summaryrefslogtreecommitdiff
path: root/docs/Samba3-ByExample/SBE-HighAvailability.xml
blob: a309f3aea8cb83efe7c48f444df09bc12c9db5e1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE chapter PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">

<chapter id="HA">
<title>Performance, Reliability, and Availability</title>

	<para>
	<indexterm><primary>performance</primary></indexterm>
	<indexterm><primary>reliability</primary></indexterm>
	<indexterm><primary>availability</primary></indexterm>
	Well, you have reached the chapter before the appendix. It is customary to attempt
	to wrap up the theme and contents of a book in what is generally regarded as the
	chapter that should draw conclusions. This book is a suspense thriller, and since
	the plot of the stories told mostly lead you to bigger, better Samba-3 networking
	solutions, it is perhaps appropriate to close this book with a few pertinent comments
	regarding some of the things everyone can do to deliver a reliable Samba-3 network.
	</para>

	<blockquote><attribution>Anonymous</attribution><para>
	In a world so full of noise, how can the sparrow be heard?
	</para></blockquote>

<sect1>
	<title>Introduction</title>

	<para>
	<indexterm><primary>clustering</primary></indexterm>
	The sparrow is a small bird whose sounds are drowned out by the noise of the busy
	world it lives in. Likewise, the simple steps that can be taken to improve the
	reliability and availability of a Samba network are often drowned out by the volume
	of discussions about grandiose Samba clustering designs. This is not intended to
	suggest that clustering is not important, because clearly it is. This chapter does not devote
	itself to discussion of clustering because each clustering methodology uses its own
	custom tools and methods. Only passing comments are offered concerning these methods.
	</para>

	<para>
	<indexterm><primary>cluster</primary></indexterm>
	<indexterm><primary>samba cluster</primary></indexterm>
	<indexterm><primary>scalability</primary></indexterm>
<ulink url="http://www.google.com/search?hl=en&amp;lr=&amp;ie=ISO-8859-1&amp;q=samba+cluster&amp;btnG=Google+Search">A search</ulink> 
	for <quote>samba cluster</quote> produced 71,600 hits. And a search for <quote>highly available samba</quote>
	and <quote>highly available windows</quote> produced an amazing number of references.
	It is clear from the resources on the Internet that Windows file and print services 
	availability, reliability, and scalability are of vital interest to corporate network users.
	</para>

	<para>
	<indexterm><primary>performance</primary></indexterm>
	So without further background, you can review a checklist of simple steps that
	can be taken to ensure acceptable network performance while keeping costs of ownership
	well under control.
	</para>

</sect1>

<sect1>
	<title>Dissection and Discussion</title>

	<para>
	<indexterm><primary>simple</primary></indexterm>
	<indexterm><primary>complexities</primary></indexterm>
	If it is your purpose to get the best mileage out of your Samba servers, there is one rule that
	must be obeyed. If you want the best, keep your implementation as simple as possible. You may
	well be forced to introduce some complexities, but you should do so only as a last resort.
	</para>

	<para>
	Simple solutions are likely to be easier to get right than are complex ones. They certainly
	make life easier for your successor. Simple implementations can be more readily audited than can
	complex ones. 
	</para>

	<para>
	<indexterm><primary>broken behavior</primary></indexterm>
	<indexterm><primary>poor performance</primary></indexterm>
	Problems reported by users fall into three categories: configurations that do not work, those 
	that have broken behavior, and poor performance. The term <emphasis>broken behavior</emphasis>
	means that the function of a particular Samba component appears to work sometimes, but not at
	others. The resulting intermittent operation is clearly unacceptable. An example of 
	<emphasis>broken behavior</emphasis> known to many Windows networking users occurs when the
	list of Windows machines in MS Explorer changes, sometimes listing machines that are running
	and at other times not listing them even though the machines are in use on the network.
	</para>

