Professional Documents
Culture Documents
FileSharing DFS S17
FileSharing DFS S17
Cognitive Systems
Agenda
• Networks
Cognitive Systems
Networks
Networks
Cognitive Systems
What is Samba?
• From samba.org:
"Samba is an Open Source/Free Software suite that provides seamless file and print services to SMB/CIFS
clients."
• Samba project was released under GPL in 1993
• Provides a Server Message Block client and server for POSIX systems
• Continually enhanced and maintained for over 20 years by an active development team.
Cognitive Systems
BSD
AIX
Linux
IRIX
VMWare
Cognitive Systems
Cognitive Systems
Cognitive Systems
Users
To access the Samba server, each user must be added manually
Use the pdbedit command
Users can be restricted from the Samba server by not adding them
Samba Client
FTP style SMB client
Useful if you want to retrieve or send a file to a remote system
SMB session ends immediately when you exit out of Samba shell
smbclient
Command line interface
Functions include: dir, md, rmdir, put, get
smbclient help will display the full list of functions
libsmbclient
Shared library that provides program interfaces
Basically a Samba API interface
Does not have smbmount
Cognitive Systems
/opt/samba/lib/smb.conf
Default Share
Read only
IFSTEST share
Read/Write
Cognitive Systems
Cognitive Systems
Cognitive Systems
• UNC path
– \\<server>\share
Mapped drive
Cognitive Systems
• Files
– Access is in binary, no text converting
Cognitive Systems
Cognitive Systems
Cognitive Systems
File and print serving for Common Internet File System (CIFS) clients
Windows™ 7
Windows 8
Windows 10
Windows Server 2008
Windows Server 2012
Windows Server 2016
Linux Samba at current release levels
Compatible with Microsoft Networking and Samba
Part of the base IBM i
Uses TCP/IP for connectivity
Cognitive Systems
Cognitive Systems
• Note: Setting on Domain Controller will push setting out to clients without having to update
individual PCs.
• Session security
– Network security: Minimum session security for NTLM SSP based (including secure RPC) clients
– Network security: Minimum session security for NTLM SSP based (including secure RPC) servers
– Both check boxes selected under one or the other may cause inability to connect, access denied
or may look like the server is down
Cognitive Systems
• Start->Run…
– secpol.msc
• DirectoryCacheLifetime
– Under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Lanmanworkstation\Parameters
– May need to be adjusted to 0
– Resolves 'File not found' problems for time-sensitive operations when using SMB2
Cognitive Systems
Feature comparison
Samba on
Feature NetServer
IBM i
Cognitive Systems
• Write • Write
• PS C:\Users\emig> Measure-Command {cp dvd.iso z:\dvd.iso}
• PS C:\Users\emig> Measure-Command {cp dvd.iso z:\dvd.iso}
• Minutes :3
• Minutes :4
• Seconds : 54
• Seconds : 22
• Milliseconds : 320
• Milliseconds : 33
• TotalSeconds : 234.3203921
• TotalSeconds : 262.0336844
*Measured in lab environments. Measurements in customer environments may differ.
Cognitive Systems
NFS - Prerequisites
Cognitive Systems
Cognitive Systems
General Tab
General Tab
Cognitive Systems
Cognitive Systems
Cognitive Systems
Windows
Linux
UNIX
IBM i
IBM i
• QFileSvr.400
• IBM i NetClient file system (QNTC)
• Network File System (NFS)
Cognitive Systems
QFileSvr.400
QFileSvr.400
/QFileSvr.400/Branch
Cognitive Systems
QFileSvr.400
QFileSvr.400
Cognitive Systems
QFileSvr.400
QFileSvr.400
Cognitive Systems
QFileSvr.400 Scenario
Configuration
Database
QFileSvr.400 to copy
configuration information
LAN LAN
LAN
QFileSvr.400
Requirements
• TCP/IP Configured on both systems
Cognitive Systems
QFileSvr.400
Network Authentication Requirements
1. Configure both client and server system for Network Authentication with the Network Authentication
configuration wizard.
3. Use QSH kinit command or CALL QKRBKINIT PARM(‘user@realm’) to get Kerberos credentials.
Note: If you plan to access QFileSvr.400 paths through System i Navigator, you will need to make the Kerberos tickets
forwardable.
