Mac Mini as OSX Server + GlobalSan iSCSI
-
What would others here propose then? The client just keep using dropbox and forget about other options? everyone has their own opinion.
keep in mind - the offices converted to Mac OSX desktops - at direction of management.
-
If you don't need a sync client, I'd ditch drop box for something like O365 (online SharePoint) or you could stand up an Owncloud in something like Digital Ocean.
But you mentioned movies - if you're talking several gig file movies.. that's not working to work well in any cloud solution.
-
@ntoxicator said:
Read/write capability was in regards to the drive being HFS+ file system. Even with SMB share option checked on mac mini. This allows for read/write capability from Windows hosts?
I thought would be able to write to the drive from Windows because being HFS+.. or is that ONLY if the HFS+ formatted drive was directly connected to a Windows/linux machine?
SMB is the protocol that Windows (or any client) sees. The file system underneath is invisible to the end machines. That's why most SMB shares are built on EXT4 or XFS today, neither Windows nor Mac can read those file systems but the SMB shares are only for Windows and Mac. SMB is the only interface that the end machines see.
This is NAS / file server.
When you do SAN (iSCSI, Fibre Channel, SAS, etc.) you connect a block device, not a network file system, and then the file system on the drive itself has to be mounted. So in that case, using HFS+ would present an issue. But it would present an issue anyway since HFS+ cannot be shared between machines.
-
@ntoxicator said:
Unsure about their Hybrid Raid (RAID-6) setup though.
It's just RAID 6 with a virtual container on top so that they can keep the rebuild size down.
-
@marcinozga said:
@ntoxicator said:
Gotcha.. Thats what I originally thought. As I use to use SAMBA as file share server years ago and was fine for my windows hosts.
So then could really do away with dropbox up-sync. Unless they decide to keep 1-user account for backup purpose. Otherwise, all shares could be accessed over the Site to Site VPN tunnels
Still not truely seeing a good DAS thunderbolt unit. The Drobo 5D is a good contender. Alot of bad reviews; but appears to be from folks using it with Windows system with USB3.0. reviews for device connected over thunderbolt appear to be positive.
Unsure about their Hybrid Raid (RAID-6) setup though.
Any storage connected with USB - doesn't matter which version - is just a disappointment, and it's not restricted to Drobo.
Use SSD caching and stop worrying about RAID levels (as long as it's not RAID 5).USB 3 can be very good. But if you have TB, use that.
-
@Dashrender said:
Why are you looking to share storage from a MAC mini? Why not just a plain jane NAS?
Because Mac. If the NAS doesn't have vfs_fruit, and are there any that do?, you get horrible problems on Macs. Macs have a known bug that Apple refuses to fix because it promotes using Mac desktops as servers which sells more Macs. To non-Mac uses we just laugh at it having performance problems. But Mac shops just pour money to Apple to reward them for breaking the Finder app with this bug. So Apple is actually incentivized to make the problem worse, rather than better.
-
@ntoxicator said:
Share storage from mac? So SSO will work on mac environment.
Not looked into this, but does using a Mac enable that in some way that alternatives do not? That feels unlikely.
-
@ntoxicator said:
I do not trust LDAP connectors on third party products. Be better to manage it directly from Mac OS Server.app
Technically Mac OS would be the third party in an LDAP scenario
-
@ntoxicator said:
But then I would have to goto each work station and manually add the network shares.
Maybe this is something that I have missed. How does the Mac Mini file server handle this? It gives you a means to push out automounting SMB shares on the network?
-
Anyone have experience with the Drobo? Would be nice if I can slice up the RAID array into different volumes. The Synology NAS lets me do such.
Again Like to pull the current dropbox files to a different volume and essentially archive them. Create network share for the users that need access.
New folder/file structure would be created and setup as a new share point (SMB) through Mac OSX.
I was planning on using the Synology NAS and present an ISCSI LUN to the mac via GlobalSan iSCSI initiator. Once mounted. Create file fodlers and share those folders over the network using SMB sharing option.
Still data would flow from 1Gbe switches > To Mac mini server > Write to Drobo or Synology NAS
Only way to theoretically achieve higher throughput would be to write directly to the Synology or Drobo.. But then have different set of limitations as far as network & user management.
-
@ntoxicator said:
@Dashrender said:
u not by using a
Setting up user profiles and drive maps upon user login. Similar to that of GPO policies on Windows Server
Does having a Mac Mini allow this but other solutions do not?
-
Yes -- Can configure user profiles and configure option so network drive maps at login.
-
@ntoxicator said:
Anyone have experience with the Drobo? Would be nice if I can slice up the RAID array into different volumes.
It's just a DAS, you can slice it however you want.
We have a Drobo B800i SAN in our lab. We've used it for years.
-
@ntoxicator said:
Yes -- Can configure user profiles and configure option so network drive maps at login.
But you can't using a normal server or just the desktop? What utility configures this?
-
@ntoxicator said:
I was planning on using the Synology NAS and present an ISCSI LUN to the mac via GlobalSan iSCSI initiator. Once mounted. Create file fodlers and share those folders over the network using SMB sharing option.
Still data would flow from 1Gbe switches > To Mac mini server > Write to Drobo or Synology NAS
Only way to theoretically achieve higher throughput would be to write directly to the Synology or Drobo.. But then have different set of limitations as far as network & user management.
Faster way that doesn't require switching to NAS is to not have iSCSI or switches. iSCSI is overhead here and switches introduce risk and latency without benefit. The only things you should consider are a Mac Mini + DAS unit or a straight NAS. (Assuming going to traditional file shares.)
-
Gotcha. I understand
Well, for the iSCSI connection to mac mini. I was going to directly connect the mac mini to the Synology nas via seperate network cables (thunderbolt to GigE adapters) and LACP on both ends. This would be seperate IP assignment
1GigE NIC in the mac mini would be connected to a switch.
Trying to locate down this Linux distro that i was checking into awhile ago.... Does AD integration, openDirectory integration and more... it was nice.. cant put finger on it right now.
-
One thing that hasn't been mentioned and I need to make sure that it gets brought up since I'm in the middle of writing an article about it is that file shares like this are really a thing of the past. Not only are they an old technology and have some limitations in today's world, but that would be minor and we could generally live with that. But more importantly, using shares like this what is the plan for protection against ransomware / cryptoattacks? As a security measure most companies are moving away from SMB shares in a panic today.
-
Great point.. Crytoware is the devil.
Although they're HFS+ filesystem and mac ecosystem... Unaware there was a cryptoware variant for Mac/Unix?
-
Do you have any comments about UCS - Univention Corporate Server?
What about OpenSUSE Server?
-
@ntoxicator said:
Great point.. Crytoware is the devil.
Although they're HFS+ filesystem and mac ecosystem... Unaware there was a cryptoware variant for Mac/Unix?
HFS+ will not slow a ransomware in any way.... ransomware would not even realize you were on HFS+. They all encrypt files, not filesystems. That there is or isn't a variant for Mac yet is really not a security factor either. Mac is the least secure of the major operating systems and becoming a bigger and bigger target. That ransomware is a significant threat to Mac users is very much the case today. And this system isn't just for today, it's to use tomorrow too. So the risk is huge.
