Using Multiple Protocols

  • Published on Dec 30, 2024
  • 7 minute(s) read
  • CD
 Prev Next

Introduction

The Nasuni Edge Appliance provides efficient and convenient global access to your data. Nasuni’s patented file system, UniFS®, combines the performance and consistency of a traditional file system with the scalability and stability of cloud storage.

Nasuni offers a number of protocols with which to access data in the UniFS file system, including CIFS, NFS, and FTP protocols. You can think of these protocols as gateways to the UniFS file system. Some clients might find one protocol more useful than another protocol.

However, you might also want to provide access to the same data for several different types of clients. For this reason, the Nasuni Edge Appliance supports assigning multiple protocols to volumes of data.

This document discusses some typical scenarios requiring particular access to data, and how different combinations of protocols can help provide the access that clients need.

Protocols

This section discusses the protocols available for volumes on Nasuni Edge Appliances.

Original Protocols

When you create a volume on the Nasuni Edge Appliance, you have two choices for the original protocol of the volume:

  • CIFS (Common Internet File Service): The CIFS protocol is typically used to provide data to clients on Microsoft Windows or OS X systems. The CIFS protocol supports the use of folders and files.

  • NFS (Network File System): NFS is a protocol and file system for accessing and sharing files across a computer network using UNIX or Linux. The NFS protocol supports the use of folders and files.

    Figure 1. Original protocols available for volumes include CIFS and NFS.

Enabling Additional Protocols

After you create a volume on the Nasuni Edge Appliance and select the original protocol of the volume, you can enable other protocols for the volume.

Warning: Protocols work in parallel. Enabling an additional protocol to an original protocol does not affect the original protocol. However, writing data to the volume using one protocol can affect the permissions or other metadata used by another protocol. This can inadvertently affect permissions in unexpected ways.

Warning: If you enable an additional protocol for a volume, you cannot remove that protocol.

Important: The Nasuni Mobile Access app is scheduled for End-of-Life on May 1, 2024. After this date, the Nasuni Mobile Access app will no longer be supported or available from app stores.

  • FTP (File Transfer Protocol) and SFTP (SSH File Transfer Protocol or Secure File Transfer Protocol) (for CIFS or NFS volume only): FTP is a standard network protocol to transfer files over a TCP-based network, such as the Internet. FTP clients may authenticate themselves using a username and password, but can connect anonymously if the server is configured to allow it. FTP is often used to enable contractors or other outside entities to add or retrieve data files using anonymous access.
    You can configure FTP directories, read-only access, visibility of FTP directories, allowed hosts, allowed users, allowed groups, and anonymous access.

Note: Nasuni supports SFTP, the SSH File Transfer Protocol. This is not the same as FTPS, the File Transfer Protocol over SSL.

Tip: You can ensure that the SFTP (SSH File Transfer Protocol) protocol is used, rather than the FTP protocol, with the Firewall page in the Edge Appliance UI. For each Traffic Group, select SFTP and deselect FTP.

  • Web Access (for volume with CIFS enabled): A Nasuni technology that enables access to data using a Web browser.

Table 1. Original protocols, and available additional protocols.

Original Protocol

Additional Protocol Available

Additional Protocol Available

CIFS

FTP/SFTP

CIFS

NFS (enable NFS first)

CIFS

Web Access

NFS

FTP/SFTP

NFS

CIFS

NFS

CIFS

FTP/SFTP

NFS

CIFS

Web Access

Figure 2. Additional protocols include FTP and Web Access.

Volume Permissions Policies

When you enable CIFS, NFS, or FTP protocols on an original CIFS or NFS volume, you can also select a permissions policy for the volume. These volume permissions policies enable you to define volume permissions for specific situations.

  • NTFS Exclusive Mode:

  • Default mode for CIFS (SMB) volumes on Nasuni Edge Appliances joined to Active Directory.

  • Produces full NTFS permissions support for CIFS/SMB shares. This volume permissions policy offers the greatest Windows and Mac client compatibility.

  • Recommended for CIFS volumes that do not require multiple protocols.

  • Not Supported: NFS, FTP, LDAP authentication.

Important: You cannot switch from NTFS Exclusive Mode to NTFS Compatible Mode.

  • NTFS Compatible Mode:

  • Optional mode for CIFS (SMB) volumes on Nasuni Edge Appliances joined to Active Directory.

  • Provides a high level of Windows and Mac compatibility through the CIFS/SMB protocol, with some limitations.

  • This mode is required for multiple protocol support that does NOT involve NFS, such as CIFS with FTP/SFTP, as well as CIFS/SMB.

  • NFS and FTP/SFTP protocols cannot see all NTFS permissions and do not obey all access rules in NTFS permissions. NFS and FTP/SFTP protocols obey only the POSIX access control list (ACL) component of inheritance rules.

  • All of the settings available in POSIX Mixed Mode are available. In addition:

  • File attributes are available.

  • In Unix/Linux, the attr command is available.

  • In Windows, the attributes are used to store extended Windows rights.

  • Not supported: NFS-only volumes, LDAP authentication.

POSIX Mixed Mode:

  • Default mode for CIFS volumes on Nasuni Edge Appliances joined to LDAP. Also available for Nasuni Appliances joined to Active Directory.

