EMC VNX – Usermapper in theory

Posted on by Tomek

Do we need usermapper?

Every user of the EMC VNX, either a Microsoft Windows user or a UNIX/Linux user, must be identified by a unique numeric user identifier (UID) and group identifier (GID). As you probably know, it’s a little bit different with Windows. Windows does not use numeric IDs to identify users. Instead, it uses strings called security identifiers (SIDs). Therefore, before you configure the Windows file-sharing service (CIFS server), you must select a method of mapping Windows SIDs to UIDs and GIDs. The method you use depends on whether you have a Windows-only or UNIX/Linux and Windows (multiprotocol) environment. These methods include:

  • Usermapper
  • LDAP-based directory services (including Active Directory that uses Microsoft Windows Services for UNIX or Identity Management for UNIX
  • local files
  • Network Information Service (NIS)
  • Active Directory (by using CIFS Microsoft Management Console)
  • ntxmap

 How can you choose the proper method?

Method for mapping Windows users

Method for mapping Windows users

User mapping in Windows-only environments

If you have only Windows-only environment the VNX Usermapper feature automatically assigns UIDs and GIDs to Windows users and groups. Usermapper is part of the Data Mover’s software. It does not require separate installation and, in the case of a new VNX, requires no additional configuration procedures. Of course that’s not always true, if you use VNX Replicator you have to chose which VNX should have the primary and secondary Usermapper. I will write a little bit more on that with the Replicator post.

User mapping in multi-protocol environments

In multi-protocol environments, file systems can be accessed by UNIX/Linux and Windows users. File access is determined by the permissions on the file or directory, specifically by one or both of the following:

  • UNIX/Linux permissions
  • Windows access control list (ACLs)

Therefore, if a user has UNIX/Linux and Windows user accounts, you should choose a mapping method that allows you to indicate that the two accounts represent the same user.

The mapping method that enable you to control the mappings used, and ensure that specific Windows SIDs are mapped to the corresponding UIDs or GIDs include:

  • LDAP-based directory services, such as the Active Directory (that uses Microsoft Windows Services for UNIX)
  • A Data Mover’s local user and group files
  • Network Information Service (NIS)
  • Active Directory

If a user uses only a single login (either through Windows or UNIX/Linux) you can use Usermapper.

 

4 thoughts on “EMC VNX – Usermapper in theory

  1. Pingback: E20-547 Study Guide | Storage Freak
  2. Pingback: EMC VNX – CIFS DR – part 2: Usermapper | Storage Freak

  3. Hi,

    Quick question, so if you decide to make the DR site primary, and the DR had already some entries made on it, would copying data from Prod to DR VNX overwrite the secmap in this case or would it just add on it along the info it had already?

    Thanks!
    Osama Hasebou

    Reply

  4. Hi,

    My question is if the environment is multi protocol then the usermapper should point to the CIFS server or loopback address??
    Regards,
    Sourangshu

    Reply

Leave a Reply to Sourangshu Cancel reply

Your email address will not be published. Required fields are marked *