Установка nfs windows 2008 r2

First published on MSDN on Feb 03, 2011

Installation & Configuration of Windows NFS Client to enable UNIX to Windows to Mount a UNIX File System

When migrating a SAP system from UNIX/Oracle or UNIX/DB2 to Windows/SQL it is sometimes useful to be able to mount a UNIX file system on a Windows server.  The

Network File System protocol

(NFS) is used by most UNIX and Linux operating systems such as Solaris, HPUX, AIX etc.  The Windows equivalent of NFS is

Server Message Block

known as SMB or CIFS

SAP fully support “heterogeneous” SAP application servers, that is a UNIX/Oracle or DB2 database server and Windows/Intel application servers.  The Windows platform offers integrated clustering/HA (documented, supported and free of charge from SAP) and single sign on.  Windows applications servers are fully supported on both Hyper-V and VMWare.

How to Setup Windows to UNIX File System Interoperability

There are several technologies to enable connectivity between Windows servers and UNIX operating systems:

1.      Samba is a freeware software available from

www.samba.org

that exposes UNIX server file systems as Windows (actually SMB Compatible) shares.  Samba also allows some integration into Microsoft Windows Domains & Active Directory.  Samba is configured and managed on the UNIX server and requires installation/configuration by the UNIX administrator

2.      Windows 2003 has an add on component called

Windows Services for UNIX

has a component called Client for NFS.  Services for UNIX setup is used to

add/remove Client for NFS

.

3.      Windows 2008 and Windows 2008 R2 the Services for Network File System have been made part of the File Server Role.  The Server Manager tool is used to

add/remove the Services for Network File System

as of Windows 2008 or later.  Windows 2008 and higher also has additional interoperability features for UNIX environments called

Subsystem for UNIX-based Applications

however installation of this component is not required to enable simple NFS connectivity

In all cases it is

highly recommended to use the Windows 2008 R2

product if possible.  Check the

SAP Product Availability Matrix

or post a question in this blog to verify if your SAP version is supported on Windows 2008 R2.  In general all SAP Kernel 7.0 or higher systems are supported on

Windows 2008 R2 since November 2010

.

Installation Tasks:

1.      Follow the

step-by-step procedure to add NFS support for Windows 2008 R2

and basic configuration

To install Services for NFS components

1.     Click

Start

, point to

Administrative Tools

, and then click

Server Manager

.

2.     In the left pane, click

Roles

.

3.     Under

Roles Summary

in the right pane, click

Add Roles

. The Add Roles Wizard appears. Click

Next

.

4.     Select the

File Services

check box to install this role on the server, and then click

Next

.

5.     Select the

Services for Network File System

check box, and then click

Next

.

6.     Confirm your selection, and then click

Install

.

7.     When the installation completes, the installation results appear. Click

Close

.

2.      Logon to the UNIX host and type

id –u <sid>adm

id –g <sid>adm

or while logged on as <sid>adm type id

3.      The next step involves “mapping” the Windows user id to the UID and GID of the <sid>adm account on the UNIX server

There are three ways of doing this, however in most cases we recommend option #1

Username mapping:

#1           Configure the

UID/GID using the registry entries

explained in this blog – (Recommended technique)

#2           Configure

Active Directory Lookup

or

ADLDS

(for Win2008 or higher) — optional

#3

User Name Mapping

if required (for

Win2003 see this post

) — optional

4.      Ensure the Windows host is defined in the /etc/hosts file on the UNIX server.  Add the UNIX server to the \Windows\Drivers\etc\hosts file on the Windows server

5.      Ensure NFS configuration (/etc/dfs/dfstab or similar) on the UNIX server is correct – the Windows hostname must be allowed to mount the file system usually

6.

Mount the SAP profile directory

using Windows Explorer or command line with the

syntax

unixserver:/export (recommended) or use the traditional Windows

\\servername\share

7.      Test creating and deleting a file

8.      Install a SAP instance using SAPInst or use SAPInst to export the UNIX/Oracle system to Win/SQL

Note: SAP requires that the NFS connection has a drive letter.  It is therefore always necessary to logon the Windows host and ensure the NFS drives are connected prior to starting the SAP application server.  NFS is not a particularly robust protocol therefore it is not to be used as a Export or Import location.  It is not permitted to export an SAP system to dump files on an NFS source.  In addition it is not recommended to store dump files on a NFS source and import on a Windows server.  Always read/write to dump files on a local disk

Several Great Uses of Windows to UNIX File System Interoperability

During OS/DB Migrations from proprietary UNIX systems to Intel/AMD commodity solutions the R3LOAD export/dump files need to be transferred to Windows.

SAP Migration Monitor supports FTP to transfer dump files to a Windows environment.  However this requires the installation of FTP on the Windows server.

There are three good reasons for establishing Windows to UNIX interoperability:

1.      The ability to use powerful Intel/AMD servers for the Migration.  This will greatly speed up the export/import process

2.      The ability to use SAPInst GUI to complete the full OS/DB Migration process without the need to use command line tools.

