Sun Microsystems, Inc.  Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-1431403.1
Update Date:2012-07-09
Keywords:

Solution Type  Technical Instruction Sure

Solution  1431403.1 :   Sun Storage 7000 Unified Storage System: Active Directory Domain Mode vs. Workgroup Mode  


Related Items
  • Sun Storage 7410 Unified Storage System
  •  
  • Sun Storage 7310 Unified Storage System
  •  
  • Sun ZFS Storage 7120
  •  
  • Sun ZFS Storage 7420
  •  
  • Sun ZFS Storage 7320
  •  
  • Sun Storage 7110 Unified Storage System
  •  
  • Sun Storage 7210 Unified Storage System
  •  
Related Categories
  • PLA-Support>Sun Systems>DISK>NAS>SN-DK: 7xxx NAS
  •  




In this Document
Goal
Fix


Created from <SR 3-3740498461>

Applies to:

Sun Storage 7210 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Sun ZFS Storage 7420 - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 7410 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Sun ZFS Storage 7120 - Version Not Applicable to Not Applicable [Release N/A]
Sun ZFS Storage 7320 - Version Not Applicable to Not Applicable [Release N/A]
7000 Appliance OS (Fishworks)

Goal

This document describes both Active Directory Domain mode and Workgroup mode, and explains the configuration basics and requirements for Workgroup mode.

Fix

Active Directory (AD) is a directory service created by Microsoft for Windows domain networks. Active Directory Domains are centrally administered groups of computers that share a common security and administration database and administration policy.

Computers must join the domain (a secured process) and become domain members in order to access and share resources. Details on configuring the ZFS Storage Appliance for Active Directory can be found in <Document:1402154.1>.

In Active Directory, user accounts are stored on Domain Controllers and administered there. The Domain Controllers provide pass-through authentication to the ZFSSA.

Windows Workgroups
are a collection of standalone, independently administered computers. Each computer has local user and group accounts, and its own security and policy database. In order to be part of a workgroup, you simply change the workgroup name of your computer to match the workgroup. No authentication is required. On the ZFSSA, this is done in Configuration/Services/AD by simply adding the workgroup name. Most of the settings in the SMB configuration section of <Document:1402154.1> still apply, with the exception of the AD-specific settings, such as AD Site and preferred Domain Controller.

Because each computer must keep its own security database, you must configure workgroup users in the ZFSSA Administration interface under Configuration/Users. You'll need to add a user and a password for each user that will access the appliance, unless there's no requirement for user-based security, in which case you could create a small number of shared accounts. For environments with a number of users with security requirements for their data, the best practice is to configure the usernames and passwords for these accounts on the ZFSSA to match those used on the users' workstations. Of course, since the database on the appliance is entirely separate from those on the workstations, any password changes must be manually synchronized.

Another limitation of workgroup mode is that it is not possible to use the identity mapping service. A global naming service for both UNIX and Windows accounts is required for identity mapping. Due to these limitations, it is best to use Active Directory for all but the smallest environments.


Attachments
This solution has no attachment
  Copyright © 2012 Sun Microsystems, Inc.  All rights reserved.
 Feedback