Dell PowerVault Best Practices Series. Deploying the Dell PowerVault NX3500 in a CIFS Environment A Dell Technical White Paper

Similar documents
DELL POWERVAULT NX3500 INTEGRATION WITHIN A MICROSOFT WINDOWS ENVIRONMENT

DELL EQUALLOGIC FS7500 INTEGRATION WITHIN A LINUX ENVIRONMENT

Setting Up the DR Series System as an NFS Target on Amanda Enterprise 3.3.5

FluidFS in a Multi-protocol (SMB/NFS) Environment

Setting Up the Dell DR Series System as an NFS Target on Amanda Enterprise 3.3.5

DELL TM PowerVault TM DL Backup-to-Disk Appliance

Windows Server 2003 Network Administration Goals

DELL POWERVAULT NX3500. A Dell Technical Guide Version 1.0

Setting Up the Dell DR Series System on Veeam

Setting Up the DR Series System on Veeam

Dell Storage vsphere Web Client Plugin. Version 4.0 Administrator s Guide

USER GUIDE. CTERA Agent for Windows. June 2016 Version 5.5

Dell Compellent Storage Center

VMware Identity Manager Administration

Parallels Virtuozzo Containers 4.6 for Windows

FluidFS Antivirus Integration

Setting Up Replication between Dell DR Series Deduplication Appliances with NetVault 9.2 as Backup Software

Scheduled Automatic Search using Dell Repository Manager

INSTALL GUIDE BIOVIA INSIGHT 2016

NetExtender for SSL-VPN

Copyright 2010 Digiliant, LLC. All Rights Reserved.

DELL TM PowerVault TM DL Backup-to-Disk Appliance

Xton Access Manager GETTING STARTED GUIDE

INSTALL GUIDE BIOVIA INSIGHT 2.6

Workspace ONE UEM Certificate Authentication for EAS with ADCS. VMware Workspace ONE UEM 1902

File Services. File Services at a Glance

Dameware ADMINISTRATOR GUIDE. Version Last Updated: October 18, 2017

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

Dell Fluid File System Version 6.0 Support Matrix

Aspera Connect Windows XP, 2003, Vista, 2008, 7. Document Version: 1

NETWRIX WINDOWS SERVER CHANGE REPORTER

VMware Mirage Web Manager Guide

Microsoft Technical Solutions

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

You can access data using the FTP/SFTP protocol. This document will guide you in the procedures for configuring FTP/SFTP access.

CDP Data Center Console User Guide CDP Data Center Console User Guide Version

Privileged Identity App Launcher and Session Recording

Dell PowerVault NX1950 configuration guide for VMware ESX Server software

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

DIGILIANT Windows Storage Server

Dell Storage Compellent Integration Tools for VMware

SharePoint General Instructions

Dell Fluid File System. Version 6.0 Support Matrix

Wireless and Dorm Printing Overview

Configuring a Microsoft Windows Server 2012/R2 Failover Cluster with Storage Center

Remote Support 19.1 Web Rep Console

LepideAuditor for File Server. Installation and Configuration Guide

Mozy. Administrator Guide

Dell Storage Compellent Integration Tools for VMware

PMS 138 C Moto Black spine width spine width 100% 100%

Storage Manager 2018 R1. Installation Guide

NetIQ Advanced Authentication Framework. Deployment Guide. Version 5.1.0

Remote Support Web Rep Console

Backup App V7. Quick Start Guide for Windows

vcloud Director User's Guide

Talon FAST User Guide. Date Version Author Comments. November 15, Jaap van Duijvenbode Final Release

Enforced Client Policy & Reporting Server (EPRS) 2.3. Administration Guide

Evaluation Guide Host Access Management and Security Server 12.4

EMC SourceOne for Microsoft SharePoint Version 6.7

Dell Flexible Computing Solutions: Deploying On-Demand Desktop Streaming

Dell PowerVault MD3600i and MD3620i Storage Arrays. Deployment Guide

Getting Started with VMware View View 3.1

Optimizing and Managing File Storage in Windows Environments

Horizon Workspace Administrator's Guide

Copyright Jetro Platforms, Ltd. All rights reserved.

Dell Compellent FS8600: CIFS File Server Consolidation Guide. A Dell Compellent Technical Tip

Dell FS8600 with VMware vsphere

Chapter 1: Windows Platform and Architecture. You will learn:

Parallels Containers for Windows 6.0

Cisco Unified Serviceability

Dell FluidFS 6.0 FS8600 Appliance CLI Reference Guide

Veritas NetBackup OpenStorage Solutions Guide for Disk

Realms and Identity Policies

Configuring Direct-Connect between a DR Series System and Backup Media Server

Install and upgrade Qlik Sense. Qlik Sense 3.2 Copyright QlikTech International AB. All rights reserved.

