3.5 Coexistence with NSS AD

3.5.1 Incompatiblities at a Server Level

Do not install the following service on the same server as NSS AD:

  • DSfW

3.5.2 NSS AD Is Network-Compatible with All OES Services

Introducing NSS AD into your OES service mix will not cause any conflicts with existing OES services on your network.

3.5.3 NSS AD Doesn’t Affect Backward Compatibility

The following services and components, which were modified to support NSS AD, are compatible with pre-OES 2015 servers, with important exceptions noted.

  • Access Control Lists

  • Backup (SMS)

  • CIFS

  • Distributed File Services (DFS)

  • Dynamic Storage Technology (DST)

  • OES Cluster Services (NCS)

    IMPORTANT:Pre-OES 2015 nodes cannot mount NSS-AD enabled pools and volumes. For more information, see Section 3.6.1, Clustered Node Issue.

  • NSS (OES Storage Services)

  • Salvage

3.5.4 Ensuring DST Support for NSS AD

To provide NSS AD support in an environment that contains Dynamic Storage Technology (DST), you must do the following:

  • Ensure that the OES server or the cluster node where the primary and shadow volumes exist, has joined the Active Directory domain as part of the normal NSS AD deployment process.

  • Ensure that both the primary and the secondary (shadow) volumes are AD-enabled.

    The primary and secondary volumes can be of the same type (NSS32 or NSS64) or mixed (NSS32 and NSS64).

For more information on DST, see OES 2018 SP3: Dynamic Storage Technology Administration Guide.

3.5.5 DFS Deployment with NSS AD

DFS Source and Target Is NSS AD Enabled

The DFS source and target server are configured with OES 2015 or later with NSS AD support. For AD users to access a DFS junction using the CIFS client, the following is required:

  • The DFS source and the target server must have joined the AD domain.

  • The pools and volumes present in DFS source and target server should be media-upgraded and AD-enabled respectively.

  • AD users must have trustee rights on the files and folders they need to access.

DFS in Heterogeneous Environment

During the NSS AD deployment process, there is, of course, a period of time during which some servers are running NSS AD and some are not.

If the DFS source is NSS AD configured and the target is a pre-OES 2015 server, then for seamless access of data on the pre-OES 2015 server, ensure that both the Active Directory and eDirectory credentials have same usernames and passwords.

When the AD user accesses the pre-OES 2015 server, the CIFS client authenticates with the AD credentials and fails. CIFS then falls back to use eDirectory credentials and the user is able to access the data.