Overview

CIFS is a protocol used for sharing network files. CIFS allows Windows clients on the Internet and intranet to access shared files and other resources. The CIFS share is mainly applicable to the file sharing.

Server Message Block (SMB) is a protocol used for network file access and CIFS is a public version of SMB. The SMB protocol allows a local PC to access files and request services on PCs over the local area network (LAN).

With the continuous expansion of enterprises, more and more users need to access the share service in enterprises. Restricted by the server where shared files reside, the access speed decreases and system response slows down when a large number of users access shared files. Therefore, improving the performance of accessing shared files becomes an urgent need for enterprises.

The CIFS feature allows Windows clients to identify and access shared resources provided by the S2600T/S5500T/S5600T/S5800T storage system. With CIFS, clients can quickly read, write, and create files in the storage system as on local PCs. The storage system delivers high performance, addressing the problems of decreased access speed and slow response.

The CIFS feature has the following advantages:

High concurrency
CIFS supports the file sharing and file locking mechanisms, allowing multiple clients to access a file. Multiple clients can access a file at the same time, but only one client is allowed to update the file each time.
High performance
Access requests sent by a client for a shared file are cached locally but not delivered to the S2600T/S5500T/S5600T/S5800T storage system. When the client sends access requests for shared files again, the system directly reads shared files in the cache, improving access performance.
Data integrity
CIFS provides the cache, pre-read, and write back functions to ensure data integrity. Access requests sent by a client for a shared file are cached locally but not delivered to the S2600T/S5500T/S5600T/S5800T storage system. If other clients want to access the shared file, the cached data is written to the S2600T/S5500T/S5600T/S5800T storage system. Only one copy file is activated each time to prevent data conflicts.
Robust security
CIFS supports anonymous file transfer and share access authentication. The authentication management function controls users' access permissions, ensuring data confidentiality and security.
Wide application
Any client that supports the CIFS protocol can access the CIFS share space.
Unified coding standard.
CIFS supports various types of character sets, applicable to different language systems.

Specifications

This chapter describes the CIFS share specifications.

Table 1 lists specifications of the CIFS share based on one S2600T/S5500T/S5600T/S5800T storage system.

Table 1 CIFS share specifications

Item

Specifications

Number of file systems shared in CIFS Normal mode

≤ 60

Number of file systems shared in CIFS Homedir mode

≤ 16

Number of links in the CIFS Homedir share

≤ 3000^a

Number of active links in the CIFS Homedir share^b

≤ 800^c

a: The number of local users and domain users in one storage system cannot exceed 3000, and the number of user groups cannot exceed 3000.

b: The number of active links refers to the number of online users.

c: A storage system supports a maximum of 800 active links.

Availability

This section describes the CIFS share availability from the aspects of the license support, version support, network requirements, feature dependency, and system performance.

License Requirement

A license is required to use the CIFS share feature.

Applicable Versions

Product Name	Product Version
OceanStor S2600T/S5500T/S5600T/S5800T Storage System	V100R005

Network Requirements

The CIFS share feature supports the Internet Protocol version 4 (IPv4), but does not support Internet Protocol version 6 (IPv6).

(Optional) When the CIFS share feature is applicable to a domain environment, you need to configure the domain controller. The configuration items are described inTable 1.

Table 1 Configuration items for the domain controller

Item	Description
AD^a	Storing information related to network objects, the AD enables the administrator and users to easily find and use the information.
Kerberos or NTLM^bauthentication	Authenticates users to protect files in the system.
DNS^c server	Storing host names and IP addresses on the network, the DNS server converts host names to corresponding IP addresses.
NTP^d server	Synchronizes the time of devices on the network.
a: Active Directory (AD) b: NT LAN Manager (NTLM) c: Domain Name Server (DNS) d: Network Time Protocol (NTP)

Feature Dependency

Table 2 describes the dependency between the CIFS share feature and other features.

Table 2 Dependency between the CIFS share feature and other features

Feature	Dependency
NFS^a/FTP^b/HTTP^cshare	The S2600T/S5500T/S5600T/S5800T storage system can share file systems using multiple protocols. However, clients cannot write one file in a file system at the same time if the file system is shared through multiple protocols. If multiple protocols are used to share file systems, you are advised to configure read-write share for only one protocol and read-only share for other protocols.
Archiving	After a CIFS share is created, the data archiving feature of the file system is unavailable.
File system snapshot	Before accessing the file system snapshot, clients must create the file share for it.
a: Network File Server (NFS) b: File Transfer Protocol (FTP) c: Hypertext Transfer Protocol (HTTP)

System Performance

The CIFS share feature has the following impacts on the system performance:

The system supports file system sharing through CIFS, NFS, FTP and HTTP. When the file system is accessed by clients using different protocols, the overall system performance is slightly degraded.
Different file systems provide services through the CIFS share or NFS share. If one share feature is in use, the performance of another share feature deteriorates.
The system performance deteriorates if clients access a large amount of small files in the CIFS share after the full_acl permission is enabled, because the S2600T/S5500T/S5600T/S5800T storage system spends a large amount of time in authentication. Therefore, you are advised not to enable the full_acl permission in the CIFS Normal share.
The system performance deteriorates if file system snapshots are created after the CIFS Normal share has been created for a file system.

