configuring cifs

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 1

Configuring CIFS

Upon completion of this module, you should be able to:• Configure the Data Mover for a Windows environment• Create and Join a CIFS Server to a Windows Domain• Export a file system as a CIFS Share• Describe UserMapper Basics


Module 12: Configuring CIFS

During this lesson the following topics are covered:• Preparing for CIFS• Creating a CIFS server• Creating a CIFS share

Lesson 1: Overview of Configuring VNX for CIFS


• Configure IP networking Interface addressing Routing

• Configure Network Services DNS – Dynamic DNS

recommended NTP

• Configure Virtual Data Mover Best practice for CIFS

• Configure a file system Provides file storage space

Preparing for CIFS

Virtual Data Mover

cge-1-0192.168.65.12

DataFS

/Sales


Virtual Data Mover

CIFSServer

VNX_CIFS01

Click icon to add picture• Start the CIFS service Runs on physical Data Mover

• Create a CIFS server on VDM Uses an available interface for

network communications CIFS server binds to interface

name

• Join CIFS server to the Windows Domain CIFS server created in domain

OU EMC Celerra

Configuring CIFS: CIFS Server

cge-1-0192.168.65.12

CIFS

OUEMC Celerra

VNX_CIFS01

DataFS

/Sales


Virtual Data Mover

CIFSServer

VNX_CIFS01

Click icon to add picture• Create CIFS share From prepared file system CIFS server makes share

available on network to clients

• CIFS is now configured on VNX CIFS server is available to

Microsoft network File storage available to CIFS

clients though the CIFS share

Configuring CIFS: Storage

cge-1-0192.168.65.12

CIFS

DataFS

/Sales

OUEMC Celerra

VNX_CIFS01

/DataFS/Sales shared as Sales_data

Sales_data

Copyright © 2014 EMC Corporation. All Rights Reserved.

Configuring CIFS

During this lesson the following topics were covered:• Preparing for CIFS• Creating a CIFS server• Creating a CIFS share

Lesson 1: Summary

Configuring CIFS 6

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS

Configuring CIFS

During this lesson the following topics are covered:• Starting CIFS• Creating a CIFS Server • Joining a CIFS Server to the domain• Verifying CIFS server status

Lesson 2: Create and Join a CIFS Server to a Windows Domain

7


CIFS Management in UnisphereStorage > Shared Folders > CIFS

8


Starting CIFSStorage > Shared Folders > CIFSTasks tree > Configure CIFS link


Create a CIFS Server

Storage > Shared Folders > CIFS > CIFS Servers tab > Create

10


• CIFS Server Properties: Displays status with the

domain

CIFS Server Status

11


CIFS Servers in the Windows Environment

12

• CIFS server in Active Directory

• CIFS server in Dynamic DNS


Configuring CIFS

During this lesson the following topics were covered:• Starting CIFS• Creating a CIFS Server • Joining a CIFS Server to the domain• Verifying CIFS server status

Lesson 2: Summary

Configuring CIFS 13


Configuring CIFS

During this lesson the following topics are covered:• Exporting a file system as a CIFS share• Creating a top-level file system share• Creating shares using Windows tools

Lesson 3: File System Access via CIFS


• Exporting a file system pathname as a CIFS share• Provide a “share” name

CIFS Shares

15

CIFSServer

Designs

Sales

File System

DataFS

Engineering

SalesStructural

West

/DataFS/Engineering shared as Designs

/DataFS/Sales shared as Sales

/DataFS/shared as hidden share Top$

lost+found.etc


Exporting a File System as a CIFS Share: Unisphere

Storage > Shared Folders > CIFS > Shares tab Create

16


Exporting a File System as a CIFS Share: Windows• Initial top-level share created with Unisphere must be in place!

Computer Management > select CIFS Server

17

System Tools > Shared Folders > Share > New Share


Unisphere Display of CIFS Shares• VNX shares created with Microsoft tools displayed in Unisphere

18


Configuring CIFS

During this lesson the following topics were covered:• Exporting a file system as a CIFS share• Creating a top-level file system share• Creating shares using Windows tools

Lesson 3: Summary

Configuring CIFS 19


Configuring CIFS

During this lesson the following topics are covered:• Stopping/restarting the CIFS service • Modifying CIFS server interfaces • Moving a VDM with a CIFS server• CIFS restrictions with VDM

Lesson 4: CIFS Operational Considerations


CIFS Servers Interface Considerations• Interface “stealing” is:

