Windows Storage Server 2008 Architecture and Deployment White Paper Version 1.0 Published: May 2010
Copyright 2010 Microsoft Corporation. All rights reserved. Complying with the applicable copyright laws is your responsibility. By using or providing feedback on this documentation, you agree to the license agreement below. If you are using this documentation solely for non-commercial purposes internally within YOUR company or organization, then this documentation is licensed to you under the Creative Commons Attribution- NonCommercial License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc/2.5/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA. This documentation is provided to you for informational purposes only, and is provided to you entirely "AS IS". Your use of the documentation cannot be understood as substituting for customized service and information that might be developed by Microsoft Corporation for a particular user based upon that user s particular environment. To the extent permitted by law, MICROSOFT MAKES NO WARRANTY OF ANY KIND, DISCLAIMS ALL EXPRESS, IMPLIED AND STATUTORY WARRANTIES, AND ASSUMES NO LIABILITY TO YOU FOR ANY DAMAGES OF ANY TYPE IN CONNECTION WITH THESE MATERIALS OR ANY INTELLECTUAL PROPERTY IN THEM. Microsoft may have patents, patent applications, trademarks, or other intellectual property rights covering subject matter within this documentation. Except as provided in a separate agreement from Microsoft, your use of this document does not give you any license to these patents, trademarks or other intellectual property. Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e- mail addresses, logos, people, places and events depicted herein are fictitious. Microsoft, Active Directory, ActiveX, BitLocker Drive Encryption, Excel, Forefront, Internet Explorer, PowerPoint, SharePoint Portal Server, SharePoint Services, SQL Server, Windows, Windows 7, Windows PowerShell, Windows Server, Windows Storage Server 2008, Windows Server 2008, Windows Server 2003, Windows XP and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. You have no obligation to give Microsoft any suggestions, comments or other feedback ("Feedback") relating to the documentation. However, if you do provide any Feedback to Microsoft then you provide to Microsoft, without charge, the right to use, share and commercialize your Feedback in any way and for any purpose. You also give to third parties, without charge, any patent rights needed for their products, technologies and services to use or interface with any specific parts of a Microsoft software or service that includes the Feedback. You will not give Feedback that is subject to a license that requires Microsoft to license its software or documentation to third parties because we include your Feedback in them.
Contents Introduction... 1 Windows Storage Server 2008 Overview... 3 Comparing Windows Storage Server 2008 to Windows Server 2008... 3 Comparing Windows Storage Server 2008 Editions... 5 Comparing Windows Storage Server 2008 Edition Specifications... 5 Identifying Windows Storage Server 2008 Storage Solution Advantages... 7 Exploring Windows Storage Server 2008 Features and Capabilities... 9 Providing Access to File Services Workloads... 10 Supporting File Services Workloads Using SMB... 10 Supporting File Services Workloads Using NFS... 10 Supporting File Services Workloads Using WebDAV... 11 Supporting File Services Workloads Using Windows SharePoint Services... 12 Providing Access to iscsi Block I/O Workloads... 12 Supporting iscsi Block I/O Workloads Using Microsoft iscsi Software Target... 13 Supporting iscsi Block I/O Workloads Using Microsoft iscsi Software Initiator... 16 Providing Access to Web Services Workloads... 16 Providing Access to Print Services Workloads... 17 Managing Windows Storage Server 2008... 19 Managing All Workloads... 19 Managing File Services Workloads... 20 Managing File Services Workloads Using File Server Resource Manager... 20 Managing File Services Workloads Using Share and Storage Management... 21 Managing DFS Namespaces and DFS Replication... 21 Managing Single Instance Storage... 22 Managing iscsi Block I/O Workloads... 24 Managing the Microsoft iscsi Software Target for iscsi Block I/O Workloads... 24 Managing the Microsoft iscsi Software Initiator for iscsi Block I/O Workloads... 25 Managing Web Services Workloads... 26 Managing Print Services Workloads... 27 Protecting Windows Storage Server 2008 Workload Data... 28 Using Windows Server Backup to Protect Data... 28 Using Shadow Copies of Shared Folders to Protect Data... 29 Using the Volume Shadow Copy Service to Protect Data... 30 Using DFS Replication to Protect Data... 31 Using System Center Data Protection Manager 2007 to Protect Data... 32 Using Virtual Disk Snapshots to Protect Data... 32 Using the Appcmd.exe Tool to Backup IIS Configuration... 33
ii Windows Storage Server 2008 Architecture and Deployment White Paper Using the PrintBRM.exe Tool to Backup Printer Information... 33 Securing Windows Storage Server 2008 Workloads... 34 Securing Windows Storage Server 2008 for All Workloads... 34 Securing File Services Workloads... 36 Securing iscsi Block I/O Workloads... 37 Securing Web Services Workloads... 38 Securing Print Services Workloads... 39 Improving Availability of Windows Storage Server 2008 Workloads... 39 Improving Availability of File Services Workloads... 40 Improving Availability of iscsi Block I/O Workloads... 42 Creating Highly-Available iscsi Targets... 42 Creating Highly-Available iscsi Initiators... 44 Improving Availability of Web Services Workloads... 46 Improving Availability of Print Services Workloads... 47 Improving Performance and Scalability for Windows Storage Server 2008 Solutions... 48 Improving Performance and Scalability for All Workloads... 48 Improvements in the Next Generation TCP/IP Protocol... 48 Improvements in Network Adapter Performance... 49 Reduction in Processor Utilization for I/O Operations... 50 Improving Performance and Scalability for File Services Workloads... 52 Review Improvements in the SMB Protocol... 53 Review SMB-based File Services Workload Test Results... 56 Improving Performance and Scalability for iscsi Block I/O Workloads... 59 Identify Methods for Improving iscsi Block I/O Workload Performance and Scalability... 59 Review I/O Storage Test Results... 61 Improving Performance and Scalability for Web Services Workloads... 62 Identify Methods for Improving Web Services Workload Performance and Scalability... 62 Review Web Services Workload Test Results... 62 Improving Performance and Scalability for Print Workloads... 63 Windows Storage Server 2008 Deployment Scenarios... 64 Overview of NAS Configurations... 64 Using Windows Storage Server 2008 as a Stand-alone NAS in Solutions... 64 Using Windows Storage Server 2008 as a Highly-Available NAS in Solutions... 65 Using Windows Storage Server 2008 as a NAS Gateway in Solutions... 66 Creating Branch Office Solutions... 68 Creating Highly-available Solutions... 75 Creating Solutions for Storage Consolidation... 76 Creating Small to Medium Business Solutions... 79 Creating Solutions for Heterogeneous Environments... 79 Creating Application Consolidation Solutions... 80 Creating Unified Storage Solutions... 81
iii Windows Storage Server 2008 Architecture and Deployment White Paper Creating Virtualization Solutions... 82 Conclusion... 84 More Information... 84
Introduction Windows Storage Server 2008 is the latest in the Windows Storage Server family of products and is based on the technologies and features found in Windows Server 2008. Windows Storage Server 2008, which is available through Windows Storage Server 2008 Partners, allows these OEM partners to provide unified storage solutions based on Windows Storage Server 2008. This white paper describes the features and technologies in Windows Storage Server, and how to create secure, extensible, scalable, and highlyavailable storage solutions, including file services, iscsi block input/output (I/O), Web services, and print services workloads. Windows Storage Server 2008 is built on Windows Server 2008 to create efficient and effective storage solutions. Microsoft OEM partners offer specialized hardware and additional software components to create network attached storage appliances running Windows Storage Server 2008. Windows Storage Server 2008 provides a unified solution for the following workloads: Files services. Provides access to files managed by the appliance for computers using file access protocols, such as Common Internet File System (CIFS) or Network File System (NFS). Provides access to files using the Server Message Block (SMB) version 2.0, NFS version 3.0, Web-based Distributed Authoring and Versioning (WebDAV), File Transfer Protocol (FTP) and Hypertext Transfer Protocol (HTTP) protocols. SMB 2.0 provides a superset of the features found in CIFS and provides improved performance and reliability over previous versions of SMB. iscsi Block storage services. Provides remote network attached storage that appears as a disk logical unit number (LUN) to other computers, which are connected using the Internet Small Computer System Interface (iscsi) standard. These services also provide high-performance access to remote disk LUNs using the iscsi industry standard and can act as an iscsi initiator or an iscsi target. Web services. Provides access to Web-based content and services, which can be accessed using HTTP, Hypertext Transfer Protocol Secure (HTTPS), WebDAV, or FTP. Windows SharePoint Services. Provides the ability to share documents, track tasks, use e-mail efficiently and effectively, and share ideas and information. The most common feature is to store files in document libraries, which supports check-in and check-out features, version control, and file history. Print services. Provides access to printers using Microsoft print services, Line Printer Daemon (LPD) services, or Internet printing services. The following table lists some of the problems and pain points that organizations have with network attached storage appliances, and how Windows Storage Server 2008-based appliances address them. Table 1. Network Attached Storage Appliance Problems and Pain Points Problem or pain point Dedicated or limited function appliance. Limited breadth of vendor support. Management of workloads. Minimal or no integration with existing authentication and authorization system. Windows Storage Server 2008 solution Provides servicing of multiple workloads on highly extensible Microsoft OEM vendor hardware platforms. Takes advantage of the breadth and depth of the software and hardware products provided by other vendors that are provided for Windows Server 2008. Uses familiar Windows Server management consoles. Integrates with Active Directory Doman Services (AD DS) and Active Directory Lightweight Directory Services.
2 Windows Storage Server 2008 Architecture and Deployment White Paper Problem or pain point Loosely integrated with clients that consume the services. Limited provisions for failover or fault tolerant configurations. Implements nonstandard or proprietary protocols or services. Limited protection of information stored on the appliance. Lack of comprehensive software update management. Ongoing operations and maintenance is labor intensive. Limited customization and extensibility. Limited disaster recovery. Windows Storage Server 2008 solution Designed to work "better together" with Windows operating systems, including Windows Vista and Windows 7, to provide optimal security, performance, scalability, availability, and manageability. Supports Windows Server Failover Clusters, Distributed File System (DFS), and Network Load Balancing for improved availability and fault tolerance in addition to the hardware fault tolerance features provide by the Microsoft OEM partner. Supports industry standard protocols and services that provide interoperability in heterogeneous environments. Supports a wide variety of security products and technologies, including BitLocker Drive Encryption, NTFS permissions, Share permissions, and Microsoft Forefront. Provides a set of software update management technologies and products for any sized organization, including Windows Update, Windows Software Update Services (WSUS), and Microsoft System Center Configuration Manager. Many on-going operations and management tasks can also be automated using System Center Configuration Manager or System Center Operations Manager. Many of the management consoles can be customized to include Microsoft OEM partner branding and the server software supports extensibility using any application programming interfaces (APIs) supported by Windows Server 2008. Provides Windows Server Backup as part of Windows Storage Server 2008, and supports other disaster recovery products from Microsoft, such as System Center Data Protection Manager, and from Microsoft partners.