	<para>
	<indexterm><primary>smbfs</primary></indexterm>
	<indexterm><primary>smbmnt</primary></indexterm>
	<indexterm><primary>smbmount</primary></indexterm>
	<indexterm><primary>smbumnt</primary></indexterm>
	<indexterm><primary>smbumount</primary></indexterm>
	<indexterm><primary>front-end</primary></indexterm>
	A significant number of reports concern problems with the <command>smbfs</command> file system
	driver that is part of the Linux kernel, not part of Samba. Users continue to interpret that
	<command>smbfs</command> is part of Samba, simply because Samba includes the front-end tools
	that are used to manage <command>smbfs</command>-based file service connections. So, just
	for the record, the tools <command>smbmnt</command>, <command>smbmount</command>,
	<command>smbumount</command>, and <command>smbumnt</command> are front-end
	facilities to core drivers that are supplied as part of the Linux kernel. These tools share a
	common infrastructure with some Samba components, but they are not maintained as part of
	Samba and are really foreign to it.
	</para>

	<para>
	<indexterm><primary>cifsfs</primary></indexterm>
	The new project, <command>cifsfs</command>, is destined to replace <command>smbfs</command>.
	It, too, is not part of Samba, even though one of the Samba Team members is a prime mover in
	this project.
	</para>

	<para>
	Table 13.1 lists typical causes of:
	</para>

	<itemizedlist>
		<listitem><para>Not Working (NW)</para></listitem>
		<listitem><para>Broken Behavior (BB)</para></listitem>
		<listitem><para>Poor Performance (PP)</para></listitem>
	</itemizedlist>


	<table id="ProbList">
		<title>Effect of Common Problems</title>
		<tgroup cols="4">
			<colspec align="left"/>
			<colspec align="center"/>
			<colspec align="center"/>
			<colspec align="center"/>
			<thead>
				<row>
					<entry><para>Problem</para></entry>
					<entry><para>NW</para></entry>
					<entry><para>BB</para></entry>
					<entry><para>PP</para></entry>
				</row>
			</thead>
			<tbody>
				<row>
					<entry><para>File locking</para></entry>
					<entry><para>-</para></entry>
					<entry><para>X</para></entry>
					<entry><para>-</para></entry>
				</row>
				<row>
					<entry><para>Hardware problems</para></entry>
					<entry><para>X</para></entry>
					<entry><para>X</para></entry>
					<entry><para>X</para></entry>
				</row>
				<row>
					<entry><para>Incorrect authentication</para></entry>
					<entry><para>X</para></entry>
					<entry><para>X</para></entry>
					<entry><para>-</para></entry>
				</row>
				<row>
					<entry><para>Incorrect configuration</para></entry>
					<entry><para>X</para></entry>
					<entry><para>X</para></entry>
					<entry><para>X</para></entry>
				</row>
				<row>
					<entry><para>LDAP problems</para></entry>
					<entry><para>X</para></entry>
					<entry><para>X</para></entry>
					<entry><para>-</para></entry>
				</row>
				<row>
					<entry><para>Name resolution</para></entry>
					<entry><para>X</para></entry>
					<entry><para>X</para></entry>
					<entry><para>X</para></entry>
				</row>
				<row>
					<entry><para>Printing problems</para></entry>
					<entry><para>X</para></entry>
					<entry><para>X</para></entry>
					<entry><para>-</para></entry>
				</row>
				<row>
					<entry><para>Slow file transfer</para></entry>
					<entry><para>-</para></entry>
					<entry><para>-</para></entry>
					<entry><para>X</para></entry>
				</row>
				<row>
					<entry><para>Winbind problems</para></entry>
					<entry><para>X</para></entry>
					<entry><para>X</para></entry>
					<entry><para>-</para></entry>
				</row>
			</tbody>
		</tgroup>
	</table>

	<para>
	<indexterm><primary>network hygiene</primary></indexterm>
	It is obvious to all that the first requirement (as a matter of network hygiene) is to eliminate
	problems that affect basic network operation. This book has provided sufficient working examples
	to help you to avoid all these problems.
	</para>

</sect1>

<sect1>
	<title>Guidelines for Reliable Samba Operation</title>

	<para>
	<indexterm><primary>resilient</primary></indexterm>
	<indexterm><primary>extreme demand</primary></indexterm>
	Your objective is to provide a network that works correctly, can grow at all times, is resilient
	at times of extreme demand, and can scale to meet future needs. The following subject areas provide
	pointers that can help you today.
	</para>

