Dell Unity XT 680 EMC Unity Family Configuring Multiprotocol File Sharing
Dell Unity XT 680 Manual
View all Dell Unity XT 680 manuals
Add to My Manuals
Save this manual to your list of manuals |
Dell Unity XT 680 manual content summary:
- Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 1
Dell EMC Unity™ Family Configuring Multiprotocol File Sharing Version 5.1 Part Number: H16551 June 2021 Rev. 05 - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 2
of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2017 - 2021 Dell Inc. or its subsidiaries. All rights reserved. Dell - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 3
1: Multiprotocol file sharing 8 About multiprotocol file sharing in Unity...8 Chapter 2: Deep dive: File system security and access 19 Configure NAS server sharing protocols and FTP/SFTP support 20 Configure a NAS server Unix Directory Service...21 Edit OpenLDAP schema for Linux...23 Upload an - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 4
Chapter 7: Configure Distributed File System and widelinks 37 About Distributed File System...37 About configuring DFS roots...37 About widelinks...37 Chapter 8: Troubleshooting a multiprotocol configuration 39 Service commands for troubleshooting a multiprotocol configuration 39 4 Contents - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 5
Figures 1 High-level steps for configuring multiprotocol file sharing 9 2 High-level steps for configuring multiprotocol file sharing (continued 10 3 Process for resolving an SID to a UID, primary GID mapping 13 4 Process used to resolve a UID to an SID mapping 14 Figures 5 - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 6
Tables 1 LDAP authentication...22 2 NAS server Unix credential settings...24 6 Tables - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 7
feature documentation or release notes, go to Unity Technical Documentation at: dell.com/unitydocs. Troubleshooting For information about products, software updates, licensing, and service, go to Support (registration required) at: dell.com/ support. After logging in, locate the appropriate product - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 8
following: ● A previous local login to another Unix system ● A UNIX Directory Service (NIS or LDAP), which looks up a user's UID/GID ● Local password an open file. Forbids renaming a component of an open file. Unity supports a mixed NFS and SMB environment by providing simultaneous access to the - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 9
on NFS, and the default UNIX account name when it cannot find a match for an NFS name on SMB. When you configure a file system that supports multiprotocol access, you must also select an access policy to manage user access control for the file system. For detailed information about how security and - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 10
: Instructions for setting up the Citrix XenServer hosts, Linux hosts, or Solaris hosts with clients that need to access NFS file system storage on a system with a Unity Operating Environment. ● Unisphere CLI User Guide: Describes commands to use in scripts for automating routine tasks. ● Service - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 11
system. NOTE: If the older SMB1 protocol does not need to be supported in your environment, it can be disabled by using the svc_nas service command. For more information about this service command, see the Service Commands Technical Notes. UNIX security model When the UNIX policy is selected, any - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 12
name for a particular user identifier (UID). ● Return the corresponding UID and primary group identifier (GID) for a particular UNIX account name. The supported services are: ● LDAP ● NIS ● Local files ● None (the only possible mapping is through the default user) There should be one UDS enabled - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 13
a. The local group databases of the SMB servers of the NAS are searched for the SID. If the SID is found, the related Windows name is the local user name along with the SMB server name. b. If the SID is not found in the local group database, the DC of the domain is searched. If the SID is found, the - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 14
its file systems. There are two kinds of security, UNIX and Windows. For UNIX security authentication, the credential is built from the UNIX Directory Services (UDS) with the exception for non-secure NFS access, where the credential is provided by the host client. User rights are determined from the - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 15
Access policy Description ● Uses a Windows credential to check the SMB ACL. ● Permissions for newly created files are determined by an SMB ACL conversion. SMB ACL permission changes are synchronized to the NFSv3 UNIX mode bits or NFSv4 ACL. ● NFSv3 mode bits and NFSv4 ACL permission changes are - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 16
NOTE: If the default UNIX user is not set in the UNIX Directory Services (UDS), SMB access is denied for unmapped users. If the default Windows user is not found in the Windows DC or the LGDB, NFS access - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 17
Multiprotocol file system security settings Unity offers the ability to customize the access, rename, and locking policies for a multiprotocol file system. File system access policies You can select one of the - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 18
• Create a NAS server for multiprotocol file sharing (SMB and NFS) • Configure NAS server sharing protocols and FTP/SFTP support • Configure a NAS server Unix Directory Service • Upload an LDAPS CA certificate for a NAS server • Change NAS server Unix credential settings • View the active LDAPS - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 19
IP address information for the NAS server. ● VLAN ID, if the switch port supports VLAN tagging. If you associate a tenant with the NAS server, you must choose servers. ● UNIX Directory Service (UDS) information for NIS, LDAP, or local files. The UDS provides the UNIX UID and GUID for AD users. NOTE - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 20
you use LDAPS with secure NFS. 5. On the Unix Directory Service page, configure one of the following directory services: ● Local files ● NIS ● LDAP ● Local files and NAS server. Configure NAS server sharing protocols and FTP/ SFTP support 1. Access the NAS server sharing protocol options from the - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 21
