No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

File Access and Protocols Feature Guide 13

OceanStor 18500 V3 and 18800 V3 Mission Critical Storage System V300R003

This document describes the implementation principles and application scenarios of the NAS feature. Also, it explains how to configure and manage NAS.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Overview

Overview

CIFS is a protocol used for sharing network files. CIFS allows Windows clients on the Internet and intranet to access shared files and other resources. The CIFS share is mainly applicable to the file sharing.

Introduction to CIFS Protocol

Server Message Block (SMB) is a protocol used for network file access and CIFS is a public version of SMB. The SMB protocol allows a local PC to access files and request services on PCs over the local area network (LAN). The OceanStor 18500 V3/18800 V3 storage system supports SMB 1.0, SMB2 (SMB 2.0 and SMB 2.1) and SMB 3.0.
  • If the client runs Windows Server 2003, Windows XP, SMB 1.0 is used.
  • If the client runs Windows Server 2008 or Windows Vista, SMB 2.0 is used.
  • If the client runs Windows Server 2008 R2 or Windows 7, SMB 2.1 is used.
  • If the client runs Windows Server 2012 or Windows 8, SMB 3.0 is used.
NOTE:
Some file sharing protocols (such as SMB 1.0, SMB2 and NFS v4), limited by their own mechanisms, cannot ensure service continuity during online upgrade. SMB 3.0 and NFS v3 can ensure service continuity during online upgrade, but the Failover option needs to be manually enabled when using SMB 3.0.

With the continuous expansion of enterprises, more and more users need to access the share service in enterprises. Restricted by the server where shared files reside, the access speed decreases and system response slows down when a large number of users access shared files. Therefore, improving the performance of accessing shared files becomes an urgent need for enterprises.

The CIFS feature allows Windows clients to identify and access shared resources provided by the OceanStor 18500 V3/18800 V3 storage system. With CIFS, clients can quickly read, write, and create files in the OceanStor 18500 V3/18800 V3 storage system as on local PCs. The storage system delivers high performance, addressing the problems of decreased access speed and slow response.

The CIFS feature has the following advantages:
  • High concurrency

    CIFS supports the file sharing and file locking mechanisms, allowing multiple clients to access and update a file. Multiple clients can access a file at the same time, but only one client is allowed to update the file each time.

  • High performance

    Access requests sent by a client for a shared file are cached locally but not delivered to the storage system. When the client sends access requests for shared files again, the system directly reads shared files in the cache, improving access performance.

  • Data integrity

    CIFS provides the cache, pre-read, and write back functions to ensure data integrity. If other clients want to access the shared file, the cached data is written to the storage system. Only one copy file is activated each time to prevent data conflicts.

  • Robust security

    CIFS supports share access authentication. The authentication management function controls users' access permissions, ensuring data confidentiality and security.

  • Wide application

    Any client that supports the CIFS protocol can access the CIFS share space.

  • Unified coding standard

    CIFS supports various types of character sets, applicable to different language systems.

Related Concepts

Homedir: It is one of CIFS share modes. In Homedir share mode, a file system is shared to a specific user as an exclusive directory. The user can only view and access the exclusive directory named after its user name.

File system quota: A file system quota can restrict resource usage. There are three types of quotas: Directory quota, User quota, and User group quota.
  • Directory quota: Restricts the maximum available space or number of all files in a directory. The storage system supports the default directory quota. The default directory quota indicates a quota value that takes effect for all quota trees in a file system. If the default quota is configured but no directory quota is configured for a newly created quota tree, the system enables the quota tree to use the default quota to restrict the available space and number of files.
  • User quota: Restricts the space or number of files that can be used by a user. The storage system supports the default user quota. The default user quota indicates a quota value that takes effect for all users in a file system or quota tree. If the default quota is configured but no user quota is configured for a user, the system enables the user to use the default quota to restrict the available space and number of files.
  • User group quota: Restricts the space or number of files that can be used by a user group. The space or number of files used by all members in a user group cannot exceed the user group quota. The storage system supports the default user group quota. The default user group quota indicates a quota value that takes effect for all user groups in a file system or quota tree. If the default quota is configured but no user group quota is configured for a user group, the system enables the user group to use the default quota to restrict the available space and number of files.
When a user or user group quota is configured, Root Quota Tree is used as the file system-level quota by default and the capacity and number of files in a file system are restricted with the exception of quota trees.
The following two quota types are involved in each preceding quota type.
  • Space Quota: maximum capacity of quota tree in a file system
  • File Quantity Quota: maximum number of files under quota tree in a file system

Access Control List (ACL): a collection of permissions that are authorized to users or user groups to operate shared files. ACL permissions are classified into ACL permission storage and ACL permission authentication. After a user logs in to a share, the user determines the share permissions, reads the ACL permissions, and determines whether files can be read and written. For storage, each ACL permission is called Access Control Entry (ACE). After CIFS shares are mounted to a Windows client, the client sends NT ACLs to a server (storage system that provides CIFS shares). NT ACLs can be discretionary access control lists (DACLs) but cannot be system access control lists (SACLs). That is, NT ACLs do not support audit permissions.

User group: four user groups that are provided by a storage system, namely, default_group, Administrators, AntivirusGroup, and Backup Operators.
  • default_group: default user group. When the group members access the shared file system in the storage systems, they must be authenticated to obtain their permissions.
  • Administrators: administrator group. When the group members access the shared file system in the storage system, they do not need to be authenticated by share level ACL and NT ACL. They can operate any file in any share with administrator permissions (such as full control, modify, read & execute, list folder contents, read, write, and special permissions).
  • AntivirusGroup: antivirus user group. The group members can use third-party antivirus software to scan for shared file systems. They have administrator permissions.
  • Backup Operators: backup user group. The group members can use third-party backup software to back up and recover shared file systems. They do not have administrator permissions.
Signature: data that identifies identities of CIFS clients and servers. It provides an identity verification mode during the transmission process. To prevent SMB packets from being attacked during the transmission process, the SMB protocol supports digital signature of SMB packets.
NOTE:

If the signature function is disabled, the storage system may encounter man-in-the-middle (MITM) attacks, resulting in security risks.

Translation
Download
Updated: 2019-08-14

Document ID: EDOC1000084098

Views: 32879

Downloads: 72

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next