DEPLOYMENT GUIDE Version 1.0. Deploying the ARX with Dell NX3000 and Microsoft Windows Storage Server 2008

Basic Configuration Installation Guide

NETWRIX PASSWORD EXPIRATION NOTIFIER

Configuring Request Authentication and Authorization

Remote Support Jumpoint Guide: Unattended Access to Computers in a Network 4. Recommended Steps to Implement Bomgar Jump Technology 5

version 5.4 Installation Guide

Lesson 1: Preparing for Installation

User Guide AppAnywhere

VMware AirWatch Content Gateway for Windows. VMware Workspace ONE UEM 1811 Unified Access Gateway

ELM Server Exchange Edition ArchiveWeb version 5.5

Accops HyWorks v3.0. Quick Start Guide. Last Update: 4/25/2017

vcloud Director User's Guide

Dell Storage Integration Tools for VMware

BlackBerry Enterprise Server for Microsoft Office 365. Version: 1.0. Administration Guide

Filesharing. Jason Healy, Director of Networks and Systems

Chapter. Accessing Files and Folders MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER

Dell Compellent Storage Center with CommVault Simpana 9.0. Best Practices

How to create a System Logon Account in Backup Exec for Windows Servers

DigitalPersona Pro Enterprise


Dell EMC Unity Family

Reference manual Integrated database authentication

VMware AirWatch Content Gateway Guide for Windows

DELL EMC UNITY: DR ACCESS AND TESTING. Dell EMC Unity OE 4.5

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

Transcription:

Dell PowerVault Best Practices Series Deploying the Dell PowerVault NX3500 in a CIFS Environment A Dell Technical White Paper Enterprise Storage Solutions Engineering Dell Product Group June 2012

THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL INACCURACIES. THE CONTENT IS PROVIDED AS IS, WITHOUT EXPRESS OR IMPLIED WARRANTIES OF ANY KIND. 2012 Dell Inc. All rights reserved. Reproduction of this material in any manner whatsoever without the express written permission of Dell Inc. is strictly forbidden. For more information, contact Dell. Dell, the DELL logo, and the DELL badge, and PowerVault are trademarks of Dell Inc. Microsoft, Windows, Windows Server, Windows NT, Vista, and Active Directory are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. Deploying the PowerVault NX3500 in a CIFS Environment ii

Table of Contents 1 Preface... 2 2 Introduction... 3 2.1 System Overview... 3 3 Planning Deployment... 4 3.1 Authentication Considerations... 4 3.1.1 Active Directory Domain... 4 3.1.2 Workgroup... 6 3.2 Configuration Considerations... 7 3.2.1 Quotas... 7 3.2.2 Home Folders... 7 3.2.3 Network Considerations...13 3.2.4 Internationalization support... 14 3.3 Summary... 16 4 Configuring the NX3500 for a CIFS Deployment... 17 4.1 Integrating PowerVault NX3500 to Microsoft Active Directory... 17 4.1.1 Configuring Name Resolution... 17 4.1.2 Configuring NTP... 18 4.1.3 Joining the NX3500 to a Microsoft Windows Domain... 18 4.1.4 Managing Users and Groups... 20 4.2 Integrating PowerVault NX3500 into a Microsoft Workgroup...21 4.2.1 Configuring the Standalone CIFS Settings...21 4.2.2 Managing Users and Groups...21 5 Common CIFS Management Functions... 22 5.1 Creating a NAS Volume for Use with a CIFS share... 22 5.2 Creating a General-access CIFS share... 22 5.3 Managing Permissions... 23 5.3.1 Setting Share Permissions... 23 5.3.2 Setting File Permissions... 24 5.4 Mapping to a CIFS share on a Windows Client... 25 5.4.1 Command Line... 25 5.4.2 Start Run... 25 5.4.3 Windows Explorer... 25 Deploying the PowerVault NX3500 in a CIFS Environment iii