3 Windows Storage Server 2008 Architecture and Deployment White Paper Windows Storage Server 2008 Overview Windows Storage Server 2008 is optimized for file workloads and includes additional technologies, such as deduplication of files using the Single Instance Storage (SIS) feature, full screen remote desktop control of storage server administration using Web RDP, and an iscsi target using the Microsoft iscsi Software Target, to provide a unified storage solution. Deduplication of files is a specific form of compression provided by the SIS feature that combines redundant files into a single instance of the file and links to the single instance to replace the previous file copies. This overview to Windows Storage Server 2008 includes the following topics: Comparing Windows Storage Server 2008 to Windows Server 2008. Comparing Windows Storage Server 2008 Editions. Comparing Windows Storage Server 2008 Edition specifications. Identifying Windows Storage Server 2008 solution advantages. Comparing Windows Storage Server 2008 to Windows Server 2008 The following lists features and technologies common to both Windows Storage Server 2008 and Windows Server 2008: Administration Tools.NET 3.0 BitLocker Drive Encryption Note BitLocker Drive Encryption does not work with failover clusters. BITS Server Extensions Desktop Experience DFS Namespace DFS Replication Note DFS Replication does not work with failover clusters. DHCP Server Failover Clustering Note Failover clustering is available only in the Enterprise edition of Windows Storage Server 2008. File Server Resource Manager (FSRM) Full Text Search Group Policy Management Console Integration with Windows Server ecosystems (including backup software, and antivirus software.) Internet Printing Client LPR Port Monitor Microsoft file services based on SMB 2.0 Microsoft Message Queuing (MSMQ) Multipath I/O Note Multipath I/O is available only in Standard and Enterprise editions of Windows Storage Server 2008. Network File System (NFS) Peer Name Resolution Protocol Remote Assistance Remove Desktop Connection
4 Windows Storage Server 2008 Architecture and Deployment White Paper Remote Differential Compression Remote Server Admin Tools RPC Over HTTP Proxy Simple TCP/IP Services SNMP Subsystem for UNIX-Based Applications (SUA) Telnet Server TFTP Client Windows Biometric Framework Windows Firewall with Advanced Security Windows Network Load Balancing Windows PowerShell Integrated Scripting Environment (ISE) Note Windows PowerShell ISE works only with the features that are common to Windows Server 2008 and Windows Storage Server 2008. Windows PowerShell ISE is not supported for storage features in Windows Storage Server 2008. Windows PowerShell Windows Process Activation Server Windows Server Backup Note Windows Server Backup does not work with failover clusters and does not support volumes larger than 2 terabyte. Windows Server Migration Tools WS-Management Windows Management Instrumentation (WMI) Although Windows Storage Server 2008 is based on the features and technologies in Windows Server 2008, there are some differences between the two products. Table 2 lists the feature and technology differences between the two products. Table 2. Windows Storage Server 2008 and Windows Server 2008 Differences Feature or technology Available through retail channels. Available only through Microsoft OEM partners. Supports deduplication of files using Single Instance Storage (SIS) v2. Supports acting as an iscsi target using Microsoft iscsi Software Target 3.2. Supports customized branding of user interface. Supports full screen remote desktop management using Web RDP. Optimized for file services workloads. Windows Server 2008 Windows Storage Server 2008
5 Windows Storage Server 2008 Architecture and Deployment White Paper Comparing Windows Storage Server 2008 Editions Windows Storage Server 2008, which provides key functionality to support any sized business and IT storage challenge, is available in the following editions: Windows Storage Server 2008 Basic. Basic is a cost-effective, entry-level technology foundation targeted at small business owners and IT generalists supporting small businesses. Basic provides support for less than 20 users, which require access to only Microsoft file services, print services, and Web services workloads in homogeneous environments. Windows Storage Server 2008 Workgroup. Workgroup is an entry-level technology foundation also targeted at small business owners and IT generalists supporting small businesses. Workgroup provides support for less than 50 users, which require access to file services using Microsoft file services or NFS, deduplication of files using Single Instance Storage, iscsi block I/O services, print services, and Web services workloads. Windows Storage Server 2008 Standard. Standard provides support for an unlimited number of users, who require access to file services using Microsoft file services or NFS, deduplication of files using Single Instance Storage, iscsi block I/O services, print services, and Web services workloads. Windows Storage Server 2008 Enterprise. Enterprise is an advanced platform that provides more cost-effective and reliable support for mission-critical workloads. Enterprise provides support for an unlimited number of users with maximum faulttolerance and scalability provided in a Windows Storage Server product. Comparing Windows Storage Server 2008 Edition Specifications Table 3 lists the capabilities of Windows Storage Server, and the support level for the capabilities in each edition of the product. Use the information in Table 3 to identify which Windows Storage Server 2008 edition is best suited for your organization. Note Unless otherwise noted in the following tables, assume that all editions support the features listed in the previous section, "Comparing Windows Storage Server 2008 to Windows Server 2008." Table 3. Comparison of Windows Server 2008 and Windows Storage Server 2008 Maximum system resources support Capabilities Basic Workgroup Standard Enterprise Supported processor architecture. 32-bit or 64-bit 64-bit 64-bit 64-bit Maximum number of processor sockets. 4 4 4 8 Maximum amount of memory. 4 GB (32-bit) or 32 GB (64-bit) 32 GB 32 GB 2 terabyte Maximum number of network adapters. 2 2 Unlimited Unlimited Number of disks supported. 4 4 Any Any Type of disk adapters supported. SATA Any Any Any Type of RAID supported. Any Any Any Any
6 Windows Storage Server 2008 Architecture and Deployment White Paper File services workload support Capabilities Basic Workgroup Standard Enterprise Maximum number of SMB connections supported. 20 50 Unlimited Unlimited NFS. DFS replication. File Services Resource Manager. Deduplication of files using Single Instance Storage. BitLocker Drive Encryption Other workload support Capabilities Basic Workgroup Standard Enterprise Microsoft iscsi Target Software. Note Some Microsoft partners include the Microsoft iscsi Software Target by default. Failover clusters. Optional Optional Optional Multipath I/O. Number of printers supported for Print Services workloads. 2 Any Any Any Fax services. DHCP Server services. Windows Search services. Windows Management Instrumentation. Windows Server Backup. Active Directory Lightweight Directory Services. For more information about the Microsoft iscsi Software Target specifications, see the section, "Identifying Microsoft iscsi Software Target Specifications" later in this white paper.
7 Windows Storage Server 2008 Architecture and Deployment White Paper Identifying Windows Storage Server 2008 Storage Solution Advantages Network attached storage appliances running Windows Storage Server 2008 have a number of advantages compared to other network attached storage appliances. Most of these advantages are because Windows Storage Server 2008 is based on Windows Server 2008. Advantages to creating storage solutions using Windows Storage Server 2008 include: Reduces time to realize efficient management. Because Windows Storage Server 2008 is based on Windows Server 2008, you can take advantage of your expertise with Windows Server. This familiarity dramatically can help reduce your learning curve so that you can quickly and efficiently plan, build, deploy, and operate storage solutions. Provides unified solution to storage management and operations. You can use the same set of tools and process to manage all the workloads supported by Windows Storage Server 2008. You can manage file services, iscsi block I/O services, Web services, and print services workloads using the well-known management consoles and utilities in Windows Storage Server 2008, instead of using a different set of management tools for each workload. Provides centralized storage for applications. The Microsoft iscsi Software Target component in Windows Storage Server 2008 allows you to create iscsi disk LUNs. Disk LUNs can be remotely mounted by application servers, such as Microsoft Exchange Server 2010 running on Windows Server operating systems, using the Microsoft iscsi Software Initiator or applications running on other operating systems, such as Linux, using other iscsi initiators. Reduces storage requirements. The Single Instance Storage feature in Windows Storage Server 2008 helps optimize storage capacity using built-in file deduplication. Single Instance Storage actively compares and eliminates identical files on file sharing volumes. Duplicate files are transparently replaced with file system links to the single copy retained in the SIS Common Store saving significant capacity. As a result, file serving performance is improved because more information can be cached by the operating system. In addition, protection and recovery by Single Instance Store-aware backup solutions can significantly reduce backup windows and recovery times. Reduces administration effort for storage solutions. You can automate repetitive administrative tasks using Windows PowerShell scripts in Windows Storage Server 2008. For example, you can draw on the large number of existing scripts developed by the partner and peer communities to further reduce the time required to achieve automation. You can also centrally manage many of the Windows Storage Server 2008 configuration settings using Group Policy. In addition, you can use other Microsoft products to further automate the administration of Windows Storage Server 2008, such as System Center Configuration Manager or System Center Operations Manager. Note You can only use Windows PowerShell to automate the features that are common to Windows Server 2008 and Windows Storage Server 2008. No Windows PowerShell providers exist for features that are specific to Windows Storage Server 2008. Resolves support issues faster, more precisely, and with less effort. Comprehensive Microsoft support for Windows Server products and the extensive community of partners and peers help you resolve storage-related issues with less effort. Much of this existing knowledge is integrated in the product or available online. In addition, many of the Microsoft management products, such as System Center Operations Manager, include knowledge from the product groups at Microsoft to help provide you with accurate and relevant information to resolve support issues. Secures digital assets. You can use the same extensive security products and technologies found in Windows Server 2008 to secure Windows Storage Server 2008, such as BitLocker Drive Encryption, NTFS permissions, Windows Firewall with
8 Windows Storage Server 2008 Architecture and Deployment White Paper Advanced Security, and IPsec. You can also use Microsoft and partner products to further strengthen the security of your storage solutions, such as Microsoft Forefront. Manages and operates your storage solution using your existing processes and procedures. You can manage and operate Windows Storage Server 2008 using the same IT processes and procedures that are currently used to manage Windows Server 2008. This helps protect your existing investment while developing custom processes and procedures. In addition, you can manage and operate Windows Storage Server using other products, such as System Center Configuration Manager or System Center Operations Manager 2007. Seamlessly integrates with your existing Windows IT infrastructure. Windows Storage Server 2008 integrates easily with existing Windows IT infrastructure services, such as AD DS and Remote Desktop Services Gateway. This level of integration also helps minimize any infrastructure remediation that may be required to deploy and operate your storage solution. Easily extends storage solutions. You can easily extend the features and services provided by Windows Storage Server 2008 using the large number of products and services provided by Microsoft partners or by developing your own solution. The broad range of well documented APIs and scripting languages can help you customize Windows Storage Server 2008 to meet your organization's requirements. Migrates from other storage solutions to Windows Storage Server 2008. You can migrate workloads from existing Windows Server operating systems to Windows Storage Server 2008 using highly-automated migration tools, such as the Windows Server Migration Tools. These tools help protect the integrity of your existing data while ensuring the current user permissions and security configuration is transferred to Windows Storage Server 2008. In addition, many Microsoft partners produce products to help in migrating workloads to Windows Server products. Minimizes storage solution adoption risk. Because Windows Storage Server 2008 is based on Windows Server 2008, you can minimize the risk of adoption for your new storage solution. Your IT organization and users are less likely to experience difficulties in using and operating Windows Storage Server 2008 because they are already familiar with Windows Server 2008. You can use many of the existing tools, Microsoft Solution Accelerators, and best practice guidance to help make certain that the planning, deployment, and ongoing operations of Windows Storage Server 2008 succeed.
9 Windows Storage Server 2008 Architecture and Deployment White Paper Exploring Windows Storage Server 2008 Features and Capabilities Windows Storage Server 2008 includes a rich set of features and capabilities to help service multiple workloads, unlike dedicated or single function network attached storage appliances. These features and capabilities allow Windows Storage Server 2008 to act as a unified platform to manage various workloads, as illustrated in Figure 1. Figure 1. Workloads supported by Window Storage Server 2008 These features and capabilities help you provide access to: File services workloads.
10 Windows Storage Server 2008 Architecture and Deployment White Paper iscsi block I/O workloads. Web services workloads. Print services workloads This section includes the following topics: Providing access to file services workloads. Providing access to iscsi block I/O workloads. Providing access to Web services workloads. Providing access to print services workloads. Providing Access to File Services Workloads File services workloads allow computers to access files and folders stored on network access storage appliances. Windows Storage Server 2008 can support file services workloads in homogeneous Windows network environments or heterogeneous network environments with a variety of operating systems, as illustrated in Figure 1. Windows Storage Server 2008 provides support for homogeneous or heterogeneous file services workloads using the following protocols or features: SMB NFS WebDAV Windows SharePoint Services Supporting File Services Workloads Using SMB The SMB protocol in Windows Storage Server 2008 provides access to files and folders for client computers using the SMB or CIFS protocols. Windows-based client computers use the SMB protocol while other operating systems typically use the CIFS protocol. The File Services server role in Windows Storage Server 2008 supports both SMB version 2.0, which is highly-optimized for use with Windows Vista Service Pack 1 (SP1) and Windows 7, and the prior version of SMB for previous Windows operating systems. Some network access storage appliances that are not running Windows Storage Server 2008 implement generic CIFS-based file services that implement only older versions of SMB and lack the performance advantages and improved reliability of SMB version 2.0. For more information about the improvements available in SMB version 2.0, see the "Review Improvements in File Services" section later in this white paper. Select this protocol to support homogeneous or heterogeneous environments that contain: Windows-based computers that use Client for Microsoft Networks to access file services workloads using the SMB protocol. Computers running other operating systems that access file services workloads using the CIFS protocol. Supporting File Services Workloads Using NFS Windows Storage Server 2008 supports access to file services workloads using the NFS protocol version 3.0 with the Services for Network File System role service. The NFS protocol allows any NFS client computer to access files and folders managed by Windows Storage Server 2008 using version 2 and version 3 of the NFS protocol.
11 Windows Storage Server 2008 Architecture and Deployment White Paper The Services for Network File System role service includes the following components: Server for NFS. This component allows a computer running Windows Storage Server 2008 and Server for NFS to service NFS client computer requests. Client for NFS. This component allows a computer running Windows Storage Server 2008 and Client for NFS to access NFS mount points on NFS servers. The Server for NFS component is required to support file services workloads using NFS. This component includes the Services for NFS snap-in, and a number of command-line tools for managing it. Note The Server for NFS component supports NFS version 2.0 and version 3.0. The Services for NFS supports the following versions of UNIX: Sun Microsystems Solaris version 9 Red Hat Linux version 9 IBM AIX version 5L 5.2 Hewlett Packard HP-UX version 11i The Server for NFS component allows you to share a folder as a NFS exported folder (also known as a NFS shared folder). A computer running an NFS client can mount the NFS exported folder into the local file system of the operating system running on the computer. For computers running Windows, the NFS client allows access to the NFS exported folder using a universal naming convention (UNC) path or by mapping the NFS exported folder to a drive letter. The Server for NFS component can use Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS) for identity management. In Windows Storage Server 2008, Windows Server 2008, and later Windows Server operating systems, the Identity Management for UNIX Active Directory schema extension includes the UNIX user identifier (UID) and group identifier (GID) fields. This enables Server for NFS and Client for NFS to look up Windows-to-UNIX user account mappings directly from AD DS or AD LDS. Select this protocol to support heterogeneous environments that contain computers running an NFS client that access file services workloads using the NFS protocol. For more information about: Installing and configuring the Services for Network File System role service, see Services for NFS Step-by-Step Guide for Windows Server 2008. Enabling identity mapping with Windows in an environment without an Active Directory domain using AD LDS, see AD LDS Identity Mapping for Services for NFS. Supporting File Services Workloads Using WebDAV The WebDAV protocol is a set of extensions to the HTTP protocol that enables file management over any IP network. Client computers running a WebDAV redirector can access file services workloads using the WebDAV protocol. All current Windows operating systems include a WebDAV redirector. Other operating systems also include a WebDAV redirector, which provides support for homogeneous and heterogeneous environments. Windows Storage Server 2008 includes version 7.5 of the WebDAV extension module for Internet Information Services (IIS) 7.0. The WebDAV extension module is available as a separate download for: 32-bit versions of Windows Storage Server 2008 at WebDAV 7.5 for IIS 7.0 (x86). 64-bit versions of Windows Storage Server 2008 at WebDAV 7.5 for IIS 7.0 (x64). WebDAV 7.5 is the latest version of WebDAV for Windows Storage Server 2008, and includes the following improvements: Integration with IIS 7.0. IIS 7.0 has a new administration interface and configuration store. The new WebDAV extension module is tightly integrated with this new design.
