R_MOD_18-Configuring_CIFS

Download Report

Transcript R_MOD_18-Configuring_CIFS 

Configuring CIFS
Upon completion of this module, you should be able to:
• Configure the Data Mover for a Windows environment
• Create and Join a CIFS Server to a Windows Domain
• Export a file system as a CIFS Share
• Describe UserMapper Basics
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
1
Module 12: Configuring CIFS
Lesson 1: Overview of Configuring VNX for CIFS
During this lesson the following topics are covered:
• Preparing for CIFS
• Creating a CIFS server
• Creating a CIFS share
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
2
Preparing for CIFS
• Configure IP networking
 Interface addressing
Virtual Data Mover
 Routing
• Configure Network Services
 DNS – Dynamic DNS
recommended
 NTP
DataFS
cge-1-0
192.168.65.12
/Sales
• Configure Virtual Data Mover
 Best practice for CIFS
• Configure a file system
 Provides file storage space
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
3
Configuring CIFS: CIFS Server
• Start the CIFS service
CIFS
 Runs on physical Data Mover
Virtual Data Mover
• Create a CIFS server on VDM
CIFS
Server
VNX_CIFS01
 Uses an available interface for
network communications
 CIFS server binds to interface
name
DataFS
cge-1-0
192.168.65.12
/Sales
• Join CIFS server to the
Windows Domain
 CIFS server created in domain
OU EMC Celerra
OU
EMC Celerra
VNX_CIFS01
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
4
Configuring CIFS: Storage
• Create CIFS share
CIFS
 From prepared file system
Virtual Data Mover
 CIFS server makes share
available on network to clients
• CIFS is now configured on VNX
 CIFS server is available to
Microsoft network
 File storage available to CIFS
clients though the CIFS share
CIFS
Server
VNX_CIFS01
DataFS
cge-1-0
192.168.65.12
/Sales
/DataFS/Sales shared as
Sales_data
Sales_data
OU
EMC Celerra
VNX_CIFS01
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
5
Configuring CIFS
Lesson 1: Summary
During this lesson the following topics were covered:
• Preparing for CIFS
• Creating a CIFS server
• Creating a CIFS share
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
6
Configuring CIFS
Lesson 2: Create and Join a CIFS Server to a Windows Domain
During this lesson the following topics are covered:
• Starting CIFS
• Creating a CIFS Server
• Joining a CIFS Server to the domain
• Verifying CIFS server status
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
7
CIFS Management in Unisphere
Storage > Shared Folders > CIFS
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
8
Starting CIFS
Storage > Shared Folders > CIFS
Tasks tree > Configure CIFS link
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
9
Create a CIFS Server
Storage > Shared Folders >
CIFS > CIFS Servers tab >
Create
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
10
CIFS Server Status
• CIFS Server Properties:
 Displays status with the
domain
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
11
CIFS Servers in the Windows Environment
• CIFS server in
Active Directory
• CIFS server in
Dynamic DNS
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
12
Configuring CIFS
Lesson 2: Summary
During this lesson the following topics were covered:
• Starting CIFS
• Creating a CIFS Server
• Joining a CIFS Server to the domain
• Verifying CIFS server status
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
13
Configuring CIFS
Lesson 3: File System Access via CIFS
During this lesson the following topics are covered:
• Exporting a file system as a CIFS share
• Creating a top-level file system share
• Creating shares using Windows tools
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
14
CIFS Shares
• Exporting a file system pathname as a CIFS share
• Provide a “share” name
File System
CIFS
Server
/DataFS/shared as hidden share Top$
DataFS
lost+found
.etc
shared as
Engineering /DataFS/Engineering
Designs
Structural
Sales
/DataFS/Sales shared as Sales
West
Copyright © 2014 EMC Corporation. All Rights Reserved.
Designs
Sales
Configuring CIFS
15
Exporting a File System as a CIFS Share:
Unisphere
Storage > Shared Folders > CIFS > Shares tab Create
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
16
Exporting a File System as a CIFS Share: Windows
• Initial top-level share created with Unisphere must be in place!
