Posts Tagged ‘SMB’

Top 20 EMC Isilon support documents in June 2014

Kirsten Gantenbein

Kirsten Gantenbein

Principal Content Strategist at EMC Isilon Storage Division
Kirsten Gantenbein
Kirsten Gantenbein

One of the goals of this blog is to share the most useful EMC® Isilon® support-related content that we have to offer. In this post, we’re highlighting 20 of the most viewed knowledgebase (KB) articles and product documents from the month of June.

We hope these documents will help you to quickly find an answer to a common question or resolve an issue.

Top 10 KB articles

To access these KB articles, log in to the EMC Online Support site. Articles in bold are new to the top 10 list.

  1. OneFS 7.1.0.3 SMB and Authentication Rollup Patch (174372)
  2. OneFS 7.0.2.9: SMB and Authentication Rollup Patch (172623)
  3. Best practices for NFS client settings (90041)
  4. How to create SPN account to allow Kerberos authentication using SmartConnect DNS entries (16528)
  5. How to reset a node to factory defaults (16696)
  6. Troubleshooting performance issues (88844)
  7. Visio Stencils of Isilon Cluster Storage Systems (90170)
  8. How to configure Windows DNS for a SmartConnect zone (183530)
  9. How to reimage a node using a USB flash drive (16582)
  10. Active Directory clients cannot connect to the cluster after the machine account password is changed (169843)

 

Top 10 product documents

To access these PDF documents, log in to the EMC Online Support site. Documents in bold are new to the top 10 list.

  1. Current Isilon Software Releases
  2. Isilon Supportability and Compatibility Guide
  3. OneFS 7.1 CLI Administration Guide
  4. OneFS 7.1.0 MR Release Notes
  5. OneFS 7.1 Web Administration Guide
  6. Current Isilon OneFS patches
  7. OneFS 7.0.2 Administration Guide
  8. OneFS 7.1 Release Notes
  9. OneFS 7.0.1 Administration Guide
  10. OneFS 7.0.2 Command Reference

 

If you have questions or feedback about this blog, send an email to isi.knowledge@emc.com. To provide documentation feedback or request new content, send an email to isicontent@emc.com.

[display_rating_result]

Creating SMB shares with expansion variables in EMC Isilon OneFS

Kirsten Gantenbein

Kirsten Gantenbein

Principal Content Strategist at EMC Isilon Storage Division
Kirsten Gantenbein
Kirsten Gantenbein

To make it easy for users in your organization to connect to a home directory through a Windows client, you can create an SMB share in EMC® Isilon® OneFS®. The share specifies configurable permissions, performance, and security settings for each individual user. Managing SMB shares in OneFS 6.5 through 7.1 can be done manually for each user, or dynamically for a large number of users. To create an SMB share or home directory, you can take advantage of these approaches:

  • Create unique SMB shares for user home directories
    • Dynamically create a unique share for each user home directory
    • Manually create a unique share for each user home directory
  • Create a common SMB share for user home directories
    • Dynamically create user home directories in a common share
    • Manually create user home directories in a common share

Each one of these approaches is highlighted in the new white paper, “Managing SMB shares and user home directories in OneFS 6.5 and later.”

How to dynamically create an SMB share using expansion variables

One of the approaches, as described in “Managing SMB shares and user home directories in OneFS 6.5 and later,” is to dynamically create SMB shares and home directories for new users. Instead of creating per-user SMB shares, you can create a single share that includes expansion variables, such as %U for the user name. For example, when a new user logs in through Active Directory, OneFS automatically creates a unique SMB share and directory for that user.

To dynamically create unique SMB shares using name expansion variables, follow these steps:

In OneFS 7.0 and OneFS 7.1

To take full advantage of expansion variables in SMB shares, you should be running OneFS 7.0.2.9 and later, or OneFS 7.1.0.2 and later.

  1. Log in to the OneFS web administration interface.
  2. Click Protocols > Windows Sharing (SMB) > SMB Shares > Add a Share.
  3. Type a share name (for example, Home) and optional description (for example, User Home Directories).
  4. In the Directory to Be Shared box, type /ifs/home/%U. If you store home directories in another location, specify that location instead.
  5. Click Apply Windows Default ACLs.
  6. Select the Allow Variable Expansion check box.
  7. Select the Auto-Create Directories check box.
  8. Click Create.

