Home > Storage > PowerScale (Isilon) > Product Documentation > Protocols > Dell PowerScale: Solution Design and Considerations for SMB Environments > SMB share creation
There are several ways to create SMB shares which are listed in the Table 4:
Methodologies | Features | Note |
WebUI | Create and delete SMB share folders Configure share permission | Ability to enable SMB continuous availability (CA) during creation |
PowerScale CLI | Create and delete SMB share folders Configure share permission View and close active SMB sessions View and close open files | |
Microsoft Management Console (MMC) | Inability to create SMB CA enabled share using MMC |
MMC provides a simple way to manage SMB share creation. But it requires some configuration at the beginning and more importantly, it does not support enabling SMB CA feature during the creation. For detailed steps for creating an SMB share using MMC, see seeOneFS: How to create new SMB share using MMC. In the following sections, we will explore some of the key options when creating an SMB share.
OneFS supports overlapping display names for SMB shares if the display name appears only once per access zone. All SMB shares belong to a global list of shares and require unique SMB share names. By default, users see the SMB share name when connecting to the Dell PowerScale cluster; however, you can configure a display name for the SMB share that users see instead.
Display names must be unique within a zone; therefore, if you would like more than one SMB share to display the same name you must add each share to a separate access zone. For example, you can assign the "Home" as the display name for an SMB share in zone A and also assign it to a different share in zone B.
If you have an existing directory structure that you want to add a share to, you most likely do not want to change the ACLs, so you should select the Do not change existing permissions option shown as Figure 4.
If you are creating a new share for a new directory, you should set the Apply Windows Default ACLs option and then once the share is created, go into the Security tab from Windows and assign permissions to users as needed. The selection of Apply Windows Default ACLs ends up converting the ACL to:
ISI7021-1# ls -led /ifs/tmp
drwxrwxr-x + 2 root wheel 0 Jul 17 07:46 /ifs/tmp
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited,dacl_protected
0: group:Administrators allow dir_gen_all,object_inherit,container_inherit
1: creator_owner allow dir_gen_all,object_inherit,container_inherit,inherit_only
2: everyone allow dir_gen_read,dir_gen_execute
3: group:Users allow dir_gen_read,dir_gen_execute,object_inherit,container_inherit
4: group:Users allow std_synchronize,add_file,add_subdir,container_inherit
Note: Do not apply these settings (Apply Windows default ACLs) to the /ifs directory. Doing so may make the cluster inoperable.
When a client opens a file using the SMB protocol, the SMB service returns a file ID, or FID, which is used to further reference the specific opening of that file from a specific Windows client. Open mode is the term which the client can specify when it wants to open the file for reading, writing or executing. It is up to the server to validate that the client has sufficient permissions to open the file with the desired open mode. The term share mode specifies the operation type (read, write, and delete) on each file. A share mode can be any combination of read, write and delete. For example, a share mode of ‘read’ specifies that you are allowing users to access the file in read-only mode. The server must also check to make sure an open mode does not conflict with any existing share mode before it can return success to the client. Once the open has passed the server’s access and share mode checks, the server must do one of the followings:
The SMB oplock is a performance enhancement mechanism whereby the server cooperates with a client and allows the client to aggressively cache data under specific conditions. Oplocks allow a Windows client to cache read-ahead data, writes, opens, closes, and byte-range lock acquisitions. By caching these operations, clients may see a performance gain because the operations can be coalesced.
Starting with SMB2.1, SMB leases were introduced. It shares the same purpose with an oplock, which allows clients to improve performance by reducing network transmission. The newly added types of leases correspond to the new oplock types in SMB2.1. SMB2.1 just gives it a different name to distinguish it from the existing oplock functionality. A lease can be a combination of one or more of the leases types below:
One of the major differences between oplocks and lease is how they deal with multiple file handles (FID) in the same client or application. Oplocks do not allow data caching if there are multiple FIDs for the same file opened by a client or an application, meanwhile, lease allows full data caching on multiple FIDs for the same file opened for a client or application. This enhancement can provide a further performance boost, especially on high latency network.
Both oplocks and leases are supported in OneFS and can help SMB performance in most scenarios and for this reason oplock and leases are enabled by default. However, in some cases, some anti-virus software and old applications do not support this function well. In order to make these applications function well, we recommend disabling oplock and leases for the dedicated SMB share. For details, see OneFS: How to disable opportunistic locking (oplock) on SMB file shares and How to disable oplock leases in OneFS 7.x and later.
For more details of oplocks from Microsoft MSDN see the article Opportunistic Locks.
There are three settings for ABE as listed in Table 5.
Level to enable and disable | ABE configurations | Description |
Global | Access Based Share Enumeration | Will only show file shares that the requesters have permission to access |
Share | Access Based Enumeration | Will only show the files and directories that the requesters have permission to access |
Access Based Enumeration Root Only | Only the root directory of the share is enabled/disabled for ABE |
ABE can restrict the requesters to see only what they have permission to access which is good for security considerations. On the other hand, when ABE is enabled on a top-level directory with thousands of folders and files, PowerScale CPU utilization will be high and could potentially cause performance issues. Based on this point, the recommendation is to enable ABE for root only or turn off ABE for directories that have a large amount of files and subfolders. See OneFS CLI Administration Guide for more details on how to configure Access-based Enumeration.