	<sect2>
	<title>Name Resolution</title>

	<para>
	There are three basic current problem areas: bad hostnames, routed networks, and network collisions.
	These are covered in the following discussion.
	</para>

		<sect3>
		<title>Bad Hostnames</title>

		<para>
		<indexterm><primary>DHCP</primary><secondary>client</secondary></indexterm>
		<indexterm><primary>netbios name</primary></indexterm>
		<indexterm><primary>localhost</primary></indexterm>
		<indexterm><primary>/etc/hosts</primary></indexterm>
		<indexterm><primary>NetBIOS</primary></indexterm>
		When configured as a DHCP client, a number of Linux distributions set the system hostname
		to <constant>localhost</constant>. If the parameter <parameter>netbios name</parameter> is not
		specified to something other than <constant>localhost</constant>, the Samba server appears
		in the Windows Explorer as <constant>LOCALHOST</constant>. Moreover, the entry in the <filename>/etc/hosts</filename>
		on the Linux server points to IP address <constant>127.0.0.1</constant>. This means that
		when the Windows client obtains the IP address of the Samba server called <constant>LOCALHOST</constant>,
		it obtains the IP address <constant>127.0.0.1</constant> and then proceeds to attempt to
		set up a NetBIOS over TCP/IP connection to it. This cannot work, because that IP address is
		the local Windows machine itself. Hostnames must be valid for Windows networking to function
		correctly.
		</para>

		<para>
		<indexterm><primary>digits</primary></indexterm>
		A few sites have tried to name Windows clients and Samba servers with a name that begins
		with the digits 1-9. This does not work either because it may result in the client or
		server attempting to use that name as an IP address.
		</para>

		<para>
		<indexterm><primary>DNS</primary><secondary>name lookup</secondary></indexterm>
		<indexterm><primary>resolve</primary></indexterm>
		A Samba server called <constant>FRED</constant> in a NetBIOS domain called <constant>COLLISION</constant>
		in a network environment that is part of the fully qualified Internet domain namespace known
		as <constant>parrots.com</constant> results in DNS name lookups for <constant>fred.parrots.com</constant>
		and <constant>collision.parrots.com</constant>. It is therefore a mistake to name the domain
		(workgroup) <constant>collision.parrots.com,</constant> since this results in DNS lookup
		attempts to resolve <constant>fred.parrots.com.parrots.com</constant>, which most likely
		fails given that you probably do not have this in your DNS namespace.
		</para>

		<note><para>
		<indexterm><primary>Active Directory</primary><secondary>realm</secondary></indexterm>
		<indexterm><primary>ADS</primary></indexterm>
		<indexterm><primary>DNS</primary></indexterm>
		An Active Directory realm called <constant>collision.parrots.com</constant> is perfectly okay,
		although it too must be capable of being resolved via DNS, something that functions correctly
		if Windows 200x ADS has been properly installed and configured.
		</para></note>

		</sect3>

		<sect3>
		<title>Routed Networks</title>

		<para>
		<indexterm><primary>NetBIOS</primary></indexterm>
		<indexterm><primary>UDP</primary><secondary>broadcast</secondary></indexterm>
		<indexterm><primary>broadcast</primary></indexterm>
		NetBIOS networks (Windows networking with NetBIOS over TCP/IP enabled) makes extensive use
		of UDP-based broadcast traffic, as you saw during the exercises in <link linkend="primer"/>.
		</para>

		<para>
		<indexterm><primary>routers</primary></indexterm>
		<indexterm><primary>forwarded</primary></indexterm>
		<indexterm><primary>multi-subnet</primary></indexterm>
		UDP broadcast traffic is not forwarded by routers. This means that NetBIOS broadcast-based
		networking cannot function across routed networks (i.e., multi-subnet networks) unless
		special provisions are made:
		</para>

