ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Migrate to DFS from UNC file shares? Complications..

    Scheduled Pinned Locked Moved IT Discussion
    118 Posts 8 Posters 76.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DashrenderD
      Dashrender @scottalanmiller
      last edited by

      @scottalanmiller said:

      @ntoxicator said:

      Moving from the ISCSI disk pool NAS storage, and migrating data to a physical node using DRBD would take time. Although maybe not as slow as I'm assuming it might be.

      iSCSI is not NAS, it is SAN. Always, no exceptions. iSCSI and NAS can never go together.

      Moving to local disks will take no longer than moving to anything else. Local disks are the fastest possible option so it is equal or better than any other option.

      I might be wrong on this, but I think @ntoxicator just flubbed when calling it NAS here - he's just not used to calling what he has SAN yet.

      ntoxicatorN 1 Reply Last reply Reply Quote 1
      • DashrenderD
        Dashrender @scottalanmiller
        last edited by

        @scottalanmiller said:

        NAS is just a file server. Some can't even do SMB!!

        LOL - Here is one of those times you were suppose to read into it that my question implied that my choosen NAS does include SMB. I know that that's asking to much.

        So again, Can all SMB file servers be a part of MS's DFS? or is that still a depends?

        scottalanmillerS 1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @Dashrender
          last edited by

          @Dashrender said:

          @scottalanmiller said:

          NAS is just a file server. Some can't even do SMB!!

          LOL - Here is one of those times you were suppose to read into it that my question implied that my choosen NAS does include SMB. I know that that's asking to much.

          So again, Can all SMB file servers be a part of MS's DFS? or is that still a depends?

          Still a depends. AFAIK. I don't think that just any SMB handling does DFS. Although I think that most do.

          1 Reply Last reply Reply Quote 0
          • DashrenderD
            Dashrender
            last edited by

            @ntoxicator - What are you leaning towards for your remote location after this conversation?

            1 Reply Last reply Reply Quote 0
            • ntoxicatorN
              ntoxicator @Dashrender
              last edited by ntoxicator

              @Dashrender

              Thank you - -and yes your correct. I was referring to it by its actual product name/description. As the Product is a Synology 1U rackmount server/NAS. But, as @scottalanmiller pointed out. Since I 100% indeed have it configured as block-level storage for iSCSI; its therefore a SAN

              We actually have 2 Synology rack-mounts. The idea was to pool them together using the Synology HA / sync and its heartbeat setup. However, this was not fully implemented due to storage size on the original Synology storage unit. management complained about time it would take to migrate data to the new unit. As i would have to format the originating and setup as new before that could happen. But still would have single point of failure (back at the XenServer). I did however migrate the smaller Virtual Machines to the new Synology SAN storage and the block-level storage (Faster disks). So its just the domain controller VM and its data still sitting on the original Synology network storage device.

              Having 2 SAN's configured (sync storage). Would just help if one of them failed, I could quickly swap out the iSCSI pool and SR pointers within XenServer Control Panel and get us back online. however, yes it is known if the single xenserver host failed -- we are shit out of luck. Management knows this.

              @Dashrender

              I'm thinking of just a NAS unit. Probably a 2-disk unit in RAID-1. Again, I see a synology product here? I can create SMB2 shares on this, however I'm sure I will have to tie into AD using LDAP connector for it to work properly (because SMB share).

              Unless I can create SMB share and present this network path \\location\share to the Domain Controller (net use). And then configure the seperate GPO policy for this sub-set of users @ satellite office. to which will make their folder redirection and roaming profile save to that new network location? Let windows server handle the file permissions on that SMB drive?

              scottalanmillerS DashrenderD 6 Replies Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller @ntoxicator
                last edited by

                @ntoxicator said:

                Thank you - -and yes your correct. I was referring to it by its actual product name/description. As the Product is a Synology 1U rackmount server/NAS. But, as @scottalanmiller pointed out. Since I 100% indeed have it configured as block-level storage for iSCSI; its therefore a SAN

                Yeah, I hate their marketing in that way. The industry term for it is "unified storage" which is merged NAS / SAN. It's the use, not the product, that dertermines what it is.

                1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @ntoxicator
                  last edited by

                  @ntoxicator said:

                  We actually have 2 Synology rack-mounts. The idea was to pool them together using the Synology HA / sync and its heartbeat setup.

                  One of the places where NAS and SAN isn't something that you can fudge. I believe that the HA is for the NAS functionality only. But in both cases, it doesn't apply to use for VMs, so does not exist for you at all.

                  ntoxicatorN 1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @ntoxicator
                    last edited by

                    @ntoxicator said:

                    Having 2 SAN's configured (sync storage). Would just help if one of them failed, I could quickly swap out the iSCSI pool and SR pointers within XenServer Control Panel and get us back online.

