Thanks for your thoughts, Raphael.
I’m not worried really. It’s the client’s idea to add security to the shares. He’s also willing to tell the users “this is what it is”. So, my job is advising about problems and risks and what it takes to deal with them. After that, it really is his decision. Although one can keep, poking and saying “I told you about that” when the time comes.
They got the EX2 mostly as an external backup solution and don’t really use the “cloud” sharing feature, media streaming, etc. Remote access would be setup through RDP. In your post I gather you are paying a lot of attention to the EX2 cloud sharing, streaming, phone access, but that will be minimally used, if at all.
If they use laptops those would have to be domain joined and users have Windows AD permissions. All data “sharing” wil be under AD permissions control.
After looking a bit more at the situation I feel It’s best to setup shares of business data from the server and use the EX2 primarily as an external backup and maybe off-loading some archival/unused data off of the server. iSCSI is probably not needed, either, like you suggest.
Right now, one thing I have left to look at is exactly what features come with joining the EX2 to the AD domain and how it works. Things like,
The AD users are imported (and/or synchonized) to the EX2. Now, are the EX2 shares permissions still managed through the EX2 admin console or through WIndows permissions?
Will the EX2 network interface register in the domain DNS using the domain suffix, presuming one can specivy it? eg. WDMyCloudEX2.clientdomain.com
I also need to find out what will happen to the EX2 data, shares and their permissions if I join it to the domain. I expect data not to be affected (although I wil back up beforehand), but that permissions would have to be recreated using AD users (even if native EX2 user accounts still remain)
Thanks for the answer again, and any additional info on these last items.