QFileSvr.400
Single or multiple connection to server
Multiple connections
Parallel access to the server
Each job has it’s own connection
Threads within the same process still share a connection
Cognitive Systems
Job 1
Job 2
Job 3
Job 4
/QFileSvr.400/Server
/QFileSvr.400/Server
Cognitive Systems
QNTC
QNTC
Access data stored on CIFS File Servers
IBM i /QNTC/NetServer/SHR/Sales.xls
NetServer
Linux
/QNTC/Linux/MyShare/Sales.xls
/QNTC/PC/MyShare/Sales.xls
PC
Cognitive Systems
QNTC Scenario
C:\Catalog\669175.jpg
Cognitive Systems
QNTC Configuration
• Server names must be browsable by the IBM i NetServer in order to automatically appear in the
integrated file system.
• IBM i users that will be using QNTC must have a Windows Domain user profile with the same name
and password or Network Authentication Services is configured.
– Windows has local and domain users, if the same user exists for both, will use the domain user
Ready to GO !!
Cognitive Systems
Configuring QNTC
IBM i NetServer Configuration
Configuring QNTC
IBM i NetServer Configuration
© 2016, 2017 IBM Corporation For more info see IBM i NetServer Easy Access to IBM i Data 73
Cognitive Systems
/QNTC /QNTC
SALES011 SALES021
SALES012
SHOP004
SHOP005
WARH01
WARH02
WARH03
WARH04
Configuring QNTC
A word about WINS
SALES021
WINS
SALES011
1.2.3.0 1.2.4.0
Router
Chicago Rochester
Cognitive Systems
QNTC Security
• Access to server data is controlled by the server (Windows, Linux or remote IBM
i NetServer), not QNTC.
– Share level security
Defines the permission that a user has to the share.
QNTC - Security
Security Tips
Cognitive Systems
IBM i QNTC
QNTC
Network Authentication Requirements
• Kerberos ticket for the IBM i platform must be forwardable. To make a ticket forwardable, follow these
steps:
– Access the Active Directory Users and Computers tool on the KDC for your NAS realm.
– Select users.
– Select the name that corresponds to the service principal name.
– Select Properties.
– Select the Account tab.
– Select Account is trusted for delegation.
Cognitive Systems
IBM i
NFS Server
IBM i,
/ANYPATH/MyData AIX,
Linux,
others
Cognitive Systems
Before Mount
After Mount
© 2016, 2017 IBM Corporation 82
Cognitive Systems
• IBM i directories in Root (/) or QOpenSys file systems can be mounted over
Cognitive Systems
Cognitive Systems
NFS - Mounting
perf
data
The "covered"
data1 data2 wrkdir is now
"invisible" and
inaccessible
from integrated
file system
interfaces.
Cognitive Systems
NFS Server1
NFS Client
Userid UID
??? 203
NFS Server2
Userid UID
JOHN 203
Userid UID
SALLY 203
NFS - Security
• EXPORTFS options
– Root access from remote clients is controlled
– Anonymous UID access can be restricted
– Read write access can be controlled
Cognitive Systems
IBM i NFS
• Maximum size for read/write increased to 32KB
• Reuse NFS client handle
– Improve performance
– Reduce socket churn
Cognitive Systems
References
Knowledge Center for IBM i Integrated file system Topic (Files and file systems > Integrated
file system)
http://www.ibm.com/support/knowledgecenter/ssw_ibm_i_73/ifs/rzaaxkickoff.htm
IBM i NetServer
http://www-03.ibm.com/systems/i/software/netserver/
Cognitive Systems
Questions?
