Configuring CIFS

Upon completion of this module, you should be able to:

• Configure the Data Mover for a Windows environment
• Create and Join a CIFS Server to a Windows Domain
• Export a file system as a CIFS Share
• Describe UserMapper Basics

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 1

 Module 12: Configuring CIFS

Lesson 1: Overview of Configuring VNX for CIFS

During this lesson the following topics are covered:
• Preparing for CIFS
• Creating a CIFS server
• Creating a CIFS share

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 2

Preparing for CIFS
• Configure IP networking
 Interface addressing
 Routing Virtual Data Mover
• Configure Network Services
 DNS – Dynamic DNS DataFS cge-1-0
192.168.65.12
recommended
/Sales
 NTP
• Configure Virtual Data Mover
 Best practice for CIFS
• Configure a file system
 Provides file storage space

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 3

Configuring CIFS: CIFS Server
Click icon to add picture
• Start the CIFS service CIFS
 Runs on physical Data Mover
Virtual Data Mover
• Create a CIFS server on VDM
 Uses an available interface for CIFS
cge-1-0
network communications Server
DataFS 192.168.65.12

 CIFS server binds to interface VNX_CIFS01

name /Sales

• Join CIFS server to the

Windows Domain
 CIFS server created in domain
OU EMC Celerra
OU
EMC Celerra
VNX_CIFS01

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 4

Configuring CIFS: Storage
Click icon to add picture
• Create CIFS share CIFS
 From prepared file system
Virtual Data Mover
 CIFS server makes share
available on network to clients CIFS
• CIFS is now configured on VNX
cge-1-0
Server
DataFS 192.168.65.12
VNX_CIFS01
 CIFS server is available to
/Sales
Microsoft network /DataFS/Sales shared as
Sales_data
 File storage available to CIFS Sales_data

clients though the CIFS share

OU
EMC Celerra
VNX_CIFS01

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 5

 Configuring CIFS

Lesson 1: Summary
During this lesson the following topics were covered:
• Preparing for CIFS
• Creating a CIFS server
• Creating a CIFS share

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 6

 Configuring CIFS

Lesson 2: Create and Join a CIFS Server to a Windows Domain

During this lesson the following topics are covered:
• Starting CIFS
• Creating a CIFS Server
• Joining a CIFS Server to the domain
• Verifying CIFS server status

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 7

CIFS Management in Unisphere

Storage > Shared Folders > CIFS

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 8

Starting CIFS

Storage > Shared Folders > CIFS

Tasks tree > Configure CIFS link

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 9

Create a CIFS Server

Storage > Shared Folders >

CIFS > CIFS Servers tab >
Create

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 10

CIFS Server Status
• CIFS Server Properties:
 Displays status with the
domain

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 11

CIFS Servers in the Windows Environment
• CIFS server in
Active Directory

• CIFS server in
Dynamic DNS

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 12

 Configuring CIFS

Lesson 2: Summary
During this lesson the following topics were covered:
• Starting CIFS
• Creating a CIFS Server
• Joining a CIFS Server to the domain
• Verifying CIFS server status

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 13

 Configuring CIFS

Lesson 3: File System Access via CIFS

During this lesson the following topics are covered:
• Exporting a file system as a CIFS share
• Creating a top-level file system share
• Creating shares using Windows tools

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 14

CIFS Shares
• Exporting a file system pathname as a CIFS share
• Provide a “share” name

CIFS
File System Server
/DataFS/shared as hidden share
/DataFS/shared as hidden share
DataFS Top$
lost+found
.etc
Engineering /DataFS/Engineering
Designs
shared as

Structural Designs

Sales /DataFS/Sales shared as Sales

West Sales

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 15

Exporting a File System as a CIFS Share:
Unisphere
Storage > Shared Folders > CIFS > Shares tab Create

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 16

Exporting a File System as a CIFS Share:
Windows
• Initial top-level share created with Unisphere must be in place!
Computer Management > select CIFS Server

System Tools > Shared Folders > Share > New Share

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 17

Unisphere Display of CIFS Shares
• VNX shares created with Microsoft tools displayed in Unisphere

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 18

 Configuring CIFS

Lesson 3: Summary
During this lesson the following topics were covered:
• Exporting a file system as a CIFS share
• Creating a top-level file system share
• Creating shares using Windows tools

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 19

 Configuring CIFS

Lesson 4: CIFS Operational Considerations

During this lesson the following topics are covered:
• Stopping/restarting the CIFS service
• Modifying CIFS server interfaces
• Moving a VDM with a CIFS server
• CIFS restrictions with VDM

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 20

CIFS Servers Interface Considerations
• Interface “stealing” is:
 Possible between CIFS Servers on the same Physical Data Mover
 Possible between CIFS Servers on the same Virtual Data Mover
 Not possible between CIFS Servers on different Data Movers
(Physical or Virtual)
• Interfaces are not changed for Default CIFS Servers
 Default CIFS Servers automatically use interfaces that are not
currently used by any other CIFS Servers
• When a CIFS Server interface is disabled
 CIFS shares that are connected through this interface will no longer
be accessible
 Shares need to be reconnected through new interface

