Configuring Network Reshare support in ExtremeZ-IP
ExtremeZ-IP has traditionally only included the ability to share files and folders located on the Windows server where ExtremeZ-IP is installed, or on storage that is directly attached to that server. A folder within this local storage can be selected as an ExtremeZ-IP volume and made available to Macintosh users as a standard Mac AFP file share.
With the introduction of “Network Reshare” in version 8.0, ExtremeZ-IP now includes the ability to create file share volumes that point to folders located on other servers and NAS devices on your network. Macintosh clients continue to connect to ExtremeZ-IP using the standard AFP file sharing protocol, while ExtremeZ-IP utilizes the SMB/CIFS file sharing protocol to access files that are requested by Mac users from remote servers and NAS systems. By doing so, Mac users retain all the benefits of AFP file sharing while gaining access to resources that have traditionally only been available through SMB/Windows file sharing.
ExtremeZ-IP Network Reshare allows access to both standard SMB/CIFS file shares, as well as Distributed File System (DFS) file shares. More details on Network Reshare of DFS resources can be found here.
A common use case: AFP access to NAS storage
A common real world Network Reshare use case involves Mac access to NAS storage, such as NetApp NAS systems. Most NAS systems do not include the ability to host AFP file shares. Mac users are left with no choice but to connect to NAS file shares using the native OS X SMB client. This typically results in suboptimal file browsing, transfer, and search performance, along with frequent Mac application incompatibilities, file name issues, file corruptions, etc. Using Network Reshare, file shares on NAS systems can be made available to Macs through a Windows server running ExtremeZ-IP. Macs connect to ExtremeZ-IP AFP file shares and ExtremeZ-IP interfaces with the NAS system through the NAS’s existing SMB/CIFS file shares. In this way, incompatibilities and issues on the Mac side are addressed by allowing native AFP access and ExtremeZ-IP’s uses Windows server-side SMB access to NAS storage, which provides improved performance and throughput compared to Mac SMB client access. As a result, the performance of Mac AFP file share access though ExtremeZ-IP to NAS storage is most often better than that same Mac accessing the same NAS files directly over SMB.
- - Windows 2003 or Windows 2008 Server (including R2 versions)
- - If using Windows 2008 R2, make sure to install this MS hotfix: http://support.microsoft.com/kb/2647452
- - ExtremeZ-IP Server 8.0 or later
- - ExtremeZ-IP trial license or Enterprise License Program (ELP) license
The Network Reshare capability allows a single ExtremeZ-IP server to give AFP file access to many additional file servers or NAS systems. This feature is only enabled in ExtremeZ-IP trials and on ExtremeZ-IP Enterprise License Program (ELP) annual subscription licenses. This licensing option allows ExtremeZ-IP to be installed on an unlimited number of servers in your enterprise, as well as to create Network Reshare volumes.
ExtremeZ-IP Server Network Interface Card Performance
Network Reshare routes all communication between your Mac clients and your file server or NAS storage through the Windows server where ExtremeZ-IP is installed. Installing ExtremeZ-IP on a server with the fastest available NICs, and ideally one or more dedicated NICs for communicating with the servers or NAS being reshared, will result in the highest level of performance.
Windows 2008 and SMB v2
While Network Reshare is compatible with Windows 2003 and 2008, the SMB v2 protocol supported by Windows 2008 consistently demonstrates higher levels of performance. Installing ExtremeZ-IP on a Windows 2008 server and using remote storage that is running Windows 2008, or a NAS operating system that supports the SMB v2 protocol, will result in the best file sharing throughput for Mac users.
Kerberos for ExtremeZ-IP Network Reshare
In order to support Kerberos logins you will need configure Active Directory to “Trust this computer for delegation”. More information can be found in the following KB article: http://support.grouplogic.com/?p=4164
No support for index-based filename search and full content “Network Spotlight” search
To support indexed filename search, ExtremeZ-IP requires file system notifications provided by Windows in order to keep its search index up to date when files change. These notifications are not available over the SMB connection ExtremeZ-IP uses to access file servers and NAS systems being reshared. For this reason, index-based filename search is disabled on Network Reshare volumes.
To support full content “Network Spotlight” search, ExtremeZ-IP utilizes the Window Search index maintained by the Windows Search service on the server ExtremeZ-IP is installed on. Currently, only indexing of files on the local server storage is compatible with ExtremeZ-IP. For this reason, full content Network Spotlight search is disabled on Network Reshare volumes.
