Create a Private SMB File Storage with Active Directory

To create a SMB (Server Message Block) with Active Directory on the File Storage system, you can follow these steps:

Create a Windows server on vServer

Below is a basic guide for creating Windows server on vServer, if you already have a server, skip this step.

Instructions for creating Windows server

Before you can perform Windows server initialization, make sure you initialize VPC, Subnet on the vServer system. Next, follow the steps below to initialize Windows server:

Log in to vServer at https://hcm-03.console.vngcloud.tech/vserver .
Continue to select Servers .
Select Create a Server.
In the Basic Configuration section , enter the Server name to describe the name for your Server. The Server name can consist of letters (az, AZ, 0-9, '_', '-'). The input data length is between 5 and 50. It cannot include leading or trailing spaces and the Server name must be different from the Username.
Select the Zone where you want to create the server.
Enter Tag information including Key / Value for the server and click Add to add this tag if you need.
Select OS Images: Windows, continue to select Window version depending on your usage needs.
Under Instance type, there is a list of Flavor configurations, you can choose the desired Flavor configuration for your Server according to. iot.v1.small1x1 is recommended by us as a default basic configuration to initialize the Server
In Volume Settings , enter the configuration for Boot OS Volume (Root) including Size GB , Volume Type SSD and IOPS , then select Next.
In addition, you can add Data Volume to the Server during the initialization process by selecting Add Data volume, then enter the configuration for the Data Volume including Volume name , Size GB , Volume Type SSD and IOPS , select Next.
Next, select the Network settings parameter : Here you can select VPC to assign Private IP to Server and Subnet from the list you created earlier, or you can click here to create a new VPC and Subnet. Note that after creating VPC and Subnet, it will be displayed on the list page for you to choose during Server initialization:
1. Check the Floating IP box to assign Public IP to the Server (Click here to see instructions for attaching/ detach Floating IP)
2. Security group to manage ACL - Access Control List for Server. (Click here to see instructions for creating and managing Security group)
Enter Authentication information : Empty: the system will automatically generate and attach a password or the user can manually adjust and enable or disable skipping the first password change.
In Other Settings , you can choose Server Group or not according to your needs. You can assign Server to previously created Groups (With properties such as same Compute Host or different Compute Host)
Select Launch Server and follow the payment steps to complete the server initialization.

Attention:

Security Groups on Windows server need to open the following ports to share data:

With NFS File Storage: open additional port 2049
With SMB File Storage with Basic Authentication: open additional port 445
With SMB File Storage with Active Directory Authentication: open additional port list to be able to connect from File Storage to AD.

Connect to the Windows server

Below is a basic guide for connecting to Windows server on vServer, if you have used Console directly on vServer Portal, please skip this step.

Connect to Windows server

To be able to connect to a Windows server, you first need to install RDP: By default, Windows will include an RDP Client. To verify, type mstsc at the Command Prompt window. If your computer does not recognize this command, check the Windows home page and search for a download for the Microsoft Remote Desktop application .

Access the Server management page in our driver at: https://hcm-3.console.vngcloud.vn/vserver/v-server/cloud-server
Select the Server you want to connect to, then select Action, then select Connect.
On the Connect to Server page , select the RDP (Window) tab

Select Download RDP File . Your browser will prompt you to open or save the RDP file. When you've finished downloading the file, select Done to return to the server page:

Open the downloaded file to remote to Windows server. Select Connect to continue connecting to your server.

The administrator account is selected by default. You need to copy and paste the password you saved earlier into the login pop-up (This information is taken from the email), in which enter the information InstanceLogin into Username , InstancePassword into Password.

Select OK. Due to the nature of self-signed certificates, you may receive a warning that the security certificate cannot be validated. Use the following steps to verify the identity of the remote computer, or simply select Yes (Windows) or Continue (Mac OS X) if you trust the certificate.

The screen will show that the connection to the Windows server is successful.

After you have connected to Windows server, you need to make sure your Windows server has a static IP address, you can check and configure static IP according to the following instructions:

Check the VM's network configuration by:
- Go to Control Panel > Network & Internet > Network Connections .
- Select the Ethernet adapter , right-click and select Properties .
Set up a static IP address:
- In the Properties screen , select Internet Protocol Version 4 (TCP/IPv4) and then click the Properties button .
- Select Use the following IP address to set up a static IP address.
- Provide address information:
  - IP Address: static IP address of the VM.
  - Subnet Mask: Corresponding subnet, for example: 255.0.0.0

Create an Active Directory on Windows Server

To create Active Directory on Windows Server, you need to do the following:

Install and configure DNS Server
Create Forward Lookup Zone
Create Reverse Lookup Zone
Check DNS Name
Install and configure Active Directory

Specifically, please follow the steps below:

Install and configure DNS Server

To install and configure DNS Server on Windows Server, you can follow these steps:

From the Desktop screen , open the Start menu and select Server Manager.
Select All Servers, right click then select Add roles and Features

On the Before you begin page, click Next

On the Installation Type page : Select Role-based or feature-based installation then select Next

In Server Selection : select Select a server from the server pool and select the current server then select Next

In Server Roles : Tick DNS Server then click Next and Install to install.

