Deploying Windows File Servers, Windows
Download
Report
Transcript Deploying Windows File Servers, Windows
Deploying
Windows File Servers,
Windows-Powered NAS,
And Distributed
File Systems
David Golds
Group Program Manager
Microsoft Corporation
Deployment Motivation
What do you have today?
Probably a lot of Windows NT 4.0 file servers
Where do you want to go?
Lower TCO
Higher availability
Consolidation, high utilization, …
Recoverability, re-allocation, …
How to get there?
The maps – documentation and resources
Avoiding ‘bumps in the road’
Goals For Your File Service
6.
File server consolidation
Flexible storage re-allocation
Availability
Data recovery
File server security
Maintaining performance
Valuable new Resource Kit document
1.
2.
3.
4.
5.
“Designing and Deploying File Servers” guide
1. File Server Consolidation
Windows 2000 is a great consolidated file server
Customer example (clustered file server)
Each node has 4 x 700Mhz CPUs, 4GB RAM
Each node has 11 x 170GB volumes
AntiVirus software
~3000 active users per node, ‘no perf issues’
Tuned per Q312362 to avoid ‘2020’ event messages
Customer example (non-clustered)
“Great reliability, so no need to cluster”
0.5 GB RAM*
Note – 4GB would be better: (a) file cache, (b) CHKDSK
1TB of disk
Third-party quota product
~1500 active users
File Server Consolidation
Windows Server 2003 even better
SAN friendly: Manual volume
mounting for SANs
StorPort: Enhanced SAN performance
Multipath IO (MPIO) for SAN
IA64 great for file servers
IA64 gives huge virtual address space
File caching
Huge ‘paged pool’ area
2. Flexible Storage Allocation
Use DFS to provide a ‘file service abstraction’
Provide users with long-lived logical file paths
Administrators free to change servers/storage
Sometimes known as “NAS virtualization”
Online storage growth
Dynamic disks – using the diskmgmt.msc snap-in
Basic disks – using diskpart.exe
VDS – In Windows Server 2003
Common api/cmd for managing RAID/storage virtualization
Volume Mount-points
Mount a volume into an NTFS folder
Now supported in Windows Server 2003 clusters
3. Availability
Different techniques for a highly available file service
1.
2.
3.
Clustering
DFS with FRS file replication,
DFS + Storage on a SAN – reallocate to another server in case
of failure
Need to consider ways to make data highly available
Multiple NICs
For SAN, Multiple paths from file server to disks
(MPIO: multiple independent fiber channel paths)
Different RAID levels
Online volume growth, backup
See next slide
Availability: ISV Driver Quality
You run anti-virus, quota, replication products?
These use ‘file system filter drivers’
These are complex drivers – how to ensure quality?
Answer: Microsoft Plugfests, better dev kits,
logo tests
Plugfests: Quarterly week-long ISV workshops in Redmond
WHQL certification for anti-virus products
8 weeks of events held since mid-1999
Focus on robustness, performance, transparency
For Windows XP and Windows Server 2003
We’ve measured significant progress
No FS filters in Windows ‘OCA’ top 100 ISV bluescreens
Huge change from 3 years ago
4. Data Recovery
Windows Server 2003 goes far beyond
backup/restore
Volume Shadow copy Restore
Open File Backup
Empower users to undo their own mistakes
Backup open files without extra device drivers
Available to backup products which use ‘VSS’
Automated System Recovery (ASR)
Bare-metal restore of systems
Supported by NTBackup
Supported by third-party backup products
Shadow Copy Restore
Client Side
Note: Flash demo
Server Side
Look under www.microsoft.com/storage
Shadow Copy Restore At
Microsoft
Microsoft “ITG” pilot
"ITG manual restore versus shadow copy
ITG manual restore took 24-72 hours and required 3 escalations before “backup/restore”
team was properly engaged
Restore cost for ITG manual restore could cost $300+ for support and escalation costs
plus lost time while restore takes place
Previous versions – Shadow Copy client restore takes 5 minutes for the initial install and
5 minutes to do the restore
Shadow Copy previous versions restore can take place on the spot
High client satisfaction (end user quotes)
Total of 57 servers over a 3 month pilot
10% space allocation provides two weeks worth of recovery, taking two shadow copies
per day
“I have to say that is one of the coolest features I have ever seen! It worked flawlessly!
Thanks!”
