Last week I told you about the new SME File Fabric Workflow Approval feature. Today’s topic is another new collaboration feature, Share for Edit.
This blog post will highlight how a company can leverage their existing Microsoft Distributed File System (DFS) infrastructure as a part of their cloud strategy. Companies will be able to treat DFS shares as cloud storage and automatically create cloud DFS shares for users based on their DFS home directory.
Microsoft Distributed File System (DFS) is a technology that allows multiple servers to host a single file share, providing fault tolerance and performance enhancement for multi-site Active Directory topologies.
Microsoft introduced DFS as an add-on to Windows NT 4.0, and DFS has been included in all versions of Windows since Windows 2000. DFS consists of a server component, included in all versions of Windows Server, and a client component, included in all versions of Windows. It works with the Server Message Block (SMB) protocol (sometimes referred to as Windows networking). The SMB protocol is also more commonly known as the Common Internet File System (CIFS). Continue reading →
Following on from our last post in which we demonstrated how CIFS Windows shares can be exposed outside of the corporate firewall this blog post will focus on how to Archive CIFS Windows shares to OpenStack Swift.
The SME Enterprise Cloud Appliance allows any primary cloud to be paired with a backup cloud for archive and business continuity purposes.
One of the predominant use cases that companies have is to enable file sync and mobile access to file share data that lives behind the corporate firewall without the need for a VPN and without reconfiguring permissions whilst using Active Directory or LDAP for authentication.
In many cases this is done for compliance or security reasons or perhaps because there has been a large investment in internal storage that has yet to be realised.
Accessing files over CIFS/SMB network over VPN using a mobile network is possible but access can be patchy, clients apps limited and it is often extremely slow.
The Storage Made Easy enables this using its built in CIFS connector. This blog post will step through how to cloud enable Windows file shares.
Storage Made Easy recently gave a joint presentation with SciNet for the HUF2015 Conference.
The presentation focused on the integration of Storage Made Easy with the High Performance Storage System (HPSS).
HPSS is a flexible, scalable, policy-based Hierarchical Storage Management product, developed as the result of over two decades of collaboration among five Department of Energy laboratories in the USA and IBM, with significant contributions by universities and other laboratories worldwide. It provides scalable hierarchical storage management (HSM), archive, and file system services using cluster, LAN and SAN technologies to aggregate the capacity and performance of many computers, disks, disk systems, tape drives and tape libraries.
Post Updated October 6th 2016
We now have plenty of companies and ISP’s who are using our full Enterprise File Share and Sync solution for OpenStack but we have long been approached by companies asking if they could have just the drive piece of our functionality available that works in a dedicated fashion outside of our full EFSS solution.
To that end we are pleased to announce the release of a dedicated OpenStack Windows CIFS Drive that is a standalone installer that works directly with OpenStack Swift instances.
Install is simple:
WebDav is an acronym for Web Distributed Authoring and Versioning and can also be referred to as just plain old DAV.
WebDav is an extension of the HTTP protocol that was originally designed by Jim Whitehead from the University of California at Santa Cruz in 1996 when he was working at the World Wide Web consortium and it later became an Internet Engineering Task Force (IETF) standard.
WebDav was built as an interoperable standard to support remote collaborative authoring of Web sites and individual documents, as well as remote access to document based systems.
Today it It is the most popular network file-system protocol for use across the Internet, and although it has been integrated as a interoperable layer into many existing product implementations it is also notably missing as an interoperable API standard from many, such as DropBox, Google Drive, Amazon S3 and more.
The Storage Made Easy WebDav Gateway
SME provide a way to access any mapped cloud by secure WebDav irrespective of whether the underlying Cloud Supports the WebDav protocol natively. As WebDav is so well supported in many desktop and mobile Apps this means that Cloud Data can easily be integrated and accessible without having to move it to access the features of a particular Application that is WebDav enabled.
Connecting to WebDav Servers and Windows Shares
SME can also be configured to connect to servers that support the WebDav protocol. This use of WebDav from a SME perspective is using WebDav as a back end cloud to store data rather than exposing existing clouds to be accessible using the WebDav protocol.
Many existing NAS or SAN devices such as those as the NetGear ReadyNAS and the Synology devices range already provide WebDav as an access protocol to access data. Also existing web servers such as Apache can also be configured to use WebDav using the Mod Dav extension.
Many users of SME want to expose windows file shares and make them directly available through the SME service to all devices. The most appropriate and secure way to do this is not to expose such shares directly but to configure Microsoft Internet Information Server to expose these shares over WebDav.
Advantages of WebDav for Windows File Sharing
This has the following advantages:
Seamless integration with the IIS Manager
A secondary protocol provides a security DMZ with regards to direct access to windows shares
IIS WebDAV can be enabled at the site level, allowing IT administrators to restrict WebDAV access to specific sites on a server.
IIS WebDAV supports per-URL authoring rules, allowing administrators to specify custom WebDAV security settings on a per-URL basis. This fine-grained control gives administrators the ability to maintain one set of security settings for normal HTTP requests and a separate set of security settings for WebDAV.
IIS WebDAV supports both shared and exclusive locks to prevent lost updates due to overwrites
WebDAV supports secure connection as well. By enabling HTTPS over all WebDAV connections, security is fortified. SSL certificates can also be installed to increases security measures
Why WebDav as a Cloud Connector ?
WebDAV is an optimized protocol for document access over http. It is proven as being latency independent and is efficient over wide area networks especially in contrast to file protocols such as NFS and CIFS.
Using secure WebDAV ensures the data is encrypted during transmission and due to the optimizations that data is stored efficiently and quickly .
Why Not The Common Internet File System (CIFS)
CIFS is the standard way that windows users share files across corporate intranets and the Internet with a secure VPN connection.
To expose such shares directly to the internet or to other none windows PC’s it is needed to use a bridging technology. Samba is often used as such as technology. With Samba, the ports 139/tcp and 445/tcp are exposed over a public IP Address. Once this is done such shares are accessible.
The drawbacks of this are:
– The CIFS protocol used by Windows file sharing does not provide data encryption
The protocol itself is quite chatty.
No level of security indirection
CIFS is is an optimized protocol for access to data over a network that has been extended by VPN and has been used in this context by many companies for a long time. The disadvantage of this is that all devices have to support , be setup, and work with the VPN. preventing access by some devices and Apps and making Adhoc ‘on the fly’ access difficult.
Securing WebDav Servers
It is beyond the scope of this blog post to go into great detail on the steps required to secure WebDav servers but Microsoft has a very good guide on how to secure the IIS WebDav Service. This can be accessed at:
In addition to this you should note the following best practices:
Folder Permissions: Use non-anonymous authentication. Modify the NTFS permissions on the folder to only allow the access necessary to the users who require such access
Prevent File Execution: If you are only using WebDAV as a file store and not using it to display web pages, then execute permissions should be removed from that site or folder.
Apache WebDav servers can be configured to use LDAP authentication and also two factor authentication and any deployments should consider implementing these.