In the organisation I'm in we have a mixture of OS X and windows XP. For years the Macs have also connected via SMB to the fileserver, however it's always been a bit flaky. On OS X it's prone to dropouts, and since we've upgraded our main server from SBS Server 2003 to Server 2008, it's been exhibiting some mighty strange behaviour (only connecting after ages by only the hostname, the FQDN returns that the IP doesn't exist, but that's not what this question is about).
I've supported SMB for 5 years, and I'm sick of it. the unexplained OS X dropouts, (Win/OSX)remote people not understanding (constantly) about the need to connect to the VPN first or even the concept fully (yes, I've written detailed help articles and explanations that work and are tested; when the chips are down, hands always want to be held), the calls about 'weird filenames'. I've had it.
Another issue that we've had is that remote users in 'hostile' sites couldn't VPN back to us due to external bureaucracy/firewalls that the majority of the time we are unable to wade through. I set up a solution earlier this year to allow users to connect via WebDAV over SSL, and also give the ability for users at home to access work files easily. The calls from these remote users have dramatically decreased.
I read up on the IIS6 security issues with WebDAV, and it didn't apply to us (no anonymous access to the folder, 'exclusive' ntfs permissions set) so that was set up.
Now that we're on Server 2008 with IIS7, I've applied the hotfix to fix the ampersand issue, I want to know.
ServerFault:
Is there any good reason I should not encourage users locally and remotely to use the fileserver via webdav over SSL? I'm thinking primarily the OS X users.
the only thing that I can think of that I've not tested is that multiple users may not be able to open the same file, at the same time. I'm willing to live with that, as that would only apply to older databases here.
I've noticed windows XP and MS office 2007 loves to prompt for the username and password when opening documents, what's this like in Vista/Windows 7?
This is still not that much of an issue, as we are in Australia; our Internet infrastructure is terrible, users have 3g modems (no matter what network, network dropouts are somewhat commonplace) and we've always reccomended to copy the file to the local computer, work on it, then copy back.
Any other Vista/Windows 7 issues? does it work better?
I'd like some of your expert feedback on using WebDAV over SSL instead of SMB :)
other alternatives are welcome.
WebDAV will probably be a little slower than SMB (especially with SSL), but with much fewer headaches since networks are optimized for HTTP access these days. I would definitely do some load testing before making the switch.
If its only text based files (word, excel, ppt etc.,) why not switch to a CMS like sharepoint/drupal. You could have users login to the VPN and than access this like any other intranet portal.
Might be an overkill for now, but consider the scalability.
Also consider a hosted solution for the above, if infrastructure & bandwidth within your data center are an issue.
Well, why not run a portal over https? If you do something sensible with authentication and certificates, that's as secure as WebDAV over https. Of course, you could do both.
WebDAV is entirely up to server implementation quality; I've never had much luck, but then I wasn't using Microsoft servers either. And since the MS implementation was initially done by the same person who put the spec through the IETF, I suspect it's pretty good. I suspect, however, that if you have the kind of users who can't handle a VPN, they won't handle DAV that well either, and simply exposing the portal to the net is a better solution.
While I can't comment on WebDAV, have you considered sharing via NFS on your Windows server?
This link explains how to do it Microsoft Technet