“Worked like a charm; You are my hero for the foreseeable future”
ITG praise
“The best new feature in Windows Server 2003”
“Extremely easy to enable and setup”
Automated System Recovery
New feature for Windows Server 2003
Quickly bring a non-bootable system to a restorable state
Backup of only system, applications, and settings – No data
unless on boot volume
System and settings change less frequently than data
Target system requirements
Hardware must be same as original system
Except hard disks, video cards, and NICs
Enough disks to restore all the Critical System Disks
Storage capacity of each critical disk must be >=
corresponding original disk
ASR state file (asr.sif) must be accessible through a local
floppy drive
Automated System Recovery
Windows XP, Windows Server 2003
Bring a non-bootable system quickly to a
state from which a restore can be performed
Backup App
Install Media
(Optional)
Re-configure physical storage to its
original state
Restore the OS, applications and all settings
Data backup Media
Windows CD
On-Line
Retail
Media
Provides a mechanism for
third-party vendors to incorporate
ASR-related features
ASR B/U Media
ASR Floppy
ASR Floppy
4. Data Recovery
CHKDSK
Reminder – NTFS is a mature journaling file system
NTFS uses database-like logging techniques in order to remain
consistent, even in case of a power fail or crash
CHKDSK required only if
Hardware does not honor ‘write-through’ of the journal file
Hardware corrupts data in some way
There’s an NTFS bug – hence the emphasis on ‘mature’
CHKDSK in Windows Server 2003
CHKDSK performance gains
See http://etestinglabs.com/main/reports/mschkdsk.pdf …showing >
1271% perf gain in their largest test configurations.
Online CHKDSK filesystem verification
In Windows Server 2003 RESKIT: ‘verfydsk.exe’
Uses VSS to create a Shadow copy of volume
5. File Server Security
Anti-virus
Broad range of anti-virus products for Windows
Vendors working closely with development team
Availability
Performance
Shares now read-only by default
“Effective permissions’
New tab in ACL dialog
What can Joe really do?
6. Maintaining Performance
Key method is disk defragmentation
Windows Server 2003 defrag enhancements
Scriptable using DEFRAG.EXE command line
Online MFT defrag for NTFS Volumes
Finer-grain defrag NTFS API support
Significantly faster defrag algorithm
Efficient defrag of ‘Shadow Copies’
Windows Server 2003 NetBench gains
1 CPU +23%. 2 CPU +63%. 4 CPU +94%. 8 CPU +116%
Windows Distributed File
System (DFS)
Benefits Of DFS
Virtual paths
DFS provides ‘Virtual UNC paths’
DFS allows users and applications to use virtual,
administrator defined UNC paths
These paths are independent of the physical
resources backing these paths
Example
\\corp\docs\2002
\\corp\docs\2003
\\corp\tools\sales
\\corp\tools\engineering
\\corp\projects\foobar
\\corp\users\dgolds
Microsoft DFS – Architecture
Multi-protocol
Uses SMB/LM protocol to
communicate between DFS
client and DFS server
Then, uses any underlying
remote filesystem protocol to
connect to remote share
DFS Client
DFS
SMB/LM for Windows
Anything client has a RDR
installed for (e.g., NCP for
Netware, NFS for Unix Servers)
LAN
or
WAN
Secure
DFS Server
DFS only involved in name
redirection
Existing security of underlying
OS and file system is used to
access shares
Netwar
e
Windows
Unix
Benefits Of DFS
Multiple link targets
DFS Links can have Multiple targets
A ‘link’ is a mapping from the ‘virtual’ DFS path to
one or more shares (known as ‘targets’)
Example
\\corp\docs\2002 -> \\docs1\2002, and \\docs2\2002
A DFS path can point to another DFS path
Example
\\corp\sales\demos -> \\demosrus\public
Benefits Of DFS
Load balancing, site selection
In case of multiple targets, the DFS server sorts
targets in 2 phases
Phase 1: Sort into groups by ‘site’
Windows 2000 site selection
Windows Server 2003 ‘closest-site-selection’
Groups #1 … #N sorted by AD-defined site costing
Phase 2: Within each ‘group’, randomize order
Group #1 is same site,
Group #2 is rest-of-the-world
Provides load balancing
DFS client behavior
Use the first available target in the referral list
Failover to next in list when necessary
DFS: Multiple Link Targets
A single DFS link can
point to multiple physical
shares (“targets”)
\\corp\docs\2002
DFS Client
In
Seattle
DFS Server
DFS
DFS selects one of
the replicas
\\docs1\2002
Replicas within the
user’s site are
selected
preferentially
\\Docs1
\\Docs2
Deploying DFS
DFS types: Domain versus stand-alone
Characteristic
Domain-based
Stand-Alone
Administrator
access
Only Domain Admins can create new
domain-based DFS roots;
Local Administrators group members
on each of the root targets can
add/delete links or root targets
Local Administrators group
members on the local server can
create new stand-alone DFS roots
and add links to the roots
