Deploy Network File System

Applies to: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

Network File System (NFS) provides a file sharing solution that lets you transfer files between computers running Windows Server and UNIX operating systems using the NFS protocol. This topic describe the steps you should follow to deploy NFS.

What’s new in Network File System

Here’s what’s changed for NFS in Windows Server 2012:

Support for NFS version 4.1. This protocol version includes the following enhancements.

• Navigating firewalls is easier, improving accessibility.
• Supports the RPCSEC_GSS protocol, providing stronger security and allowing clients and servers to negotiate security.
• Supports UNIX and Windows file semantics.
• Takes advantage of clustered file server deployments.
• Supports WAN-friendly compound procedures.

NFS module for Windows PowerShell. The availability of built-in NFS cmdlets makes it easier to automate various operations. The cmdlet names are consistent with other Windows PowerShell cmdlets (using verbs such as «Get» and «Set»), making it easier for users familiar with Windows PowerShell to learn to use new cmdlets.

NFS management improvements. A new centralized UI-based management console simplifies configuration and management of SMB and NFS shares, quotas, file screens and classification, in addition to managing clustered file servers.

Identity Mapping improvements. New UI support and task-based Windows PowerShell cmdlets for configuring identity mapping, which allows administrators to quickly configure an identity mapping source, and then create individual mapped identities for users. Improvements make it easy for administrators to set up a share for multi-protocol access over both NFS and SMB.

Cluster resource model restructure. This improvement brings consistency between the cluster resource model for the Windows NFS and SMB protocol servers and simplifies administration. For NFS servers that have many shares, the resource network and the number of WMI calls required fail over a volume containing a large number of NFS shares are reduced.

Integration with Resume Key Manager. The Resume Key Manager is a component that tracks file server and file system state and enables the Windows SMB and NFS protocol servers to fail over without disrupting clients or server applications that store their data on the file server. This improvement is a key component of the continuous availability capability of the file server running Windows Server 2012.

Scenarios for using Network File System

NFS supports a mixed environment of Windows-based and UNIX-based operating systems. The following deployment scenarios are examples of how you can deploy a continuously available Windows Server 2012 file server using NFS.

Provision file shares in heterogeneous environments

This scenario applies to organizations with heterogeneous environments that consist of both Windows and other operating systems, such as UNIX or Linux-based client computers. With this scenario, you can provide multi-protocol access to the same file share over both the SMB and NFS protocols. Typically, when you deploy a Windows file server in this scenario, you want to facilitate collaboration between users on Windows and UNIX-based computers. When a file share is configured, it is shared with both the SMB and NFS protocols, with Windows users accessing their files over the SMB protocol, and users on UNIX-based computers typically access their files over the NFS protocol.

For this scenario, you must have a valid identity mapping source configuration. Windows Server 2012 supports the following identity mapping stores:

• Mapping File
• Active Directory Domain Services (AD DS)
• RFC 2307-compliant LDAP stores such as Active Directory Lightweight Directory Services (AD LDS)
• User Name Mapping (UNM) server

Provision file shares in UNIX-based environments

In this scenario, Windows file servers are deployed in a predominantly UNIX-based environment to provide access to NFS file shares for UNIX-based client computers. An Unmapped UNIX User Access (UUUA) option was initially implemented for NFS shares in Windows Server 2008 R2 so that Windows servers can be used for storing NFS data without creating UNIX-to-Windows account mapping. UUUA allows administrators to quickly provision and deploy NFS without having to configure account mapping. When enabled for NFS, UUUA creates custom security identifiers (SIDs) to represent unmapped users. Mapped user accounts use standard Windows security identifiers (SIDs), and unmapped users use custom NFS SIDs.

System requirements

Server for NFS can be installed on any version of Windows Server 2012. You can use NFS with UNIX-based computers that are running an NFS server or NFS client if these NFS server and client implementations comply with one of the following protocol specifications:

1. NFS Version 4.1 Protocol Specification (as defined in RFC 5661)
2. NFS Version 3 Protocol Specification (as defined in RFC 1813)
3. NFS Version 2 Protocol Specification (as defined in RFC 1094)

Deploy NFS infrastructure

You need to deploy the following computers and connect them on a local area network (LAN):

• One or more computers running Windows Server 2012 on which you will install the two main Services for NFS components: Server for NFS and Client for NFS. You can install these components on the same computer or on different computers.
• One or more UNIX-based computers that are running NFS server and NFS client software. The UNIX-based computer that is running NFS server hosts an NFS file share or export, which is accessed by a computer that is running Windows Server 2012 as a client using Client for NFS. You can install NFS server and client software either in the same UNIX-based computer or on different UNIX-based computers, as desired.
• A domain controller running at the Windows Server 2008 R2 functional level. The domain controller provides user authentication information and mapping for the Windows environment.
• When a domain controller is not deployed, you can use a Network Information Service (NIS) server to provide user authentication information for the UNIX environment. Or, if you prefer, you can use Password and Group files that are stored on the computer that is running the User Name Mapping service.