5.4.4 Network Neighborhood... 26 5.5 Default Quotas... 26 5.6 User or Group Quotas,... 26 5.6.1 Adding a Quota... 26 5.6.2 Modifying a Quota... 27 5.6.3 Deleting a Quota... 27 5.6.4 Monitoring Quota usage... 28 5.7 Disconnecting a CIFS File Share... 28 5.7.1 Command Line... 28 5.7.2 Windows Explorer... 28 5.8 Deleting CIFS shares... 29 5.9 Removing a CIFS Server from a Domain... 29 5.10 Stopping the CIFS service... 30 5.11 Creating a One-Time Volume Snapshot... 30 5.12 Creating a Recurring Snapshot Schedule...31 5.13 Restoring Snapshots...31 Deploying the PowerVault NX3500 in a CIFS Environment iv

Acknowledgements This whitepaper was produced by the PG Storage Data Management Engineering of Dell Inc. The team that created this whitepaper: Nicholas Busick and Animesh Pillai We would like to thank the following Dell team members for providing significant support during development and review: Ron Stefani and Raj Hosamani Feedback Please give us feedback on the quality and usefulness of this document by sending an email to StorageSolutionsFeedback@Dell.com. 1

1 Preface The Dell PowerVault NX3500 NAS storage system delivers highly available, scalable enterprise-class file services to clients running Microsoft Windows, Unix, or Linux clients operating systems utilizing the CIFS and NFS protocols. This solution integrates seamlessly with the PowerVault MD32x0i and MD36x0i Series storage arrays, allowing you to consolidate file and block data to a unified storage system. The NX3500 utilizes Dell Fluid File System (FluidFS) technology and features online scaling of capacity, snapshots, asynchronous replication, quotas, and Network Data Management Protocol (NDMP). This technical report describes integration aspects of the NX3500 NAS unified storage system in a Microsoft Windows operating system environment utilizing the Common Internet File System (CIFS) protocol. The following topics will be discussed: An overview of the Dell PowerVault NX3500 NAS unified storage system. Planning guidelines for authentication and user accounts. Configuration and how to setup and deploy CIFS file shares using the PowerVault NX3500. Guidance for most common management functions. The reader is assumed to be knowledgeable about Microsoft Windows server and workstation products and their features. The content of this paper will directly benefit solution architects, application and storage engineers, system administrators and IT managers. 2

2 Introduction 2.1 System Overview The PowerVault NX3500 is an enterprise-class distributed file system solution that provides customers the tools to manage file data in an efficient and simple manner. It removes the scalability limitations associated with traditional NAS systems and supports scale-up capacity expansion within a single namespace for ease of administration. This means that it will integrate seamlessly into a Windows or CIFS share environment and provide an optimal combination of performance and scalability. For customers who need to manage an ever-increasing amount of unstructured (file) data, this easy-touse solution is ideal. The PowerVault NX3500 provides more flexibility than traditional unified storage because it has no architectural limits on file-system size. A single share can be scaled to the full capacity of a PowerVault MD SAN deployment. The NX3500 s scale-up architecture delivers a flexible, load-balanced pool of high performance storage, making it easy to grow capacity based on business needs. With dual activeactive file controllers and a backup power supply, the NX3500 provides excellent data protection and performance with no single point of failure. Figure 1 - NX3500 in a Typical Mixed User Environment 3

3 Planning Deployment Planning the deployment is an important step to ensure that the system works properly and that users have access to necessary files and folders. This section discusses several aspects of the PowerVault NX3500 and how they pertain to deploying the system into a CIFS environment successfully. 3.1 Authentication Considerations Network authentication confirms the user s identification to any network service the user is attempting to access. In this case, it will be the PowerVault NX3500. The NX3500 can operate in workgroup or domain mode. Workgroup authentication utilizes the NX3500 s internal directory of users/groups and does not rely on a domain controller, whereas in domain mode, the system is a member of Windows Active Directory and dedicated servers called domain controllers that provide user and group management and authentication services. In domain authentication, the client negotiates the highest possible security level when establishing a connection with the PowerVault NX3500. There are two primary levels of security: Basic security, based on NT LAN Manager (NTLM) challenge/response. Extended security, based on Kerberos implementation. Windows computers that are not part of an Active Directory domain use only interactive or NTLMbased authentication. By default, Windows operating system clients (Windows 2000/Windows XP and later) that are part of an Active Directory domain will try to use the highest common level of authentication, which is Kerberos, and then various versions of NTLM. 3.1.1 Active Directory Domain A domain is a group of accounts and network resources that share a common directory database and set of security policies, and a domain might have security relationships with other domains called trusts. Domains are the recommended choice for all networks, except very small ones with few users. In a domain, passwords and permissions are less complex to manage, because a domain has a single, centralized database of user accounts, permissions, and other network details. The information in this database is replicated automatically among domain controllers. You can determine which servers are domain controllers and which are simply members of the domain. In an Active Directory environment, the Kerberos Key Distribution Center (KDC) service provides authentication service (AS) and ticket granting service (TGS). The Kerberos service runs on Windows domain controllers, and a Windows client that wants to establish a session with another computer, such as the NX3500 system, contacts the KDC directly to obtain session credentials, which are then presented to the client in the form of a Kerberos ticket. 4

