Slashdot Mirror
Samba Success in the Enterprise?
gunnk asks: "We've deployed a Samba server here to replace some aging Novell Netware boxes. It works great: fast, secure, stable. However, we have one VIP that feels that Samba is 'amateur' software and that we should be buying Windows servers. I've been searching with little success for large Samba deployments in Enterprise environments. Anyone out there care to share stories of places that are happily running large Samba installations for their file servers? Or not so happy, for that matter — better to be informed!"
called Google?
Probably not.
If "disco" means "I learn" in Latin, does "discothèque" mean "I learn technology"?
I work in a Fortune 500 Media company, and with our mixed environment -- Sun, Linux, Windows, Mac -- we use Samba quite extensively for workflow. It works great, it's stable, and it makes our lives so much easier when we have to mass migrate files between the different platforms.
I've been using samba for the last 12 years in various guises, if there ever was a problem then
it usually was that I did not upgrade the software often enough because *it just works*.
That in my eyes is the best feature any software package can have, that it is so reliable
you forget you have it.
As for it being 'amateur' software, amateur to me spells motivation and the quality level
of the samba software reflects that dedication quite well.
Better than the 9-5 code monkeys products by a long shot most of the time.
OSS is the future, better believe it.
MP3 Search Engine
We use it on my site. In fact we have about 2000+ users who use it every day.
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
AOL/Time-Warner enormously relies on linux and Samba all over the place. This may or may not help your case depending on what your boss thinks of AOL as a company...
Ross
I can imagine samba making the workplace feel a little more-upbeat, what with the 1..a-2..3..a-4 rhythm that makes you want to shake that booty. It can definitely keep folks awake at their workstations, which would boost productivity. Plus it would give everything a more Brazilian feel, which will help people forget that in fact outside it's all icy and cold. So, yes, I could definitely see samba being successful in enterprise.
Paso Doble not so much. Spanish Gypsy can get quite annoying after a while.
I like basketball!!1!
Department of health and human services (office of families) uses it to serve all of the files to their webservers.
Our network guys used a Samba machine for at least one file share server that I knew of at HQMC. That was a number of years ago now. I know my college (a MS certified partner) used it and it was used heavily in a number of our networking and security classes.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
sounds like your vp is an amateur and should be replaced with 'anyone' else!
I have several samba servers that serve 3000 users and almost 1000 computers, from Windows 98 to XP. It works well and only ever gives us problems when LDAP (OpenLDAP is tempermental) has a problem. We've used Samba since the 2.2 days in production. We're looking forward to Samba 4 to get ActiveDirectory-style domains. NT domains work fine, but are clunky. Only our lab machines are on a domain. The rest of the machines either just have local accounts with network drives mapped, or have pGina logins that map the drives for the user.
For many enterprises, Samba isn't enough. They require the management aspects of ActiveDirectory. Fortunately Samba 4 will do all that. Plus I have yet to integrate Vista into our system. Promises to be a nightmare I think.
This stigma your VP has is quite common, and no amount of evidence or arguing will change his mind, likely. Stubborn ignorance. The world is slowly changing, but I think it's as the truly ignorant people die off.
Ever since it started to talk to Active Directory domain servers, it was perfect for the office. Before that it was great, but lacked the key feature to allow it to get accepted properly.
We've deployed a Samba server here to replace some aging Novell Netware boxes
So at some point, this VIP probably trusted Novell. Since Novell is putting all it's effort into OES linux (which ships with Samba, not to mention employed Jeremy Allison for awhile), I bet they'd have an opinion on the subject.
There is no reasonable defense against an idiot with an agenda
:wq
Samba is every bit as good as anything else for running a file server, and if you're setting your file servers up correctly, nobody will know or care what they're running. They either work or they don't.
I would still recommend that you use Windows, because I'm at Microsoft. We like people to use Windows. You should use Windows more often. You should install it on everything. I'd be happy to explain how you could do the same things you already do with more Windows licenses. But it's sort of your job to think about what's best for your company, not ours.
Microsoft cheerleader, blue flag waving, you got a problem with that?
I hear they use it on the Excelsior as well. It's a great little secret weapon, let's hope the Klingons don't get it.
Rhymes that keep their secrets will unfold behind the clouds.There upon the rainbow is the answer to a neverending story
On my network, SAMBA is doing a better job as a server than what I've managed using Microsoft products as a server. I'd hate to cling to something or avoid something just because of a prejudiced notion. Apparently, you're already using it successfully. I suppose the only way to argue with good results is to make emotion-based nitpicks on the methodology.
I'm servicing 3 computer labs consisting of roughly 100 workstations here, all with a Samba/Linux backend. I have nothing but praise for Samba and would highly recommend it to anyone. I have some native clients and some that are housed in a vmware image. I have cross platform printing, cross platform credentials (thanks to password sync) and cross platform ~/. What's not to like?
The only downside is that until v4 hits the streets, we can't do full AD. We could of course get around this by dropping in a single 2k3 box to be the DC, but we'd like to avoid that if possible. I'm really looking forward to v4, as AD is one of the good things MS has done, imo (standards adherence aside)!
-Ben
Agreed -- try OpenAFS. More complex, but scales well.
10b||~10b -- aah, what a question!
We have a project inside IBM called the Global Storage Architecture that provides enterprise file system service. There are currently over 95K users on GSA with over 143TB of used space, spread across 39 installations on 5 continents.
7 .html
There are several different ways to connect to GSA File depending on the platform and application, but Samba is used for connecting the Windows clients, of which there are tens of thousands. In addition to general office productivity, many of these clients are doing hardware design and software development.
You can read an account of GSA File in appendix B of the Implementing NFSv4 in the Enterprise: Planning and Migration Strategies Redbook. The appendix is oriented toward the NFS aspects of the service, but you can still get a good idea of what is going on.
http://publib-b.boulder.ibm.com/abstracts/sg24665
And there is a host of companies out there getting paid to do Samba support:
http://us1.samba.org/samba/support/us.html
I've used Samba at home for about eight years with a Linux file / print server. The server uses RAID1. The only time it's been down is:
1) Changing hardware (including replacing drives with bigger drives).
2) Changing entire server (replacing with faster box and previous drives).
3) Power failure & UPS battery had died.
Right now it's serving files to four Windows boxes including storing video for a PVR.
Not that a home installation will mean anything to your VP.
[Insert pithy quote here]
The Linksys consumer-level network storage controller, NSLU2, is embedded linux + samba. This box looks like a Windows shared drive and has to interoperate with different flavors of windows without configuration. (The web interface just allows you to create and name volumes, add users, etc.)
It's weird to compare a $100 box with enterprise-scale problems, but embedded software has to be 100% reliable since you can't issue patches or administer the box later if there's a problem.
(BTW the box is also linux friendly, both flashed applications and booting to a HD-based Debian system. I have one at home.)
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
I work for a small/medium size business with around 167 employees. We have locations in Plainville KS, Hays KS, Chicago IL, Pasadena CA, and New York City NY. We use Samba for network file shares in all these locations. It works great in a mixed Linux, WinXP, Mac OS X environment. We haven't ever had any issues with it what so ever.
Unstable Apps: Our Android Apps Don't Suck
We support about 6500 engineers here at the rocket ranch. Back at the turn of the century, we wanted to migrate everybody from expensive-to-maintain *nix workstations to vastly cheaper Windows PCs, but we had a problem: all our data was on several dozen HP N-class data servers. We do serious 3D CAD and FEA, with engineering data sets measured in dozens of terabytes. We wanted to leverage the performance and economy of fast, cheap X86 boxen while not losing our investment in our storage management infrastructure. My IT masters had never heard of samba, and were amazed when I demonstrated how easy it was to serve out a Pro/E drawing to an engineer working at one of our brand new 1 GHz NT4 PCs (I told you it was at the turn of the century.) We deployed it sitewide in 2000, and even now, seven years later, my users still thank me for making it possible for them to use fast PCs to access their Unix-based data sets. We ran samba on SunOS boxes, because we never could get it to play nice with HPUX. Samba is ridiculously easy to install, manage, and maintain, especially with one of the GUI frontends that are readily available. We used SWAT, and it rocked. Samba was a great intermediate enabler, allowing us to continue to use our N class servers while we were moving our user base to PCs.
In 2003, however, we acquired a bunch of Network Appliance servers, and migrated off our HPUX and Sun data servers. NetApp filers are platform agnostic; if the client is a *nix box, the filer presents the data as an NFS mount. If the client is Windows, it looks like NTFS. NetApps aren't cheap, but they were worth the major investment. If your company doesn't want to shell out for a filer, then samba is very viable and I recommend it highly.
Samba may have been met with trepidation like 8 years ago. The rest of the world has gotten with the program. It works. It works well. It works extremely well.
I've implemented it at a number of Fortune 100 companies. I cannot name names due to NDA but you would recognize the names. I am contracting at one of them right now.
For enterprise scale use, I would even contend that Samba makes a better file server to large numbers of Windows clients than running Windows on the server. Can you run Windows on an IBM pSeries 570 (16 POWER5+ processors, 128GB RAM) to serve files to ~20,000 users? I can tell you that RHEL 4 does that just fine.
While we aren't a huge environment (50 - 75 PCs), Samba is working great for us. Running Samba 3.0.22 on Ubuntu. I've integrated authentication into our Active Directory environment (native 2003) complete with ACLs. Although it is worth pointing out that there is a very distinct difference in ACLs on Samba (POSIX ACLs) vs Windows ACLs if you are used to Windows 2000 and beyond permissions. I won't tell the whole story here, but make sure to read Samba documentation on the subject if you don't already know. The short short version is that POSIX ACLs offer a much simpler set of permissions of rwx where Windows breaks out several others. This usually isn't a big deal.
Configuring all of the proper settings on shares can be cumbersome if you have quite a few. If you require some quick and easy GUI to do everything, Swat is a favorite. Centeris also makes a product that looks promising.
Keep your eye on Samba 4. It will allow you to replace your Windows Active Directory servers. All in all, I'd have to say your VIP calling Samba amateur software shows either ignorance of reality or negative bias towards Samba.
Not a chance... No one ever got fired for buying IBM I mean Microsoft.
They are the standard and the largest software company in the world so their stuff has to work. If it fails it was because IT messed up.
This post has nothing to do with facts, just reality.
And not they are not the same thing.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
Instead of quoting specific companies, how about pointing to that well known study which shows that Samba is more than twice as fast as Windows Server 2003 for SMB serving?
We're not as big as some enterprise customers, but we do have a 5 TB FreeBSD server which uses samba to both run our domain of analysis workstations and serve up all of that data. Someone else mentioned OpenLDAP frustrations (with which I somewhat agree). However, IDEALX's smbldap does warrant a shoutout for making things easier for so long.
Funny you should ask.
I've just finished deploying a brand new CentOS/Samba solution to replace some ageing NT4 servers.
We got a shiny new Dell Poweredge 2900 with 16GB Memory, twin quad-core Xeons and 8x300GB hot-swap SAS drives.
I configured up CentOS 4.4, using Samba/OpenLDAP/Postfix/Dovecot and MySQL to provide domain, database, roaming profile and file sharing services to a workgroup of around 100 workstations running XP.
Now we have ironed out the smaller issues with the deployment, it's absolutely rock-solid. Current uptime is 18 days, without a glitch at all. Utilisation hasn't peaked over about 20%, giving us plenty of spare capacity for expansion.
We did consider deploying Windows Server 2003, but were put off by the price tag of the cluster of machines that was recommended to provide us with the capacity to service 100 workstations. Suffice to say that the £6k we paid was a mere fraction of the Windows alternative.
Beer Coat: The invisible but warm coat worn when walking home after a booze cruise at 3 in the morning.
And they'll be happy to sell your boss as platinum support contract which includes it, so as to make it appropriaterly expensive (;-))
--dave
davecb@spamcop.net
HP calls it CIFS Server for HP-UX, but it's really Samba.
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
we have over 10,000 users (students/faculty/staff) with home directories on a single sparc solaris samba box (files stored on a SAN), and i can't say that we have had any problems with it. It has been extremely reliable for the past 5+ years we have been using it.
Maybe not. IT has a budget. If they don't use all that budget then next year they get less money. Money is power.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
It's me you're complaining about here, as I wrote (and maintain)
:-).
:-) :-).
:-).
the POSIX ACL code in Samba.
I understand your problem, but you've got to realize there's
nowhere on a UNIX filesystem to store that meta-data and have
the kernel understand it.
Sure, we can push the NT ACLs into an EA, but nothing in
the kernel will look at that EA or even be able to make sense
of the SIDs stored within it.
We can do the interpretation inside Samba but this doesn't
prevent other POSIX processes from completely ignoring
whatever ACLs you thought you'd securely set on that file.
