This blog post will highlight how a company can leverage their existing Microsoft Distributed File System (DFS) infrastructure as a part of their cloud strategy. Companies will be able to treat DFS shares as cloud storage and automatically create cloud DFS shares for users based on their DFS home directory.
Microsoft Distributed File System (DFS) is a technology that allows multiple servers to host a single file share, providing fault tolerance and performance enhancement for multi-site Active Directory topologies.
Microsoft introduced DFS as an add-on to Windows NT 4.0, and DFS has been included in all versions of Windows since Windows 2000. DFS consists of a server component, included in all versions of Windows Server, and a client component, included in all versions of Windows. It works with the Server Message Block (SMB) protocol (sometimes referred to as Windows networking). The SMB protocol is also more commonly known as the Common Internet File System (CIFS).
DFS enables the creation of a hierarchical namespace of links that point to a company’s file shares. Shares can be hosted by any SMB-compatible device. These include Windows Servers, NAS devices, or even Samba shares. The layout of the DFS namespace can be whatever is logical for the company in question.
A DFS namespaces relies on Microsoft Active Directory and is tightly integrated with both AD and DNS, so to take full advantage of a DFS based CIFS share there are a few things that need to be configured in the SME appliance.
Companies often want to keep their existing DFS infrastructure, which gives them virtualized access to network file systems, but extend it by enabling it to be easily, and productively worked with outside of the corporate firewall often referred to as a private corporate drop box use case.
This blog overview series will demonstrate how this can be achieved using the Storage Made Easy self-hosted Enterprise File Share and Sync Fabric solution.
This article assumes that Microsoft Active Directory is setup and properly configured. It also assumes that there is a functioning DFS fileserver.
Lastly it is assumed that there is an SME appliance deployed in the LAN with access to the domain controllers, DNS servers and that the initial network configuration steps have been run. You can found out how to do this here.
In this overview my domain is “sme.com” and my DFS namespace is “SMEStorage”
Verify DNS on the appliance
Start by logging into the SME appliance as smeconfiguser with ssh.
If your DFS nodes are located across AD subdomains, then you need to put all the domain names on the “search” line.
In my example below I have two regional offices plus the root domain on my “search” line. In addition, ensure the appliance is using the authoritative DNS server for your AD.Handling the CIFS authentication and DNS
Once DNS is configured we need to reconfigure the CIFS client to allow for the two step CIFS process of authenticating to the namespace server, and then be referred to the storage location(s). We are adding two helper calls, one for requesting kerberos session keys and another keytype for resolving the hostnames.
The following lines need to be added to the top of the list of operations in the “/etc/request-key.conf” file:
create cifs.spnego * * /usr/sbin/cifs.upcall %k
create dns_resolver * * /usr/sbin/cifs.upcall %k
It should now look like this:
On the appliance
After the reboot, it is time to log into the SME web GUI. The first time you log into an SME self-hosted appliance an Admin is greeted by the “Add storage provider” screen.
For the flow of this article, I will assume log in is with the organization administrative account for the first time. (If this is not the case for you, don’t worry, you have obviously already had some experience with the product, instead select “Add Storage Provider from the dashboard and follow along).
Select CIFS as the storage provider.
Name your Cloud: This is the name of this share the users will see in the File Manager.
CIFS username / password. Credentials for accessing the share.
CIFS shared folder: The UNC path for the share, notice the direction of the slashes. Here you can see the domain, DFS namespace, and the actual share
Once the information is entered and you select Continue, you will see the settings page, similar to this one:
Congratulations, you have configured the Microsoft Distributed File System as your nominated storage provider in SME! Just remember, before any of your users can use this storage endpoint, you will have to make this a shared folder and grant them access in SME as SME is permissive by default.
Sharing the folder:
- Select “File Manager” from the top menu bar.
- From there, locate “My DFS files” (in my example) In the root of “My Cloud files”. Right click to open a context menu, and select “Convert to shared team folder”.
Right click again, and you will now see a permissions option.
On the new screen, change the default permissions to something appropriate, in my case I will give everybody Read and Write permissions by default.
Once you hit “Apply”, all users in your Organization will see the new storage.
Thanks for tuning in, and come back in a week or two for Part 2 of this post. I will show you how to set up automatic home user folders that gets mounted when a user logs in. We will start where I have left off in the blog, and create a system where the users get specific department drives and home folders based on their active directory user.