Technical Overview

SMB Authentication with Azure AD


 

SMB Authentication with Azure AD

For Hybrid and Cloud-Only Organizations

Morro Global File Services

Table of Contents

  • What is Azure AD Domain Services?
  • Morro SMB Authentication Modes
  • SMB Authentication Mode Table
    • On-Prem AD (SSO)
    • On-Prem AD w/ AAD DS (SSO)
    • Azure AD + Azure AD DS (SSO)
    • Azure AD (Non-SSO)
    • Morro Users Directory (SSO)
    • OpenLDAP / JumpCloud (SSO)
    • Okta + Azure AD DS (SSO)
    • Okta (Non-SSO)
    • OneLogin + LDAP (SSO)
    • OneLogin (Non-SSO)

 

What is Azure AD Domain Services?

  • Hybrid organizations that have both cloud and on-prem workloads may synchronize identity information from an on-prem AD DS to an Azure AD tenant with Azure AD Connect (not needed for cloud-only organizations)
  • Azure AD sync credentials (one-way) to Azure AD DS to provide identity services to SMB (Morro CacheDrive) and lift-and-shift on-prem applications 
  • Azure AD DS provides the same AD functions
    • domain join, LDAP, Kerberos/NTLM authentication, Group Policy
    • not supported: DFS
    • AAD DS is a stand-alone domain, not an extension of an on-prem domain
  • Azure AD DS is a managed service: 
    • no need to patch software updates
    • high availability with pair of redundant servers
    • $108 per month for up to 25,000 object count

 

SMB Authentication Mode Table

Morro SMB Authentication Mode

Download PDF File for the full content

 

 

Did You Know

Morro Global File System

The Morro global file system provides multi-site collaborative file services for sync, lock, transfer, and caching. Interfaces supported include SMB (Windows, Mac) and Web with ACL. At each CacheDrive, users complete unlimited file system is presented as a single namespace.

Object Storage

Morro Data supports S3 compatible object storage including AWS S3 and Azure, presenting a single interface to different storage tiers and cloud providers for collaboration/sync (primary), transfer/replication, backup, and archive.

Global File Services

Consolidated Data Management:

  • Unlimited cloud capacity
  • Primary + Backup in one global namespace
  • Multiple cloud providers to save cost
  • Deduped and Encrypted

Multi-Site File Sync and Lock:

  • NAS Interface for cloud data. No VPN.
  • Global file locking
  • Add CacheDrive for fast Disaster Recovery
  • Large File Transfer

Cloud-to-Cloud Sync:

  • Sync with SharePoint
  • Backup to economic cloud storage
  • Business Continuity
  • User error recovery

 

Morro Data Features

File Services

Consolidated Data Management

NAS access with cloud reliability for primary and secondary data

Multi-Site Sync

Store files in cloud and sync files locally with cache. Add CacheDrive for easy expansion and instant disaster recovery.

Cloud-to-Cloud Sync

Sync and backup SharePoint and other cloud files

Global File System

Global Namespace

Data in cloud and synced across gateways in a single namespace. Gateway cache enables high performance access to unlimited file system.

Unlimited Storage

Choice of Cloud Storage providers for primary and secondary data.

Storage Pool

Pool specifies where and how data is stored and synced. A pool contains multiple shares. Pool types include Sync, Replicate, and Gateway.

Share Access

Network share with user access and gateway access controls

Global File Locking

Lock Office and other application files across gateways for remote collaboration.

Disaster Recovery

Fast metadata sync for replacement gateway for full file system access.

File Versioning

Version control of 1, 30, 300, or unlimited versions.

Prefetch

Automatic download to destination gateway vs. on-demand download.

Deduplication

Files are de-duplicated to save cloud storage and upload bandwidth

Compression

Files are compressed to save cloud storage and upload bandwidth

Bandwidth Limiting

Control sync window and sync bandwidth per share

Share Mapping

Shares can be optionally mapped to gateways for security

Advanced SMB Share Controls

Options to enable oplocks and to use Extended Attributes to save streams

Security

Encryption

Files are encrypted both in transit and at rest in cloud

Access Based Enumeration

Hidden shares

Web Access Security

ACL-based file access permission

User Management

Users and Groups

User and Group access permissions

Active Directory

Supports Microsoft Active Directory and Azure AD

User Permissions

Access permission per user/group/location (read only / RW / no access)

Location Based Permissions

File access based on Gateway (location) and on/off premises

Share Folder Security

Manage shared folder’s ownership and access control list

System Interface

NAS Interface

Present shares the same as NAS, with unlimited capacity

Local Network Interface

Support SMB protocol version 2.0/2.1/3.0/3.1 working with Windows and MacOS clients

Client OS Support

Windows, MAC OSX, Linux, Major Browser

Web Interface

Team Portal for ACL-based file access and management. Upload files and create folders to shares. Manage file versions, download, rename, copy, move, delete, purge files, create share link for files.

Morro Cloud Manager

Gateway Management

Globally manage all gateways on MCM

File System Management

Globally manage all shares in a Global Namespace

Dashboard

Usage analytics and system diagram

Analytics

Storage usage, User activities, and Data transfer activities

Role Based Management

Business Admin, Global Admin, Regular User

Users and Groups

Users, Primary Group, Secondary Groups

Logs

By category – team/device/file system. By severity – information/warning/error

Apps

Cloud-to-Cloud Sync

Sync shares with SharePoint document library, Dropbox or OneDrive

Morro Audit

Access history for retrospective investigation

Morro Migrate

Managed data migration to cloud

Gateway

CacheDrive Models

Desktop G80, G80 Pro, Tower T600, Rackmount R1100. Virtual Machine V200 (VMware) V201 (Hyper-V)

Device Information

CacheDrive Model number, serial number, firmware version, IP address, UUID and cache size

Cloud Caching

Files are uploaded to cloud through cache, presenting access window to unlimited file system size

Backup Target

Unlimited backup target through cache

NAS Interface

SMB network share interface same as NAS

Deduplication

Files are de-duplicated on gateway to save upload bandwidth

Compression

Files are compressed on gateway to save upload bandwidth and storage

Encryption

Files are encrypted on gateway before upload

Upload Status

Monitor upload status, speed, remaining upload and files

Prefetch Status

Monitoring prefetch files, status, speed etc.

Advanced Device Option

Hostname and SMB version selection

Device Clock

Global time zone based device clock

Device Management

Shutdown, reboot, and scheduled firmware update from centralized cloud management UI

Green Computing

Low power consumption gateway replacing traditional NAS or file server

Cloud Storage

Amazon S3

US (OR, VA, OH, CA), UK (London), Germany (Frankfurt), Australia, Japan (Tokyo), Singapore, China (Beijing), China (Ningxia)

Azure

BYOS All Regions

Wasabi

US (East), US (West)

Backblaze B2

US

Morro Connect Desktop App

Supported OS

Windows, macOS

Simple Connect

Auto start and login for persistent network share connection