https://facebook.com/IBMPowerSystems
https://twitter.com/IBMPowerSystems
https://www.linkedin.com/company/ibm-power-systems
http://www.youtube.com/c/ibmpowersystems
https://www.ibm.com/blogs/systems/topics/servers/power-
systems/
© 2016, 2017 IBM Corporation
Cognitive Systems
More to Follow:
Backup slides
Cognitive Systems
Cognitive Systems
Cognitive Systems
Cognitive Systems
Cognitive Systems
Cognitive Systems
Show the file on the IBM i – view contents with DSPF (option 5 on WRKLNK)
Note: DSPF will perform text conversion
Cognitive Systems
NFS - Properties
Cognitive Systems
Applications/Generic Commands
Non-POSIX POSIX
FMS
APIs APIs
PC File NFS IBM i
Server Server NetServer
Logical File System (Shared Folders)
vnode interface
QDLS Root QOpenSys User-Defined QNTC
PFS IBM BladeCenter® blade
PFS PFS PFS PFS
and System x™ models
attached to an IBM i
NFS QFileSvr.400
QSYS.LIB QOPT solution via an iSCSI
Client Client
PFS PFS network
PFS PFS
Special notices
This document was developed for IBM offerings in the United States as of the date of publication. IBM may not make these offerings available in other countries, and the information
is subject to change without notice. Consult your local IBM business contact for information on the IBM offerings available in your area.
Information in this document concerning non-IBM products was obtained from the suppliers of these products or other public sources. Questions on the capabilities of non-IBM
products should be addressed to the suppliers of those products.
IBM may have patents or pending patent applications covering subject matter in this document. The furnishing of this document does not give you any license to these patents.
Send license inquires, in writing, to IBM Director of Licensing, IBM Corporation, New Castle Drive, Armonk, NY 10504-1785 USA.
All statements regarding IBM future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.
The information contained in this document has not been submitted to any formal IBM test and is provided "AS IS" with no warranties or guarantees either expressed or implied.
All examples cited or described in this document are presented as illustrations of the manner in which some IBM products can be used and the results that may be achieved. Actual
environmental costs and performance characteristics will vary depending on individual client configurations and conditions.
IBM Global Financing offerings are provided through IBM Credit Corporation in the United States and other IBM subsidiaries and divisions worldwide to qualified commercial and
government clients. Rates are based on a client's credit rating, financing terms, offering type, equipment type and options, and may vary by country. Other restrictions may apply.
Rates and offerings are subject to change, extension or withdrawal without notice.
IBM is not responsible for printing errors in this document that result in pricing or information inaccuracies.
All prices shown are IBM's United States suggested list prices and are subject to change without notice; reseller prices may vary.
IBM hardware products are manufactured from new parts, or new and serviceable used parts. Regardless, our warranty terms apply.
Any performance data contained in this document was determined in a controlled environment. Actual results may vary significantly and are dependent on many factors including
system hardware configuration and software design and configuration. Some measurements quoted in this document may have been made on development-level systems. There is
no guarantee these measurements will be the same on generally-available systems. Some measurements quoted in this document may have been estimated through extrapolation.
Users of this document should verify the applicable data for their specific environment.
Cognitive Systems
A full list of U.S. trademarks owned by IBM may be found at: http://www.ibm.com/legal/copytrade.shtml.
Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries.
AltiVec is a trademark of Freescale Semiconductor, Inc.
AMD Opteron is a trademark of Advanced Micro Devices, Inc.
InfiniBand, InfiniBand Trade Association and the InfiniBand design marks are trademarks and/or service marks of the InfiniBand Trade Association.
Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its
subsidiaries in the United States and other countries.
IT Infrastructure Library is a registered trademark of the Central Computer and Telecommunications Agency which is now part of the Office of Government Commerce.
Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates.
Linear Tape-Open, LTO, the LTO Logo, Ultrium, and the Ultrium logo are trademarks of HP, IBM Corp. and Quantum in the U.S. and other countries.
Linux is a registered trademark of Linus Torvalds in the United States, other countries or both.
Microsoft, Windows and the Windows logo are registered trademarks of Microsoft Corporation in the United States, other countries or both.
NetBench is a registered trademark of Ziff Davis Media in the United States, other countries or both.
SPECint, SPECfp, SPECjbb, SPECweb, SPECjAppServer, SPEC OMP, SPECviewperf, SPECapc, SPEChpc, SPECjvm, SPECmail, SPECimap and SPECsfs are trademarks of the Standard Performance Evaluation
Corp (SPEC).
The Power Architecture and Power.org wordmarks and the Power and Power.org logos and related marks are trademarks and service marks licensed by Power.org.
TPC-C and TPC-H are trademarks of the Transaction Performance Processing Council (TPPC).
UNIX is a registered trademark of The Open Group in the United States, other countries or both.
Other company, product and service names may be trademarks or service marks of others.