This module demonstrates how to provide CIFS storage access to a VNX system.
Module 13 - Configuring CIFS 1
This lesson demonstrates how to create and join a CIFS server into the domain.
Module 13 - Configuring CIFS 2
There are some preparation steps needed for CIFS. Windows Active Directory uses Kerberos authentication and it is time-sensitive. It is a best practice to configure the Data Mover to acquire its time from a Network Time Server (NTP) to ensure it is in time synchronization with the Key Distribution Center (KDC). To do this, first manually set the date and time of the Data Mover then configure it to acquire its time from an NTP server. Windows Domain Controller systems run a service for Network time. In the example shown the IP address of the NTP server is a Windows Domain Controller. Another preparation step required before configuring CIFS for the Windows 2003/08 environment includes Dynamic DNS. In order for the Data Mover to be able to update DNS with its IP information dynamic updates must be supported. , Dynamic Updates must be set to Secure only or Nonsecure and secure in the Forward Lookup Zone. This slide illustrates a Windows 2008 R2 DDNS server supporting dynamic updates set to Secure only.
Module 13 - Configuring CIFS 3
To manage CIFS in Unisphere hover over the Storage icon from the top main bar, in the drop down from the Shared Folders section, select CIFS. The main CIFS management pane will be displayed.
Module 13 - Configuring CIFS 4
Before you create any CIFS servers, it is recommended that you start the CIFS service to activate the protocol for each physical Data Mover. Once the service is started, it cannot be stopped without adversely impacting CIFS client access. With the main CIFS management page open, on the right side Tasks tree File Storage section select the Configure CIFS link. By default Unicode is enabled. Unicode is the Universal Character Set supported in the VNX for File. Next, click in the CIFS Service Started box and then click Apply. The same operation can be accomplished via CLI by using the following syntax: server_cifs { <movername> | ALL } | -Enable <interface>[,<interface>...]
To verify the status of the service use the following command syntax: server_cifs { <movername> | ALL } | -stats [-full [-zero]] | [-summary]
Module 13 - Configuring CIFS 5
Once you have started the CIFS service on your Data Mover, it’s now time to add a CIFS server. To add a CIFS server, from the main CIFS management page select the CIFS Servers tab then click the Create button. This opens the Create CIFS Server configuration window.
Module 13 - Configuring CIFS 6
The Create CIFS Server configuration window has several sections for creating and configuring a CIFS server. The first section has a drop-down to select the Data Mover that will hold the CIFS server. The Data Movers can be physical or Virtual Data Movers. The Server Type section defines the behavior of the CIFS server. There are three options of CIFS servers: Windows NT4 (Windows NT domain member), Windows 2000/2003/2008 (AD membership) and standalone (local login) servers. The section will have different fields corresponding to the type of server selected. The screen show has fields for the Windows 2000 Computer Name, Aliases and NetBIOS Name. The slide illustrates creating a Windows 2000/2003/2008 server named cifs01. Next is the Domain section which has fields for the Windows Domain, a checkbox option for joining the domain, credential fields for a Domain user with the rights to add computers into the domain and the Organizational Unit that the CIFS server will be added into. The default organizational unit (OU) for a Data Mover’s CIFS server is Computers:EMC Celerra. The next section is for enabling local users on the CIFS server and setting a local Admin password. The final step is to select an interface. If no interface is specified, the associated CIFS server uses all unassigned interfaces on that Data Mover. This configuration is known as the default CIFS server. To verify if server was configured properly use the CLI command: server_cifs <movername>
Module 13 - Configuring CIFS 7
The status of the CIFS server can be seen from the main CIFS page on the CIFS Servers tab. The CIFS Server Properties page displays its status with the domain. In the example shown, the CIFS server has been joined to the domain. When creating a CIFS server it is useful to check its properties to confirm that ithe CIFS server has been joined to the domain. Unsuccessful joins are commonly caused by time synchronization with Kerberos or they could be related to Data Mover routing configurations.
Module 13 - Configuring CIFS 8
The CIFS server should also be seen within the Windows environment. It should be seen within Active Directory within the EMC Celerra OU as shown. Additionally it should be present within Dynamic DNS as shown.
Module 13 - Configuring CIFS 9
This lesson focuses on making a file system available to a CIFS client.
Module 13 - Configuring CIFS 10
To export a file system for CIFS, in Unisphere click Storage > Shared Folders > CIFS > Create. The first step for creating a CIFS share is to select a Data Mover for the share, it is selected from a drop-down menu. Only Primary Data Movers will be displayed – either physical or Virtual Data Movers. In the CIFS Share Name field, a share name must be input. The share name will be the name of the share that the CIFS server presents to the network. It does not have to be the same name as the file system pathname that is exported. Next, select the desired File System from the drop-down menu. Only file systems that are mounted to the selected Data Mover will be displayed. Next select the file system Path name to export. When creating an initial share on a file system, the only pathname available will be to the top-level of the file system. The field only accepts pathnames that exist and it will not create any structure that does not already exist. Make sure you check the corresponding CIFS Server. Click OK when done.
Module 13 - Configuring CIFS 11
When you create a share, you can define it as a global share by not selecting a specific CIFS server or servers for the share. A global share is accessible from all the available Data Mover CIFS Servers. A local share can be defined by selecting a specific CIFS server for the share. A local share can only be accessed from the specified server and all of its aliases if aliases are configured. If the Data Mover has multiple CIFS servers, and multiple CIFS servers are selected for the share, the share is only available from the specified CIFS servers, not any unselected CIFS servers. Shares created through Windows tools are local shares by default. This behavior is controlled with a VNX parameter “ cifs srvmgr.globalShares” using the server_param command. Setting the parameter value to 1 enables creating global shares, the default value is 0. See the document Configuring and Managing CIFS on VNX available from Powerlink for details.
Module 13 - Configuring CIFS 12
The CIFS service must be stopped and restarted for any changes in the configuration to take effect. Such change could include but not be limited to: • Adding/changing the External Usermapper address • Adding/changing the address of the WINS server • Changing the security mode To start or stop CIFS, access the main CIFS page, then from the Tasks pane File Storage section, select Configure CIFS.
Module 13 - Configuring CIFS 13
Deleting a CIFS server is a multi-step process. Please note that a CIFS server can be removed directly in Unisphere without performing all these steps. These steps represent a best practice for removing a CIFS server to prevent any data loss from in-process write operations or incomplete removal. The first step is to ensure that there are no users actively accessing the CIFS server. This can be done using Computer Management and connecting to the CIFS server and checking for any open sessions to users. The next step is to remove the CIFS server from the domain. This is done in the Unisphere GUI on the main CIFS page. Select the specific CIFS Server’s properties and perform the un- join operation. Next is to delete any CIFS shares that are specifically associated with the CIFS Server. This is done in the Unisphere GUI on the main CIFS page. From the CIFS Shares tab, select Shares related to the CIFS server and delete them. The delete shares operation does not delete data from the file system, it simply removes the sharing of the data. Finally the CIFS server can be deleted. From the main CIFS page in Unisphere, select the specific CIFS server from the CIFS Servers tab and delete it. Using this multistep process prevents removal of a CIFS Server when write operations are in process and clears the CIFS configuration of the CIFS Server completely.
Module 13 - Configuring CIFS 14
Listed are the key points covered in this module.
Module 13 - Configuring CIFS 15
Test the knowledge acquired through this training by answering the questions in this slide. Continue to the next page for the answer key.
Module 13 - Configuring CIFS 16
Displayed here are the answers from the previous slide. Please take a moment to review them.