		<itemizedlist>
			<listitem><para>
			<indexterm><primary>LMHOSTS</primary></indexterm>
			<indexterm><primary>remote announce</primary></indexterm>
			<indexterm><primary>remote browse sync</primary></indexterm>
			Either install on every Windows client an LMHOSTS file (located in the directory
			<filename>C:\windows\system32\drivers\etc</filename>). It is also necessary to
			add to the Samba server &smb.conf; file the parameters <parameter>remote announce</parameter>
			and <parameter>remote browse sync</parameter>. For more information, refer to the online
			manual page for the &smb.conf; file.
			</para></listitem>

			<listitem><para>
			<indexterm><primary>WINS</primary><secondary>server</secondary></indexterm>
			Or configure Samba as a WINS server, and configure all network clients to use that
			WINS server in their TCP/IP configuration.
			</para></listitem>
		</itemizedlist>

		<note><para>
		<indexterm><primary>WINS</primary><secondary>name resolution</secondary></indexterm>
		<indexterm><primary>DNS</primary></indexterm>
		The use of DNS is not an acceptable substitute for WINS. DNS does not store specific
		information regarding NetBIOS networking particulars that get stored in the WINS
		name resolution database and that Windows clients require and depend on.
		</para></note>

		</sect3>

		<sect3>
		<title>Network Collisions</title>

		<para>
		<indexterm><primary>network</primary><secondary>collisions</secondary></indexterm>
		<indexterm><primary>network</primary><secondary>timeouts</secondary></indexterm>
		<indexterm><primary>collision rates</primary></indexterm>
		<indexterm><primary>network</primary><secondary>load</secondary></indexterm>
		Excessive network activity causes NetBIOS network timeouts. Timeouts may result in
		blue screen of death (BSOD) experiences. High collision rates may be caused by excessive
		UDP broadcast activity, by defective networking hardware, or through excessive network
		loads (another way of saying that the network is poorly designed).
		</para>

		<para>
		The use of WINS is highly recommended to reduce network broadcast traffic, as outlined
		in <link linkend="primer"/>.
		</para>

		<para>
		<indexterm><primary>netbios forwarding</primary></indexterm>
		<indexterm><primary>broadcast storms</primary></indexterm>
		<indexterm><primary>performance</primary></indexterm>
		Under no circumstances should the facility be supported by many routers, known as <constant>NetBIOS
		forwarding</constant>, unless you know exactly what you are doing. Inappropriate use of this
		facility can result in UDP broadcast storms. In one case in 1999, a university network became
		unusable due to NetBIOS forwarding being enabled on all routers. The problem was discovered during performance
		testing of a Samba server. The maximum throughput on a 100-Base-T (100 MB/sec) network was
		less than 15 KB/sec. After the NetBIOS forwarding was turned off, file transfer performance
		immediately returned to 11 MB/sec.
		</para>

		</sect3>

	</sect2>

	<sect2>
	<title>Samba Configuration</title>

	<para>
	As a general rule, the contents of the &smb.conf; file should be kept as simple as possible.
	No parameter should be specified unless you know it is essential to operation.
	</para>

	<para>
	<indexterm><primary>document the settings</primary></indexterm>
	<indexterm><primary>documented</primary></indexterm>
	<indexterm><primary>optimized</primary></indexterm>
	Many UNIX administrators like to fully document the settings in the &smb.conf; file. This is a
	bad idea because it adds content to the file. The &smb.conf; file is re-read by every <command>smbd</command>
	process every time the file timestamp changes (or, on systems where this does not work, every 20 seconds or so).
	</para>

	<para>
	As the size of the &smb.conf; file grows, the risk of introduction of parsing errors increases also.
	It is recommended to keep a fully documented &smb.conf; file on hand, and then to operate Samba only
	with an optimized file.
	</para>

