If you have multiple file servers
deployed, how do you connect to the file servers?
DFS is a service that connects file shares together into a single namespace. The files can reside on different computers and provides client access to the files in a transparent manner.
Windows® Internals: Including Windows Server 2008 and Windows Vista, Fifth Edition
DFS Step-by-Step Guide for Windows Server 2008
Stand-alone can be used if there is no Active Directory.
When receiving files from a primary member during initial replication, the receiving members containing files not currently present on the primary member, will move the files to their DfsrPRivate\PreExisting folder.
What's New in Distributed File System
DFS is a service that connects file shares together into a single namespace. The files can reside on different computers and provides client access to the files in a transparent manner.
The server side implementation of DFS consists of a Windows service (\%SystemRoot%\System32\Dfssvc.exe) and a device driver (\%SystemRoot%\System32\Drivers\Dfs.sys). The DFS service is responsible for exporting DFS topology-management interfaces and maintaining the DFS topology in either the registry (on non-Active Directory systems) or Active Directory. The DFS driver performs topology lookups when it receives a client request so that it can direct the client to the system where the file it is requesting resides.
On the client side, DFS support is implemented in another device driver (%SystemRoot%\System32\Drivers\Dfsc.sys) and uses the SMB redirector for its internal communication with DFS servers. The DFS client provider is implemented in \%SystemRoot\System32\Ntlanman.dll. When a client issues a file I/O request that specifies a file in the DFS namespace, the DFS client driver communicates with the target file server by using the appropriate redirector.
DFS Technologies:
- DFS Namespaces (DFS-N). Provides the ability to group together shared folders located on different servers and present them as a virtual tree of folders known as a namespace. Users only need to know the virtual namespace name to access the shared folder structure. The root of a DFS namespace must be a file share defined on a Windows server.
- DFS Replication (DFS-R). Optimized for Windows Server 2008 to provide multi-master replication and is useful for WANs and branch offices (enables any server to perform replication activity). DFS provides high-availability and fault-tolerant files and folders. The main job of DFSR is to replicate the contents of any DFS share, along with the domain controller's \SYSVOL directory. SYSVOL is where the domain controller's store logon scripts and Group Policy files.
- Remote Differential Compression (RDC). Uses delta-based replication that identifies data insertions, removals, and rearrangements across files and transmits these changes over the network. This achieves significant bandwidth savings over limited-bandwidth networks. RDC is only used on files that are 64 KB and larger, by default.
How does the DFS Namespace and DFS Replication Work?
- The user types in a UNC that targets a namespace server and receives a referral that is transparent to the end user.
- The client computer will cache the referral. The referral contains a list of folder targets of physical servers that hosts the resources. The client computer will contact the first server listed in the referral. Typically, the first server will be in the same Active Directory site as the user’s computer. If the server is not in the same Active Directory site as the user’s computer, the client will go over the WAN using the cached referrals until it finds the folder target that matches the information they are looking for.
- DFS Replication. If the target folder is on a server that the user is unable to connect to, then
the replication server will be in the list as a folder target.
Windows® Internals: Including Windows Server 2008 and Windows Vista, Fifth Edition
DFS Step-by-Step Guide for Windows Server 2008
DFS Namespace Types
Characteristic | Domain-based | Stand-alone |
Path | \\Domainname\Namespace | \\Servername\Namespace |
Location | Active Directory and memory cache | Server registry and memory cache |
Size |
|
Up to 50,000 folders with targets |
Availability | Namespace hosted on multiple servers | Failover cluster |
DFS Replication | Supported | Supported |
Stand-alone can be used if there is no Active Directory.
Domain-based can be useful if you wish
to hide the name of the namespace server from the users.
Domain-based provides high-availability because the namespace is hosted on multiple servers.
Domain-based provides high-availability because the namespace is hosted on multiple servers.
Both stand-alone and domain-based
namespace support replication.
If you upgrade the domain functional level to Windows Server 2008 while there are existing domain-based namespaces, DFS Management will allow you to enable access-based enumeration on these namespaces. However, you will not be able to edit permissions to hide folders from any groups or users unless you migrate the namespaces to the Windows Server 2008 mode. For more information, see Migrate a Domain-based Namespace to Windows Server 2008 Mode.
What are Folders and Folder Targets?
Folder. A folder in DFS is the
primary element of a namespace. It allows us to build the namespace
hierarchy.
