Microsoft has a long history of not “playing well”
with other technologies. With Windows Server 2008 R2, Microsoft provides
native support for Windows Server 2008 R2 UNIX Integration, a series of
technologies that was previously included in a product line called
Windows Services for UNIX (SFU). With Windows Server 2008 R2, each of
the components of the old SFU product is included as integrated services
in the Windows Server 2008 R2 OS.
For
many years, UNIX and Windows systems were viewed as separate,
incompatible environments that were physically, technically, and
ideologically different. Over the years, however, organizations found
that supporting two completely separate topologies within their
environments was inefficient and expensive; a great deal of redundant
work was also required to maintain multiple sets of user accounts,
passwords, environments, and so on.
Slowly, the means to
interoperate between these environments was developed. At first, most of
the interoperability tools were written to join UNIX with Windows, as
evidenced by Samba, a method for Linux/UNIX platforms to be able to
access Windows file shares. Microsoft’s tools always seemed a step
behind those available elsewhere. With Windows Server 2008 R2 UNIX
Integration tools, Microsoft leapfrogs traditional solutions, like
Samba, and becomes a leader for cross-platform integration. Password
synchronization, the capability to run UNIX scripts on Windows, joint
security credentials, and the like were presented as viable options and
can now be considered as part of a migration to or interoperability
scenario with Windows Server 2008 R2.
The Development of Windows Server 2008 R2 UNIX Integration Components
Windows Server 2008 R2
UNIX Integration has made large strides in its development since the
original attempts Microsoft made in this area. Originally released as a
package of products called Services for UNIX (SFU), it received initial
skepticism. Since then, the line of technologies has developed into a
formidable integration and migration utility that allows for a great
deal of interenvironmental flexibility. The first versions of the
software, 1.x and 2.x, were limited in many ways, however. Subsequent
updates to the software vastly improved its capabilities and further
integrated it with the core operating system.
A watershed advancement in the
development of Services for UNIX was the introduction of the 3.0 version
of the software. This version enhanced support for UNIX through the
addition or enhancement of nearly all components. Included was the
Interix product, as well as an extension to the POSIX infrastructure of
Windows to support UNIX scripting and applications natively on a Windows
server.
Later, version 3.5 of Services
for UNIX was released, which included several functionality
improvements over Windows Server for UNIX 3.0. The following components
and improvements were made in the 3.5 release:
Greater support for Active Directory Directory Services (AD DS) authentication
Improved utilities for international language support
Threaded
application support in Interix (separated into a separate application
in Windows Server 2008 R2 named the Subsystem for UNIX-based
Applications)
Support for the Volume Shadow Copy Service of Windows Server 2008 R2
Finally, we come to the
Windows Server 2008 version of Services for UNIX, which was broken into
several components that became embedded into the operating system. No
longer were the components a part of a separate package. Instead, the
components were built in to the various server roles on the operating
system for the first time.
Here is the structure of major improvements for the Windows Server 2008 UNIX Integration:
x64-bit Windows Server OS support
AD lookup capabilities through the inclusion of Group ID (GID) and User ID (UID) fields in the AD schema
Enhanced
UNIX support with multiple versions supported, including Solaris v9,
Red Hat Linux v9, IBM AIX version 5L 5.2, and Hewlett Packard HP-UX
version 11i
Ability for the Telnet Server component to accept both Windows and UNIX clients
Extended
Network Information Service (NIS) interoperability, including allowing a
Windows Server 2008 R2 system to act as a NIS master in a mixed
environment
Removal of the User Mapping component and transfer of the functionality directly into the AD DS schema
NFS server functionality expanded to Mac OS X and higher clients
Subsystem
for UNIX-based Applications (SUA), which allows POSIX-compliant UNIX
application to be run on Windows Server 2008 R2, including many common
UNIX tools and scripts
Easier porting of native UNIX and Linux scripts to the SUA environment
Finally, some minor changes
were added to the UNIX support in this latest release, Windows Server
2008 R2. These include the following, all related to the Services for
NFS component:
Netgroup support provides the ability to create and manage networkwide named groups of hosts.