A full manual procedure for exporting and importing a SAP system

has been documented in this blog, however the latest versions of SAPInst for SAP Kernel 7.0 systems and higher can be exported/imported provided that the UNIX file system containing the SAP profiles is exposed.  SAPInst will check the profile directory before starting the export.  Provided a Wintel server can access the profile directory, SAPInst will allow a GUI based export of a UNIX system.

3.      Increasing numbers of customers are using modern Intel and AMD servers as SAP application servers connecting to UNIX database servers.   Modern Intel and AMD based servers are vastly cheaper than proprietary UNIX servers and deliver comparable or better performance.  SAP OLTP type applications such as ECC 6.0 usually require 60% to 80% of the system CPU resources on the Application Tier with the remainder on the Database Tier.  Therefore 60% to 80% of the SAPS (Unit of SAP workload sizing) can run on low cost Intel or AMD commodity servers.

As of February 2010 a typical fully configured SAP application server deployed in our customer base costs less than $15,000 inclusive of 96-128GB RAM service & support.

A typical medium size SAP system may have about 100,000 SAPS in total with 30,000 SAPS for Database Layer and about 70,000 SAPS for the SAP Application Layer (a typical 30% Database / 70% Application Tier split).  In this hypothetical case where the application workload requirement is equal to 70,000 SAPS, this requirement can be met with only 3 Intel or AMD servers at a cost of approximately $45,000 in total.  The energy consumption is much lower than UNIX systems and the rack space required is only 2U each or less if blades are used.

Many customers compare the workload capabilities of modern Intel and AMD based servers and the total all up cost including Operating System License, Energy/Aircon/rackspace, 3 year maintenance and administration + OS patching costs (practically zero for a Windows 2008 R2 server with

Internet Explorer removed

and all other

Windows features secured/disabled

) find that Intel/AMD based systems cost is 1/8

^th

to 1/10

^th

that of proprietary UNIX platforms.

Additional information about

Intel/AMD systems increase in market share

vs. UNIX system and

Intel displacement of high cost proprietary UNIX systems confirms a general trend to commodity type hardware

.

4.  Windows NFS Services also allows a customer to preserve a single SAP Transport directory and domain during a migration from UNIX/Oracle to Win/SQL.  During a period of 2-6 weeks the Dev and QAS systems are running on Win/SQL and the Production system is running on UNIX/Oracle.  It is still supported to transport configuration settings, SAP Security and ABAP programs from a Win/SQL Development system to a Production system running on UNIX/Oracle (because SAP is largely OS/DB independent).

Useful Links

Below are some useful links.  If you have any questions feel free to post them in this blog.

http://brneurosci.org/linuxsetup108.html

— a very good overview of setup and configuration process for Win2003

http://www.softpanorama.org/Net/Application_layer/nfs.shtml

— a generic overview of UNIX side configuration

http://technet.microsoft.com/en-us/library/cc785878(WS.10).aspx

– troubleshooting NFS Client (Win2008 R2)

http://technet.microsoft.com/en-us/library/cc737549(WS.10).aspx

– general overview of NFS Client  (Win2008 R2)

More information on SAP Benchmarks can be found on the

official SAP Benchmark website

.  The above statements about SAPS as unit of SAP sizing and cost of various hardware platforms are derived out from real SAP customer deployment or migration.  The term “SAPS” is used as a measure of equivalent workload.

SAP Note 80266 — Installing NT Applicn. Servers in UNIX Environment

SAP Note 97993 — Central NT/UNIX transport directory

Note 680617 — INST: Appl.Server in Heterogeneous SAP System Environment

Note 1067221 — Composite note for heterogeneous installation

Note 1148109 — Heterogeneous Inst.(Appl. Server Windows, DB Unix)

Thanks to:

Ashish Sahu — owner of

http://blogs.msdn.com/b/sfu/

Warwick Chai — owner of

http://www.bnw.com.au

We are currently working on a feature that will allow potential clients to download a trial of Atomia Cloud Hosting Platform and install it in their OpenStack cloud. This means we have to keep the size of the installation package as well as the footprint in their cloud (in terms of numbers of virtual machines) to a minimum. While a clustered productions environment may contain dozens of VMs we aim for a fully functional test environment with as few VMs as possible (currently 3, but we strive for 2).

Since we offer both Linux and Windows websites we need a storage solution that supports both SMB (Windows) and NFS (Linux). For production environments we recommend Nexenta ZFS, but for testing this is less suitable because it means that we would have to ship another image (and another VM is needed).

This can be avoided by exposing the NFS through Windows Server for NFS Services. While there are hundreds to tutorials regarding creating SMB shares, few are to be find about NFS Services. In Windows 2008 R2 there has been a number of changes and this blog post will guide you from start to finish on how to set it up.