Possible between CIFS Servers on the same Physical Data Mover Possible between CIFS Servers on the same Virtual Data Mover Not possible between CIFS Servers on different Data Movers

(Physical or Virtual)• Interfaces are not changed for Default CIFS Servers

Default CIFS Servers automatically use interfaces that are not currently used by any other CIFS Servers

• When a CIFS Server interface is disabled CIFS shares that are connected through this interface will no longer

be accessible Shares need to be reconnected through new interface

21


• Assigning an already used Interface to a CIFS server:

Stealing CIFS Server Interface

22

New CIFS Server VNX_CIFS02 being

configured

Interface already in use by VNX_CIFS01


Start/Stop the CIFS Service• Stop and Restart CIFS service after Changes

WINS settings for legacy NT4 domains Other CIFS related changes

See Configuring and Managing CIFS on VNX

• Stopping CIFS service stops all CIFS servers On physical Data Mover and its VDMs

23

CIFS


Moving a VDM with a CIFS Server• Target physical Data Mover

must have interface with same name CIFS server binds to interface

name

24

• Name resolution: Different IP addresses

Dynamic DNS updates Client DNS cache flush

Same IP address Down inactive interface


CIFS Restrictions with VDMs• VDM containing a CIFS server cannot

be loaded onto physical Data Mover with a “default CIFS server Default CIFS servers use all available

interfaces• VDM CIFS server cannot provide

antivirus functionality Antivirus functionality is provided by

“global” CIFS server from physical Data Mover

• Refer to Configuring Virtual Data Movers on VNX document for other restrictions

25

Virtual Data Mover

CIFSServer


Configuring CIFS

During this lesson the following topics were covered:• Stopping/restarting the CIFS service • Modifying CIFS server interfaces • Moving a VDM with a CIFS server• CIFS restrictions with VDM

Lesson 4: Summary

Configuring CIFS 26


Configuring CIFS

During this lesson the following topics are covered:• Explain Usermapper basic operations• Explain Usermapper configuration

Lesson 5: Usermapper


Mapping method

VNX FSUID/GID

User Mapping with VNX• Method for uniquely identifying users and groups accessing the

VNX with file access protocols (CIFS and NFS) Windows SIDs UNIX/Linux UIDs and GIDs

• VNX requires UIDs and GIDs UxFS based file system file and directory permissions Mapping required for CIFS only & mixed CIFS/NFS environments

28

User/Group SIDs UID/GID

UID/GID

WindowsCIFS

UNIX/LinuxNFS


Mapping method

User Mapping Methods• Variety of methods available

Supporting various user environments Internal and external to VNX

Configuring CIFS 29

Mapping Method

UserEnvironment Location Enabled By

Usermapper CIFS only VNX Data Mover default

Microsoft IdMU CIFS and NFS Windows AD nsswitch.conf(LDAP)

Microsoft SFU CIFS and NFS Windows AD nsswitch.conf(LDAP)

OpenLDAP/iPlanet CIFS and NFS UNIX/Linux

LDAP servernsswitch.conf

(LDAP)VNX UNIX User Management CIFS and NFS Windows AD CIFS ADMap

parameter

NIS CIFS and NFS NIS server Data Mover network settings

Local Files CIFS and NFS VNX Data Mover

Data Mover passwd/group files

ntxmap CIFS and NFS VNX Data Mover ntxmap.conf


Data Mover Data Mover

User Mapping and Secure Mapping• Secmap records (caches) SID to UID/GID mappings provided by

user mapping methods Does not generate mappings Used for resolving subsequent user mapping

Is persistent mapping Present on all physical and virtual Data Movers Mapping entries displayed with CLI only

Configuring CIFS 30

Mapping method

Secmap Secmap


Start secmap

NIS

LDAP

Active Directory

Usermapper

Local user& group files

Was the user added?

End

Usermapper generates UID or

GID and ads it to its database

User is authenticated

The access to CIFS share is allowed

An error is generated

Yes

No

No

No

No

No

No

No

Yes

Yes

Yes

Yes

Yes

Yes

1

User Mapping Search Order

31

Default mapping search order1

nsswitch.conf 2

ntxmap 3

# /.etc/nsswitch.conf :#passwd: files ldap nisgroup: files ldap nishosts: dns nis filesnetgroup: files nis

2

ntxmap

3No

Yes


Usermapper Overview • A user mapping method which runs on a VNX for File

Mapping method used for CIFS-only user environments Automatically generates UIDs/GIDs for Windows user/group SIDs

Database maintains mappings UID and GID values start at 32768 and increase

Custom ranges can be configured in usrmap.cfg file (not recommended)

Configuring CIFS 32

Data MoverData MoverUsermapper

Service

Secmap Secmap


Data Mover 2 Data Mover 3



Usermapper Roles• Primary Usermapper

One per VNX environment Generates user mappings By default runs on Data Mover 2

• Secondary Usermapper One per each additional VNX Queries Primary Usermapper for

mapping• Usermapper client

All other VNX Data Movers Query Primary/Secondary for user

mappings

Configuring CIFS 33

Secmap

Primary Usermapper

Secmap

Secmap

Secondary Usermapper

Secmap

Secmap

Primary/Secondary

Secmap

UsermapperClient


Data Mover 2

Data Mover 2

Data Mover 2

Primary Usermapper Operations• Multiple VNXs: one Primary, two

Secondary Usermappers1. User1 accesses DM2 on VNX12. Primary Usermapper generates &

records UID for user1 SID3. Secmap records mapping

Configuring CIFS 34

User1

Secmap

Sec. Usermapper

VNX3

Secmap

Sec. Usermapper

VNX2

Secmap

Primary UsermapperUser1 SID: UID 32768

VNX1

User1 SID: UID 32768

2

3

User1 SID1


• Multiple VNXs: one Primary, two Secondary Usermappers1. User2 accesses DM2 on VNX22. Secondary queries Primary for mapping3. Primary generates & records UID for user2 SID4. Secmap on VNX1 DM2 records mapping5. Primary replies with mapping6. Secondary records User2 mapping7. Secmap on VNX2 DM2 records mapping

Data Mover 2

Data Mover 2Data Mover 2

Secondary Usermapper Operations

Configuring CIFS 35

User2

VNX3

Secmap

Sec. Usermapper

VNX2

Secmap


VNX1


3

4

User2 SID1

Sec. Usermapper

Secmap

Mapping Query2

Mapping reply 5

7





6



Data Mover 2

• Multiple VNXs: one Primary, two Secondary Usermappers1. User3 accesses DM2 on VNX32. Secondary queries Primary for mapping3. Primary generates & records UID for user3 SID4. Secmap on VNX1 DM2 records mapping5. Primary replies with mapping6. Secondary records User3 mapping7. Secmap on VNX2 DM2 records mapping

Secondary Usermapper Operations (Continued)

Configuring CIFS 36

User3

Secmap


VNX1


3

4



VNX3

Sec. Usermapper

Secmap

User3 SID1Mapping reply 5

Mapping Query

Secmap

Sec. Usermapper

VNX2



2




7

6



Data Mover 2

Data Mover 2

Secmap

Sec. UsermapperUser2 SID: UID 32769


VNX2

Sec. Usermapper

Secmap



Usermapper Client Operations• Multiple VNXs: one Primary, two Secondary Usermappers

1. User4 accesses DM3 on VNX12. Client broadcasts to Usermapper service for mapping3. DM2 Primary generates & records UID for User4 SID4. DM2 secmap records mapping5. Primary replies with mapping6. DM3 secmap records mapping

Configuring CIFS 37

User4

VNX3

VNX1Data Mover 2


User1 SID: UID 32768Secmap









3

4

Data Mover 3

User1 SID: UID 32768Secmap

UsermapperClient


Mapping broadcast

Mapping reply 5

2

User4 SID1


Viewing the Usermapper Configuration

Configuring CIFS 38

Storage > Shared Folders > CIFS > Usermappers tab


Usermapper Database BackupStorage > Shared Folders > CIFS > Usermappers tab

• Backups used to update Secondary database If promoting to Primary

• EMC recommends that you do not modify Usermapper database entries.

Configuring CIFS 39


Managing Usermapper Roles

Configuring CIFS 40



Managing Usermapper Roles (continued)

Configuring CIFS 41



Configuring CIFS

During this lesson the following topics were covered:•Usermapper basic operations•Usermapper configuration

Lesson 5: Summary

Configuring CIFS 42


SummaryKey points covered in this module:• Preparation is key to CIFS implementation. Identify key network

resources: Interface addressing Routing DNS NTP

• VDM CIFS server cannot provide antivirus functionality• Usermapper provides unique IDs for users and groups from

Windows environments that access the

Configuring CIFS 43


This slide is intentionally left blank.

Configuring CIFS 44

configuring cifs

Documents

cifs copyright

cifs environment

cifs configuration

cifs serviceruns

cifs sharelesson

cifs storage access

interface namejoin cifs

data mover networking