Network and Storage Protocols

CIFS share Migration

JSJ
3,996 Views

I have 5 CIFS servers on the source VMAX, and we are planning to migrate on the NetApp Filers , do we need to create multiple SVMs to host multiple CIFS. if yes, then why ?

 

or can we host multiple CIFS servers onto a single SVM with different interfaces ? if yes, then how ?

 

FYI.. all the CIFS will be in same domain in the target state.

5 REPLIES 5

GidonMarcus
3,971 Views

Hi,

 

if it's the same domain (or trusted one), then a single SVM can do the work, I have merged a few file servers to a single SVM before, and I don't see any issue with it. 

 

As a best practice, I try to use hidden ($) shares where possible, and match each share with its own identical CNAME (to make DR tests and migrations easier). And sometimes uses DNFSn (although I don't like it - it does the job).

 

There's no problem pointing as many CNAMEs as you like to a single interface (make sure to set SPN's). and to use the RoundRobing or the NetApp DNS load balance feature https://www.netapp.com/us/media/tr-4523.pdf  to spread the workload on a few nodes.   you may want to consider splitting the access to multiple LIFs/SVMs to accommodate scenarios as:

Need to expose a share/export to a DMZ or a 3rd party.

A heavy workload that you want to bind to a single node where the volume resides (to overloading the cluster network).

Prepare for known splits (geographically, or different entities/departments that might get sold off)

 

Gidi Marcus (Linkedin) - Storage and Microsoft technologies consultant - Hydro IT LTD - UK

JSJ
3,861 Views

Thanks Gidon for your response.


While we have executed the Robocopy commands we are able to copy the data (Folders) from VMAX NAS but we can't see the NTFS permissions on the target storage (NetApp Filers). We have admin rights on both source and the target storage and have as well as the SVMs but we still can't see the security permissions.

 

ROBOCOPY \\BETPBRU-FS07-TM\fs_be71$ \\FRABPAR-FSA01\fs_par_cifsn0017$ /M /MIR /XD "~snapshot" /XD "lost+found" /XD ".etc" /S /E /COPYALL /SEC /NP /TEE /XF thumbs.db /R:0 /MT:8 /LOG:C:\VMAX-RC\fs_be71-fs_par_cifsn00017$-mir.txt 

 

Please could you suggest the best possible way forward.

 

GidonMarcus
3,858 Views
Hi,

Are you member of the local cifs administrators group (or any other
equivalent local group you had on the VMAX)?

vserver cifs users-and-groups local-group show-members

Gidi
Gidi Marcus (Linkedin) - Storage and Microsoft technologies consultant - Hydro IT LTD - UK

JSJ
3,817 Views

Hi Gidi

 

Thanks for the prompt response. Below is  the output and I have validated the group access on the source VMAX, I have the rights to the groups.

 

frabstd-cdot01::> vserver cifs users-and-groups local-group show-members
Vserver Group Name Members
-------------- ---------------------------- ------------------------
FRABPAR-FSA01 BUILTIN\Administrators FRABPAR-FSA01\Administrator
MAIN\Domain Admins
BUILTIN\Guests MAIN\Domain Guests
BUILTIN\Users MAIN\Domain Users


FRABPAR-FSS01 BUILTIN\Administrators FRABPAR-FSS01\Administrator
MAIN\Domain Admins
BUILTIN\Guests MAIN\Domain Guests
BUILTIN\Users MAIN\Domain Users
frabstd-cdot01-fstest01


BUILTIN\Administrators FRABSTD-FSTEST1\Administrator
MAIN\Domain Admins
BUILTIN\Guests MAIN\Domain Guests
BUILTIN\Users MAIN\Domain Users
frabstd-cdot01-fstest02


BUILTIN\Administrators FRABSTD-FSTEST2\Administrator
MAIN\Domain Admins
BUILTIN\Guests MAIN\Domain Guests
BUILTIN\Users MAIN\Domain Users

chris_hurley
3,681 Views

When you mention you cannot "see" the ACLs, does that mean that you cannot view them via the Windows client?   Or the ACLs that are applied at the ONTAP side are not what's expected?

Public