Off topic - AFP vs SMB

Not applicable

Hi all,

We currently have window servers with EZip managing DFS shares via AFP.
We have about 350 macs 90% of which run 10.6.8 and the rest are 10.5.8 and
10.7.
We are thinking about moving away from AFP due to some WAN optimisation
issues.

I have read the following docs:
http://www.grouplogic.com/resource-center/extremeZipResources.html

I wanted to see what everyone else is doing?

Any advice would be greatly appreciated!

MJ

30 REPLIES 30

donmontalvo
Esteemed Contributor III

One of the most important features for AFP is autoreconnect...where network anomalies lasting less than 120 seconds are handled gracefully. So if you have a file opened off an AFP share and the network connection drops, if the connection is restored in less than 120 seconds, the session ID is preserved and the user continues to work and save changes like nothing happened. With SMB, the connection might come back but the file and the unsaved changes might be toast...

In Xinet/FullPress production environments, AFP is a must, since your users must work off the server. So ExtremeZ-IP is a must.

Hmmm...I seem to remember JAMF and IO Integration (Xinet/FullPress integrator) go back years...I bet'cha if they were on this list they'd respond to this one (even if Brian Anderson went to work for Apple!)... ;)

Don

--
https://donmontalvo.com

jwojda
Valued Contributor II

We've had success with AFP and SMB on Lion - eliminating our need for
AdmitMac and ExtremeZip. We are going to be refreshing our 10.6 boxes
to 10.7.x over the next few months.

John Wojda

Lead System Engineer, DEI & Mobility

3333 Beverly Rd. B2-338B

Hoffman Estates, IL 60179

Phone: (847)286-7855

Page: (224)532.3447

Team Lead DEI: Matt Beiriger
<mailto:mbeirig at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.>

Team Lead Mobility: Chris
<mailto:cstaana at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.> Sta
Ana

Mac Tip/Tricks/Self Service & Support
<http://bit.ly/gMa7TB>

"Any time you choose to be inflexible in your approach to an
unpredictable project you are already building failure into your plan"

Not applicable

"We’ve had success with AFP and SMB on Lion – eliminating our need for AdmitMac and ExtremeZip. We are going to be refreshing our 10.6 boxes to 10.7.x over the next few months."

Would love to hear more about this and your experiences as you head in that direction…

Nick Caro Senior Desktop Support Administrator

tanderson
Contributor

Likewise here. We've seen much, much better SMB performance in Lion than we ever did with Snow Leopard.

Tom

bentoms
Release Candidate Programs Tester

+1.

Apple implementation of SMB seems greatly improved on what shipped with Lion.

Our file servers are all w2k8 with AFP only on my mac mini Casper servers. (just cos i've never changed it).

Regards,

Ben.

catfeetstop
Contributor II

Hey! I'm digging up this old post, I hope that's okay.

We're having issues with Mavericks and SMB shares. Slow browsing/transfers, permissions errors, inconsistent folder contents, users think they uploaded a file but when they disconnect/reconnect the file isn't there, multiple instances of share mounted to Finder, etc. We've been connecting with DFS Namespaces. When we connect directly to the server some of the issues are better or resolved.

I just learned about Extreme Z-IP. Has anyone else used it? Is it something that you run on the Windows servers that then allows the Mac users to connect with AFP, problems fixed magically?

If not Extreme Z-IP, what else can I do?

- Jamie

davidacland
Honored Contributor II
Honored Contributor II

Apple are really pushing SMB and lots of our clients are switching to cloud file services like Dropbox and box. That being said we still get situations where ExtremeZ-IP solves traditional Mac/Windows file sharing issues.

dpertschi
Valued Contributor

I'll chime in that we're having nightmare file sharing issues as well against Win shares (mostly share browsing and search), always have, but more specifically so with Mavericks. Eight months ago when we cried the blues to our Apple SE they asked us to bench mark the then beta Yosemite. Are your Win servers running the deduplication feature? Yeah, that's a huge problem too.

Quite frankly I'm sick to death of the annual Apple promise of better SMB support, and have absolutely no reason what so ever to trust in Yosemite or the next iteration to make it any better.

Years ago I was a Group Logic (EZ-IP) customer, and have been singing their praises for a long time. In my experience, yes, it is the magic bullet. They develop a current AFP client protocol for Windows, picking up where MS quit when they stopped developing Services for Mac. It's good stuff.

It is expensive though, but it completely solves 'the problem'. However, as Apple continues to depreciate AFP, where does that leave EZ-IP? Will Acronis develop a better mouse trap with SMB instead? It's unclear if EZ-IP will have any future past Yosemite.