NetApp can do this as they have their own kernel (based
on FreeBSD originally) which they've hacked to understand
these ACLs. Samba isn't a kernel, and so can't do this
NFSv4 ACLs, whilst having their own problems, are much closer
to what we need to store full NT ACLs. Unfortunately they (a)
break POSIX, (b) aren't yet finished on the most popular
platorm (Linux) and (c) have no userspace API standard for
getting to them.
This is one of the reasons my world sucks (Microsoft DFS is
another at the moment
Your complaint is like a child screaming "I want a pony,
I want a pony...". We *all* want a pony. Where is it going
to live.....
Jeremy.
I'm glad you asked that :-). It's not currently
:-) :-).
possible in CIFS - you need a secure network.
But Steve French (CIFSFS Linux client) and I
are looking at ways to add krb5/gss encryption
to Linux/MacOSX/HPUX CIFS clients when talking
to Samba servers using the UNIX extensions.
Won't work with Windows clients unless Microsoft
decides to implement what we design (and publish
the protocol in an rfc of course) but then again
you should be using Linux or Mac clients anyway to
get the extra cool features
Come to the SambaXP conference to hear more....
http://sambaxp.org/
Jeremy.
You're still asking for your pony without
telling anyone where it will live.
Samba maps Windows semantics to POSIX.
There are some semantics you simply
can't map onto POSIX - the Windows
access time / create time semantics
for example, so we simply can't
provide these. Some POSIX semantics
are flexible enough we can layer
Windows on top (locking for example).
Until the kernel gets NFSv4 ACLs
that mean NT style ACLs can be understood
there anything Samba does on top of
this will not map into anything meaningful.
There are inherent limitations in POSIX
that mean we can't do this - yet. Luckily
for us the UNIX/Linux standards are being
extended so we can revisit it when they
do.
Jeremy.
Something else you might want to consider are the things Windows will do that Samba does not (or, at least, does not do without lots of hacking around).
Two of these are DFS Replication (DFSR) and Volume SnapShots (VSS).
We are currently in the process of evaluation a replacement for our aging fileserver plus some sort of centralised, SAN-like storage. Two of the leading candidates are Sun's 5320 and IBM's N5200 which offer access for clients via both network (CIFS, NFS, etc) and block-level (iSCSI, FC). Several branch offices are also in the same situation, although they lack the need for block-level, centralised disk.
However, neither of them support DFSR (nor does any other non-Windows based NAS device from what I can gather). They do both have replication technologies of their own, but those are just as expensive (additional US$8k-ish) - if not more so - than just buying a dedicated Windows fileserver to connect to the SAN/NAS device via iSCSI.
Then there's the snapshotting, which Samba doesn't do on its own (but you can hack together something, depending on the host OS). VSS in Windows is trivial to enable, very simple to use and works quite well. It's primary benefit is to reduce the overheads on support staff from users "accidentally" deleting things and needing them restored - something they are now able to do themselves, rather than weighing down support staff with those requests. It can also be used for simplifying backup procedures. (Any decent NAS device will also have some sort of snapshotting functionality).
With regards to Samba in general, we use it fairly extensively on a per-host basis to allow easy access to certain parts of the filesystem for certain staff. I've experimented with it in the past on an AD level and successfully gotten it working, but the overhead for setup is non-trivial, especially if you want things like UIDs to match up across different machines.
Simple setups in Samba and Windows are simple. More complex (Active Directory integration, especially with multiple servers) are also fairly simple in Windows, but relatively much more difficult with Samba. If you're looking at the latter - *especially if you're not already an expert* - you'll probably need almost a complete person full-time to work with it during the implementation phase.
The simple version is this: software and hardware are cheap, people-time is expensive (this is a concept a *lot* of technically oriented people - myself included - have significant difficulty a) grasping and b) remembering). In all likelihood, you will use substantially more people-time - especially in the earlier phases - with Samba than you will with Windows. That's where the "value" of Windows (or NAS appliances) comes in - saving people-time $$$. If you're already a Samba expert, OTOH, the people-time aspect of the equation will be substantially different and you can compare largely on features. However, banging out a good, manageable, sustainable, reliable AD-integrated Samba infrastructure is something that will take on the order of weeks unless you already know what you're doing and have done it before. Your boss has a very poor argument against Samba, but do not kid yourself that good arguments against Samba do not exist.