	<para><indexterm>
	    <primary>testparm</primary>
	  </indexterm>
	The preferred way to maintain a documented file is to call it something like <filename>smb.conf.master</filename>.
	You can generate the optimized file by executing:
<screen>
&rootprompt; testparm -s smb.conf.master > smb.conf
</screen>
	You should carefully observe all warnings issued. It is also a good practice to execute the following
	command to confirm correct interpretation of the &smb.conf; file contents:
<screen>
&rootprompt; testparm
Load smb config files from /etc/samba/smb.conf
Can't find include file /etc/samba/machine.
Processing section "[homes]"
Processing section "[print$]"
Processing section "[netlogon]"
Processing section "[Profiles]"
Processing section "[printers]"
Processing section "[media]"
Processing section "[data]"
Processing section "[cdr]"
Processing section "[apps]"
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
</screen>
	<indexterm><primary>fatal problem</primary></indexterm>
	You now, of course, press the enter key to complete the command, or else abort it by pressing Ctrl-C.
	The important thing to note is the noted Server role, as well as warning messages. Noted configuration
	conflicts must be remedied before proceeding. For example, the following error message represents a
	common fatal problem:
<screen>
ERROR: both 'wins support = true' and 'wins server = &lt;server list&gt;' 
cannot be set in the smb.conf file. nmbd will abort with this setting.
</screen>
	</para>

	<para>
	<indexterm><primary>performance degradation</primary></indexterm>
	<indexterm><primary>socket options</primary></indexterm>
	<indexterm><primary>socket address</primary></indexterm>
	There are two parameters that can cause severe network performance degradation: <parameter>socket options</parameter>
	and <parameter>socket address</parameter>. The <parameter>socket options</parameter> parameter was often necessary
	when Samba was used with the Linux 2.2.x kernels. Later kernels are largely self-tuning and seldom benefit from
	this parameter being set. Do not use either parameter unless it has been proven necessary to use them.
	</para>

	<para>
	<indexterm><primary>strict sync</primary></indexterm>
	<indexterm><primary>sync always</primary></indexterm>
	<indexterm><primary>severely degrade</primary></indexterm>
	<indexterm><primary>network</primary><secondary>performance</secondary></indexterm>
	Another &smb.conf; parameter that may cause severe network performance degradation is the 
	<parameter>strict sync</parameter> parameter. Do not use this at all. There is no good reason
	to use this with any modern Windows client. The <parameter>strict sync</parameter> is often
	used with the <parameter>sync always</parameter> parameter. This, too, can severely	
	degrade network performance, so do not set it; if you must, do so with caution.
	</para>

	<para>
	<indexterm><primary>opportunistic locking</primary></indexterm>
	<indexterm><primary>file caching</primary></indexterm>
	<indexterm><primary>caching</primary></indexterm>
	<indexterm><primary>oplocks</primary></indexterm>
	Finally, many network administrators deliberately disable opportunistic locking support. While this
	does not degrade Samba performance, it significantly degrades Windows client performance because
	this disables local file caching on Windows clients and forces every file read and written to
	invoke a network read or write call. If for any reason you must disable oplocks (opportunistic locking)
	support, do so only on the share on which it is required. That way, all other shares can provide
	oplock support for operations that are tolerant of it. See <link linkend="ch12dblck"/> for more
	information.
	</para>

	</sect2>

	<sect2>
	<title>Use and Location of BDCs</title>

	<para>
	<indexterm><primary>BDC</primary></indexterm>
	<indexterm><primary>PDC</primary></indexterm>
	<indexterm><primary>routed network</primary></indexterm>
	<indexterm><primary>wide-area network</primary></indexterm>
	<indexterm><primary>network segment</primary></indexterm>
	On a network segment where there is a PDC and a BDC, the BDC carries the bulk of the network logon
	processing. If the BDC is a heavily loaded server, the PDC carries a greater proportion of
	authentication and logon processing. When a sole BDC on a routed network segment gets heavily
	loaded, it is possible that network logon requests and authentication requests may be directed
	to a BDC on a distant network segment. This significantly hinders WAN operations
	and is undesirable.
	</para>

	<para>
	<indexterm><primary>Domain Member</primary></indexterm>
	<indexterm><primary>Domain Controller</primary></indexterm>
	As a general guide, instead of adding domain member servers to a network, you would be better advised
	to add BDCs until there are fewer than 30 Windows clients per BDC. Beyond that ratio, you should add
	domain member servers. This practice ensures that there is always sufficient domain controllers
	to handle logon requests and authentication traffic.
	</para>

