Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- Best Practice to use CIFS in Alfresco Community 4....
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Best Practice to use CIFS in Alfresco Community 4.0e
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-10-2012 07:54 AM
Hello Alfresco-Admins,
i am an Admin in a non-profit Organization with ~200 Users that chose Alfresco Community as their new ECM-System. In general, we get along with the system and don't mind a few bugs. However, CIFS is driving me crazy. Since CIFS is a vital part of our System, it needs to be fixed, no matter what. In fact, i am completely fine to reconfigure a completely new system and change the entire Alfresco Stack, if that is what it takes.
-Current Situation-
First off, let me say i tried pretty much everything and anything on the Internet and that i am quite confident there is no publically available solution to my problems. i am much more interested in getting to know the ideal configuration and setting up a completely new system. [size=85] We are currently using a 2008R2 with the regular Community version. Our Authentication Cahin is AlfrescoNTLM (used only for administration) -> Kerberos (CIFS, SSO, "normal" sign in), LDAP (daily sync with AD (Users only, no groups)). i followed these instructions to set up CIFS:
http://docs.alfresco.com/4.0/index.jsp?topic=%2Fcom.alfresco.enterprise.doc%2Ftasks%2Ffileserv-CIFS-...
Now, it seemed more like a hack when i configured it, and i didn't really like the idea of blocking 445 (as it causes big problems with our backup system) and setting up WINS just for that, but it seemed to work, and so i didn't mind. However, we have some critical problems. First off, Alfresco's CIFS extension seems to randomly deny the Kerberos Tickets for SSO. Once denied, it takes several hours before it will work again for a user to connect to CIFS. There is no apparent pattern as to when it is denied and when it is accepted. It roughly seems to be 50:50.
Then, when using MS Office, it takes several minutes to safe a new file to the CIFS-Drive (this seems to be related to blocking 445). The same thing happens when a file is opened in CIFS and then saved to a new directory. Also, the performance is not ideal. We have 2 Xeon x5450 running at something like 30% for things like directory listing, or copying a large file into CIFS. It takes 25 minutes just to list ~10.000 directories (95% still empty) and ~5.000 files (e.g. right-click on folder -> properties). Raw transfer does not exceed 30MB/s (one large file). i can imagine this could increase if our system could handle more IOPS, but i still think it is worth noting that it is less than one hundreth of the speed of regular CIFS, using far more CPU.
As i am actually not really interested in fixing this (as i don't think there is a solution on the net), i will skip telling you what i tried (i guess no one here would like to read 10 pages of Text anyways) and tell you what i want. Only if there is no better way i will want to fix the current system. :-)[/size]
i would simply like to know, assuming CIFS is the most important function for me, how can i set up Alfresco ideally? Meaning, which OS should i use (are there less problems in Linux?), can i somehow replicate the Repository with the permissions completely intact, something like DFS (i don't mean to another Alfresco Server, i mean to a seperate system) and then use a regular CIFS share on that server? Is there an "ideal" authentication chain (in which i can use Kerberos w/ SSO)? Or, does anyone at least know how to get CIFS working on 2008R2 without blocking 445?
Thanks a lot in advance for any and all answers.
i am an Admin in a non-profit Organization with ~200 Users that chose Alfresco Community as their new ECM-System. In general, we get along with the system and don't mind a few bugs. However, CIFS is driving me crazy. Since CIFS is a vital part of our System, it needs to be fixed, no matter what. In fact, i am completely fine to reconfigure a completely new system and change the entire Alfresco Stack, if that is what it takes.
-Current Situation-
First off, let me say i tried pretty much everything and anything on the Internet and that i am quite confident there is no publically available solution to my problems. i am much more interested in getting to know the ideal configuration and setting up a completely new system. [size=85] We are currently using a 2008R2 with the regular Community version. Our Authentication Cahin is AlfrescoNTLM (used only for administration) -> Kerberos (CIFS, SSO, "normal" sign in), LDAP (daily sync with AD (Users only, no groups)). i followed these instructions to set up CIFS:
http://docs.alfresco.com/4.0/index.jsp?topic=%2Fcom.alfresco.enterprise.doc%2Ftasks%2Ffileserv-CIFS-...
Now, it seemed more like a hack when i configured it, and i didn't really like the idea of blocking 445 (as it causes big problems with our backup system) and setting up WINS just for that, but it seemed to work, and so i didn't mind. However, we have some critical problems. First off, Alfresco's CIFS extension seems to randomly deny the Kerberos Tickets for SSO. Once denied, it takes several hours before it will work again for a user to connect to CIFS. There is no apparent pattern as to when it is denied and when it is accepted. It roughly seems to be 50:50.
Then, when using MS Office, it takes several minutes to safe a new file to the CIFS-Drive (this seems to be related to blocking 445). The same thing happens when a file is opened in CIFS and then saved to a new directory. Also, the performance is not ideal. We have 2 Xeon x5450 running at something like 30% for things like directory listing, or copying a large file into CIFS. It takes 25 minutes just to list ~10.000 directories (95% still empty) and ~5.000 files (e.g. right-click on folder -> properties). Raw transfer does not exceed 30MB/s (one large file). i can imagine this could increase if our system could handle more IOPS, but i still think it is worth noting that it is less than one hundreth of the speed of regular CIFS, using far more CPU.
As i am actually not really interested in fixing this (as i don't think there is a solution on the net), i will skip telling you what i tried (i guess no one here would like to read 10 pages of Text anyways) and tell you what i want. Only if there is no better way i will want to fix the current system. :-)[/size]
i would simply like to know, assuming CIFS is the most important function for me, how can i set up Alfresco ideally? Meaning, which OS should i use (are there less problems in Linux?), can i somehow replicate the Repository with the permissions completely intact, something like DFS (i don't mean to another Alfresco Server, i mean to a seperate system) and then use a regular CIFS share on that server? Is there an "ideal" authentication chain (in which i can use Kerberos w/ SSO)? Or, does anyone at least know how to get CIFS working on 2008R2 without blocking 445?
