Read Windows Server 2008 R2 Unleashed Online
Authors: Noel Morimoto
support the replication of DFS data stored on multiple servers. This can be a valuable tool
used to distribute company applications to each site or to provide centralized storage of
remote office data for redundancy, centralized backup, and to support users who travel
and work in different offices.
1150
CHAPTER 28
File System Management and Fault Tolerance
With the release of Windows Server 2003 R2 and further improved in Window Server
2008 R2, a service to extend the functionality and optimize DFS Replication has been
created. This service is called the Distributed File System Replication (DFSR) service, which
utilizes the new Remote Differential Compression (RDC) protocol. DFSR replaces the
legacy File Replication Service (FRS) that was previously used to replicate DFS data. As long
as all of the DFS servers defined in a DFS replication group are running Windows Server
2003 R2 or later, the DFSR service will be used to replicate the data. If any of the systems
are running a previous version operating system, DFS data will be replicated using the File
Replication Service. There is one exception to this rule: The Domain System Volume
(SYSVOL) will be replicated between domain controllers using the File Replication Service,
even if all the domain controllers are running Windows Server 2008 R2, until the domain
functional level is raised to the Windows Server 2008 level and the SYSVOL is migrated
from FRS to DFSR.
DFS Replication and DFS namespaces are independent of one another, but they can be
used together, as they are commonly deployed in this fashion. Replication of folders can
be set up between servers that do not host any DFS namespaces or namespace folders but
the DFS Replication service must be installed on all systems participating in the replica-
tion. Windows Server 2008 R2 increases DFS Replication security and performance because
all DFS Replication is compressed and encrypted. Note that the data stream cannot be set
to run unencrypted.
ptg
DFS Terminology
To properly understand DFS, a number of technical terms are used when deploying,
configuring, and referencing DFS. Although the DFS namespace and DFS Replication have
already been described, the remaining terms should also be understood before reading the
remainder of this chapter or deploying a new DFS infrastructure:
.
DFS namespace—
A unified namespace that presents a centralized view of shared
folder data in an organization.
.
DFS namespace server—
A Windows server that hosts a DFS namespace.
.
DFS namespace root—
The top level of the DFS tree that defines the namespace for
DFS and the functionality available. The namespace root is also the name of the DFS
namespace. A domain-based root adds fault-tolerant capabilities to DFS by allowing
several servers to host the same DFS namespace root.
NOTE
Depending on which Server version, service pack, and edition of Window Server 2003
or 2008 is used will determine how many namespaces are supported on a single serv-
er. Please refer to online Microsoft documentation to determine which edition is right
for your organization’s implementation of DFS.
.
DFS folder—
A folder that will be presented under the root when a DFS client
connects. When a root is created, folders can be created within the file system, but
The Distributed File System
1151
DFS folders allow the system to redirect clients to different systems other than the
namespace server hosting the root.
.
Folder target—
A shared folder hosted on a Windows server. The DFS folder name
and the share name do not need to be the same but for troubleshooting purposes it
is highly recommended. Multiple folder targets can be assigned to a single DFS folder
to provide fault tolerance. If a single folder target is unavailable, clients will be
connected to another available target. When DFS folders are created with multiple
folder targets, replication can also be configured using DFS replication groups to
keep the data across the targets in sync. Folder targets can be a share name or a
folder beneath a share. For example, \\server1\userdata or \\server1\userdata\
Finance are both valid folder targets.
.
DFS tree—
The hierarchy of the namespace. For example, the DFS tree begins with
the DFS root namespace and contains all the defined folders below the root.
.
Referrals—
A configuration setting of a DFS namespace and/or folder that defines
how DFS clients will connect to the namespace server, a folder in the namespace, or
a particular folder target server. Referral properties include limiting client connec-
tions to servers in the local Active Directory site and how often to check the avail-
ability of a DFS server. Disabling a target’s referral keeps it from being used by clients.
Target referral can be disabled when maintenance will be performed on a server.
ptg
DFS Replication Terminology
DFS uses either the File Replication Service or the Distributed File System Replication
service to automatically replicate data contained in DFS folder targets. To understand the
replication concepts, you must understand some key DFS replication terminology. Here
are some important terms:
.
Replication—
The process of copying data from a source server folder to a destina-
tion server folder.
28
.
Replication connection—
The directory object that defines and manages the repli-
cation between a sending and receiving replication member server. The replication
connection defines the replication schedule, which service will replicate the data,
the sending and receiving members, and any bandwidth restrictions for the connec-
tion. Each replication connection has only a single sending and receiving replica-
tion member.
.
Replication member—
A server that shares a common replication connection. The
receiving replication server receives data from a sending member server specified in
the replication connection. The sending replication partner sends data to the receiv-
ing member specified in the replication connections.
.