Application Scenario

The CIFS share is mainly applicable to the file sharing by Windows clients. The CIFS share is classified into CIFS Normal share and CIFS Homedir share. This section describes the CIFS Normal share and CIFS Homedir share in a non-domain and an AD domain environment.

CIFS Normal Share in a Non-Domain Environment

With the continuous expansion of enterprises, more and more data needs to be shared in enterprises. Therefore, enterprises require large shared space for users to store shared data and simplified shared space management.

The S2600T/S5500T/S5600T/S5800T storage system shares the file system to all the users of enterprises in CIFS Normal mode. The shared file system appears as a directory. All the users can access the shared directory. Besides, permission management based on local group allows enterprises to control users' permissions for the shared directory. Meanwhile, the storage system allows enterprises to set shared space quotas for departments and users. User quota management ensures that all the users can perform read and write operations in the file system by preventing some users from occupying too much shared space.

In Figure 1, all the local users can access the shared space provided by the S2600T/S5500T/S5600T/S5800T storage system in CIFS Normal mode. The CIFS normal share allows different local groups to have different shared directory access permissions. Local users belong to different local groups and each group has different permissions for the shared space. Namely, some local users have read/write permission for the shared space while some local users only have read-only permission for the shared space. The storage system can set a shared space quota for each local user.

Figure 1 File sharing in CIFS Normal mode in a non-domain environment

http://localhost:7890/pages/3118G2D8/07/3118G2D8/07/resources/dita/nas/CIFS_feagud/figure/cifs_fea/os_cifsfea_appscen_fig01.png

CIFS Homedir Share in a Non-Domain Environment

With the continuous expansion of enterprises, the number of users increases. The need for private storage space emerges. The private space of a user cannot be viewed or accessed by other users.

The S2600T/S5500T/S5600T/S5800T storage system shares the file system to a user in CIFS Homedir mode. The shared file system appears as a directory. The directory name is the same as the user name. This user can only access the shared directory of his/her own. Meanwhile, the storage system allows enterprises to set shared space quotas for departments and users. User quota management ensures that all the users can access the file system and files by preventing some users from occupying too much shared space.

In Figure 2, each local user can only access the shared directory whose name is the same as the user name. The S2600T/S5500T/S5600T/S5800T storage system can set a shared space quota for each local user. The quota of a local user can be larger than the capacity of the local user's owning file system.

Figure 2 File sharing in CIFS Homedir mode in a non-domain environment

http://localhost:7890/pages/3118G2D8/07/3118G2D8/07/resources/dita/nas/CIFS_feagud/figure/cifs_fea/os_cifsfea_appscen_fig02.png

CIFS Normal Share in an AD Domain

With the expansion of LAN and wide area network (WAN), many enterprises use the AD domain to manage networks on Windows. The AD domain make network management simple and flexible.

The S2600T/S5500T/S5600T/S5800T storage system can be added to an AD domain as a client, namely, it can be seamlessly integrated with the AD domain. The AD domain controller saves information about all the users and groups in the domain. All the users in the AD domain can access the CIFS Normal share provided by the storage system. Before the access, they need to be authenticated by the AD domain controller. The AD domain administrator can implement file-specific permission management. Different users have different permissions for each shared folder.

In Figure 3, all the domain users can access the shared space provided by the S2600T/S5500T/S5600T/S5800T storage system. Before accessing the shared space, domain users need to authenticated by the AD domain controller. The storage system can set a shared space quota for each user or group.

Figure 3 File sharing in CIFS Normal mode in an AD domain

http://localhost:7890/pages/3118G2D8/07/3118G2D8/07/resources/dita/nas/CIFS_feagud/figure/cifs_fea/os_cifsfea_appscen_fig03.png

CIFS Homedir Share in an AD Domain

With the expansion of LAN and WAN, many enterprises use the AD domain to manage networks on Windows. The AD domain make network management simple and flexible.

In Figure 4, each domain user can only access the shared directory whose name is the same as the user name. The S2600T/S5500T/S5600T/S5800T storage system can set a shared space quota for each domain user or group. The quota of a domain user can be larger than the capacity of the domain user's owning file system.

Figure 4 File sharing in CIFS Homedir mode in an AD domain

http://localhost:7890/pages/3118G2D8/07/3118G2D8/07/resources/dita/nas/CIFS_feagud/figure/cifs_fea/os_cifsfea_appscen_fig04.png

CIFS Share Feature Overview

Overview

Specifications