|
|
| |
|
|
|
WestNet Network File and Printer Sharing Installation
Services
|
|
|
We Provide From Simple Workgroup Sharing to Complicated
Group Membership Based File and Printer Sharing Installation and
Configuration Services
|
| |
 |
| |
Our Services Include
Peer to Peer Network (Workgroup) setup for small offices.
Windows Storage Server Installation Services
Windows File and Printer Sharing Setup on Windows Server 2008
Active Directory Based Sharing and Security Setup
Distributed File Systems (DFS)
Distributed File Systems Replication Setup
Configuring File Sharing for Branch Offices
Microsoft® Windows Server 2003 R2 helps you to effectively and
affordably provide file sharing to branch office locations while
avoiding the most of the traditional challenges of serving
branch office environments: reliable connectivity, bandwidth
limitations, and file synchronization.
Windows Server 2003 R2 provides technologies that help to
simplify branch office file sharing for these scenarios,
enabling you to:
* Publish files from centralized hubs to branch offices.
* Replicate files from branch to hub locations for backup, fault
tolerance, or cross-branch publication.
* Manage loose collaboration of documents between branches or
between hubs and branches.
Historically, in order to maintain security, file shares were
centralized away from the branch office. This strategy often
results in either improperly secured remote file storage or the
addition of a significant burden to IT resources. With Windows
Server 2003 R2, the Distributed File System (DFS) solution
supports these scenarios. DFS includes new tools for DFS
Namespaces, a new replication engine known as DFS Replication,
and improved print management tools which allow for distributed
file sharing with enhanced security for branch office file
servers.
The DFS solution provides simplified, fault-tolerant access to
files and WAN-friendly replication. DFS Namespaces allow you to
group shared folders located on different servers more securely
and present them to users as a virtual tree of folders known as
a namespace. A namespace provides numerous benefits, such as
increased availability of data, load sharing, and simplified
data migration. Users navigate virtual namespaces without
knowledge of the names of the physical servers or shared folders
that host the data.
DFS Replication, the successor to File Replication Service
(FRS), is a new state-based, multi-master replication engine
that supports scheduling and bandwidth throttling, a feature
that sets the maximum bandwidth a network connection may use.
DFS Replication uses a new compression algorithm known as Remote
Differential Compression (RDC), a differential over-the-wire
protocol that can update files efficiently over a
limited-bandwidth network more securely. DFS requires a
Microsoft Active Directory® directory services-enabled domain
and reaps the security benefits of operation in a domain
configured for high server and network security.
On-demand file replication eliminates the replication of
unneeded files and can conserve disk space on a branch office
server. This kind of replication performs a full data
replication the first time a remote user accesses a file, and
then replicates only file header information regularly. For
on-demand file replication, branch data acts as a cache for
centrally authored data.
Terminology
Here is a brief overview of the terms and acronyms used in this
article.
Distributed File System (DFS) Namespace
Allows administrators to group shared folders located on
different servers and present them to users as a virtual tree of
folders known as a namespace.
Distributed File System (DFS) Replication
The successor to File Replication service (FRS), it is a
state-based, multimaster replication engine that supports
scheduling, delta compression, and bandwidth throttling.
Local-Area Network (LAN)
A communications network connecting a group of computers,
printers, and other devices located within a relatively limited
area (for example, a building). A LAN enables any connected
device to interact with others on the network.
Remote Differential Compression (RDC)
A WAN-friendly compression technology that replicates only the
changes to a file needed to ensure global file consistency.
Virtual Private Network (VPN)
The extension of a private network that encompasses
encapsulated, encrypted, and authenticated links across shared
or public networks. VPN connections typically provide remote
access and router-to-router connections to private networks over
the Internet.
Wide-Area Network (WAN)
A communications network connecting geographically separated
locations that uses long-distance links of third-party
telecommunications vendors. Assumptions
In order for you to follow all of the guidance in this article,
this document makes some specific assumptions about your skill
set and the environment in which you will be working. However,
even if some of these assumptions do not apply to you, this
article can still provide valuable insight to you.
