Friday, January 27, 2012

Configure and Manage Distributed File System (DFS)

Print Friendly and PDF
If you have multiple file servers deployed, how do you connect to the file servers?

DFS is a service that connects file shares together into a single namespace. The files can reside on different computers and provides client access to the files in a transparent manner.


The server side implementation of DFS consists of a Windows service (\%SystemRoot%\System32\Dfssvc.exe) and a device driver (\%SystemRoot%\System32\Drivers\Dfs.sys). The DFS service is responsible for exporting DFS topology-management interfaces and maintaining the DFS topology in either the registry (on non-Active Directory systems) or Active Directory. The DFS driver performs topology lookups when it receives a client request so that it can direct the client to the system where the file it is requesting resides.
On the client side, DFS support is implemented in another device driver (%SystemRoot%\System32\Drivers\Dfsc.sys) and uses the SMB redirector for its internal communication with DFS servers. The DFS client provider is implemented in \%SystemRoot\System32\Ntlanman.dll. When a client issues a file I/O request that specifies a file in the DFS namespace, the DFS client driver communicates with the target file server by using the appropriate redirector. 

DFS Technologies:

  1. DFS Namespaces (DFS-N). Provides the ability to group together shared folders located on different servers and present them as a virtual tree of folders known as a namespace. Users only need to know the virtual namespace name to access the shared folder structure. The root of a DFS namespace must be a file share defined on a Windows server.
  2. DFS Replication (DFS-R). Optimized for Windows Server 2008 to provide multi-master replication and is useful for WANs and branch offices (enables any server to perform replication activity). DFS provides high-availability and fault-tolerant files and folders. The main job of DFSR is to replicate the contents of any DFS share, along with the domain controller's \SYSVOL directory. SYSVOL is where the domain controller's store logon scripts and Group Policy files.
  3. Remote Differential Compression (RDC). Uses delta-based replication that identifies data insertions, removals, and rearrangements across files and transmits these changes over the network. This achieves significant bandwidth savings over limited-bandwidth networks. RDC is only used on files that are 64 KB and larger, by default.

How does the DFS Namespace and DFS Replication Work?

  1. The user types in a UNC that targets a namespace server and receives a referral that is transparent to the end user.
  2. The client computer will cache the referral. The referral contains a list of folder targets of physical servers that hosts the resources. The client computer will contact the first server listed in the referral. Typically, the first server will be in the same Active Directory site as the user’s computer. If the server is not in the same Active Directory site as the user’s computer, the client will go over the WAN using the cached referrals until it finds the folder target that matches the information they are looking for.
  3. DFS Replication. If the target folder is on a server that the user is unable to connect to, then
    the replication server will be in the list as a folder target.


DFS Namespace Types

Characteristic Domain-based Stand-alone
Path \\Domainname\Namespace \\Servername\Namespace
Location Active Directory and memory cache Server registry and memory cache
Size
  • Up to 5,000 folders with targets in Windows 2000 Server mode
  • Up to 50,000 folders with targets in Windows Server 2008 mode
Up to 50,000 folders with targets
Availability Namespace hosted on multiple servers Failover cluster
DFS Replication Supported Supported

Stand-alone can be used if there is no Active Directory.

Domain-based can be useful if you wish to hide the name of the namespace server from the users.

Domain-based provides high-availability because the namespace is hosted on multiple servers.

Both stand-alone and domain-based namespace support replication.
If you upgrade the domain functional level to Windows Server 2008 while there are existing domain-based namespaces, DFS Management will allow you to enable access-based enumeration on these namespaces. However, you will not be able to edit permissions to hide folders from any groups or users unless you migrate the namespaces to the Windows Server 2008 mode. For more information, see Migrate a Domain-based Namespace to Windows Server 2008 Mode.

What are Folders and Folder Targets?

Folder. A folder in DFS is the primary element of a namespace. It allows us to build the namespace hierarchy.
Folder Target. A folder target is a UNC (Universal Naming Convention) that points to a shared folder, a folder within a shared folder, or a path to another namespace.