Look
Valued Contributor III

Mavericks is using what seems to be a pretty poor version of SMB 2, especially if you are connected to certain types of shares.
Try using cifs://sharename on the troublesome ones it, it has worked for us for a share that is I think spanned across several volumes/disks and often only shows half the content and just generally performs like a dog.
Apparently Yosemite has SMB 3 support and if your Windows servers are the newest version of Server that will to, so hopefully things will improve as time goes on.

donmontalvo
Esteemed Contributor III

AFP 3.1's (and later) auto client reconnect feature is a must for environments where users must work off the server (Xinet/Helios/etc.). http://en.wikipedia.org/wiki/Apple_Filing_Protocol

I don't think Apple ever said AFP was being deprecated. Seemed more like they're making SMB the default, so when a users types a hostname into the GO TO SERVER window, it will default to SMB. AFP continues to work, just need to add the prefix when connecting.

With that said, there is no better AFP solution than ExtremeZ-IP. Xserve is gone. Mac mini Server is a complete joke. If your company is serious and needs AFP, and seriously needs to quickly browse shares (Spotlight!), you can't go wrong.

They've got excellent, responsive support, and turn around fixes very quickly (release note and RSS: http://support.grouplogic.com/?page_id=63). If your environment relies on AFP, trust me you need this.

--
https://donmontalvo.com

donmontalvo
Esteemed Contributor III

@Look wrote:

Mavericks is using what seems to be a pretty poor version of SMB 2

Apple hired a Thursby engineer to create an SMB solution a few years ago, had something to do with Samba licensing. What a disaster that was. We're not yet deploying Yosemite, not sure how much better it'll be with SMB.

--
https://donmontalvo.com

davidacland
Honored Contributor II
Honored Contributor II

In most cases we encourage users to adopt workflows that take reliability off the file sharing protocol. Always copying to the local hard drive before working on things. Doesn't work in all cases but when it does, the pressure is taken off SMB performing at its best.

We're also doing our best to hold off deploying Yosemite but I'm just waiting for a refresh of "Early 2015" Macs to be released by Apple and then were cornered! In most of our environments the users are buying batches of new computers weekly.

RobertHammen
Valued Contributor II

Hey @donmontalvo, AFP is being deprecated/is not being developed further beyond 3.1. Apple is focusing their energy on making SMB the native OS X file sharing protocol...

catfeetstop
Contributor II

Thank you all for the responses. Great info!

@RobertHammen, if AFP is being deprecated maybe ExtremeZ-IP will no longer be a good option? Have you all found a better way to optimize Mac connections to Windows SMB shares? Are there native things we can do either on the Windows server side or Mac client side? Soon we're going to be upgrading to Yosemite, are SMB connections better in Yosemite with SMB3?

RobertHammen
Valued Contributor II

Every environment is different, and you need to test, test, test before upgrading.

Generally have good results with OS X clients to OS X Server. Anything else is a crapshoot, really. Server 2008R2 vs 2012, or Linux/SaMBa, or...

Some clients need the /etc/nsmb.conf hack to revert back to SMB1 to get reasonable speeds. Others are fine OOB.

Don't forget to test Spotlight in your environment as that's something non-Apple SMB environments don't tend to support very well, if at all...

catfeetstop
Contributor II

@RobertHammen, doesn't connecting through finder with cifs essentially do the same thing as editing the nsmb.conf file? We're still experiencing issues with cifs.

donmontalvo
Esteemed Contributor III

@RobertHammen interesting, AFP 3.4 was released with Mountain Lion, but nothing since then. Is there a KB or other formal notice from Apple that AFP is going away? If not, we can open a ticket with Apple and post their response.

https://developer.apple.com/library/mac/documentation/Networking/Conceptual/AFP/AFPVersionDifference...

--
https://donmontalvo.com

donmontalvo
Esteemed Contributor III
Don't forget to test Spotlight in your environment as that's something non-Apple SMB environments don't tend to support very well, if at all

Probably not at all, since Spotlight index would need to be created/managed by the server. Don't think Microsoft will bother.

--
https://donmontalvo.com

jarednichols
Honored Contributor

@catfeetstop

FYI, connecting with a "cifs://" on your Connect To Server will revert the protocol use back to SMB 1.x. If you want to use SMB 2.1 use "smb://"

Essentially, "cifs://" != "smb://"

catfeetstop
Contributor II

@donmontalvo, I'm also curious about the removal of AFP. From what I can find there are only rumors say that it's being depreciated, nothing official. Have you or anyone else tested with Yosemite and SMB3? Is it any better?

alexjdale
Valued Contributor III

SMB/CIFS support in OS X is way too spotty, especially if you have various filer appliances from different vendors, odds are some simply won't connect or performance will be terrible.

That said, we've piggybacked our DPs on our SCCM infrastructure. I had the SCCM team carve out SMB shares at each site which we use for Casper. I would just be careful with appliances, but it should work very well on Windows Server shares.