12 Windows Storage Server 2008 Architecture and Deployment White Paper Also, the new WebDAV extension module integrates with the Internet Information Services Manager console to provide ease of administration. Per-site Configuration. WebDAV 7.5 can be enabled at the site level. Previous versions of WebDAV only allowed you to enable WebDAV at the server level. Per-URL Security Settings. WebDAV 7.5 supports per-url authoring rules, allowing you to specify custom WebDAV security settings on a per-url basis. These authoring rules are separate from the IIS 7.0 per-url authorization rules, thereby allowing one set of security settings for normal HTTP requests, and a separate set of security settings for WebDAV requests. Select this protocol to support heterogeneous environments that contain computers running WebDAV redirectors that need to access the file services workloads using the HTTP or HTTPS protocol. For more information about providing WebDAV support on Windows Storage Server 2008, see WebDAV for IIS 7.0. Supporting File Services Workloads Using Windows SharePoint Services Microsoft Windows SharePoint Services 3.0 allows users to collaborate with each other using either HTTP or HTTPS. Windows SharePoint Services include a number of collaboration features, but the feature specific to file services is the document library feature. Client computers can access the document libraries using either protocol. Computers running Windows can also access the document libraries through Windows Explorer. Also, Microsoft Office System client applications, such as Microsoft Word 2007 or Excel 2007, support opening and saving files to document libraries directly within the application. Document libraries include the ability to check in and check out files to help maintain version control. In addition, you can configure document libraries to retain a specified number of versions for each file in the document library, which allows you to easily restore a previous version of a file and track version history. For more information about providing Windows SharePoint Services 3.0 support on Windows Storage Server 2008, see Microsoft Windows SharePoint Services 3.0. Providing Access to iscsi Block I/O Workloads iscsi block I/O workloads are another type of workload provided by most network access storage appliances. iscsi block I/O workloads include both a server component (iscsi target) and a client component (iscsi initiator), as illustrated in Figure 2. As an iscsi initiator, Windows Storage Server 2008 is used to connect to external iscsi targets, such as a SAN. As an iscsi target, Windows Storage Server 2008 is used to support iscsi block IO workloads for applications, such as SQL Server 2008 or Exchange Server 2010. Note When Windows Storage Server 2008 is deployed in a NAS gateway scenario, Windows Storage Server 2008 can be an iscsi, Serial Attached SCSI (SAS), or FibreChannel initiator based on the type of storage being accessed. For more information, see the section "Using Windows Storage Server 2008 as a NAS Gateway in Solutions," later in this white paper.
13 Windows Storage Server 2008 Architecture and Deployment White Paper Figure 2. iscsi block I/O workloads supported by Windows Storage Server 2008 Windows Storage Server 2008 supports iscsi block I/O workloads using the iscsi standard. Windows Storage Server can function as an iscsi target (the server component) or an iscsi initiator (the client component). This allows a large number of configuration options for iscsi block I/O workload solutions. Supporting iscsi Block I/O Workloads Using Microsoft iscsi Software Target The Microsoft iscsi Software Target version 3.2 in Windows Storage Server 2008 provides iscsi target functionality. The Microsoft iscsi Software Target version 3.2 is the latest version of the iscsi target software and is typically an optional component in Window Storage Server 2008 Workgroup, Standard, and Enterprise editions. Note Some Microsoft partners include the Microsoft iscsi Software Target by default.
14 Windows Storage Server 2008 Architecture and Deployment White Paper For more information about the Microsoft iscsi Software Target version 3.2 in Windows Storage Server 2008, see Microsoft iscsi Software Target. Identifying Microsoft iscsi Software Target Specifications Table 4 lists the specifications for the Microsoft iscsi Software Target version 3.2. These specifications are applicable to all Windows Storage Server 2008 editions that include the Microsoft iscsi Software Target version 3.2. Table 4. Microsoft iscsi Software Target Version 3.2 Specifications Specification Value Maximum number of iscsi target instances per appliance. 64 Maximum number of virtual disk per iscsi target instance. 128 Maximum number of snapshots per virtual disk. 128 Maximum number of virtual disks per appliance. 512 Maximum number of virtual disks or snapshots that can be locally mounted by the appliance. 32 (or 4 per cluster node) Maximum number of iscsi initiators per appliance. 64 Maximum number of iscsi initiators that can connect to the same iscsi target instance. Maximum number of iscsi initiator sessions that can connect to the same iscsi target instance. IPv4. IPv6. TCP offload. iscsi offload. Jumbo frames. IPsec. 16 64 Yes Yes Yes No Yes Yes Note Network adapter teaming, also known as NIC teaming, is not supported for the Microsoft iscsi Software Target or Microsoft iscsi Software Initiator. Windows Storage Server 2008 includes support for single path and multipath I/O connections to nonclustered and clustered configurations. Multipath I/O connections allow for improved fault-tolerance and performance for iscsi block I/O workloads. The Microsoft iscsi Software Initiator includes a multipath I/O Device Specific Module (DSM) for the Microsoft Multipath I/O (MPIO) in Windows Server. Table 5 lists the support for the Microsoft iscsi Software Initiator and the Microsoft iscsi Software Target with single or multipath I/O connections when connecting to nonclustered or clustered configurations. For more information about multipath I/O, see the section "Improving Availability of iscsi Block I/O Workloads," later in this white paper. Table 5. Support for Single or Multipath IO Connections for Non-Clustered or Clustered Configurations Specification Nonclustered Clustered Windows Server 2008 (multipath I/O connection) Supported Supported Windows Server 2008 (single path I/O connection) Supported Limited *
15 Windows Storage Server 2008 Architecture and Deployment White Paper Specification Nonclustered Clustered Windows Server 2008 (multipath I/O connection) Supported Limited * Windows Server 2003 (single path I/O connection) Supported Limited * * There is limited support for iscsi initiators or iscsi targets in clustered configurations of Windows Server 2003 when connected to the Microsoft iscsi Software Target. Failures on the iscsi network path may result in delayed failover and recovery times. Failures for non-network related issues have been tested with acceptable recovery times. For these reasons, we recommend to use Windows Server 2008 or Windows Server 2008 R2 in clustered configurations when connecting to the Microsoft iscsi Software Target. Note The limitation for iscsi initiators or iscsi targets in clustered configurations of Windows Server 2003 is specific to Microsoft iscsi Software Target usage. Customers using a different iscsi target should refer to the storage array vendor for supported configurations. Identifying Microsoft iscsi Software Target Support for iscsi Initiators Microsoft iscsi Software Target version 3.2 supports the following iscsi initiators: Microsoft iscsi Software Initiator 2.07 and 2.08 in Windows Server 2003. Microsoft iscsi Software Initiator in Windows Server 2008 SP1 and SP2. Microsoft iscsi Software Initiator in Windows Server 2008 R2. Microsoft iscsi Software Initiator in Windows Vista. Microsoft iscsi Software Initiator in Windows 7. Qlogic initiator QLE4062C-SP, firmware 3.00.01.24. RedHat Enterprise Linux iscsi Initiator version 5.x. SuSE Enterprise Linux iscsi Initiator version 10.x. Identifying Microsoft iscsi Software Target Support for VSS and VDS Providers Microsoft iscsi Software Target version 3.2 includes a hardware provider for: Volume Shadow Copy Service (VSS). VSS is a set of APIs that implement a framework to allow volume backups to be performed while applications on a system continue to write to the volumes. iscsi snapshots are created using VSS and a storage array with a hardware provider designed for use with VSS. The Microsoft iscsi Software Target VSS Hardware Provider is required to create transportable snapshots of iscsi virtual disks and application-consistent snapshots from iscsi initiators. Install this hardware provider on the computer running the iscsi initiator and the computer that is to perform backups. The backup software must support transporting snapshots. Virtual Disk Service (VDS). VDS is a set of APIs that provides a single interface for managing disks. VDS provides an end-to-end solution for managing storage hardware and disks, and for creating volumes on those disks. The Microsoft iscsi Software Target VDS Hardware Provider is required to manage virtual disks on a storage subsystem. Install the Microsoft iscsi Software Target VDS Hardware Provider on each iscsi initiator computer running a storage management application (such as the Microsoft Storage Manager for SANs) that uses the hardware provider to manage storage The most recent version of these hardware provider APIs is Microsoft iscsi Software Target VSS Hardware Provider version 3.2 and Microsoft iscsi Software Target VDS Hardware Provider version 3.2. Note Microsoft iscsi Software Target version 3.2 supports only version 3.2 of the Microsoft iscsi Software Target VSS Hardware Provider, and Microsoft iscsi Software Target VDS
16 Windows Storage Server 2008 Architecture and Deployment White Paper Hardware Provider. Prior versions of the hardware providers are not supported by Microsoft iscsi Software Target version 3.2. The Microsoft iscsi Software Target VSS Hardware Provider version 3.2 and the Microsoft iscsi Software Target VDS Hardware Provider version 3.2 support the following operating systems: Windows Server 2008 R2 RTM. 32-bit or 64-bit versions of Windows Server 2008 SP1. 64-bit versions of Windows Storage Server 2008 RTM. 32-bit or 64-bit versions of Windows Server 2003 SP2. The following operating systems are not supported by Microsoft iscsi Software Target VSS Hardware Provider version 3.2 and Microsoft iscsi Software Target VDS Hardware Provider version 3.2: Any Windows client operating system, including Windows XP, Windows Vista, and Windows 7. 32-bit version of Windows Storage Server 2008. Supporting iscsi Block I/O Workloads Using Microsoft iscsi Software Initiator The Microsoft iscsi Software Initiator version 2.08 in Windows Storage Server 2008 provides iscsi initiator functionality. Table 6 lists the Windows operating systems that support the Microsoft iscsi Software Initiator and how the initiator support is provided for that operating system. Table 6. Windows Operating System and Microsoft iscsi Software Initiator Support Windows operating system Windows Server 2008 R2 RTM Windows 7 RTM Windows Server 2008 RTM Windows Storage Server 2008 RTM Windows Vista RTM Support Included in the operating system. Included in the operating system. Included in the operating system. Included in the operating system. Included in the operating system. Windows Server 2003 RTM Download Microsoft iscsi initiator version 2.08. Windows 2000 Server SP4 Download Microsoft iscsi initiator version 2.08. Windows XP Download Microsoft iscsi initiator version 2.08. Note Network adapter teaming, also known as NIC teaming, is not supported for the Microsoft iscsi Software Initiator. Providing Access to Web Services Workloads Unlike most network access storage appliances, Windows Storage Server 2008 supports Web services workloads. Web services workloads allow users to access Web-based content stored on Windows Storage Server 2008 appliances. Windows Storage Server 2008 can support Web services workloads in homogeneous Windows network environments or heterogeneous network environments that include a variety of operating system. Windows Storage Server 2008 provides support for homogeneous or heterogeneous Web services workloads using the protocols listed in Table 7.
17 Windows Storage Server 2008 Architecture and Deployment White Paper Table 7. Protocols Supported for Web Services Workloads Protocol HTTP HTTPS FTP Support description Provides: Access to traditional Web-based content accessed through Web browsers. The foundation for the WebDAV protocol used in accessing file services workloads. The foundation for Web-based remote administration using Terminal Services Web Access. Provides support for the Internet Printing role service. Simplified file transfer, download only, for the same files and folders accessed using any of the file services workloads protocols, which can be essential in some heterogeneous environments. Provides the same level of support as HTTP, but includes additional security protection of using secure sockets layer (SSL) encryption between clients and Windows Storage Server 2008. Provides a simplified file transfer, upload or download, using the same folders that can be accessed using any of the file services workloads protocols, which can be essential in some heterogeneous environments. File transfer can be performed using Windows Internet Explorer, a mapped drive, a UNC path, or from a command line. Windows Storage Server 2008 supports ASP and ASP.NET applications, any applications or services supported by IIS 7.0, and any applications or services based on.net Framework version 1.1 with SP1 or later. For more information about: IIS 7.0, see The Official Microsoft IIS Site. The Web Server (IIS) server role, see Web Server (IIS). Providing Access to Print Services Workloads Another advantage to using Windows Storage Server 2008-based appliances is the ability to support print services workloads. Print services workloads allow users to access printers managed by Windows Storage Server 2008 appliances. Windows Storage Server 2008 can support print services workloads in homogeneous Windows network environments or heterogeneous network environments that include a variety of operating system. Windows Storage Server 2008 provides support for homogeneous or heterogeneous print services workloads using the Print Server role services listed in Table 8.
