DokuWiki

It's better when it's simple

User Tools

Site Tools


sandbox:playground

This is an old revision of the document!


 

 

Overview

FreeNAS is a very simple yet reliable file server. It's main feature is the ZFS filesystem (a next generation filesystem) gives it the ability to maintain data integrity at any scale. In order to fully utilize this filesystem the storage must be shared out. This is accomplished with the SMB (single message block) protocol using Samba. When sharing data on a network the data must be protected. To maintain access control Samba can also be used to manage permissions and to authenticate to a Active Directory domain. With Samba we are able to take full advantage of the benefits of ZFS while maintaining a secure windows environment.

Build

FreeNAS is built with Samba as a default. It is not activated by default but is already installed making using the Samba features very simple.

Deploy

Hardware

FreeNAS can be installed on almost any hardware but to best suit the requirements of B-C-D it must meet the following:

  • An Intel atom or higher with ECC compatability.
  • 8+ GB of ECC RAM (speed is not important as long as it is compatible with the motherboard. ECC is important).
  • Flash based storage for the OS. SSD is recomended for reliability but a USB flash drive is completely acceptable.

Steps to connect to Active Directory

  1. Select Directory Service > Active Directory.
  2. Enter the DNS name of the domain (exaple.com instead of just example) in the Domain Name section. Enter the user name and password in the proceeding sections to authenticate to the domain (use an account that has permission to bind to the network).
  3. Click Advanced Mode.
  4. Add the main Domain Controller under the Domain Controller section (winserver1).
  5. Last check to ensure Lsmap backend is rid then select Save.
  6. The FreeNAS server now binds to the domain (which may take 5 to 15 minutes).
  7. To confirm the bind was successful open a command prompt and run wbinfo -u and you should get a list of all users on the domain.
  8. If there are issues read the official FreeNAS documentation on binding to a domain.

Steps to Deploy a Samba share

  1. Connect to FreeNAS.
  2. If needed create a new volume.
  3. Set the permissions on the new volume by selecting the volume then Change Permissions.
  4. Using the two Owner drop downs, select the appropriate user and group owners.
  5. Next select Windows in the Permission Type: section.
  6. Finally select Set permission recursively: then click Change.
  7. Next select Sharing > Windows (SMB) Shares > Add Windows (SMB) Share.
  8. Select the volume you created under Path: then add the name it will be accessed by under Name:.
  9. Leave the rest at the default and click OK.
  10. By creating the share Samba will be activated as well.

Common Tasks

Samba, once set up is very low maintenance. One big thing, however, is if a new user has been created in the domain FreeNAS will not automatically update right away so this must be done manually.

Updating AD Cache

  • First connect the FreeNAS.
  • Go to Directory Service > Active Directory.
  • Click Rebuild Directory Service Cache.
  • Open a shell to FreeNAS and run 'wbinfo -u | grep $newuser' and you should see the user account.

Alerts

What should be monitored and all the alerts that could be generated. Who should get the alerts and what to do to resolve each.

Alert 1

  • Steps to resolve

Alert 2

  • Steps to resolve

Disaster Recovery

If one machine delivering service of multiple what is the plan.

Disaster 1

  • Recovery steps

Disaster 2

  • Recovery Steps

Service Level Agreement

The SMB shared provided by FreeNAS are critical to the success of B-C-D. All digital documentation and paperwork is stored there. Down time is very damaging to the company.

Uptime Goal

Due to the importance of up time with this service the uptime goal is 2 days a year or 99.9955% of the time. FreeNAS is very stable but Active Directory can move forwards faster at times than Samba can keep up leading to issues authenticating. This leaves computers unable to connect to the server which is a large issue. Knowing this downtime is possible we can not commit to a higher up time.

RPO

Samba failure does not result in any direct data loss due to it denying access during a failure. The only predicted data loss is from changes that are not being updated on the file server. Most of these changes however are fixed by Windows automatically on re-connection. Despite this though the company can not afford to lose more than one hour of data due to this issue. It should be detected within the hour to prevent further data loss.

RTO

FreeNAS uses ZFS which allows for easy import of disks and import of a configuration file. With both of those features a full recovery can take no more than 5 hours. This along with at least 2 hours of trouble shooting bring the RPO to a total of 5 hours for full Samba recovery.

Revision Table

Date Rev.Changes
9/14/17 1 Initial creation.
sandbox/playground.1510175130.txt.gz · Last modified: 2017-11-08 22:05 by 108.26.161.235

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki