In this section I will look a configuring
the distributed file system or DFS. DFS provides a way to manage your file shares in your enterprise
to make it easier for your end users to find data.
In this video I will first look at what is DFS. DFS was first introduced in windows Server
2000 and since then Microsoft has continue to make improvements. Next I will look at
how to install DFS. If you are using Windows Server 2008, there are some additional features
you may want to look at. Next I will look at the options you can configure
in DFS. Depending on how large your DFS infrastructure is you may need to do some fine tuning. Lastly
I will look at how to configure DFS. Using DFS correctly in your organization can help
organize your file shares making it easier for your end users to find information.
In a large organization there can be 100’s of file shares spread out over many different
servers over many different sites. This can make it very difficult for users to find the
data that they are after and often means mapping a large amount of network drives. Distributed
file system or DFS, allows a user to access many different file shares using the same
namespace. Consider this, you have two servers located
on different sides of the world that a user needs to access. Normally the user would need
to map 2 different network drives to these severs. With DFS, you can create one DFS root
which can access both shares. When the users access the DFS root and attempts
to access one of the folders. The user is redirected to the server that contains the
file share. The end user does not need to know the name of the file share or which server
it is located on. DFS also allows you to create replicates though
out the network and keeps them up to date. In any organization unfortunately you are
going to have duplication of data. End users are going to keep copies of the same data
on their local server that is already on anther server.
Imagine a system that allows the end user to keep a copy of the same data on every server
and changes to that data are automatically replicated to every other server on the network.
This is essentially what DFS does. Given this example you could create a replicate
of the two shares on the other servers. When a user attempts to access DFS, the user will
automatically be taken to the closest server with a copy of that share on it. This also
allows you to create redundancy on your network. All the user sees is a single share which
can connected them to an unlimited number of shares on the network completely transparently.
To install the distributed file system, run server manager and then select the option
roles and then select add roles. Once you are past the welcome screen you need to select
the role file services. Once I press next and skip the file services
welcome screen, I need to add the distributed file services component. When installing DFS,
the two components of the DFS system are DFS namespace and DFS replication. DFS name space
is basically the heart of the DFS file system. It is what allows you to create the DFS name
space which can be mapped to by the end-users. The DFS replication component allows you to
replicate data files across the network. Generally in most scenarios you will want to leave both
these components selected. The installation wizard now gives you the option to create
a DFS namespace. If you wish you can create a DFS name space later on by selecting the
second option. In this case I will create a new namespace
called general. Once I have enter the name and moved on in the wizard, I will get the
option to select a domain name based namespace or a standalone namespace. A stand alone namespace
is created on the server that you are hosting DFS on.
If I created a stand along name space in this example, the end user would access it by mapping
a drive to FS3. The disadvantage of this is if FS3 was not available the user could not
access the DFS namespace, even if the DFS name space was directing the user to a file
share on anther file server. With a standalone namespace you can host the
namespace on a failover cluster. This will give you some redundancy when using a standalone
name space. If I select the default, domain name based namespace, the DFS namespace will
be stored in active directory. This gives you a lot more redundancy as all
domain controllers on your network will have a copy of your DFS namespace. Notice the option
enable Windows server 2008 mode. This is currently grayed out. In order to use Windows server
2008 mode, a number of prerequisites have to be met.
First of all first of all, your domain function level must be set to at least windows server
2008 and your forest function level must be set to at least Windows server 2003. To find
out what function level your domain is, from administrator tools under the start menu,
run active directory domains and trusts and then right-click and select raise domain functional
level. Currently you can see my function level is
Windows server 2003. In order to use the additional features of Windows server 2008 DFS, I need
to change my domain function level to Windows server 2008.
To upgrade the domain functional level is a simple matter of pressing raise. Take note
that once you press raise and then press ok this change is irreversible. In order to make
this change, all your domain controllers in your domain must be running Windows server
2008. You will also need to check your forest level.
To do this, right click on active directory domains and trusts and select raise forest
functional level. Currently this forest is set to windows server 2003.
