8.1 Planning Net Folder Creation

8.1.1 Understanding Known Issues

Before you begin planning for and setting up Net Folders, ensure that you are aware of any known issues. For more information, see Net Folder Issues in the Novell Filr Readme.

8.1.2 Planning the Net Folder Server Proxy User

It is important that you understand the purpose, rights requirements, expected user name format, and character restrictions associated with the Net Folder Server proxy user before you configure a Net Folder Server.

Purpose of the Net Folder Server Proxy User

The Net Folder Server proxy user is used to read, write, create, and delete files on your corporate OES, Windows, or NetWare file servers on behalf of users who do not have native rights to the files, but have been granted rights via a Share in Filr.

For example, User A has native Read and Write access to a file on an OES server, and User B does not have any native access to that file. User A shares the file with User B in Filr and grants User B Read access. User B can now view the file within Filr because the Net Folder Server proxy user is giving User B the ability to read it, because of the Share. If User B tries to access the same file directly from the OES server, he does not have sufficient rights.

Users with native rights to files do not use the Net Folder Server proxy user.

The Net Folder Server proxy user is not the same as the LDAP proxy user used to synchronize users and groups (as described in Base DN:).

Rights Requirements for the Proxy User

The Net Folder Server proxy user that you specify here synchronizes volume objects and file objects. Ensure that this proxy user has rights to access the files and folders for the Net Folder that will be associated to the Net Folder server. Specifically, the Net Folder Server proxy user should have the rights shown in the following graphic:

Figure 8-1 Net Folder Server Proxy User Rights Requirements

Expected Name Format for File Servers

The expected format for the name of the Net Folder Server proxy user differs depending on whether the proxy user is accessing an OES, Windows, or NetWare file server. Only the following syntax is supported:

OES/NetWare: cn=admin,o=context

Windows: Administrator or cn=Administrator,cn=users,dc=domain,dc=com, domain\user, user@domain

IMPORTANT:When using Distributed File System (DFS) namespaces, the proxy user name format must be domain\user. For example, acme\administrator.

Special Character Restrictions in Proxy Names

Proxy names that contain special characters and/or spaces are not supported. For example, adminuser is supported, but @dm!n and admin user are not. Other special characters that are not supported in the proxy name are / \ [ ] : | = , + * ? < > @ ".

8.1.3 Planning Access and Sharing for Net Folders

It is important that you understand what to expect when configuring access rights for Net Folders. Furthermore, the access rights that you define on a Net Folder affect how items can be accessed by users who receive shares to items in the Net Folder.

Understanding Access Rights for Net Folders

When you configure a Net Folder, users who already have rights to files and folders on the file system rights are granted the same rights in Filr only when all of the following conditions are met:

After you assign users rights to the Net Folder, users are granted the same level of access rights that they currently have on the file system.

If you assign users access rights within the Net Folder and those users do not already have file system rights, they are not able to see files and folders within the Net Folder.

Understanding Sharing Rights for Net Folders

Users Must Have File System Rights to Share from Filr

Users who share files from a Net Folder can grant Viewer, Editor, or Contributor access to the file, depending on their rights in the file system. For users to grant these rights to another user, they must have the minimum rights that those roles require, as outlined in the following tables.

Table 8-1 NSS File System Rights Required for Assigning Filr Roles

Role

Minimum NSS Rights Required

Comments

Viewer

Read (R), File Scan (F)

These are the minimum file system trustee rights that users must have to view files and folders.

Editor

Read (R), Write (W), File Scan (F)

If the Write file system trustee right is added to Read and File Scan, users can then modify file content.

Contributor

Read (R), Write (W), Erase (E), Create (C), Modify, File Scan (F)

or

Supervisor

To perform contributor functions, users must either have all file system trustee rights to the file or folder (except for Access Control) or the Supervisor right to the file or folder.

The presence or absence of Access Control has no meaning in Filr because Filr cannot modify file system trustee rights. A Filr user with the Access Control right on the file system cannot grant file system access to another user through Filr.