This authentication process has three main phases: 1. The client authenticates with the KDC and receives a Ticket to Get Tickets (TGT) to be used in future request from the KDC. 2. The client issues a request to access the NX3500 to the KDC (using its TGT), and receives a service ticket. 3. The client establishes a session with the NX3500 using the service ticket, the NX3500 can decrypt the information using its long term key. Figure 2 Kerberos Authentication in Domain Environment 5

When Active Directory is using NTLM, the PowerVault NX3500 contacts the domain controller to verify user-supplied credentials, consisting of user name, challenge sent to the client, and the response received from the client. The domain controller will encrypt the user password with the challenge and compare the result to the response sent from the client; if these are identical, the authentication is successful. Figure 3 Main phases of NTLM Authentication in Domain Environment 3.1.2 Workgroup A workgroup is a more basic grouping of computers that is intended only to help users find objects such as shared folders within that group. In a workgroup, there is no central repository or authentication authority, so users might have to remember multiple passwords one for each network resource. Because of these restrictions and lack of scalability, workgroups tend to be used in small or special-purpose environments (typically less than 10 users). When the NX3500 is in workgroup mode, users will use one of two methods to access CIFS shares. They will either use an interactive login, where the user types a username and password stored in the local users repository of the NX3500, or network authentication, which will use NTLM (typically used for computers that are not participating in a domain, such as standalone servers and workgroups). When using NTLM, the user name and password must be the same for all clients and server components in the workgroup. 6

3.2 Configuration Considerations This section contains information that is relevant to configuring the NX3500 in a CIFS fileshare environment. 3.2.1 Quotas Quotas are defined as a set of rules that restrict disk space used by users and groups within a NAS volume. For example, a user quota might specify that a particular user can use up to 300 MB of disk space in a given NAS volume before a warning is issued (soft limit), and up to 325 MB maximum (hard limit). NOTE: Users and groups for which an individual quota is not defined will use the default user/group quota. There are two types of quota limits: Soft User/administrator will be warned. Hard New storage consumption by the user is denied. There are two levels of quota limitation options: User Specific limitation for a user (Ulimit). Group Group limitation for the primary group of all users in a group (Glimit). A hierarchical decision tree determines which limitation affects a user. The order of rules is: 1. Does a user-specific limit exist? If yes, use it. 2. Does a default limit for users exist? If yes, use it. 3. Or, unlimited. 3.2.2 Home Folders Home folders provide a consolidated location for a user s working files and documents. The PowerVault NX3500 system supports dynamically creating shares based on the user s login name, which creates a tightly integrated environment between Active Directory and the PowerVault NX3500. The content of a user s home folder is protected by file system permissions and, by default, it is accessible only to that user and administrators. The following are guidelines for managing and creating home folders in an Active Directory environment, but these steps can be modified to fit different environments. 3.2.2.1 Creating a Volume 1. In the NAS Manager, select User Access NAS Volumes Configuration Add. 2. Provide a NAS Volume name, such as Home. 3. Provide appropriate settings for the allocated space, alerts, and security style and click Save Changes. 7

3.2.2.2 Adding a User-based Directory Tree 1. In the NAS Manager, select User Access Shares CIFS Shares Add. 2. Select Home (or whatever NAS volume name you created in the previous procedure). 3. Select the CIFS share containing a user-based directory tree option button. 4. In Path template, type / to place homeshares at the root of the NX3500 shares. 5. Click Save Changes. 3.2.2.3 Configuring Access to Home Share and Permissions 1. In the NAS Manager, select User Access Shares CIFS Shares Add. 2. Select Home (or whatever NAS volume name you created in the previous procedure)under NAS Volume. 3. Type Home$ as the Share Name. 4. Type / for the directory. 5. The share will now be accessible via \\<NX3500 name>\home$. 3.2.2.4 Setting Permissions for Home Folders 1. In Windows, go to Start Run and type \\<NX3500-name>\Home$. 2. Right click anywhere in the empty screen and select Properties. 3. Click the Security tab. 4. Click Edit. 5. Remove Everyone. 6. Add the following: <NX3500>\Administrators: Full Control System: Full Control Creator Owner: Full Control 7. For Authenticated Users, select the Allow check box for the following: Read & execute List folder contents Read 8

