Windows Server 2008 R2 Unleashed (226 page)

support the replication of DFS data stored on multiple servers. This can be a valuable tool

used to distribute company applications to each site or to provide centralized storage of

remote office data for redundancy, centralized backup, and to support users who travel

and work in different offices.

1150

CHAPTER 28

File System Management and Fault Tolerance

With the release of Windows Server 2003 R2 and further improved in Window Server

2008 R2, a service to extend the functionality and optimize DFS Replication has been

created. This service is called the Distributed File System Replication (DFSR) service, which

utilizes the new Remote Differential Compression (RDC) protocol. DFSR replaces the

legacy File Replication Service (FRS) that was previously used to replicate DFS data. As long

as all of the DFS servers defined in a DFS replication group are running Windows Server

2003 R2 or later, the DFSR service will be used to replicate the data. If any of the systems

are running a previous version operating system, DFS data will be replicated using the File

Replication Service. There is one exception to this rule: The Domain System Volume

(SYSVOL) will be replicated between domain controllers using the File Replication Service,

even if all the domain controllers are running Windows Server 2008 R2, until the domain

functional level is raised to the Windows Server 2008 level and the SYSVOL is migrated

from FRS to DFSR.

DFS Replication and DFS namespaces are independent of one another, but they can be

used together, as they are commonly deployed in this fashion. Replication of folders can

be set up between servers that do not host any DFS namespaces or namespace folders but

the DFS Replication service must be installed on all systems participating in the replica-

tion. Windows Server 2008 R2 increases DFS Replication security and performance because

all DFS Replication is compressed and encrypted. Note that the data stream cannot be set

to run unencrypted.

ptg

DFS Terminology

To properly understand DFS, a number of technical terms are used when deploying,

configuring, and referencing DFS. Although the DFS namespace and DFS Replication have

already been described, the remaining terms should also be understood before reading the

remainder of this chapter or deploying a new DFS infrastructure:

.
DFS namespace—
A unified namespace that presents a centralized view of shared

folder data in an organization.

.
DFS namespace server—
A Windows server that hosts a DFS namespace.

.
DFS namespace root—
The top level of the DFS tree that defines the namespace for

DFS and the functionality available. The namespace root is also the name of the DFS

namespace. A domain-based root adds fault-tolerant capabilities to DFS by allowing

several servers to host the same DFS namespace root.

NOTE

Depending on which Server version, service pack, and edition of Window Server 2003

or 2008 is used will determine how many namespaces are supported on a single serv-

er. Please refer to online Microsoft documentation to determine which edition is right

for your organization’s implementation of DFS.

.
DFS folder—
A folder that will be presented under the root when a DFS client

connects. When a root is created, folders can be created within the file system, but

The Distributed File System

1151

DFS folders allow the system to redirect clients to different systems other than the

namespace server hosting the root.

.
Folder target—
A shared folder hosted on a Windows server. The DFS folder name

and the share name do not need to be the same but for troubleshooting purposes it

is highly recommended. Multiple folder targets can be assigned to a single DFS folder

to provide fault tolerance. If a single folder target is unavailable, clients will be

connected to another available target. When DFS folders are created with multiple

folder targets, replication can also be configured using DFS replication groups to

keep the data across the targets in sync. Folder targets can be a share name or a

folder beneath a share. For example, \\server1\userdata or \\server1\userdata\

Finance are both valid folder targets.

.
DFS tree—
The hierarchy of the namespace. For example, the DFS tree begins with

the DFS root namespace and contains all the defined folders below the root.

.
Referrals—
A configuration setting of a DFS namespace and/or folder that defines

how DFS clients will connect to the namespace server, a folder in the namespace, or

a particular folder target server. Referral properties include limiting client connec-

tions to servers in the local Active Directory site and how often to check the avail-

ability of a DFS server. Disabling a target’s referral keeps it from being used by clients.

Target referral can be disabled when maintenance will be performed on a server.

ptg

DFS Replication Terminology

DFS uses either the File Replication Service or the Distributed File System Replication

service to automatically replicate data contained in DFS folder targets. To understand the

replication concepts, you must understand some key DFS replication terminology. Here

are some important terms:

.
Replication—
The process of copying data from a source server folder to a destina-

tion server folder.

28

.
Replication connection—
The directory object that defines and manages the repli-

cation between a sending and receiving replication member server. The replication

connection defines the replication schedule, which service will replicate the data,

the sending and receiving members, and any bandwidth restrictions for the connec-

tion. Each replication connection has only a single sending and receiving replica-

tion member.

.
Replication member—
A server that shares a common replication connection. The

receiving replication server receives data from a sending member server specified in

the replication connection. The sending replication partner sends data to the receiv-

ing member specified in the replication connections.

.
Read-only replication folders—
Windows Server 2008 R2 introduces support for

read-only replicas. This can be useful for auditing, centralized backup, or managing

data sets. Only the replication members that are not defined as the primary source

can host read-only replication folders. Read-Only Domain Controllers host the

SYSVOL as a read-only replication folder. When read-only replication folders exist, it

1152

CHAPTER 28

File System Management and Fault Tolerance

is a best practice to ensure that replication is only one-way to the read-only replica-

tion folder.