18 Windows Storage Server 2008 Architecture and Deployment White Paper Table 8. Print Server Role Services Supported for Print Services Workloads Role Service Print Server Line Printer Daemon (LPD) Service Internet Printing Support description Provides support for Windows-based computers running Client for Microsoft Networks. The Print Server role service is a mandatory role service for the Print Services role. When the Print Server role is installed, the Print Services Tools Remote Server Administration Tool feature is also installed. The Print Management Console (PMC) is then accessible from Server Manager, Administrative Tools, or as an MMC snap-in. Although the installation of the Print Server role service does not require a system restart, the removal of the role service does. Select this Print Server role service to support any print services workloads in Windows Storage Server 2008. If you are supporting only Windows-based computers that are printing with your homogeneous environment, select only this role service. Provides support for computers that run Line Printer Remote (LPR), typically used in heterogeneous environments. The LDP Service is an optional Print Services role service. The LPD Service installs and starts the TCP/IP Print Server (LPDSVC) service which is implemented in lpdsvc.dll. When the LPD Service is installed, an inbound firewall exception for TCP port 515 is created. There is no configuration necessary for the LPD service. However, the installation of the service does require a restart of the Print Spooler service, which is done automatically during installation. If the Print Spooler service is stopped or restarted after the LPD Service is installed, the TCP/IP Print Server service is also stopped and you must restart it manually. Select this Print Server role service to support LPR clients in heterogeneous environments. Provides support for computers that run an Internet Printing client, typically used in heterogeneous environments or to print over the Internet. Internet Printing provides access to shared printers using the Internet Printing Protocol (IPP) that is encapsulated in HTTP. In order to install the Internet Printing role service, the Print Services and Web Server roles must also be installed. Select the Printer Server role services when clients must print to printers using the only HTTP protocol. For more information about: The Print Services server role, see: Print and Document Services. WS2008: The Print Services Role. Printer management in Windows Storage Server 2008, see Print Management.
19 Windows Storage Server 2008 Architecture and Deployment White Paper Managing Windows Storage Server 2008 You can manage Windows Storage Server 2008 using the management features in each of the following areas: Management of all workloads Management of file services workloads Management of iscsi block I/O workloads Management of Web services workloads Management of Print services workloads Managing All Workloads Windows Storage Server 2008 supports the following tools, features, and technologies for managing all workloads: Initial Configuration Tasks window. After installing Windows Storage Server 2008, and before deploying the new appliance in your enterprise, some configuration is required to identify the appliance to other computing resources on your network, secure the appliance, enable administrators to perform tasks on the appliance, and customize the appliance by adding server roles and features. You can complete these tasks by using commands in the Initial Configuration Tasks window, which opens immediately after the operating system installation is complete. For more information about the Initial Configuration Tasks window, see Windows Server Initial Configuration Tasks. Server Manager. Server Manager in Windows Storage Server 2008 provides a single source for managing a server's identity and system information, displaying server status, identifying problems with server role configuration, and managing all roles installed on the server. For more information about Server Manager, see Server Manager. Remote Desktop Services Connection. You can remotely manage Windows Storage Server 2008 using the Remote Desktop Connection feature. This feature requires the Remote Desktop Client to be installed on the computer used to manage Windows Storage Server 2008, and the feature uses the remote desktop protocol (RDP) to communicate with Windows Storage Server 2008. For more information, see Terminal Services in Windows Server 2008. Remote Desktop Services Web Connection. This feature requires only Internet Explorer to be installed on the computer used to manage Windows Storage Server 2008. You make the initial connection to Windows Storage Server 2008 using Internet Explorer and the Terminal Services Web Access Web site. Then you connect to Windows Storage Server 2008 using the Microsoft ActiveX control included in Remote Desktop Client version 6.1 and later versions. For more information, see Terminal Services Web Access (TS Web Access). Microsoft Remote Server Administration Tools (RSAT). RSAT allows you to remotely manage roles and features in Windows Storage Server 2008 from a computer running Windows Vista SP1 or a later Windows operating system. You can run RSAT on 32-bit or 64-bit Windows operating systems, and you also can use it to manage 32-bit or 64-bit versions of Windows Storage Server 2008. For more information about RSAT, see Description of Windows Server 2008 Remote Server Administration Tools for Windows Vista Service Pack 1, Description of Remote Server Administration Tools for Windows 7, and Remote Server Administration Tools Pack. Group Policy. Group Policy provides an infrastructure for centralized configuration management of Windows Storage Server 2008, and the applications and services running on Windows Storage Server 2008. You can use Group Policy on any
20 Windows Storage Server 2008 Architecture and Deployment White Paper Windows Storage Server 2008 appliance that is a member of an Active Directory domain. For more information, see Group Policy. Windows PowerShell. Windows PowerShell is a task-based command-line shell and scripting language designed especially for system administration. Windows PowerShell is built on the Microsoft.NET Framework and is designed to help you automate the administration of Windows Storage Server 2008, and the applications and services that run on Windows Storage Server 2008. A vast library of existing Windows PowerShell scripts reduces the effort and learning curve for using Windows PowerShell to automate administrative tasks. For more information, see Windows PowerShell. Telnet. You can use any Telnet client to create a remote command console session on a Windows Storage Server 2008 appliance. You can run command line programs, and scripts in the remote command console session just as if you were locally logged on to the host and using a local Command Prompt window. For more information, see Telnet. Managing File Services Workloads Managing file services workloads includes managing disk volumes, the folder structure to store the files, and the files themselves. You manage file services workloads running on Windows Storage Server 2008 by using: File Server Resource Manager. Share and Storage Management. DFS management tools. Single Instance Storage management tools. Managing File Services Workloads Using File Server Resource Manager File Server Resource Manager is a suite of tools in Windows Storage Server 2008 that enables you to place storage limits on volumes and folders, prevent users from saving specific file types to the server, and generate comprehensive storage reports. File Server Resource Manager not only helps you efficiently control and monitor existing storage resources from a central location, it also aids in the planning and implementation of future changes to the storage infrastructure. With the File Server Resource Manager snap-in, you can perform three tasks to manage storage resources on local or remote servers: Quota management. Set soft or hard space limits on a volume or folder tree. You can create and apply quota templates with standard quota properties. File screening management. Define filtering rules that monitor or block attempts by users to save certain file types on a volume or folder tree. You can create and apply screening templates with standard file exclusions. Storage reports management. Generate built-in reports to track quota usage, file screening activity, and patterns of storage use. You can also apply quota and file screening policies when you provision a shared folder, or through a command-line interface. For more information, see File Server Resource Manager.
21 Windows Storage Server 2008 Architecture and Deployment White Paper Managing File Services Workloads Using Share and Storage Management Share and Storage Management in Windows Storage Server 2008 provides a centralized location for you to perform: Shared resource management. You can configure shared folders for SMB or NFS protocols and DFS settings using Share and Storage Management. You can perform the following tasks using this tool: Specify the folder or volume that you want to share or create a new folder to share. Specify the network sharing protocol used to access the shared resource. Manage the local NTFS permissions for the folder or volume you will be sharing. Manage the share access permissions, user limits, and offline access to files in the shared resource. Publish the shared resource to a DFS namespace. Manage NFS-based access permissions for the shared resource. If File Server Resource Manager is installed, apply storage quotas to the new shared resource, and create file screens to limit the type of files that can be stored in it. Stop the sharing of a folder or volume. See which users are currently accessing a folder or a file and disconnect a user if necessary. Storage management. You can manage storage on disks available on your server, or on storage subsystems that have a VDS Hardware Provider using Share and Storage Management, such as the Microsoft iscsi Software Target VDS Hardware Provider. You can perform the following tasks using this tool: Extend the size of a volume. Format a volume. Delete a volume. Change volume properties like compression, security, offline availability and indexing. Access disk tools for error checking, defragmentation, and backup. For more information about Share and Storage Management, see Overview of Share and Storage Management. Managing DFS Namespaces and DFS Replication The Distributed File System (DFS) technologies offer wide area network (WAN)-friendly replication as well as simplified, highly-available access to geographically dispersed files. The technologies in DFS include the following: DFS Namespaces. DFS Namespaces lets you group shared folders located on different servers into one or more logically structured namespaces. Each namespace appears to users as a single shared folder with a series of subfolders. This structure increases availability and automatically connects users to shared folders in the same AD DS site, when available, instead of routing them over WAN connections. DFS Replication. DFS Replication is an efficient, multiple-master replication engine that you can use to keep folders synchronized between servers across limited bandwidth network connections. DFS Replication uses a new compression algorithm known as remote differential compression (RDC), which replaces the File Replication Service (FRS) as the replication engine for DFS Namespaces, as well as AD DS SYSVOL folder replication in domains that use the Windows Server 2008 domain functional level.
22 Windows Storage Server 2008 Architecture and Deployment White Paper RDC is a "diff-over-the wire" client-server protocol that can be used to efficiently update files over a limited-bandwidth network. RDC detects insertions, removals, and re-arrangements of data in files, enabling DFS Replication to replicate only the changed file blocks when files are updated. This can greatly reduce the amount of traffic transferred over limited-bandwidth networks, such as in Branch office locations. You can manage DFS Namespaces and DFS Replication using the: The DFS Management snap-in hosted by Server Manager. The DFS Management snap-in from the Administrative Tools folder. The following command line tools: DfsUtil.exe DfsCmd.exe DfsDiag.exe DfsrAdmin.exe DfsrDiag.exe You also can use DFS to replicate files and folders in geographically dispersed environments so that users have a local copy of the files and folders. In addition, you can replicate files and folders to another location using DFS for disaster recovery scenarios. For more information about: DFS, see Distributed File System. Managing DFS Namespaces and DFS Replication, see DFS Management. Using DFS to replicate file services workloads for disaster recovery scenarios, see the section "Using DFS Replication to Protect File Services Workload Data," later in this white paper. For more information about DFS Replication, see Replication. Managing Single Instance Storage The Single Instance Storage feature in Windows Storage Server 2008 reduces the amount of space used to store data on a volume. Single Instance Storage does this by replacing duplicate files with logical links that point to a single copy of the file in the SIS Common Store, which is a hidden folder located in the root directory of the volume. Identifying Single Instance Storage Architecture Single Instance Storage consists of the following components that together maintain a database of file signatures: Groveler service. The Groveler service scans the hard-disk volumes on a server for duplicate copies of files. The Groveler discovers duplicate files and initiates the deduplication of files. The Groveler service runs in user-mode. Single Instance Storage Filter. The Single Instance Storage Filter is a file system filter service that redirects reads to the common store and performs the replacement of file pointers when users begin changing a duplicate file. The Single Instance Storage Filter runs in kernel mode. For more information about: The Single Instance Storage feature, see Single Instance Storage. Managing Single Instance Storage using Sisadmin.exe, see Managing SIS Using SisAdmin.exe. Identifying Single Instance Storage Management Tools You can enable or disable Single Instance Storage on a volume through the Share and Storage Management console, but the primary administration tool for this feature is Sisadmin.exe. You can also automate the administration of Single Instance Storage using Windows PowerShell scripting or any other scripting language that supports WMI.
23 Windows Storage Server 2008 Architecture and Deployment White Paper Indentifying Single Instance Storage Specifications Table 9 lists the specifications for the Single Instance Storage feature in Windows Storage Server 2008. Table 9. Single Instance Storage Feature Specifications in Windows Storage Server 2008 Specification Value Maximum number of volumes per appliance. 128 Failover cluster support. Ability to undo single instancing of files. WMI support. Minimum file size supported. Supports replication of files using DFS Replication. Requires volumes to be formatted as NTFS. Supports system drives. Supports boot drives. Supports remote drives. Support files with extended attributes. Support backup of single instance of file using Single Instance Storage APIs in sisbkup.dll. Yes Yes Yes 32 KB Yes Yes No No No No Yes Indentifying Typical Reduction in Storage Usage Using Single Instance Storage Microsoft IT, the internal IT organization within Microsoft, deployed Single Instance Storage on 274 servers on the Microsoft internal network to help reduce the file storage used by file services workloads. Table 10 lists the results that Microsoft realized by using Single Instance Storage. Table 10. Microsoft IT Reduction in Storage Usage Using Single Instance Storage Server Type Average space savings % Server number sampled Actual server number Total space savings (GB) Client Software Install Shares Hub 33% 22 34 2,299.76 Client Software Install Shares Branch Office 24% 70 111 1,839.27 Server Software Install Shares 48% 21 34 1,607.52 International Version Product Shares 42% 2 2 859.00 Archived Products 63% 2 2 1,090.00 Remote Installation Services 40% 52 91 277.55 Total 54% 169 274 7,973.10
24 Windows Storage Server 2008 Architecture and Deployment White Paper For more information about how Microsoft IT reduced storage usage by 25 percent to 40 percent, download Microsoft IT Showcase: Single Instance Storage in Microsoft Windows Storage Server 2003 R2. Managing iscsi Block I/O Workloads The types of management tasks for disk block I/O workload include managing iscsi targets, virtual disks, and connections to storage arrays. You can manage iscsi block I/O workloads running on Windows Storage Server 2008 for the following components: Microsoft iscsi Software Target Microsoft iscsi Software Initiator Managing the Microsoft iscsi Software Target for iscsi Block I/O Workloads The Microsoft iscsi Software Target feature allows Windows Storage Server 2008 appliances to act as an iscsi target. You can manage this feature by using the: Microsoft iscsi Software Target snap-in. Share and Storage Management console. Managing the Microsoft iscsi Software Target Using Microsoft iscsi Software Target Snap-in Typical tasks that you use the Microsoft iscsi Target snap-in to perform include managing: iscsi targets. iscsi targets are the logical endpoint to which an iscsi initiator connects. Typically, you assign just one iscsi initiator to each iscsi target. If you assign multiple iscsi initiators to the same iscsi target, there is a potential for conflict between the computers running the iscsi initiators. The most typical reason for assigning multiple iscsi initiators to the same iscsi target is for shared storage in failover clusters. You manage iscsi targets using the iscsi Targets node in the Microsoft iscsi Software Target snap-in. Virtual disks. Virtual disks are the LUNs that the computer running an iscsi initiator uses. An iscsi target can manage multiple virtual disks, but a virtual disk can only be managed by one iscsi target. You manage virtual disks using the iscsi Targets node in the Microsoft iscsi Software Target snap-in. Virtual disk snapshots. Virtual disk snapshots are point-in-time copies of virtual disks that you can use to back up active virtual disks for disaster recover scenarios or to restore a LUN to a previous state. You manage virtual disks using the Snapshots node in the Microsoft iscsi Software Target snap-in. For more information about using virtual disk snapshots for backup and in disaster recovery scenarios, see the section "Using Virtual Disk Snapshots to Protect iscsi Block I/O Workload Data," later in this white paper. Managing the Microsoft iscsi Software Target Using Share and Storage Management Console You can manage storage on the Microsoft iscsi Software Target using Share and Storage Management. The Microsoft iscsi Software Target includes the Microsoft iscsi Software Target VDS Hardware Provider that allows LUNs on Windows Storage Server 2008 to be managed by any application that uses VDS, such as Share and Storage Management. For more information about the Microsoft iscsi Software Target VDS Hardware Provider, see the previous section, "Identifying Microsoft iscsi Software Target Support for VSS and VDS Providers" in this white paper. For more information about Share and Storage Management, see Overview of Share and Storage Management.
