DFS introduce
Using Distributed file systems makes it easy to locate and manage shared resources on your network, use a unified naming path to complete access to required resources, provide reliable load balancing, provide redundancy between multiple servers with FRS (File Replication services), and integrate Windows permissions to ensure security.
The process of configuring a Distributed File server is simple, you can use the DFS Management component to configure it, or you can use the Distributed File System component.
The Distributed File System (DFS) shares a number of scattered folders (located on each computer in a local area network), sets up a folder (a virtual shared folder) using Distributed folders, and for users, to access these shared folders, just open the virtual shared folder, You can see all the shared folders linked to the virtual shared folder. Users do not feel that these shared files are distributed across computers. The benefits of Distributed file systems are: centralized access. Simplifies operations. Improve file access efficiency.
Configuring Distributed File Systems
A system that installs Windows2003 R2 or Windows 2008 has a distributed File system component, as described in the WIN2003R2 system:
Create DFS Root
DFS defines a hierarchy for shared folders, similar to a standard directory structure, but not folders that make up the directory structure, but multiple shared points. Using a Distributed File System configuration Dfs is a two-step operation: Creating a Dfs root, creating a Dfs link;
Click Start-Admin Tool-Distributed File system, in the pop-up page, right-click the new root directory, as shown in the picture;
The new Root Wizard pops up, click Next, select the root type, and if the AD domain recommends selecting the domain root, as shown in the following illustration;
The configuration information for a stand-alone root is stored in the registry information of the root server, which can cause Dfs to be unavailable if the stand-alone root server is unavailable. Fault tolerance is not supported.
The configuration information for the domain root is stored in AD and replicated to all DCs in the current domain for fault tolerance, and other servers can still deliver DFS information to the client when the root server is unavailable. Obviously, the domain root is a more secure scenario, but AD domain support is required. The recommended number of connections should not exceed 5,000.
Click Next to enter the domain name information,
Enter the server name; Click Browse to find the name of the server where the root directory is selected;
Enter the root name and comment; The root name is the top-level share name for shared access. If the shared folder exists, it is used directly, and if the shared folder is not created, a shared folder is created automatically.
In the root share, select the specified shared folder, and if the file is not shared, the wizard automatically creates the corresponding file, and the Dfs root is generated in the Distributed file system when the root directory is established;
Create DFS links
After the DFS root is established, DFS links need to be established in order for DFS to function properly to complete the entire DFS. That is, right-click the new DFS link on the DFS root to name the link and point to the appropriate shared resource. As pictured,
Enter the link name and destination path in the new link page, which is the name of the shared folder under the root directory that the client wants to see. The destination path is the folder path already shared on the server, as shown in the figure;
explanation of the time required for a client-side cache reference: The client caches the obtained reference, and the default cache time for a separate root directory is 300 seconds, and the default cache time for the domain root is 1800 seconds. Typically, you do not need to modify the cache-time configuration and consider reducing cache time if folder destinations in namespaces change frequently, but reducing cache time increases the load on domain controllers and namespace servers and increases network access traffic.
Each time a client accesses a file or folder using a cached reference, the cached duration value of the reference is updated, and the cache reference can be used indefinitely until the client's reference cache is purged or the client is restarted. The result is that the folder destination in the namespace has been updated, but the client continues to use the old folder. You can have a cached reference expire after it reaches the cache duration value, and get a new reference to the domain controller or namespace server when you revisit it, making it quicker to discover changes to namespaces and namespace folders.
A client can use a file server for resource access simply by entering a UNC path (\ \ domain \ ROOT name) in the runtime, as shown in the figure, where the client user does not need to know which service the shared file is on and implements a simple resource access. such as multiple servers computers have multiple shared folders, just Yiyi add new links can be simple and convenient, easy access to users.
Note: The new link is only a single layer, that is, you cannot create a link under the created link.
Configure server redundancy/ Load Balancing
Configuring server redundancy/Load balancing enables files to be stored in the same shared folder on different servers. With replication, when a server is down, DFS automatically points the shared file to a shared folder on another server, causing the client to not feel the impact of downtime on the shared folder. The client can access the appropriate resources at any time.
That is, the same shared folder is created on different servers, and the DFS automatically directs the client to one of the shared folders, and when one server is down, the client is automatically directed to another shared folder, which facilitates the user's shared access.
Click Distributed File System-Newly created link mp3-right click the new target, as shown in the figure;
Click Browse in the target path to select a shared folder for another server, as shown in the figure;
Click OK to ask if you want to configure the replication target, as shown in the figure, click Yes to eject the Configuration Wizard, or configure replication later.
Pop up Welcome to the New Copy wizard page click Next; Select an initial host and pick one. To complete configuration replication, there are at least two normal targets in the list below, if there is a red fork on one of the items, indicating that the machine is not connected, or that the associated service is not functioning properly, check distributed File System, Distributed Transaction Coordinator , File Replication Services whether three services are running.
A staging folder means that if you need to enable replication, DFS The copied content is staged to this folder and replicated by this folder;
Select the replicated topology, select the fastest replication topology, and click Finish.