Folder Target. A folder target
is a UNC (Universal Naming Convention) that points to a shared
folder, a folder within a shared folder, or a path to another
namespace.
Namespace Server Requirements
Namespace Server:
- Domain controller or member server
- Windows Server 2003 or Windows Server 2008
- An NTFS volume required to host the namespace
- Must be in the same domain if the namespace is domain-based
- If the namespace is domain-based, it cannot be a clustered resource
http://blogs.technet.com/photos/filecab/images/3055247/640x461.aspx |
Demo – Install DFS
Start | Administrative Tools | Server Manager
- Select Roles
- Select File Services and right-click
- Select Add Role Services
- Select Distributed File System
- Click Next
- Select Create a namespace later using the DFS Management snap-in in Server Manager
- Click Next
- Click Install
- Click Close
- Close Server Manager
Configure and Deploy DFS Namespaces
Configure a namespace for publishing content:
- Create a namespace
- Create a folder in the namespace
- Add folder targets (multiple folder targets increases the fault tolerance of the file system)
- Optional: Set the target priority to override referral ordering
- Optional: Enable client failback (in case the target has failed and is subject to a restore)
- Replicate folder targets using DFS-R
Note: You may need to delegate the
ability to create and manage namespaces.
Security Requirements for Creating and Managing a Namespace
Task | Group |
Create a domain-based namespace | Domain Admins |
Add a namespace server to a domain-based namespace | Domain Admins |
Manage a domain-based namespace | Local Admin on each namespace server |
Create a stand-alone namespace | Local Admin group on the namespace server |
Manage stand-alone namespace | Local Admin group on the namespace server |
Implement DFS replication | Domain Admins |
Demo – Create Namespaces
- Start | Administrative Tools | DFS Management
- Right-click Namespaces and select New Namespace…
- On the Namespace Server dialog box, type the name of the server that will host the namespace. In this demo, we will call it nyc-dc1.
- Click Next.
- On the Namespace Name and Settings dialog box, type the name of the namespace. In this demo, we will call it ProjectDocu and click Edit Settings to indicate permissions.
- On the Edit Settings page, indicate the user permissions desired. Click OK.
- Click Next.
- On the Namespace Type dialog box, indicate whether the namspace will be Domain-based or Stand-alone namespace. In this example, we will use a Stand-alone namespace which will be stored on a single namespace server.
- Click Next.
- Review Settings and Create Namespace.
- Click Create. (Errors will be located on the Errors tab)
- Click Close.
- Now you will see \\NYC-DC1\ProjectDocu located underneath Namespaces.
Increase Availability of a Namespace
- Domain-based. Specify additional namespace servers.
- Stand-alone. Create a stand-alone namespace as a cluster resource.
- Folders. Specify additional folder targets and replicate folders using DFS Replication.
Configure Folder Targets
- Start | Administrative Tools | DFS Management
- Select Namespaces and highlight \\NYC-DC1\ProjectDocu that we created in the previous demo.
- Right-click and select New Folder.
- Type in a name: Projects and click Add to add a folder target.
- Browse to ProjectDocu shared folder.
- Click OK.
- Click OK.
- Now you see the folder called Projects. Right click on it and select Properties.
- Click on the Referrals tab. Here you can see how long the client is allowed to cache the referral and the overrides for the namespace settings at the root. Click OK.
- Click on New Folder Target.
- In the Path to folder target:, click Browse. Change the server to nyc-svr1. Click Check Names to verify the server. Click OK.
- Click New Shared Folder. Type ProjectDocu in the Share name: text box and the Local path of shared folder: on the remote computer. Click Browse to Browse For Folder for ProjectDocu.
- Click OK.
- Modify the Shared folder permissions: if needed.
- Click OK.
- Click OK.
- Click OK.
- A Replication dialog box displays because we have set up an additional folder target asking Do you want to create a replication group? We will select No for this example.
Configuring DFS Replication (DFSR)
DFSR is a new technology in
Windows Server 2008 and is how Active Directory Domain
Services provides file and folder replication between domain
controllers. It is available in standalone and domain configurations.
DFSR is multi-master replication
and it supports compression and bandwidth management technologies
that are network friendly.
DFS-R is a multi-master
replication engine that supports replication scheduling and bandwidth
throttling.
- DFSR uses remote differential compression (RDC) to efficiently update files over limited-bandwidth networks.