Read-only replication folders—
Windows Server 2008 R2 introduces support for
read-only replicas. This can be useful for auditing, centralized backup, or managing
data sets. Only the replication members that are not defined as the primary source
can host read-only replication folders. Read-Only Domain Controllers host the
SYSVOL as a read-only replication folder. When read-only replication folders exist, it
1152
CHAPTER 28
File System Management and Fault Tolerance
is a best practice to ensure that replication is only one-way to the read-only replica-
tion folder.
.
Replication group—
All the servers, folders, and connections that define a replica-
tion set of data.
.
Multimaster replication—
This defines two-way replication between multiple
servers in a replication group. With multimaster replication, data changed on any
server in the group will be replicated to every other server in the group.
Planning for a DFS implementation requires an administrator to understand the different
types of Distributed File System namespaces and the features and limitations of each type,
including which operating system versions and domain functional levels are required to
enable certain functionality. Also, the administrator must understand which tasks can be
automated using DFS and which must be configured manually. For instance, DFS can
create the file share for namespace roots, folders, or folder targets, including setting share
permissions, but the NTFS permissions and additional share features cannot be configured
during this process. As a best practice, DFS administrators should create and define shares,
ptg
share permissions, and NTFS permissions on the shared folder prior to defining these
shares as DFS folder targets.
When an organization wants automated file replication, domain-based DFS and stand-
alone DFS namespaces deployed in an Active Directory domain can utilize Windows
Server 2008 DFS Replication using the Remote Differential Compression to replicate shared
folders if all of the participating DFS servers are running Windows Server 2008 or later.
Configuring File Share and NTFS Permissions for DFS Root and
Folder Targets
The DFS Management console is not currently capable of configuring advanced share
features or setting or synchronizing NTFS permissions for namespace root shares or folder
targets. This means that for administrators to ensure proper folder access, administrators
should first configure the advanced share features and NTFS permissions on folders that
will host namespace roots and folder targets before configuring DFS. If multiple name-
space root servers or folder target servers will be utilized, permissions between the servers
will need to be manually synchronized to match; otherwise, undesired access or lack or
access might result.
Choosing a DFS Type
As mentioned previously, DFS namespaces can be based on the server name (standalone)
or the domain name hosting the namespace. Both provide a single namespace, but only
domain namespaces can provide redundancy at the namespace root level.
Planning a DFS Deployment
1153
Standalone DFS Namespace
A standalone DFS namespace provides the characteristic DFS single namespace. The name-
space is defined by the name of the server that hosts the root target and the share.
Standalone roots can support only a single root target, but an administrator can configure
multiple folder targets. Data stored within multiple folder targets must be kept in sync
manually unless the standalone namespace server and all of the folder target servers are
members of a single Active Directory domain and will utilize DFS Replication. Standalone
roots are normally deployed in environments that do not contain Active Directory
domains and can be used to enable access-based enumeration of DFS folders as well as
enabling the ability to host more than 5,000 folders within the namespace.
Domain-Based DFS Namespace
For an administrator to create a domain DFS root, the initial namespace root server must
be a member of an Active Directory domain. A domain-based DFS namespace provides a
single namespace that is based on the DNS and NetBIOS domain name plus a root name,
when the namespace is created. Domain-based DFS namespaces can utilize DFS
Replication to replicate data between multiple folder targets.
Windows 2008 Mode for Domain-based DFS Namespace
Windows 2008 mode for domain-based namespaces enables the namespace to contain
ptg
more than 5,000 folders and access-based enumeration can also be enabled. To enable this
functionality, the forest must be set to Windows Server 2003 or greater forest functional
level and the domain that contains the namespace servers must be in Windows Server
2008 domain functional level.
Planning for DFS Replication
When an organization wants to replicate data stored on Windows Server 2008 R2 systems
published in DFS namespaces, administrators must create the namespaces on servers that
are members of an Active Directory domain. Replication can be configured between multi-
28
ple targets on a DFS folder or on Windows Server 2008 or Windows Server 2008 R2
systems that do not participate in a DFS namespace. When multiple targets are defined for
a folder, DFS can utilize the FRS or the DFSR service to create replication connection
objects and automatically synchronize data between each target.
Initial Master
When replication is first configured using the DFS console and the New Replication Group
Wizard, the administrator can choose which target server will be the initial master. The
data contained on the initial master is replicated to the remaining targets. For targets on
servers other than the initial master, existing data is moved to a hidden directory, and the
current folder is filled with the data contained only in the initial master folder. After
initial replication is complete, the administrator can restore data moved to the hidden
folder back to the working directory, where it can trigger replication outbound to all the
other replicas in the replica set, if replication is two-way and neither target is set to read-
only. As a best practice, when adding additional targets to a replica set, try to start with
empty folders.
1154
CHAPTER 28
File System Management and Fault Tolerance
The Staging Folder
The staging folder is the location where a DFS Replication member stores the data that
will be replicated to other replication members within a replication group. In a fully
synchronized replication group, the staging folder on all servers will be empty. Because
replication data will travel through this folder, the drive hosting the staging folder must
have sufficient free space to accommodate the maximum size of the staging folder and
should be able to handle the additional disk load. By default, the staging folder is limited