	</sect2>

	<sect2>
	<title>Use One Consistent Version of MS Windows Client</title>

	<para>
	Every network client has its own peculiarities. From a management perspective, it is easier to deal
	with one version of MS Windows that is maintained to a consistent update level than it is to deal
	with a mixture of clients.
	</para>

	<para>
	On a number of occasions, particular Microsoft service pack updates of a Windows server or client
	have necessitated special handling from the Samba server end. If you want to remain sane, keep you
	client workstation configurations consistent.
	</para>

	</sect2>

	<sect2>
	<title>For Scalability, Use SAN-Based Storage on Samba Servers</title>

	<para>
	<indexterm><primary>SAN</primary></indexterm>
	<indexterm><primary>synchronization</primary></indexterm>
	Many SAN-based storage systems permit more than one server to share a common data store.
	Use of a shared SAN data store means that you do not need to use time- and resource-hungry data 
	synchronization techniques.
	</para>

	<para>
	<indexterm><primary>load distribution</primary></indexterm>
	<indexterm><primary>clustering</primary></indexterm>
	The use of a collection of relatively low-cost front-end Samba servers that are coupled to
	a shared backend SAN data store permits load distribution while containing costs below that
	of installing and managing a complex clustering facility.
	</para>

	</sect2>

	<sect2>
	<title>Distribute Network Load with MSDFS</title>

	<para>
	<indexterm><primary>MSDFS</primary></indexterm>
	<indexterm><primary>distributed</primary></indexterm>
	Microsoft DFS (distributed file system) technology has been implemented in Samba. MSDFS permits
	data to be accessed from a single share and yet to actually be distributed across multiple actual
	servers. Refer to <emphasis>TOSHARG</emphasis>, Chapter 19, for information regarding
	implementation of an MSDFS installation.
	</para>

	<para>
	<indexterm><primary>front-end</primary><secondary>server</secondary></indexterm>
	<indexterm><primary>MSDFS</primary></indexterm>
	The combination of multiple backend servers together with a front-end server and use of MSDFS
	can achieve almost the same as you would obtain with a clustered Samba server.
	</para>

	</sect2>

	<sect2>
	<title>Replicate Data to Conserve Peak-Demand Wide-Area Bandwidth</title>

	<para>
	<indexterm><primary>replicate</primary></indexterm>
	<indexterm><primary>rsync</primary></indexterm>
	<indexterm><primary>wide-area network</primary></indexterm>
	Consider using <command>rsync</command> to replicate data across the WAN during times
	of low utilization. Users can then access the replicated data store rather than needing to do so
	across the WAN. This works best for read-only data, but with careful planning can be
	implemented so that modified files get replicated back to the point of origin. Be careful with your
	implementation if you choose to permit modification and return replication of the modified file;
	otherwise, you may inadvertently overwrite important data.
	</para>

	</sect2>

	<sect2>
	<title>Hardware Problems</title>

	<para>
	<indexterm><primary>hardware prices</primary></indexterm>
	<indexterm><primary>hardware problems</primary></indexterm>
	<indexterm><primary>NICs</primary></indexterm>
	<indexterm><primary>defective</primary><secondary>HUBs</secondary></indexterm>
	<indexterm><primary>defective</primary><secondary>switches</secondary></indexterm>
	<indexterm><primary>defective</primary><secondary>cables</secondary></indexterm>
	Networking hardware prices have fallen sharply over the past 5 years. A surprising number
	of Samba networking problems over this time have been traced to defective network interface
	cards (NICs) or defective HUBs, switches, and cables.
	</para>

	<para>
	<indexterm><primary>corrective action</primary></indexterm>
	Not surprising is the fact that network administrators do not like to be shown to have made
	a bad decision. Money saved in buying low-cost hardware may result in high costs incurred
	in corrective action.
	</para>