Skills Needed
In order to complete all of the steps contained in this article,
you should able to confidently:
* Install Microsoft Windows® components from installation media
(such as a CD, for example).
* Share data folders on a network.
* Install and use snap-ins to the Microsoft Management Console.
* Add and manage users and groups in Active Directory Users and
Computers.
Note
All the step-by step instructions included in this document were
developed from the Start menu that appears by default when you
install your operating system. If you have modified your Start
menu, the steps might differ slightly.
Infrastructure
The steps in this article assume that you have met the following
requirements:
* A VPN connection exists between the central file server and
all branch file servers
* Windows Server 2003 R2 is installed on your servers
* You have sufficient WAN bandwidth as determined by you or your
IT staff
* A standard file server is configured
Good Solution: File Sharing over WAN
In this scenario, client computers in a branch office access
files directly from shared folders on the server or servers at
the central office site via a VPN connection. The biggest
advantage of this arrangement is the low initial cost: an
organization only pays for WAN bandwidth; the organization does
not have to buy new hardware to service the branch office.
Associated with this advantage, an organization choosing this
arrangement can have lower monitoring and management costs (at
least for servers) because they are centralized. It can also be
easier to better secure servers at a centralized location than
distributed.
There are numerous disadvantages to this file-sharing
configuration however. First, data security and integrity can be
easily compromised: if users remove or copy data to their client
computers. Security is thus inferior to that on the central
servers. Second, data copied to branch client computers can
quickly get out-of-sync with the data on the central server.
Finally, and worst of all for branch-office users, file-access
and usage performance can be low due to bandwidth constraints
over the WAN. These disadvantages often convince organizations
to locate file servers in branch offices.
Because sharing files from a central server or servers requires
only basic IT administration skills, no prescriptive guidance on
the subject is given in this document. For more information on
these tasks, see the “File Server Management Overview” on the
TechNet Web site at
http://go.microsoft.com/fwlink/?LinkId=67417
Better Solution: Local Branch File Server, Distinct from
the Central Site
Organizations that choose to place file servers in their branch
locations enjoy a number of advantages. Communications with the
central site and other parts of the organization typically do
not require as much WAN bandwidth, lowering that cost. Moreover,
the branch has no dependencies on corporate services for the
day-to-day file serving to users in the branch office, so the
reliability of the WAN connection to the central site is less of
an issue. Users in the branch office will notice that files are
accessible more quickly, because file sharing is provided by the
local file server at LAN speeds.
However, organizations that place a local file server in branch
offices quickly encounter challenges as well. Branch office
servers do not receive the same kind of attention as home office
servers, frequently leaving branch office servers more
vulnerable to attack for longer periods of time than home office
servers. Moreover, technical support for the server must either
come from the central site or be maintained locally; either
option can be very expensive for mid-sized organizations. This
compounds the other costs associated with maintaining local file
servers in branches: organizations must pay all of the costs of
hardware redundancy without gaining any of the benefits.
Because locally sharing files requires only basic IT
administration skills, no prescriptive guidance on the subject
is given in this document. For more information on these tasks,
see “File Server Management Overview” on the TechNet Web site at
http://go.microsoft.com/fwlink/?LinkId=67417 and “File server
role: Configuring a file server” on the TechNet Web site at
http://go.microsoft.com/fwlink/?LinkId=67418
Best Solution: Local Branch File Server Synchronized
with the Central Site using Distributed File System (DFS)
Technology in Windows Server 2003 R2
DFS Replication offers a number of advantages for
branch offices. One of them is availability: if the branch file
server goes down, files are still available from servers at the
central office site (although at a slower speed than if they
were accessed locally). DFS Replication keeps files stored
locally in sync with central copies, allowing users in the
branch office and in the central office to collaborate on
documents without having to worry about them getting out of
sync. Importantly, DFS Replication does all of this without
using too much WAN bandwidth: DFS Replication uses Remote
Differential Compression (RDC) to copy just the changes made to
copies of files in different locations rather than copying the
entire file. Moreover, DFS allows organizations to manage the
bandwidth that can be used for replication.
