To configure SMB settings, navigate to the following section:
Configuration > SMB
The SMB settings area available only if SMB is licensed and one of the SMB options is under the CloudFS settings. (See Encryption Settings.)
Creating an SMB Share
Follow these steps to create an SMB share:
- Log in to a client computer using an Active Directory administrator account.
- Connect to the share \\<node-name>\cloudfs, where <node-name> is the hostname of your node and cloudfs is the CloudFS administrative share.
Refer to the documentation for the client operating system if you need the specific steps to accomplish this step. As an example, on Windows 7 select Start > Run and type the path to the share in the entry field.
The \\<node-name>\cloudfs share represents the top level of the filesystem and is for administrative purposes only. In environments where both SMB/CIFS and NFS are used, Panzura recommends creating separate paths for SMB/CIFS and NFS. Example: \\<node-name>\cloudfs\smb and \\<ccname>\cloudfs\nfs
Network shares for end users must be created below this point, as follows.
While connected to the cloudfs share:
- Open the folder that has the same name as the node.
- Within the folder, create a new folder. This folder will serve as the mount point for the share being created. For this example, the folder is named projects.
- Navigate to Configuration > SMB on the node and perform the following steps.
- Click Add CIFS Shares.
- Specify the share name and path.
- Click Add and then click Save.
The SMB/CIFS share is now created. Verify that the permissions of the share provide the appropriate user-level access.
SMB Version Support
SMB support is disabled by default. When you enable it, SMBv1, SMBv2, and SMBv3 support all are enabled by default.
CloudFS supports the following SMB versions:
Note: On nodes upgraded from 6.x (18.104.22.168), SMBv3 support is disabled by default.
SMBv1 support and SMBv3 support can be disabled or enabled individually. SMBv2 support is always enabled and cannot be disabled unless you globally disable SMB.
Enabling SMBv3 allows for both encrypted and unencrypted traffic. Starting in CloudFS 8.1, users have the option of allowing only encrypted traffic by navigating to the SMB Settings Menu and clicking the "SMBv3 Encryption" slider:
SMB Version Used for a Client Session
The SMB version the node actually uses for a session with a client depends on the SMB version supported by the client. The highest (and most secure) version supported by the client is used by the node. For example, if a client supports SMBv2 but not SMBv3, the node uses SMBv2 for sessions with that client.
SMBv1 is an unsecure version of SMB. Environments that no longer require SMBv1 can disable it with this setting. Microsoft originally made SMBv1 available in the mid-1990s as an IP-capable network communications protocol for use between Windows clients and file servers.
In 2013 Microsoft announced its intent to remove SMBv1 from future products, since it was superseded by later SMB versions. The node continues to provide SMBv1 support for those legacy clients who request to use it
Supported SMB Features
CloudFS supports the following SMB features:
- SAMBA 4.5 (SMB server for FreeBSD)
- SMB encryption 3.0.2, 3.1.1 (AES-128-GCM)
- Backward compatibility with SMB 1.0 (has no encryption )
- Leases (file not directory)
- Secure negotiate
- Large MTU (9000 bytes)
- Durable file handles
The maximum path length in Windows is 1024 characters. The maximum path length in Unix is 4K characters. The default maximum read size is 1 MB.
If you enable the GRW feature, the maximum path length for Windows and Unix is limited to 1024 characters.
The current CloudFS version does not support the following SMB version 3.1.1 features:
- Persistent file handles across system resets
- Transparent failover
- Scale out
- Directory leases
GEOPAK Cross-site Collaboration
This option enables support for multiple users across different sites using GEOPAK. In cross-site configurations the application requires the ability to communicate and coordinate where each user is making edits. Byte-range locking makes this possible. The Read File Consistency feature described above can be used to enable byte range locking for GEOPAK.
Global Real-Time Collaboration Recommendations
Panzura recommends using the Global Real-Time Collaboration option selectively, because it adds additional operations for the node. With many cross-site collaborative users opening numerous files, the network traffic to handle read consistency and additional load on the node’s CPU should be closely monitored.
SMB Setting Options
The following table describes the SMB options.
Enter the name of the share into the WebUI.
|Share Target Path||
Path to the share, in the form /cloudfs/<node-name>/<folder-name>
Example: /cloudfs/star-01/projects where star-01 is the hostname of the node.
|Other SMB Settings|
Disables/enables SMBv1 support.
|SMB Signing Auto||
Select an option for SMB signing. SMB signing is a security signature mechanism that can improve the security of the SMB protocol for Windows systems.
If your company enforces SMB signing at the client, and you are having connectivity issues, consider setting SMB signing to Auto.
Hide CloudFS Share
Hide root shares.
Note: To create a new share when this option is enabled (root shares are hidden), you can do either of the following:
Make sure to follow the recommended folder hierarchy described above under Share Target Path.
|Global Real-Time Collaboration||
Enables Global Real-Time Collaboration:
You can also select one or more entries from the Global Real-Time Collaboration list and do the following:
GEOPAK Cross-site Collaboration
Enables support for multiple users across different sites using GEOPAK. (See GEOPAK Cross-site Collaboration.)
To enable cross-site collaboration for GEOPAK, select Geopak from the application list, click More and selected Enabled Selected. Click Save.
Disables/enables support for SMB 3.1.1. (See SMB Version Support.)
|Access-Based Enumeration||Select whether to enable Access-Based Enumeration (ABE). ABE is an administrative capability available to environments using Microsoft clients with shared files and folders. When enabled, users see only the files and folders they have permission to access. If a user does not have read permission for a specific folder, Windows hides the folder from the user's view. For example, ABE allows you to limit users to see only their personal home directory when they access the home directories shared folder.|