25 Windows Storage Server 2008 Architecture and Deployment White Paper For more information about managing Microsoft iscsi Software Target for iscsi block I/O workloads, see: Configuring the Microsoft iscsi Software Target. Microsoft iscsi Software Target. Managing the Microsoft iscsi Software Initiator for iscsi Block I/O Workloads The Microsoft iscsi Software Initiator enables you to connect Windows operating systems to an external iscsi-based storage array, such as the Microsoft iscsi Software Target, through an Ethernet network adapter. All current Windows operating systems support the Microsoft iscsi Software Initiator, and the most current version of the Microsoft iscsi Software Initiator is version 2.08. The Microsoft iscsi Software Initiator in Windows Storage Server 2008 allows the server software to connect to other external iscsi-based storage arrays, such as those described in the section "Using Windows Storage Server 2008 as a NAS Gateway in Solutions," later in the white paper. You can manage the Microsoft iscsi Software Initiator by using the: Graphical user interface in the Microsoft iscsi Software Initiator. iscsi Control Panel configuration utility (iscsicpl.exe). iscsicli.exe tool from a command line. For more information about managing the Microsoft iscsi Software Initiator, see the Microsoft iscsi Initiator Step-by-Step Guide.
26 Windows Storage Server 2008 Architecture and Deployment White Paper Managing Web Services Workloads Web services workloads in Windows Storage Server 2008 can be managed by any of the management methods available for IIS 7.0. The management tools available for managing IIS 7.0, and for managing Web services workloads, are listed in Table 11. Table 11. Tools for Managing Web Services Workloads in Windows Storage Server 2008 Tool Internet Information Services Manager snap-in Appcmd.exe Configuration store Scripts using WMI Description You can manage IIS 7 using the Internet Information Services Manager snap-in, which lets you: Manage IIS and ASP.NET in one tool. View health and diagnostic information that includes the ability to view currently running requests in real time. Configure user and role authorization for sites and applications. Delegate site and application configuration to nonadministrators. Connect to a Web server, site, or application remotely by using HTTP. Note You cannot use IIS Manager to manage FTP sites in IIS 7 on Windows Storage Server 2008. Use IIS 6.0 tools to manage FTP sites. For more information, see IIS Manager (IIS 7). You can manage IIS 7 using the command-line tool Appcmd.exe to configure and query objects on your Web server, and to return output in text or you can use XML.Appcmd.exe, which provides consistent commands for common queries and configuration tasks, reducing the complexity of learning syntax. In addition, you can combine commands to return more complex data about objects on your Web server or to perform tasks that are more complex. For example, you can complete complex tasks like stopping all sites with pending requests that have been running longer than sixty seconds. For more information, see Appcmd.exe. You can manage IIS 7 using the XML-based configuration store that is modeled after the ASP.NET configuration. IIS configuration is stored in the ApplicationHost.config file and can also be distributed among Web.config files for sites, applications, and directories. Settings configured at one level are inherited automatically by lower levels, unless they have been locked to prevent changes. By default, the server administrator is the only user who has permission to view and edit the ApplicationHost.config file. For more information, see Configuration Store (IIS 7). You can use WMI to build scripts for Web administration. The IIS 7 WMI provider namespace, WebAdministration, contains classes and methods that enable you to script administration of Web sites, Web applications, and their associated objects and properties using any scripting language that supports WMI, such as Windows PowerShell. For more information, see Windows Management Instrumentation (WMI) in IIS 7.
27 Windows Storage Server 2008 Architecture and Deployment White Paper Managing Print Services Workloads The Print services workloads in Windows Storage Server 2008 that the Print Server role provides can be managed by using the tools listed in Table 12. Table 12. Tools for Managing Print Services Workloads in Windows Storage Server 2008 Tool Server Manager Print Management snap-in Group Policy Printer Migration Wizard Printbrm.exe command-line tool Windows PowerShell Description Use Server Manager to install the Print Services server role, optional role services, and features. Server Manager also displays print-related events from Event Viewer and includes an instance of the Print Management snap-in, which can administer the local server only. For more information, see Server Manager and the Print Services Role. The Print Management snap-in provides current details about the status of printers and print servers on the network. Use Print Management to install printer connections to a group of client computers simultaneously and to monitor print queues remotely. Print Management can also help you find printers that have an error condition by using filters. It can also send e-mail notifications or run scripts when a printer or print server needs attention. On printers that provide a Web-based management interface, Print Management can display more data, such as toner and paper levels. For more information, see the Print Management Step-by-Step Guide. Use Print Management with Group Policy to automatically deploy printer connections to users or computers and install the appropriate printer drivers for computers running Windows Vista and later Windows operating systems. For Windows operating systems prior to Windows Vista, use the PushPrinterConnections.exe tool in a startup script (for percomputer connections) or in a logon script (for per-user connections). For more information, see the Print Management Step-by-Step Guide. The Printer Migration Wizard allows you to export print queues, printer settings, printer ports, and language monitors, and then import them on another print server that is running a Windows operating system. This is an efficient way to consolidate multiple print servers or replace an older print server. For more information, see the Print Migration Tool. Provides the same features and functionality as the Printer Migration Wizard. Use Windows PowerShell to manage print services workloads. For more information about using Windows PowerShell to manage print services workloads, see Printer Management Using PowerShell.
28 Windows Storage Server 2008 Architecture and Deployment White Paper Protecting Windows Storage Server 2008 Workload Data One of the essential aspects to ongoing operations of Windows Storage Server 2008 workloads is the ability to protect the data that the server software manages. Using proper backup and disaster recovery processes, tools, and technologies, helps protect the data managed by Windows Storage Server 2008, and reduce the risk of potential data loss. Note In addition to the products and technologies discussed in this section, you can use most backup and disaster recovery products offered by Microsoft partners for Windows Server 2008 to protect data managed by Windows Storage Server 2008. You can protect the data managed by Windows Storage Server 2008 using: The Windows Server Backup feature in Windows Storage Server 2008. The Shadow Copies of Shared Folders feature in Windows Storage Server 2008. The Volume Shadow Copy Service feature in Windows Storage Server 2008. The DFS Replication feature in Windows Storage Server 2008. System Center Data Protection Manager, which is available separately. The Appcmd.exe tool to backup IIS configuration. The PrintBRM.exe tool to backup printer information. Using Windows Server Backup to Protect Data The Windows Server Backup feature in Windows Server 2008 consists of a MMC snap-in and command-line tools that provide a solution for backup and recovery requirements. Table 13 lists the features and limitations of this feature.
29 Windows Storage Server 2008 Architecture and Deployment White Paper Table 13. Features and Limitations of Windows Server Backup Features Use Windows Server Backup to: Back up a full server (all volumes), selected volumes, or the system state. Recover volumes, folders, files, certain applications, and the system state. Perform a system recovery in case of disasters like hard disk failures, which will restore your complete system onto the new hard disk by using a full server backup and the Windows Recovery Environment. Perform backups of applications like SQL Server to protect application data using VSS functionality. Limitations Windows Server Backup has the following limitations: Supports backing up only to external and internal disks, DVDs, and shared folders. You cannot perform backups to tape. However, support of tape storage drivers is still included in Windows Storage Server 2008. Cannot back up shared storage in a failover cluster if the storage is moved between active nodes. Can only back up volumes 2 terabyte or less in size. Does not implement a method of including media rotation strategies. Does not include the ability to e-mail or provide notification of the backup status report. Does not support a centralized monitoring ability for enterprise environments. Only supports backup of entire volumes (cannot be used to backup individual files and folders. Only supports backup of local volumes (cannot be used to backup network shared folders). If your backup and recovery requirements are affected by any of the limitations listed above, consider using: System Center Data Protection Manager 2007. For more information, see the section "Using System Center Data Protection Manager 2007 to Protect Data," later in this white paper. Backup and recovery solutions from Microsoft partners. For more information, contact the appropriate Microsoft partner. Using Shadow Copies of Shared Folders to Protect Data The Shadow Copies of Shared Folders feature in Windows Storage Server 2008 is a feature in Windows Server that transparently maintains previous versions of files on selected volumes by using shadow copies. It works by taking snapshots of an entire volume at particular points in time. This feature allows a user to restore selective files or folders from previous versions without IT assistance. The Shadow Copies for Shared Folders features uses the Volume Shadow Copy Service to create the file copies. With Shadow Copies of Shared Folders, you can view shared files and folders as they existed at points of time in the past. Accessing previous versions of files, or shadow copies, is useful because you can: Recover files that were accidentally deleted. If you accidentally delete a file, you can open a previous version and copy it to a safe location.
30 Windows Storage Server 2008 Architecture and Deployment White Paper Recover from accidentally overwriting a file. If you accidentally overwrite a file, you can recover a previous version of the file. (The number of versions depends on how many snapshots you have created.) Compare versions of a file while working. You can use previous versions when you want to check what has changed between the versions of a file. Shadow Copies of Shared Folders is enabled for an entire volume. You cannot enable this feature for specific shared folders and files on a volume. The default configuration for this feature is as follows: A default task is scheduled to create shadow copies at 7:00 A.M. and 12:00 P.M, Monday through Friday. Note This default task can be customized to meet the specific needs of an organization. The default storage area is on the same volume and its size requires 10 percent of the available space. There is a limit of 64 shadow copies per volume (when this limit is reached, the oldest shadow copy will be deleted and cannot be retrieved). Note Shadow copies are read-only and as such you cannot edit the contents of a shadow copy. For more information about the Shadow Copies of Shared Folders feature, see: Shadow Copies for Shared Folders Technical Reference. Shadow Copies of Shared Folders. Using the Volume Shadow Copy Service to Protect Data The Volume Shadow Copy Service feature in Windows Storage Server 2008 provides the ability to take point-in-time snapshots of files and is the foundation for other applications or features, such as those in the sections about "Windows Server Backup," "Shadow Copies of Shared Folders," and "Virtual Disk Snapshots" in this white paper. Figure 3 illustrates the architecture of the Volume Copy Shadow Service in Windows Storage Server 2008. This architecture allows the point-in-time snapshots of files stored in Windows Storage Server 2008. Figure 3. Volume Shadow Copy Service Architecture
31 Windows Storage Server 2008 Architecture and Deployment White Paper Table 14 lists the components in the Volume Shadow Copy Service architecture and how the components relate to each other. Table 14. Components in Volume Shadow Copy Architecture Component Volume Shadow Copy Service Requestor Writer Provider Source volume Storage volume Description A service that coordinates various components to create consistent shadow copies of one or more volumes. An application that requests that a volume shadow copy be taken. For example, the Windows Server Backup feature, Shadow Copy of Shared Folders feature, or System Center Data Protection Manager. A component of an application that stores persistent information on one or more volumes that participate in shadow copy synchronization. Typically, this is a database application like SQL Server or Exchange Server, or a system service like Active Directory. A component that creates and maintains the shadow copies. Examples include the system provider included with the Windows Storage Server 2008 operating system, and the hardware providers included with storage arrays, such as the Microsoft iscsi Software Target VSS Hardware Provider. The volume that contains the data to be shadow copied. The volume that holds the shadow copy storage files for the system copy-on-write software provider. As described in Table 14 and illustrated in Figure 3, the Microsoft iscsi Software Target Volume Shadow Copy Service Hardware Provider is required to create point-in-time snapshots, or copies, of the virtual hard disks managed by the Microsoft iscsi Software Target. The Volume Shadow Copy Services uses the Microsoft iscsi Software Target Volume Shadow Copy Service Hardware Provider to create these snapshots. Note You can use DiskShadow.exe command-line tool to manage Volume Shadow Copy Services for the Microsoft iscsi Software Target. For more information about the: Volume Shadow Copy Service, see Volume Shadow Copy Service Technical Reference. Microsoft iscsi Software Target VSS Hardware Provider, see the "Hardware Providers" section in Virtual Disks and Snapshots. Using DFS Replication to Protect Data DFS Replication can be used as part of a centralized backup solution. You can use DFS Replication to create replica copies of data in a centralized location and then back up the replica copies. For example, you can use this method in branch office scenarios to create replica copies of data in the branch offices in the head office and then back up the data in the head office. For more information about DFS Replication in branch office scenarios for data protection, see the section "Creating Branch Office Solutions" later in this white paper.
