What's New in Services for NFS in Windows Server 2008 R2

Applies To: Windows Server 2008 R2

Services for Network File System (NFS) provides a file sharing solution for enterprises that have a mixed Windows and UNIX environment. With Services for NFS, you can use the NFS protocol to transfer files between computers running the Windows Server 2008 operating system and the UNIX operating system.

For more information about Services for NFS, see the Windows Server TechCenter (https://go.microsoft.com/fwlink/?LinkId=92798).

What are the major changes?

In Windows Server® 2008 R2, improvements to Services for NFS are in the areas of Security (RPCSEC_GSS) and Management (Netgroups, WMI, and Unmapped UNIX User Access (UUUA)).

The sections that follow describe the improvements made in Services for NFS between Windows Server 2008 and Windows Server 2008 R2.

Who will be interested in these features?

These features will benefit customers who have heterogeneous operating environments with Windows and Unix, Linux, or MacOS clients. The feature set will allow data consolidation on the Windows platform.

What new functionality does Services for NFS provide?

The following enhancements to Services for NFS are available in Windows Server 2008 R2:

  • Netgroup support. Services for NFS supports netgroups, which are used to create network-wide named groups of hosts. Netgroups simplify the control of user and group login and shell access to remote computers, and enable system administrators to more easily manage NFS access control lists.

  • RPCSEC_GSS support. Services for NFS provides native support for RPCSEC_GSS, a remote procedure call (RPC) security feature that enables applications to take advantage of Generic Security Service Application Programming Interface (GSS-API) security features. GSS-API provides applications with the ability to include the integrity and authentication security services. RPCSEC_GSS enables Services for NFS to use Kerberos authentication, and provides security services that are independent of the mechanisms being used.

Note

Services for NFS does not support the RPCSEC_GSS privacy security service.

To enable Kerberos authentication methods for a share, the following options have been added to the Provision a Shared Folder Wizard NFS Authentication page and the share Properties dialog box **NFS Authentication** tab:  
  
  - **Kerberos v5 authentication (Krb5)** uses the Kerberos v5 protocol to authenticate users before granting access to the shared file system.  
      
  - **Kerberos v5 integrity and authentication (Krb5i)** uses Kerberos v5 authentication with integrity checking (checksums) to verify that the data has not been tampered with.  
      
You can combine these options to allow clients to pick either Kerberos v5 flavor when they mount the NFS file system.  
  
  • Using Windows Management Instrumentation (WMI) to manage Server for NFS. WMI enables NFS remote management by allowing Web-Based Enterprise Management (WBEM) applications to communicate with WMI providers on the local or remote computers to manage WMI objects. WMI allows scripting languages such as VBScript or Windows PowerShell to manage computers and servers running the Microsoft Windows operating system, both locally and remotely.

  • Unmapped UNIX User Access. An Unmapped UNIX User option is now available for NFS shares. Windows servers can be used for storing NFS data without creating UNIX-to-Windows account mapping. Mapped user accounts will use standard Windows security identifiers (SIDs) and unmapped users will use custom NFS SIDs.

Which editions include this feature?

This feature is available in all editions of Windows Server 2008 R2.