8.1 Planning Net Folder Creation

8.1.1 Understanding Known Issues

Before you begin planning for and setting up Net Folders, ensure that you are aware of any known issues. For more information, see Net Folder Issues in the Novell Filr Readme.

8.1.2 Planning an OES 2015 NSS AD Integration

Filr 2 and NSS for AD

Beginning with OES 2015, both eDirectory and Active Directory are supported as LDAP identity sources for NSS-volume access as illustrated in Figure 8-1.

Figure 8-1 AD Users Can Access NSS Volumes through Filr

For information on installing and configuring NSS for AD, see the OES 2015: NSS AD Deployment and Administration Guide.

Specifying the Net Folder Proxy User

Although AD users can be granted rights to NSS volumes on properly configured OES 2015 server, the Net Folder Proxy User must be an eDirectory user that meets the qualifications outlined in Figure 8-2.

Selecting the Correct Server Type

To accommodate NSS for AD, Filr 2 includes a new server type: Novell Open Enterprise Server (NSS for AD).

Use the following table as a guide when selecting the server type for a Net Folder Server.

Volume is Enabled for NSS AD

Protocol Used

Server Type to Select

Yes

CIFS or NCP

Novell OES (NSS for AD)

No

CIFS

Novell OES (NSS for AD)

No

NCP

Novell OES

DFS Considerations

If an NSS volume on an OES 2015 server has DFS function targets that point to an older OES server, then you must select Novell OES as the server type. Otherwise, the trustee assignments on the target will not be reflected in Filr.

If an NSS volume on an OES 2015 server has DFS junctions and you are planning to select the new NSS for AD server type, you must scan the volume from iManager as instructed in Managing Junctions in the OES 2015: Domain Services for Windows Administration Guide.

8.1.3 Planning a SharePoint 2013 Integration

Filr 2.0 lets you configure Net Folders in Filr to access files in regular document libraries on a SharePoint 2013 server. When a user uploads a file to a SharePoint-configured Filr Net Folder, that file is made available on the SharePoint server as well as to any user or group who has access to the Net Folder in Filr.

Understanding How Filr Handles Checked Out Documents

SharePoint 2013 contains the following configuration option: Require documents to be checked out before they can be edited. When enabled, this option causes files that are uploaded to SharePoint to be uploaded in the Checked Out state, making them visible only to the person who uploaded the files. This is true regardless of the application that is used to upload (such as SharePoint web portal or One Drive).

This is also true for Filr, however, to ensure that files uploaded to the SharePoint 2013 server via a SharePoint-configured Filr Net Folder are available to all Filr users with appropriate rights to the Net Folder (through synchronization to Filr via the Filr Net Folder Server Proxy User), Filr behaves differently depending on whether the Require documents to be checked out before they can be edited option is enabled on the SharePoint 2013 server.

  • If Enabled: Filr automatically checks in a minor version of the file so that the file can be seen by the Net Folder Server Proxy User, and therefore is available to Filr users with rights to the Net Folder.

  • If Disabled: The uploaded file is immediately visible to all users who have rights to the Net Folder.

User Access Synchronization Considerations

When synchronizing user access rights information from SharePoint to Filr, consider the following:

  • User access rights to files and folders within SharePoint are synchronized to Filr only for users who exist in Active Directory. Access rights for users who exist only locally on the SharePoint site are not synchronized to Filr.

  • SharePoint personal sites are not currently displayed as user Home folders in Filr.

Granting Access to a Specific Folder That Has Been Shared via SharePoint

In SharePoint, if a folder has been shared with a specific group and that group does not have access to the parent directory, you must create a separate Net Folder with a relative path to the shared folder and give the group access.

If you create a Net Folder at a higher level, the group cannot access the sub-folder to which they have access because, as dictated by the SharePoint architecture, they are not able to view the parent folder.

For example, suppose Group A has access rights in SharePoint to the following folder: http://sharepoint_site/sites/marketing/productx. Group A does not have access rights to the marketing folder, only to the productx folder. In order for Group A to have access to the productx folder in Filr:

  1. Create a Net Folder Server (as described in Section 8.5.1, Configuring Net Folder Servers) with the following server path:

    http://sharepoint_site/sites/marketing

  2. Create a Net Folder (as described in Section 8.6.1, Creating Net Folders) with the following relative path:

    productx

  3. (Optional) You might also create another Net Folder to the marketing folder, and assign the appropriate set of users access to that folder. (These users would need to have access to this folder in SharePoint.)

