Cross-platform security has long been an issue. If your network is like most, chances are you are tied to the Microsoft Security paradigm, which does not necessarily play well with non-Microsoft permissions and security. This is not a judgment, but an acknowledgement that a growing number of companies operate in a Windows-dominated world. Binding Windows Clients to a Windows Active Directory domain almost always works. Conversely, if companies need to support a mixed operating system environment for clients and then share files and folders between these different operating systems in a Microsoft AD environment, the experience may be less than pleasurable.
Discarded file and folder security permissions and duplicitous administrative interfaces are just a couple of the hassles that companies encounter when trying to mix and match client operating systems in a Microsoft environment. Some progress has occurred in this area over the years, however, especially with Linux. As part of Linux initiatives to make inroads into corporate Microsoft AD environments, SAMBA emerged as a means for Windows clients to access Linux file servers using either SMB or CIFS protocols without the need to install special software on Windows clients.
Yet SAMBA only provides a limited level of compatibility with Windows in the eyes of most knowledgeable systems administrators. SAMBA typically leverages POSIX (Portable Operating System Interface for UNIX) as a means to store Windows ACL’s (Access Control Lists) on its file system. The problem with this technique: it can lead to the SAMBA server approximating what the actual Windows permissions are and, as a result, store only the interpreted Windows permissions. This is further complicated if a *NIX client tries to access the files since UNIX uses a more simplified permissions scheme that utilizes only read, write and execute permissions.
These shortcomings of SAMBA were acting as barriers to the corporate adoption of Linux-based systems to provide networked file sharing services in mixed environments. Providers that use Linux file systems have been working hard to overcome these corporate objections. Now we are starting to see some of the results of these efforts with the latest OS on Overland Storage‘s Snap Server, GuardianOS 5.0, taking a novel approach toward managing Windows file permissions even though it uses a Linux file system.
If unacquainted with GuardianOS, it is a fully integrated Linux-based NAS system that Overland’s Snap Server uses to provide file services. Its adoption, like other Linux-based systems, was hampered in Windows environments since it could not fully integrate with Windows file permissions. GuardianOS 5.0 changes this by natively and fully retaining all supported Windows file permissions without the need for translation. This functionality is especially critical to Windows administrators because it eliminates the need for file translation. Now Windows file access permissions behave just as Windows clients expect.
Using a Snap Server in a Microsoft Windows environment, companies gain two major benefits:
- Enforce all Microsoft Windows security permissions for files and folders stored on a Snap Server. Windows NTFS file permissions are granular in nature and stored in ACL’s, which are at the heart of Windows permission administration. GuardianOS 5.0 now masks and matches the security attributes of Windows NTFS security permissions to give them the same “personality” they had when stored on Windows servers and to which Windows administrators are accustomed.
- Enhanced Cross-Platform security. Guardian OS 5.0 takes a “hybrid” approach toward security paradigms to match the security attributes that all client operating systems expect. GuardianOS SnapTrees can be either Windows/Mixed or UNIX only. A Windows/Mixed volume tree retains all permissions no matter what client access protocol is used which provides much needed flexibility in mixed Windows and UNIX environments. In UNIX SnapTree environments, only UNIX directory and permission structures are used. These permission “personalities” extend to each file/folder so Windows and Linux users can seamlessly share files/folders without interfering with or trampling over the others’ ACLs.
Despite the growing ubiquity of Microsoft Windows in many organizations of all sizes, a noticeable interoperability gap in security permissions between Windows and Linux has persisted. Embracing and integrating with Windows AD and security permissions, Snap Servers’ latest GuardianOS 5.0 eliminates longstanding Linux-Windows interoperability issues while giving companies a reason to look at Snap Servers anew for their corporate file-serving needs.