8. Click OK. 9. Click Advanced. 10. Select Authenticated Users and click Change Permissions. 11. Ensure that Include inheritable permissions from this object s parent is NOT checked, and click Edit. 12. For Apply to, ensure that This folder only is selected. 13. Select the Allow checkbox for the following and click OK: Traverse folder / execute file List folder / read data Read attributes Read permission 9

3.2.2.5 Creating an Active Directory Template User 1. Open the Active Directory Users and Computers MMC plugin with an account that has an appropriate level of permission. This plugin is installed on a domain controller, but it may also be installed on other systems in the domain. 2. Select the Users container or the Organizational Unit that contains the users in your domain. 3. Right click and select New User. 4. Enter!template or an appropriate name for the Full name and logon name. 5. Select Next. 6. Enter a Password, enter it again in Confirm Password, and select Password never expires and Account is disabled. 7. Click Next and then Finish. 10

8. Right click!template and click Properties. 9. Click the Profile tab. 10. Select the option button next to Connect, and select the appropriate drive letter. 11. Enter \\<NX3500>\home$\%username% and click Apply. The Home folder is automatically created in the specified share. 12. Set any further settings on the additional tabs such as Member of, and click OK. 3.2.2.6 Creating Active Directory Users 1. In Active Directory Users and Computers (ADUC), right click the!template user account created in the last section and select Copy. 2. Enter the appropriate information for First name, Last name, Full name, and User logon name. 3. Click Next. 4. Enter a password and select the appropriate check boxes. 5. Select Next and then Finish. The user s directory is automatically created with appropriate permissions. 11

6. In Active Directory Users and Computers, right-click on the new user account and select Properties. 7. Select the Profile tab. 8. Change \\<nx3500>\home$\tom to \\<nx3500>\homes. 9. Click Apply and then OK. Note: If this step does not work, browse to \\<nx3500>\homes$ and create a folder that corresponds to the admin account that is being used for this procedure. There should now be two folders that are dynamically created and mapped upon this user s login: \\<nx3500>\homes will map to the user s home directory \\<nx3500>\%username% will also be created dynamically. This can be helpful for creating logon scripts and when using products such as Microsoft Distributed File System (DFS). 10. Ask the user to log in and check that they have the appropriate drive available under Computer. This user will have access to only their dynamically created shares. \\<nx3500>\home$ will not be accessible, and the user will not be able to browse the Folders root or other users Home Folders. 12

3.2.3 Network Considerations The PowerVault NX3500 system uses a combination of information from the network and data link layers to load balance traffic between the NX3500 nodes. In case of node failure, network traffic is automatically redirected to the partner NAS node in the system. Network servers and workstations can access the system in a variety of network topologies. From a performance perspective, the important question is which subnets the network servers and workstations belong to (there may be more than one) in regards to the NX3500 client network subnet. When a client accesses the NX3500 from the same network subnet as the system, it is considered a flat network. In this case, it is sufficient to define one virtual IP address. When there are clients that access the NX3500 from additional subnets, network traffic will be routed to and from the system via a router or gateway on a layer 3 switch. This is considered a routed network, and Dell recommends defining multiple virtual IP addresses in a single subnet and creating multiple A records (point to the virtual IP addresses) for the NX3500 under the same DNS name. This is commonly referred to as Round-robin DNS. routed network routed network Network IP:192.168.0.0/24 Network IP:192.168.1.0/24 flat network Router Network IP:10.0.0.0/8 Dell PowerVault NX3500 Figure 4 Network Topology Diagram Link Aggregation While network traffic is balanced between the NAS nodes, traffic is also balanced between each individual node s client network interfaces to equally balance network traffic. Supported network interface teaming modes are Adaptive Load Balancing (ALB) and Link Aggregation Control Protocol (LACP), which is also known as dynamic IEEE 802.3ad. 13