It is true that Filr users with sufficient Filr permissions can share access to files and folders with other users, but this is a Filr function that leverages the file system rights of Net Folder proxy users. Access to shared files and folders is independent of any file system rights that individual users have or do not have.

Table 8-2 NTFS Permissions Required for Assigning Filr Roles

Role

Minimum NTFS Permissions Required

Comments

Viewer

Read, Read & Execute, List Folder Content

These are the minimum basic permissions that users must have in order to view files and folders. The default special permissions associated with these basic permissions are also required.

Editor

Read, Read & Execute, List Folder Content, Write

If the basic Write permission is added, users can then modify file content. The default special permissions associated with these basic permissions are also required.

Contributor

Read, Read & Execute, List Folder Content, Write, Modify

or

Full Control

To perform contributor functions, users must either have the basic Modify permission added or they must have the basic Full Control permission. The default special permissions associated with these basic permissions are also required.

Users Do Not Need File System Rights to Receive a Share

Users who receive a share for a file on a Net Folder might or might not have file system rights to the shared file. Whether they have file system rights to the shared file affects how they can access the file in Filr. Users who do not have file system rights to a shared file can gain access to the file via the Net Folder Server proxy user. (For more information about the Net Folder proxy user, see Section 8.1.2, Planning the Net Folder Server Proxy User.)

Users can access shared items through the following methods from any of the Filr clients (web, desktop, or mobile), depending on their file system access rights:

  • From the Net Folders area (by navigating to the file): Only users who have file system rights to the shared item and who have been granted access to the Net Folder in Filr. (Users are granted access to a file either through a share or from being granted access by the Filr administrator.)

  • In the Shared with Me area: All users who receive a share.

8.1.4 Planning the Synchronization Method

When you synchronize files in Net Folders, only file metadata is synchronized. Whether the content of files is brought into Filr is determined by the index settings that you choose when creating a Net Folder, as described in Section 8.4, Creating and Managing Net Folders. Files must be synchronized before they can be indexed.

When you configure Net Folders, you have the option to use one or both of the available synchronization methods (Full synchronization or Just-in-Time synchronization). Depending on the nature of your data, it might make sense to use full synchronization on some of your Net Folders and to use Just-in-Time synchronization on other Net Folders. You might want to use a combination of both methods of synchronization for other Net Folders.

Full synchronization: Synchronizes all files from a given Net Folder either at a schedule that you specify or from a manual action. All files are examined for changes, and any changes are then synchronized.

This type of synchronization ensures that all files are synchronized; however, it is more time-consuming and resource-intensive than Just-in-Time synchronization.

For information about the time required to perform a full synchronization on a Net Folder, see Section 8.1.7, Planning the Amount of Data to Synchronize.

Just-in-Time synchronization: Synchronizes individual files at the time users access the files. Only files that are accessed are synchronized.

Just-in-Time synchronization is one method that you can use to synchronize files from Net Folders to be accessed in Filr. When you enable Just-in-Time synchronization, files are synchronized the moment users access them via the Filr Web application or via the Filr mobile app. This means that data users access through Filr is more accurate and that processes to make the data available are less resource-intensive. However, this also means that files cannot be indexed (and therefore are not returned in searches and are not available to be synchronized via the Filr desktop application) until after users access them for the first time from the Filr Web application or from the mobile app. (For more information, see Searchability of Data and Usage of the Filr Desktop Application.)

Just-in-Time synchronization provides two key benefits:

  • Allows you to make files available to your users without needing to wait for all files within a given Net Folder to synchronize. Only those files that users want access to are synchronized. A file is synchronized to Filr at the time the user accesses the file within Filr.

  • Users do not have to wait for files to synchronize based on the Net Folder synchronization schedule (which by default is every 15 minutes). If one user edits a file and saves it, another user who views the file only a few seconds later will see the recent change.

For more detailed information about Just-in-Time synchronization, as well as how to enable it, see Section 8.6, Enabling Just-in-Time Synchronization.

