Organizations rely on enterprise file sharing tools to provide access for critical files from multiple devices and platforms. But not all of those devices and platforms will rely on the same file protocols. This is true for both on-prem and cloud file sharing.
An enterprise organization’s IT landscape is usually a mix of Windows and Linux machines—in certain scenarios a single file share may need access by both Windows and Linux machines at the same time. Managing this could get complex, as Windows and Linux follow different security semantics and protocols. Luckily, BlueXP and Cloud Volumes ONTAP offer a solution.
This blog will explore multi-protocol file sharing and show you how to set it up with Cloud Volumes ONTAP, giving you an easy way for Windows and Linux servers in mixed environments to access the same volumes.
Jump down with the links below to get started:
Server Messaging protocol (SMB) is the native file sharing protocol implemented in Windows systems. SMB uses share level and user level security to authorize access to file shares. The Common Internet File System (CIFS) protocol is a dialect of SMB, which in turn is a collection of message packages that defines a specific version of SMB. The Network File System (NFS) protocol is used by Linux systems to share files and folders.
NFS mount options use export policies in addition to file and folder permissions as a security mechanism. When the same volume must be shared between Windows and Linux systems, interoperability between these mechanisms is essential and also quite complex to achieve. Other major differences between the protocols include their authentication mechanisms, security settings, and renaming and locking policies.
While it is possible to configure Windows servers to enable communication with NFS and Linux servers to access shares over SMB, it isn’t an easy configuration process. To use NFS with Windows, the role should be enabled from Server Manager or through PowerShell. In addition to that, User ID mapping and Group ID mapping should be configured so that users from Windows domains can access the files in the NFS share.
Alternatively, RPCSEC_GSS, a Kerberos V5-based protocol, can be used for authentication and better security; however, identity mapping is still going to be required. Configuring anonymous access eliminates most of the complicated identity mapping requirements, but that introduces a security risk as the share will be mounted using root user privileges.
Mounting SMB shares in Linux also requires additional configuration for access and authentication. Administrators can use Samba tools to access SMB shares from Linux. Depending on the CIFS module and SMB protocol version, not all SMB features will be available.
A credential file should be created for authenticating to the SMB share with details such as Windows username, password, domain, etc. In multi-user scenarios, users also need to provide their individual credentials using the cifscred utility, which is used for passing on user credentials to a kernel when CIFS is mounted with a multi-user option.
From all of this it’s clear that using the same share for Linux and Windows is not an easy job, and the cloud isn’t helping. The major cloud file service offerings, such as Amazon EFS, most versions of Amazon FSx, or Azure Files either provide access to NFS or SMB, not both. Cloud Volumes ONTAP offers a solution: support for both NFS and SMB access for volumes on AWS and Azure.
Cloud Volumes ONTAP offers a versatile enterprise file sharing storage for hybrid and multicloud environments, with many advanced storage features such as high availability, data protection, cost-saving storage efficiencies, data tiering, and more. With Cloud Volumes ONTAP, data can be accessed over SMB, NFS, or both at the same time, which allows Windows and Linux environments to have concurrent access to the same files on the same volume.
Configuring multiprotocol access can be done through a set of simple steps. Note that this can be done starting with NFS and then switching to SMB, or vice versa. In this example we are going to start with an NFS volume and then add SMB.
Let’s start by logging in to BlueXP, then follow the steps below.
When your volume is created you will be brought back to the working environment page for the Cloud Volumes ONTAP instance. We will now set up CIFS access for the working environment.
The working environment is now ready to be used via CIFS / SMB. You can continue to set an SMB share for the volume.
Now that the volume allows for CIFS setup, we can set it to use SMB. To complete the remaining configuration step, we need to access System Manager.
Follow these steps:
Once you complete the configuration steps above, the share will be accessible from Windows Server through Windows Explorer using the SMB protocol. The same volume can be accessed from Linux servers using the NFS protocol by mounting it to a local folder using the Mount command.
Note that user mapping is one option for configuring authentication to allow users from Windows and Linux to access the volume. It can be used when the number of users who need access is limited. However, in use cases where a large number of users need access to the same share (e.g., file shares) it is recommended to use a Kerberos NFS configuration. You can find more details about Kerberos and NFS here.
NetApp has been providing enterprise data storage solutions with multiprotocol access for years: now that’s possible in the cloud and hybrid architectures with Cloud Volumes ONTAP. Cloud Volumes ONTAP provides an innovative solution for solving the issues of sharing files between disparate environments. It simplifies the process of sharing data across the organization.