermappers1. User3 accesses DM2 on VNX32. Secondary queries Primary for mapping3. Primary generates & records UID for user3 SID4. Secmap on VNX1 DM2 records mapping5. Primary replies with mapping6. Secondary records User3 mapping7. Secmap on VNX2 DM2 records mapping
Secondary Usermapper Operations (Continued)
Configuring CIFS 36
User3
Secmap
Primary UsermapperUser1 SID: UID 32768
VNX1
User1 SID: UID 32768
3
4
User2 SID: UID 32769
User2 SID: UID 32769
VNX3
Sec. Usermapper
Secmap
User3 SID1Mapping reply 5
Mapping Query
Secmap
Sec. Usermapper
VNX2
User2 SID: UID 32769
User2 SID: UID 32769
2
User3 SID: UID 32770
User3 SID: UID 32770
User3 SID: UID 32770
7
6
User3 SID: UID 32770
Copyright © 2014 EMC Corporation. All Rights Reserved.
Data Mover 2
Data Mover 2
Secmap
Sec. UsermapperUser2 SID: UID 32769
User2 SID: UID 32769
VNX2
Sec. Usermapper
Secmap
User3 SID: UID 32770
User3 SID: UID 32770
Usermapper Client Operations• Multiple VNXs: one Primary, two Secondary Usermappers
1. User4 accesses DM3 on VNX12. Client broadcasts to Usermapper service for mapping3. DM2 Primary generates & records UID for User4 SID4. DM2 secmap records mapping5. Primary replies with mapping6. DM3 secmap records mapping
Configuring CIFS 37
User4
VNX3
VNX1Data Mover 2
User1 SID: UID 32768
User1 SID: UID 32768Secmap
Primary UsermapperUser1 SID: UID 32768
User1 SID: UID 32768
User2 SID: UID 32769
User2 SID: UID 32769
User3 SID: UID 32770
User3 SID: UID 32770
User4 SID: UID 32771
User4 SID: UID 32771
3
4
Data Mover 3
User1 SID: UID 32768Secmap
UsermapperClient
User4 SID: UID 327716
Mapping broadcast
Mapping reply 5
2
User4 SID1
Copyright © 2014 EMC Corporation. All Rights Reserved.
Viewing the Usermapper Configuration
Configuring CIFS 38
Storage > Shared Folders > CIFS > Usermappers tab
Copyright © 2014 EMC Corporation. All Rights Reserved.
Usermapper Database BackupStorage > Shared Folders > CIFS > Usermappers tab
• Backups used to update Secondary database If promoting to Primary
• EMC recommends that you do not modify Usermapper database entries.
Configuring CIFS 39
Copyright © 2014 EMC Corporation. All Rights Reserved.
Managing Usermapper Roles
Configuring CIFS 40
Storage > Shared Folders > CIFS > Usermappers tab
Copyright © 2014 EMC Corporation. All Rights Reserved.
Managing Usermapper Roles (continued)
Configuring CIFS 41
Storage > Shared Folders > CIFS > Usermappers tab
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
During this lesson the following topics were covered:•Usermapper basic operations•Usermapper configuration
Lesson 5: Summary
Configuring CIFS 42
Copyright © 2014 EMC Corporation. All Rights Reserved.
SummaryKey points covered in this module:• Preparation is key to CIFS implementation. Identify key network
resources: Interface addressing Routing DNS NTP
• VDM CIFS server cannot provide antivirus functionality• Usermapper provides unique IDs for users and groups from
Windows environments that access the
Configuring CIFS 43
Copyright © 2014 EMC Corporation. All Rights Reserved.
This slide is intentionally left blank.
Configuring CIFS 44