To enable windows server 2008 mode for DFS, you only require window Server 2003 forest
level. If you forest level is set to windows server 2000, you will need to raise the forest
level to at least windows server 2003. Remember your forest must meet the requirements
and if you raise your forest level, this process is a one way process and is irreversible.
In this case my forest functional level is high enough, so I will close active directory
domain and trusts and go back to the server manager. In this case I will create a domain-based
namespace which will be accessible to the user by mapping a drive to, double back slash
test dot local slash general. Once I press next, I will be asked which domain
admin account I wish to use to create the DFS name space. If you are creating a standalone
namespace, you only require local administrator rights to the server that you are creating
the name space on. Since this is a domain name space, I need to specify a user account
with domain administrator access. Once I have entered a username and password
for a user with domain administrator access I can press the next button and move on to
configuring the namespace. At the moment there is nothing in the namespace. To make it more
useful, I will press the add button to add a share to the namespace.
Your will notice that if I enter in the sever app two and press the button show shared folders.
I can see a list of all the shared folders on the server. The share that I want to add
to my DFS namespace is the share software installs. On different servers in the organization,
this folder has been called different names. This is where the real power of DFS comes
into play. Before I add this share to the DFS name space, I can change software installs
to simply software. Now when I press ok, the software install share will be added to the
DFS namespace and appear as software. If I press next and then press install, DFS will
now be installed on my server. The install is quite simple and only takes
a minute or so. Once complete this server will be able to either host or create new
DFS namespaces. Now that DFS is installed, let’s review windows server 2008 mode.
To enable windows server 2008 on your name space, all your name space must be running
windows server 2008. Your forest function level must be windows server 2003 or higher.
Finally your domain function level must be windows server 2008 or higher. If your network
has all this in place your can set up windows server 2008 mode DFS name spaces.
These name spaces will be able to support access based enumeration. This means that
if a user does not have access to a shared folder, the folder will not appear to the
user. Windows server 2008 mode also offers improvements
in scalability. With windows server 2008 your DFS namespace can support more than 5000 targets.
Most networks will not have DFS name spaces with more than 5000 targets. However if your
name space does start getting larger there is a scalability option you can configure.
The first setting is optimize for consistency. This is the default mode for DFS name spaces.
When this mode is enabled , DFS servers will pool the PDC emulator at regular intervals
for name space changes. The PDC emulator is covered in more detail
in the active directory course. Back in the windows N T days, all changes in the user
database were performed on the primary domain controller or PDC.
With the introduction of windows Server 2000, all domain controllers gained the ability
to make changes. In some cases, some changes must still be made on one server and replicated
to other serves. Changes to the DFS name space are made on
one domain controller that has the role of the PDC emulator. This ensures that multiple
changes are not made in different places. If you have a lot of DFS servers on your network
this will create a lot of network traffic and extra load on your PDC emulator. Microsoft
recommend this mode when you have fewer than 16 names space servers.
If you have a large network or your name space changes a lot, you should select the option
optimize for scalability. When this mode is selected, your DFS server will poll their
local domain controller for changes rather than the PDC emulator.
Your DFS servers will makes changes to the DFS name space via the PDC emulator to ensure
the name space is consistent. These changes will not appear until active directory replicates.
This means that when this mode is selected, there may be a delay before your end users
see any changes in the DFS name space. Microsoft recommends this mode when you have more than
16 names space servers. With DFS, you can also set the ordering mode
used when clients do not have access to a local file server. In the example before,
the client when accessing the DFS server when possible will be directed to a server in their
local site. If no file share is available in the local
site, the client may be directly to a server outside it’s local network. This can be
done in a random order. You can also set server selection based on the lowest network cost.
When you set up sites you set can set up a cost associated with the link. DFS will follow
the links and add up the cost and use the path with the lowest cost. With the previous
example of a software share, you may not want end users having access to a software share
that is not in their local site. For example you may create a local software
share in every site, but if that server was not available you don’t want them performing
installs of large software programs over the WAN.