Install Network File System on the server with Server Manager

1. From the Add Roles and Features Wizard, under Server Roles, select File and Storage Services if it has not already been installed.
2. Under File and iSCSI Services, select File Server and Server for NFS. Select Add Features to include selected NFS features.
3. Select Install to install the NFS components on the server.

Install Network File System on the server with Windows PowerShell

1. Start Windows PowerShell. Right-click the PowerShell icon on the taskbar, and select Run as Administrator.
2. Run the following Windows PowerShell commands:

Configure NFS authentication

When using the NFS version 4.1 and NFS version 3.0 protocols, you have the following authentication and security options.

• RPCSEC_GSS
  • Krb5. Uses the Kerberos version 5 protocol to authenticate users before granting access to the file share.
  • Krb5i. Uses Kerberos version 5 protocol to authenticate with integrity checking (checksums), which verifies that the data has not been altered.
  • Krb5p Uses Kerberos version 5 protocol, which authenticates NFS traffic with encryption for privacy.
• AUTH_SYS

You can also choose not to use server authorization (AUTH_SYS), which gives you the option to enable unmapped user access. When using unmapped user access, you can specify to allow unmapped user access by UID / GID, which is the default, or allow anonymous access.

Instructions for configuring NFS authentication on discussed in the following section.

Create an NFS file share

You can create an NFS file share using either Server Manager or Windows PowerShell NFS cmdlets.

Create an NFS file share with Server Manager

1. Log on to the server as a member of the local Administrators group.
2. Server Manager will start automatically. If it does not automatically start, select Start, type servermanager.exe, and then select Server Manager.
3. On the left, select File and Storage Services, and then select Shares.
4. Select To create a file share, start the New Share Wizard.
5. On the Select Profile page, select either NFS Share – Quick or NFS Share — Advanced, then select Next.
6. On the Share Location page, select a server and a volume, and select Next.
7. On the Share Name page, specify a name for the new share, and select Next.
8. On the Authentication page, specify the authentication method you want to use for this share.
9. On the Share Permissions page, select Add, and then specify the host, client group or netgroup you want to grant permission to the share.
10. In Permissions, configure the type of access control you want the users to have, and select OK.
11. On the Confirmation page, review your configuration, and select Create to create the NFS file share.

Windows PowerShell equivalent commands

The following Windows PowerShell cmdlet can also create an NFS file share (where nfs1 is the name of the share and C:\\shares\\nfsfolder is the file path):

Known issue

NFS version 4.1 allows the file names to be created or copied using illegal characters. If you attempt to open the files with vi editor, it shows as being corrupt. You cannot save the file from vi, rename, move it or change permissions. Avoid using illegal characters.

Network File System overview

Applies to: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

This topic describes the Network File System role service and features included with the File and Storage Services server role in Windows Server. Network File System (NFS) provides a file sharing solution for enterprises that have heterogeneous environments that include both Windows and non-Windows computers.

Feature description

Using the NFS protocol, you can transfer files between computers running Windows and other non-Windows operating systems, such as Linux or UNIX.

NFS in Windows Server includes Server for NFS and Client for NFS. A computer running Windows Server can use Server for NFS to act as a NFS file server for other non-Windows client computers. Client for NFS allows a Windows-based computer running Windows Server to access files stored on a non-Windows NFS server.

Windows and Windows Server versions

Windows supports multiple versions ofthe NFS client and server, depending on operating system version and family.

Operating Systems	NFS Server Versions	NFS Client Versions
Windows 7, Windows 8.1, Windows 10	N/A	NFSv2, NFSv3
Windows Server 2008, Windows Server 2008 R2	NFSv2, NFSv3	NFSv2, NFSv3
Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019	NFSv2, NFSv3, NFSv4.1	NFSv2, NFSv3

Practical applications

Here are some ways you can use NFS:

• Use a Windows NFS file server to provide multi-protocol access to the same file share over both SMB and NFS protocols from multi-platform clients.
• Deploy a Windows NFS file server in a predominantly non-Windows operating system environment to provide non-Windows client computers access to NFS file shares.
• Migrate applications from one operating system to another by storing the data on file shares accessible through both SMB and NFS protocols.

New and changed functionality

New and changed functionality in Network File System includes support for the NFS version 4.1 and improved deployment and manageability. For information about functionality that is new or changed in Windows Server 2012, review the following table:

Feature/functionality	New or updated	Description
NFS version 4.1	New	Increased security, performance, and interoperability compared to NFS version 3.
NFS infrastructure	Updated	Improves deployment and manageability, and increases security.
NFS version 3 continuous availability	Updated	Improves continuous availability on NFS version 3 clients.
Deployment and manageability improvements	Updated	Enables you to easily deploy and manage NFS with new Windows PowerShell cmdlets and a new WMI provider.

