Filesystems can be either Windows or UNIX security style, which determines the file permissions used for the filesystem's contents. See Creating a filesystem for more information.
Microsoft SMB (Server Message Block) protocol allows file sharing over the network between clients. It is most commonly used in Microsoft Windows environments, but it is also available for Mac OS and Linux clients.
Starting from release 7.0.0, InfiniBox supports SMB protocol natively, for file sharing using the Windows security style. This allows users to place more data and workloads into InfiniBox.
In release 7.0.x, the filesystem security style (set during creation, see Creating a filesystem) limits which protocol InfiniBox supports for the filesystem:
- Filesystems using the UNIX security style can be accessed using NFSv3 protocol.
- Filesystems using the Windows security style can be accessed using SMB protocol.
File and filesystem security
InfiniBox SMB provides the following file and filesystem security and locking mechanisms:
- Share-level permissions for SMB share access
Share-level permissions are managed using any of the InfiniBox management interfaces: the GUI console, the CLI, and the API. See Modifying share-level permissions.
- ACL permissions to control file access
File ACLs are managed using Windows clients via file properties.
- File locks
Applications can lock files and determine the access level allowed to other users and applications.
User authentication methods
- InfiniBox authenticates users that are in its local user repository.
To work with local users and groups, see Managing local SMB users and groups.
- If InfiniBox has a machine account in an Active Directory (AD), the AD authenticates users that are in its domain.
To work with an AD domain, see Managing InfiniBox's membership in Active Directory for SMB.
- SMB sharing features can be managed using any of the InfiniBox management interfaces.
InfiniBox supports snapshots for filesystems that use Windows security style.
- Snapshots can be taken manually or by SnapRotator.
- Users can access snapshot contents for file self-recovery using File Explorer Previous Versions tab.
- Administrators can define SMB shares for snapshots of filesystems that use Windows security style, and grant share-level permissions to Security Identifiers (SIDs) of specific users and groups.
InfiniBox supports async replication for filesystems with Windows security style
- All the existing capabilities for filesystems with UNIX security style are supported.
For a list of features not supported in the release, see InfiniBox SMB limitations and unsupported features.
Credentials for SMB filesystem management
- Local credentials (optional) - the username and password of each local user that connects to the InfiniBox management interfaces: the GUI console, the CLI, and the API. These credentials are stored on the InfiniBox.
- Active Directory administrator credentials - only required during the procedure that creates an InfiniBox machine account in the AD domain. These credentials are not stored anywhere on the InfiniBox.
After the InfiniBox joins an AD domain, the AD is responsible for the authentication of non-local users.