YNQ : A Portable SMB Solution for Embedded Systems · 2020-02-16 · Existing file transfer solutions must read/write entire files, thus limiting performance The overall embedded

YNQ™ Whitepaper © 2019 Visuality Systems Ltd 1

YNQ™: A Portable SMB Solution for

Embedded Systems

A Visuality Systems Whitepaper


Table of Contents

Embedded Market Overview 3

Challenges 4

The Solution 5

Customer Case Studies 6

YNQ™ Architecture 8

Using YNQ™ 10

Functionality 11

Compliance and Connectivity 122

Summary 133


Embedded Market Overview

The world of embedded systems is large and diverse. The worldwide embedded market

by most estimates is valued at $140 billion, and is growing at rates between 5% and 8%

annually.

Embedded software is a critical component of an overarching embedded system

architecture for devices, which run on a low footprint, and low RAM, RTOS, etc. From

home appliances to on-board aircraft networks, robotics to medical equipment,

automotive to smart watches, ATMs to printers, there are many types of embedded

software applications running on different hardware, each with its own size, shape and

custom requirements.

There is something, however, that unites most of them, and that is the need for network

connectivity. This is because, nowadays, devices are not isolated anymore. For instance,

they may need to save their jobs on a remote server or may want to expose their files to

the outer world.

Figure 1: YNQ™ possible connectivity


Remote file access and print services are two common embedded software firmware

requirements. Some use cases of these are as follows:

MFPs (multifunctional printers) save scan jobs over the network

Routers share flash drives to the network

Robots read jobs from a network server

Medical equipment writes test results to the hospital server

Aircraft console clients retrieve maps from the on-board map server

Since a large percentage of devices are communicating with back-end Windows systems,

the Server Message Block or SMB protocol, the default standard in Microsoft-based

systems, is typically used for this remote connectivity. SMB has been widely adopted in

heterogeneous environments involving Linux, MacOS, UNIX, different RTOSes, iOS,

Android and other environments.

Challenges

Lack of a portable and standard embedded system SMB

solution

Embedded systems typically lack a native SMB solution.

Linux and UNIX can use the open source Samba solution,

but it is limited due to its support model, large footprint and

restrictive licensing requirements. RTOS platforms do not

include the SMB protocol solution.

Figure 2: Challenges

Limited resources

Embedded systems are facing the same challenges as computers, one example being the

latest security threats. Contrary to computers, however, embedded systems are much

more limited in resources.

Consider the following scenarios:

Devices are still using old, unsecured SMB1, exposing files externally

Vendors cannot adhere to Samba licensing changes

The solution’s high footprint narrows the market to only high-end devices

The firmware is not truly portable, thus limiting customers to more expensive

or less efficient environments

Existing file transfer solutions must read/write entire files, thus limiting

performance

The overall embedded market therefore requires a comprehensive, secure, standards

based SMB Server and Client solutions with favorable licensing that is easy to

implement, reliable, and carries a low resource footprint and low RAM usage.


The Solution

Why SMB?

The SMB protocol, formally referred to as CIFS, is a file and printer sharing protocol,

which serves as the basis for Microsoft's Distributed File System implementation.

Contrary to FTP and HTTP, the SMB protocol allows not only copying an entire file, but

also grants access to files over the network. File editing, for example, can be executed

over SMB without a change in its location. The latest dialect - SMB 3.1.1 - enjoys the

highest levels of built-in security, including pre-authentication and encryption for all file

operations.

While desktop computers and servers such as Windows and Macintosh natively benefit

from SMB connectivity, the situation in the embedded world is more complicated. A

device may be developed on top Linux/Unix or an RTOS that lacks an SMB solution

such as VxWorks, ThreadX, Integrity, Itron, or any other of a great variety of RTOS or

operating systems such as iOS, Windows CE, etc.

Visuality Systems YNQ™: Comprehensive SMB Client and Server

YNQ™ is a portable SMB Server and Client solutions that can be used with any

environment operating system (OS), device, CPU or compiler. It enables devices to

connect with a network through SMB. Being a highly portable library, YNQ™ can be

integrated into virtually any hardware or software platform and fully complies with

Microsoft SMB/SMB2/SMB3 specifications. YNQ™ stays current with the latest

releases of the SMB protocol, including critical, built-in connectivity and file encryption

standards that protect your environment from security intrusions and other malicious

activity.

YNQ™ is the flagship product of Visuality Systems Ltd. At its launch in 1999, it was

called CIFS NQ™ and was subsequently renamed to NQE™ in 2014. YNQ™ is the new

generation of the NQ product family, released in 2019 and was developed under the

Agile methodology.