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 21

 Stealing CIFS Server Interface

• Assigning an already used Interface to a CIFS server:

New CIFS Server

VNX_CIFS02 being
configured

Interface already in use

by VNX_CIFS01

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 22

Start/Stop the CIFS Service
• Stop and Restart CIFS service after Changes
 WINS settings for legacy NT4 domains
 Other CIFS related changes
 See Configuring and Managing CIFS on VNX
• Stopping CIFS service stops all CIFS servers
 On physical Data Mover and its VDMs

CIFS

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 23

 Moving a VDM with a CIFS Server

• Target physical Data Mover • Name resolution:

must have interface with same  Different IP addresses
name  Dynamic DNS updates
 CIFS server binds to interface  Client DNS cache flush
name  Same IP address
 Down inactive interface

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 24

CIFS Restrictions with VDMs
• VDM containing a CIFS server cannot
be loaded onto physical Data Mover
with a “default CIFS server
 Default CIFS servers use all available
interfaces Virtual Data Mover
• VDM CIFS server cannot provide
antivirus functionality CIFS
Server
 Antivirus functionality is provided by
“global” CIFS server from physical Data
Mover
• Refer to Configuring Virtual Data
Movers on VNX document for other
restrictions

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 25

 Configuring CIFS

Lesson 4: Summary
During this lesson the following topics were covered:
• Stopping/restarting the CIFS service
• Modifying CIFS server interfaces
• Moving a VDM with a CIFS server
• CIFS restrictions with VDM

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 26

 Configuring CIFS

Lesson 5: Usermapper
During this lesson the following topics are covered:
• Explain Usermapper basic operations
• Explain Usermapper configuration

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 27

User Mapping with VNX
• Method for uniquely identifying users and groups accessing the
VNX with file access protocols (CIFS and NFS)
 Windows SIDs
 UNIX/Linux UIDs and GIDs
• VNX requires UIDs and GIDs
 UxFS based file system file and directory permissions
 Mapping required for CIFS only & mixed CIFS/NFS environments

User/Group SIDs UID/GID

Mapping method
UID/GID
UID/GID

VNX FS
Windows UID/GID
UNIX/Linux
CIFS NFS

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 28

User Mapping Methods
• Variety of methods available
 Supporting various user environments
 Internal and external to VNX

Mapping User
Location Enabled By
Method Environment
VNX Data
Usermapper CIFS only default
Mover
nsswitch.conf
Microsoft IdMU CIFS and NFS Windows AD
(LDAP)
nsswitch.conf
Microsoft SFU CIFS and NFS Windows AD
(LDAP)
OpenLDAP/ UNIX/Linux nsswitch.conf
Mapping method CIFS and NFS
iPlanet LDAP server (LDAP)
VNX UNIX User CIFS ADMap
CIFS and NFS Windows AD
Management parameter
Data Mover
NIS CIFS and NFS NIS server
network settings
VNX Data Data Mover
Local Files CIFS and NFS
Mover passwd/group files
VNX Data
ntxmap CIFS and NFS ntxmap.conf
Mover

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 29

User Mapping and Secure Mapping
• Secmap records (caches) SID to UID/GID mappings provided by
user mapping methods
 Does not generate mappings
 Used for resolving subsequent user mapping
Is persistent mapping
 Present on all physical and virtual Data Movers
 Mapping entries displayed with CLI only

Mapping method

Data Mover Data Mover

Secmap Secmap

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 30

User Mapping Search Order
Yes
Yes User is
Start ntxmap secmap
authenticated
No
3 No
Yes
2 Local user
& group files The access to CIFS
#
# /.etc/nsswitch.conf
/.etc/nsswitch.conf :: share is allowed
# No
#
passwd:
passwd: files
files ldap
ldap nis
nis Yes
group:
group: files
files ldap
ldap nis
nis NIS
End
hosts:
hosts: dns
dns nisnis files
files
netgroup: files No
netgroup: files nis
nis
Yes
LDAP

No
1 Default mapping search order 1
Active
Directory
Yes

No
2 nsswitch.conf Usermapper
Yes

No
3 ntxmap Usermapper
generates UID or
GID and ads it to its
database

Yes
Was the user
added?

