Deploying a File Server Lesson 2

Skills Matrix Technology Skill Objective Domain Objective # Adding a New Disk Configure storage 1.5

File Server The most basic and the most universal type of application server, is found on almost every network. Included in every server installation include the following: Disk management Planning for fault tolerance Folder sharing Access control using share and NTFS permissions Mapping drives

Storage Technology In addition to estimating the amounts of processor speed, memory, and disk space you require, consider whether your needs call for specialized file server hardware. ATA versus SCSI Serial ATA Redundant Array of Inexpensive Disks (RAID) External Drive Arrays Storage area network (SAN) Network attached storage (NAS)

Storage Area Network (SAN)

Network Attached Storage (NAS)

Clustering Servers A cluster is a group of servers that all perform the same function, dividing the client load among them. Failover clustering provides the ultimate in scalability and fault tolerance. If you need more performance, you add another server to the cluster. If one of the servers in the cluster fails, then the others take up the slack until you can repair or replace it. Clustering can be an extremely expensive proposition, but for mission critical servers, it provides unmatched performance levels and reliability.

Working with Disks When working with disks, you must do the following: Select a partitioning style (MBR or GPT). Select a disk type (Basic or Dynamic). Divide the disk into partitions or volumes. Format the partitions with a file system.

Partition Style Two hard disk partition styles can be used in Windows Server 2008: MBR The MBR partition style has been around as long as Windows and is still the default partition style for x86-based and x64-based computers. GPT GPT has also been around for a while, but no x86 version of Windows prior to Windows Server 2008 and Windows Vista supports it. (Windows XP Professional x64 Edition does support GPT.) Now, you can use the GPT partition style on x86-, and x64-based, computers.

Partition Style

Basic Disks and Partitions When you work with basic disks in Windows Server 2008: You can create up to four primary partitions. Or three primary partitions and one extended partitions.

Partitions

Dynamic Disks A dynamic disk can contain an unlimited number of volumes that function a lot like primary partitions on a basic disk, but you cannot mark an existing dynamic disk as an active partition.

Simple and Spanned Volumes Simple volume Consists of free space contained on a single physical disk. You can configure all of the available space on a disk as a simple volume, or you can configure multiple simple volumes using the space on a single disk. Spanned volume Made up of free space from multiple physical disks. Spanned volumes are not fault-tolerant. If you lose one disk in the volume, you will lose all data contained on all disks. Created on 2 to 32 disks.

Striped Volume Made up of free space from multiple disks. Unlike a spanned volume, though, a striped volume uses RAID-0 striping to interleave the data across the disks. Improves the read performance of the volume. Striped volumes are also not fault-tolerant and will not withstand the loss of a disk in the volume. A striped volume can be created on a minimum of 2 disks and a maximum of 32 disks.

Mirrored Volume Fault-tolerant volume consisting of two physical disks, in which the data on one disk is copied exactly onto the second disk. This provides data redundancy, such that if one disk in the mirror fails, the other disk will continue to function without loss of data.

RAID-5 volume A fault-tolerant volume where data is interleaved across three or more disks much in the same way as in a striped volume. Has additional information known as parity. If one disk in a RAID-5 volume fails, the data contained on the failed disk can be rebuilt using the parity information stored on the disks in the rest of the volume. A RAID-5 volume can be created using a minimum of three disks and a maximum of 32 disks.

File Systems In Windows Server 2008, three file system options are available: NTFS, FAT32, and FAT (also known as FAT16). NTFS is the preferred file system for a file server. The main benefits are improved support for larger hard drives and better security in the form of encryption and permissions that restrict access by unauthorized users.

Disk Management Snap-in (Disk View)

Disk Management Snap-in (Volume View)

Initialize Disk

Newly Initialized Disk

Convert to Dynamic Disk

Creating a Simple Volume

Creating a Mirror Disk

Reasons for File Sharing To enable users to collaborate on projects by sharing files. To back up document files more easily. To protect company information by controlling access to documents. To reduce the number of shares needed on the network. To prevent the need to share access to workstations. To monitor users storage habits and regulate their disk space consumption. To insulate users from the sharing and permission assignment processes.