- DFSR uses delta-based replication and detects changes on the volume by monitoring the Update Sequence Number or USN journal. It also uses update sequence numbers.
- Uses a staging folder to act as caches for new and changed files to stage a file before sending and receiving it. Each replicated folder has its own staging folder located by default in the local path of the replicated folder in DfsrPrivate\Staging folder.
- Uses a version vector exchange protocol to determine what files need to be synchronized. The protocol sends less than 1 KB per file across the network to synchronize the metadata associated with changed files on the sending and receiving members. Introduction to DFS Replication
- Uses a conflict resolution heuristic of last writer wins for files in conflict, when a file is updated at multiple servers simultaneously, an earliest creator wins for name conflicts. Files and folders losing the conflict resolution are moved to the DfsrPrivate\ConflictandDeleted folder. You may also configure the DFSR service to move deleted files to this ConflictandDeleted folder when the file is deleted, for retrieval purposes. Staging folders and Conflict and Deleted folders
- DFS Replication can automatically recover from USN journal wraps, USN journal loss, or a loss of the DFS Replication database.
- Uses a Windows Management Instrumentation (WMI) provider to provide interfaces to obtain configuration and monitoring information from the DFS Replication service.
What are Replication Groups and Folders?
- Replication Group.
- A replication group is a set of servers that have membership in the replication group. The servers participate in replicating one or more folders.
- Replicated Folder.
- A replicated folder is kept synchronized on each member.
DFS Replication Requirements
- The Active Directory schema must include the DFS replication objects.
- The servers must be Windows Server 2003 R2 or Windows Server 2008 with the DFS Replication service installed.
- Replicated folders must be stored on NTFS volumes because DFSR depends on the NTFS change journal to detect changes to files in directories in a replica set.
- Servers in a replication group must be in the same forest.
- On server clusters, replicated folders must be located in the node’s local storage because the service is not designed to work with cluster components, and will not fail over to another node.
- Antivirus must be compatible with DFS Replication so that it will not be flagged as virus activity.
Scalability for DFS Replication
The following are guidelines:
- Each server can be a member of up to 256 replication groups
- A replication group can contain up to 256 replicated folders
- Each server can have up to 256 connections
- The number of replication groups multiplied by the number of replicated folders multiplied by the number of simultaneously active connections must be kept to 1024 or fewer
- A replication group can contain up to 256 members
- A volume can contain up to 8 million replicated files, and a server can contain up to 1 terabyte of replicated files
- The max tested file size is 64 gigabytes
Steps to Deploy a Multipurpose Replication Group
- Determine the type of replication group you are going to create
- Specify the name and domain
- Add the replication group members
- Specify a topology
- Specify the replication group schedule and the bandwidth
- Specify the primary member
- Specify the folders to replicate and the local path on the member servers
Once
you have configured replication, replication does not start
immediately. The topology and DFS replication settings have to be
replicated to all of the domain controllers.
Each
member of the replication group must poll the closest domain
controller to obtain the settings. The amount of time for this will
depend on your Active Directory replication latency and the polling
interval on each member.
Initial
replication always occurs between the primary member and the primary
member’s receiving replication partners. After a member has
received all files from the primary member, then that member will
replicate to it’s receiving partners.
When receiving files from a primary member during initial replication, the receiving members containing files not currently present on the primary member, will move the files to their DfsrPRivate\PreExisting folder.
If
a file is identical to a file on the primary member, the file is not
replicated.
If
the receiving file is different from the primary member’s version
of the file, then the receiving member’s file is moved to the
ConflictandDeleted folder.
An
Remote Differential Compression (RDC) can be used to download only
the changed blocks or delta replicated components from the existing
files.
To
determine whether the files are identical on the primary and
receiving member, DFS Replication compares the files using a hash
algorithm and if they are identical, minimum metadata is transferred
between the replication members.
After
the initial replication of the replicated folder, the primary member
designation is removed and the member is treated like any other
member and its files are no longer considered to be authoritative.