32 Windows Storage Server 2008 Architecture and Deployment White Paper Using System Center Data Protection Manager 2007 to Protect Data System Center Data Protection Manager 2007 is designed to provide and restore Windows Server applications. Focused on the primary Microsoft server workloads, Data Protection Manager 2007 was specifically built to protect and recover SQL Server, Exchange Server, SharePoint Portal Server, Microsoft Virtual Server, and Windows file services. In addition, Data Protection Manager 2007 blends the best aspects of continuous data protection (CDP) to disk storage with traditional tape backup. Data Protection Manager 2007 includes the following benefits: Continuous data protection for Windows application and file services workloads. Data Protection Manager 2007 protects core Windows Server workloads by continuously capturing data changes with application-aware byte-level agents, providing an easy-to-manage and robust disk/tape back-end platform, and one-click lossless application recovery. Rapid and reliable recovery. Data Protection Manager 2007 enables IT administrators and users to easily recover data in minutes from easily accessible disk instead of locating and restoring from less-reliable tapes. Advanced technology for enterprises of all sizes. Data Protection Manager 200 brings together the best aspects of CDP real-time protection with traditional tape backup/restore to provide a comprehensive disk-to-disk-to-tape data recovery solution. Combined with Windows Server technology, Data Protection Manager 2007 provides a technically advanced and comprehensive data protection from small business environments to enterprise environments. For more information about System Center Data Protection Manager 2007, see System Center Data Protection Manager 2007. Using Virtual Disk Snapshots to Protect Data The disks you create by using iscsi Software Target are iscsi virtual disks, which are files in the fixed virtual hard disk (VHD) format. These virtual disks offer flexible and effective storage. They can be extended to provide extra capacity on demand, enable efficient storage utilization, minimize the time required to create disks, and minimize the down time that is typically required to install new disks. To facilitate backup and recovery operations, you can schedule and create snapshots of iscsi virtual disks. A snapshot is a point-in-time, read-only copy of an iscsi virtual disk. Snapshots are useful for backups. They offer the following advantages: Snapshots can be scheduled to be created automatically. Snapshots are space-efficient because they are differential copies. Snapshots are useful for fast system recovery of files and volumes, in case of accidental data deletion by a user, overwritten data, or data corruption resulting from a malicious program. Snapshots can be mounted locally or exported to facilitate backup and recovery operations. Snapshots do not require that you close files or stop programs when you create them, so application servers can continue servicing clients without disruption. Note Snapshots that are created on the iscsi target server are crash consistent. Most modern file systems can recover from this state. To create an application-consistent snapshot, the snapshot must be created from the iscsi initiator computer by using the Microsoft iscsi Software Target Volume Shadow Copy Service Hardware Provider and third-party backup software that works with the Volume Shadow Copy Service.
33 Windows Storage Server 2008 Architecture and Deployment White Paper Table 15 lists scenarios for using virtual disk snapshots. Table 15. Uses for Virtual Disk Snapshots Scenario Provide disaster recovery Create a restore point Use of the virtual disk snapshots The snapshots can be saved to other appliances, servers, or archival media and then later used to restore the data in the event of a failure. The snapshot can be used to provide the ability to rollback services to a previous version. For example, you could create snapshots prior to performing an upgrade to provide the ability to rollback the environment should the upgrade fail. Virtual disk snapshots require the Volume Shadow Copy Service and the Microsoft iscsi Software Target Volume Shadow Copy Service Hardware Provider. To perform backups of the virtual disks, you need to use backup software that works with Volume Shadow Copy Service from a Microsoft partner. For more information about: Virtual disks and virtual disk snapshots, see Virtual Disks and Snapshots. The Volume Shadow Copy Service, see the previous section "Using the Volume Shadow Copy Service to Protect Data," in this white paper. Using the Appcmd.exe Tool to Backup IIS Configuration You can protect data managed by Web services workloads using the Appcmd.exe tool in Windows Storage Server 2008. You can back up the configuration files for IIS 7.0 using this tool. For more information about the Appcmd.exe tool, see How to backup/restore IIS7 configuration. Using the PrintBRM.exe Tool to Backup Printer Information You can protect data managed by Print services workloads using the PrintBRM.exe tool in Windows Storage Server 2008. The PrintBRM.exe tool allows you to export printer information on a periodic basis as a way of backing up a print server. For more information, see Migrate Print Servers.
34 Windows Storage Server 2008 Architecture and Deployment White Paper Securing Windows Storage Server 2008 Workloads Windows Storage Server 2008 includes a number of features and technologies to help you secure your workloads. Windows Storage Server 2008 includes all of the security features and technologies found in Windows Server 2008. In addition, you can further secure your workloads using products and technologies from Microsoft partners. Secure Windows Storage Server 2008 workloads by securing: Windows Storage Server 2008 for all workloads File services workloads Disk block I/O workloads Web services workloads Print services workloads Securing Windows Storage Server 2008 for All Workloads Before securing specific workloads, secure the Windows Storage Server 2008 operating system. These security measures can be implemented, regardless of the workloads running on Windows Storage Server 2008. Table 16 lists the features or technologies that you can use to secure Windows Storage Server 2008. Table 16. Security Features or Technologies for All Workloads Feature or technology BitLocker Drive Encryption Active Directory Domain Services (AD DS) NTFS permissions Description BitLocker Drive Encryption, included in Windows Storage Server 2008, encrypts data stored on hard disks. This encryption helps protect the data by preventing unauthorized users from breaking Windows file and system protection on lost, stolen, or inappropriately decommissioned appliances. This is especially important for Branch Office scenarios where the physical security may not be as strong as in a data center. For more information, see BitLocker Drive Encryption. AD DS provides centralized management of credentials, accounts, passwords, and is used for accessing all workloads. For more information, see Active Directory Domain Services Overview. NTFS permissions, included in Windows Storage Server 2008, help prevent unauthorized local and network access to files and folders stored on NTFS volumes. NTFS permissions work with share folder permissions to help prevent unauthorized network access to files and folders stored on NTFS volumes. Note For remote or network users, access to files and folders are defined by the combination of NTFS permissions and shared folder permissions. For more information, see the section "NTFS Permissions" in Managing Permissions for Shared Folders.
35 Windows Storage Server 2008 Architecture and Deployment White Paper Feature or technology Shared folder permissions Windows Firewall with Advanced Security IPsec Microsoft Forefront Description Shared folder permission, included in Windows Storage Server 2008, only help prevent unauthorized network access to the files and folders stored on Windows Storage Server. These shared folder permissions affect users accessing the files and folders using the SMB protocol. Shared folder permissions work with NTFS permissions to help prevent unauthorized network access to files and folders stored on NTFS volumes. Note For remote or network users, access to files and folders are defined by the combination of NTFS permissions and shared folder permissions. For more information, see the section "SMB Permissions" in Managing Permissions for Shared Folders. Windows Firewall with Advanced Security, included in Windows Storage Server 2008, helps reduce the attack surface for Windows Storage Server 2008 by blocking unauthorized network traffic flowing into or out of the appliance. Windows Firewall with Advanced Security is integrated with Network Awareness so that it can apply security settings appropriate to the types of networks to which the computer is connected. Windows Firewall is also integrated with Internet Protocol Security (IPsec), so that the IPsec configuration settings are integrated into the Windows Firewall with Advanced Security snap-in. For more information, see Windows Firewall with Advanced Security and IPsec. IPsec, included in Windows Storage Server 2008, allows you to protect the communications between Windows Storage Server 2008 and other Windows operating systems. IPsec supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. You can centrally manage IPsec using Group Policy, which dramatically reduces the ongoing administrative and operations effort. For more information, see IPsec and Windows Firewall with Advanced Security and IPsec. Microsoft Forefront products, available separately, provide protection, and access, and management solutions that are integrated with Microsoft user identity management, Windows operating systems, and other Microsoft products. Specifically, you can help protect: Windows Storage Server 2008 and other Windowsbased computers or appliances that communicate with the appliance using Forefront Client Security. Communication with other computers or appliances over the Internet using Forefront Threat Management Gateway 2010. Remote connectivity to Windows Storage Server 2008 using Forefront Unified Access Gateway 2010.
36 Windows Storage Server 2008 Architecture and Deployment White Paper Feature or technology Microsoft partner products Description There are a large number of security related products and technologies that are available from Microsoft partners. Typically, any security product that is compatible with Windows Server 2008 is also compatible with Windows Storage Server 2008. In addition to features and technologies listed in Table 16, you can use the following resources to help secure Windows Storage Server 2008: Microsoft Security. This is the home page for all Microsoft security products and technologies for all operating systems and products. Security Solution Accelerators. This collection of tools and guidance are free, authoritative resources to help you to proactively plan, integrate, and operate your security infrastructure. Specifically, the Security Compliance Management Toolkit Series provides an end-to-end solution to help plan, deploy, and monitor security baselines of Windows operating systems. Securing File Services Workloads File services workloads are secured based on the protocol that provides access to the file services workloads. Table 17 lists the file services protocols and how to secure the protocol. Note The assumption is that Windows Storage Server 2008 has been secured using the features and technologies described in the section "Securing Windows Storage Server 2008 for All Workloads," earlier in this white paper. Table 17. File Services Protocols and How to Secure the Protocols Protocol SMB NFS How to secure this protocol Use NTFS permissions and shared folder permissions to secure SMB-based access to shared resources. For more information, see "NTFS Permissions" and "SMB Permissions" sections in Managing Permissions for Shared Folders. NFS-based access control for a shared resource is determined based on network names and groups. To use NFS permissions, you must first install the Services for Network File System (NFS) role service using Server Manager. After installing Services for NFS, use NFSAdmin.exe to create client groups and to add client computers to those groups before configuring NFS share permissions. You can manage the NFS share permissions using the Share and Storage Management snap-in. For more information, see the "NFS Permissions" section in Managing Permissions for Shared Folders. WebDAV Encrypt all WebDAV communication with the appliance using secure socket layer (SSL). For more information, see Authentication and Security Using WebDAV. Require authentication for all users that access the appliance using WebDAV. For more information, see Authentication and Security Using WebDAV.
37 Windows Storage Server 2008 Architecture and Deployment White Paper Protocol Windows SharePoint Services How to secure this protocol Encrypt all Windows SharePoint communication with the appliance using SSL. For more information, see Plan authentication settings for Web applications (Windows SharePoint Services). Require authentication for all users that Windows SharePoint Server on the appliance. For more information, see Plan authentication settings for Web applications (Windows SharePoint Services). Securing iscsi Block I/O Workloads Disk block I/O workloads are secured by configuring the appropriate security between the Microsoft iscsi Software Target and the iscsi initiators, such as the Microsoft iscsi Software Initiator. Table 18 lists the methods of securing the communication for the iscsi block I/O workloads. Table 18. Securing Communication for iscsi Block I/O Workloads Protocol Require authentication Encrypt all communication How to secure Require all iscsi initiators to authenticate with the Microsoft iscsi Software Target using one of the following methods: One-way CHAP authentication. With this level of security, only the iscsi target authenticates the initiator. The Challenge Handshake Authentication Protocol (CHAP) secret is set just for the target. All initiators that want to access that target need to use the same secret to start a logon session with the target. Mutual CHAP authentication. With this level of security, the iscsi target and the initiator authenticate each other. A separate secret is set for each target and for each initiator. RADIUS authentication. With this level of security, the iscsi initiator is authenticated by a Remote Authentication Dial-In User Service (RADIUS) server. Transactions between the iscsi initiator and the RADIUS server are also authenticated through the use of a shared secret. To use this level of security, you must have a RADIUS server running on your network, or you must deploy one. IPsec authentication. The IPsec protocol enforces authentication at the IP packet layer. Note At a minimum, use one-way CHAP authentication between iscsi initiators and the Microsoft iscsi Software Target. For more information, see iscsi Security. Protect communication between the iscsi initiators and the Microsoft iscsi Software Target using IPsec encryption. For more information, see IPsec and Windows Firewall with Advanced Security and IPsec.
38 Windows Storage Server 2008 Architecture and Deployment White Paper Protocol Isolate iscsi network segments How to secure Isolate the network segments used for communication between the iscsi initiators and the Microsoft iscsi Software Target by using separate physical network segments or by using virtual local area networks (VLANs). Securing Web Services Workloads Web services workloads are secured based on the protocol that provides access to the Web services workloads. Table 19 lists the Web services protocols and how to secure the protocol. Note The assumption is that Windows Storage Server 2008 has been secured using the features and technologies described in the section the section "Securing Windows Storage Server 2008 for All Workloads," earlier in this white paper. Table 19. Web Services Protocols and How to Secure the Protocols Protocol How to secure this protocol HTTP Use the HTTPS protocol instead to provide encryption of all communication between the appliance and the clients. Allow connectivity to the appliance only from computers on your internal network. Ensure that all HTTP connections require authentication as necessary. Note HTTP is an insecure protocol and sends all traffic in clear text. HTTPS HTTPS is a secure protocol and does not need further protection for confidentiality. Ensure that all HTTPS connections require authentication as necessary. FTP Ensure that all FTP connections require authentication. Allow connectivity to the appliance only from computers on your internal network. Use IPsec to protect communication between the appliance and FTP clients. Note FTP is an insecure protocol and sends all traffic in clear text.
