Jump to content


Photo

File Server OS - Likely windows10


  • Please log in to reply
8 replies to this topic

#1 Master_Scythe

Master_Scythe

    Titan

  • Hero
  • 20,211 posts
  • Location:QLD

Posted 28 November 2016 - 10:53 AM

*nix broke my trust AGAIN, simply doing something out of order, broke something.

It didn't warn me, or stop me, just went ahead, and broke other tools. So I'm back to the windows crowd.

 

I was looking at Server 2016, because I love the idea of ReFS with a Mirrored Storage Space; then the price hit me in the face.

No 'home, single user' edition.... rats.

 

So then I thought, "hey, I wonder what the limits are on windows 10?"

Seems the half open connection limit is GONE, which is nice.

However there is a 20 connection limit in relation to shares etc; and I'm having a hard time figuring out exactly how this will impact me...

 

I typically run an irc server, an sFTP server, sometimes a little intranet style site.... How will this limit affect me?

 

I'm having a hard time finding Microsofts documentation about how they "add up" those connections.

 

Does anyone know if its a TCPIP.sys\stack limit, like the half open connections were in Windows XP?

 

Or is it simply a "File and printer" services limit, so additional software (like IRC, FTP, etc) will go 'unnoticed' by the OS' limit? (only smb style shares will count)

 

How about total DLNA users accessing?

 

I'll keep researching, but if anyone knows where in the stack\what system file\how the OS 'counts users', that'd be much quicker.


Wherever you go in life, watch out for Scythe, the tackling IT support guy.

"I don't care what race you are, not one f*cking bit, if you want to be seen as a good people, you go in there and you f*ck up the people who (unofficially) represent you in a negative light!"


#2 Jeruselem

Jeruselem

    Guru

  • Atomican
  • 14,097 posts
  • Location:Not Trump-Land

Posted 28 November 2016 - 11:33 AM

There's Windows Server 2016 Essentials if you want to investigate but it's over $US500 still. It's essentially just Windows Small Business Server.


MTM NBN with FTTP/FTTH, FTTN, FTTC/FTTdp, HFC and Satellite. Buffering included


#3 Master_Scythe

Master_Scythe

    Titan

  • Hero
  • 20,211 posts
  • Location:QLD

Posted 28 November 2016 - 11:50 AM

There's Windows Server 2016 Essentials if you want to investigate but it's over $US500 still. It's essentially just Windows Small Business Server.

 

Not worth it for one user.

 

The rest is just 'to play with', I just dont want to hit pointless limits.


Wherever you go in life, watch out for Scythe, the tackling IT support guy.

"I don't care what race you are, not one f*cking bit, if you want to be seen as a good people, you go in there and you f*ck up the people who (unofficially) represent you in a negative light!"


#4 Jeruselem

Jeruselem

    Guru

  • Atomican
  • 14,097 posts
  • Location:Not Trump-Land

Posted 28 November 2016 - 12:20 PM

From my reading, the half open tcp limit was disabled in Vista SP2 so Windows 10 should not have on by default.


MTM NBN with FTTP/FTTH, FTTN, FTTC/FTTdp, HFC and Satellite. Buffering included


#5 Master_Scythe

Master_Scythe

    Titan

  • Hero
  • 20,211 posts
  • Location:QLD

Posted 28 November 2016 - 12:25 PM

From my reading, the half open tcp limit was disabled in Vista SP2 so Windows 10 should not have on by default.

 

TY

And that's fine,  but the full open limit is what I'm interested in.

I still can't find proper documentation on what windows 10 considers a "connection".

 

So far its looking like File\Print server limits only, so things like IRC and FTP will be limitless, but I can't seem to confirm this....


Wherever you go in life, watch out for Scythe, the tackling IT support guy.

"I don't care what race you are, not one f*cking bit, if you want to be seen as a good people, you go in there and you f*ck up the people who (unofficially) represent you in a negative light!"


#6 SquallStrife

SquallStrife

    Really knows where his towel is

  • Atomican
  • 17,939 posts

Posted 28 November 2016 - 02:33 PM

I still can't find proper documentation on what windows 10 considers a "connection".


You're overthinking it.

SMB share connections is the "only" thing that will constitute a network session, in the sense that they interact with the session manager (lsass.exe), even if they "log in" with the "ANONYMOUS LOGON" builtin principle. This is because all sessions need a token to validate against file permissions.

When you run a network daemon (IRC, FTP, etc), all activity will be in the context of the user account the process is running as. There isn't a limit (that I know of) to the number of sessions open by local processes (e.g. right-click, run as). Of course for non-Server Windowses, the limit of *interactive* sessions is 1.

The fact it opens ports and receives network connections is completely irrelevant to the limitation you're talking about.

Edited by SquallStrife, 28 November 2016 - 02:36 PM.

SyDjDDk.png [retro swim] | AzpUvwG.png @retroswimau | q5O6HgO.png +RetroSwim
四時半を待っています!