                    Yeah.... that's insanely silly. Just drop the original Synology and you'll save money, go faster and be safer. All wins. The only rational answer is to remove the Synology completely. Anything is, I'd have to say, insane. Why would any money be spent to do something that isn't any good?

                    ntoxicatorN 1 Reply Last reply Reply Quote 0
                    • ntoxicatorN
                      ntoxicator @scottalanmiller
                      last edited by

                      @scottalanmiller said:

                      @ntoxicator said:

                      We actually have 2 Synology rack-mounts. The idea was to pool them together using the Synology HA / sync and its heartbeat setup.

                      One of the places where NAS and SAN isn't something that you can fudge. I believe that the HA is for the NAS functionality only. But in both cases, it doesn't apply to use for VMs, so does not exist for you at all.

                      Gotcha - and i completely understand that now :). The HA would apply to the storage units themselves, and not to the running VM's. As latency and time it takes... we would still have downtime while I would have to re-associate storage pool / SR's and virtual disks to the VM's on xenserver node.

                      I see the bigger picture on that aspect now after it all being laid out to me.

                      1 Reply Last reply Reply Quote 1
                      • scottalanmillerS
                        scottalanmiller @ntoxicator
                        last edited by

                        @ntoxicator said:

                        I'm thinking of just a NAS unit. Probably a 2-disk unit in RAID-1. Again, I see a synology product here? I can create SMB2 shares on this, however I'm sure I will have to tie into AD using LDAP connector for it to work properly (because SMB share).

                        SMB has no relationship to AD. AD is authentication, SMB is a network file protocol. AD will be needed because you are dealing with AD users, I assume, but is not a factor due to SMB in any way.

                        1 Reply Last reply Reply Quote 0
                        • ntoxicatorN
                          ntoxicator @scottalanmiller
                          last edited by

                          @scottalanmiller said:

                          @ntoxicator said:

                          Having 2 SAN's configured (sync storage). Would just help if one of them failed, I could quickly swap out the iSCSI pool and SR pointers within XenServer Control Panel and get us back online.

                          Yeah.... that's insanely silly. Just drop the original Synology and you'll save money, go faster and be safer. All wins. The only rational answer is to remove the Synology completely. Anything is, I'd have to say, insane. Why would any money be spent to do something that isn't any good?

                          It was a bad decision on that. Full circle then (1-year ago), when I was asking for new servers to create a Xenserver HA setup.

                          1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller @ntoxicator
                            last edited by

                            @ntoxicator said:

                            Unless I can create SMB share and present this network path \\location\share to the Domain Controller (net use). And then configure the seperate GPO policy for this sub-set of users @ satellite office. to which will make their folder redirection and roaming profile save to that new network location? Let windows server handle the file permissions on that SMB drive?

                            Why would you not be able to do that?

                            ntoxicatorN 1 Reply Last reply Reply Quote 0
                            • ntoxicatorN
                              ntoxicator @scottalanmiller
                              last edited by

                              @scottalanmiller said:

                              @ntoxicator said:

                              Unless I can create SMB share and present this network path \\location\share to the Domain Controller (net use). And then configure the seperate GPO policy for this sub-set of users @ satellite office. to which will make their folder redirection and roaming profile save to that new network location? Let windows server handle the file permissions on that SMB drive?

                              Why would you not be able to do that?

                              For some reason, I was under impression. When there is a SMB share, you have to use AD to be able to properly setup file folder permissions on the SMB folder. As this would not be a local disk on the Windows server and it would be considered a network location and windows server would have a hard time applying file/folder permissions for users/groups?

                              scottalanmillerS 2 Replies Last reply Reply Quote 0
                              • DashrenderD
                                Dashrender @ntoxicator
                                last edited by

                                @ntoxicator said:

                                @Dashrender

                                I'm thinking of just a NAS unit. Probably a 2-disk unit in RAID-1. Again, I see a synology product here? I can create SMB2 shares on this, however I'm sure I will have to tie into AD using LDAP connector for it to work properly (because SMB share).

                                If possible, buy a NAS that supports AD integration. This will allow you to set permissions on the SMB shares based on AD users.

                                Unless I can create SMB share and present this network path \\location\share to the Domain Controller (net use).

                                You don't need to present anything to the DC. in your GPO you'll create a mapping for \\name or IP of NAS\sharename, that's all. You need to do nothing more on the DC.

                                And then configure the separate GPO policy for this sub-set of users @ satellite office to which will make their folder
                                redirection and roaming profile save to that new network location?

                                Correct

                                Let windows server handle the file permissions on that SMB drive?

