NAS Shares surely offer great advantages and can be a flexible solution in most scenarios when storing and serving different types of data. Thing is the NAS Shares are so popular that tend to increase an over adoption not just for regular files but also for backups coming from different systems. If the cost per gigabyte on the storage is decreasing also due to new technologies and bigger capacities’ truth is at a certain point it is also the best practice thinking about data reduction techniques to help limiting or even better planning on future growth. This article explores the option to create a Quantum DXi CIFS share that can be used for multiple purposes. The plus is the Quantum DXi appliances offer built-in deduplication capabilities which prove interesting not just for bigger environments but also for storing in long term backups and in particular with GrandFather-Father-Son (GFS) scenarios.
Another important aspect is the integration with the current Windows environment. This is through the Workgroups by mean of SMB protocol and Active Directory environment which leverage LDAP.
The Quantum DXi CIFS share can work in both scenarios and integrate with security. This provides isolation and separation of the CIFS shares for different purposes. With up to 128 Shares in total (64 CIFS and 64 NFS) from the same appliance it reduces the implementation and infrastructure complexities.
As part of the article series dedicated to the Quantum DXi virtual appliances in this article the steps to create a CIFS Share to use as a target for the Backup jobs. The article also includes the steps to integrate with an existing Microsoft Active Directory environment.
How to setup a Quantum DXi CIFs Share
From the Home page in the Quantum DXi web console it is possible to create and manage the NAS shares in two ways: using the Wizard menu as already covered in the previous article about NFS shares or by using the Configuration section. This article will use the latter in this example to create Quantum DXi CIFS shares and join a Microsoft Active Directory domain.
First thing would be to join the Quantum DXi appliance to the Windows Active Directory Domain. From the Windows Domain tab let’s choose the appropriate option: Active Directory or Workgroup.
Let’s make sure to use either the user of the Domain Admins group or at least a Domain User to which the permission to join new objects in the Domain is granted. In addition, it is possible to specify the name of the Organizational Unit where the Quantum DXi appliance will be located. If blank will go under Computers OU.
After clicking apply we are ready to review and confirm the intended settings.
At this point the Quantum DXi appliance joined the Windows Active Directory Domain successfully.
When exploring the list of Computer objects the Quantum DXi appears in this list. As always the recommendation is always create the necessary DNS (A) and (PTR) records making sure the FQDN name lookup always works in both ways, forward and reverse.
Next step is to create or modify a list of users and groups from Active Directory who have admin right on the NAS server.
In this case I’m adding an extra user from the domain which is used as a service account for a number of different applications. This is also a good opportunity to provide some sort of hardening by limiting access only to custom or purpose built accounts or groups and removing the “standard” ones.
In the advanced settings the option to use the Opportunistic Lock (OpLock in SMB protocol) and the SMB Server Signing. This option is enabled by default on all modern Windows servers and clients and in particular when part of an Active Directory Domain. This could be disabled on the windows host by changing the value on a registry key or changing the default value by updating the Group Policy (GPO). These methods require a reboot of the servers. Probably a lot easier to control this option from here and change this where required.
The main settings for the NAS server is now complete. The next step is to create the actual Quantum DXi CIFS shares.
From the Summary tab let’s hit on Add to create a new CIFS share
Very easy and straight forward wizard to specify the CIFS share name a description, if this should be hidden from the network and also the option to enable the deduplication feature. Of course the type in this case would be a CIFS share. Very interestingly the shares can also be replicated to other Quantum DXi appliances for example in a remote location. We’ll cover this in a dedicated article.
The Quantum DXi CIFS share is now created and ready to be used. Next step is to manage the permissions and add the share to a Windows Server.
To manage the permissions for the CIFS Share we can simply use the “mmc” tool. From a Windows machine let’s run the “mmc.exe” command and add anew snap-in for the “Shared Folders”.
At this pint let’s add either the IP address or Hostname configured for the Quantum DXi appliance. DNS entries are key. If Data and Management are running on separate network cards with separate IP Addresses let’s make sure both entries exist in the DNS Server. We can leave the View to “All”.
As expected the snap-in now shows the available CIFS Shares.
With a right click on the desired one and then in Share Permissions we can now control the users and groups.
By default, “Everyone” (within Active Directory users and groups) has Full Control. A better solution would be for example to leave Everyone to the Read-Only permission (if really required) and then add a single user or group with Full Control. In this case for example I’m adding the only account allowed to run Read/Writes operations on this CIFS share required for Backup and Restore operations when the Backup files are stored on the Quantum DXi CIFS Share.
To test this out next step is to mount the CIFS share from the File Explorers in Windows. Let’s use the name specified on the Quantum DXi appliance and choose to connect with different credentials. This way we can specify the correct ones.
In this case will use the intended service account which should have Read/Write access to the CIFS Share.
The Quantum DXi CIFS share is now mounted successfully on this Windows Server. To test Write permission we can create a folder or a text file. As per screenshot the Write permission work as expected. We can now use this CIFS share as a target for the Backup jobs taking advantage of the deduplication capabilities.