Thanks a lot in advance for any and all answers.
Labels:
- Labels:
-
Archive
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-10-2012 01:23 PM
Hello,
My 2 cents in a short summary:
1 Don't use windows as a server os
2 If you must,use Java socket code, disable Windows file and printing services and disable the native smb driver
This kind of problems are unheard of in our linux installs.
Regards
Axel
My 2 cents in a short summary:
1 Don't use windows as a server os
2 If you must,use Java socket code, disable Windows file and printing services and disable the native smb driver
This kind of problems are unheard of in our linux installs.
Regards
Axel
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-07-2013 05:25 AM
Hi CVWO,
we know your situation very well. We assist / support many Alfresco Installations from small to large scale environments. If you talk to Alfresco Partners they often recommend not to use CIFS at all but this is for our understanding _the biggest USP why companies choose for Alfresco and if you drop this away organizations may choose for other solutions …
We ended up as follows:
* Don't run Alfresco on Windows if you use CIFS. On Windows you will have to do always work arounds to keep Windows and Alfresco-CIFS running and you will never be aware if the next Windows update will brake your solution
* We provide our customers a ready to use virtual appliance based on VMWare, Ubuntu 12.04 LTS and Alfresco Community which is preconfigured and optimized to run in small and very large environments as mature and scalable as possible. This contains best practice deployments, scripts for backup and maintenance, monitoring, tuning and work arounds for known issues. This appliance is already running in AD/Kerberos/NTLM environments in many organisations.
* concepts: This is the most important part to get happy with Alfresco CIFS. Alfresco and desktop applications are very often not compatible in their concepts! In short: Many desktop apps like Office don't just save in an existing document if you intend to change and save the doc as a user. Instead these apps rename the original doc, create new ones and delete the original afterwards. This is the point were evil things start in point of a document management system: you will loose the whole context of your file (permissions, metadata, comments, links, …). To prevent this, Alfresco tries to recognize application specific behavior which works sometimes good and sometimes not but very often ends up in locked files, hanging CIFS-connections, timeouts. Our best practice which work also in large scale environments is to use a read only folder structure and to use a special filing service running on special "incoming" folders. With this configuration users can open files thru CIFS without any problems but when changing the file they will be prompted to use a different directory. Our filing service has special logic to recognize an existing file in the "incoming" directories and based on the configured business logic the original file will be overwritten, versioned or goes thru a special workflow to update the read-only file. New files will be filed folling a configurable fileplan based on meta data. We know, this is still a work around, but a good working one because files will be very good structured as a side effect. To work around these issues someone or Alfresco has to rethink the CIFS implementation in Alfresco at all. I believe this will never work in a synchronous manner as expected and will always require heavy work around. Who knows - may be we have a solution for that in future in the www.ecm-market.de 😉
Regards
Heiko Robert
we know your situation very well. We assist / support many Alfresco Installations from small to large scale environments. If you talk to Alfresco Partners they often recommend not to use CIFS at all but this is for our understanding _the biggest USP why companies choose for Alfresco and if you drop this away organizations may choose for other solutions …
We ended up as follows:
* Don't run Alfresco on Windows if you use CIFS. On Windows you will have to do always work arounds to keep Windows and Alfresco-CIFS running and you will never be aware if the next Windows update will brake your solution
* We provide our customers a ready to use virtual appliance based on VMWare, Ubuntu 12.04 LTS and Alfresco Community which is preconfigured and optimized to run in small and very large environments as mature and scalable as possible. This contains best practice deployments, scripts for backup and maintenance, monitoring, tuning and work arounds for known issues. This appliance is already running in AD/Kerberos/NTLM environments in many organisations.
* concepts: This is the most important part to get happy with Alfresco CIFS. Alfresco and desktop applications are very often not compatible in their concepts! In short: Many desktop apps like Office don't just save in an existing document if you intend to change and save the doc as a user. Instead these apps rename the original doc, create new ones and delete the original afterwards. This is the point were evil things start in point of a document management system: you will loose the whole context of your file (permissions, metadata, comments, links, …). To prevent this, Alfresco tries to recognize application specific behavior which works sometimes good and sometimes not but very often ends up in locked files, hanging CIFS-connections, timeouts. Our best practice which work also in large scale environments is to use a read only folder structure and to use a special filing service running on special "incoming" folders. With this configuration users can open files thru CIFS without any problems but when changing the file they will be prompted to use a different directory. Our filing service has special logic to recognize an existing file in the "incoming" directories and based on the configured business logic the original file will be overwritten, versioned or goes thru a special workflow to update the read-only file. New files will be filed folling a configurable fileplan based on meta data. We know, this is still a work around, but a good working one because files will be very good structured as a side effect. To work around these issues someone or Alfresco has to rethink the CIFS implementation in Alfresco at all. I believe this will never work in a synchronous manner as expected and will always require heavy work around. Who knows - may be we have a solution for that in future in the www.ecm-market.de 😉
Regards
Heiko Robert
Related Content
- Automatically convert to plain text and make it accesible through REST API in Alfresco Forum
- Tech Talk Live #166 - Revisiting OOTBee Support Tools in 2025 in Alfresco Blog
- Alfresco Customer Newsletter - January 2025 in Alfresco Blog
- Trashcan get node with specific aspect in Alfresco Forum
- Problem with XML parsing in Alfresco Forum
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
