Asset ID: |
1-71-1431403.1 |
Update Date: | 2012-07-09 |
Keywords: | |
Solution Type
Technical Instruction Sure
Solution
1431403.1
:
Sun Storage 7000 Unified Storage System: Active Directory Domain Mode vs. Workgroup Mode
Related Items |
- Sun Storage 7410 Unified Storage System
- Sun Storage 7310 Unified Storage System
- Sun ZFS Storage 7120
- Sun ZFS Storage 7420
- Sun ZFS Storage 7320
- Sun Storage 7110 Unified Storage System
- Sun Storage 7210 Unified Storage System
|
Related Categories |
- PLA-Support>Sun Systems>DISK>NAS>SN-DK: 7xxx NAS
|
In this Document
Created from <SR 3-3740498461>
Applies to:
Sun Storage 7210 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Sun ZFS Storage 7420 - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 7410 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Sun ZFS Storage 7120 - Version Not Applicable to Not Applicable [Release N/A]
Sun ZFS Storage 7320 - Version Not Applicable to Not Applicable [Release N/A]
7000 Appliance OS (Fishworks)
Goal
This document describes both Active Directory Domain mode and Workgroup mode, and explains the configuration basics and requirements for Workgroup mode.
Fix
Active Directory (AD) is a directory service created by Microsoft for Windows domain networks. Active Directory Domains are centrally administered groups of computers that share a common security and administration database and administration policy.
Computers must join the domain (a secured process) and become domain members in order to access and share resources. Details on configuring the ZFS Storage Appliance for Active Directory can be found in <Document:1402154.1>.
In Active Directory, user accounts are stored on Domain Controllers and administered there. The Domain Controllers provide pass-through authentication to the ZFSSA.
Windows Workgroups are a collection of standalone, independently administered computers. Each computer has local user and group accounts, and its own security and policy database. In order to be part of a workgroup, you simply change the workgroup name of your computer to match the workgroup. No authentication is required. On the ZFSSA, this is done in Configuration/Services/AD by simply adding the workgroup name. Most of the settings in the SMB configuration section of <Document:1402154.1> still apply, with the exception of the AD-specific settings, such as AD Site and preferred Domain Controller.
Because each computer must keep its own security database, you must configure workgroup users in the ZFSSA Administration interface under Configuration/Users. You'll need to add a user and a password for each user that will access the appliance, unless there's no requirement for user-based security, in which case you could create a small number of shared accounts. For environments with a number of users with security requirements for their data, the best practice is to configure the usernames and passwords for these accounts on the ZFSSA to match those used on the users' workstations. Of course, since the database on the appliance is entirely separate from those on the workstations, any password changes must be manually synchronized.
Another limitation of workgroup mode is that it is not possible to use the identity mapping service. A global naming service for both UNIX and Windows accounts is required for identity mapping. Due to these limitations, it is best to use Active Directory for all but the smallest environments.
Attachments
This solution has no attachment