Namespace Server Requirements

Namespace Server:
  • Domain controller or member server
  • Windows Server 2003 or Windows Server 2008
  • An NTFS volume required to host the namespace
  • Must be in the same domain if the namespace is domain-based
  • If the namespace is domain-based, it cannot be a clustered resource
http://blogs.technet.com/photos/filecab/images/3055247/640x461.aspx

Demo – Install DFS

  1. Start | Administrative Tools | Server Manager

  2. Select Roles
  3. Select File Services and right-click
  4. Select Add Role Services
  5. Select Distributed File System
  6. Click Next
  7. Select Create a namespace later using the DFS Management snap-in in Server Manager
  8. Click Next
  9. Click Install
  10. Click Close
  11. Close Server Manager


Configure and Deploy DFS Namespaces

Configure a namespace for publishing content:

  1. Create a namespace
  2. Create a folder in the namespace
  3. Add folder targets (multiple folder targets increases the fault tolerance of the file system)
  4. Optional: Set the target priority to override referral ordering
  5. Optional: Enable client failback (in case the target has failed and is subject to a restore)
  6. Replicate folder targets using DFS-R
Note: You may need to delegate the ability to create and manage namespaces.

Security Requirements for Creating and Managing a Namespace

Task Group
Create a domain-based namespace Domain Admins
Add a namespace server to a domain-based namespace Domain Admins
Manage a domain-based namespace Local Admin on each namespace server
Create a stand-alone namespace Local Admin group on the namespace server
Manage stand-alone namespace Local Admin group on the namespace server
Implement DFS replication Domain Admins


Demo – Create Namespaces

  1. Start | Administrative Tools | DFS Management
  2. Right-click Namespaces and select New Namespace…
  3. On the Namespace Server dialog box, type the name of the server that will host the namespace. In this demo, we will call it nyc-dc1.
  4. Click Next.
  5. On the Namespace Name and Settings dialog box, type the name of the namespace. In this demo, we will call it ProjectDocu and click Edit Settings to indicate permissions.
  6. On the Edit Settings page, indicate the user permissions desired. Click OK.
  7. Click Next.
  8. On the Namespace Type dialog box, indicate whether the namspace will be Domain-based or Stand-alone namespace. In this example, we will use a Stand-alone namespace which will be stored on a single namespace server.
  9. Click Next.
  10. Review Settings and Create Namespace.
  11. Click Create. (Errors will be located on the Errors tab)
  12. Click Close.
  13. Now you will see \\NYC-DC1\ProjectDocu located underneath Namespaces.


Increase Availability of a Namespace

  • Domain-based. Specify additional namespace servers.
  • Stand-alone. Create a stand-alone namespace as a cluster resource.
  • Folders. Specify additional folder targets and replicate folders using DFS Replication.

Configure Folder Targets

  1. Start | Administrative Tools | DFS Management
  2. Select Namespaces and highlight \\NYC-DC1\ProjectDocu that we created in the previous demo.
  3. Right-click and select New Folder.
  4. Type in a name: Projects and click Add to add a folder target.
  5. Browse to ProjectDocu shared folder.
  6. Click OK.
  7. Click OK.
  8. Now you see the folder called Projects. Right click on it and select Properties.
  9. Click on the Referrals tab. Here you can see how long the client is allowed to cache the referral and the overrides for the namespace settings at the root. Click OK.
  10. Click on New Folder Target.
  11. In the Path to folder target:, click Browse. Change the server to nyc-svr1. Click Check Names to verify the server. Click OK.
  12. Click New Shared Folder. Type ProjectDocu in the Share name: text box and the Local path of shared folder: on the remote computer. Click Browse to Browse For Folder for ProjectDocu.
  13. Click OK.
  14. Modify the Shared folder permissions: if needed.
  15. Click OK.
  16. Click OK.
  17. Click OK.
  18. A Replication dialog box displays because we have set up an additional folder target asking Do you want to create a replication group? We will select No for this example.

Configuring DFS Replication (DFSR)