Using the DFS technology in Windows Server 2003 R2 to provide
these benefits to branch offices still poses some challenges to
organizations that choose this route. Such organizations must
still buy the branch server and accompanying licenses, as well
as provide technical support for the branch file server.
Organizations choosing to use this technology must also have
security processes in place at the branch-office level: the
presence of sensitive data in more than one location
automatically increases the attack surface of the organization
as a whole.
Distributed File System Replication
Next this document explains how to set up and configure DFS
Replication and DFS Namespaces for a branch office file server
scenario.
Install the Distributed File System
Before you begin, you must install the DFS Management Snap-in
and the DFS Replication Service. As a security measure, many
Windows Server 2003 R2 features are not installed or enabled by
default. You must add features such as DFS after you install
Windows Server 2003 R
2. This guide presumes that you already have Windows Server 2003
R2 installed on your servers. To use DFS Replication, you must
first update the schema to install the Active Directory
components of DFS Replication. You will update the schema in the
following task.
To upgrade the schema to install the Active Directory Components
of DFS Replication:
1. Insert the Windows Server 2003 R2 CD2 into your CD drive.
2. From the Windows Server 2003 R2 desktop, click Start and
select Run.
3. In the Open box, type D:\CMPNENTS\R2\adprep\adprep.exe /forestprep
where D:\ is the CD drive on the server on which this document
was prepared.
4. On the ADPREP WARNING command-line prompt screen, type C then
press ENTER. Because you are using Windows Server 2003 R2, you
can disregard the warning that appears. Note
For more information on extending Active Directory schema, see
“Extending Your Active Directory Schema in Windows Server 2003
R2” on the TechNet Web site at http://go.microsoft.com/fwlink/?LinkId=67423
Note
In order for DFS Replication to work, you must perform the
following task on the domain controller and install the DFS
Replication Service on at least two other servers.
To install DFS Management and DFS Replication service using Add
or Remove Programs:
1. From the Windows Server 2003 R2 desktop of the domain
controller (and any other member servers on which you wish to
install DFS Replication Service), click Start, select Control
Panel, and click Add or Remove Programs.
2. Click Add/Remove Windows Components.
3. Highlight Distributed File System and click Details.
4. Select DFS Management and DFS Replication Service (when you
repeat this task on the other servers, you need select only DFS
Replication Service), then click OK.
5. Click Next. DFS components will now install.
7. When prompted, insert the Windows Server 2003 R2 CD 2 in your
CD drive and click OK.
8. On the Files Needed dialog, verify that D:\CMPNENTS\R2
appears (where D:\ is the CD drive on the server on which this
document was prepared) and click OK. Browse to the appropriate
location if it does not appear by default.
9. The installation will continue. Installation of DFS
management takes several minutes because the installation
includes the Microsoft .NET Framework 2.0.
10. On the Complete Windows Component Wizard page, click Finish.
This concludes the installation.
11. Close the Add or Remove Programs window. Note
Repeat these steps on the other two member servers, but in Step
4, select only DFS Replication Service.
Distributed File System Namespaces
The tasks in this section describe the process of
namespace deployment. To complete all tasks, you need a minimum
of two servers configured as follows:
* One server must be running Windows Server 2003 R
2. This is the server you will use to perform the tasks
presented in the following sections. (If you have not done so
already, be sure to install the management tools and DFS
Replication Service. For details, see the section Install the
Distributed File System earlier in this article.)
* The second server must be running either Windows Server 2003
R2 or Windows Server 2003 SP1 if you want to take advantage of
all DFS Namespaces features. Note: Windows Server 2003 R2 might
disable some DFS Namespace features if the second server is
running Windows 2000 Server or if the second server is not
running Windows Server 2003 SP1 or Windows Server 2003 R2.
To create domain-based namespaces and enable DFS Replication in
these tasks, you must have Active Directory deployed, and you
must have extended the schema to include the new DFS Replication
objects in Active Directory. For details, see the section
Install the Distributed File System earlier in this article.
