Slashdot Mirror
Samba Success in the Enterprise?
gunnk asks: "We've deployed a Samba server here to replace some aging Novell Netware boxes. It works great: fast, secure, stable. However, we have one VIP that feels that Samba is 'amateur' software and that we should be buying Windows servers. I've been searching with little success for large Samba deployments in Enterprise environments. Anyone out there care to share stories of places that are happily running large Samba installations for their file servers? Or not so happy, for that matter — better to be informed!"
called Google?
Probably not.
If "disco" means "I learn" in Latin, does "discothèque" mean "I learn technology"?
I work in a Fortune 500 Media company, and with our mixed environment -- Sun, Linux, Windows, Mac -- we use Samba quite extensively for workflow. It works great, it's stable, and it makes our lives so much easier when we have to mass migrate files between the different platforms.
AOL/Time-Warner enormously relies on linux and Samba all over the place. This may or may not help your case depending on what your boss thinks of AOL as a company...
Ross
I can imagine samba making the workplace feel a little more-upbeat, what with the 1..a-2..3..a-4 rhythm that makes you want to shake that booty. It can definitely keep folks awake at their workstations, which would boost productivity. Plus it would give everything a more Brazilian feel, which will help people forget that in fact outside it's all icy and cold. So, yes, I could definitely see samba being successful in enterprise.
Paso Doble not so much. Spanish Gypsy can get quite annoying after a while.
I like basketball!!1!
Department of health and human services (office of families) uses it to serve all of the files to their webservers.
Our network guys used a Samba machine for at least one file share server that I knew of at HQMC. That was a number of years ago now. I know my college (a MS certified partner) used it and it was used heavily in a number of our networking and security classes.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
sounds like your vp is an amateur and should be replaced with 'anyone' else!
I have several samba servers that serve 3000 users and almost 1000 computers, from Windows 98 to XP. It works well and only ever gives us problems when LDAP (OpenLDAP is tempermental) has a problem. We've used Samba since the 2.2 days in production. We're looking forward to Samba 4 to get ActiveDirectory-style domains. NT domains work fine, but are clunky. Only our lab machines are on a domain. The rest of the machines either just have local accounts with network drives mapped, or have pGina logins that map the drives for the user.
For many enterprises, Samba isn't enough. They require the management aspects of ActiveDirectory. Fortunately Samba 4 will do all that. Plus I have yet to integrate Vista into our system. Promises to be a nightmare I think.
This stigma your VP has is quite common, and no amount of evidence or arguing will change his mind, likely. Stubborn ignorance. The world is slowly changing, but I think it's as the truly ignorant people die off.
We've deployed a Samba server here to replace some aging Novell Netware boxes
So at some point, this VIP probably trusted Novell. Since Novell is putting all it's effort into OES linux (which ships with Samba, not to mention employed Jeremy Allison for awhile), I bet they'd have an opinion on the subject.
There is no reasonable defense against an idiot with an agenda
:wq
Samba is every bit as good as anything else for running a file server, and if you're setting your file servers up correctly, nobody will know or care what they're running. They either work or they don't.
I would still recommend that you use Windows, because I'm at Microsoft. We like people to use Windows. You should use Windows more often. You should install it on everything. I'd be happy to explain how you could do the same things you already do with more Windows licenses. But it's sort of your job to think about what's best for your company, not ours.
Microsoft cheerleader, blue flag waving, you got a problem with that?
I hear they use it on the Excelsior as well. It's a great little secret weapon, let's hope the Klingons don't get it.
Rhymes that keep their secrets will unfold behind the clouds.There upon the rainbow is the answer to a neverending story
On my network, SAMBA is doing a better job as a server than what I've managed using Microsoft products as a server. I'd hate to cling to something or avoid something just because of a prejudiced notion. Apparently, you're already using it successfully. I suppose the only way to argue with good results is to make emotion-based nitpicks on the methodology.
I'm servicing 3 computer labs consisting of roughly 100 workstations here, all with a Samba/Linux backend. I have nothing but praise for Samba and would highly recommend it to anyone. I have some native clients and some that are housed in a vmware image. I have cross platform printing, cross platform credentials (thanks to password sync) and cross platform ~/. What's not to like?
The only downside is that until v4 hits the streets, we can't do full AD. We could of course get around this by dropping in a single 2k3 box to be the DC, but we'd like to avoid that if possible. I'm really looking forward to v4, as AD is one of the good things MS has done, imo (standards adherence aside)!
-Ben
Agreed -- try OpenAFS. More complex, but scales well.
10b||~10b -- aah, what a question!
We have a project inside IBM called the Global Storage Architecture that provides enterprise file system service. There are currently over 95K users on GSA with over 143TB of used space, spread across 39 installations on 5 continents.
7 .html
There are several different ways to connect to GSA File depending on the platform and application, but Samba is used for connecting the Windows clients, of which there are tens of thousands. In addition to general office productivity, many of these clients are doing hardware design and software development.
You can read an account of GSA File in appendix B of the Implementing NFSv4 in the Enterprise: Planning and Migration Strategies Redbook. The appendix is oriented toward the NFS aspects of the service, but you can still get a good idea of what is going on.
http://publib-b.boulder.ibm.com/abstracts/sg24665
The Linksys consumer-level network storage controller, NSLU2, is embedded linux + samba. This box looks like a Windows shared drive and has to interoperate with different flavors of windows without configuration. (The web interface just allows you to create and name volumes, add users, etc.)
It's weird to compare a $100 box with enterprise-scale problems, but embedded software has to be 100% reliable since you can't issue patches or administer the box later if there's a problem.
(BTW the box is also linux friendly, both flashed applications and booting to a HD-based Debian system. I have one at home.)
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
I work for a small/medium size business with around 167 employees. We have locations in Plainville KS, Hays KS, Chicago IL, Pasadena CA, and New York City NY. We use Samba for network file shares in all these locations. It works great in a mixed Linux, WinXP, Mac OS X environment. We haven't ever had any issues with it what so ever.
Unstable Apps: Our Android Apps Don't Suck
Samba may have been met with trepidation like 8 years ago. The rest of the world has gotten with the program. It works. It works well. It works extremely well.
I've implemented it at a number of Fortune 100 companies. I cannot name names due to NDA but you would recognize the names. I am contracting at one of them right now.
For enterprise scale use, I would even contend that Samba makes a better file server to large numbers of Windows clients than running Windows on the server. Can you run Windows on an IBM pSeries 570 (16 POWER5+ processors, 128GB RAM) to serve files to ~20,000 users? I can tell you that RHEL 4 does that just fine.
Instead of quoting specific companies, how about pointing to that well known study which shows that Samba is more than twice as fast as Windows Server 2003 for SMB serving?
We're not as big as some enterprise customers, but we do have a 5 TB FreeBSD server which uses samba to both run our domain of analysis workstations and serve up all of that data. Someone else mentioned OpenLDAP frustrations (with which I somewhat agree). However, IDEALX's smbldap does warrant a shoutout for making things easier for so long.
we have over 10,000 users (students/faculty/staff) with home directories on a single sparc solaris samba box (files stored on a SAN), and i can't say that we have had any problems with it. It has been extremely reliable for the past 5+ years we have been using it.
Maybe not. IT has a budget. If they don't use all that budget then next year they get less money. Money is power.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
It's me you're complaining about here, as I wrote (and maintain)
:-).
:-) :-).
:-).
the POSIX ACL code in Samba.
I understand your problem, but you've got to realize there's
nowhere on a UNIX filesystem to store that meta-data and have
the kernel understand it.
Sure, we can push the NT ACLs into an EA, but nothing in
the kernel will look at that EA or even be able to make sense
of the SIDs stored within it.
We can do the interpretation inside Samba but this doesn't
prevent other POSIX processes from completely ignoring
whatever ACLs you thought you'd securely set on that file.
NetApp can do this as they have their own kernel (based
on FreeBSD originally) which they've hacked to understand
these ACLs. Samba isn't a kernel, and so can't do this
NFSv4 ACLs, whilst having their own problems, are much closer
to what we need to store full NT ACLs. Unfortunately they (a)
break POSIX, (b) aren't yet finished on the most popular
platorm (Linux) and (c) have no userspace API standard for
getting to them.
This is one of the reasons my world sucks (Microsoft DFS is
another at the moment
Your complaint is like a child screaming "I want a pony,
I want a pony...". We *all* want a pony. Where is it going
to live.....
Jeremy.
I'm glad you asked that :-). It's not currently
:-) :-).
possible in CIFS - you need a secure network.
But Steve French (CIFSFS Linux client) and I
are looking at ways to add krb5/gss encryption
to Linux/MacOSX/HPUX CIFS clients when talking
to Samba servers using the UNIX extensions.
Won't work with Windows clients unless Microsoft
decides to implement what we design (and publish
the protocol in an rfc of course) but then again
you should be using Linux or Mac clients anyway to
get the extra cool features
Come to the SambaXP conference to hear more....
http://sambaxp.org/
Jeremy.
Something else you might want to consider are the things Windows will do that Samba does not (or, at least, does not do without lots of hacking around).
Two of these are DFS Replication (DFSR) and Volume SnapShots (VSS).
We are currently in the process of evaluation a replacement for our aging fileserver plus some sort of centralised, SAN-like storage. Two of the leading candidates are Sun's 5320 and IBM's N5200 which offer access for clients via both network (CIFS, NFS, etc) and block-level (iSCSI, FC). Several branch offices are also in the same situation, although they lack the need for block-level, centralised disk.
However, neither of them support DFSR (nor does any other non-Windows based NAS device from what I can gather). They do both have replication technologies of their own, but those are just as expensive (additional US$8k-ish) - if not more so - than just buying a dedicated Windows fileserver to connect to the SAN/NAS device via iSCSI.
Then there's the snapshotting, which Samba doesn't do on its own (but you can hack together something, depending on the host OS). VSS in Windows is trivial to enable, very simple to use and works quite well. It's primary benefit is to reduce the overheads on support staff from users "accidentally" deleting things and needing them restored - something they are now able to do themselves, rather than weighing down support staff with those requests. It can also be used for simplifying backup procedures. (Any decent NAS device will also have some sort of snapshotting functionality).
With regards to Samba in general, we use it fairly extensively on a per-host basis to allow easy access to certain parts of the filesystem for certain staff. I've experimented with it in the past on an AD level and successfully gotten it working, but the overhead for setup is non-trivial, especially if you want things like UIDs to match up across different machines.
Simple setups in Samba and Windows are simple. More complex (Active Directory integration, especially with multiple servers) are also fairly simple in Windows, but relatively much more difficult with Samba. If you're looking at the latter - *especially if you're not already an expert* - you'll probably need almost a complete person full-time to work with it during the implementation phase.
The simple version is this: software and hardware are cheap, people-time is expensive (this is a concept a *lot* of technically oriented people - myself included - have significant difficulty a) grasping and b) remembering). In all likelihood, you will use substantially more people-time - especially in the earlier phases - with Samba than you will with Windows. That's where the "value" of Windows (or NAS appliances) comes in - saving people-time $$$. If you're already a Samba expert, OTOH, the people-time aspect of the equation will be substantially different and you can compare largely on features. However, banging out a good, manageable, sustainable, reliable AD-integrated Samba infrastructure is something that will take on the order of weeks unless you already know what you're doing and have done it before. Your boss has a very poor argument against Samba, but do not kid yourself that good arguments against Samba do not exist.