The
Unmapped UNIX User Access functionality allows NFS data to be stored on
Windows servers without first creating UNIX to Windows account mapping.
RPCSEC_GSS
support provides for native support of this RPC security feature.
Windows Server 2008 R2 does not provide support for the RPCSEC_GSS
privacy security service, however.
WMI Management support provides extendibility of management to NFS servers.
Kerberos Authentication (Krb5 and Krb5i) on Shares improves standards for secured information access.
Understanding the UNIX Interoperability Components in Windows Server 2008 R2
Windows Server 2008 R2
UNIX Integration is composed of several key components, each of which
provides a specific integration task with different UNIX environments.
Any or all of these components can be used as part of Windows Server
2008 R2 UNIX Integration as the installation of the suite can be
customized, depending on an organization’s needs. The major components
of Windows Server 2008 R2 UNIX Integration are as follows:
Services for NFS (includes Server for NFS and Client for NFS)
Telnet Server (supports Windows and UNIX clients)
Identity Management for UNIX (includes the Server for Network Information Services and Password Synchronization components)
Subsystem for UNIX-based Applications (SUA)
Each component can be
installed as part of a server role. For example, the Services for NFS
component is installed as part of the File Services role in Windows
Server 2008 R2. Each component is described in more detail in the
following sections.
Prerequisites for Windows Server 2008 R2 UNIX Integration
Windows Server
2008 R2 UNIX services interoperate with various flavors of UNIX, but
were tested and specifically written for use with the following UNIX
versions:
Sun Solaris 7.x, 8.x, 9.x, or 10
Red Hat Linux 8.0 and later
Hewlett-Packard HP-UX 11i
IBM AIX 5L 5.2
Apple Macintosh OS X
Note
Windows Server 2008 R2 UNIX
Integration is not limited to these versions of Sun Solaris, Red Hat
Linux, HP-UX, IBM AIX, and Apple OS X. It actually performs quite well
in various other similar versions and implementations of UNIX, Linux,
and Mac OS X.
Installing Services for Network File System (NFS)
The installation of Windows
Server 2008 R2 UNIX Integration for Windows Server 2008 R2 is as simple
as adding specific server roles to a server using the Add Roles Wizard.
The individual components can be installed as part of different roles
added to the server. For example, to add the Services for NFS role,
simply add the File Services role to a server via the following process:
1. | Open Server Manager (Start, All Programs, Administrative Tools, Server Manager).
|
2. | Click on the Roles node in the tasks pane, and then click the Add Roles link.
|
3. | On the Add Roles Wizard welcome page, click Next to continue.
|
4. | From the list of roles to install, check the box for File Services, and click Next to continue.
|
5. | On the Introduction to File Services page, click Next to continue.
|
6. | On the Select Role Services page, shown in Figure 1, keep the File Server box checked and check the box for Services for Network File System. Click Next to continue.
|
7. | On the Confirmation page, review the settings and click the Install button.
|
8. | Click Close when the wizard completes.
|
Note
If the File Services role has
already been installed, you can add the Services for Network File System
by right-clicking the File Services role and selecting Add Role
Services.
Services for NFS
streamlines the sharing of information between UNIX and Windows Server
2008 R2, allowing users from both environments to seamlessly access data
from each separate environment, without the need for specialized client
software. Utilizing the Services for NFS and NFS Client allows for this
level of functionality and provides for a more integrated environment.
Using and Administering Services for NFS
The Services for NFS
component acts as a UNIX-standard NFS server by providing disk space
from any Windows-based computer on a network to NFS clients, translating
their NFS requests to Windows SMB-based requests. No additional client
software is necessary, and the Windows Server 2008 R2 server acts and
functions like a normal NFS-based UNIX server for these clients. This is
a great way to bring a standardized share format to a heterogeneous
network as UNIX and Apple clients might have difficulties using
standard Windows file protocols such as Common Internet File System
(CIFS).
After installing Services for
NFS, several tasks need to be performed before accepting UNIX clients to
the Windows file shares. These tasks include the following, covered in
more detail in the following sections of this book:
Configure AD DS lookup for UNIX GID and UID
Configure the Server for NFS and Client for NFS components
Create NFS shared network resources
