NAS Technology Is Ready For Prime Time.
To allow clients to share access to a file, NT and Unix operating systems use different implementations for three types of file locking See file and record locking. features: (1) file locks to protect an entire file; (2) record locks to protect portions of a file defined by an offset into the file and a range of bytes from that offset; and (3) cache locks to protect the coherency co·her·en·cy
n. pl. co·her·en·cies
Noun 1. coherency - the state of cohering or sticking together
coherence, cohesion, cohesiveness (stability) of a file shared over the network. The locking implementation for each operating system operating system (OS)
Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs. can also vary. Exclusive locks prevent any other lock of the same resource from accessing the file while they are held. Shared locks prevent exclusive locks from succeeding while they are held. Mandatory locks do not require the participation of all users on the network in order for their integrity to be upheld. Advisory locks are enforced via the locking protocol itself--not when the file is accessed.
To offer integrated Unix/NT data sharing The ability to share the same data resource with multiple applications or users. It implies that the data are stored in one or more servers in the network and that there is some software locking mechanism that prevents the same set of data from being changed by two people at the same time. , the NAS (1) See network access server.
(2) (Network Attached Storage) A specialized file server that connects to the network. A NAS device contains a slimmed-down operating system and a file system and processes only I/O requests by supporting the popular appliance must be able to distinguish and transparently support the various locking requirements of its clients. For example, Unix clients running NFSv2 and NFSv3 support only advisory record locking See file and record locking. , while Windows clients running SMB/CIFS support mandatory file and record locks, as well as advisory cache locks. Only NAS appliances with multi-lingual file system capabilities, integrated with file sharing protocol A high-level network protocol that provides the structure and language for file requests between clients and servers. It provides the commands for opening, reading, writing and closing files across the network and may also provide access to the directory services. support, can guarantee that (1) a file can be accessed simultaneously by both NFS (Network File System) The file sharing protocol in a Unix network. This de facto Unix standard, which is widely known as a "distributed file system," was developed by Sun. See file sharing protocol and WebNFS.
NFS - Network File System and CIFS (Common Internet File System) The file sharing protocol used in Windows. It evolved out of the SMB (Server Message Block) protocol in DOS, which is why the terms CIFS/SMB and SMB/CIFS are sometimes seen. The word "Internet" in the CIFS name has little relevance. clients; and (2) the appropriate semantics, as expected by each client, are delivered.
Security Subsystem Support
Because any NAS device is a network-attached, multiuser Two or more users. system, security features are a crucial component. Security is even more critical--and technically challenging--for NAS appliances offering transparent Unix/NT storage and data sharing. These devices must unify both environments' security semantics by managing the distinctions between each environment's identifiers, access rights, and security descriptors.
* Identifiers. Both NT and Unix systems have the concept of users and groups, which are represented internally by unique identifiers. In Unix systems, the user IDs and group IDs come from separate namespaces and may have overlapping or identical values. In NT, each user and group has a unique security ID (SID). An NT security ID can be decomposed de·com·pose
v. de·com·posed, de·com·pos·ing, de·com·pos·es
1. To separate into components or basic elements.
2. To cause to rot.
1. into a top-level authority (the "Identifier Authority"), which can be considered as the main grouping, and from one to eight sub-authorities (known as "Relative Identifiers" or RIDs), which can be thought of as departments, branches, etc. In a network, each NT domain (which is a logical grouping of machines sharing the same security database) has its own SID. User and group SIDs in a domain contain the domain SID as a prefix.
* Access Rights and Security Descriptors. Unix systems provide only three basic access rights: read, write, and execute/search. Three sets of access rights are maintained for each object: rights for the individual owner of the object, rights for the group owner of the object, and rights for anyone else attempting to access the object. NT provides a much finer level of control over access rights. Each securable object in the NT system has an associated data structure, containing all of its security information. This structure is known as the security descriptor. The security descriptor includes the SID for the object's owner and two access control lists, each containing a set of mappings between user or group SIDs, and specific access rights allows for that SID. The first list specifies who can and cannot access the object. The second list specifies which users should be audited when accessing the object (i.e., when to log an event). In NT, access rights are divided into three general categories: standard acce ss rights; object-specific access rights; and generic access rights.
Here, again, to effectively support the security subsystems of both NT and Unix, NAS devices must implement a file system able to support two forms of access control: NT-style, based on access control lists (ACLs); and Unix-style, based on read-write-execute permissions for individual owner, group owner, and all others. For multi-user applications with NT and Unix clients, the NAS appliance should allow a file system object to support both NT-style Security Descriptors and Unix-style permissions.
File-Sharing Protocol And File System Semantic Integration In Enterprise Application Integration, semantic integration is the process of using business semantics to automate the communication between computer systems. Semantics focuses on the meaning of data.
Storing Unix and NT data on a single NAS device is a valuable capability delivered by NAS appliances supporting SMB/CIFS protocols for NT and NFS for Unix. This capability allows IT organizations to attach NAS devices onto the network for additional storage of either Windows/NT or Unix data. However, limiting NAS functionality to only file sharing protocol support will compromise the level of data sharing and the administrative simplicity of the device because that device will not be able to distinguish and support important file system-level, data sharing features. For true NAS data sharing by Unix and NT clients, the NAS appliance must additionally resolve the integration of the file system semantics.
Storage-Centric NAS Operating System
The four important file-system-level integration requirements for NAS data sharing discussed in this article--filenames, attributes, locking, and security--are resolved via operating system capabilities (Unix and Windows/NT), rather than by the file sharing protocols (CIFS/SMB and NFS). Similar to the inability of Beta-formatted video systems to support VHS (Video Home System) A half-inch, analog videocassette recorder (VCR) format introduced by JVC in 1976 to compete with Sony's Betamax, introduced a year earlier. , NAS devices based on a specific operating system such as Linux face serious technical challenges when attempting to support the operating system features of another such system.
Storage appliances based on a NAS-specific, storage-centric operating system have been designed to address the NAS requirement to support multiple file-sharing protocols and multiple operating system semantics. These devices can transparently share data among multiple file systems, exercise the sophistication so·phis·ti·cate
v. so·phis·ti·cat·ed, so·phis·ti·cat·ing, so·phis·ti·cates
1. To cause to become less natural, especially to make less naive and more worldly.
2. to distinguish data at the file system level, and present users with the appropriate interface. They implement a multi-user access and security model that allows simultaneous data sharing by Unix and Microsoft clients without compromising the security of either. They also provide NAS solutions that lower TCO (1) (Total Cost of Ownership) The cost of using a computer. It includes the cost of the hardware, software and upgrades as well as the cost of the inhouse staff and/or consultants that provide training and technical support. See ROI. by supporting a diverse set of servers, applications, and clients with minimal administration.
Tim Williams is the president and CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. and Sue Smith is the corporate director of marketing at CrosStor Software, Inc. (South Plainfield, NJ).