DFSR is a new technology in Windows Server 2008 and is how Active Directory Domain Services provides file and folder replication between domain controllers. It is available in standalone and domain configurations. 
DFSR is multi-master replication and it supports compression and bandwidth management technologies that are network friendly.
DFS-R is a multi-master replication engine that supports replication scheduling and bandwidth throttling.
  • DFSR uses remote differential compression (RDC) to efficiently update files over limited-bandwidth networks.
  • DFSR uses delta-based replication and detects changes on the volume by monitoring the Update Sequence Number or USN journal. It also uses update sequence numbers.
  • Uses a staging folder to act as caches for new and changed files to stage a file before sending and receiving it. Each replicated folder has its own staging folder located by default in the local path of the replicated folder in DfsrPrivate\Staging folder.
  • Uses a version vector exchange protocol to determine what files need to be synchronized. The protocol sends less than 1 KB per file across the network to synchronize the metadata associated with changed files on the sending and receiving members. Introduction to DFS Replication
  • Uses a conflict resolution heuristic of last writer wins for files in conflict, when a file is updated at multiple servers simultaneously, an earliest creator wins for name conflicts. Files and folders losing the conflict resolution are moved to the DfsrPrivate\ConflictandDeleted folder. You may also configure the DFSR service to move deleted files to this ConflictandDeleted folder when the file is deleted, for retrieval purposes. Staging folders and Conflict and Deleted folders
  • DFS Replication can automatically recover from USN journal wraps, USN journal loss, or a loss of the DFS Replication database.
  • Uses a Windows Management Instrumentation (WMI) provider to provide interfaces to obtain configuration and monitoring information from the DFS Replication service.

What are Replication Groups and Folders?

  • Replication Group.
    • A replication group is a set of servers that have membership in the replication group. The servers participate in replicating one or more folders.
  • Replicated Folder.
    • A replicated folder is kept synchronized on each member.

DFS Replication Requirements

  • The Active Directory schema must include the DFS replication objects.
  • The servers must be Windows Server 2003 R2 or Windows Server 2008 with the DFS Replication service installed.
  • Replicated folders must be stored on NTFS volumes because DFSR depends on the NTFS change journal to detect changes to files in directories in a replica set.
  • Servers in a replication group must be in the same forest.
  • On server clusters, replicated folders must be located in the node’s local storage because the service is not designed to work with cluster components, and will not fail over to another node.
  • Antivirus must be compatible with DFS Replication so that it will not be flagged as virus activity.

Scalability for DFS Replication

The following are guidelines:
  • Each server can be a member of up to 256 replication groups
  • A replication group can contain up to 256 replicated folders
  • Each server can have up to 256 connections
  • The number of replication groups multiplied by the number of replicated folders multiplied by the number of simultaneously active connections must be kept to 1024 or fewer
  • A replication group can contain up to 256 members
  • A volume can contain up to 8 million replicated files, and a server can contain up to 1 terabyte of replicated files
  • The max tested file size is 64 gigabytes

Steps to Deploy a Multipurpose Replication Group

  1. Determine the type of replication group you are going to create
  2. Specify the name and domain
  3. Add the replication group members
  4. Specify a topology
  5. Specify the replication group schedule and the bandwidth
  6. Specify the primary member
  7. Specify the folders to replicate and the local path on the member servers
Once you have configured replication, replication does not start immediately. The topology and DFS replication settings have to be replicated to all of the domain controllers.
Each member of the replication group must poll the closest domain controller to obtain the settings. The amount of time for this will depend on your Active Directory replication latency and the polling interval on each member.
Initial replication always occurs between the primary member and the primary member’s receiving replication partners. After a member has received all files from the primary member, then that member will replicate to it’s receiving partners.

When receiving files from a primary member during initial replication, the receiving members containing files not currently present on the primary member, will move the files to their DfsrPRivate\PreExisting folder.

If a file is identical to a file on the primary member, the file is not replicated.

If the receiving file is different from the primary member’s version of the file, then the receiving member’s file is moved to the ConflictandDeleted folder.
An Remote Differential Compression (RDC) can be used to download only the changed blocks or delta replicated components from the existing files.
To determine whether the files are identical on the primary and receiving member, DFS Replication compares the files using a hash algorithm and if they are identical, minimum metadata is transferred between the replication members.
After the initial replication of the replicated folder, the primary member designation is removed and the member is treated like any other member and its files are no longer considered to be authoritative.

From that point onward, we have full multimaster replication between the replication members.