Configuring Access and Sharing Rights

The conditions for how access rights transfer from the SharePoint site to Filr are the same as those for other types of file systems. For more information, see Understanding Access Rights for Net Folders.

Sharing rights are mapped from the SharePoint site to the Filr system. Filr allows users to grant Viewer, Editor, or Contributor access to the file, depending on their rights on the SharePoint site. For information about the SharePoint rights that map to these roles, Understanding Sharing Rights for Net Folders.

Consider the following regarding sharing:

Understanding How Shared Access from SharePoint Transfers to Filr

If an item has been shared with a user via SharePoint, that user has access to the item within Filr within the Net Folder where the file is located. Files that are shared within SharePoint are not displayed in the Filr Shared with Me area.

Understanding How Enabling the Ability to Re-Share within Filr Can Affect SharePoint

Filr allows you to grant users with the ability to re-share items with other users who do not have access (as described in Section 6.3.3, Enabling Sharing for the Entire Site).

When re-sharing is enabled, users can share a file or folder and give the users they are sharing with the ability to re-share the file or folder.

IMPORTANT:Because SharePoint does not have this same capability, carefully consider whether you want to allow users to re-share items, because doing so could grant users access to items that they otherwise wouldn’t have within SharePoint.

Configuring SSL between the SharePoint Server and Filr

If your SharePoint server is configured with SSL, you might need to export the SSL certificate from SharePoint and import it into Filr in order for the Net Folder Server to function properly.

After you have exported the SSL certificate and keypair from the SharePoint site, you need to import them into Filr (the certificate and key pair should be in .P12 key pair format):

  1. Go to the Digital Certificates page by clicking Digital Certificates from the Novell Appliance.

  2. Click File > Import > Trusted Certificate. Browse to and select your existing certificate, then click OK.

  3. Continue with Section 31.2.3, Activating the Certificate.

8.1.4 Planning Access and Sharing for Net Folders

It is important that you understand what to expect when configuring access rights for Net Folders. Furthermore, the access rights that you define on a Net Folder affect how items can be accessed by users who receive shares to items in the Net Folder.

Understanding Access Rights for Net Folders

When you configure a Net Folder, users who already have rights to files and folders on the file system rights (or on the file repository in the case of SharePoint) are granted the same rights in Filr only when all of the following conditions are met:

After you assign users rights to the Net Folder, users are granted the same level of access rights that they currently have on the file system.

If you assign users access rights within the Net Folder and those users do not already have file system rights, they are not able to see files and folders within the Net Folder.

Understanding Sharing Rights for Net Folders

Users Must Have File System Rights to Share from Filr

Users who share files from a Net Folder can grant Viewer, Editor, or Contributor access to the file, depending on their rights in the file system. For users to grant these rights to another user, they must have the minimum rights that those roles require, as outlined in the following tables:

Table 8-1 NSS File System Rights Required for Net Folder Roles

Role and Minimum NSS Rights Required

Comments

To view files through Filr, eDirectory users must have both Read and File Scan file system trustee rights on the target file or folder.

To modify file content through Filr, eDirectory users must have the Write file system trustee right in addition to Read and File Scan.

To perform contributor functions, eDirectory users must either have

  • All file system trustee rights to the file or folder (except for Access Control)

    Or

  • The Supervisor right to the file or folder

The presence or absence of Access Control has no meaning in Filr because Filr cannot modify file system trustee rights. A Filr user with the Access Control right on the file system cannot grant file system access to another user through Filr.

It is true that Filr users with sufficient Filr permissions can share access to files and folders with other users, but this is a Filr function that leverages the file system rights of Net Folder proxy users. Access to shared files and folders is independent of any file system rights that individual users have or do not have.

Table 8-2 NTFS Permissions Required for Net Folder Roles

Role and Minimum NTFS Permissions Required

Comments

To view files and folders through Filr, Active Directory users must have Read, Read & Execute, and List Folder Content basic permissions on the target folder.