.
Replication group—
All the servers, folders, and connections that define a replica-

tion set of data.

.
Multimaster replication—
This defines two-way replication between multiple

servers in a replication group. With multimaster replication, data changed on any

server in the group will be replicated to every other server in the group.

Planning a DFS Deployment

Planning for a DFS implementation requires an administrator to understand the different

types of Distributed File System namespaces and the features and limitations of each type,

including which operating system versions and domain functional levels are required to

enable certain functionality. Also, the administrator must understand which tasks can be

automated using DFS and which must be configured manually. For instance, DFS can

create the file share for namespace roots, folders, or folder targets, including setting share

permissions, but the NTFS permissions and additional share features cannot be configured

during this process. As a best practice, DFS administrators should create and define shares,

ptg

share permissions, and NTFS permissions on the shared folder prior to defining these

shares as DFS folder targets.

When an organization wants automated file replication, domain-based DFS and stand-

alone DFS namespaces deployed in an Active Directory domain can utilize Windows

Server 2008 DFS Replication using the Remote Differential Compression to replicate shared

folders if all of the participating DFS servers are running Windows Server 2008 or later.

Configuring File Share and NTFS Permissions for DFS Root and

Folder Targets

The DFS Management console is not currently capable of configuring advanced share

features or setting or synchronizing NTFS permissions for namespace root shares or folder

targets. This means that for administrators to ensure proper folder access, administrators

should first configure the advanced share features and NTFS permissions on folders that

will host namespace roots and folder targets before configuring DFS. If multiple name-

space root servers or folder target servers will be utilized, permissions between the servers

will need to be manually synchronized to match; otherwise, undesired access or lack or

access might result.

Choosing a DFS Type

As mentioned previously, DFS namespaces can be based on the server name (standalone)

or the domain name hosting the namespace. Both provide a single namespace, but only

domain namespaces can provide redundancy at the namespace root level.

Planning a DFS Deployment

1153

Standalone DFS Namespace

A standalone DFS namespace provides the characteristic DFS single namespace. The name-

space is defined by the name of the server that hosts the root target and the share.

Standalone roots can support only a single root target, but an administrator can configure

multiple folder targets. Data stored within multiple folder targets must be kept in sync

manually unless the standalone namespace server and all of the folder target servers are

members of a single Active Directory domain and will utilize DFS Replication. Standalone

roots are normally deployed in environments that do not contain Active Directory

domains and can be used to enable access-based enumeration of DFS folders as well as

enabling the ability to host more than 5,000 folders within the namespace.

Domain-Based DFS Namespace

For an administrator to create a domain DFS root, the initial namespace root server must

be a member of an Active Directory domain. A domain-based DFS namespace provides a

single namespace that is based on the DNS and NetBIOS domain name plus a root name,

when the namespace is created. Domain-based DFS namespaces can utilize DFS

Replication to replicate data between multiple folder targets.

Windows 2008 Mode for Domain-based DFS Namespace

Windows 2008 mode for domain-based namespaces enables the namespace to contain

ptg

more than 5,000 folders and access-based enumeration can also be enabled. To enable this

functionality, the forest must be set to Windows Server 2003 or greater forest functional

level and the domain that contains the namespace servers must be in Windows Server

2008 domain functional level.

Planning for DFS Replication

When an organization wants to replicate data stored on Windows Server 2008 R2 systems

published in DFS namespaces, administrators must create the namespaces on servers that

are members of an Active Directory domain. Replication can be configured between multi-

28

ple targets on a DFS folder or on Windows Server 2008 or Windows Server 2008 R2

systems that do not participate in a DFS namespace. When multiple targets are defined for

a folder, DFS can utilize the FRS or the DFSR service to create replication connection

objects and automatically synchronize data between each target.

Initial Master

When replication is first configured using the DFS console and the New Replication Group

Wizard, the administrator can choose which target server will be the initial master. The

data contained on the initial master is replicated to the remaining targets. For targets on

servers other than the initial master, existing data is moved to a hidden directory, and the

current folder is filled with the data contained only in the initial master folder. After

initial replication is complete, the administrator can restore data moved to the hidden

folder back to the working directory, where it can trigger replication outbound to all the

other replicas in the replica set, if replication is two-way and neither target is set to read-

only. As a best practice, when adding additional targets to a replica set, try to start with

empty folders.

1154

CHAPTER 28

File System Management and Fault Tolerance

The Staging Folder

The staging folder is the location where a DFS Replication member stores the data that

will be replicated to other replication members within a replication group. In a fully

synchronized replication group, the staging folder on all servers will be empty. Because

replication data will travel through this folder, the drive hosting the staging folder must

have sufficient free space to accommodate the maximum size of the staging folder and

should be able to handle the additional disk load. By default, the staging folder is limited