[unisog] provide storage to Unix and Windows users

Michael Friedman mfriedman at oit.umass.edu
Wed Oct 23 22:43:14 GMT 2002

NetApp Filers at UMass/Amherst

We use two filers at the University of Massachusetts at Amherst.  One, an
'800 series, is used for administrative computing, the other, a '740, is
used for general computing users.  Describing the latter seems to be more
appropriate for this thread.

Our '740 has 56 drives (14x9GB, 14x18 and 28x36) and five ethernet ports.
We run the NFS and CIFS protocols.  Two of the ethernet ports serve the NFS
traffic and administrative telnet/rsh through a back-end vif network to the
Unix systems.  Two of the ethernet ports serve the CIFS traffic through a
vif to the campus network.  The remaining port is for the direct connection
to the (NetShield for NetApp) virus scanner system.

There are approximately 35,000 home directrories.  On the Unix timesharing
side, users' home directories are mapped to the filer as is the scratch
space.  On the CIFS side, users have access to their home directories from
Windows, Mac (OS/X SMB) and "personal" unix systems (Linux, FreeBSD, etc.,
using smbmount).  Two NT4 domain controllers manage the CIFS/SMB
authentication.  The CIFS interface to the filer is called the UDrive.

Computing accounts are coordinated through a central user database.  Each of
the two services (Unix timesharing and UDrive) get account management
directives (Add, Delete, Modify, Deactivate and Reactivate) on an hourly
schedule (~7am to Midnight).

Only the Unix file security mechanisms are used.  We found that enabling
Windows permissions caused problems.  For example, users working on a
document in a classroom were locked-out when accessing the file from home.
The two different authentication domains conflicted!  Don't forget, trusts
between Windows domains only enable the granting and revoking of
permissions, they do not implicitly give access.

Four types of CIFS connections are being used.  First, users in the
university community access their shares with drive mapping or network
browsing through the NT4 authentication domain.  Second, users in department
LANs get access through domain trusts (the UGroups), assuming the usernames
match or are aliased.  Third, in public-access computer labs across campus
(no user logon/logoff), a special UDrive connection manager program is
available on the desktops.  In the computer classrooms, where users logon
and logoff their own accounts, the UDrive is very tightly integrated.

The classrooms' Windows 2000 domain is trusted by the UDrive domain.
Roaming profiles are supported for Windows users.  The users' home
directories (U:\) are mapped to the UDrive.  The Desktop, Start Menu, My
Documents and Applications Settings folders are redirected to the filer as
well.  Mac OS9 users' UDrive shares are mounted automatically at logon
(using Thursby's Dave software) through the Windows 2000 domain and appear
as Mac Network drives on their desktops.  Linux clasroom systems (with very
restricted availability) have optional smbmount connector programs to mount
the users' home directories on the /mnt/udrive network filesystem.

We typically see around 100 unix users and 200 CIFS users.  The filer CPU
utilization typically hovers around 25% with around 300 ops per second.
Snapshots are done nightly with weekly tape dumps.

System configuration and UDrive access instructions are available on a
special campus web site and assistance is available through the Help Desk
and Software Support.  PR is also important - we have a logo, a mascot and a
mission!  Our "SneakerNyet" initiative is aimed at making the UDrive easier
to use than floppies.

Mike Friedman,
UDrive Systems Administrator


apologies if I've broken the original thread at SANS...

More information about the unisog mailing list