  • Recommended for combined NFS and CIFS volumes, and for combined CIFS and FTP/SFTP volumes. Also recommended for LDAP-authenticated CIFS-only volumes with Linux or Mac clients, with UNIX extensions enabled.

  • The settings available in UNIX/NFS Permissions Only Mode are available.

  • ACLs are available.

  • In Unix/Linux, the setfacl and getfacl commands are available to set and get ACLs.

  • In Windows, multiple users and groups are represented on the ACLs.

  • Inheritance is represented as default ACLs.

  • More information:

    • Access control lists (ACLs) are supported entirely through POSIX ACLs. Windows clients receive mapping of POSIX ACLs to NTFS ACLs. However, the mappings are not as complete as mappings done for NTFS Compatible Mode. NFS clients cannot view the ACLs.

    • The NFSv4 protocol automatically translates the underlying ACLs to NFSv4 ACLs. The common tools for managing POSIX ACLs are not supported on NFSv4. To manage ACLs using NFSv4, you must use the NFSv4 ACL tools. Not all Nasuni Edge Appliances support NFSv4. You can check whether NFSv4 is supported on the NFS Status page (Nasuni Edge Appliances) or the Exports page (NMC).

UNIX/NFS Permissions Only Mode:

  • Default mode for NFS volumes.

  • Recommended for primary or heavy NFS use.

  • Not available for CIFS volumes. Not recommended for Windows users.

  • All permissions are set using the standard User, Group, and Other settings.

  • ACLs and attributes are not available. Attempting to set ACLs or attributes returns "Operation not supported".

  • If CIFS is used with this mode, only one user, one group, and Everyone can be set. Attempting to set other values returns "Access is denied".

  • More information:

  • Only supports traditional UNIX mode bits to control permissions (chmod).

  • Windows can view permissions as access control lists (ACLs), but cannot add or remove access control entries (ACEs).

Unauthenticated Access Mode:

  • Default mode for CIFS volumes on Nasuni Edge Appliances that are not joined to Active Directory or to LDAP. Also available for Nasuni Edge Appliances joined to Active Directory or LDAP, if the client (such as Windows) is joined to the same domain.

  • Recommended for CIFS Public-mode volumes. For CIFS clients, this mode acts as an open share. For all other protocols, this mode acts identically to POSIX Mixed Mode.

Unix/Linux and Windows IDs on objects

On Unix/Linux, the IDs on objects are the standard IDs as found in the /etc/passwd file. When viewing permissions in Unix/Linux, if there is a mapping of the ID to the name, the name is seen. If there is no mapping to a name, the ID (integer) is seen.

Nasuni maps Windows users as users with 6-digit IDs. When viewing Windows rights in Linux, you see the 6-digit user IDs.

NFSv4 Extended ACLs

When using an OS that writes NFSv4 extended rights, this can be reverted to NFSv3 by specifying NFSv3 on the mount command. Also, the nfs4-acl-tools package is available to write NFS4 ACLs.

Volume Configuration

The following table contains Nasuni recommendations for configuring volumes, based on the objectives for the volume. Configuration includes consideration of the following:

  • Original volume protocol

  • Additional volume protocol, if any

  • Authentication

  • Volume Permissions Policy

  • Case Sensitivity

  • Before joining Edge Appliance to Active Directory, contact Nasuni Support.

Objective of volume

Original volume protocol

Additional volume protocol

Set Authentication to …

Set Permissions Policy to …

Set Case Sensitivity to …

Options available include:

Unsupported features include:

SMB clients only (Microsoft Windows clients, macOS clients) (no NFS, no FTP)

SMB (CIFS)

None

Active Directory

NTFS Exclusive

No

Durable handles (with SMB 2.0+ and GFL disabled).

Web Access.

Global File Lock Advanced and Optimized mode.

NFS. FTP. LDAP. Multiple volume protocols.
Switching from NTFS Exclusive to NTFS Compatible.

SMB clients + FTP (Microsoft Windows clients, macOS clients)

SMB (CIFS)

FTP

Active Directory

NTFS Compatible
or POSIX

Yes (Case sensitivity required to add FTP)

FTP. Web Access. Global File Lock: Advanced and Optimized mode. Switch from NTFS Compatible to NTFS Exclusive.

NFS.
LDAP

NFS clients (UNIX or Linux clients)

NFS

None

Active Directory

POSIX

Yes (cannot be changed)

FTP.

Global File Lock: Optimized mode.

CIFS (SMB) volumes.
Web Access.

NFS + SMB Clients: IDs mapped between SMB/NFS using AD Unix Extensions (Microsoft Windows clients, macOS clients, UNIX or Linux clients)

NFS

SMB (CIFS)

Active Directory

POSIX (translated to NTFS)

Yes (cannot be changed)

FTP.

Web Access.

Global File Lock: Optimized mode

LDAP.

NFS + SMB Basic InterOp: no ID mapping (Microsoft Windows clients, macOS clients, UNIX or Linux clients)

SMB (CIFS)

NFS

Active Directory

NTFS Compatible
+ POSIX

Yes (Case sensitivity required to add NFS and FTP protocols)

FTP.

Web Access.

Global File Lock: Optimized mode.

Can switch from NTFS Compatible to NTFS Exclusive.

NFS-only volumes.
LDAP authentication.

Copyright © 2010-2024 Nasuni Corporation. All rights reserved.

Related articles