Network file system protocols

Network file system protocols allow files and directories located on other systems to be incorporated into a local file system and accessed as though they are part of that file system. There are a number of such protocols available. The most commonly used are NFS and CIFS.

2.6.1 Network File System (NFS)

The Network File System (NFS) is a network-based client/server protocol, which enables machines to share file systems across a network using the TCP/IP communication protocol.

It allows you to optimize efficiency in a distributed network while still capitalizing on capacity, security, and integrity for data management. NFS allows authorized network users to access shared files stored on computers of different types. Users can manipulate shared files as if they were stored locally on the user’s own hard disk. With NFS, computers connected to a network operate as clients while accessing remote files. They operate as servers while providing remote users with access to local shared files. The MOUNT protocol performs the operating system-specific functions that allow clients to attach remote directory trees to a point within the local file system. The mount process also allows the server to grant remote access privileges to a restricted set of clients via export control.

In the NFS environments, the Network Lock Manager (NLM) provides support for file locking when used.

Key features

The NFS provides the following key features:

򐂰 Improved interoperability with other system platforms, increasing overall network utilization and user productivity

򐂰 Easy access to files for the end-user of the NFS client system 򐂰 Uses industry standard TCP/IP protocols

NFS cross-platform specifications

NFS assumes a hierarchical file system (directories). Files are unstructured streams of uninterpreted bytes. That is, each file is seen as a contiguous byte stream, without any record-level structure. This is the kind of file system used by UNIX and Windows, so these environments will easily integrate an NFS client extension in their own local file system. File systems used in MVS lend themselves less readily to this kind of extension.

Network File System was designed by Sun Microsystems. It is designed to be machine-independent, operating system-independent, and transport

protocol-independent. This independence is achieved through Remote

Procedure Call (RPC) primitives. These allow a program on one machine to start a procedure on another machine as if the procedure were local. RPC uses the External Data Representation protocol (XDR), which resolves the differences in data representation of different machines.

The RPC concept can be simplified as follows:

򐂰 The caller process sends a call message and waits for the reply. 򐂰 On the server side, a process is dormant, awaiting the arrival of call

messages. When one arrives, the server extracts the procedure parameters, computes the results and sends them back in a reply message.

With NFS, all file operations are synchronous. This means that the file operation call returns only when the server has completed all work for the operation. In the case of a write request, the server will physically write the data to disk. If

necessary, it will update any directory structure before returning a response to the client. This ensures file integrity.

NFS is a

stateless

service. That means it is not aware of the activities of its clients. As a result, a server does not need to maintain any extra information about any of its clients in order to function correctly. In the case of server failure, clients only have to retry a request until the server responds, without having to reiterate a mount operation.

File locking and access control synchronization services are provided by two cooperating processes: the Network Lock Manager (NLM) and the Network Status Monitor (NSM). The NLM and NSM are RPC-based servers, which normally execute as autonomous daemon servers on NFS client and server systems. They work together to provide file locking and access control capability over NFS.

NFS specifications in open environments

The NFS protocol was designed to allow different operating systems to share files. However, since it was designed in a UNIX environment, many operations have semantics similar to the operations of the UNIX file system. NFS in UNIX environments supports:

򐂰 Server and client functions to share data

򐂰 Network Information Services (NIS), which allows, for example, centralized user authentication

򐂰 Automounter support, which allows automatic NFS mounting, while the accessing file system is unmounted from the client, to enhance the network load

򐂰 User authentication, provided by means of RPC use of the data encryption standard

򐂰 Support of access control lists between UNIX systems

򐂰 Remote mapped file support, which allows an RS/6000 NFS client to take advantage of the enhanced virtual memory management function of AIX Specific software is available from vendors to implement NFS functions in the Windows NT environment. This allows users to access the Windows NT storage. Windows NT can be both an NFS server and an NFS client. Depending on the software, the NFS server can have the following features:

򐂰 NFS server provides NFS clients access to server, exported disks, printer, and CD-ROMs.

򐂰 NFS server can be installed as a Windows NT service, with no logon needed. 򐂰 NFS allows seamless integration with NT security; use NT local or domain

accounts.

򐂰 NFS provides NT accounts and groups to UNIX UID and GID mapping. 򐂰 NFS supports FAT, NTFS, CDFS, and HPFS file systems.

򐂰 NFS supports network locking manager.

򐂰 NFS can be integrated with Windows Explorer to share an NFS directory from Explorer or Network Neighborhood.

򐂰 NFS provides automatic recovery when Windows NT restarts.

2.6.2 Common Internet File System (CIFS)

The Common Internet File System (CIFS) is another protocol to share file systems across the network. It is used in Microsoft Windows products. The CIFS protocol supports rich, collaborative applications over the Internet.

CIFS defines a standard remote file system access protocol for use over the Internet. This enables groups of users to work together and share documents across the Internet, or within their corporate intranets. CIFS is an open, cross-platform technology based on the native file-sharing protocols built into Microsoft Windows and other popular PC operating systems. It is supported on dozens of other platforms, including UNIX.

With CIFS, millions of computer users can open and share remote files on the Internet without having to install new software or change the way they work.

CIFS in a nutshell

CIFS enables collaboration on the Internet by defining a remote file access protocol. This protocol is compatible with how applications already share data on local disks and network file servers. CIFS incorporates the same

high-performance, multi-user read and write operations, locking, and file-sharing semantics that are the backbone of today's enterprise computer networks. CIFS runs over TCP/IP and utilizes the Internet's global Domain Naming Service (DNS) for scalability. It is specifically optimized to support slower speed dial-up connections common on the Internet.

With CIFS, existing applications and applications for the World Wide Web can easily share data over the Internet or intranet, regardless of computer or operating system platform. CIFS is an enhanced version of Microsoft's open, cross-platform Server Message Block (SMB) protocol. This is the native file-sharing protocol in the Microsoft Windows 95, Windows NT, and OS/2 operating systems. It is the standard way that millions of PC users share files across corporate intranets. CIFS is also widely available on UNIX, VMS™, Macintosh, and other platforms.

CIFS technology is open, published, and widely available for all computer users. Microsoft has submitted the CIFS 1.0 protocol specification to the Internet Engineering Task Force (IETF) as an Internet-Draft document. Microsoft is also working with interested parties for CIFS to be published as an Informational RFC. CIFS (SMB) has been an Open Group (formerly X/Open) standard for PC and UNIX interoperability since 1992 (X/Open CAE Specification C209).

CIFS is not intended to replace HTTP or other standards for the World Wide Web. CIFS complements HTTP while providing more sophisticated file sharing and file transfer than older protocols such as FTP. CIFS is designed to enable all applications, not just Web browsers, to open and share files securely across the Internet.

CIFS benefits

Following are some benefits of using CIFS:

򐂰 Integrity and concurrency -CIFS allows multiple clients to access and update the same file, while preventing conflicts with sophisticated file-sharing and locking semantics. These mechanisms also permit aggressive caching, and read-ahead/write-behind, without loss of integrity.

򐂰 Fault tolerance - CIFS supports fault tolerance in the face of network and server failures. CIFS clients can automatically restore connections, and reopen files, that were open prior to interruption.

򐂰 Optimization for slow links - The CIFS protocol has been tuned to run well over slow-speed dial-up lines. The effect is improved performance for the vast numbers of users today who access the Internet using a modem.

򐂰 Security - CIFS servers support both anonymous transfers and secure, authenticated access to named files. File and directory security policies are easy to administer.

򐂰 Performance and scalability - The performance of CIFS servers is good. CIFS servers are highly integrated with the operating system, tuned for maximum system performance, and easy to administer.

򐂰 Unicode file names - File names can be in any human character set, not just ones designed mainly for English or Western European languages.

򐂰 Global file names - Users do not have to mount remote file systems. They can refer to them directly with globally significant names, instead of ones that have only local significance.

2.6.3 Differences between NFS and CIFS

The main differences between NFS and CIFS are:

򐂰 NFS was designed by Sun Microsystems to be machine-independent, operating system-independent, and transport protocol-independent. CIFS was designed by Microsoft to work on Windows workstations.

򐂰 NFS servers make their file systems available to other systems in the network by

exporting

directories and files over the network. An NFS client

“mounts”

a remote file system from the exported directory location. NFS controls access by giving client-system level user authorization. The assumption is that a user who is authorized to the system must be trustworthy. Although this type of security is adequate for some environments, it is open to abuse by anyone who can access a UNIX system via the network.

On the other hand, CIFS systems create

“file shares”

which are accessible by authorized users. CIFS authorizes users at the server level, and can use Windows domain controllers for this purpose. So CIFS security is stronger than NFS.

򐂰 NFS is a

stateless

service. In other words, it is not aware of the activities of its clients. Any failure in the link will be transparent to both client and server. When the session is re-established the two can immediately continue to work together again.

CIFS is

session-

oriented and

stateful

. This means that both client and server share a history of what is happening during a session, and they are aware of the activities occurring. If there is a problem, and the session has to be re-initiated, a new authentication process has to be completed.

򐂰 For directory and file level security, NFS uses UNIX concepts of “User”, “Groups” (sets of users sharing a common ID), and “Other” (meaning no associated ID). For every NFS request, these IDs are checked against the UNIX file system’s security. However, even if the IDs do not match, a user may still have access to the files.

CIFS, however, uses access control lists that are associated with the shares, directories, and files, and authentication is required for access.

򐂰 The locking mechanism principle is very different. When a file is in use NFS provides “advisory lock” information to subsequent access requests. These inform subsequent applications that the file is in use by another application, and for what it is being used. The later applications can decide if they want to abide by the lock request or not. So any UNIX application can access any file at any time. The system relies on “good neighbor” responsibility and clearly is not foolproof.

CIFS, on the other hand, effectively locks the file in use. During a CIFS session, the lock manager has historical information concerning which client has opened the file, for what purpose, and in which sequence. The first access must complete before a second application can access the file.

In document IP Storage Networking: (Page 111-116)