ALB relies on layer 2 traffic manipulation to dynamically balance network traffic between the network interfaces. LACP requires a supported switch as well as specific switch configurations. LACP also allows fewer virtual IPs in a routed network scenario. The main points to consider are summarized in the following table: Table 1 Network Load Balancing Methods Load Balancing Method Network Switch Configuration ALB Not Required 4 LACP Required 2 Recommended # of Virtual IPs * *The minimum number of virtual IPs that are recommended in a routed network layout. 3.2.4 Internationalization support The PowerVault NX3500 system provides full Unicode support, which allows using various languages concurrently. Directories and file names are maintained and managed internally in Unicode format (UTF-8). Regardless of the encoding type used by the client who creates a file, the PowerVault NX3500 system stores its file name or directory name in Unicode format. When a non-unicode client creates a file on a share, mount or volume, the file is immediately converted to the appropriate Unicode representation by the PowerVault NX3500 system. 3.2.4.1 Unicode Client Support Overview Unicode clients can access Unicode directories and files natively, while other non-unicode clients (such as Windows 98, Windows ME, and Mac OS 9.xclients) can access the file system through the PowerVault NX3500 systems ability to provide code page conversions (based on the code page used by the client) of file names, directories, shares and volumes. Native Unicode Microsoft clients include the following: Microsoft Windows 7/Server 2008 R2 Microsoft Windows Vista/Server 2008 Microsoft Windows XP Microsoft Windows 2000/2003 Microsoft Windows NT 14

3.2.4.2 CIFS Clients CIFS users can configure a code page to be used for all non-unicode Windows and DOS clients. NOTE: The NX3500 web interface provides full Unicode support. To display and use Unicode data using the CLI, a UTF-8 XTERM should be used. Table 2 Unicode Configuration Parameters The following configuration parameters may contain Unicode characters Parameter CIFS Home Shares CIFS Shares Unicode Character Server Description Directory Name Name Directory Description Users Groups 3.2.4.3 Unicode Configuration Limitations The size of the file and the directory names are limited to 255 bytes, which may be less than 255 characters when using Unicode, because each UTF-8 character occupies between 1 and 6 bytes. 15

3.3 Summary The following flowchart summarizes how to navigate the different configuration considerations: Start Large or Small environment? Large Small Microsoft Active Directory Workgroup Create Volume Create CIFS Share Quotas? No Yes Done Create Quotas 16

4 Configuring the NX3500 for a CIFS Deployment NOTE: The PowerVault NX3500 must be completely installed and configured per the Dell PowerVault NX3500 Administrator s Guide to complete this section successfully. 4.1 Integrating PowerVault NX3500 to Microsoft Active Directory The NX3500 is commonly configured in a Windows environment as a domain member using Microsoft Active Directory for authentication of users and for data permissions management. When installing the NX3500 in an Active Directory environment, the following requirements must be met: Microsoft Active Directory Microsoft Active Directory must already be installed and configured. This guide assumes that the administrator is integrating the PowerVault NX3500 into an existing environment. Name Resolution The NX3500 queries Domain Name Service (DNS) servers to locate domain controllers. Typically, in a Windows operating system environment, DNS is provided by Windows servers and is integrated in Active Directory. The administrator should configure at least one DNS server (preferably more for redundancy) for the NX3500 to be able to locate the domain controllers and other services in the domain. 4.1.1 Configuring Name Resolution Because clients access the NAS service via one or more virtual IP addresses (VIPs), Dell recommends creating a host ( A address) DNS record for the NAS virtual IP. 1. In the NAS Manager, navigate to System Management Network DNS Configuration. 2. Enter the IP address of the DNS server and the DNS suffix. 3. Click Save Changes. Figure 5 Configuring DNS on the NX3500 17

4.1.2 Configuring NTP Network Time Protocol (NTP) servers synchronize the time between network servers and clients, and Windows clients synchronize their clocks with the domain controller s clock. Kerberos authentication protocol requires these time settings to differ by less than 5 minutes. Dell recommends that administrators verify the time setting of the NX3500 by configuring the system to use one or more time servers to synchronize its clock. 1. In the NAS Manager navigate to System Management General Time Configuration. 2. Ensure the Time zone is correct and enter the IP address of the NTP server. 3. Click Save Changes. Figure 6 Setting the NTP Server in the NAS Manager 4.1.3 Joining the NX3500 to a Microsoft Windows Domain The NX3500 can become part of an Active Directory domain and provide file services to the domain users and applications. The domain provides NAS service authentication services and directory access, which allows creating various file permission schemes using the Active Directory users and groups database. NOTE: To join the NX3500 to a domain, you need access to a domain account that has rights to add computers to the domain. 1. In the NAS Manager navigate to System Management Authentication System Identity. 2. Enter the desired System Name and click the checkbox next to The system is a member in a Microsoft Windows network. 18