Computer Management > select CIFS Server
System Tools > Shared Folders > Share > New Share
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
17
Unisphere Display of CIFS Shares
• VNX shares created with Microsoft tools displayed in Unisphere
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
18
Configuring CIFS
Lesson 3: Summary
During this lesson the following topics were covered:
• Exporting a file system as a CIFS share
• Creating a top-level file system share
• Creating shares using Windows tools
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
19
Configuring CIFS
Lesson 4: CIFS Operational Considerations
During this lesson the following topics are covered:
• Stopping/restarting the CIFS service
• Modifying CIFS server interfaces
• Moving a VDM with a CIFS server
• CIFS restrictions with VDM
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
20
CIFS Servers Interface Considerations
• Interface “stealing” is:
 Possible between CIFS Servers on the same Physical Data Mover
 Possible between CIFS Servers on the same Virtual Data Mover
 Not possible between CIFS Servers on different Data Movers
(Physical or Virtual)
• Interfaces are not changed for Default CIFS Servers
 Default CIFS Servers automatically use interfaces that are not
currently used by any other CIFS Servers
• When a CIFS Server interface is disabled
 CIFS shares that are connected through this interface will no longer
be accessible
 Shares need to be reconnected through new interface
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
21
Stealing CIFS Server Interface
• Assigning an already used Interface to a CIFS server:
New CIFS Server
VNX_CIFS02 being
configured
Interface already in use
by VNX_CIFS01
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
22
Start/Stop the CIFS Service
• Stop and Restart CIFS service after Changes
 WINS settings for legacy NT4 domains
 Other CIFS related changes
 See Configuring and Managing CIFS on VNX
• Stopping CIFS service stops all CIFS servers
 On physical Data Mover and its VDMs
CIFS
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
23
Moving a VDM with a CIFS Server
• Target physical Data Mover
must have interface with same
name
 CIFS server binds to interface
name
Copyright © 2014 EMC Corporation. All Rights Reserved.
• Name resolution:
 Different IP addresses
 Dynamic DNS updates
 Client DNS cache flush
 Same IP address
 Down inactive interface
Configuring CIFS
24
CIFS Restrictions with VDMs
• VDM containing a CIFS server cannot
be loaded onto physical Data Mover
with a “default CIFS server
 Default CIFS servers use all available
interfaces
Virtual Data Mover
• VDM CIFS server cannot provide
antivirus functionality
 Antivirus functionality is provided by
CIFS
Server
“global” CIFS server from physical
Data Mover
• Refer to Configuring Virtual Data
Movers on VNX document for other
restrictions
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
25
Configuring CIFS
Lesson 4: Summary
During this lesson the following topics were covered:
• Stopping/restarting the CIFS service
• Modifying CIFS server interfaces
• Moving a VDM with a CIFS server
• CIFS restrictions with VDM
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
26
Configuring CIFS
Lesson 5: Usermapper
During this lesson the following topics are covered:
• Explain Usermapper basic operations
• Explain Usermapper configuration
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
27
User Mapping with VNX
• Method for uniquely identifying users and groups accessing the
VNX with file access protocols (CIFS and NFS)
 Windows SIDs
 UNIX/Linux UIDs and GIDs
• VNX requires UIDs and GIDs
 UxFS based file system file and directory permissions
 Mapping required for CIFS only & mixed CIFS/NFS environments
User/Group SIDs
Mapping method
UID/GID
UID/GID
Windows
CIFS
Copyright © 2014 EMC Corporation. All Rights Reserved.
VNX FS
UID/GID
UNIX/Linux
NFS
Configuring CIFS
28
User Mapping Methods
• Variety of methods available
 Supporting various user environments
 Internal and external to VNX
Mapping method
Copyright © 2014 EMC Corporation. All Rights Reserved.