#7 Master_Scythe

Master_Scythe

    Titan

  • Hero
  • 20,211 posts
  • Location:QLD

Posted 28 November 2016 - 03:23 PM

 

I still can't find proper documentation on what windows 10 considers a "connection".


You're overthinking it.

SMB share connections is the "only" thing that will constitute a network session, in the sense that they interact with the session manager (lsass.exe), even if they "log in" with the "ANONYMOUS LOGON" builtin principle. This is because all sessions need a token to validate against file permissions.

When you run a network daemon (IRC, FTP, etc), all activity will be in the context of the user account the process is running as. There isn't a limit (that I know of) to the number of sessions open by local processes (e.g. right-click, run as). Of course for non-Server Windowses, the limit of *interactive* sessions is 1.

The fact it opens ports and receives network connections is completely irrelevant to the limitation you're talking about.

 

 

That was my gut feeling, and honestly, my logic also.

I just didn't want to go to the effort of an ReFS-Mirror setup, fill it with data, only to find that I need to change OS completely because my connections are  maxing out.

 

I was trying to find out where in the TCPIP stack the 'connection count' came from, but as you've pointed out, I'm barking up entirely the wrong tree.

When you say; "even if they "log in" with the "ANONYMOUS LOGON" builtin principle.", what are you referring to?

 

 

Really though, so long as my "servers" (web, IRC and sFTP) wont hit a connection limit, no matter how heavily I smash it (within reason); then I'm happy.

Basic windows 10 install, it is!

 

 

 

EDIT: You mean, if I have things like shares open to the "Everyone" group, and allow external access, yes?

aka. Local account, or not; they're currently in the SMB share, so it's "counted".

Correct?

 

 

EDIT2: here is why I was overthinking it; Directly from a microsoft Technet representative:

"You may take use of Netstat command to check the connections:"

netstat WONT simply show uses authenticated (even anonymously) they'll show literally every connection made over TCPIP (and I think UDP also)


Edited by Master_Scythe, 28 November 2016 - 03:28 PM.

Wherever you go in life, watch out for Scythe, the tackling IT support guy.

"I don't care what race you are, not one f*cking bit, if you want to be seen as a good people, you go in there and you f*ck up the people who (unofficially) represent you in a negative light!"


#8 SquallStrife

SquallStrife

    Really knows where his towel is

  • Atomican
  • 17,939 posts

Posted 28 November 2016 - 04:57 PM

That was my gut feeling, and honestly, my logic also.
I just didn't want to go to the effort of an ReFS-Mirror setup, fill it with data, only to find that I need to change OS completely because my connections are  maxing out.


So build a VM on a loonix host and do some jperf tests.
 

I was trying to find out where in the TCPIP stack the 'connection count' came from, but as you've pointed out, I'm barking up entirely the wrong tree.
When you say; "even if they "log in" with the "ANONYMOUS LOGON" builtin principle.", what are you referring to?
 
EDIT: You mean, if I have things like shares open to the "Everyone" group, and allow external access, yes?
aka. Local account, or not; they're currently in the SMB share, so it's "counted".
Correct?


The standard local policy configuration disallows any SMB activity that isn't done by a logged on user that's a member of "Users" or higher. If you change this (or use a non-Windows host like Samba/CIFS on a linux machine), you can create un-authenticated SMB sessions.

In this case (on a Windows host), the "ANONYMOUS LOGON" account's SID is used for permissions/rights purposes. I suppose on a Linux host, it's mapped to nobody:nobody or something.

The "Everyone" principal includes "ANONYMOUS LOGON", and for that reason it's not a good idea to use it. Better practice if you want to make a file free-for-all is to use the "Authenticated Users" principal. (It should be "principal", it got autocorrected to principle in my earlier post)
 

EDIT2: here is why I was overthinking it; Directly from a microsoft Technet representative:
"You may take use of Netstat command to check the connections:"
netstat WONT simply show uses authenticated (even anonymously) they'll show literally every connection made over TCPIP (and I think UDP also)


Well, you /can/ filter it to ports 135 and 445.

A better tool would be "net session", or "Get-SmbSession" in Powershell.

Edited by SquallStrife, 28 November 2016 - 04:57 PM.

SyDjDDk.png [retro swim] | AzpUvwG.png @retroswimau | q5O6HgO.png +RetroSwim
四時半を待っています!

#9 Master_Scythe

Master_Scythe

    Titan

  • Hero
  • 20,211 posts
  • Location:QLD

Posted 29 November 2016 - 09:38 AM

Thank you, you've confirmed what I thought.

 

As I said, gut feeling was it was an SMB\IIS\Print limit, I just wasnt sure HOW it counted those.

I guess considering the actual stack was a little..... over-thinkie, as you said :)

 

I wonder how it would handle serving our iSCSI targets, from 3rd party software..... not important but a fun experiment


Edited by Master_Scythe, 29 November 2016 - 09:41 AM.

Wherever you go in life, watch out for Scythe, the tackling IT support guy.

"I don't care what race you are, not one f*cking bit, if you want to be seen as a good people, you go in there and you f*ck up the people who (unofficially) represent you in a negative light!"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users