Dynamically create SMB share and home directories using expansion variables.

In OneFS 6.5

  1. Log in to the OneFS web administration interface.
  2. Click File Sharing > SMB > Add Share.
  3. Type a share name (for example, Home) and description (for example, User Home Directories).
  4. In the Directory to share box, type /ifs/home/%U. If you store home directories in another location, specify that location instead.
  5. Click Apply Windows default ACLs.
  6. Select the Allow Username Expansion check box.
  7. Selectthe Automatically Create User Directory check box.
  8. Click Submit.

More information about SMB and home directories in OneFS

For more information about expansion variables, see the “Create an SMB share” and “Home directory creation in a mixed environment” sections in the OneFS web administration guides. The administration guide also provides configuration information for accessing home directories through FTP or SSH.

[display_rating_result]

Top 20 EMC Isilon support documents in April 2014

Kirsten Gantenbein

Kirsten Gantenbein

Principal Content Strategist at EMC Isilon Storage Division
Kirsten Gantenbein
Kirsten Gantenbein

One of the goals of this blog is to share the most useful EMC® Isilon® support-related content that we have to offer. In this post, we’re highlighting 20 of the most viewed knowledgebase (KB) articles and product documents from the month of April.

We hope these documents will help you to quickly find an answer to a common question or resolve an issue.

Top 10 KB articles

To access these KB articles, log in to the EMC Online Support site. Articles in bold are new to the top 10 list this month.

  1. OpenSSL Heartbeat Vulnerability (Heartbleed) in EMC products (185965)
  2. How to upgrade firmware on Intel (QLogic) 12300 and 12800 InfiniBand switches (170524)
  3. OneFS 7.1 SMB and Authentication Rollup Patch (174372)
  4. OneFS 7.0.2 SMB Rollup Patch (172623)
  5. Impact of OpenSSL “heartbleed” vulnerability in InsightIQ virtual machines (186055)
  6. Impact of CVE-2014-0160 OpenSSL “heartbleed” vulnerability on Isilon clusters (185961)
  7. Best practices for NFS client settings (90041)
  8. Patches available for EMC Isilon OneFS (88358)
  9. Troubleshooting performance issues (88844)
  10. How to create SPN accounts to allow Kerberos authentication using SmartConnect DNS entries (16528)

 

Top 10 product documents

To access these PDF documents, log in to the EMC Online Support site. Documents in bold are new to the top 10 list this month.

  1. OneFS 7.1 CLI Administration Guide
  2. Current Isilon Software Releases
  3. Isilon Supportability and Compatibility Guide
  4. OneFS 7.1 Web Administration Guide
  5. OneFS 7.1.0 MR Release Notes
  6. OneFS 7.0.1 Administration Guide
  7. OneFS 7.0.2 Administration Guide
  8. Current Patches for Isilon OneFS 7.0
  9. OneFS 7.0.2 Command Reference
  10. Current Patches for Isilon OneFS 7.1

 

If you have questions or feedback about this blog, send an email to isi.knowledge@emc.com. To provide documentation feedback or request new content, send an email to isicontent@emc.com.

[display_rating_result]

The top 20 EMC Isilon support documents in March 2014

Kirsten Gantenbein

Kirsten Gantenbein

Principal Content Strategist at EMC Isilon Storage Division
Kirsten Gantenbein
Kirsten Gantenbein

One of the goals of this blog is to share the most useful EMC Isilon support-related content that we have to offer. In this post, we’re highlighting 20 of the most viewed knowledgebase (KB) articles and product documents from the month of March.

We hope these documents will help you to quickly find an answer to a common question or resolve an issue.

Top 10 KB articles

To access these KB articles, log in to the EMC Online Support site. Articles in bold are new to the top 10 list this month.