Installing Server for NFS Services

To install Server for NFS Services simply execute this command:

ServerManagerCmd -install File-Services FS-NFS-Services

Setting up the User Mapping

This version of Server for NFS Services lacks the User Mapping server. The mapping is now done by Active Directory itself. But first a short explanation on what user mapping does: If you want to connect to the Windows NFS share from Linux, and you don’t use a common authentication scheme like Kerberos, Linux will identify the user to Windows using their user ID and group ID (which every user and group in Linux has). Run the following command in your Linux terminal to get the IDs:

less /etc/passwd

This is of course insecure because if an attacker controls a Linux machine of his own and connects to your NFS share he can simply pretend to be any user. Unlike among Windows machines it is not required for the Linux and the Windows user to share the same password. It is therefore important to control the access to the share via firewall or IP restrictions.

For the root you can choose for every share if it should be either considered anonymous or if it should be mapped to Administrator automatically. All unmapped users are covered by the entity Anonymous Logon in Windows. So you can save yourself the user mapping if you trust all users of the Linux machine, by granting rights to Anonymous Logon.

Run the following command on your Windows server to enable user mapping:

nfsadmin mapping localhost config adlookup=yes addomain=<yourdomain>
sc.exe stop NfsService
sc.exe start NfsService

Where the domain is given in its full DNS name.

To set up the mapping, let assume you found the line

ubuntu:x:1000:1000:Ubuntu,,,:/home/ubuntu:/bin/bash

in the passwd file. That means ubuntu is member of Ubuntu group and both have the ID 1000. To replicate that in windows you need to create a user ubuntu and a group we call g-ubuntu, but the name won’t matter.

MSDN has an excelent blog post with scripts on how to set the user and group ID
here.

Unfortunately it does not cover how to set the default group. In Windows a user can be member of several groups, but in Linux it can be only one. To set the default group, you open Active Directory Users and Computers, navigate to the users account, right click, select Properties, select the Member of tab and then select the group and click on Set Primary Group.

The User properties dialog

Creating the share

To create an NFS share simply right-click on folder and select the NFS Sharing tab. You can activate NFS sharing there. The defaults are usually ok.

Картинка с сайта: www.atomia.com

The NFS sharing dialog in Windows explorer

Then click on the Permissions button. By default all machines have read access. You should limit access to those machines that really need it. If you need that you can allow root access which means that the root user is given Administrative privileges.

Картинка с сайта: www.atomia.com

The permissions dialog for an NFS share

The NTFS permissions

The trickiest part are the NTFS permissions. Let’s say you want to give the user ubuntu access to a file. In that case you will probably add ubuntu to the users of that file and add permissions. But on the linux side this will change nothing. This is because Linux is only aware of three entities, the owner, the owner’s group and all. So when you give permissions this applies:

Use the Everyone entity in Windows to give permissions to all. To give permissions to a specific user or group you must first change the ownership of the folder to that group and then give explicitly permissions to that user or group.

To give ownership to a certain user/group it is best to use SetACL:

SetACL -on c:Storageb -ot file -actn setowner -ownr "n:ubuntu" -actn setgroup -grp "n:g-ubuntu" -rec cont_obj

To give the user and group explicit read and execute access use:

SetACL -on c:Storage -ot file -actn ace -ace "n:ubuntu;p:read_ex" -ace "n:g-ubuntu;p:read_ex" -actn rstchldrn -rst dacl

On the Linux side

On the Linux side you simply mount the NFS share

mount <IP>:/<name_of_the_share> /<mountpoint>

When the Server for NFS Services role service is installed it automatically opens the right ports in the Windows firewall.

Sometimes it is helpful to set up windows as a NFS server to transfer files between a windows and Linux machine. This is especially useful when setting up a RHEV (2.2 not relevant any more with 3.0) environment and you do not have a NFS server or extra Linux box available for your ISO or Export domain. Its pretty straight forward however having this doc and the exact folder permission saves some time when setting up a NFS server in Windows.

Please keep in mind we do not recommend using Windows as an NFS server for excessive traffic, and I have not done much testing with this setup, however for a simple ISO domain it has proven to work in the past.

1. Add the “File Services” role to the windows 2008R2 server form the “Server Manager”

2. Create a folder to share via, NFS.  It is recommend doing this in the root dir for easyer access when mounting, ie C:/nfs_export, however does not have to be.

3. Modify the properties of the folder to allow a Linux client to connect.

– in the properties setting for the nfs_share folder click on the “NFS Sharing” tab and then the “Manage NFS Sharing” button.

– check the “share this folder” box

– select “No server authentication [Auth_SYS]” and “Enable unmapped user access”, also “Allow unmapped user Unix access (by UID/GID)”

4. The above setting should allow RHEVM to mount the NFS share as an ISO or Export domain. If you wish to test or mount this share as root, ie form shell on host or to copy files in, the additional step is required.

– click on the “permissions” button at the bottom of the “NFS Advanced Sharing” window and click the “allow root access” box.
see screen shot for more details…….

Картинка с сайта: huffisland.wordpress.com