All Dell Unity releases support SMB1 through SMB 3.02, which supports enhancements such as continuous availability, offload copy, protocol encryption, multichannel, and shared VHDX support. Some of these features do not require any special configuration on the Dell Unity system, such as multichannel and shared VHDX support. For multichannel, if there are multiple interfaces created on multiple ports, the SMB3 protocol automatically uses all available TCP connections for a single SMB session. Shared VHDX support provides the ability to enable virtual hard disk sharing on Microsoft Hyper-V® to share a virtual disk between multiple nodes. The configurable options of these features are described later in this section.
Starting with OE version 4.2, SMB 3.1.1 is also supported, which adds reliability enhancements for Continuous Availability (CA) for Hyper-V Cluster Client Failover (CCF) and improved security and encryption traffic performance. The SMB version that is used is dependent on the client operating system.
Regardless of the protocol used for client communication, SMB1 must also be enabled in your environment if running OE version 4.1 or earlier. SMB1 is used to establish a secure channel for communication between the Dell Unity NAS server and the domain controllers in your environment. This secure channel is used for operations such as authentication, SID lookups, Group Policies, and so on. If SMB1 is disabled in your environment, these operations will fail. However, starting with OE version 4.2, SMB1 no longer needs to be enabled in your environment since SMB2 is used for secure channel communication, by default. Using SMB2 enhances security and increases efficiency due to enhancements and updates to the protocol. Furthermore, SMB3 improves upon the SMB2 protocol offering stronger authentication, secure data transfer, and performance for file clients. This allows customers that have security concerns or company policies to disable SMB1 without impacting connectivity. If SMB2 or SMB3 is not available, the Dell Unity NAS server attempts to use SMB1 as a backup option. This means that any domain controllers that are running older operating systems that only support SMB1 can continue to function. In addition, you can also disable SMB1 for client access on the NAS server by using the cifs.smb1.disabled parameter. Starting with the Unity OE version 5.4, users now have the option to disable SMB2 at the NAS server level as well, allowing SMB3 communications only. To disable SMB2 at the NAS server level, users will need to modify the smb2.smb3only parameter. Each protocol version is independently enabled or disabled. For more information about NAS server parameters and how to configure them, reference the Service Commands document on Dell Technologies Info Hub.
SMB support is enabled on the NAS server level during or after creation, allowing administrators to create SMB-enabled file systems on that NAS server. When enabling SMB support on a NAS server, the SMB server can either be standalone or Active Directory domain joined. Domain joined NAS servers are placed in the OU=Computers, OU=EMC NAS servers organizational unit, by default.
Dell Unity also supports the Microsoft Distributed File System (DFS) namespace. This provides the administrator the ability to present shares from multiple file systems through a single mapped share. A Dell Unity SMB server can be configured as a standalone DFS root node or as a leaf node on an Active Directory DFS root. DFS-R (replication) is not supported on Dell Unity systems. If replication is required, the native asynchronous replication feature can be used to replicate the file system instead.
Each SMB file system and share has additional advanced protocol options that are disabled by default but can be set by administrators. SMB protocol related options are shown in the table below.
Protocol options | Level | Default |
Sync Writes Enabled | File system | Disabled |
Oplocks Enabled | File system | Enabled |
Notify On Write Enabled | File system | Disabled |
Notify On Access Enabled | File system | Disabled |
Continuous Availability | Share | Disabled |
Protocol Encryption | Share | Disabled |
Access-Based Enumeration | Share | Disabled |
Branch Cache Enabled | Share | Disabled |
Offline Availability | Share | None |
UMASK (Multiprotocol Only) | Share | 022 |
Synchronous writes enable the storage system to perform immediate synchronous writes for storage operations, regardless of how the SMB protocol performs write operations. Enabling synchronous writes operations allow you to store and access database files (for example, MySQL) on storage system SMB shares. This option guarantees that any write to the share is done synchronously and reduces the chances of data loss or file corruption in various failure scenarios, for example, loss of power. If SMB3 Continuous Availability (CA) is enabled, all write operations are automatically synced to satisfy the requirements for CA. This option can have a big impact on performance. It is not recommended unless you intend to use Windows file systems to provide storage for database applications.
Opportunistic file locks (oplocks) allow SMB clients to buffer file data locally before sending it to a server. SMB clients can then work with files locally and periodically communicate changes to the storage system rather than having to communicate every operation over the network to the storage system. Unless your application handles critical data or has specific requirements that make this mode or operation unfeasible, leaving the oplocks enabled is recommended.
The following oplocks implementations are supported on Dell Unity:
This option only applies to client access over SMB1 since oplocks are always enabled for client access over SMB2. However, disabling this option also invalidates the SMB2.1 file and directory lease feature. Leasing serves the same purpose as oplocks, but provides greater flexibility and enhancements, increasing performance and reducing network utilization.