RobertHammen
Valued Contributor II

https://www.afp548.com/2013/06/11/smb2-and-you-saying-goodbye-to-afp-in-os-x-mavericks/ mentions it being deprecated, but the OS X Mavericks Technology Preview PDF link has moved. It's here, but it doesn't say anything explicitly, however the handwriting is on the wall (just like MCX, Workgroup Manager, /Library/Startup Items, etc.):

http://www.apple.com/media/us/osx/2013/docs/OSX_Mavericks_Core_Technology_Overview.pdf

donmontalvo
Esteemed Contributor III

I'm sure SMB was made the default for enterprise compatibility reasons. But AFP is far from dead.

https://www.apple.com/osx/pdf/OSXYosemite_TO_FF1.pdf

AFP The Apple Filing Protocol (AFP) is the traditional network file service used on the Mac. Built-in AFP support provides connectivity with older Mac computers and Time Machine–based backup systems.
Compatible. SMB is automatically used to share files between two Mac computers running OS X Yosemite, or when a Windows client running Windows 8 connects to your Mac. OS X Yosemite maintains support for AFP SMB2 and SMB network file-sharing protocols, automatically selecting the appropriate protocol as needed.
--
https://donmontalvo.com

catfeetstop
Contributor II

There is some apprehension about using ExtremeZ-IP on the Windows servers. Have you guys used any of the third party client side SMB connectors, such as DAVE? http://www.thursby.com/products/dave.

davidacland
Honored Contributor II
Honored Contributor II

I've used Dave a few times in the past. Great product name!

Haven't seen it for quite a few years though. It was a bit clunky to use.

ExtremeZ-IP is a much slicker user experience.

RobertHammen
Valued Contributor II

I have used DAVE at a few clients... and it definitely had its issues. Lot of "try this beta and see if it solves your problems". Contrast that with EZIP, which was pretty solid. EZIP is expensive, but they had excellent support, although to be fair I haven't worked with it since Group Logic's acquisition, so no idea if the support is still as good since the purchase by Acronis.

nessts
Valued Contributor II

we just migrated 16TB of data and 300 or so users to a ExtremeZ/IP box and have had a bunch of problems, the spotlight search has a memory leak and the server starts disappearing off the network when it uses over 3GB of memory for that one process. It was faster than SMB and very nice in UAT with only 4TB of data and smaller set of users, so hopefully they fix this problem soon.

jake_snyder
New Contributor III

Windows Server 2012 R2 and SMB3 seem to be working with 10.10.3

Share settings:
Everyone: Read
Authenticated Users: Change, Read
Administrators: Full Control, Change, Read

Security (NTFS) settings:
SYSTEM: Full Control (Applies to "This folder, subfolders, and files")
Local or Domain Administrator: Full Control (Applies to "This folder, subfolders, and files")
CREATOR OWNER: Everything except Full Control, Change permissions, and Take ownership (Applies to "Subfolders and files only")

On Server Manager, go to File and Storage Services > Shares
Uncheck "Allow caching of share"
Check "Encrypt data access"

Despite not letting Creator Owner have full control, the defined user account ends up getting full control anyways. I think the idea for setting restrictions on the share permissions is to circumvent full control. Windows admins typically prefer to set everyone at full control and then have everything secured at the NTFS level. That method just doesn't seem to work well when os x clients are involved. Securing authenticated users at the share level might prevent them from having full control or weird ACL issues.

"Share permissions and NTFS permissions are independent in the sense that neither changes the other. The final access permissions on a shared folder are determined by taking into consideration both the share permission and the NTFS permission entries. The more restrictive permissions are then applied."

In our case, the share settings actually are the more restrictive permissions for our users.

We'll be testing with this setup. It's encouraging to see that we can actually use SMB3 now. Is anyone else using SMB3 with Windows Server 2012 R2 successfully?

Note: I have Access Based Enumeration disabled.

This is a cross-post from Jamf 10168 , I'm just hoping I can get more feedback from others if we run into issues. Screen shots are attached on that thread.

CasperSally
Valued Contributor II

I'm also interested in feedback for other admins who have adopted SMB with Windows Servers and 10.10.x.

We are testing now to see if we can ditch extremezip on our file servers.

slundy
New Contributor III

Was going to post a new thread but saw this one, and it's only a couple years old :)

We're having major issues with our NAS system (Nasuni) and mac's, the windows machines work fine. Browsing the smb shares is very slow, and working in adobe apps takes a crazy amount of time. Mainly as it has to resolve the linked files.

We're interested in using a different system. What kind of network file systems is everyone using?

Ours is cloud-based using AD permissions.

We did try Acronis at one point, and also all the standard nsmb.conf tricks, nothing seems to work. At my last place we had over 1k mac's connecting to windows virtual servers and did not have these kinds of problems, but it's claimed here that they 'tried that' and it didn't work.

Forgot to mention we're running 10.12.x (slowly going to 10.13) and SMB 3.0.

Any and all thoughts, suggestions and replies are welcome.