Loops : copying files from one computer to another in a circular fashion. Each computer is connected to two other computers in this ring topology, respectively. Benefits: provides redundancy. Disadvantage: synchronization time is longer.
Distribution: This topology requires three or more members; For each spoke member, you can select the required central member and (optionally) the second center member for redundancy. This optional center ensures that spoke members can still be replicated when a central member is unavailable. If you specify two hub members, a staggered topology will be used between the center members. Advantages: network traffic speed, disadvantage: easy to cause a single point of failure.
staggered: that is, mixed type, the above two kinds of synthesis. In this topology, each member is replicated with all other members of the replication group. This topology is ideal if the members in the replication group are equal to or less than 10. If there are more than 10 members in the replication group, it is recommended that you use a staggered topology.
Advantages: due to the 22 phase, provides maximum redundancy; disadvantage: The resulting network traffic will be relatively large.
The topology diagram is shown below;
Because it is set up in a domain environment, clicking \\test.com\public in either domain member computer to put the files that need to be shared into it can be found in the computer where the replication topology is set up, and the shared file server is automatically backed up, which effectively reduces the chance of loss of important documents;
Configure replication Priority and schedule time
As shown in the figure, DFS replication has been created to replicate redundancy and load balancing, right click on the shared target properties that are configured, as shown in the figure;
Select the Replication tab, as shown in the figure;
Click Schedule to customize the replication time, copy within a certain time period, click Custom to configure the configuration information as shown in the figure;
Here you can change the replication topology, that is, to view the replication relationship, the check section indicates that replication is enabled for this server to another server, and you can cancel the replication of this server to another server by canceling the selection. Click Priority to set the replication priority level. As shown in the picture;
At the inbound connection tick The tick below the override plan, select the priority, select the change, and by default the priority is low;
It is recommended that the priority of a file server within the same site be configured to high, with the file server priority of the different sites configured to Medium/low, and the replication priority determined according to the different physical locations and bandwidth;
If the shared files that the Dfs points to are located in different sites and are replicated to each other, the server points the client's shared access request to a site with the lowest cost based on the cost value between the sites;
Click Schedule to configure replication time, as shown in the figure;
According to the specific network bandwidth requirements, to avoid the use of high bandwidth in the case of replication and so on.
If you click the edit next to the file filter, you can set which files are not replicated, such as some of the application's temporary folders.
As shown in the picture, *.avi files are not copied, click Add;
Click the edit next to the subfolder to set which subfolders under this folder are not replicated;
distribute the root directory across multiple servers
Click another server-start admin tool-Distributed File System, right-click to select Display root directory, as shown in figure;
In the pop-up dialog box, click on the trusting domain, expand to the root directory, and click OK as shown in the picture.
At this point, the root of the DFS is distributed across two servers, and its configuration information is all present in the Active Directory because it is created as the root directory of the domain;
Configuring the top-level DFS root directory to add additional DFS roots as their linked unified access
As shown in the figure, click on the Distributed File system, select a new root directory to follow the steps to create a new root directory, the steps are no longer map;
At this point, you can create multiple DFS roots on the same server, seemingly violating the principle of a unified command path, where clients need to remember multiple root paths to find the appropriate shared files, but in fact, you can create a top-level DFS root on another server.
Select another server, click the Distributed File System, and create a new root directory, as shown in the figure.
Then create a new link to add the DFS root Path on the original server as the target path for the new link as shown in the figure;
Note: Public is the DFS root of win2003r2.test.com, which is added as a link to a top-level DFS root;
You can add the root directory on a different server by creating a new link in turn.
Client access simply remembers the path of the top-level root directory, such as \\test.com\root, to easily access the shared folder;
Scenario: Applies to Enterprise File servers when you create multiple shared folders for each department, you add shared folders from different departments to the root directory, and you use a unified named path to access the situation. Note: The root nesting link is up to 8 layers. It is recommended that the DFS root of one domain contain no more than 5,000 links;
Configure File server access (allow specific users to access shared folders)
Shared permissions and NTFS permissions for a distributed File system combination folder;
Setting a specific folder allows only specific groups of departments or specific users to access the
Select the folder for which you want to set permissions, right-click Properties-Security-advanced, and cancel Allow inheritable permissions from the parent to propagate to this object and all child objects. In the pop-up window, select Delete,
Then click the Add button on the Advanced tab, add the appropriate department group or the user to the Security tab, for ease of administration, it is recommended that the Domain Admins user group be added to the folder and assigned to the security control permission. As shown in the picture;
If you set everyone to access the shared folder, click Add in the Security tab, add everyone, and read, List folder directories and read and run permissions. As shown in the picture;
Security tab, users and permissions are directly inherited from the parent directory, for Test\users only read permission;
(Note: Remove inherited subfolder permissions from the Advanced tab and do not display users for users)
Add deny Write permission to users (Test\users) to prevent the user from adding new folders to this folder's sibling directory.