When you plan the type of synchronization method to use for a given Net Folder, consider the nature of the content you plan to synchronize and how you plan to use it after it is synchronized. Table 8-3 and the sections that follow describe which synchronization method is most suitable for certain types of content and the way you intend to use that content in Filr.

Table 8-3 Full Sync vs. Just-in-Time Sync

 

Static Content

Dynamic Content

Large Amounts of Data

Searchability of Data

Filr Desktop Application

Full Synchronization

X

 

 

X

X

Just-in-Time Synchronization

 

X

X

 

 

Static versus Dynamic Data

Depending on whether your data never changes (static) or is constantly changing (dynamic) should influence the type of synchronization method that you implement for the Net Folder.

Full synchronization is more suited for static content, while Just-in-Time synchronization is more suited for dynamic content.

For example, a Net Folder that contains static files, such as medical records that are read-only, might be best synchronized to Filr by running one manual synchronization and disabling the scheduled synchronization as well as the Just-in-Time synchronization. The files could then be accessed via Filr without any unnecessary load being placed on the Filr system.

Conversely, a Net Folder that contains dynamic files that users actively collaborate on, such as marketing documents for a company’s current products, might be best synchronized to Filr by enabling Just-in-Time synchronization. Users would then always have the latest information when they access a file.

In some cases, you might want to enable both scheduled synchronization as well as Just-in-Time synchronization. In such cases, consider also the amount of data that is located on the Net Folder.

The Amount of Data

The amount of data on the Net Folder should influence the type of synchronization method that you implement, because of the system resources that are required to perform a scheduled synchronization. If a Net Folder contains a large amount of data, a scheduled synchronization might consume a large amount of system resources more frequently than is necessary.

If you have a large amount of data but still want the data to be searchable, you might consider running one full synchronization so that you can then index the data and then use Just-in-Time synchronization thereafter.

Searchability of Data

Whether you want data to be immediately searchable might influence the type of synchronization method that you implement for the Net Folder, because data cannot be indexed (and therefore is not returned in searches) until after the data is synchronized.

In a full synchronization, the synchronization process begins when you configure the Net Folder. In a Just-in-Time synchronization, the synchronization process begins on a per-file basis only after a user accesses a file for the first time. After a file is accessed for the first time, the file is synchronized and is then indexed.

NOTE:File indexing is disabled by default. You must enable file indexing for a given Net Folder if you want the files in the Net Folder to be searchable. You enable indexing during the creation of the Net Folder Server, as described in Section 8.3, Configuring and Managing Net Folder Servers, or during the creation of individual Net Folders, as described in Section 8.4, Creating and Managing Net Folders.

Usage of the Filr Desktop Application

The Filr desktop application triggers Just-in-Time synchronization only for the top-level folder that the user has chosen to synchronize (not the entire folder tree); it is triggered only when Personal Storage has been disabled. For all sub-folders, files must already be synchronized and accessible via the Filr web interface.

If your users are using the Filr desktop application, it is best to run one manual synchronization and/or enable the scheduled synchronization of the Net Folder or Net Folder Server. If you don’t, the Filr desktop application might not download all of the files in the Net Folder.

8.1.5 Planning the Synchronization Schedule

You can configure Net Folders and Net Folder Servers to be synchronized at a schedule that you specify.

Synchronization in this sense means that content is simply mirrored in Filr; it is not transferred from the remote file server for replication on the Filr storage. Only metadata such as the name, path, owner, trustees, and so forth is actually stored in Filr.

Consider the following when planning the synchronization schedule:

  • Synchronizations can be scheduled only if you have configured the Net Folder or Net Folder Server to perform full synchronization as the synchronization method (as described in Section 8.1.4, Planning the Synchronization Method).

  • When a schedule is configured on a Net Folder Server, all Net Folders associated with that Net Folder Server are synchronized on the same schedule. However, if you configure a separate synchronization schedule for an individual Net Folder, this schedule is used for synchronizing the Net Folder, instead of the Net Folder Server synchronization schedule.