39 Windows Storage Server 2008 Architecture and Deployment White Paper Securing Print Services Workloads Print services workloads are secured based on the Print Server role service that provides access to the file services workloads. Table 20 lists the Print Server role services and how to secure the role service. Note The assumption is that Windows Storage Server 2008 has been secured using the features and technologies described in the section "Securing Windows Storage Server 2008 for All Workloads," earlier in this white paper. Table 20. Print Server Role Services and How to Secure the Role Service Role service Print Server LPD Service Internet Printing How to secure this protocol Use printer permissions to control access to the appliance running the Print Server role services using the Print Management snapin. For more information, see Assigning Delegated Print Administrator and Printer Permission Settings in Windows Server 2008 R2. The communication between the LPD Service and LPR clients is unsecured. There is no authentication available or security permissions available. If required, use IPsec to protect the communication between the LPD Service and LPR clients. For more information, see IPsec and Windows Firewall with Advanced Security and IPsec. Protect all communication between the Internet Printing clients and the appliance using SSL. Use the HTTPS protocol instead when connecting to the URL for the printer. For more information, see Internet Printing and Resulting Internet Communication in Windows Server 2008. Improving Availability of Windows Storage Server 2008 Workloads High levels of availability are essential for mission-critical applications and services. Windows Storage Server 2008 includes all of the high availability features and technologies found in Windows Server 2008. In addition, you can further improve the availability of your workloads using products and technologies from Microsoft partners. Improve the availability of Windows Storage Server 2008 workloads by: Improving File services workload availability Improving iscsi block I/O workload availability Improving Web services workload availability Improving Print services workloads availability
40 Windows Storage Server 2008 Architecture and Deployment White Paper Improving Availability of File Services Workloads The availability of file services workloads in Windows Storage Server 2008 can be improved based on the protocol used to access the file services. Table 21 lists the methods for improving the availability for file services workload and which protocols can use that method. Table 21. Methods for Improving File Services Workload Availability Method SMB NFS WebDAV WSS 3.0 Failover clusters. Failover clusters in Windows Storage Server 2008, as illustrated in Figure 4, can be used to improve the availability of SMB-based file services workloads. The method supports read and write access to the files. For more information about failover clusters for file services workloads, see Failover Clusters in Windows Server 2008 and Failover Cluster Step-by-Step Guide: Configuring a Two-Node File Server Failover Cluster. DFS. You can use DFS Replication to create replica copies of shared network folders. Then you can use DFS Namespace to provide automatic failover to replica copies of content when a local copy of the content is unavailable. For more information, see Distributed File System. Network Load Balancing. The Network Load Balancing (NLB) feature in Windows Storage Server 2008 can be used to provide fault tolerance for file services workloads. For more information about using NLB to improve availability for file services workloads, see Network Load Balancing. The most common method of improving the availability for file services workloads is by using failover clusters. Figure 4 illustrates a typically two-node failover cluster for file services workloads. The shared storage in Figure 4 can be iscsi, SAS, or Fibre Channel connected storage. PCI RAID controllers are not supported for shared storage. Note The cluster storage illustrated in Figure 4 could be provided by the Microsoft iscsi Software Target in Windows Storage Server 2008.
41 Windows Storage Server 2008 Architecture and Deployment White Paper Figure 4. Typical two-node failover cluster for file services workloads
42 Windows Storage Server 2008 Architecture and Deployment White Paper Improving Availability of iscsi Block I/O Workloads You can improve the availability iscsi block I/O workloads by using a combination of the following features in Windows Server products: Failover clustering. A failover cluster is a group of independent computers that work together to increase the availability of applications and services. The most common failover cluster used for iscsi block I/O workloads is a file server failover cluster. You can use failover clusters to improve the availability for the iscsi initiator running a Windows Server operating system or the iscsi target running the Microsoft iscsi Software Target. For more information, see Failover Clusters in Windows Server 2008 and the Failover Cluster Step-by-Step Guide: Configuring a Two-Node File Server Failover Cluster. Multipath I/O. Multipath I/O uses physical path components adapters, cables, and switches to create logical paths between the iscsi initiator and the appliance running the Microsoft iscsi Software Target. In the event that one or more of these components fails, causing the path to fail, multipathing logic uses an alternate path for I/O so that applications running on the iscsi initiator can still access their data. Each iscsi network interface card should be connected by using redundant switch infrastructures to provide continued access to storage in the event of a failure in a storage fabric component. Note Multipath connections for Microsoft iscsi Software Initiators is provided by the MPIO feature in Windows Server. Redundancy for iscsi initiators on other operating systems or hardware iscsi initiators is provided by network adapter teaming from the network adapter vendor. Redundancy for file services and print services is also provided by network adapter teaming support from the network adapter vendor. For more information, see Multipath I/O Overview. This section also discusses the following combinations of failover clustering and multipath I/O features: Creating highly-available iscsi targets with single or multipath connections. Creating highly-available iscsi initiators with single or multipath connections. Creating Highly-Available iscsi Targets The highest priority in improving the availability of iscsi block I/O workloads is to improve the availability of the appliances running the Microsoft iscsi Software Target. As illustrated in Figure 5, you can use failover clusters to improve the availability of the appliances running the Microsoft iscsi Software Target in Windows Storage Server 2008. The configuration in Figure 5 helps prevent loss of iscsi block I/O workloads in the event of a failure of one of the appliances. However, there is no fault tolerance depicted in the connection between the iscsi initiator and the clustered iscsi targets (the storage fabric).
43 Windows Storage Server 2008 Architecture and Deployment White Paper Figure 5. Highly-available Microsoft iscsi Software Target with a single path connection The configuration in Figure 6 illustrates combining multipath I/O with the failover cluster solution. The network infrastructure for the iscsi communication between the iscsi initiator and the clustered nodes running the Microsoft iscsi Software Target has been updated to include redundant network adapters, switches, and network cables. This redundancy in the physical connectivity helps eliminate any single point of failures due to the network infrastructure for the storage fabric used by iscsi, such as a switch failure or a disconnected network cable.
44 Windows Storage Server 2008 Architecture and Deployment White Paper Figure 6. Highly-available Microsoft iscsi Software Target with multipath connections Creating Highly-Available iscsi Initiators After improving the availability of the appliances running the Microsoft iscsi Software Target, you can improve the availability of the iscsi initiators running Windows Server operating systems. As illustrated in Figure 7, you can use failover clusters to improve the availability of the computers or appliances running the Microsoft iscsi Software Initiator in Windows Server operating systems. The configuration in Figure 7 helps prevent loss of iscsi block I/O workloads in the event that one of the computers or appliances running the Microsoft iscsi Software Initiator or Microsoft iscsi Software Target fails. However, there is no fault tolerance depicted in the connection between the clustered iscsi initiators and the clustered iscsi targets (the storage fabric).
45 Windows Storage Server 2008 Architecture and Deployment White Paper Figure 7. Highly-available Microsoft iscsi Software Target and iscsi initiators with single path connections The configuration in Figure 8 illustrates combining multipath I/O with the failover cluster solution for the iscsi initiators and iscsi targets in Figure 7. The network infrastructure for the iscsi communication between the clustered nodes running the iscsi initiators and the clustered nodes running the Microsoft iscsi Software Target has been updated to include redundant network adapters, switches, and network cables. This redundancy in the physical connectivity helps eliminate any single point of failure due to the network infrastructure for the storage fabric used by iscsi, such as a switch failure or a disconnected network cable.
46 Windows Storage Server 2008 Architecture and Deployment White Paper Figure 8. Highly-available Microsoft iscsi Software Target and iscsi initiators with multipath connections Improving Availability of Web Services Workloads The NLB feature in Windows Storage Server 2008 can be used to provide fault tolerance for Web services workloads. The assumption of this solution is that each of the appliances in the NLB cluster have identical content and are continuously synchronized (such as by DFS Replication). For more information about using NLB to improve availability for Web services workloads, see Network Load Balancing. Note If the Web applications use a centralized SQL Server database for storing information, you can also use failover clustering to improve the availability of the database. For more information, see Getting Started with SQL Server 2008 Failover Clustering.
47 Windows Storage Server 2008 Architecture and Deployment White Paper Improving Availability of Print Services Workloads Failover clusters in Windows Storage Server 2008 can be used to improve the availability of Print services workloads. Figure 9 illustrates a typically two-node failover cluster for Print services workloads. Note The cluster storage illustrated in Figure 9 could be provided by the Microsoft iscsi Software Target in Windows Storage Server 2008. Figure 9. Typical two-node failover cluster for Print services workloads This method helps prevent any print services outages due to the failure a node in the cluster. Print services outages for specific printers occur in the event of a printer failure. However, the print jobs for the printer continue to be queued until the printer failure is resolved and the printer is restored to normal operation. For more information about failover clusters for file services workloads, see Failover Clusters in Windows Server 2008 and the Failover Cluster Step-by-Step Guide: Configuring a Two-Node Print Server Failover Cluster.
48 Windows Storage Server 2008 Architecture and Deployment White Paper Improving Performance and Scalability for Windows Storage Server 2008 Solutions The ability to take full advantage of the system resources of Windows Storage Server 2008-based appliance is essential to creating successful solutions. Windows Storage Server 2008 includes all of the performance and scalability features and technologies found in Windows Server 2008. In addition, you can further improve the performance and scalability of your workloads using products and technologies from Microsoft partners. Improve the performance and scalability of Windows Storage Server 2008 workloads by improving performance and scalability for: All workloads. File services workloads. iscsi block I/O workloads. Web services workloads. Print services workloads. Improving Performance and Scalability for All Workloads Windows Storage Server 2008 includes a number of technologies and features that will improve the performance and scalability for all workloads. These performance and scalability improvements are inherent in Windows Storage Server 2008. Improve the performance and scalability for all workloads by taking advantage of the: Improvements in the Next Generation TCP/IP protocol. Improvements in network adapter performance. Reduction in processor utilization for I/O operations. Improvements in the Next Generation TCP/IP Protocol With the introduction of Windows Vista and Windows Server 2008, Microsoft included a new version of the TCP/IP protocol suite, also referred to as the Next Generation TCP/IP protocol suite. The Next Generation TCP/IP protocol suite includes a new set of performance enhancements to increase throughput in high-bandwidth, high-latency, and high-loss networking environments. The performance and scalability features in the Next Generation TCP/IP protocol suite include: Offloading TCP/IP protocol processing to specialized network adapter hardware. Offloading some of the TCP/IP protocol processing to a network adapter reduces the processor utilization associated with handling TCP/IP connections. TCP/IP offloading can be used when a server is performing heavy receive processing with less than 1,500 persistent active connections. However, the exact number of connections is vendor specific. For example, when the computer is performing a backup over the network. Automating the tuning of the maximum receive window size. This feature automatically determines the value of the maximum receive window size for a connection based on the current conditions of the network. Optimizing the network to receive TCP data can substantially increase overall network utilization by applications. This feature works with the Compound TCP feature on the sender side. Automatically tuning the receive window size allows the maximum amount of data to be transmitted between Windows Server 2008 and Windows Vista, and improves overall network performance, especially on high latency connections.
49 Windows Storage Server 2008 Architecture and Deployment White Paper Aggressively increasing the TCP Send windows size by using Compound TCP (CTCP). CTCP more aggressively increases the Send window for connections with large Receive window sizes and large bandwidth-delay products. CTCP attempts to maximize throughput on these types of connections by monitoring delay variations and losses. CTCP also ensures that its behavior does not negatively impact other TCP connections. Aggressively increasing the TCP Send window size allows the maximum amount of data to be transmitted between Windows Server 2008 and Windows Vista, and improves overall network performance. Improving black hole router detection. This feature senses when large TCP segments retransmit and automatically adjusts the Path Maximum Transmission Unit (PMTU) for the connection, rather than relying on the receipt of the Internet Control Message Protocol (ICMP) error messages. Reducing the number of retransmitted TCP segments improves the overall performance of traffic that used the TCP protocol. Reducing IP packet resending due to router congestion. With Explicit Congestion Notification (ECN) support on both TCP peers and in the routing infrastructure, routers experiencing congestion mark the IP packets as they forward them. TCP peers receiving marked IP packets lower their transmission rate to ease congestion and prevent segment losses. Reducing IP packet resending improves the overall performance of traffic that uses the TCP protocol. For more information about the Next Generation TCP/IP protocol suite in Windows Server 2008, see: Next Generation TCP/IP Stack. New Networking Features in Windows Server 2008 and Windows Vista. Performance Enhancements in the Next Generation TCP/IP Stack. Improvements in Network Adapter Performance RSS in NDIS 6.0 balances the network load from a network adapter across multiple processors. NDIS 5.1 allows a single deferred procedure call (DPC) for each network adapter. NDIS 6.0, using RSS, enables multiple DPCs on different processors for each instance of a network adapter miniport driver, while preserving in-order delivery of messages on a per-stream basis. RSS also supports dynamic load balancing, a secure hashing mechanism, parallel interrupts, and parallel DPCs. Note RSS support has also been released in the scalable networking pack for Windows Server 2003. Figure 10 illustrates how the architecture of NDIS 6.0 with RSS prevents bottlenecks for incoming network traffic. Because all processors are able to process incoming network traffic, all processors have available capacity and none are a bottleneck for incoming network traffic.