YNQ™ has 3 levels of modularity (Figure 6):

High: API/Protocol level – APIs (NQ), server, client, NetBIOS

Medium: Service level – Authentication, common, network

Low: OS level – System, user defined, driver

Each level utilizes the level below. The API level utilizes both the Service level and

OS levels, whilst the Service level utilizes the OS level. The High level is named

Frontend, and the Low level is named Backend.

The YNQ™ modern software structure allows the Visuality Systems customer to

know which module the fix/patch/update is related to at any given time.


By knowing which modules the changes have been carried out on integration and

testing time is naturally decrease as the focus required is for the specific modules.

This utilization allows to separate the YNQ™ implementation into four separate

products:

Standalone Client – full SMB client functionality

Corporate Client – full SMB client functionality with the ability to register

the machine to the corporate Active Directory

Standalone Server – full SMB server functionality

Corporate Server – full SMB server functionality with the ability to register

the server to the corporate Active Directory and has the pass=through

authentication ability.

Customer Case Studies

Scan to Folder

The YNQ™ Client is today a de facto SMB solution for MFPs (Multi-Functional

Printers). It is running in numerous models of MFPs, granting to end users a seamless and

secure way of saving scanned documents.

YNQ™, when built into an MFP, connects it to the network, so that the printer can save

scan jobs directly to a network folder. The entire transaction happens completely from the

MFP, thus eliminating hopping between the MFP and a PC, for e.g., between campuses.

The Visuality Systems’ SMB functionality grants the scanner the ability to browse the

network, locate available computers or servers, view shared folders and deliver

documents to the accessible destinations in a desired format, quickly, reliably,

conveniently and securely.

Since the YNQ™ Client fully supports SMB3, scan jobs are securely transferred under

end-to-end encryption.

Figure 3: Scan to folder


Automotive Manufacturing Floor

A high-end European automotive manufacturer

embeds Visuality Systems’ YNQ™ in their

custom factory test “data acquisition” system to

record and distribute extensive equipment

environment data for each test run.

The configuration data to drive all tests is

updated by an automated controller system with

YNQ™ over SMB protocol. The recorded data

for each test run is then transferred using SMB

to be loaded into a massive data warehouse for

ad-hoc analysis.

Figure 4: Auto manufacturing automation

Adopting YNQ™ with the SMB3’s encryption guarantees all data in transit is secured

and helps close remaining critical security holes. They have found SMB connectivity to

be faster, more consistent and more reliable than FTP.

On Board Navigation Embedded Systems

A defense customer embeds Visuality Systems

YNQ™ client and server into their real-time,

onboard navigation system to speed up file

processing and save precious time that can help

save lives in critical situations.

Audio and GEO map files, which are updated

frequently, can also be accessed directly using the

SMB protocol. This provides a much faster end-

to-end solution than one based on FTP, which

requires a full file download to the cockpit client

navigation system.

Figure 5: Aircraft use case


YNQ™ Architecture

YNQ™ is a pure C, highly portable library which can be integrated into virtually any

platform. It is important to distinguish between two levels of YNQ™ adaptation - Porting

and Integration.

Porting

The Porting process occurs when YNQ™ is about to be used on yet another platform, be

it an Operating System (OS), another CPU or any other system. Porting YNQ™ involves

implementing its low layer by means of the most common platform services. This process

is seamless and requires minimum efforts.

Integration

For selected platforms (Linux/UNIX, VxWorks, Nucleus, iOS and Windows), off-the-

shelf solutions are available. Integration occurs when YNQ™ is incorporated into a new

solution on a platform for which Porting has being already done. In most cases, this does

not require any significant efforts besides fine tuning of a couple of parameters.

The model for using YNQ™ is illustrated in Figure 6. The components shown in blue are

fully portable, while those in green may be modified during either Porting or Integration.

The YNQ™ Level 1 here is the central component of the entire architecture. It is

responsible for the SMB Server and SMB Client functionality. The Level 3 (Environment

abstraction component) maps an abstract system API on the exact operating system calls.

There is a distinction between Project-Dependent or User-Defined (UD) and System-

Dependent (SY) layers. With reference to the difference between Porting and Integration,

SY corresponds to Porting, while UD corresponds to Integration.

Figure 6: YNQ™ Architecture Layers


From a functional perspective, YNQ™ may be seen as an SMB Server, SMB Client and

NetBIOS Daemon (see Figure 7). Since the SMB Server is an application, using it is

seamless and requires minimum efforts, only for fine tuning. The SMB Client is a

software library available through its API. To benefit from the SMB Client, a YNQ™

customer should develop an application (or a set of applications). The SMB Corporate

Server also uses SMB Client to achieve Domain Authentication (also called Active

Directory Authentication). Another component (not shown in Figure 7) is the File System

(FS) Driver. This feature is system dependent, and the Driver is currently available on

VxWorks and Linux/UNIX (through FUSE). The Driver option allows developing client

applications on top of the native API instead of Client API. The NetBIOS Daemon

component is shared between the Server and Client to provide NetBIOS services, mostly

name resolution.