  1. How to upgrade firmware on Intel (QLogic) 12300 and 12800 InfiniBand switches (170524)
  2. How to download OneFS 7.1.0.1 (172492)
  3. OneFS 7.0.2 SMB Rollup Patch (172623)
  4. OneFS 7.1 SMB and Authentication Rollup Patch (174372)
  5. Best practices for NFS client settings (90041)
  6. Patches available for EMC Isilon OneFS (88358)
  7. OneFS sysctl commands (89334)
  8. How to reset a node to factory defaults (16696)
  9. How to create SPN accounts to allow Kerberos authentication using SmartConnect DNS entries (16528)
  10. Troubleshooting performance issues (88844)

 

Top 10 product documents

To access these PDF documents, log in to the EMC Online Support site. Documents in bold are new to the top 10 list this month.

  1. OneFS 7.1 CLI Administration Guide
  2. Isilon Supportability and Compatibility Guide
  3. Current Isilon Software Releases
  4. OneFS 7.0.2 Administration Guide
  5. OneFS 7.1 Web Administration Guide
  6. Current Patches for Isilon OneFS 7.0
  7. OneFS 7.1.0 MR Release Notes
  8. OneFS 7.0.1 Administration Guide
  9. OneFS 7.0.2 Command Reference
  10. OneFS 7.0.2.5 Release Notes

 

If you have questions or feedback about this blog, send an email to isi.knowledge@emc.com. To provide documentation feedback or request new content, send an email to isicontent@emc.com.

Pick your protocol: Multiprotocol file access in EMC Isilon OneFS

Kirsten Gantenbein

Kirsten Gantenbein

Principal Content Strategist at EMC Isilon Storage Division
Kirsten Gantenbein
Kirsten Gantenbein

You’re rushing to meet a project deadline, and you need to update some related files that are stored on an EMC® Isilon® cluster. You’re working on a Linux computer, and you’re connected to the cluster over a Network File System (NFS) protocol. You need to access files in a directory that your coworker, who uses a Windows computer, created when they were connected to the same cluster over a Server Message Block (SMB) protocol. Thanks to the Isilon OneFS® operating system, you can seamlessly access your coworker’s files even though you are doing so through a very different protocol.

Multiple protocol support is a necessity in today’s IT organizations, which comprise a mix of Windows and UNIX/Linux operating environments. OneFS is designed to provide users with unified access to data on an Isilon cluster using a mix of common protocols, such as SMB, NFS, HTTP, and Hadoop Distributed File System (HDFS). For a full list of supported protocols, see the OneFS administration guides or “EMC Isilon Multiprotocol Data Access with a Unified Security Model”.

So how does OneFS support a multiprotocol environment? What are the steps a system administrator needs to take to set up multiprotocol access in OneFS?

We have two videos that cover the basics and provide recommendations for setting up multiprotocol access in OneFS. The first video, “File Access Basics in an Isilon OneFS Multi-Protocol Environments,” provides a whiteboard overview of this topic. The second video, “Technical Demo: Multi-Protocol File Access Using EMC Isilon OneFS,” provide a demonstration of common multiprotocol commands and tasks.

File access basics and AIMA in OneFS

Supporting a mix of protocols requires supporting a mix of user identities and file permissions. This requirement can leave system administrators with several considerations when configuring OneFS.

Before discussing how OneFS handles multiprotocol file access, let’s first review how two operating environments, Windows and UNIX/Linux, authorize access to files. In a Windows environment, users are identified based on unique security identifiers (SIDs). Files or directories are secured through an Access Control List (ACL). In an UNIX environment, users and groups are identified through user identifiers (UIDs) and group identifiers (GIDs), respectively. Files are secured using POSIX mode bits.

OneFS uses Authentication, Identity Management, and Authorization (AIMA) to assign the right permissions and identifiers to users (and groups) no matter which protocols they use to connect to the cluster. To securely support NFS and SMB clients, OneFS does three things:

  • Connects to directory services, such as Microsoft Active Directory (AD) and Lightweight Directory Access Protocol (LDAP), which provides a security database of user and group accounts along with their information
  • Authenticates users and groups
  • Controls access to directories and files

When a user connects to an Isilon cluster, OneFS scans Active Directory and LDAP for the user’s identifiers. Once the user is authenticated, OneFS creates an access token for the user. OneFS then maps the user’s account (known as “user mapping” in OneFS) in one directory service to another. This single access token is the key to authorizing the user so they can access files that are stored and created on the cluster using different protocols.