NFS version 4.1

NFS version 4.1 implements all of the required aspects, in addition to some of the optional aspects, of RFC 5661:

• Pseudo file system, a file system that separates physical and logical namespace and is compatible with NFS version 3 and NFS version 2. An alias is provided for the exported file system, which is part of the pseudo file system.
• Compound RPCs combine relevant operations and reduce chattiness.
• Sessions and session trunking enables just one semantic and allows continuous availability and better performance while utilizing multiple networks between NFS 4.1 clients and the NFS Server.

NFS infrastructure

Improvements to the overall NFS infrastructure in Windows Server 2012 are detailed below:

• The Remote Procedure Call (RPC)/External Data Representation (XDR) transport infrastructure, powered by the WinSock network protocol, is available for both Server for NFS and Client for NFS. This replaces Transport Device Interface (TDI), offers better support, and provides better scalability and Receive Side Scaling (RSS).
• The RPC port multiplexer feature is firewall-friendly (less ports to manage) and simplifies deployment of NFS.
• Auto-tuned caches and thread pools are resource management capabilities of the new RPC/XDR infrastructure that are dynamic, automatically tuning caches and thread pools based on workload. This completely removes the guesswork involved when tuning parameters, providing optimal performance as soon as NFS is deployed.
• New Kerberos privacy implementation and authentication options with the addition of Kerberos privacy (Krb5p) support along with the existing krb5 and krb5i authentication options.
• Identity Mapping Windows PowerShell module cmdlets make it easier to manage identity mapping, configure Active Directory Lightweight Directory Services (AD LDS), and set up UNIX and Linux passwd and flat files.
• Volume mount point lets you access volumes mounted under an NFS share with NFS version 4.1.
• The Port Multiplexing feature supports the RPC port multiplexer (port 2049), which is firewall-friendly and simplifies NFS deployment.

NFS version 3 continuous availability

NFS version 3 clients can have fast and transparent planned failovers with more availability and reduced downtime. The failover process is faster for NFS version 3 clients because:

• The clustering infrastructure now allows one resource per network name instead of one resource per share, which significantly improves resources’ failover time.
• Failover paths within an NFS server are tuned for better performance.
• Wildcard registration in an NFS server is no longer required, and the failovers are more fine-tuned.
• Network Status Monitor (NSM) notifications are sent out after a failover process, and clients no longer need to wait for TCP timeouts to reconnect to the failed over server.

Note that Server for NFS supports transparent failover only when manually initiated, typically during planned maintenance. If an unplanned failover occurs, NFS clients lose their connections. Server for NFS also doesn’t have any integration with the Resume Key filter. This means that if a local app or SMB session attempts to access the same file that an NFS client is accessing immediately after a planned failover, the NFS client might lose its connections (transparent failover wouldn’t succeed).

Deployment and manageability improvements

Deploying and managing NFS has improved in the following ways:

• Over forty new Windows PowerShell cmdlets make it easier to configure and manage NFS file shares. For more information, see NFS Cmdlets in Windows PowerShell.
• Identity mapping is improved with a local flat file mapping store and new Windows PowerShell cmdlets for configuring identity mapping.
• The Server Manager graphical user interface is easier to use.
• The new WMI version 2 provider is available for easier management.
• The RPC port multiplexer (port 2049) is firewall-friendly and simplifies deployment of NFS.

Server Manager information

In Server Manager — or the newer Windows Admin Center — use the Add Roles and Features Wizard to add the Server for NFS role service (under the File and iSCSI Services role). For general information about installing features, see Install or Uninstall Roles, Role Services, or Features. Server for NFS tools include the Services for Network File System MMC snap-in to manage the Server for NFS and Client for NFS components. Using the snap-in, you can manage the Server for NFS components installed on the computer. Server for NFS also contains several Windows command-line administration tools:

• Mount mounts a remote NFS share (also known as an export) locally and maps it to a local drive letter on the Windows client computer.
• Nfsadmin manages configuration settings of the Server for NFS and Client for NFS components.
• Nfsshare configures NFS share settings for folders that are shared using Server for NFS.
• Nfsstat displays or resets statistics of calls received by Server for NFS.
• Showmount displays mounted file systems exported by Server for NFS.
• Umount removes NFS-mounted drives.

NFS in Windows Server 2012 introduces the NFS module for Windows PowerShell with several new cmdlets specifically for NFS. These cmdlets provide an easy way to automate NFS management tasks. For more information, see NFS cmdlets in Windows PowerShell.

Additional information

The following table provides additional resources for evaluating NFS.