Understanding the Initial Replication Process
- Replication of DFS settings
- Primary member starts replication
- Files are moved to DfsrPrivate\PreExisting (if the files are not present on the primary member)
- Files are compared and replicated
- Primary member designation is removed
Diagnostics Reports and Propogation Tests
Staging folders and Conflict and Deleted folders
Diagnostic Report Wizard:
- Create a health report
- Start a propagation test
- Create a propagation report
Demo – Deploy DFS Replication
- Start | Administrative Tools | DFS Management
- Right-click Replication and choose New Replication Group…
- Choose Multipurpose replication group
- Click Next
- Under Name of replication group: type SCNB_Projects. The domain is SCNB.com
- Click Next
- Click Add to add replication group members
- We will add scnb-svr1 and click OK
- Then add scnb-dc1 and click OK
- Click Next
- On the Topology Selection page, choose Full mesh
- Click Next
- On the Replication Group Schedule and Bandwidth page, choose Replicate continuously using the specified bandwith and in the Bandwidth drop-down box, choose Full
- Click Next
- On the Primary Member page, choose the primary member, scnb-svr1
- Click Next
- Browse the local path of the folders on scnb-svr1 and select the appropriate folder, Click OK
- Click Next
- On the Local Path of Projects on Other Members page, we have scnb-dc1 listed
- Click Edit to edit the local path of scnb-dc1
- Select Enabled and Browse to choose the local path of the folder on scnb-dc1
- Click OK
- Click Next
- Review Settings and Create Replication Group page is displayed
- Review and click Create
- Click Close
- A warning message displays, “Replication will not begin until the configuration is picked up by the members of the replication group. The amount of time this takes depends on Active Directory Domain Services replication latency as well as the polling interval.
- Click OK (You will now see the replication group underneath the Replication node in the DFS Management tree in the DFS Management dialog box.)
Create Diagnostics Report…
To do this, you can go into DFS
Management and under Actions, choose Create Diagnostic Report…,
or
Under Replication in the DFS Management
console tree, right-click the replication group that you want to
create a report for and select Create Diagnostic Report…
Best Pratctices
DFS saves the user from having to
remember UNCs to connect to files. It simplifies the end-user
experience.
You have fault-tolerance by
providing replicas of the DFS namespace.
DRSR is now used by Windows Server 2008
as its method of replication.
Network ports used by DFS
Service Name | Computers | UDP | TCP |
NetBIOS Name Service | Domain controllers: root servers that are not domain controllers; servers and client computers acting as folder targets | 137 | 137 |
NetBIOS Datagram Service | Domain controllers: root servers that are not domain controllers; servers and client computers acting as folder targets | 138 | |
NetBIOS Session Service | Domain controllers: root servers that are not domain controllers; servers and client computers acting as folder targets | 139 | |
LDAP Server | Domain controllers | 389 | 389 |
Remote Procedure Call (RPC) endpoint mapper | Domain controllers | 135 | |
Server Message Block (SMB) | Domain controllers: root servers that are not domain controllers; servers and client computers acting as folder targets | 445 | 445 |
Tools
Tool | Use | Where |
Dfsutil | Perform advanced operations on DFS namespaces | On a namespace server, type Dfsutil at a command prompt |
DFscmd.exe | Scripting basic DFS tasks such as configuring DFS roots and targets. | On a namespace server, type Dfscmd at a command prompt |
DFS Management | Perform tasks related to DFS namespaces and replication | Click Start | Administrative Tools | DFS Management |
What's New in Distributed File System
The Dfsrdiag.exe command-line tool includes three new command-line switches that provide enhanced diagnostic capabilities:
- Dfsrdiag.exe ReplState
. Provides a summary of the replication status across all connections on the specified replication group member. It initiates a snapshot of the internal state of the DFS Replication service and gathers a list of the updates that are currently being processed (downloaded or served) by the service.
- Dfsrdiag.exe IdRecord
. Displays the DFS Replication ID record and version for the file or folder that you specify by using its path or its Unique Identifier (UID). The DFS Replication service creates an ID record for every file and folder that it replicates, and you can use the ID record and its version information to determine if a file has replicated properly to a particular member.
- Dfsrdiag.exe FileHash
. Computes and displays the hash value that is generated by the DFS Replication service for a particular file. The hash value is used to compare two files—if the hash value for two files is identical, so are the files.
For example, if you use a portable hard drive to copy the contents of a replicated folder to a replication group member before the initial replication, it is often useful to verify whether the files that you copied (for example, the attributes, timestamps, and access control lists (ACLs)) are identical to the version of the files on the authoritative replication group member. If the files are identical, the DFS Replication service doesn’t download any portion of the file during replication (except for its metadata, which the service uses to determine that the files are identical).
Great article, thanks!
ReplyDelete