3. Enter the appropriate information for Domain, User name, and Password. The chosen account will need appropriate privileges to join the NX3500 to the domain. 4. Optionally, select the Advanced configuration checkbox, if you need to specify additional information. 5. Click Save Changes and then OK. Figure 7 Joining the PowerVault NX3500 to Microsoft Active Directory 6. After the system has joined the domain, navigate in the NAS Manager to System Management Protocols CIFS Configuration. 7. Select the radio button next to Authenticate users' identity via Active Directory and local users database. 8. Optionally, enter a System description and click Save Changes. 19

Figure 8 Configuring the NX3500 to use Active Directory for CIFS authentication 4.1.4 Managing Users and Groups When the NX3500 is configured to operate in a Microsoft Windows domain, users and groups are managed through the Active Directory Users and Computers MMC plugin, commonly referred to as ADUC. This plugin can be used locally on the domain controller, or on a member workstation or server. When using ADUC to create or modify users or groups, you must have the appropriate privileges granted to the account you are using. Figure 9 Example of an Active Directory Users and Computers (ADUC) MMC plugin 20

4.2 Integrating PowerVault NX3500 into a Microsoft Workgroup The PowerVault NX3500 system also supports being configured in a Microsoft Workgroup. 4.2.1 Configuring the Standalone CIFS Settings By default, when the NX3500 is set up and configured, it operates in Microsoft Workgroup mode. Shares can be accessed by using the configured virtual IP address, i.e: \\<virtual ip address>\<sharename>. 4.2.2 Managing Users and Groups When the NX3500 is configured to operate in a Microsoft Workgroup, user and group management is done locally through the NAS Manager. For NTLM authentication, users must be managed on the local workstation as well. 1. In the NAS Manager navigate to System Management Authentication Local Users or Local Groups. 2. Create users and accounts that allow users to authenticate and set file permissions on the NX3500. Figure 10 NX3500 Local Users Management Figure 11 NX3500 Local Groups Management 21

5 Common CIFS Management Functions This section will describe common CIFS management functions. Many of the management functions are completed using the NAS Manager, which is accessed via a web browser using the Management IP address specified during the setup process. 5.1 Creating a NAS Volume for Use with a CIFS share 1. In the NAS Manager navigate to User Access NAS Volumes Configuration Add. 2. Enter an appropriate NAS Volume name, 3. Enter the NAS volume allocated space. 4. Select the File access security style of NTFS. Figure 12 Adding a NAS Volume 5.2 Creating a General-access CIFS share 1. In the NAS Manager, navigate to User Access CIFS Shares Add. 2. Select the NAS Volume you want to add a CIFS share to 3. Type the Share Name you want to use. 4. Type the name of a folder or Select the ellipsis button ( ) next to Directory, or select the checkbox for Create the shared folder if it does not exist. 5. Click Save Changes. 22

Figure 13 Adding a CIFS share 5.3 Managing Permissions Two sets of permissions need to be managed when using CIFS shares share-level permissions and file-level permissions. These permissions are independent in the sense that neither changes the other. The final access permissions on a shared folder are determined by taking into consideration both the share permission and the file permission entries, and then applying the more restrictive permissions. 5.3.1 Setting Share Permissions Dell recommends setting share permissions to Authenticated Users Full Control and managing permissions at the file level, as the rule sets are much more robust and granular. 1. In Microsoft Windows, go to Start Run and type MMC. 2. Click File Add/Remove Snap-in. 3. Find Shared Folders, select and click Add. 4. Select the option box next to Another Computer and enter the virtual IP address (VIP) or admin hostname or IP address of the NX3500. 5. Select Shares. 6. Right-click the name of the share that you wish to manage and click Properties. 7. Click the Share Permissions tab. 23

8. Highlight Everyone and click Remove. 9. Click Add and type Authenticated Users in the object name box and select OK. 10. Select the checkbox next to Full Control under the Allow column. 11. Click Apply and then OK. 5.3.2 Setting File Permissions File permissions control the access a user, group, or application has to files. The following instructions assume that the Microsoft Windows Vista operating system or newer is being used. 1. Browse to the the folder or file that requires permission changes. 2. Right click on the file or folder, and click Properties. 3. Click on the Security tab. 4. Click Edit, and then click Add or Remove to add or remove users and groups as necessary. 5. Use the check boxes to set the appropriate permissions for each user or group. 24