This option enables notifications when a file system is written to or accessed. Applications that run on Windows platforms, and use the Win32 API, can register with the SMB server to be notified of file and directory content changes, such as file creation, modify, or rename. For example, this feature can indicate when a display needs to be refreshed (Windows Explorer) or when the cache needs to be refreshed (Microsoft Internet Information Server), without having to constantly poll the SMB server.
Continuous availability is an SMB3+ specific feature that can be enabled at the share level on Dell Unity systems. In the event of a client or storage processor failure, CA allows persistent access to Dell Unity file systems without loss of the session state. This is useful for critical applications such as Hyper-V or SQL, where constant availability to files is of the upmost importance. SMB 3.0 uses persistent handles to enable the Dell Unity NAS server to save on disk-specific metadata associated to an open handle. In the event of an SP failure, applications accessing open file content are not affected if the NAS server and file system failover to the peer SP completes within the timeout of the application. This results in clients transparently reconnecting to the peer SP after the NAS server failover without affecting those clients’ access to their files.
Continuous availability is also available on the client side, which is independent from storage CA. Client CA transparently preserves access in the event of a node failure within a client application cluster. When a failure of one node in the cluster occurs, the application is moved to the other node and reopens its content on the share from that node using its originally assigned ApplicationID without an interruption in access. The CA option on the share does not need to be enabled to use client CA.
Starting with OE version 4.2, SMB 3.1.1 is supported. This adds a reliability enhancement for Continuous Availability for Hyper-V Cluster Client Failover by adding an ApplicationInstanceVersion tag in addition to the ApplicationID. The ApplicationInstanceVersion tag is incremented each time an application is restarted on a new node within the cluster. In situations where network access is lost, but storage access remains available, the application may be restarted on a new node without the cluster knowing due to the lack of network access. The ApplicationInstanceVersion tag enables the storage system to easily identify which node in the cluster is the correct owner of the application. The storage system can safely close any locks that were opened with a lower ApplicationInstanceVersion number, which allows the application to restart without any conflicts.
Protocol encryption is an SMB 3.0 feature that is available on Dell Unity. This option provides in-flight data encryption between SMB 3.0 compatible clients and the Dell Unity NAS server. Data is encrypted by the client before being sent to the NAS server, or from NAS server to client. It is then decrypted upon reaching its destination, whether that is the NAS server or SMB client. The protocol encryption is enforced at user session level, ensuring the whole SMB traffic is encrypted once the user session is established.
The following setting can be configured in the NAS server’s registry:
Starting with OE version 4.2, SMB 3.1.1 is supported. This provides improved security and encryption traffic performance for SMB3 by changing the encryption algorithm from AES-CCM-128 to AES-GCM-128. This change improves performance under certain conditions such as large file transfers. In addition, this improves security against man-in-the-middle attacks.
Access-based enumeration is a share-level option that restricts the display of files and folders based on the access privileges of the user attempting to view them. Without access-based enumeration, all users can view all files and folders within a directory to which they have access. However, they will not be able to open or view these files and folders without the appropriate access privileges. When access-based enumeration is enabled on a share, users will only be able to see files or folders for which they have at read access or above. For example, without access-based enumeration a user without access to several files would still be able to see that those files exist in a directory to which they have access. However, with access-based enumeration, that same user would not even see those same inaccessible files in the directory. Administrator users are always able to see all files and folders, even when access-based enumeration is enabled on a share.
BranchCache is a share-level option that allows users to access data stored on a remote NAS server locally over the LAN without being required to traverse the WAN to access the NAS server. This is most useful in a remote or branch office environment, where branch offices are required to access data stored on a remote server at the main office. BranchCache allows this data to be cached locally at the branch, either by a single designated BranchCache server or distributed across clients, to reduce WAN bandwidth used by many clients constantly and repeatedly traversing the WAN for the same data.
With BranchCache enabled, the client uses the WAN to retrieve the hash of the file from the remote NAS server. The searches the local file cache to look for a file with a matching hash. If all or some of the data is available locally, either on the designated BranchCache or another client computer, the data will be retrieved locally. The data is validated using a hash function to ensure the file is the same. Any data that is not cached locally is retrieved from the NAS server over the WAN, and then cached locally for future requests. BranchCache works best for data that does not change often, allowing files to be cached for longer periods of time at the branch offices.
Offline availability is a share-level attribute that allows administrators to determine if and how files and programs in a share will be available when offline. This allows users to access shares on a server even when they are not connected to the network by storing a version of the share in a local cache on the client computer. For offline availability to function, it must be configured on both the share and the individual client computers accessing the share. Dell Unity NAS servers support four options for offline availability, which are the same options supported by Windows file servers and are shown below.