+ Post New Thread
Page 3 of 4 FirstFirst 1234 LastLast
Results 31 to 45 of 57
Hardware Thread, Sun 7410 Unified Storage + SAN/Userspaces Question in Technical; Originally Posted by torledo Ever since i read about the little spat between netapp and sun, which i believe involved ...
  1. #31
    Duke's Avatar
    Join Date
    May 2009
    Posts
    1,017
    Thank Post
    300
    Thanked 174 Times in 160 Posts
    Rep Power
    57
    Quote Originally Posted by torledo View Post
    Ever since i read about the little spat between netapp and sun, which i believe involved netapp bringing an action against sun claiming zfs violated wafl patents. hebdenland would be aware of that...not sure if it's still ongoing.
    Funny you should mention that. Our NetApp dealer actually mentioned it as a reason to stay with NetApp and avoid Sun. It all depends which side of the argument you believe - I figure either NetApp are extremely confident or they're really getting desperate for ways to compete with Sun and the S7000's. As I've mentioned, I still think of NetApp as top-tier (just look at the market share and the people who use them, it's hard to argue with), but at their prices and with the products Sun are coming up with I think the gap is getting smaller all the time...

    Cheers,
    Chris

  2. Thanks to Duke from:

    Hebdenlad (13th May 2009)

  3. #32
    jvelador's Avatar
    Join Date
    Oct 2009
    Location
    Sherman Oaks
    Posts
    2
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Host-based security

    We evaluated a 7310 with 4 aggregated gE interfaces and were immediately impressed with the performance.

    The company now has a 7410 that was recently configured.

    One thing I noticed in the evaluation was that unlike the NetApp 6070 it may replace, there is no host-based security. At least, nothing I've found in the documentation/admin guide or in the BUI itself alludes to that ability. The shares have to be read-write for obvious reasons.

    There is nothing preventing a user with root privileges on some Linux box to mount the share, create a local user with the same UID/GID as the systems that write the data and wreak havoc.

    Short of separating the 7410 to another VLAN, has anyone found a way to secure by host?

    I asked a Sun engineer during the configuration and he admitted there was no way to do this in the 7410 itself. Hopefully, someone has run across this?

  4. #33
    apaton's Avatar
    Join Date
    Jun 2009
    Location
    Kings Norton
    Posts
    283
    Thank Post
    54
    Thanked 106 Times in 87 Posts
    Rep Power
    36
    Quote Originally Posted by jvelador View Post
    There is nothing preventing a user with root privileges on some Linux box to mount the share, create a local user with the same UID/GID as the systems that write the data and wreak havoc.

    ...............


    Short of separating the 7410 to another VLAN, has anyone found a way to secure by host?
    Are you talking about NFS or CIFS?

    If NFS then absolutely yes.

  5. #34
    apaton's Avatar
    Join Date
    Jun 2009
    Location
    Kings Norton
    Posts
    283
    Thank Post
    54
    Thanked 106 Times in 87 Posts
    Rep Power
    36
    Quote Originally Posted by Duke View Post
    Funny you should mention that. Our NetApp dealer actually mentioned it as a reason to stay with NetApp and avoid Sun.
    ZFS is now Open Source, so I can't see how that can put it back in the box anyway.

    Its a shame really, as NetApp has become the force it has today partly because of Sun. Early NetApp boxes were NFS servers. NFS is a Sun invention which they opened up back in the late 80's.

    Andy

  6. #35
    jvelador's Avatar
    Join Date
    Oct 2009
    Location
    Sherman Oaks
    Posts
    2
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Yup, NFS

    How did you secure by IP address? I've looked all over (I think) and have come up empty so far.

    Javier

  7. #36
    apaton's Avatar
    Join Date
    Jun 2009
    Location
    Kings Norton
    Posts
    283
    Thank Post
    54
    Thanked 106 Times in 87 Posts
    Rep Power
    36
    Quote Originally Posted by jvelador View Post
    How did you secure by IP address? I've looked all over (I think) and have come up empty so far.

