Network drives between two data centers

[GrimmGrimm]

We have two servers located in different data centers.

One runs Windows Server 2016 and the other runs Linux.

 

We need to include the drives from the linux server as network drives in Windows.

 

What's a good and secure way to achieve this setup?

[Electronics Wizardy]

What latency are you thinking?

 

Got a vpn?

 

Try just a cifs mount over the vpn.

[GrimmGrimm]

The latency is not that important, but the speed should'nt be affected to much at all. The files are sometimes big 100Gb+. The servers both have a 1 gbit connection.

 

You mean a vpn only between those servers? Is not set up but could be done. Which one of those should be the vpn host then? Also will they be able to connect to the internet directly anyways?

 

What software would you recommend for cifs/smb mount on linux?

[leadeater]

40 minutes ago, GrimmGrimm said:

You mean a vpn only between those servers? Is not set up but could be done. Which one of those should be the vpn host then? Also will they be able to connect to the internet directly anyways?

A Site-to-Site VPN would be more versatile but you need to set that up on the firewall/router.

 

41 minutes ago, GrimmGrimm said:

The latency is not that important, but the speed should'nt be affected to much at all. The files are sometimes big 100Gb+. The servers both have a 1 gbit connection.

Latency is very important when it comes to inter datacenter connections, it has a very big impact on achievable throughput, and SMB doesn't like higher latencies much either.

 

42 minutes ago, GrimmGrimm said:

What software would you recommend for cifs/smb mount on linux?

Linux can handle that if you install the SAMBA client tools, I think some distros can include SMB mounting support by default.

[iJarda]

1 hour ago, leadeater said:

A Site-to-Site VPN would be more versatile but you need to set that up on the firewall/router.

I think, that if it has enough power, he can use OpenVPN directly on theese servers - I would recommend Linux as a server and Windows server as a client (but, then it has to be configured as a service on WS2016).

[GrimmGrimm]

1 hour ago, leadeater said:

A Site-to-Site VPN would be more versatile but you need to set that up on the firewall/router.

We only have access to the dedicated servers. Currently there isn't any "own" firewall before it, excepted a ddos protection by the host.

 

1 hour ago, leadeater said:

Latency is very important when it comes to inter datacenter connections

Ok good to know. 

So if the latency has to be low, would you recommend to use CIFS/SMB or would you recommend sth different? 

 

 

3 minutes ago, iJarda said:

I think, that if it has enough power, he can use OpenVPN directly on theese servers - I would recommend Linux as a server and Windows server as a client (but, then it has to be configured as a service on WS2016).

The linux specs: S

Intel® Xeon® E5-1650 v3 Hexa-Core

Ram:  128 GB DDR4 ECC RAM

Festplatten:10 x 10 TB 6 Gb/s 7200 rpm HDD Enterprise

Anbindung:1 GBit/s-Port

 

I guess this should be enough power?  What exactly do you mean with "configured as a service"?

[leadeater]

1 minute ago, GrimmGrimm said:

So if the latency has to be low, would you recommend to use CIFS/SMB or would you recommend sth different? 

Depends what the latency actually is, below 10ms is excellent, below 20ms is good, below 50ms is fair and anything above 50ms starts to get significantly impacted and a different protocol might have to be considered. You'll have to actually test though, larger files get impacted less compared to smaller files so there is a lot of variance.

[GrimmGrimm]

So I have to setup an vpn and then test different protocols.

 

How would you setup an vpn between two server so data between them is going through the vpn and the other traffic connects directly to the internet?

 

So sth like this, except server 2 is an WS2016? https://blog.boyeau.com/cheat-sheet-establishing-a-vpn-tunnel-between-2-linux-servers/

[Electronics Wizardy]

4 hours ago, GrimmGrimm said:

So I have to setup an vpn and then test different protocols.

 

How would you setup an vpn between two server so data between them is going through the vpn and the other traffic connects directly to the internet?

 

So sth like this, except server 2 is an WS2016? https://blog.boyeau.com/cheat-sheet-establishing-a-vpn-tunnel-between-2-linux-servers/

what is the latency between the servers? Do a ping test.

 

Id use openvpn here works fine on both. You can also use copy files over ssh. Im assuming you want it encrypted.

[jde3]

The site to site is the common answer. But... File system protocols tend to not like dropped packets and that is more common over the internet. Having a sync setup and local storage might be a better solution.. but I don't have anything off hand that I can suggest that would work great. I thing given all this I would go with Webdav over VPN instead of CIFS or NFS. Windows can mount webdav directly as a disk and it would handle instability better.

 

It's not too hard to try all 3 also.

[GrimmGrimm]

On 31.8.2018 at 11:11 PM, Electronics Wizardy said:

what is the latency between the servers? Do a ping test.

Pings between 35 - 45 ms.

 

On 31.8.2018 at 11:11 PM, Electronics Wizardy said:

Im assuming you want it encrypted.

Encrypted yes. But has to be mountable in WS2016 as network drives. Dunno if that works with ssh?

 

13 hours ago, jde3 said:

Having a sync setup and local storage might be a better solution

It's not possible in our case. That's the problem.

 

13 hours ago, jde3 said:

I thing given all this I would go with Webdav over VPN instead of CIFS or NFS

Will also take a look into it. Thanks for the hint!

[toor]

There are many options.   If you have no need for fileserver functions and are just copying files (say backups), simple rsync / sftp may be better especially if they are already compressed / encrypted.  On the other hand if you already have a full AD environment, you can even mount a dfs share from Linux.