  • When setting the synchronization schedule, be aware that the schedule that you choose can greatly affect system performance. Consider the information in Table 8-4, Net Folder Synchronization Example and avoid the following scenarios, which can cause your Filr system to be slow or sluggish:

    • You configure Net Folder synchronization schedules among various Net Folders and Net Folder Servers in such a way so that Filr is constantly synchronizing information.

    • A single synchronization schedule is so frequent that a new synchronization begins as soon as the previous one finishes.

    HINT:If you have a Net Folder or Net Folder Server that contains hundreds of thousands of files, consider doing only one initial Full Synchronization (if you need all of the file content to be indexed and searchable), and using Just-in-Time synchronization as the ongoing synchronization process.

8.1.6 Planning a Clustered Filr System to Support Net Folder Synchronization

Performing a full synchronization on a Net Folder can consume a significant amount of resources on your Filr appliance. If you plan to synchronize thousands of files via Net Folders, you should configure a clustered Filr system that includes multiple Filr appliances.

In a clustered environment, it is a good idea to set aside a single Filr appliance to handle the load of any manual Net Folder synchronizations. (For information about how to perform a manual synchronization on a Net Folder, see Synchronizing a Net Folder.)

For more information about how to configure clustering, see Multi-Server (Clustered) Deployment in the Novell Filr 1.1 Installation and Configuration Guide.

For more information about how to set aside a Filr appliance, see Setting Aside a Filr Appliance for Re-Indexing and Net Folder Synchronization in a Clustered Environment in the Novell Filr 1.1 Installation and Configuration Guide.

8.1.7 Planning the Amount of Data to Synchronize

The time required to perform a full synchronization on a Net Folder varies depending on many factors, including the following:

  • The configuration of your Filr system (Large vs. Small vs. Clustered deployment)

  • The number of active users

  • Whether indexing is enabled (all file content is indexed and searchable, or only file metadata is synchronized)

  • The complexity and depth of the file server’s directory tree and the LDAP directory

  • Whether Just-in-Time synchronization is enabled

  • The database type (MySQL vs. Microsoft SQL)

  • The file server type (OES vs. Windows vs. NetWare)

  • The number of CPUs allocated to the Filr appliance

  • The amount of memory allocated to the Filr appliance

Net Folder Synchronization Example

The example in Table 8-4 illustrates the time required to synchronize files from five Net Folders in a large Filr deployment (one Filr appliance, one database appliance, and one search index appliance) with the following environment:

  • No indexing of content

  • No active users on the system

  • No Just-in-Time synchronization

  • 100,000 files were synchronized

  • 750 sub-directories in the file system

  • OES file system

  • MySQL database

Table 8-4 Net Folder Synchronization Example

 

Number of Files Synchronized per Second

Number of Files Synchronized per Minute

Number of Files Synchronized per Hour

Initial Synchronization:

196

11,760

705,600

Ongoing Synchronization:

952

57,120

3,427,200

8.1.8 Planning the Number of Net Folders

Unless only a small number of files exist in a volume or share on a file server, it is unwise to create a single Net Folder at the root of a volume or share. Instead, create multiple Net Folders. With multiple Net Folders created, you can be more flexible with the way you administer the Net Folders, such as the synchronization methods that you use and the rate at which you synchronize data.

For example, you can synchronize the Net Folders to Filr using different synchronization methods, depending on the nature of the data that each Net Folder contains. If the data in one Net Folder is static, you can perform a full synchronization on that Net Folder. You’re then free to perform a Just-in-Time synchronization on a different Net Folder that contains more dynamic data. (For more information about the types of synchronization methods, see Section 8.1.4, Planning the Synchronization Method.)

8.1.9 Planning the Time Zone of the Filr Appliance to Match the Time Zone of any File Servers

The Filr appliance and any file servers that the Filr appliance connects to via a Net Folder should be synchronized to the same time and to the same time zone. You configured the time zone of the Filr appliance during the appliance installation, as described in Installing the Filr Appliance in the Novell Filr 1.1 Installation and Configuration Guide.

If time zones are not synchronized in this way, users might see conflicting creation and modification times for files.