The default special permissions associated with these basic permissions are also required.

To modify file content through Filr, Active Directory users must have the basic Write permission in addition to Read, Read & Execute, and List Folder Content basic permissions on the target folder.

The default special permissions associated with these basic permissions are also required.

To perform contributor functions, users must either have

  • The basic Full Control permission

    Or

  • The basic Modify permission included with the privileges required for the Editor role (Write, Read, Read & Execute, and List Folder Content)

    IMPORTANT:The default special permissions associated with these basic permissions are also required as illustrated.

Table 8-3 SharePoint Permissions Required for Net Folder Roles

Role and Minimum SharePoint Permissions Required

Comments

To view files and folders in SharePoint document libraries, SharePoint users must have the Browse Directories, Browse User Information, Use Remote Interfaces*, and View Items permissions in the document libraries.

To modify file content, SharePoint users must have the Edit permission in addition to the permissions required for the Viewer role.

To perform contributor functions, users must have the Add Items and Delete Items permissions in addition to all of the permissions required for the Viewer and Editor roles.

Users Do Not Need File System Rights to Receive a Share

Users who receive a share for a file on a Net Folder might or might not have file system rights to the shared file. Whether they have file system rights to the shared file affects how they can access the file in Filr. Users who do not have file system rights to a shared file can gain access to the file via the Net Folder Server proxy user. (For more information about the Net Folder proxy user, see Section 8.2, Providing Net Folder Server Proxy Users.)

Users can access shared items through the following methods from any of the Filr clients (web, desktop, or mobile), depending on their file system access rights:

  • From the Net Folders area (by navigating to the file): Only users who have file system rights to the shared item and who have been granted access to the Net Folder in Filr. (Users are granted access to a file either through a share or from being granted access by the Filr administrator.)

  • In the Shared with Me area: All users who receive a share.

8.1.5 Planning the Synchronization Method

When you synchronize files and folders in Net Folders, only file and folder metadata is synchronized. File content is only brought into Filr if you choose to have file content indexed as part of the Net Folder configuration, as described in Section 8.6, Creating and Managing Net Folders. File metadata must be synchronized before files can be viewed in a Filr app. When indexing is enabled for the Net Folder and the synchronization process indicates that file metadata is new or changed, the system flags the file as needing to be indexed during the next indexing cycle, which could be up to 10 minutes later.

When you configure Net Folders, you have the option to use one or both of the available synchronization methods (Full synchronization or Just-in-Time synchronization). Depending on the nature of your data, it might make sense to use full synchronization on some of your Net Folders and to use Just-in-Time synchronization on other Net Folders. You might want to use a combination of both methods of synchronization for other Net Folders.

Full synchronization: Synchronizes the metadata for all of the files and subfolders in a given Net Folder either on a set schedule or from a manual action. All files are examined for changes, and any changes are then synchronized.

This type of synchronization ensures that all files are synchronized; however, because it processes the entire Net Folder, it consumes more time and resources than Just-in-Time synchronization.

For information about the time required to perform a full synchronization on a Net Folder, see Section 8.1.8, Planning the Amount of Data to Synchronize.

Just-in-Time synchronization: Starts synchronizing the contents of a folder when users browse to it in a Filr app (Mobile, Web, and Desktop).

The system processes metadata for up to 5 seconds, and then the initial results are returned to the browser view. (The Maximum wait time for results setting in Net Folder Global Settings sets

If folder processing has not finished, JITS continues processing in the background until the metadata for everything in the folder is processed. If the folder contains more files and subfolders than can be processed in the initial processing period, it’s possible that not all of the files and subfolders will be immediately viewable, in which case a refresh would be required.

In contrast with a full synchronization, which walks the tree until all folders and subfolders are discovered, JITS always processes only one folder at a time. Processing the contents of a subfolder requires that the user browse to that subfolder.

Just-in-Time synchronization provides two key benefits:

  • Users can see a folder’s contents without needing to wait for all of the files and subfolders within a given Net Folder to synchronize. Only those files and subfolders that users want access to are synchronized.

  • Files and subfolders are guaranteed to be more current. What users see is not constrained by the Net Folder synchronization schedule intervals (default is every 15 minutes).