Mapping
Method
User
Environment
Location
Enabled By
Usermapper
CIFS only
VNX Data
Mover
default
Microsoft IdMU
CIFS and NFS
Windows AD
nsswitch.conf
(LDAP)
Microsoft SFU
CIFS and NFS
Windows AD
nsswitch.conf
(LDAP)
OpenLDAP/
iPlanet
CIFS and NFS
UNIX/Linux
LDAP server
nsswitch.conf
(LDAP)
VNX UNIX User
Management
CIFS and NFS
Windows AD
CIFS ADMap
parameter
NIS
CIFS and NFS
NIS server
Data Mover network
settings
Local Files
CIFS and NFS
ntxmap
CIFS and NFS
VNX Data
Mover
VNX Data
Mover
Data Mover
passwd/group files
ntxmap.conf
Configuring CIFS
29
User Mapping and Secure Mapping
• Secmap records (caches) SID to UID/GID mappings provided by
user mapping methods
 Does not generate mappings
 Used for resolving subsequent user mapping
Is persistent mapping
 Present on all physical and virtual Data Movers
 Mapping entries displayed with CLI only
Mapping method
Data Mover
Data Mover
Secmap
Secmap
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
30
User Mapping Search Order
Yes
Start
Yes
ntxmap
3
No
secmap
User is
authenticated
No
2
Local user
& group files
# /.etc/nsswitch.conf :
#
passwd:
files ldap nis
group:
files ldap nis
hosts:
dns nis files
netgroup:
files nis
Yes
The access to CIFS
share is allowed
No
Yes
NIS
End
No
Yes
LDAP
No
1 Default mapping search order
2 nsswitch.conf
3 ntxmap
1
Active
Directory
No
Yes
Usermapper
No
Usermapper
generates UID or
GID and ads it to its
database
Was the user
added?
No
Copyright © 2014 EMC Corporation. All Rights Reserved.
Yes
Yes
An error is
generated
Configuring CIFS
31
Usermapper Overview
• A user mapping method which runs on a VNX for File
 Mapping method used for CIFS-only user environments
 Automatically generates UIDs/GIDs for Windows user/group SIDs
Database maintains mappings
UID and GID values start at 32768 and increase
 Custom ranges can be configured in usrmap.cfg file (not recommended)
Data Mover
Data Mover
Usermapper
Service
Secmap
Copyright © 2014 EMC Corporation. All Rights Reserved.
Secmap
Configuring CIFS
32
Usermapper Roles
• Primary Usermapper
 One per VNX environment
 Generates user mappings
 By default runs on Data Mover 2
Data Mover 2
Primary
Usermapper
Secmap
Data Mover 3
Data Mover 2
Secondary
Usermapper
Secmap
Data Mover 3
Data Mover 2
Primary/
Secondary
Secmap
Data Mover 3
Usermapper
Client
Secmap
Secmap
• Secondary Usermapper
 One per each additional VNX
 Queries Primary Usermapper for
mapping
• Usermapper client
 All other VNX Data Movers
 Query Primary/Secondary for user
mappings
Copyright © 2014 EMC Corporation. All Rights Reserved.
Secmap
Configuring CIFS
33
Primary Usermapper Operations
• Multiple VNXs: one Primary, two
Secondary Usermappers
VNX3
Data Mover 2
1. User1 accesses DM2 on VNX1
2. Primary Usermapper generates &
3.
records UID for user1 SID
Secmap records mapping
Sec. Usermapper
Secmap
VNX2
Data Mover 2
Sec. Usermapper
Secmap
VNX1
Data Mover 2
1
User1 SID
Primary Usermapper
User1 SID: UID 32768
2
Secmap
User1 SID: UID 32768
3
User1
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
34
Secondary Usermapper Operations
• Multiple VNXs: one Primary, two Secondary Usermappers
1.
2.
3.
4.
5.
6.
7.