For example, if a user, Mike, accesses a file share through SMB, OneFS will scan Active Directory and find an SID for him. If OneFS does not find any UIDs or GIDs associated with Mike via LDAP, OneFS will generate a UID and GID for him and save them to Mike’s access token, so he can access files created by NFS users.

The same type of mapping occurs for file permissions. If a file was created through SMB, it will be assigned an ACL to control who can access the file. OneFS will create equivalent POSIX mode bits for this file. File permissions can be saved to the Isilon cluster on disk in one of three modes: native, UNIX, or SID. For more information about each mode, and about AIMA and user mapping, read the “Identities, Access Tokens, and the Isilon OneFS User Mapping Service” white paper.

This is a brief summary of how multiprotocol file access works in OneFS. Watch the following video, “File Access Basics in an Isilon OneFS Multi-Protocol Environments,” for more information and recommendations for configuring multiprotocol access in OneFS. In this video, Principal Solutions Architect Amol Choukekar answers the following frequently asked questions:

  • What are multiprotocol basics?
  • How do Window and UNIX clients differ when they access files on OneFS?
  • How does OneFS handle user and group identities?
  • How does OneFS store file permissions in a multiprotocol environment?
  • How do clients access files that were created using a different protocol?
  • How does OneFS manage file permissions?
  • What if user names are not similar across authentication providers?

How to configure multiprotocol support in OneFS

You can manage user identity mapping and file permissions using the OneFS command-line interface and OneFS web administration interface. Watch the following video, “Technical Demo: Multi-Protocol File Access Using EMC Isilon OneFS” for demonstrations of the following tasks:

  • Review configured authentication providers
  • Review an access token for a user
  • Review existing identity mappings stored on the cluster
  • Delete existing identity mappings
  • Review ACL policies on the cluster
  • Create a user mapping rule for joining different user names

This video also offers the following demonstrations:

  • File access between Windows and UNIX
  • Creation of a synthetic ACL, which dynamically maps UNIX permissions to Windows rights
  • File permissions management

 

For more information about implementing multiprotocol in OneFS, contact your account representative. If you have feedback about this blog or these videos, send an email to isi-knowledge@emc.com. If you have a request for new documentation, send an email to isicontent@emc.com.

Top 20 EMC Isilon support documents in February 2014

Kirsten Gantenbein

Kirsten Gantenbein

Principal Content Strategist at EMC Isilon Storage Division
Kirsten Gantenbein
Kirsten Gantenbein

One of the goals of this blog is to share the most useful EMC Isilon support-related content that we have to offer. In this post, we’re highlighting 20 of the most viewed knowledgebase (KB) articles and product documents from the month of February.

We hope these documents will help you to quickly find an answer to a common question or resolve an issue.

Top 10 KB articles

To access these KB articles, log in to the EMC Online Support site. Articles in bold are new to the top 10 list this month.

  1. How to download OneFS 7.1.0.1 (172492)
  2. Best practices for NFS client settings (90041)
  3. OneFS 7.0.2 SMB Rollup Patch (172623)
  4. How to create a bootable image of OneFS on a USB flash drive (16691)
  5. How to reset a node to factory defaults (16696)
  6. Patches available for Isilon OneFS (88358)
  7. How to connect to the management port of a node (16744)
  8. OneFS 6.5.5 SMB Rollup Patch (172742)
  9. How to reimage a node using a USB flash drive (16582)
  10. Troubleshooting performance issues (88844)

 

Top 10 product documents

To access these PDF documents, log in to the EMC Online Support site. Documents in bold are new to the top 10 list this month.

  1. OneFS 7.1 CLI Administration Guide
  2. Isilon Supportability and Compatibility Guide
  3. Current Isilon Software Releases
  4. OneFS 7.1.0 MR Release Notes
  5. OneFS 7.0.2.5 Release Notes
  6. OneFS 7.0.2 Administration Guide
  7. OneFS 7.1 Web Administration Guide
  8. Current Patches for Isilon OneFS 7.0
  9. OneFS 7.0.1 Administration Guide
  10. OneFS 7.0.2 Command Reference

 

If you have questions or feedback about this blog, send an email to isi.knowledge@emc.com. To provide documentation feedback or request new content, send an email to isicontent@emc.com.