Understanding the Initial Replication Process

  1. Replication of DFS settings
  2. Primary member starts replication
  3. Files are moved to DfsrPrivate\PreExisting (if the files are not present on the primary member)
  4. Files are compared and replicated
  5. Primary member designation is removed

Diagnostics Reports and Propogation Tests

Staging folders and Conflict and Deleted folders


Diagnostic Report Wizard:

  1. Create a health report
  2. Start a propagation test
  3. Create a propagation report

Demo – Deploy DFS Replication
  1. Start | Administrative Tools | DFS Management
  2. Right-click Replication and choose New Replication Group…
  3. Choose Multipurpose replication group
  4. Click Next
  5. Under Name of replication group: type SCNB_Projects. The domain is SCNB.com
  6. Click Next
  7. Click Add to add replication group members
  8. We will add scnb-svr1 and click OK
  9. Then add scnb-dc1 and click OK
  10. Click Next
  11. On the Topology Selection page, choose Full mesh
  12. Click Next
  13. On the Replication Group Schedule and Bandwidth page, choose Replicate continuously using the specified bandwith and in the Bandwidth drop-down box, choose Full
  14. Click Next
  15. On the Primary Member page, choose the primary member, scnb-svr1
  16. Click Next
  17. Browse the local path of the folders on scnb-svr1 and select the appropriate folder, Click OK
  18. Click Next
  19. On the Local Path of Projects on Other Members page, we have scnb-dc1 listed
  20. Click Edit to edit the local path of scnb-dc1
  21. Select Enabled and Browse to choose the local path of the folder on scnb-dc1
  22. Click OK
  23. Click Next
  24. Review Settings and Create Replication Group page is displayed
  25. Review and click Create
  26. Click Close
  27. A warning message displays, “Replication will not begin until the configuration is picked up by the members of the replication group. The amount of time this takes depends on Active Directory Domain Services replication latency as well as the polling interval.
  28. Click OK (You will now see the replication group underneath the Replication node in the DFS Management tree in the DFS Management dialog box.)

Create Diagnostics Report…
To do this, you can go into DFS Management and under Actions, choose Create Diagnostic Report…, or
Under Replication in the DFS Management console tree, right-click the replication group that you want to create a report for and select Create Diagnostic Report…

Best Pratctices

DFS saves the user from having to remember UNCs to connect to files. It simplifies the end-user experience.
You have fault-tolerance by providing replicas of the DFS namespace.
DRSR is now used by Windows Server 2008 as its method of replication.
Network ports used by DFS
Service Name Computers UDP TCP
NetBIOS Name Service Domain controllers: root servers that are not domain controllers; servers and client computers acting as folder targets 137 137
NetBIOS Datagram Service Domain controllers: root servers that are not domain controllers; servers and client computers acting as folder targets 138
NetBIOS Session Service Domain controllers: root servers that are not domain controllers; servers and client computers acting as folder targets
139
LDAP Server Domain controllers 389 389
Remote Procedure Call (RPC) endpoint mapper Domain controllers
135
Server Message Block (SMB) Domain controllers: root servers that are not domain controllers; servers and client computers acting as folder targets 445 445

Tools
Tool Use Where
Dfsutil Perform advanced operations on DFS namespaces On a namespace server, type Dfsutil at a command prompt
DFscmd.exe Scripting basic DFS tasks such as configuring DFS roots and targets. On a namespace server, type Dfscmd at a command prompt
DFS Management Perform tasks related to DFS namespaces and replication Click Start | Administrative Tools | DFS Management



What's New in Distributed File System
The Dfsrdiag.exe command-line tool includes three new command-line switches that provide enhanced diagnostic capabilities:
  • Dfsrdiag.exe ReplState
  • . Provides a summary of the replication status across all connections on the specified replication group member. It initiates a snapshot of the internal state of the DFS Replication service and gathers a list of the updates that are currently being processed (downloaded or served) by the service.
  • Dfsrdiag.exe IdRecord
  • . Displays the DFS Replication ID record and version for the file or folder that you specify by using its path or its Unique Identifier (UID). The DFS Replication service creates an ID record for every file and folder that it replicates, and you can use the ID record and its version information to determine if a file has replicated properly to a particular member.
  • Dfsrdiag.exe FileHash
  • . Computes and displays the hash value that is generated by the DFS Replication service for a particular file. The hash value is used to compare two files—if the hash value for two files is identical, so are the files.
    For example, if you use a portable hard drive to copy the contents of a replicated folder to a replication group member before the initial replication, it is often useful to verify whether the files that you copied (for example, the attributes, timestamps, and access control lists (ACLs)) are identical to the version of the files on the authoritative replication group member. If the files are identical, the DFS Replication service doesn’t download any portion of the file during replication (except for its metadata, which the service uses to determine that the files are identical).

    1 comment:

    "Comment As:" anonymous if you would rather not sign into an account!