                                The server doesn't really handle the permissions on the files, only the share itself. After you get below the share, for example \\NAS IP\sharename, once you go to \\NAS IP\sharename\filename - once you reach filename, you are now dealing with permissions at the file/folder level, which the Windows Server or DCs don't care about. Of course they are used to verify who has permission, but the servers themselves aren't watching what's happening at that level. And really the DC isn't watching at the NAS device either, the NAS is watching itself, but again, only at the share level.

                                1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller @ntoxicator
                                  last edited by

                                  @ntoxicator said:

                                  When there is a SMB share, you have to use AD to be able to properly setup file folder permissions on the SMB folder.

                                  I'm guessing you read some posts on Spiceworks. There is an epidemic there of people not knowing what AD is and associating all kinds of things with it. AD is nothing but a database of users and passwords (and some info about those users, like first name, phone number, etc.) That's it. It's used to look up authentication, nothing more.

                                  SMB does share permissions. SMB itself cannot with or without AD being in use, do anything with folder and file permissions.

                                  Folder and file permissions are always from the ACLs of the file system. What you want to mimic a Windows machine are called NTFS ACLs.

                                  Go on SW and you'll see people buying things with AD integration all of the time thinking that AD does file permissions and then being upset that they have no permissions. AD has no association with permissions.

                                  AD: Authentication
                                  FS ACLs: Permissions
                                  SMB: Share Permissions on the network

                                  DashrenderD 1 Reply Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller @ntoxicator
                                    last edited by

                                    @ntoxicator said:

                                    As this would not be a local disk on the Windows server and it would be considered a network location and windows server would have a hard time applying file/folder permissions for users/groups?

                                    Huh? It would be a local disk. The AD system has nothing to do with "applying" permissions.

                                    ntoxicatorN 1 Reply Last reply Reply Quote 0
                                    • DashrenderD
                                      Dashrender @scottalanmiller
                                      last edited by

                                      @scottalanmiller said:

                                      AD: Authentication
                                      FS ACLs: Permissions
                                      SMB: Share Permissions on the network

                                      You want something with all three.

                                      1 Reply Last reply Reply Quote 0
                                      • ntoxicatorN
                                        ntoxicator @scottalanmiller
                                        last edited by

                                        @scottalanmiller said:

                                        @ntoxicator said:

                                        As this would not be a local disk on the Windows server and it would be considered a network location and windows server would have a hard time applying file/folder permissions for users/groups?

                                        Huh? It would be a local disk. The AD system has nothing to do with "applying" permissions.

                                        I understand.

                                        In reference to AD, I was meaning the windows server in itself. This would be the file folder share permissions and the NTFS read/write permissions. Now, these are typically applied to local disks on the actual server.

                                        The NAS setup with SMB share would be new to me. But, yes I understand it

                                        I would need NAS with AD integration, so I can streamline and secure the SMB share over the network (Set of users who can access this share).

                                        Then I would need FS (file system) permissions on the SMB share (on the NAS). Which would also rely on AD user/group

                                        So in my logic and what I was trying to explain before. Is that I would 100% need a device with AD integration for an SMB setup, since this SMB share is NOT local disk on the actual windows server. Since I would not be able to to the NTFS & share permissions directly on that server....

                                        Yes -- I read some information awhile back on Spiceworks.

                                        DashrenderD scottalanmillerS 2 Replies Last reply Reply Quote 0
                                        • JaredBuschJ
                                          JaredBusch
                                          last edited by

                                          For DFS, your GPO looks like this. The same as with a basic SMB share. jsut you use the namespace instead of server. Nothing new or special.

                                          0_1460386948536_upload-16c44d33-37a1-4871-bd41-8b0c5761f17c

                                          1 Reply Last reply Reply Quote 1
                                          • DashrenderD
                                            Dashrender @ntoxicator
                                            last edited by

                                            @ntoxicator said:

                                            @scottalanmiller said:

                                            @ntoxicator said:

                                            As this would not be a local disk on the Windows server and it would be considered a network location and windows server would have a hard time applying file/folder permissions for users/groups?

                                            Huh? It would be a local disk. The AD system has nothing to do with "applying" permissions.

                                            I understand.

                                            In reference to AD, I was meaning the windows server in itself. This would be the file folder share permissions and the NTFS read/write permissions. Now, these are typically applied to local disks on the actual server.

                                            The NAS setup with SMB share would be new to me. But, yes I understand it

                                            I would need NAS with AD integration, so I can streamline and secure the SMB share over the network (Set of users who can access this share).

                                            Then I would need FS (file system) permissions on the SMB share (on the NAS). Which would also rely on AD user/group

                                            So in my logic and what I was trying to explain before. Is that I would 100% need a device with AD integration for an SMB setup, since this SMB share is NOT local disk on the actual windows server. Since I would not be able to to the NTFS & share permissions directly on that server....

                                            Yes -- I read some information awhile back on Spiceworks.

                                            You got it all correct there!

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 6 / 6
                                            • First post
                                              Last post