No An error is
generated

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 31

Usermapper Overview
• A user mapping method which runs on a VNX for File
 Mapping method used for CIFS-only user environments
 Automatically generates UIDs/GIDs for Windows user/group SIDs
Database maintains mappings
UID and GID values start at 32768 and increase
 Custom ranges can be configured in usrmap.cfg file (not recommended)

Data Mover Data Mover

Usermapper
Service

Secmap Secmap

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 32

Usermapper Roles
• Primary Usermapper
 One per VNX environment Data Mover 2 Data Mover 3
 Generates user mappings Primary
Usermapper
 By default runs on Data Mover 2 Secmap Secmap

• Secondary Usermapper
 One per each additional VNX Data Mover 2 Data Mover 3
 Queries Primary Usermapper for Secondary
Usermapper
mapping Secmap Secmap
• Usermapper client
 All other VNX Data Movers
Data Mover 2 Data Mover 3
 Query Primary/Secondary for user
Primary/ Usermapper
mappings Secondary Client
Secmap Secmap

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 33

Primary Usermapper Operations
• Multiple VNXs: one Primary, two
Secondary Usermappers
1. User1 accesses DM2 on VNX1 VNX3
Data Mover 2
2. Primary Usermapper generates & Sec. Usermapper
records UID for user1 SID
Secmap
3. Secmap records mapping VNX2
Data Mover 2
Sec. Usermapper

Secmap
VNX1
Data Mover 2
Primary Usermapper
1 User1 SID
User1 SID: UID 32768 2

Secmap
User1 SID: UID 32768 3

User1

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 34

 Secondary Usermapper Operations
• Multiple VNXs: one Primary, two Secondary Usermappers
1. User2 accesses DM2 on VNX2
VNX3
2. Secondary queries Primary for mapping Data Mover 2
3. Primary generates & records UID for user2 SID Sec. Usermapper

4. Secmap on VNX1 DM2 records mapping

5. Primary replies with mapping Secmap

6. Secondary records User2 mapping

7. Secmap on VNX2 DM2 records mapping

VNX2 VNX1
Data Mover 2 Data Mover 2
2
Sec. Usermapper
6 User2
Mapping Query Primary Usermapper
1 SID: UID 32769 User1 SID: UID 32768
User2 SID: UID 32769 3
User2 SID
Mapping reply 5
Secmap Secmap
7 User2 SID: UID 32769 User1 SID: UID 32768
User2 SID: UID 32769 4

User2

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 35

 Secondary Usermapper Operations
(Continued)
• Multiple VNXs: one Primary, two Secondary Usermappers
1. User3 accesses DM2 on VNX3
2. Secondary queries Primary for mapping VNX2
Data Mover 2
3. Primary generates & records UID for user3 SID Sec. Usermapper
User2 SID: UID 32769
4. Secmap on VNX1 DM2 records mapping
5. Primary replies with mapping Secmap
User2 SID: UID 32769

6. Secondary records User3 mapping

7. Secmap on VNX2 DM2 records mapping

VNX3 VNX1
Data Mover 2 Data Mover 2
Sec. Usermapper 2
6 User3
Mapping Query Primary Usermapper
1 SID: UID 32770 User1 SID: UID 32768
5 User2 SID: UID 32769
User3 SID
Mapping reply User3 SID: UID 32770 3
Secmap Secmap
7 User3 SID: UID 32770 User1 SID: UID 32768
User2 SID: UID 32769
User3 SID: UID 32770 4
User3

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 36

Usermapper Client Operations
• Multiple VNXs: one Primary, two Secondary Usermappers
1. User4 accesses DM3 on VNX1
2. Client broadcasts to Usermapper service for mapping VNX3
Data Mover 2
3. DM2 Primary generates & records UID for User4 SID Sec. Usermapper
4. DM2 secmap records mapping User3 SID: UID 32770

5. Primary replies with mapping VNX2

Secmap
User3 SID: UID 32770
6. DM3 secmap records mapping Data Mover 2
Sec. Usermapper
User2 SID: UID 32769

Secmap
User2 SID: UID 32769
VNX1
Data Mover 3 Data Mover 2
2 Primary Usermapper
Usermapper Mapping broadcast
User1 SID: UID
UID 32768
1 User4 SID
Client User1
User2 SID:
SID: UID32768
32769
Mapping reply 5 User3 SID: UID 32770 3
User4 SID: UID 32771
Secmap Secmap
6 User4 SID: UID 32771 User1 SID:
SID: UID
UID 32768
User1 SID: UID 32768 User1
User2 SID: UID32768
32769
User3 SID: UID 32770
User4 SID: UID 32771 4
User4

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 37

Viewing the Usermapper Configuration
Storage > Shared Folders > CIFS > Usermappers tab

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 38

Usermapper Database Backup
Storage > Shared Folders > CIFS > Usermappers tab
• Backups used to update Secondary database
 If promoting to Primary
• EMC recommends that you do not modify Usermapper database
entries.

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 39

Managing Usermapper Roles
Storage > Shared Folders > CIFS > Usermappers tab

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 40

Managing Usermapper Roles (continued)
Storage > Shared Folders > CIFS > Usermappers tab

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 41

 Configuring CIFS

Lesson 5: Summary
During this lesson the following topics were covered:
•Usermapper basic operations
•Usermapper configuration

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 42

Summary
Key points covered in this module:
• Preparation is key to CIFS implementation. Identify key network
resources:
 Interface addressing
 Routing
 DNS
 NTP
• VDM CIFS server cannot provide antivirus functionality
• Usermapper provides unique IDs for users and groups from
Windows environments that access the

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 43

 This slide is intentionally left blank.

Copyright © 2014 EMC Corporation. All Rights Reserved. Configuring CIFS 44