Figure 7: YNQ™ Components

The YNQ™ architecture was designed for the embedded world archetype, for which the

following techniques can be used:

• Pre-allocated memory: YNQ™ uses fixed-size tables, which are either allocated

statically or pre-allocated on startup. Though it applies some restrictions in terms

of maximum connections, open files, etc., it perfectly fits the main constants of

an embedded system.

• Multi-threading: This technique applies to the SMB Client, which complies

with a fully thread-safe library. SMB Server of YNQ™ is single-threaded, which

guarantees the most stable and reliable behavior.

• Zero-copy: YNQ™ avoids copying payload of read and write operations.


Using YNQ™

The existence of two major components may confuse a user not familiar with the SMB

protocol. The following use cases will thus aid in selecting the right component:

• Scan to folder: An MFP (multi-functional printer) transfers a scan result onto a

PC on the corporate network. This is a client case. The MFP must run an

application on top of NQ Client API to achieve this functionality.

• Home NAS: A SOHO router with USB slots allows plugging a flash drive,

converting the router into a SOHO NAS. This case assumes a server.

In a client case, the YNQ™ user can choose between either an NQ Client API or

an FS Driver (available on selected platforms). The table in

Figure 8 compares the two methods of using the SMB Client.

NQ Client API FS Driver

Performance Best Significantly less

Development efforts Significant Low

Compliance to “native”

API (for e.g., POSIX) None Almost full

Examples:

ccAddMount(…);

ccCreateFile(…);

ccWriteFile(…);

ccCloseHandle(…);

mount(…);

fopen(…);

fwrite(…);

fclose(…);

Figure 8: YNQ™ Client Methods


Functionality

YNQ™ SMB Server features

• SMB dialect support from NTLM0.12 (SMB1) to SMB 3.1.1

• Various methods of authentication:

• Active Directory integration (or Domain Authentication) (Corporate)

• Local users

• From LM to NTLMV2, either “naked” or wrapped into SPNEGO

• Kerberos

• Message signing

• SMB encryption

• Optional ACL integration

• DNS, LLMNR and NetBIOS

• DCERPC over SMB:

• Basic – SRVSVC, WKSSVS, WINREG and more

• Authentication – SAMR, NetLogon and LSA

• Printing – SPOOLSS

• IPv4 and IPv6 support

YNQ™ SMB Client features

• SMB dialect support from NTLM0.12 (SMB1) to SMB 3.1.1

• Reach set of calls:

• Full set of file data operations

• Full set of file meta-data calls

• Network discovery calls

• Run-time fine-tuning

• Asynchronous reads and writes (optional)

• Host resolution through DNS, LLMNR and NetBIOS

• Multi-threading

• Various methods of authentication:

• From LM to NTLMV2, either “naked” or wrapped into SPNEGO

• Message signing

• SMB encryption

• Durability

• DCERPC over SMB:

• Basic - SRVSVC, WKSSVS and more

• Authentication – SAMR, NetLogon and LSA (Corporate)

• LDAP

• IPv4 and IPv6 support


Compliance and Connectivity

YNQ™ fully complies with Microsoft SMB/SMB2/SMB3 specifications. YNQ™

supports all SMB dialects, from NTLM 0.12 to 3.1.1. This grants connectivity from all

client versions of Microsoft, Apple Macintosh and Samba.

Figure 9: YNQ™ Connectivity

The table in Figure 9 demonstrates connectivity between the most common SMB

implementations. In all cases, YNQ™ negotiates the latest SMB dialect.


Summary

Current embedded systems may still lack an optimized SMB solution. These could be an

RTOS with no available SMB solution, or an embedded version of Linux/UNIX that

refrains from utilizing open source Samba due to its support pattern, large footprint or

licensing. The embedded market therefore needs an SMB solution which is reliable,

effective, portable (to any RTOS), and which carries lower resource consumption.

With over 20 years of experience in the SMB/CIFS market, Visuality Systems offers its

Embedded SMB solution, YNQ™, which is portable and can be integrated into any

environment, thus bringing SMB/SMB2/SMB3 client and server capabilities to any

embedded device under a commercial license.

YNQ™ version 1.2.0 is now available for integration as a source code.

YNQ : A Portable SMB Solution for Embedded Systems · 2020-02-16 · Existing file transfer solutions must read/write entire files, thus limiting performance The overall embedded

Documents