At this point, you will be prompted to add the necessary features for the DNS Server, select Add Features if you agree with the defaults.

On the Confirmation page , review your selections and click Install to begin installing the DNS Server.

Once the installation is complete, click Close .

Create a Forward Lookup Zone

Next, you will need to create a Forward Lookup Zone to convert the domain to an IP address. Here are the steps:

Open DNS Manager by selecting Tools , then selecting DNS

In DNS Manager, select the existing DNS and continue to right-click on Forward Lookup Zones and select New Zone

The Create new zone screen appears, continue to select Next

At the Zone Type screen : select Primary zone, then select Next

At the Zone Name screen : enter your domain name and select Next . For example: example.local. Remember this domain because this is the DNS domain you need to use to create AD and enter information when creating File Storage on the File Storage Portal system.

At the Zone File screen , select Next

At the Dynamic Update screen : Select Do not allow dynamic updates , then select Next

Select Finish to complete creating the New Zone.

After selecting Finish , you will see the forwarding lookup zone on the main screen as shown.

After creating the zone, you need to add a record for the Domain Controller by selecting the newly created Zone , right-clicking and selecting New Host (A or AAAA)

On the New Host screen , you need to:

Name : Enter your Windows server name (eg: demo-smb).
IP Address : Enter the static IP address of the Domain Controller (eg: 10.50.3.9).
Click Add Host .

If you choose Create associated pointer (PTR) record , you need to create a Reverse Loopup Zone , the initialization steps are similar to creating a Forward Lookup Zone .

Create a Reverse Lookup Zone

Next, you will need to create a Reverse Lookup Zone to convert the IP to a domain. Specifically, the steps are as follows:

Open DNS Manager by selecting Tools , then selecting DNS

In DNS Manager, select the existing DNS and continue to right-click on Reverse Lookup Zones and select New Zone

At the Zone Type screen : select Primary zone, then select Next

The Create new zone screen appears, select IPv4 Reverse Lookup Zone and continue to select Next.

At the Reverse Lookup Zone Name screen : enter Network ID, the Network ID here is the subnet of the IP that you need to perform reverse lookup and select Next . For example: 10.50.3.

At the Zone File screen , you can create a new Zone File or select an existing Zone File, then select Next.

At the Dynamic Update screen : Select Do not allow dynamic updates , then select Next

Select Finish to complete creating the New Zone.

After selecting Finish , you will see Reverse lookup zone on the main screen as shown

After creating a reverse lookup zone , you need to create a Pointer (PTR) by selecting the newly created Zone , right-clicking and selecting New Pointer (PTR)

On the New Resource Record screen , you need to:
1. Host IP Address : Enter the static IP address of the Domain Controller (eg: 10.50.3.9).
2. Host Name: Enter your Windows server name (eg: demo-smb).
3. Click OK .

Check DNS name

On your Windows server, open Command Prompt and run:

nslookup <DNS Domain>
or
nslookup <IP Address>

For example:

nslookup example.local
or
nslookup 10.50.3.9

The result displays an example as follows:

nslookup example.local
---
Server: demo-smb
Address: 10.50.3.9
Name: example.local

nslookup 10.50.3.9
---
Server: demo-smb
Address: 10.50.3.9

Install and configure Active Directory Domain Services

To install and configure Active Directory Domain Service on Windows Server, you can follow these steps:

From the Desktop screen , open the Start menu and select Server Manager
Select All Servers, right click then select Add roles and Features

In the Before You Begin section , select Next

In Installation Type : Select Role-based or feature-based installation then select Next

In Server Selection : select Select a server from the server pool and select the current server then select Next

In the Server Roles section : Tick Active Directory Domain Services.

At this point, you will be prompted to add the required features to Active Directory, select Add Features if you agree with the defaults, then select Next

On the Feature page , keep the default parameters and select Next

On the AD DS page, select Next

On the Confirmation page , review your selections and click Install to begin installing AD DS.

After selecting Install . The system will start installing, you do not need to restart the server immediately after installation.
When the installation is complete, you continue to select Promote this server to a domain controller

At the Deployment Configuration screen , select Add a new forest then enter the DNS domain name created (which is the Zone name created in the Create a Forward Lookup Zone step) then select Next

At the Domain Controller Options screen , enter the Password and Confirm Password for your DSRM.

In the DNS Option section, you skip it and just click Next.

In the Additional Options section , check the NetBIOS name again and change it if necessary, then select Next. The NetBIOS domain name is a shortened domain of the Root domain name,

At the Paths screen , you can change the paths to the Database folder, Log file folder, Sysvol or keep them as the system default, then select Next.