Create a DFS Namespace
Important
To create domain-based namespaces and enable DFS Replication in
these tasks, you must have Active Directory deployed, and you
must have extended the schema to include the new DFS Replication
objects in Active Directory.
For details, see the section "Install the Distributed File
System" earlier in this article.
To create a DFS namespace:
1. In the left console tree of the DFS Management console,
right-click Namespaces and select New Namespace.
2. Click Browse on the Namespace Server page of the New
Namespace Wizard.
3. Type in the name of the server or some portion of the server
name and press Check Names. Select the desired server from the
resultant list and click OK.
4. After the Select Computer dialog closes on the Namespace
Server page of the New Namespace Wizard, click Next.
5. On the Namespace Name and Settings page, type in a name for
your namespace (in this example, Public) and click Next.
6. On the Namespace Type page, select Domain-based namespace.
7. On the Review Settings and Create Namespace page, review your
namespace settings and click Create.
8. On the Completion page, wait for the creation process to
complete and then click Close.
To verify that you successfully created a DFS Namespace:
1. When the New Namespace Wizard closes, on the DFS Management
console, note your new namespace in the left console tree; this
is your verification that you successfully created a DFS
namespace. Double-click the namespace to view it
2. To browse your new Namespace, on the Windows Server 2003
desktop, click Start, select Run and type \\[Your Domain
Name]\[Your Namespace Name] in the Open box.
3. Close the Windows Explorer window when you are through. Add a
Namespace Server
To add a namespace server:
1. In the left console tree of the DFS Management console,
right-click \\[Your Domain Name]\[Your Namespace Name] and
select Add Namespace Server.
2. In the Add Namespace Server window, type in the name of the
server you wish to add. You can click Browse to locate the
appropriate server. Click OK to continue.
3. If a warning window appears, click Yes; this will
automatically start the DFS service on the second server. To
verify that you successfully added the namespace server:
1. In the left console tree of the DFS Management window, click
the \\[Your Domain Name]\[Your Namespace Name] node and select
the Namespace Servers tab.
2. Notice that two UNC paths are listed. The site of each
namespace server also appears. This is your verification that
you successfully added the namespace server.
Delegate Management Permissions
To delegate management permissions:
1. In the left console tree of the DFS Management window,
right-click the \\[Your Domain Name]\[Your Namespace Name] node
and select Delegate Management Permissions.
2. In the Select Users and Groups window, type in the name of
the user or group you wish to grant permission to, click Check
Names (select the user or group from the list if necessary),
then click OK. Note
Carefully identify and control the user or group to which you
delegate permissions. You should create and use a DFS management
security group for this purpose and use Active Directory Users
and Computers to control membership.
To verify that you successfully delegated management
permissions:
1. In the central pane of the DFS Management window, click
Delegation.
2. Note the user or group you just added now has explicit
permission. This is your verification that you successfully
delegated management permissions. Note
The Administrator user or group added shows Explicit in the How
Permission Is Granted column. Explicit means that you can remove
the user or group from the delegation list if you right-click
the user or group, and then click Remove. Any users or groups
that show Inherited have inherited management permissions from
Active Directory, and you cannot use the DFS Management snap-in
to remove them from the delegation list. Users with Inherited
permissions must be removed via Active Directory. For example,
if you follow the best practice and use a DFS management
security group in Active Directory, users added to the group
receive inherited permissions and you must control their
permissions through Active Directory Users and Computers.
Add Folders to a Namespace
To add folders to a namespace:
1. In the left console tree of the DFS Management window,
right-click the \\[Your Domain Name]\[Your Namespace Name] node
and select New Folder.
2. In the New Folder window, type in the name of the new folder
and click OK. In this example the new folder is 'Documents'.
3. In the left console tree of the DFS Management window, note
the new folder.
4. In the left console tree of the DFS Management window,
right-click the folder you just created and select New Folder.
This will create a new folder within the folder you just
created.
5. In the New Folder window, again type the name of the folder.
Click Add.