User2 accesses DM2 on VNX2
Secondary queries Primary for mapping
Primary generates & records UID for user2 SID
Secmap on VNX1 DM2 records mapping
Primary replies with mapping
Secondary records User2 mapping
Secmap on VNX2 DM2 records mapping
VNX2
Data Mover 2
1
User2 SID
Sec. Usermapper
6 User2
SID: UID 32769
Sec. Usermapper
Secmap
VNX1
Data Mover 2
2
Mapping Query
Mapping reply
Secmap
7 User2 SID: UID 32769
VNX3
Data Mover 2
Primary Usermapper
User1 SID: UID 32768
5 User2 SID: UID 32769 3
Secmap
User1 SID: UID 32768
User2 SID: UID 32769 4
User2
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
35
Secondary Usermapper Operations (Continued)
• Multiple VNXs: one Primary, two Secondary Usermappers
1.
2.
3.
4.
5.
6.
7.
User3 accesses DM2 on VNX3
Secondary queries Primary for mapping
Primary generates & records UID for user3 SID
Secmap on VNX1 DM2 records mapping
Primary replies with mapping
Secondary records User3 mapping
Secmap on VNX2 DM2 records mapping
VNX3
Data Mover 2
1
User3 SID
Sec. Usermapper 2
6 User3
SID: UID 32770
Sec. Usermapper
User2 SID: UID 32769
Secmap
User2 SID: UID 32769
VNX1
Data Mover 2
Mapping Query
Mapping reply
Secmap
7 User3 SID: UID 32770
VNX2
Data Mover 2
Primary Usermapper
User1 SID: UID 32768
SID: UID 32769
5 User2
User3 SID: UID 32770 3
Secmap
User1 SID: UID 32768
User2 SID: UID 32769
User3 SID: UID 32770 4
User3
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
36
Usermapper Client Operations
• Multiple VNXs: one Primary, two Secondary Usermappers
1.
2.
3.
4.
5.
6.
User4 accesses DM3 on VNX1
Client broadcasts to Usermapper service for mapping
DM2 Primary generates & records UID for User4 SID
DM2 secmap records mapping
Primary replies with mapping
VNX2
Data Mover 2
DM3 secmap records mapping
VNX3
Data Mover 2
Sec. Usermapper
User3 SID: UID 32770
Secmap
User3 SID: UID 32770
Sec. Usermapper
User2 SID: UID 32769
Secmap
User2 SID: UID 32769
Data Mover 3
1
User4 SID
Usermapper
Client
2
VNX1
Mapping broadcast
Mapping reply
Secmap
6 User4 SID: UID 32771
User1 SID: UID 32768
User4
Copyright © 2014 EMC Corporation. All Rights Reserved.
Data Mover 2
Primary Usermapper
User1
SID:UID
UID 32768
User1
User2 SID:
SID: UID 32768
32769
5 User3 SID: UID 32770 3
User4 SID: UID 32771
Secmap
User1 SID:
SID:UID
UID 32768
User1
User2 SID: UID 32768
32769
User3 SID: UID 32770
User4 SID: UID 32771 4
Configuring CIFS
37
Viewing the Usermapper Configuration
Storage > Shared Folders > CIFS > Usermappers tab
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
38
Usermapper Database Backup
•
Storage > Shared Folders > CIFS > Usermappers tab
Backups used to update Secondary database
 If promoting to Primary
• EMC recommends that you do not modify Usermapper database
entries.
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
39
Managing Usermapper Roles
Storage > Shared Folders > CIFS > Usermappers tab
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
40
Managing Usermapper Roles (continued)
Storage > Shared Folders > CIFS > Usermappers tab
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
41
Configuring CIFS
Lesson 5: Summary
During this lesson the following topics were covered:
•Usermapper basic operations
•Usermapper configuration
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
42
Summary
Key points covered in this module:
• Preparation is key to CIFS implementation. Identify key network
resources:
 Interface addressing
 Routing
 DNS
 NTP
• VDM CIFS server cannot provide antivirus functionality
• Usermapper provides unique IDs for users and groups from
Windows environments that access the
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
43
This slide is intentionally left blank.
Copyright © 2014 EMC Corporation. All Rights Reserved.
Configuring CIFS
44