At the Review Options screen , review the parameters and select Next if the information is correct.

At the Prerequisites Check screen , you will see the test results, continue to select Install for the system to install AD.

After the installation process is complete, the system will automatically restart your server, you need to log back into the server with the Administrator account.

Attention:

You can grant permissions to AD accounts or groups through Group Policy or ACL access permissions. For more details, see here .

Create a File Storage

Step 1: Go to https://efs.console.vngcloud.vn/overview

Step 2: Select File Storage then select Create a File storage.

Step 3: At the File Storage initialization screen, you need to enter/select:

File Storage name: the descriptive name of the storage file. The file name must be between 5 and 50 characters long and can include the characters a-z, AZ, 0-9, '-', '_'
Description : enter a description for the storage file.
File storage type: select the type of drive you want to use. Currently we only provide Standard HDD drive type.
Protocol: select SMB
Tag: you can add tags to mark file storage as needed.

File Storage Max quota: in the file storage initialization step, you need to set a maximum quota limit for that file storage. This quota means the limit of storage capacity that the file storage can use, helping to manage resources effectively. The minimum quota you need to choose is 1 TB and the maximum quota we provide is 50 TB. If you need to use more than 50 TB for a file storage, please contact us.
Network type : for SMB file type, network type must be Private. At this point, you need to select VPC , Subnet that you have created from vServer Portal.

Window Authentication: Configure access rights via Active Directory Authentication
- Active Directory Authentication: If your Windows server uses Active Directory to manage users and access, AD Authentication is easy to integrate and centrally manage. You can authenticate via Active Directory domain name, DNS server IP addresses, Username, Password on your Active Directory. For example, for the Active Directory created above, I would enter:
  - Active Directory domain name : This is the Root domain name you created in the step of Installing and configuring Active Directory Domain Services . For example:example.local
  - DNS server IP Address : DNS Server IP address, usually also the static IP address of the VM, for example: 10.50.3.9. If you have 2 DNS IPs, you can enter according to the form 10.50.3.3,10.50.3.9
  - Username: Admin account name, for exampleAdministrator
  - Password : The password you created in the Install and configure Active Directory Domain Services step , for example:123456789aA@
  - Confirm Password: Confirm password, for example:123456789aA@

Step 5: Select Create File Storage.

Step 6: After the system has completed initializing the SMB File Storage, you can get the File Storage IP Address information in the File Storage details section and continue to perform the steps below.

Map newly created File Storage to Windows server

On Windows Server, you can map SMB file storage through the interface or command line.

Through the interface

Open File Explorer.
Right click on This PC and select Map network drive .
In the Map Network Drive window :
1. Drive letter : Select a drive letter (eg: Z:).
2. Folder : Enter the SMB share path, for example: \\<File Storage IP Address>\<File Storage Name>. For example \\10.50.3.8\demo-smb.
3. Select Finish , once done, you can check in File Explorer to see the mapped drive.

Attention:

To automatically map the SMB storage file each time Windows Server starts, you can save the information when mapping through the interface by checking the Reconnect at sign-in box before clicking Finish .

Via command line

Use the following command in Command Prompt or PowerShell :

Copy

net use Z: \\<File Storage IP Address>\<File Storage Name>

Z: : Is the drive letter you want to mount.
\\<File Storage IP Address>\<File Storage Name> : File Storage SMB path.

For example:

Copy

net use Z: \\10.50.3.8\demo-smb

Directly via File Explorer

More simply, you can also directly access the SMB File Storage via File Explorer through the following steps:

Open File Explorer : Press Windows key + E or click the File Explorer icon.
Enter UNC Path : In the address bar, enter the UNC path to the file share. For example:

Copy

\\10.50.3.8\demo-smb

Press Enter .

Write data to File Storage

After you have successfully mapped the SMB File Storage to Windows Server, you can write data to the File Storage as follows:

Open a text editor (Notepad):
- On Windows Server, open Notepad by:
  - Click Start and type Notepad , then press Enter .
- Or, press Windows key + R , type notepadand press Enter .
Write content to file:
- In Notepad, type something simple, for example:
  Copy
  Đây là file test ghi vào SMB share.
- Or enter whatever content you want.
Save file to SMB file storage:
- Click File > Save As... .
- In the Save As dialog box , navigate to the drive that you mapped the SMB share to (eg: Z:).
- Name the file (eg: testfile.txt).
- Click Save to save the file.
Check files in SMB share:
- Open File Explorer (shortcut: Windows + E ).
- Navigate to the SMB drive (eg. Z:).
- Find and open the file testfile.txtyou just saved to verify the contents.

PreviousCreate a Private SMB File Storage without Active Directory NextFeatures of FileStorage

Last updated 5 months ago