    Javier
    You can set through NFS exceptions.
    I find using the Network best with a mask of /32 (255.255.255.255)

    E.g. if you need host ip 172.16.23.41 to have access set network to 172.16.23.41/32

    Also see attached screen-shot
    Attached Images Attached Images

  8. #37

    Join Date
    Nov 2009
    Location
    Canada
    Posts
    34
    Thank Post
    6
    Thanked 7 Times in 7 Posts
    Rep Power
    11
    Quote Originally Posted by teejay View Post
    OK, got roaming profiles and users set up and live on our Sun 7110.
    This is the easiest way of doing it:

    Make sure you have the latest update on your Sun box, makes this work a whole lot easier!
    Create a Project for the Users, eg Students.
    Create a share for each group of users, for instance for each Year Group.
    On the CIFS share level ACL set your admin group to full control and give a security group with the users who are going to have their home directories in this sgare all read and write access but don't tike the inheritance options.
    In the CIFS Root directory ACL give your admin group full control and the share users group:
    Read Data/List Directory
    Execute File/Traverse Directory
    Read Attributes
    Read Extended Attributes

    Then, in the share create two folders, Documents and Profiles
    On each of these give your Admin group Full Access
    Your share users group:
    Traverse Folders/Execute File
    List Folder/Read Data
    Read Attributes
    Read Extended Attributes
    Create Folders/Append Data
    and set this to apply onto this folder only
    Add permissions for CREATOR OWNER as everything apart from Change Permissions and Take Ownership and set this to apply onto Subfolders and Files only.
    teeyay,

    I've been trying to follow along here and I am having some success but I'm getting tripped up on the correct permissions on the share so that the ADUC snap-in can set the home folder. I can do it manually, just not through ADUC.

  9. #38

    teejay's Avatar
    Join Date
    Apr 2008
    Posts
    3,177
    Thank Post
    285
    Thanked 773 Times in 583 Posts
    Rep Power
    335
    Best way I've now found of creating CIFS shares on these is:
    Create the CIFS share on the Sun box with everyone Full Control, don't make it a hidden $ share (you can do this afterwards if needed)
    In windows, browse to the root of your S7000, so for example in Windows go to \\SUNBOXNAME\
    You will see any non hidden shares, right click on the one you've created and set the permissions required for the share.
    If you want to make it a hidden share, go back in the Sun box and chaneg the share name to one with a $ on the end.

    I found, especially with earlier versions of the Sun software, that when you try creating the permissions directly on the Sun box it doesn't always work as expected.

  10. #39

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,611
    Thank Post
    1,496
    Thanked 1,051 Times in 920 Posts
    Rep Power
    303
    Quote Originally Posted by teejay View Post
    Best way I've now found of creating CIFS shares on these is:
    Create the CIFS share on the Sun box with everyone Full Control, don't make it a hidden $ share (you can do this afterwards if needed)
    In windows, browse to the root of your S7000, so for example in Windows go to \\SUNBOXNAME\
    You will see any non hidden shares, right click on the one you've created and set the permissions required for the share.
    If you want to make it a hidden share, go back in the Sun box and chaneg the share name to one with a $ on the end.

    I found, especially with earlier versions of the Sun software, that when you try creating the permissions directly on the Sun box it doesn't always work as expected.
    I'd mirror that way, I make all mine that way and it seems to be the easiest way and works well

  11. #40

    Join Date
    Nov 2009
    Location
    Canada
    Posts
    34
    Thank Post
    6
    Thanked 7 Times in 7 Posts
    Rep Power
    11
    Thanks guys. I'll give that method a shot. I am running the latest build so there should be few issues...I hope.

  12. #41

    Join Date
    Nov 2009
    Location
    Canada
    Posts
    34
    Thank Post
    6
    Thanked 7 Times in 7 Posts
    Rep Power
    11
    Are the default share settings ok to go with as well?

  13. #42

    teejay's Avatar
    Join Date
    Apr 2008
    Posts
    3,177
    Thank Post
    285
    Thanked 773 Times in 583 Posts
    Rep Power
    335
    I'll grab you some screenshots etc of what to set when I'm in the office tomorrow.

