The automatic ID-mapping module with Active Directory configuration – “autorid”

“ID-mapping” What’s that?

It’s basically the identity mapping, that is mapping an SID from Windows world to a UID/GID from the Unix world when CIFS data is being accessed on Spectrum Scale.

SID, short for Security identifier, is a unique and immutable identifier for a user or group from Windows operating system. It consists of a domain identifier plus an object identifier (RID) which is unique within that domain. Similarly, UID/GID is the short for user/group identifier from Unix operating system. You may read further about SIDs, UIDs and GIDs from other sources all over the net 🙂

And why do we care?

The underlying filesystem for Spectrum Scale is GPFS. It being a UNIX like filesystem identifies and grants access to the resources based upon the UID/GID only. While CIFS access the SIDs for your user/group needs to be associated with a UID/GID on GPFS to allow access. If for some reason, the mapping fails, the user/group is simply denied access.

Note: Henceforth, I’ll just use xID to mean both UID and GID, unless explicitly stated.

This association between SID and xID is what we refer to as an ID-map. The xID assigned to you on Spectrum Scale will decide what data you may access, depending upon the ACLs on the data.

On Spectrum Scale, the CIFS stack is provided by Samba. And the ID-mapping component is the winbind process. This process is responsible to assign xID for each incoming SID.

There are many ID-mapping schemes built into this process but here, in this post we will talk about only one – the ‘autorid’ mapping backend.
 Continue reading

With IDMU being deprecated by Windows 2012, are we doomed ??

Short answer – Nope !!
We are still good to go and bloom and prosper 😉

And if you are one of those easy audiences, you may skip the rest of my blabbering in this section and jump to the section which discusses some alternatives to populate the UNIX style (RFC 2307) attributes.

But if you are still with me here, you are one of my favorites. Those hard headed duds who wish to dig to the depths of stuff 🙂

So let’s continue our discussion of why Spectrum Scale would not be affected missing IDMU. To understand this, we will need to understand what happens behind the scenes

Continue reading

Hot cakes or hot objects, they better be served fast

Sometimes most of your object data is just lying on the disk not being accessed, consuming that much space on the disk. It is better to move this data to slower disks to make space for more frequently accessed data, also known as “hot” data. IBM Spectrum Scale provides heatmap tiering policies that can be […]

via Hot cakes or hot objects, they better be served fast — smitaraut

Explaining Object authentication on Spectrum Scale

Every Object access request on IBM Spectrum Scale is authenticated before serving the data. IBM Spectrum Scale object store relies on keystone for validation of user before processing the request for object access. Keystone is the identity service used by various Openstack services for authentication. Basic Spectrum Scale Object access flow is depicted in following […]

via IBM Spectrum Scale : Object Authentication — deep@work

Traditional filesystem unites with modern object storage – Access the same data in different ways

Big data analytics is a prominent use case to empower business these days. Advanced analytics systems like MapReduce work on distributed filesystem. But the “big data”, which is essentially large data, is best stored on object storage instead of traditional NAS filesystem, for it is highly scalable and economical. So how does one run analytics […]

via Traditional filesystem and modern object storage come together – Same data accessible in different ways — smitaraut