    If one user edits a file and saves it, another user who views the file only a few seconds later will see the recent change.

IMPORTANT:If you are providing content indexing (searchability), there is a significant drawback to relying only on JITS for sychronization.

Content indexing can only happen after a file’s metadata is synchronized and the file is marked as needing to be indexed for searchability.

Therefore, if only JITS is used, the only files that will ever have their content indexed are those that users browse to in one of the Filr apps. In that case, files that are never browsed to will not be included in content search results.

For more detailed information about Just-in-Time synchronization, as well as how to enable it, see Section 8.8, Enabling Just-in-Time Synchronization.

When you plan the type of synchronization method to use for a given Net Folder, consider the nature of the content you plan to synchronize and how you plan to use it after it is synchronized. Table 8-4 and the sections that follow describe which synchronization method is most suitable for certain types of content and the way you intend to use that content in Filr.

Table 8-4 Full Sync vs. Just-in-Time Sync

 

Static Content

Dynamic Content

Large Amounts of Data

Searchability of Data

Full Synchronization

X

 

 

X

Just-in-Time Synchronization

 

X

X

 

Static versus Dynamic Data

Depending on whether your data never changes (static) or is constantly changing (dynamic) should influence the type of synchronization method that you implement for the Net Folder.

Full synchronization is more suited for static content, while Just-in-Time synchronization is more suited for dynamic content.

For example, a Net Folder that contains static files, such as medical records that are read-only, might be best synchronized to Filr by running one manual synchronization and disabling the scheduled synchronization as well as the Just-in-Time synchronization. The files could then be accessed via Filr without any unnecessary load being placed on the Filr system.

Conversely, a Net Folder that contains dynamic files that users actively collaborate on, such as marketing documents for a company’s current products, might be best synchronized to Filr by enabling Just-in-Time synchronization. Users would then always have the latest information when they access a file.

In some cases, you might want to enable both scheduled synchronization as well as Just-in-Time synchronization. In such cases, consider also the amount of data that is located on the Net Folder.

The Amount of Data

The amount of data on the Net Folder should influence the type of synchronization method that you implement, because of the system resources that are required to perform a scheduled synchronization. If a Net Folder contains a large amount of data, a scheduled synchronization might consume a large amount of system resources more frequently than is necessary.

If you have a large amount of data but still want the data to be searchable, you might consider running one full synchronization so that you can then index the data and use Just-in-Time synchronization thereafter.

Searchability of Data

Whether you want data to be immediately searchable might influence the type of synchronization method that you implement for the Net Folder, because a file’s content cannot be indexed (and therefore is not returned in searches) until after the file’s metadata is synchronized.

In a full synchronization, the synchronization process begins when you configure the Net Folder. In a Just-in-Time synchronization, the synchronization process begins at a given folder when a user accesses (browses to) the folder. After a folder is accessed and if the JITS time limit for refreshing metadata has lapsed (default is 60 seconds), the file and folder metadata is synchronized and the updated files can then be indexed.

NOTE:File indexing is disabled by default. You must enable file indexing for a given Net Folder if you want the files in the Net Folder to be searchable. You enable indexing during the creation of the Net Folder Server, as described in Section 8.5, Configuring and Managing Net Folder Servers, or during the creation of individual Net Folders, as described in Section 8.6, Creating and Managing Net Folders.

8.1.6 Planning the Synchronization Schedule

You can configure Net Folders and Net Folder Servers to be synchronized at a schedule that you specify.

Synchronization in this sense means that content is simply mirrored in Filr; it is not transferred from the remote file server for replication on the Filr storage. Only metadata such as the name, path, owner, trustees, and so forth is actually stored in Filr.

Consider the following when planning the synchronization schedule:

  • Synchronizations can be scheduled only if you have configured the Net Folder or Net Folder Server to perform full synchronization as the synchronization method (as described in Section 8.1.5, Planning the Synchronization Method).

  • When a schedule is configured on a Net Folder Server, all Net Folders associated with that Net Folder Server are synchronized on the same schedule. However, if you configure a separate synchronization schedule for an individual Net Folder, this schedule is used for synchronizing the Net Folder, instead of the Net Folder Server synchronization schedule.

  • When setting the synchronization schedule, be aware that the schedule that you choose can greatly affect system performance. Consider the information in Table 8-5, Net Folder Synchronization Example and avoid the following scenarios, which can cause your Filr system to be slow or sluggish:

    • You configure Net Folder synchronization schedules among various Net Folders and Net Folder Servers in such a way so that Filr is constantly synchronizing information.

    • A single synchronization schedule is so frequent that a new synchronization begins as soon as the previous one finishes.

    HINT:If you have a Net Folder or Net Folder Server that contains hundreds of thousands of files, consider doing only one initial Full Synchronization (if you need all of the file content to be indexed and searchable), and using Just-in-Time synchronization as the ongoing synchronization process.

8.1.7 Planning a Clustered Filr System to Support Net Folder Synchronization

Performing a full synchronization on a Net Folder can consume a significant amount of resources on your Filr appliance. If you plan to synchronize thousands of files via Net Folders, you should configure a clustered Filr system that includes multiple Filr appliances.

In a clustered environment, it is a good idea to set aside a single Filr appliance to handle the load of any manual Net Folder synchronizations. (For information about how to perform a manual synchronization on a Net Folder, see Synchronizing a Net Folder.)

For more information about how to configure clustering, see Multi-Server (Clustered) Deployment in the Filr 2.0: Installation and Configuration Guide.

For more information about how to set aside a Filr appliance, see Setting Aside a Filr Appliance for Re-Indexing and Net Folder Synchronization in a Clustered Environment in the Filr 2.0: Installation and Configuration Guide.

8.1.8 Planning the Amount of Data to Synchronize

The time required to perform a full synchronization on a Net Folder varies depending on many factors, including the following:

  • The configuration of your Filr system (Large vs. Small vs. Clustered deployment)

  • The number of active users

  • Whether indexing is enabled (all file content is indexed and searchable, or only file metadata is synchronized)

  • The complexity and depth of the file server’s directory tree and the LDAP directory

  • Whether Just-in-Time synchronization is enabled

  • The database type (MySQL vs. Microsoft SQL)

  • The file server type (OES vs. Windows vs. NetWare vs. SharePoint 2013)

  • The number of CPUs allocated to the Filr appliance

  • The amount of memory allocated to the Filr appliance

Net Folder Synchronization Example

The example in Table 8-5 illustrates the time required to synchronize files from five Net Folders in a large Filr deployment (one Filr appliance, one database appliance, and one search index appliance) with the following environment:

  • No indexing of content

  • No active users on the system

  • No Just-in-Time synchronization

  • 100,000 files were synchronized

  • 750 sub-directories in the file system

  • OES file system

  • MySQL database

Table 8-5 Net Folder Synchronization Example

 

Number of Files Synchronized per Second

Number of Files Synchronized per Minute

Number of Files Synchronized per Hour

Initial Synchronization:

196

11,760

705,600

Ongoing Synchronization:

952

57,120

3,427,200

8.1.9 Planning the Number of Net Folders

Unless only a small number of files exist in a volume or share on a file server, it is unwise to create a single Net Folder at the root of a volume or share. Instead, create multiple Net Folders. With multiple Net Folders created, you can be more flexible with the way you administer the Net Folders, such as the synchronization methods that you use and the rate at which you synchronize data.

For example, you can synchronize the Net Folders to Filr using different synchronization methods, depending on the nature of the data that each Net Folder contains. If the data in one Net Folder is static, you can perform a full synchronization on that Net Folder. You’re then free to perform a Just-in-Time synchronization on a different Net Folder that contains more dynamic data. (For more information about the types of synchronization methods, see Section 8.1.5, Planning the Synchronization Method.)

8.1.10 Planning the Time Zone of the Filr Appliance to Match the Time Zone of any File Servers

The Filr appliance and any file servers that the Filr appliance connects to via a Net Folder should be synchronized to the same time and to the same time zone. You configured the time zone of the Filr appliance during the appliance installation, as described in Installing the Filr Appliance in the Filr 2.0: Installation and Configuration Guide.

If time zones are not synchronized in this way, users might see conflicting creation and modification times for files.