To prevent this from happening your can also choose to exclude targets outside of the clients
site. Selecting this option will mean if the local server is not available, the client
will need to wait until it comes back on line before it will be able to access the file
share. This prevents the client accessing the data
over the WAN link. Now that DFS has been installed, let’s have a look at how to manage it using
the DFS admin tool. To administer DFS, first run the DFS management
tools from administrative tools under the start menu. In the name space section you
can see the name space that I created when I installed DFS.
To create a new name space, select new name space from the right hand side. From the wizard
I will first need to enter in the name space server that will hold the name space.
On the next screen I need to enter in a share folder for DFS to use. In this case I will
enter in invoices. On this file server there is all ready a share called invoices. If there
was no file share set up, I could press the edit settings button and set up the permissions
for the share. Once I press next I will get a message asking
if I want to keep the existing permissions or over write them. In this case I will keep
the existing permissions. On the next screen you can select where to
store the name space. If you select stand alone name space it will be hosted on this
server and not stored in active directory. This means that the server hosting the namespace
must be up and running for the end users to access the name space. If you want high availability
for DFS with a standalone configuration, you will need to install windows server 2008 on
a failover cluster. In order to access the namespace you will
need to access it by the computer name as shown here. If I select domain name namespace
you will notice that this time you can access DFS by the domain name rather than the computer
name. This means the namespace can be accessed as long a domain controller is available.
You will also notice that the option for windows server 2008 mode. Because I raised my domain
function level to windows server 2008, this option is now available. You can leave this
option ticked if all the servers that are using DFS are windows server 2008.
This includes the file servers as well as well as the domain controllers. If I now press
next and then press the create button, the DFS name space will now be created. If I exit
the wizard you can see the name space has been added. If I now select the namespace
that I just created, you will notice on the right hand side the path FS5 slash invoices.
If I right-click on the namespace and select open in Windows Explorer. Windows Explorer
will open but there are no files in the directory. In Windows Explorer, if I now browse to the
C drive of my file server and open the directory invoices, the folders containing my invoices
will appear. When you create a new DFS root like the one
I did in this example, the previous shared folder will be re mapped to a folder called
DFS roots. In this directory contains a folder called invoice that currently does not have
any files in it. To fix this problem, all I need to do is copy all the files from the
invoices directory on the root directory into the directory DFS roots.
If I now close windows explorer and go back to the admin tool. At the top you can see
test dot local slash invoices. What essentially is happening is that when this location, test
dot local slash invoices is accessed, the user is being redirected, silently and transparently
to FS5. This presents us with a problem. If FS5 is not available, your end-users will
not be able to access these files. The configuration data for the name space
is stored in active directory, how ever the root of the name space will direct to FS5.
To provide high availability for this name space, all I need to do is select the option
add namespace and then enter in another server. In this case FS3. Once I press ok, FS3 will
be added meaning that end users will be directed to one of the two servers listed when accessing
the name space. If one of the two servers is not available,
the user will simply be directed to the other server. If you decide that you want to store
data in the root of the DFS name space, you should consider setting up a replicate to
keep the data the same. To do this, right-click on replication and
select new replication group. For the replication group you can choose multipurpose replication
group, which basically means that all data will be replicated between all the different
servers. The second option, replication group for data
collection, is used when you have a central server collecting data that you need to replicate
out to other servers. In most cases you will want to choose the first option. On the next
screen you can choose a name for the replication group.
In this case I am replicating the root of the DFS namespace, so I will enter in DFS
root replication. On the following screen you need to enter in the servers that will
be members of this replication group. In this example, FS3 an DFS 5 contain the root of
the DFS namespace. On the next screen you need to set up your topology. The first option
is hub and spoke which is currently grayed out.
If I had three or more members in this replication group I could select the option hub and spoke.
When you use a hub and spoke topology, multiple servers are connected to the one server to
replicate changes. The next option is full mesh. This means all servers in the replication
group are connected to all other servers in the replication group.
If you have a lot of members in your replication group, this means a lot of connections. For
example if you had 10 servers, each server would have 9 connections, one to each server
in the replication group. The last option no topology. This option allows you to configure
your own topology. Since I only have two servers in this replication
group I will accept the default option full mesh. The next screen allows you to specify
how much bandwidth you want to use with this replication group. If I select the option
replicate during the specified dates and times I can now select the option edit schedule.
