Afshin Salek's Blog

There is a common misconception that Solaris CIFS server has been designed specifically to work with ZFS but it is actually file system agnostic. The CIFS server is a consumer of the Virtual File System (VFS), which provides a common interface to all file systems. The VFS provides a common abstraction layer that allows consumers to treat all file systems as generic resources, so the CIFS server provides interoperability with any file system that can be shared.

On the other hand, in order for a UNIX hosted CIFS server to provide seamless interoperability with Windows systems or CIFS clients in general, it needs support for features that are not typically provided by file systems on UNIX. Some important examples of such features are: Windows style Access Control Lists (ACLs), the ability to store Security Identifiers (SIDs) rather than UIDs and GIDs, case-insensitive name operations and support for DOS attributes.

From the outset of the CIFS server project, we had an advantage in that ZFS offered some attractive features, such as support for Windows style ACLs (ZFS supported NFSv4 ACLs, which are very similar to Windows ACLs) and the potential to add support for new features required for seamless CIFS integration. After enhancing ZFS and the VFS to realize the goal of having CIFS as a first class file sharing protocol, along with NFS, on the Solaris OS, ZFS is now the only file system that supports the full set of Windows interoperability enhancements when it's shared over CIFS. This rich feature set has led to the misconception that the CIFS service only works with ZFS.

Although ZFS is the ideal file system to be exported via CIFS, it is important to remember that all of the features that are necessary for CIFS are provided via the VFS, which means whenever any of these features are provided by another file system they can be consumed by the CIFS server. For example, NTFS streams are implemented on Solaris extended attributes. Since both UFS and ZFS support extended attributes, both UFS and ZFS provide support for NTFS streams over CIFS.

I'll talk about ZFS features and enhancement from CIFS point of view in future blog posts.

CIFS/SMB is not a new protocol, it's not new in Solaris either but ...

If you want to visit another world and trade with its inhabitants, having good products to trade most likely wouldn't be enough because they wouldn't understand what you are trying to achieve. Both the inability to communicate and huge cultural differences would be an enormous barrier. In order to initiate the relationship you need to know how to communicate and speak their language, which may be accomplished through a translator or by learning the language yourself. Learning the language yourself is a lot harder but, ultimately, it's a lot more efficient.

Solaris has a lot of great features to offer but it couldn't interoperate directly with the Windows world because it didn't know how to speak CIFS, one of the official communication languages of the Windows world. There have been a few translators over the years, including Samba, which is a really good CIFS communicator, but it was time for Solaris to learn how to speak CIFS. Learning a foreign language can be hard but learning to communicate with another world can be very, very hard, and for Solaris, some intrusive brain surgery was required to attach a CIFS speech center.

When trying to communicate with other people one of the first things you need to know is how to identify and call those people. User identity in the Solaris world is quite different from those of the Windows world. In the UNIX world people from different cities can have similar identities and, even though they are different individuals, they can be mistaken for one another. In the Windows world no two people can have the same identity, no matter where they live. This identity problem was solved by PSARC 2007/064, which allows various parts of the operating system to deal with Windows style identities.  For example, ZFS now understands Windows style identities (SIDs), in addition to other enhancements including Windows style ACLs, DOS attributes, and mixed and case-insensitive operations.

One of the design goals was to limit the ripple effects of such changes and it was important that applications and services that don't need to know about Windows identities remained unaffected. This is supported by the identity mapping service, which was discussed recently here. Some of the more intrusive changes were to the VFS to add feature registration, new parameters and new features, such as PSARC 2007/218 and PSARC 2007/227.  This was intrusive because, although it didn't materially affect the operating system architecture, the ripple effects touched every file system.

So now Solaris can speak CIFS almost fluently, without the help of a translator. Perhaps not completely without an accent, and people from the Windows world might recognize that we are a foreigner, but that's a work in progress and we're getting better by the day.