. Configure a NAS server Unix Directory Service When you configure a NAS server that supports multiprotocol file sharing, you must configure 5. Select Upload New File to upload the file. To troubleshoot issues with configuring local files, ensure that: ● The file is created with - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 22
Enable Unix Directory service field, select NIS. 3. Enter an NIS domain and add up to three IP addresses for the NIS servers. To troubleshoot issues with configuring settings. ● To manually enter the IP addresses of LDAP servers, select Configure LDAP server IPs manually, enter each IP address - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 23
of the supported schemas, as described earlier in this topic. ● All of the containers specified in the ldap.conf file point to containers that are valid and exist. ● Each LDAP user is configured with a unique UID. You can also use the -ldap option of the svc_nas service command to troubleshoot LDAP - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 24
for a NAS server Steps 1. Under Storage, select File > NAS Servers. 2. Select the relevant NAS server, and click the Edit icon. 3. On the Naming Services tab, select the LDAP/NIS sub-tab. 4. Select LDAP Secure (Use SSL) and Enforce Certification Authority (CA) Certificate, if these options are not - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 25
Windows users to Unix users or Unix users to Windows users. The rules support wildcards and substitutions. To allow users with unmapped user names to access user that is not already mapped to a Unix account through a directory service (LDAP or NIS) or local files. This option is available when there - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 26
Note that Unix user accounts are case sensitive. The user mapping file supports the use of wildcards and substitution sequences. To use a customized user users that are not already mapped to Unix accounts through a directory service (LDAP or NIS) or local files. This functionality allows for the - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 27
user name that does not map to a UID/GID, create a corresponding UID/GID in LDAP, NIS, or local files, depending on your Unix Directory Service selection. e. Optionally repeat steps a and b to verify that the user mappings are as desired, and fix them as necessary. f. Select Update user mapping on - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 28
file system Prerequisites Make sure there is a NAS server configured to support multiprotocol, and that a pool exists with enough available storage space reside in all-Flash pools, and only for thin file systems created on Unity systems running OE version 4.2.x or later. ● On the Shares page, - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 29
the oplocks enabled is recommended. The following oplocks implementations are supported: ● Level II oplocks, which informs a client that multiple SMB events for this file system. Multiprotocol file system security settings Unity offers the ability to customize the access, rename, and locking - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 30
Setting SMB Not Allowed Description (Default) Only NFS clients can rename directories without any restrictions. An SMB client cannot rename a directory in the path if at least one file is opened in the directory or in one of its subdirectories. For example, if the path to a file is C:\Dir1\Dir2\ - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 31
for shares. Create an SMB share Prerequisites The file system or snapshot you choose as the share's source must be associated with a NAS server that supports the SMB protocol. Configure shares 31 - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 32
Hosts to Access SMB File Systems, which is available on the support website. Advanced SMB share properties You can configure the following advanced documentation. Configures the client-side caching of offline files: ● Manual: Files are cached and available offline only when caching is explicitly - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 33
Unix documentation. Create an NFS share Prerequisites The file system or snapshot you choose as the share's source must be associated with a NAS server that supports the NFS protocol. About this task NOTE: An NFS share that is created on the source system must not share the same name as any - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 34
UID is mapped to the anonymous UID on the NAS server. By default, the values of the anonymous UID and anonymous GID are 4294967294, which is typically associated with the nobody user. 5. On the Access page, optionally specify the name of the hosts that can access the share, along with their access - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 35
File > NAS Servers. 2. Select the relevant NAS server, and then click the Edit icon. 3. On the Naming Services tab, configure one of the following directory services if there is no Unix Directory Service (UDS) already configured for the NAS server or if local files are not configured: ● NIS ● LDAP - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 36
/GID in LDAP, NIS, or local files, depending on your Unix Directory Service selection. Then select the Update user mapping on all file systems check box retention. When you enable secure NFS for a NAS server that supports multiprotocol file sharing, you can choose to authenticate using the Windows - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 37
structure has a root target, which is the host server running the DFS service and hosting the namespace. A DFS root contains DFS links that point to DFS roots You can configure Distributed Filesystem Support (DFS) roots on an SMB share in Unity. Complete the following tasks before configuring a - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 38
lrwxr-xr-x 1 cstacey ENG\Domain Users 30 23 JUL 17:33 widelink1 -> /net/nfsserver42/export1/target1 $ ls -l widelink1 Then the entry in the DFS Root should be: net/nfsserver42/export1/target1 -> \\nfsserver42\\ 38 Configure Distributed File System and - Dell Unity XT 680 | EMC Unity Family Configuring Multiprotocol File Sharing - Page 39
a multiprotocol configuration Topics: • Service commands for troubleshooting a multiprotocol configuration Service commands for troubleshooting a multiprotocol configuration The following service commands are useful for troubleshooting access issues in a multiprotocol configuration
Dell EMC Unity™ Family Configuring
Multiprotocol File Sharing
Version 5.1
Part Number: H16551
June 2021
Rev. 05