Macs searching ExtremeZ-IP Network Reshare volumes will receive search results based on filename, but searches will take additional time to complete compared to searching indexed local volumes.
Finder color labels may be removed when saving/overwriting a file on an ExtremeZ-IP Windows 2003 Network Reshare volume
If ExtremeZ-IP server is installed on Windows 2003, opening and then saving an existing file that exists in a Network Reshare volume may result in the Finder color label on that file being removed.
Initial Network Reshare configuration
ExtremeZ-IP runs as a standard Windows service on the Windows server it is installed on. By default, the ExtremeZ-IP service runs in the context of the Windows local SYSTEM account. By acting as this account, ExtremeZ-IP has access to the files and folders in ExtremeZ-IP volumes that are located directly on the server’s storage. When ExtremeZ-IP is configured with Network Reshare volumes, it also needs access to the files and folders on the remote file servers and NAS devices that are being reshared. In order for ExtremeZ-IP to be allowed access to these files, the ExtremeZ-IP service must be reconfigured to run in the context of an Active Directory (AD) user account that has Administrator access to the local Windows server and Full Control access to any necessary file shares that exist on remote servers or NAS systems being reshared.
If you’re using Windows 2008 R2, ensure you’ve installed this Microsoft hotfix. It addresses an issue that is directly related to Windows functionality used by ExtremeZ-IP Network Reshare. Hotfix link: http://support.microsoft.com/kb/2647452
To configure Network Reshare:
- Ensure you’ve upgraded to ExtremeZ-IP version 8.0 or later and have launched the ExtremeZ-IP Administrator application at least once and allowed the ExtremeZ-IP service to start up.
- Create or identify an AD user account that will handle authentication for ExtremeZ-IP. This account will need Full Control access to any local or remote shared volumes as defined in NTFS or NAS device permissions. In addition, this user needs Full Control permissions to the C:\Program Files (x86)\Group Logic\ExtremeZ-IP folder. You should also add this user account to the local Windows server Administrators group. Ensure the AD account used is dedicated to this ExtremeZ-IP server, has a fixed password, and is not subject to group policies for password expiration.
- Add the selected user to the Windows server’s local security policy: “Act as part of the operating system”. From Administrative Tools on the Start menu, open Local Security Policy. This policy is found under Security Settings -> Local Policies -> User Rights Assignment section. Double click “Act as part of the operating system” and add the chosen user. You may have to reboot Windows for this setting to take effect.
- From the Services control panel, open the Extreme-Z IP File and Print Server for Macintosh service’s properties by right clicking on the service from the Services control panel. Select the “Log On” tab and choose the “This account” radio button. Configure the service to log on as the same AD service account used in step 3. Keep the Services control panel open. You will need it again in step 6.
- Start the ExtremeZ-IP Administrator application. Click the Settings button and on the File Server tab, ensure the Enable Network Reshare support option is checked. Then click OK and Close the ExtremeZ-IP Administrator.
- In the Services control panel restart the Extreme-Z IP File and Print Server for Macintosh service.
Network Reshare volume configuration
- Launch the ExtremeZ-IP Administrator application.
- Click the Volumes button and the then click Create.
- Click On another server. If you are not shown an option to choose On another server, you may be running a standard ExtremeZ-IP retail license rather than the required Enterprise License Program (ELP) license.
- Enter the UNC path of the SMB/CIFS file share that you would like to reshare as an ExtremeZ-IP volume, then click OK. This UNC path is in the typical \\servername\sharename format. An example is: \\nas.mycompany.com\myshareDistributed File System (DFS) UNC paths can also be entered for Network Reshare volumes. DFS target resolution will all occur in the SMB reshare layer and Macs will be able to seamlessly browse and access the reshared DFS resource. For more details on DFS with Network Reshare, see our Accessing DFS files using ExtremeZ-IP Network Reshare knowledge base article.
- In the Volume Properties dialog, modify the Volume Name if desired and click OK.
- If you receive an error stating that “The specified path is not available.” you may have entered an invalid UNC path, or the user account you selected in the Initial Network Reshare configuration steps above may not have Full Control access to this file share at this UNC path. If this is a Windows file share, ensure this user account has both “Sharing” and “Security” permissions to the file share.