  14. #43
    Duke's Avatar
    Join Date
    May 2009
    Posts
    1,017
    Thank Post
    300
    Thanked 174 Times in 160 Posts
    Rep Power
    57
    Quote Originally Posted by teejay View Post
    You will see any non hidden shares, right click on the one you've created and set the permissions required for the share.
    If you want to make it a hidden share, go back in the Sun box and chaneg the share name to one with a $ on the end.

    I found, especially with earlier versions of the Sun software, that when you try creating the permissions directly on the Sun box it doesn't always work as expected.
    I'm sure this works great, but how do you handle creating 250 users each year for new students? Are you making 250 shares manually and setting the permissions on them all?

    Our solution to this was to create a share for the year group's userspace and a share for their roaming profiles. Because only the Sun box can create a share (without fiddling with automated workflows), we created folders inside these shares for each user using our batch user creation tool (UMRA from tools4ever) that happily sees the Sun share as a standard Windows share and will make folders and set permissions on them with no problems.

    I'd love to use hidden $ shares, but Backup Exec won't see them or back them up...

    Cheers,
    Chris

  15. #44

    teejay's Avatar
    Join Date
    Apr 2008
    Posts
    3,177
    Thank Post
    285
    Thanked 773 Times in 583 Posts
    Rep Power
    335
    Quote Originally Posted by Duke View Post
    I'm sure this works great, but how do you handle creating 250 users each year for new students? Are you making 250 shares manually and setting the permissions on them all?

    Our solution to this was to create a share for the year group's userspace and a share for their roaming profiles. Because only the Sun box can create a share (without fiddling with automated workflows), we created folders inside these shares for each user using our batch user creation tool (UMRA from tools4ever) that happily sees the Sun share as a standard Windows share and will make folders and set permissions on them with no problems.

    I'd love to use hidden $ shares, but Backup Exec won't see them or back them up...

    Cheers,
    Chris
    We don't create a share for each pupil, we have one share for each year group with 2 folders in it, one called Profiles and one called Documents. There is no need to run batch scripts, the individual user profile folders and Documents folders are created automatically at first login. What I was poitning to above was that it seems to work much better if you set the permissions for the share through Windows rather than the Sun interface.

  16. #45
    Duke's Avatar
    Join Date
    May 2009
    Posts
    1,017
    Thank Post
    300
    Thanked 174 Times in 160 Posts
    Rep Power
    57
    Quote Originally Posted by teejay View Post
    We don't create a share for each pupil, we have one share for each year group with 2 folders in it, one called Profiles and one called Documents. There is no need to run batch scripts, the individual user profile folders and Documents folders are created automatically at first login. What I was poitning to above was that it seems to work much better if you set the permissions for the share through Windows rather than the Sun interface.
    Ahh, I see. Sorry, misunderstood what you said - Don't worry I know you know the S7000 stuff better than I do.

    Definitely agree on setting permissions, I think the Sun whitepaper on MS Windows integration actually recommends you set permissions through Windows rather than the box itself.

    Stupid question, but how are you doing this bit:

    the individual user profile folders and Documents folders are created automatically at first login
    Cheers,
    Chris

SHARE:
+ Post New Thread
Page 3 of 4 FirstFirst 1234 LastLast

Similar Threads

  1. Sun Storage 7110
    By Ric_ in forum Hardware
    Replies: 663
    Last Post: 17th August 2012, 07:34 AM
  2. Xenserver 5 and SUN 7110 SAN
    By cookie_monster in forum Thin Client and Virtual Machines
    Replies: 9
    Last Post: 1st June 2009, 06:06 PM
  3. Unified Storage Systems
    By teejay in forum Hardware
    Replies: 5
    Last Post: 12th February 2009, 07:07 PM
  4. SAN storage
    By Theblacksheep in forum Hardware
    Replies: 3
    Last Post: 20th November 2008, 01:08 PM
  5. SAN Question
    By Dos_Box in forum Wireless Networks
    Replies: 3
    Last Post: 3rd January 2007, 11:07 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •