SMB Settings

To configure SMB settings, navigate to the following section:

Configuration > SMB

The SMB settings area available only if SMB is licensed and one of the SMB options is under the CloudFS settings. (See Encryption Settings.)

Creating an SMB Share

Follow these steps to create an SMB share:

  1. Log in to a client computer using an Active Directory administrator account.
  2. Connect to the share \\<filer-name>\cloudfs, where <filer-name> is the hostname of your filer and cloudfs is the CloudFS administrative share.

Refer to the documentation for the client operating system if you need the specific steps to accomplish this step. As an example, on Windows 7 select Start > Run and type the path to the share in the entry field.

The \\<filer-name>\cloudfs share represents the top level of the filesystem and is for administrative purposes only. In environments where both SMB/CIFS and NFS are used, Panzura recommends creating separate paths for SMB/CIFS and NFS. Example: \\<filer-name>\cloudfs\smb and \\<ccname>\cloudfs\nfs

Network shares for end users must be created below this point, as follows.

While connected to the cloudfs share:

    1. Open the folder that has the same name as the filer.
    2. Within the folder, create a new folder. This folder will serve as the mount point for the share being created. For this example, the folder is named projects.
  1. Navigate to Configuration > SMB on the filer and perform the following steps.
      1. Click Add CIFS Shares.
      2. Specify the share name and path.
      3. Click Add and then click Save.

    The SMB/CIFS share is now created. Verify that the permissions of the share provide the appropriate user-level access.

    SMB Version Support

    SMB support is disabled by default. When you enable it, SMBv1, SMBv2, and SMBv3 support all are enabled by default.

    CloudFS supports the following SMB versions:

    SMB Version Default
    SMBv1

    Enabled

    SMBv2 (2.2) Enabled
    SMBv3 (3.1.1)

    Enabled

    Note: On filers upgraded from 6.x (6.3.1.5), SMBv3 support is disabled by default.

     

    SMBv1 support and SMBv3 support can be disabled or enabled individually. SMBv2 support is always enabled and cannot be disabled unless you globally disable SMB.

    SMB Version Used for a Client Session

    The SMB version the filer actually uses for a session with a client depends on the SMB version supported by the client. The highest (and most secure) version supported by the client is used by the filer. For example, if a client supports SMBv2 but not SMBv3, the filer uses SMBv2 for sessions with that client.

    SMBv1 is an unsecure version of SMB. Environments that no longer require SMBv1 can disable it with this setting. Microsoft originally made SMBv1 available in the mid-1990s as an IP-capable network communications protocol for use between Windows clients and file servers.

    In 2013 Microsoft announced its intent to remove SMBv1 from future products, since it was superseded by later SMB versions. The filer continues to provide SMBv1 support for those legacy clients who request to use it

    Supported SMB Features

    CloudFS supports the following SMB features:

    • SAMBA 4.5 (SMB server for FreeBSD)
    • SMB encryption 3.0.2, 3.1.1 (AES-128-GCM)
    • Backward compatibility with SMB 1.0 (has no encryption )
    • Leases (file not directory)
    • Secure negotiate
    • Large MTU (9000 bytes)
    • Durable file handles
    • Re-authentication

    The maximum path length in Windows is 1024 characters. The maximum path length in Unix is 4K characters. The default maximum read size is 1 MB.

    If you enable the GRW feature, the maximum path length for Windows and Unix is limited to 1024 characters.

    The current CloudFS version does not support the following SMB version 3.1.1 features:

    • Persistent file handles across system resets
    • Hyperโ€“V
    • Transparent failover
    • Scale out
    • Directory leases

    GEOPAK Cross-site Collaboration

    This option enables support for multiple users across different sites using GEOPAK. In cross-site configurations the application requires the ability to communicate and coordinate where each user is making edits. Byte-range locking makes this possible. The Read File Consistency feature described above can be used to enable byte range locking for GEOPAK.

    Global Real-Time Collaboration Recommendations

    Panzura recommends using the Global Real-Time Collaboration option selectively, because it adds additional operations for the filer. With many cross-site collaborative users opening numerous files, the network traffic to handle read consistency and additional load on the filerโ€™s CPU should be closely monitored.

    SMB Setting Options

    The following table describes the SMB options.

    SMB Setting Description
    SMB Shares
    Share Name

    Enter the name of the share into the WebUI.

    Example: projects

    Share Target Path

    Path to the share, in the form /cloudfs/<filer-name>/<folder-name>

    Example: /cloudfs/star-01/projects where star-01 is the hostname of the filer.

    Notes:

    • Always connect at or below this level: /cloudfs/<filer-name>/<folder-name>.
    • The filer uses "/" in the path name. Windows uses "\" instead.
    Other SMB Settings
    SMBv1

    Disables/enables SMBv1 support.

    SMB Signing Auto

    Select an option for SMB signing. SMB signing is a security signature mechanism that can improve the security of the SMB protocol for Windows systems.

    • Disabled: SMB signing is not supported between the client and filer. The filer will reject signed session requests from clients.
    • Enabled: By default, the filer expects clients to use signed SMB sessions. If the client does not support SMB signing, the client responds with a message to that effect and the filer allows a non-signed SMB session for that client.

    If your company enforces SMB signing at the client, and you are having connectivity issues, consider setting SMB signing to Auto.

    Hide CloudFS Share

    Hide root shares.

    Note: To create a new share when this option is enabled (root shares are hidden), you can do either of the following:

    • Temporarily disable this option (Hide CloudFS Share), to make the /cloudfs root share visible, add the new share, then re-enable this option.
    • Mount \\hostname\ADMIN$. This mounts the /cloudfs folder. Then create the new share.

    Make sure to follow the recommended folder hierarchy described above under Share Target Path.

    Global Real-Time Collaboration

    Enables Global Real-Time Collaboration:

    1. Click Add Application.
    2. Enter a name to identify the application. The application name is for user reference only. The filer identifies the application by file extension.
    3. Enter the file extension for the application file type (example: .xlsx). Use spaces to separate multiple extensions.
    4. Click Save to save and start the collaboration process.

    You can also select one or more entries from the Global Real-Time Collaboration list and do the following:

    • Edit Application. Edit an entry.
    • Import Application. Import an application file that was exported from another filer.
    • Enable/Disable. Enable or disable global real-time collaboration.
    • Delete to remove selected entries.
    • Export/Import. Export shares the settings with others. Import uses settings exported from another filer.

    GEOPAK Cross-site Collaboration

    Enables support for multiple users across different sites using GEOPAK. (See GEOPAK Cross-site Collaboration.)

    To enable cross-site collaboration for GEOPAK, select Geopak from the application list, click More and selected Enabled Selected. Click Save.

    SMBv3

    Disables/enables support for SMB 3.1.1. (See SMB Version Support.)

    Access-Based Enumeration Select whether to enable Access-Based Enumeration (ABE). ABE is an administrative capability available to environments using Microsoft clients with shared files and folders. When enabled, users see only the files and folders they have permission to access. If a user does not have read permission for a specific folder, Windows hides the folder from the user's view. For example, ABE allows you to limit users to see only their personal home directory when they access the home directories shared folder.