	<para>
	<indexterm><primary>intermittent</primary></indexterm>
	<indexterm><primary>data corruption</primary></indexterm>
	<indexterm><primary>slow network</primary></indexterm>
	<indexterm><primary>low performance</primary></indexterm>
	<indexterm><primary>data integrity</primary></indexterm>
	Defective NICs, HUBs, and switches may appear as intermittent network access problems, intermittent
	or persistent data corruption, slow network throughput, low performance, or even as BSOD
	problems with MS Windows clients. In one case, a company updated several workstations with newer, faster
	Windows client machines that triggered problems during logon as well as data integrity problems on
	an older PC that was unaffected so long as the new machines were kept shut down.
	</para>

	<para>
	Defective hardware problems may take patience and persistence before the real cause can be discovered.
	</para>

	<para>
	<indexterm><primary>RAID controllers</primary></indexterm>
	Networking hardware defects can significantly impact perceived Samba performance, but defective
	RAID controllers as well as SCSI and IDE hard disk controllers have also been known to impair Samba server
	operations. One business came to this realization only after replacing a Samba installation with MS 
	Windows Server 2000 running on the same hardware. The root of the problem completely eluded the network
	administrator until the entire server was replaced. While you may well think that this would never
	happen to you, experience shows that given the right (unfortunate) circumstances, this can happen to anyone.
	</para>

	</sect2>

	<sect2>
	<title>Large Directories</title>

	<para>
	There exist applications that create or manage directories containing many thousands of files. Such
	applications typically generate many small files (less than 100 KB). At the best of times under UNIX
	listing of the files in a directory that contains many files is slow. By default Windows NT, 200x, 
	and XP Pro cause network file system directory lookups on a Samba server to be performed for both 
	the case preserving file name as well as for the mangled (8.3) file name. This incurs a huge overhead
	on the Samba server that may slow down the system dramatically.
	</para>

	<para>
	In an extreme case the performance impact was dramatic. File transfer from the Samba server to a Windows
	XP Professional workstation over 1 Gigabit Ethernet for 250-500 KB files was measured at approximately
	30 MB/sec. But when tranfering a directory containng 120,000 files, all from 50KB to 60KB in size, the
	transfer rate to the same workstation was measured at approximately 1.5 KB/sec. The net transfer was
	of the order of a factor of 20-fold slower.
	</para>

	<para>
	The symptoms that will be observed on the Samba server when a large directory is accessed will be that
	aggregate I/O (typically blocks read) will be relatively low, yet the wait I/O times will be incredably
	long while at the same time the read queue is large. Close observation will show that the hard drive
	that the file system is on will be thrashing wildly.
	</para>

	<para>
	Samba-3.0.12, and later, includes new code that radically improves Samba perfomance. The secret to this is
	really in the <smbconfoption name="case sensitive">True</smbconfoption> line. This tells smbd never to scan
	for case-insensitive versions of names. So if an application asks for a file called <filename>FOO</filename>,
	and it can not be found by a simple stat call, then smbd will return file not found immediately without
	scanning the containing directory for a version of a different case.
	</para>

	<para>
	Canonicalize all the files in the directory to have one case, upper or lower - either will do. Then set up 
	a new custom share for the application as follows:
	<screen>
	[bigshare]
			path = /data/xrayfiles/neurosurgeons/
			read only = no
			case sensitive = True
			default case = upper
			preserve case = no
			short preserve case = no
	</screen>
	</para>

	<para>
	All files and directories under the <parameter>path</parameter> directory must be in the same case
	as specified in the &smb.conf; stanza. This means that smbd will not be able to find lower case 
	filenames with these settings.  Note, this is done on a per-share basis.
	</para>

	</sect2>

</sect1>

<sect1>
	<title>Key Points Learned</title>

	<para>
	This chapter has touched in broad sweeps on a number of simple steps that can be taken
	to ensure that your Samba network is resilient, scalable, and reliable, and that it
	performs well.
	</para>

	<para>
	Always keep in mind that someone is responsible to maintain and manage your design.
	In the long term, that may not be you. Spare a thought for your successor and give him or
	her an even break.
	</para>

	<para>
	<indexterm><primary>assumptions</primary></indexterm>
	Last, but not least, you should not only keep the network design simple, but also be sure it is
	well documented. This book may serve as your pattern for documenting every
	aspect of your design, its implementation, and particularly the objects and assumptions
	that underlie it.
	</para>

</sect1>


</chapter>