Printer Friendly

NAS Technology Is Ready For Prime Time.

To allow clients to share access to a file, NT and Unix operating systems use different implementations for three types of file locking features: (1) file locks to protect an entire file; (2) record locks to protect portions of a file defined by an offset into the file and a range of bytes from that offset; and (3) cache locks to protect the coherency (stability) of a file shared over the network. The locking implementation for each operating system can also vary. Exclusive locks prevent any other lock of the same resource from accessing the file while they are held. Shared locks prevent exclusive locks from succeeding while they are held. Mandatory locks do not require the participation of all users on the network in order for their integrity to be upheld. Advisory locks are enforced via the locking protocol itself--not when the file is accessed.

To offer integrated Unix/NT data sharing, the NAS appliance must be able to distinguish and transparently support the various locking requirements of its clients. For example, Unix clients running NFSv2 and NFSv3 support only advisory record locking, while Windows clients running SMB/CIFS support mandatory file and record locks, as well as advisory cache locks. Only NAS appliances with multi-lingual file system capabilities, integrated with file sharing protocol support, can guarantee that (1) a file can be accessed simultaneously by both NFS and CIFS clients; and (2) the appropriate semantics, as expected by each client, are delivered.

Security Subsystem Support

Because any NAS device is a network-attached, multiuser system, security features are a crucial component. Security is even more critical--and technically challenging--for NAS appliances offering transparent Unix/NT storage and data sharing. These devices must unify both environments' security semantics by managing the distinctions between each environment's identifiers, access rights, and security descriptors.

* Identifiers. Both NT and Unix systems have the concept of users and groups, which are represented internally by unique identifiers. In Unix systems, the user IDs and group IDs come from separate namespaces and may have overlapping or identical values. In NT, each user and group has a unique security ID (SID). An NT security ID can be decomposed into a top-level authority (the "Identifier Authority"), which can be considered as the main grouping, and from one to eight sub-authorities (known as "Relative Identifiers" or RIDs), which can be thought of as departments, branches, etc. In a network, each NT domain (which is a logical grouping of machines sharing the same security database) has its own SID. User and group SIDs in a domain contain the domain SID as a prefix.

* Access Rights and Security Descriptors. Unix systems provide only three basic access rights: read, write, and execute/search. Three sets of access rights are maintained for each object: rights for the individual owner of the object, rights for the group owner of the object, and rights for anyone else attempting to access the object. NT provides a much finer level of control over access rights. Each securable object in the NT system has an associated data structure, containing all of its security information. This structure is known as the security descriptor. The security descriptor includes the SID for the object's owner and two access control lists, each containing a set of mappings between user or group SIDs, and specific access rights allows for that SID. The first list specifies who can and cannot access the object. The second list specifies which users should be audited when accessing the object (i.e., when to log an event). In NT, access rights are divided into three general categories: standard acce ss rights; object-specific access rights; and generic access rights.

Here, again, to effectively support the security subsystems of both NT and Unix, NAS devices must implement a file system able to support two forms of access control: NT-style, based on access control lists (ACLs); and Unix-style, based on read-write-execute permissions for individual owner, group owner, and all others. For multi-user applications with NT and Unix clients, the NAS appliance should allow a file system object to support both NT-style Security Descriptors and Unix-style permissions.

File-Sharing Protocol And File System Semantic Integration

Storing Unix and NT data on a single NAS device is a valuable capability delivered by NAS appliances supporting SMB/CIFS protocols for NT and NFS for Unix. This capability allows IT organizations to attach NAS devices onto the network for additional storage of either Windows/NT or Unix data. However, limiting NAS functionality to only file sharing protocol support will compromise the level of data sharing and the administrative simplicity of the device because that device will not be able to distinguish and support important file system-level, data sharing features. For true NAS data sharing by Unix and NT clients, the NAS appliance must additionally resolve the integration of the file system semantics.

Storage-Centric NAS Operating System

The four important file-system-level integration requirements for NAS data sharing discussed in this article--filenames, attributes, locking, and security--are resolved via operating system capabilities (Unix and Windows/NT), rather than by the file sharing protocols (CIFS/SMB and NFS). Similar to the inability of Beta-formatted video systems to support VHS, NAS devices based on a specific operating system such as Linux face serious technical challenges when attempting to support the operating system features of another such system.

Storage appliances based on a NAS-specific, storage-centric operating system have been designed to address the NAS requirement to support multiple file-sharing protocols and multiple operating system semantics. These devices can transparently share data among multiple file systems, exercise the sophistication to distinguish data at the file system level, and present users with the appropriate interface. They implement a multi-user access and security model that allows simultaneous data sharing by Unix and Microsoft clients without compromising the security of either. They also provide NAS solutions that lower TCO by supporting a diverse set of servers, applications, and clients with minimal administration.

Tim Williams is the president and CEO and Sue Smith is the corporate director of marketing at CrosStor Software, Inc. (South Plainfield, NJ).
COPYRIGHT 1999 West World Productions, Inc.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1999, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:Technology Information
Author:Smith, Sue
Publication:Computer Technology Review
Date:Sep 1, 1999
Next Article:XIOtech Is REDI For Storage.

Related Articles
NAS Technology Is Ready For Prime Time.
NAS Systems Offer Lifeline To Overburdened Networks.
SAN Gets The Ink, But NAS Does The Work.
AIT And NAS Technology: Revolutionizing Client-Server Data Storage.
NAS/Tape Backup Strategies Cope With New Data Cornucopia.
Personalizing The NAS Space.
Getting From Vendor-Centric To Data-Centric Challenges SANs.
New horizons in Enterprise Storage: NAS gateway precursors SAN/NAS convergence. (Cover story).
Scalable network storage architectures.
When should I use DAS instead of NAS?

Terms of use | Privacy policy | Copyright © 2021 Farlex, Inc. | Feedback | For webmasters |