If you already have a SAN, I would recommend it over a NAS for sure.
Unless you purchase an expensive NAS. Typically, even a low budget SAN will out perform the NAS. It comes down to hardware, NICs, Disk types for storage (SAS vs SATA), Raid types etc...
For my enterprise clients, I have them use something such as an MSA2040 SAN in a Raid 50 with SAS drives and also have them purchase a Synology NAS we use for backup storage.
As for ACL, you will want to go with a SAN with an iSCSI connection to the DC as the DC will believe that is a local resource and you will be able to configure ACL such as Windows Security or Sharing Permissions straight from the DC as you would any other file/folder.
If you do go with the SAN. I would recommend you use FC connections (Fiber Channel) as it's reliable and very quick. FC is the type of connection you will most likely want to use between the switches and the SAN for communication. iSCSI is another beast. iSCSI is the connection you will most likely use between the SAN storage and the devices that require access to said storage. (unless you have FC NICs for your devices) You would use both FC to configure and setup the SAN to Switch then iSCSI to connect the SAN storage to the devices requiring that connection (if needed).
I can think of two options in your case.
Configure the SAN with FC connections to the switches. Then create an iSCSI connection on the SAN and use iSCSI initiator to connect that to your DC where your AD profiles already reside. When you configure your profile redirection, you can choice a location to save it on the "X drive" of the DC which is actually the SAN storage.
You can simply create a share within the SAN UI and when performing your profile redirection policy, point it to the share on the SAN. However, I don't recommend this option. For once I don't think it will give you the ACL controls you are looking for and you will get more reliability and performance with iSCSI connection to the DC where the profiles reside. (as iSCSI does brick level transferring)
Things to consider when deploying folder redirection.
What are you planning on redirecting?
Are you planning on a full profile redirection or just my documents? etc... plan this out ahead of time
How reliable is the network? Do you have any networking issues or getting power surges\brown out on a normal bases? Are there laptops on the network?
I ask these questions because if the server or SAN ever losses connection to the workstations, you will not be able to load the profile to the workstation. It will load just a blank profile. If this is the case you may want to think about enabling "offline files" in Sync Center after you have deployed folder redirection. This saves a cached copy of the profile to the workstation in case out outages or removals from office (such as laptops) and next time it reconnects to the server, it will perform a profile sync. This way they can still function if the server, SAN or power is out.
I only recommend using offline files if truly needed. It is best practice to leave it off as the sync requests\conflicts can cause slowness and problems on the network. You really only want to use it with devices that will be leaving your office such as laptops etc...
Storage, how much do you have on the SAN? Is it enough to account for future expansion?
This is pretty important. If the company expands, is there enough storage to hold those new accounts? What about profile data sizes? These things will only grow throughout time. I recommend as least trying to calculate for 3+ years at rapid expansion rates to ensure you future proof yourself.
That is what I can think of off the top of my head. Hope that helps guide you in the right direction!
Edited by androbourne, 15 June 2016 - 07:13 AM.