Where DFS root
information is stored
In Active Directory
In the registry of the root server
DFS namespace size
restrictions
5,000 links
50,000 links
Methods to ensure
DFS root availability
Create multiple DFS root targets in
the same domain
Create stand-alone DFS root on a
clustered file server
Methods to ensure
link target
availability
Create multiple link targets and
replicate files by using one of the
following methods
Enabling FRS
Copying files manually or by using
scripts
Using a third-party replication tool
Create multiple link targets and
replicate files by using one of
the following methods
Copying files manually or by
using scripts
Using a third-party replication
tool
Deploying DFS
DFS types: Domain versus stand-alone
Use stand-alone DFS namespaces when
No Active Directory available
You need to create a single namespace with more than
5,000 links
Your organization does not use Active Directory, or
A domain admin will not create a DFS in their AD
If you can divide your links among two or more namespaces,
then domain-based DFS is an option
Use clustering to Ensure the availability of the stand-alone
DFS namespace
Use domain-based DFS namespaces when
You plan to use FRS to replicate data
You want to ensure the namespace is available across
multiple sites
Deploying DFS
Size limits
Description
Recommendation*
Explanation
Number of DFS
roots per server
Varies
Windows 2000 and Windows Server 2003,
Standard Edition
One namespace root per server
Windows Server 2003, Enterprise Edition or
Windows Server 2003, Datacenter Editions
No Limit
Number of links per
DFS namespace
5,000 for domain-based
DFS
50,000 links for
stand-alone DFS
These two stores (Active Directory, Registry) have
different restrictions on the size of their objects
Size of each DFS
Active Directory
object (applies to
domain-based DFS
namespaces only).
5 megabytes (MB)
The size of the Active Directory object is determined
by the number and path length of roots, links,
comments, and targets in the namespace. Microsoft
recommends using no more than 5,000 links in a
domain-based namespace to prevent the Active
Directory object from exceeding 5 MB.
Number of root
targets per domainbased DFS root
No fixed limit
If you do not enable “root scalability mode”,
Microsoft recommends using 16 or fewer root targets
to limit traffic to the server acting as the primary
domain controller (PDC)
Deploying DFS
Scaling hints and tips
Keep comment fields to a minimum
These take space in the DFS metadata & limit size
Cascade DFSes
Build layers of DFS for large namespaces
A top-level DFS, pointing to subordinate DFSes
3-tiers is common for Large deployments
8 tiers is maximum supported
Use ‘root scalability mode’
This is available for Windows Server 2003
Enable using DFSUTIL /RootScalability
DFS root servers will get updates from a local domain controller
instead of the server acting as the PDC
Reduces network traffic to the PDC at the expense
of tight consistency
Deploying DFS
Site selection hints and tips
Site is only determined by IP address range
Windows 2000 site selection hints
Note that a target’s site is defined when it is added to the DFS
To refresh
Manually remove/add the target
Or, use Windows Server 2003’s DFSUTIL /refresh
Windows Server 2003 site selection
Note that a target’s site is dynamically defined
Site information in the DFS metadata is ignored
The Windows Server 2003 DFS UI does not store it there
Use DFSUTIL /refresh if using Windows 2000 DFS servers
“Closest site selection” mode requires Windows Server 2003 on
all ISTGs
File Replication Service
(FRS)
FRS In Windows Server 2003
File Replication Service
Windows Server 2003 improvements
Used by DFS for keeping replicas in sync
Also used by Active directory for keeping logon scripts and
policy files in sync on DCs
Driven by the NTFS ‘USN Change journal’
Staging file space management.
Treat it as a LRU cache
Reduce the data that is shipped between replicas –
compression and suppression
“SONAR” monitoring tool and troubleshooting doc
Sharing violation override
See slides separate session for more info
FRS And DFS
FRS can be used to keep DFS link targets
synchronized
Common scenarios
Publication of applications
Publication of documents
Reverse publication
central system collects files from regional files
Used for ‘backup’, ‘log collection’
Great combination with DFS site-selection
Users use a common namespace
DFS refers customer to closest available server
FRS replicates content between servers
Summary
Highly scalable, robust file server
Performance
Recoverability
Security
Windows Server 2003 adds key new
shadow copy scenarios
© 2003 Microsoft Corporation. All rights reserved.
This presentation is for informational purposes only. MICROSOFT MAKES NO
WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.