Arranging Shares A well-designed sharing strategy provides each user with three resources: A private storage space, such as a home folder, to which the user has exclusive access. A public storage space, where each user can store files that they want colleagues to be able to access. Access to a shared work space for communal and collaborative documents.

File Sharing

Share and Storage Management Console

Share Folder Location

File Security

Share Protocols

SMB Settings

Advanced Options

SMB Permissions

Share Permissions

DFS Namespace Publishing

Review Settings

Permissions Permissions are privileges granted to specific system entities, such as users, groups, or computers, enabling them to perform a task or access a resource. Share permissions NTFS permissions Registry permissions Active Directory permissions

Permissions When you assign permissions to a system element, you are, in effect, creating a new ACE in the element s ACL. There are two basic types of ACE: Allow Deny

Inheriting Permissions Permissions tend to run downwards through a hierarchy. Permission inheritance means that parent elements pass their permissions down to their subordinate elements.

Effective Permissions The combination of Allow permissions and Deny permissions that a security principal receives for a given system element, whether explicitly assigned, inherited, or received through a group membership: Allow permissions are cumulative. Deny permissions override Allow permissions. Explicit permissions take precedence over inherited permission.

Effective Permissions

Share Permissions

NTFS Permissions

Combining Share and NTFS Permissions On networks already possessing a wellplanned system of NTFS permissions, share permissions are not really necessary. You can safely grant the Full Control share permission to Everyone, overriding the default Read permission, and allow the NTFS permissions to provide security. Adding share permissions to the mix would only complicate the administration process, without providing any additional security.

Mapping Drives Make sure that users can access their folders. the Folder Redirection settings in Group Policy to map each user s Documents folder to his or her home folder on the network share. Map drive letters to each user s directories with logon scripts, so they can always find their files in the same place, using Windows Explorer.

Shadow Copies Shadow Copies is a Windows Server 2008 mechanism that automatically retains copies of files on a server volume in multiple versions from specific points in time. When users accidentally overwrite or delete files, they can access the shadow copies to restore earlier versions. Shadow Copies is a file-based fault tolerance mechanism that does not provide protection against disk failures, but it does protect against the minor disasters that inconvenience users and administrators on a regular basis.

Shadow Copies

Offline Files A mechanism that individual users can employ to maintain access to their server files, even if the network service fails. Windows workstations copy server-based folders that users designate for offline use to the local drive, and the users work with the copies, which remain accessible whether the computer is connected to the network or not. If the network connection fails, or the user undocks a portable computer, access to the offline files continues uninterrupted.

Offline Files When the computer reconnects to the network, a synchronization procedure replicates the files between server and workstation in whichever direction is necessary. If there is a version conflict, such as when users have modified both copies of a file, the system prompts the user to specify which copy to retain.

Backing Up Server administrators should understand that none of the fault-tolerance mechanisms are substitute for a reliable backup solution. Regular backups to an offline, and preferably offsite, medium enable you to restore files, volumes, or entire servers when these types of disasters occur.

Summary Planning is a critical part of a file server deployment. Your deployment plan should specify how many file servers you need, what hardware they should have, how you will configure them, how you will share the server data, and how you will protect the data. The Disk Management snap-in is the primary interface you use to initialize, partition, and format disks.

Summary Windows Server 2008 supports two hard disk partition types: MBR and GPT; two disk types: basic and dynamic; five volume types: simple, striped, spanned, mirrored, and RAID-5; and two file systems: NTFS and FAT. Creating folder shares makes the data stored on a file server s disks accessible to network users.

Summary Windows Server 2008 has several sets of permissions that operate independently of each other including NTFS permissions, share permissions, registry permissions, and Active Directory permissions.

Summary NTFS permissions enable you to control access to files and folders by specifying the tasks individual users can perform on them. Share permissions provide rudimentary access control for all of the files on a network share. Network users must have the proper share and NTFS permissions to access file server shares. Mapping drive letters with logon scripts makes shared folders easily available to network users.