Network and Storage Protocols

NetApp CIFS versus Fileserver

geidam001
18,641 Views

Hello,

currently a VMware farm is connected via 4Gbps Fibre Channel to a NetApp. VMDK files are are on a Fibre Channel LUN. File Services files are on a RAW SATA LUN.

The VMware farm hosts 5 file servers as VMs.

What will be the exact benefit to change the solution to provide CIFS services directly from the NetApp instead of the 5 file servers?

Is there anything to calculate performance benefit before the change?

Thanks for help.

GEidam

5 REPLIES 5

adambergh
18,642 Views

My organization looked into this very same scenario about two years ago. The factors we weighed were ones of ease of management, security, and cost.

Positives:

  • You would not need additional Windows Server licensing or server hardware.

Negatives:

  • Managment for the file shares moves from Windows administrators to your storage administrators.
  • Security management becomes an issue. We have trust relationships about 10 other domains. Managing the security was not as easy as from a Windows server with experience Windows Server security engineers.
  • Window's Shadow Copy Service is an amazing feature that allows for end user self-service restores. You would lose this ability with NetApp CIFS.
  • We use traditional Windows agent based tape backup. There were questions on how we would continue to use this method with the NetApp CIFS.

In the end we decided to stay with our Windows file servers as the cost savings didn't balance out the negatives. Hope this helps a bit.

Regards,

Adam Bergh

martin_fisher
18,642 Views

Hi, just wanted to add to this thread as some comments are not entirely factual.

Negatives:
  • Managment for the file shares moves from Windows administrators to your storage administrators.

Not at all, once your Storage Admin has created the volume and CIFS share and permission'ed it correctly, your Windows Administrators can continue to administer the share as per normal procedure, adding removing users/groups or administering through Active Directory. The only time the storage admin needs to be involved is if a volume change or possible root permissions change maybe required for example.

Security management becomes an issue. We have trust relationships about 10 other domains. Managing the security was not as easy as from a Windows server with experience Windows Server security engineers.

Again not factually true. The NetApp appliance will reference Active Directory and a domain controller if it is joined to a domain as part of the CIFS setup. As long as the appliance can communicate with the DC and DNS and perform lookups AND your Active Directory domains have a 2 way Trust relationship within the AD forest, then a user authenticating again one domain will be able to access a resource in another domain.

  • Window's Shadow Copy Service is an amazing feature that allows for end user self-service restores. You would lose this ability with NetApp CIFS.

Windows Shadow copy is one option, however NetApp has snapshot technology, which allows for the creation of 255 "snapshots" of a each individual volume and quite frankly is far superior. There are many advantages to this technology than I can describe when compared with competitors. From memory there are no other Vendors in the market that offer in the region of 255 snapshots. Using Snapshot technology with your CIFS share, will, subject to the size of the working Data Set, allow you to keep on disk, 255 snapshots of the data. With the correct setup of the CIFS Shares, snapshots and AD permissions, users will be able to restore a previous version of a file or folder, by using a previous versions tab available in the properties of a file or folder held in the CIFS Share. The user would be able to restore their own data, at will. You do not loose this ability with NetApp CIFS Shares.

  • We use traditional Windows agent based tape backup. There were questions on how we would continue to use this method with the NetApp CIFS.

Windows based backup with traditional systems, again is not an issue. If the appliance is joined to the windows domain, it has a computer account in active directory and is treated as any other CIFS/File server, just a big one.

Most traditional backup software available these days allows for backups of a CIFS share/File Server and would treat the appliance in the same way. Again this would not be a issue, if you wanted to use this method.

Other Benefits for an appliance would be:

Reduced hardware maintenance and support, as you may be able to remove several file servers from hardware/maintenance contracts.

Small reduction in power and cooling utilization.

Fewer windows server licenses.

Centralized CIFS/File storage (This can be seen as a benefit as well as a problem).

Ability to provide up to 255 restore points, which could be online

Fewer restores from tape (potentially)

Ability to replicate this data using Snapmirror, which Windows cannot do as easily.

Deduplication function available with NetApp - removing duplicate data block to save on overall storage.

- Most importantly - Being able to add additional storage, on the fly, without downtime, to cope with an increase in a file storage/growth.

Hope this Helps.

Martin

thomas_glodde
18,642 Views

Besides the mentioned features above, we fully support access based enumeration as well as a certain amount of quotation.

And using the NetApp Multistore license, you can create virtual Filers and have them each join a different domain if needed, eg. physical philer is in domain1.local, vfiler1 can be in yetanotherdomain.intra or whatever.

The only true downsides of a NetApp filer are limited quotation options (you can have powerful 3rd party tools using the fpolicy api tho) and no support for DFS-R( DFS-Replication), i didnt come across a customer tho who felt like these 2 things are showstoppers for him.

txskibum2000
18,642 Views

We have been using CIFS for a while, and about to roll back to a file server. I need to implement a DFS Services, and the filer is not a DFS root, and dont know any other work around. Also, I look Log Management File Integrity Monitoring (Alerts on any file or folders additions, deletes, modifications, or reads...malicious behaviors...PCI DSS compliance sections 11.5 and 12.9.

DEADEYEDJACKS
18,642 Views

There is nothing preventing shared folders on a NetApp filer from being the targets for a Windows DFS namespace.  The namespace servers can be your Windows domain controllers or indeed any other suitable Windows server, they need not be the file server.

Equally rather than using DFS-R for replication, if required, you could you NetApp replication technologies. 

Public