6. In the Add Folder Target window, enter the name of the shared
folder to host the new folder in the Namespace. If the folder
does not exist, you must create it. You can also choose Browse
to locate a folder or create a new one. In this example the
target folder is Training Manuals.
7. In the New Folder window, click OK.
8. Expand the first folder you created, and click the second
folder.
9. In the left console tree of the DFS Management window,
right-click the second folder you created and select Add Folder
Target. Click Browse.
10. In the Browse for Shared Folders window, click Browse again,
then enter the name of another server on your domain (in this
example, 'Server2') and click Check Names. Click OK.
11. On the Browse for Shared Folders screen, click New Shared
Folder.
12. In the Create Share window, type the name of the new shared
folder and the local path where you want to create the share. If
the folder does not exist, you must create it now. You can also
click Browse to select a shared folder. Also, enter the name for
this share and select the permissions. Click OK three times to
close all three windows. 1
13. In the Replication warning, select No. (We will explore
Replication later.) To verify that you successfully added
folders to the namespace:
1. In the center pane of the DFS Management snap-in, note that
there are now two targets for the second folder you created.
This is your verification that you successfully added folders to
the namespace.
2. Continue to make as many folders as you like. Remember that
you can arrange them in hierarchies as in Windows Explorer, and
you can choose whether or not to assign targets.
Use DFS Replication to Replicate a Folder in the Namespace
To use DFS Replication to replicate a folder in the namespace:
1. In the console tree in the left console pane of the DFS
Management snap-in, right-click the second folder you created
(the one with two targets) and select Replicate Folder.
2. On the Replication Group and Replicated Folder Name page,
accept the defaults and click Next.
3. On the Replication Eligibility page, accept the defaults
(which will be the two shares you targeted earlier) and click
Next.
4. On the Start Service page, click OK to start the service.
5. On the Primary Folder Target page, select either target and
click Next. If one of the two targets had contains more
up-to-date content, you should select that target.
6. On the Topology Selection page, ensure that Full Mesh is
selected and click Next.
Another topology is the hub-and-spoke topology. This topology
requires three or more members. For each spoke member, you can
choose a required hub member and an optional second hub member
for redundancy—this optional hub ensures that a spoke member can
still replicate if one of the hub members is unavailable. (Note
that if you specify two hub members, the hub members will have a
full-mesh topology between them.)
When choosing a topology, keep in mind that two one-way
connections are created between the members you choose. These
two connections allow data to flow in both directions. For
example, in a hub and spoke topology, data will flow from the
hub members to the spoke members and from the spoke members to
the hub members. If you want to set up a one-way connection
between two servers, you can disable individual connections
after you complete the wizard.
7. On the Replication Group Schedule and Bandwidth page, ensure
that Replicate continuously using the specified bandwidth is
selected, and that the bandwidth is set to Full, and click Next.
This selection best keeps your folders in synchronization.
8. On the Review Settings and Create Replication Group page,
review the settings and click Create.
9. On the Confirmation page, wait for the process to complete
then click Close.
10. On the Replication Delay message, click OK. This information
indicates that the replication will not necessarily begin
immediately. (Select Do not show this again to ensure that this
message will not show up again while you test.) To verify that
you successfully used DFS Replication to replicate a folder in
the namespace:
11. In the DFS Management snap-in, expand Replication in the
console tree in the left console pane and select the new
replication group. This is your verification that you
successfully used DFS Replication to replicate the folder in the
namespace.
Test Failover Functionality in DFS
To test failover:
1. Double-click the third folder you created. Right-click that
folder in the folder tree, click Properties, then select the DFS
tab. Notice that only one folder target is listed in the
referral list. Your client computer is currently connected to
this folder target. Click OK.
2. Return to the DFS Management window, select the second folder
(the one with two targets) in the left console tree, then
right-click one of the folder targets and select Disable Folder
Target.
3. Return to Windows Explorer and repeat steps 1 and 2. These
steps should continue to work because another server continues
to host the namespace and the shared folder. This is your
verification that the failover works.
WestNet Consulting Services, Inc - (818) 288-8282
|
|
|
