This is an old revision of the document!
Table of Contents
Overview
FreeNAS is a very simple yet reliable file server. It's main feature is the ZFS filesystem (a next generation filesystem) gives it the ability to maintain data integrity at any scale. In order to fully utilize this filesystem the storage must be shared out. This is accomplished with the SMB (single message block) protocol using Samba. When sharing data on a network the data must be protected. To maintain access control Samba can also be used to manage permissions and to authenticate to a Active Directory domain. With Samba we are able to take full advantage of the benefits of ZFS while maintaining a secure windows environment.
Build
FreeNAS is built with Samba as a default. It is not activated by default but is already installed making using the Samba features very simple.
Deploy
Hardware
FreeNAS can be installed on almost any hardware but to best suit the requirements of B-C-D it must meet the following:
- An Intel atom or higher with ECC compatability.
- 8+ GB of ECC RAM (speed is not important as long as it is compatible with the motherboard. ECC is important).
- Flash based storage for the OS. SSD is recomended for reliability but a USB flash drive is completely acceptable.
Steps to connect to Active Directory
- Select Directory Service > Active Directory.
- Enter the DNS name of the domain (exaple.com instead of just example) in the Domain Name section. Enter the user name and password in the proceeding sections to authenticate to the domain (use an account that has permission to bind to the network).
- Click Advanced Mode.
- Add the main Domain Controller under the Domain Controller section (winserver1).
- Last check to ensure Lsmap backend is rid then select Save.
- The FreeNAS server now binds to the domain (which may take 5 to 15 minutes).
- To confirm the bind was successful open a command prompt and run wbinfo -u and you should get a list of all users on the domain.
- If there are issues read the official FreeNAS documentation on binding to a domain.
Steps to Deploy a Samba share
- Connect to FreeNAS.
- If needed create a new volume.
- Set the permissions on the new volume by selecting the volume then Change Permissions.
- Using the two Owner drop downs, select the appropriate user and group owners.
- Next select Windows in the Permission Type: section.
- Finally select Set permission recursively: then click Change.
- Next select Sharing > Windows (SMB) Shares > Add Windows (SMB) Share.
- Select the volume you created under Path: then add the name it will be accessed by under Name:.
- Leave the rest at the default and click OK.
- By creating the share Samba will be activated as well.
Common Tasks
Samba, once set up is very low maintenance. One big thing, however, is if a new user has been created in the domain FreeNAS will not automatically update right away so this must be done manually.
Updating AD Cache
- First connect the FreeNAS.
- Go to Directory Service > Active Directory.
- Click Rebuild Directory Service Cache.
- Open a shell to FreeNAS and run 'wbinfo -u | grep $newuser' and you should see the user account.
Alerts
What should be monitored and all the alerts that could be generated. Who should get the alerts and what to do to resolve each.
Alert 1
- Steps to resolve
Alert 2
- Steps to resolve
Disaster Recovery
If one machine delivering service of multiple what is the plan.
Disaster 1
- Recovery steps
Disaster 2
- Recovery Steps
Service Level Agreement
The SMB shared provided by FreeNAS are critical to the success of B-C-D. All digital documentation and paperwork is stored there. Down time is very damaging to the company.
Uptime Goal
Due to the importance of up time with this service the uptime goal is 2 days a year or 99.9955% of the time. FreeNAS is very stable but Active Directory can move forwards faster at times than Samba can keep up leading to issues authenticating. This leaves computers unable to connect to the server which is a large issue. Knowing this downtime is possible we can not commit to a higher up time.
RPO
Samba failure does not result in any direct data loss due to it denying access during a failure. The only predicted data loss is from changes that are not being updated on the file server. Most of these changes however are fixed by Windows automatically on re-connection. Despite this though the company can not afford to lose more than one hour of data due to this issue. It should be detected within the hour to prevent further data loss.
RTO
FreeNAS uses ZFS which allows for easy import of disks and import of a configuration file. With both of those features a full recovery can take no more than 5 hours. This along with at least 2 hours of trouble shooting bring the RPO to a total of 5 hours for full Samba recovery.
Revision Table
Date | Rev. | Changes |
---|---|---|
9/14/17 | 1 | Initial creation. |