6. Click Apply and then OK. 7. To set special and advanced permissions, click the Advanced button. 5.4 Mapping to a CIFS share on a Windows Client Microsoft Windows offers several methods to connect to CIFS shares. 5.4.1 Command Line Open a command prompt and run the following command: C:\>net use <drive letter>: \\<netbios dname>\<share name> 5.4.2 Start Run 1. From the Start menu, select Run. 2. In the Run window enter the path to the PowerVault NX3500 share to which you want to connect: \\<netbios name >\<share name> 3. Click OK. The Explorer window is displayed. 5.4.3 Windows Explorer 1. Open Windows Explorer and select Tools Map Network Drive. Newer versions of Windows may have the menu bar hidden by default. If this is the case, press <Ctrl><t> with the Explorer window active. The Map Network Drive dialog box is displayed. 2. From the Drive drop-down list, select any available drive. 3. Type the path in the Folder field or browse to the shared folder. 25

4. Click Finish. 5.4.4 Network Neighborhood 1. On the Windows Desktop, click on Network neighborhood, and locate the PowerVault NX3500. 2. Double-click on the PowerVault NX3500. 3. From the CIFS shares list, select the share to which you want to connect. 5.5 Default Quotas In the NAS Manager, navigate to User Access Quota Default. The Default Quota page is displayed with a dropdown dialog for each volume. 5.6 User or Group Quotas, User/Group-specific quotas override default quotas. All quota rules are applied only to the specific NAS volume selected. The following describe the most common operations relating to user/group quotas. 5.6.1 Adding a Quota 1. In the NAS Manager, navigate to User Access Quota User/Group. 2. Click Add in the Actions bar to add a user or group quota. 3. Select the volume and quota type and fill in the relevant entries where required. 4. Click Save Changes, or click Revert to restore the default parameters. 26

5.6.2 Modifying a Quota 1. In the NAS Manager, navigate to User Access Quota User/Group. 2. Click the specific Group/User in the User/Group Quota page. 3. Modify the quota rules as desired and click Save Changes. 5.6.3 Deleting a Quota 1. In the NAS Manager, navigate to User Access Quota User/Group. 2. Select the check box next to the specific quota rule. 3. Click Delete in the Actions bar. The selected quota rule is deleted from the list. 27

5.6.4 Monitoring Quota usage In the NAS Manager, navigate to Monitor Capacity Quota Usage. 5.7 Disconnecting a CIFS File Share To disconnect a share from Windows, use one of the following methods: 5.7.1 Command Line Open a command prompt and run the following command: C:\>net use /delete <drive letter>: 5.7.2 Windows Explorer 1. Open Windows Explorer and browse to My Computer or Computer. 2. Right click on the drive letter corresponding to the share you want to disconnect 3. Click Disconnect. The drive should disappear. 28

5.8 Deleting CIFS shares 1. Using the NAS Manager, navigate to User Access CIFS Shares. 2. Select the checkbox next to the CIFS share that you want to delete. 3. Click Delete at the top right of the page. 4. Click OK when asked if you are sure you want to delete the selected CIFS Shares. The CIFS share will be deleted. 5.9 Removing a CIFS Server from a Domain 1. In the NAS Manager, navigate to System Management Authentication System Identity. 2. Deselect the checkbox next to The system is a member in a Microsoft Windows network. 3. Click Save Changes. 29

4. Navigate to System Management Protocols CIFS Configuration. 5. Select the radio button next to Authenticate users identity via local users database. 6. Click Save Changes. The NX3500 should now be operating in Workgroup mode 5.10 Stopping the CIFS service 1. In the NAS Manager, navigate to System Management Protocols CIFS Configuration. 2. Uncheck the box next to Allow clients to access files via the CIFS protocol. 3. Click Save Changes. 4. Click OK when asked if you are sure you want to disable CIFS. The CIFS service will now be disabled 5.11 Creating a One-Time Volume Snapshot 1. In the NAS Manager, navigate to Data Protection Snapshots List and click Create. 2. Select the NAS Volume that you want to create a snapshot on from the drop-down list 3. Enter a Snapshot name. 4. Click Create. 30

5.12 Creating a Recurring Snapshot Schedule 1. Using the NAS Manager, navigate to Data Protection Snapshots Policies. 2. Select the NAS volume that you want to create a snapshot policy on from the drop-down list 3. Define the Periodic, Hourly, Daily, and Weekly snapshots that you want. 4. Click Save Changes. 5.13 Restoring Snapshots Data from Snapshots can be restored using Previous Versions tab in Microsoft Windows. 31

32

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback