Every (NAS/File) VNX user must be assigned a unique numeric UID and GID to indicate the ownership of directories and files. Like VNX, UNIX/Linux use UIDs and GIDs to identify users and groups. As a consequence, the VNX can use the UIDs and GIDs supplied by UNIX/Linux clients withouth requiring any additional mappings. However the situation is a little bit different with Windows. Windows doesn’t use numeric IDs to identify users. Instead, it uses strings called security identifiers (SIDs). That gives us a little bit of a challange, and before we configure Windows file-sharing service (CIFS server), the method of mapping Windows SIDS to UIDs/GIDs has to be selected. For info regarding this topic please read post EMC VNX – Usermapper in theory.
Our CIFS DR solutions describe Windows-only environment. The VNX Usermapper feature automatically assings UIDs and GIDs to Windows users and groups. This functionality is part of Data Mover’s software, so we do not have to install anything additionally.
Usermapper automatically generates UIDs and GIDs for Windows domain user and group SIDs and maintains the mapping in a database. The generated UID and GID values start at 32768 and increment for each new user and groups being mapped.
There are three usermapper roles: primary, secondary and client. Primary Usermapper is enabled by default and runs on Data Mvoer 2 on every VNX system. Only this role generates user mappings. In multiple VNXs environment only one primary usermapper can exist. Secondary Usermapper does not generate user mappings, but rather queries the Primary Usermapper for the mappings. In multi VNX environment there should be one secondary usermapper configured per each additional VNX. Finally we have Usermapper Client that should be configured on all other VNX Data Movers. Usermapper client query primary/secondary usermappers within their VNX for user mappings.
Secure mapping (secmap / secmap cache) listens to mapping sources and records the mapping information provided. Secmap is designed to improve response time for a subsequent mapping request of a user or group that has already been mapped. Secmap doesnt generate user mapping – that’s what’s usermapper for.