The pull down menu at the top let you determine if the schedule is based on the local time
of a server or if you want to use U T C time. If I select an area I can choose how much
bandwidth I want to use during that time. You can also limit bandwidth between certain
hours. If I was the select the hours between seven and six, I can reduce the bandwidth
usage. This means replication will still occur but
the speed of replication will be reduced. You can also make changes to just one day.
For example if I wanted to limit replication during the week days and limit replication
during office hours. For this example, I will leave replication on the default full bandwidth
24 hours a day. On the next screen you need to select a primary
member. This server will act an authoritative during replication conflicts. You should select
the server that has the most up-to-date data. Once you have determined which server is the
primary server, on the next screen you need to determine the folder the data will come
from. In this case I will select the invoices directory
under the DFS root. DFS will now replicate this data to the other servers. On the next
screen I need to set the path for the other servers in this replication group. You will
notice that when I select the path, there is currently no data in the invoice directory.
Once I set the path and move to the next screen of the wizard, I can now press create and
the replication group will be created. Once DFS has created the replication group, I can
press close to exit the wizard. When I press close I get a warning telling me that replication
may not occur immediately. Replication depends on the schedule I set
up. If I now go into replication, select the replication group I just created and then
select the tab connections. I can right-click the connection and select the option replicate
now. DFS will replicate the folders, however if you have just created replication group
it may take some time for the changes to propagate through your network.
I have paused the video for 10 minutes to give the DFS name space time to configure
itself on the network. If I now go back into my namespace and open the shared folder on
FS3, you will notice that it has replicated from FS5.
Any changes now will be replicated between the two servers. If I now go back to DFS management,
I can select the namespace test dot local slash general that I created when I installed
DFS. You will notice that this share appears under root of the name space. Currently there
is only one target. To add another target, I can right click software
and select add folder target. From here it is a simple matter to browse to a server that
contains a file share for software. Once I’ve added the file share, I will be asked if I
want to configure another replication group. I will select no so I can show you how to
do it manually. To add replication, select the tab replication
and then select the option replicate folder wizard. The wizard is the same as the one
we did previously. For this reason I will cancel out rather than doing it again. If
I now right-click the namespace and select properties, there are a few options in here
you may want to configure. If I select the referrals tab, you can choose
the ordering method. The ordering method only comes into play when Windows cannot find a
file share in the same site as the client. Currently it is set to lowest cost. Each link
in your network will have a cost associated with it. Windows will add up these costs and
choose the lowest one. If I was to select random order, Windows will
randomly select a target from the available ones on the network. The last option, exclude
targets outside of the clients site, will stop the client accessing a file share that
is not local to the client. If you have slow links or large files you may want to select
this option. On the advanced tab, you have the option optimized
for consistency. Microsoft recommends that when you have less than 16 servers in your
namespace to use this option. When a change to the namespace is performed, the PDC emulator
will be contacted. The next option, optimized for scalability, Microsoft recommends to be
used when you have more than 16 servers. When selected, your DFS servers will contact
a domain controller rather than the PDC emulator. If your name space is set up for Windows server
2008 mode, you also have the option enable access-based enumeration for this namespace.
When selected, folders the client does not have access to will not be displayed. This
concludes all the basic configuration of DFS. When looking at deploying DFS in your organization,
remember that it supports multiple master replication which includes deletes. You don’t
necessary have to make every copy of the data writable however. You could deploy read only
copies in your organization and still use DFS replication system.
Remember the two DFS options. Optimize for consistency will keep your name space update
to date faster, but will put more load on your PDC emulator. Optimize for scalability
is a better choice for large DFS name spaces, however updates to the DFS name space will
not appear as quickly. If you want to use the windows server 2008
features, like larger DFS name spaces and access based enumeration, all your DFS name
space servers must be running windows server 2008. Your domain function level must be set
to windows Server 2008 or higher and finally your forest level must be windows server 2003
or higher. When used correctly, DFS makes access data
a lot easier for your end users and a lot more transparent.