Set permissions on the Shared tab, the default shared user is everyone, permissions are read-only, and click the Shared tab-permissions as shown;
Check allows changes, given permission to allow changes, according to specific requirements need to give the client write permission to grant this permission;
DFS set up sharing with Active Directory
Click AD Users and Computers-any ou-right click New-shared folder, as shown;
The client and server side can search for shared folders by searching ad-shared folders;
Right-clicking on shared folder properties allows you to set up which users can/cannot search for this shared folder, as shown in the figure;
Tip: Switch to advanced function mode to view;
The General tab, click the keyword, you can add a subfolder under the shared folder as a keyword, so that clients forget the root directory name, only remember a shared folder name to search;
Click the Security tab to set which users or groups can allow/Deny search for this folder, and to implement the security of the ad shared folder.
As shown, user sky is prohibited from searching for shared folders in the ad,
Clients Click Network Places-Search active Directory, click Find-Share folder, and then find the shared folder.
Create a separate root directory
As stated above, the configuration information of the independent root directory exists in the registry, and the domain root configuration information exists in the ad;
Click to create a good root directory, you can see the Publishing tab, click, as shown in the picture, check in AD to publish this root directory, you can publish the root directory to AD, can also set the keyword for query;
DFS simply organizes shared resources through a unified interface, and the various permissions that are set on shared folders are preserved;
FRS of conflict handling
When you enable replicated shared folders in DFS, replication conflicts occur because replication cannot be updated in real time, and the FRS conflicts are handled as follows:
For files that create duplicate names: When creating the same file on a different host conflict, take "last writer wins", the file to be saved;
For folders that create duplicate names: Take "frist writer wins", the folder name is created unchanged, and the folder created later adds a "_ntfrs_xxxxxxxx" suffix, X is a randomly generated 16-digit number.
FRS some of the problems that may be brought
When the network is very unstable, the client is not able to determine which server is being directed;
FRS's "Last writer wins" mechanism, which may cause user data to be lost unconsciously, that is, the contents of the duplicate name file written first are lost, although saved, but only the contents of the file written after the save.
FRS only starts copying this file when the file is closed;
FRS will copy the entire file even if the file changes only a small portion of it;
The virus may propagate faster through FRS, so it is necessary to install antivirus software;
WIN2003 Cluster service does not support FRS;
Remote Storage is not compatible with FRS;
FRS does not replicate EFS encrypted files, nor does it give any hints;
Disk quotas are not supported;
Segmented directory (staging directory): Temporary space during DFS Replication, when replication begins, Dfs generates a copy of the file into this folder and then replicates to other servers, with the advantage that if you need to modify the copied files during the copy process, this file will not be affected.
The maximum file size that Dfs can replicate is determined by the segmented directory (temporary space), and the default is 660M;
The temporary space Minimum is 10M, the maximum is 2TB;
You can change the size of your temporary space by modifying the registry;
Modify the following key values, change the need to restart the NTFRS service, in order to make the settings effective, net stop NTFRS;
about USN Journal Wrap Error
The USN journal is a fixed-size log that records all changes that occurred on the NTFS 5.0 format partition. As soon as FRS is running, NTFRS monitors the NTFS USN log files to see if there are any files that are closed in the FRS replicated directories.
A journal wrap (log collapse) error occurs when a large number of changes occur during FRS shutdown so that the last USN change recorded by FRS during shutdown is no longer in the USN journal during startup. The risk is that changes to the files and folders of the FRS replication tree may occur during the service shutdown, and there is no record of this change in the USN journal. To prevent inconsistencies in data, FRS decides to enter a journal wrap state.
The options to reduce journal wrap errors include:
Places FRS replicated content on a less busy volume, keeps the FRS service running, avoids changes to the content it replicates during the FRS service shutdown, and increases the USN journal size.
FRS is a service that needs to be run on domain controllers and members of FRS replicated DFS sets.
It is recommended that you configure 128 MB of log capacity per 100,000 files on volumes managed by the replication mechanism.
The USN journal size can be changed by setting the following registry key:
Hklm\system\ccs\services\ntfrs\parameters\ "Ntfs Journal size in MB" (REG_DWORD)
Create a new DWORD value NTFS Journal size in MB, set decimal 128;
DFS can help create a logical file system outside of multiple physical systems for easy user use. DFS users can create a single file-sharing directory tree that includes multiple file servers within a group, department, or enterprise, making it easy for users to find files or folders that are distributed anywhere on the network.
1: Through DFS, you can implement a unified path access to shared folders that exist in multiple different locations of the network, and if conditions are available in a production environment, it is recommended to use only one stand-alone server for a dedicated file server.
2: For DFS, although only the DFS root must be on an NTFS volume, the Recommended Dfs link folder is also established on NTFS volumes for security reasons.
3: Theoretically Dfs can contain subfolders indefinitely, the actual DFS path cannot exceed 260 bytes, and it is recommended that you use a compact naming scheme when creating a folder.
4: The same DFS root cannot create a child link from an existing link, and the basic DFS namespace has only one level of depth.