50 Windows Storage Server 2008 Architecture and Deployment White Paper Figure 10. Incoming network traffic with RSS For more information about RSS, see Receive-Side Scaling Enhancements in Windows Server 2008. Reduction in Processor Utilization for I/O Operations Windows Server 2008 performs dynamic redirection of I/O interrupts and I/O completion processing to reduce overall processor utilization. Disk controller drivers can make use of new application programming interfaces (APIs) that allow Windows to specify the processor on which to efficiently perform completion processing for each I/O, when the request is initiated. In prior versions of Windows, the selection of processor(s) to interrupt and perform completion processing was statically chosen when the device was detected (similar to a round-robin order across all processors). A disk controller takes advantage of the Non- Uniform Memory Access (NUMA) I/O functionality in Windows Server 2008 and can use the information specified during the initiation of the I/O operation to select a processor that can most efficiently perform the necessary processing of the completed I/O. NUMA I/O functionality improves the hardware cache hit ratios, reduces the hardware interconnect activity, reduces the possibility of interrupting an application unrelated to the I/O operation, and minimizes I/O completion processing time. Figure 11 illustrates an example of the components that might be required for processing a statically directed I/O completion. Although the I/O operation is initiated on Processor 3, the interrupt from the disk is directed to Processor 2 because of the static assignment made when the disk was detected at boot time. The interrupt and subsequent completion processing of the I/O operation occurs on Processor 2. Processor 2 subsequently interrupts Processor 3 to indicate that the I/O operation is complete (assuming that the application waiting for the I/O is executing on Processor 3). Furthermore, if the completion processing accesses data read from the disk (for example to perform virus detection, decryption, or decompression of the data), that data will have to go from memory to Processor 2 over the node interconnect and then back over the node interconnect to Processor 3 when the application starts to access the data.
51 Windows Storage Server 2008 Architecture and Deployment White Paper Figure 11. Multiprocessor I/O operation without NUMA optimization Figure 12 illustrates an example of the components that might be required for processing a dynamically directed I/O completion by using NUMA I/O. In this example, the I/O operation is initiated on Processor 3, the interrupt from the disk is directed to Processor 3, and the subsequent completion processing of the I/O occurs on Processor 3. If the completion processing accesses the data read from the disk, the data will go from memory to Processor 3, and the application will experience a high cache hit ratio when it accesses the data. In this example, the node interconnect and all unrelated processors are unaffected by the I/O completion. In scenarios where the system consists of only Processors 3 and 4 in a single node configuration, the fact that Processor 4 is unaffected by the I/O operation still results in performance benefits. Figure 12. Multiprocessor I/O operation with NUMA optimization The dynamic I/O completion redirection (NUMA I/O) improvements in Windows Server 2008 provide the following benefits:
52 Windows Storage Server 2008 Architecture and Deployment White Paper Support for the Message Signaled Interrupt extension (MSI-X) that enables a PCI-X or PCI-Express device to use new APIs to specify a processor to complete processing of each specific I/O operation. Better NUMA and non-numa processor architecture. For NUMA architectures, the I/O processing is localized to a NUMA node or a specific processor within the node. For non-numa architectures, the I/O processing is performed on a specific processor. In the current implementation, the selected completion processor for an I/O is ideally the same processor that initiated the I/O operation. For more information on NUMA support in Windows Server 2008, see: The "NUMA Support" section of the "Advances in Memory Management for Windows" white paper. Download NUMA I/O Optimizations. Improving Performance and Scalability for File Services Workloads File services workloads in Windows Storage Server 2008 have improved performance and scalability compared to previous versions of Windows Server. These improvements are largely due to improvements in the SMB protocol. Identify the performance and scalability improvements for file services workloads by: Reviewing the performance and scalability improvements in version 2.0 of the SMB protocol. Reviewing SMB-based file services workload test results.
53 Windows Storage Server 2008 Architecture and Deployment White Paper Review Improvements in the SMB Protocol Windows Server 2008 includes the latest version of SMB, SMB version 2.0, which is optimized for greater performance over high-latency links. Windows includes an SMB client (the Client for Microsoft Windows component) and an SMB server (the File and Printer Sharing for Microsoft Windows component). SMB 1.0 the technology behind Windows Server versions prior to Windows Server 2008 was originally designed for early Windows-based network operating systems, such as Microsoft LAN Manager and Windows for Workgroups. SMB in Windows Server 2008 supports SMB 1.0 as well as SMB 2.0, the new version of SMB that has been redesigned for today s complex networking environments and nextgeneration file servers. The SMB 2.0 protocol provides a number of communication enhancements, including greater performance when servers connect to file shares over high-latency links, and better security through the use of mutual authentication and message signing. The SMB 2.0 protocol features include: Support for sending multiple SMB commands within the same packet. This reduces the number of packets sent between an SMB client and server, a common issue in the effective tuning of SMB 1.0. Support for much larger buffer sizes when compared to SMB 1.0. An increase in the restrictive constants within the protocol design to allow for scalability. Examples include an increase in the number of concurrent open file handles on the server and the number of file shares that a server can have. Support for durable handles that can withstand short interruptions in network availability. Support for symbolic links. Figure 13 illustrates how SMB 1.0 processes multiple write operations between a client computer running Windows XP and a server computer running Windows Server 2003. In SMB 1.0, each write request must wait for the write response from a previous write request. For example, write request 2 must wait for the write response from write request 1.
54 Windows Storage Server 2008 Architecture and Deployment White Paper Figure 13. Write operations in SMB 1.0 Figure 14 illustrates how SMB 2.0 processes multiple write operations between a client computer running Windows Vista and a server computer running Windows Server 2008. In SMB 2.0, multiple write requests can be issued before receiving a write response. The overall effect, especially on high-latency network connections, is that remote file operations are much faster.
55 Windows Storage Server 2008 Architecture and Deployment White Paper Figure 14. Write operations in SMB 2.0 For more information about SMB 2.0, see the "Server Message Block 2.0" section of New Networking Features in Windows Server 2008 and Windows Vista.
56 Windows Storage Server 2008 Architecture and Deployment White Paper Review SMB-based File Services Workload Test Results The File Services server role is one of the most common server roles deployed. The File Services server role implements SMB-based file services. Figure 15 illustrates the environment for tests performed over a WAN connection. This test environment emulates two geographic locations (New York and London) separated by a WAN connection. The server computers running Windows Server 2008 and Windows Server 2003 are in New York while the client computers running Windows Vista and Windows XP are in London. Figure 15. Environment for performing File Services role tests The following tests were performed for the File Servers role: Running the Microsoft File Server Capacity Tool (FSCT) on a high-speed network. Copying large files to a remote location over a WAN connection. Accessing files on a shared folder at a remote location over a WAN connection. Note The tests results reflect the performance of Windows Server 2008 with Windows Firewall enabled. The test results for Windows Server 2003 do not include Windows Firewall. Windows Firewall imposes a minimal impact (approximately 5 percent) on network throughput. The performance gains that are illustrated in these tests are a direct result of the performance and scalability features in Windows Server 2008. Running Microsoft File Server Capacity Tool On a High-Speed Network For this test, the Microsoft File Server Capacity Tool (FSCT) was run against a server running Windows Server 2008. This tool simulates a home folders file workload on a set of client computers and computes the maximum number of users a server can support based on the response time of simulated scenarios as illustrated in Figure 16.
57 Windows Storage Server 2008 Architecture and Deployment White Paper 450 100.00% Number of Scenarios per Second 400 350 300 250 200 150 100 50 90.00% 80.00% 70.00% 60.00% 50.00% 40.00% 30.00% 20.00% 10.00% Procesor utilization Average scenario throughput CPU utilization 0 2000 2400 2800 3200 3600 4000 4400 4800 0.00% Number of users Figure 16. File Services Role scalability test results The scenarios include common operations such as browsing a directory, copying files, and modifying Microsoft Office files. For a given number of users accessing data on a file server, the tool will compute a throughput number corresponding to the average scenario per second that the server is able to sustain. The tool also provides the ability to collect performance counters such as processor, memory, network, and disk subsystem utilization details to help identify potential bottlenecks. Table 22 lists example performance characteristics for appliances with different system resources. In these examples, the appliances contained only a single or dual processor socket that is typical for these types of appliances at the time of writing. As reflected by these performance characteristics, you can expand the processor and disk resources of the appliances to support tens of thousands of users on a single appliance. Table 22. Example Performance Characteristics of Appliances with Different System Resources Processor sockets Disk configuration Raid level Users supported Processor utilization Single socket 4 SATA drives RAID 5 600 7.7% Single socket 10 SATA drives RAID 5 1,200 5.6% Single socket 10 SATA drives RAID 1+0 1,700 7.5% Dual socket 24 SAS drives RAID 1+0 5,000 11.2% A significantly higher number of users can be supported by adding more drives, memory, and processors. The number and speed of the drives has the largest influence on the number of users who can be supported.
58 Windows Storage Server 2008 Architecture and Deployment White Paper Copying Large Files to a Remote Location Over a WAN Connection For this test, two scenarios were performed (as illustrated in Figure 17) over a simulated WAN connection. In the first scenario, 100 1-megabyte (MB) files were copied between the client computers and the server computers. In the second scenario, one 268-MB file was copied between the client computers and the server computers. The test scenarios were performed for the combination of Windows Vista SP1 with Windows Server 2008 and Windows XP SP2 with Windows Server 2003 SP2. For both scenarios, the combination of Windows Vista SP1 and Windows Server 2008 provided dramatic performance improvements compared to the combination of Windows XP SP2 and Windows Server 2003 SP2. In the chart in Figure 17, a lower length of time indicates that the file copy process occurred faster. Figure 17. Remote large file copy test results Accessing Files at a Remote Location Over a WAN Connection This test series provides an indication of how typical user applications perform when accessing files and folders on network shared folders on server computers running Windows Server 2008 and Windows Server 2003. For this test, the scenarios were performed (as illustrated in Figure 17) over a simulated WAN connection: Opening a 47-KB Excel spreadsheet stored on a network shared folder in Excel 2007. Opening a 2-MB Word document stored on a network shared folder in Word 2007. Browsing a network shared folder that contains 50 files in Windows Explorer. Copying a 6-MB file to a network shared folder in Windows Explorer. In all these scenarios, the combination of Windows Vista SP1 and Windows Server 2008 provided dramatic performance improvements compared to the combination of Windows XP SP2 and Windows Server 2003 SP2. In the chart in Figure 18, a lower length of time indicates that the file operation occurred faster.
59 Windows Storage Server 2008 Architecture and Deployment White Paper Figure 18. Remote file application test results Improving Performance and Scalability for iscsi Block I/O Workloads File services workloads in Windows Storage Server 2008 have improved performance and scalability compared to previous versions of Windows Server. You can improve the performance and scalability for iscsi block I/O workloads by: Identifying methods for improving iscsi block I/O workload performance and scalability. Reviewing the results of I/O storage workload tests. Identify Methods for Improving iscsi Block I/O Workload Performance and Scalability You can improve the performance and scalability for iscsi block I/O workloads by using the following methods: Ensure the system resources of the appliance are sufficient. The typical system resources that are heavily utilized by iscsi block I/O workloads include memory, disk, and network. Ensure that the appliance has sufficient resources to provide adequate performance and scaling. Always size disks for performance in addition to capacity. Although a given number of disks may have adequate storage capacity, the number may not provide sufficient I/O throughput. After ensuring the number of disks is sufficient for capacity, also ensure they are sufficient for I/O throughput. Isolate different types of workloads using dedicated physical arrays. Different types of workloads on the same physical array can degrade performance for the workloads, such as sequential I/O workloads, random I/O workloads, NFS workloads, or SMB workloads. Dedicate a physical array for each conflicting workload. Isolate different types of workloads using separate physical network segments. Different types of workloads on the same physical network can cause overutilization
60 Windows Storage Server 2008 Architecture and Deployment White Paper and performance problems. When encountering network utilization problems, segregate each type of workload to a separate physical network segment to reduce network contention. Configure sector alignment for iscsi Target volumes and.vhd files. Sector alignment allows Windows Storage Server 2008 to create partitions that align with the underlying physical disk. Sector alignment helps prevent an I/O operation from spanning two tracks, which causes performance degradation. You can configure sector alignment for physical disks using the Diskpart.exe command line tool. Note Consult your storage vendor to determine the proper values to use with the Diskparte.exe. Figure 19 illustrates a Windows Storage Server 2008 solution that has been optimized to provide improved performance and scalability. In this example, the Windows Storage Server 2008 solution is optimized to support Exchange Server connecting to disk LUNs on Windows Storage Server 2008. Figure 19. A Windows Storage Server 2008 solution optimized for performance
61 Windows Storage Server 2008 Architecture and Deployment White Paper For the sample scenario in Figure 19, the following optimizations were chosen: Sufficient system resources of the Windows Storage Server 2008 appliance for the given workloads. An optimized number of disks for disk I/O bandwidth capacity. Separate network segments for workload types, including iscsi sequential I/O, iscsi random I/O, and file services access using SMB or NFS. Separate network adapters in the Exchange server to support the separate network segments. Separate arrays dedicated to different iscsi I/O traffic as the Exchange storage group data is random I/O, while the Exchange storage group logs are sequential I/O. Separate iscsi targets that corresponds to the iscsi sequential I/O and iscsi random I/O. Sector-aligned disk arrays to help prevent I/O operations from spanning multiple tracks. Review I/O Storage Test Results The results of this test provide an indication of the improvements in disk I/O operations, regardless of the server role running on the server computer. The test result, shown in the chart in Figure 20, illustrates the number of disk I/O operations per second performed by Windows Server 2008 and Window Server 2003 running on identical hardware. For this test, the server computer had 16 dual-core processors for a total of 32 processor cores. Windows Server 2008 can perform more than 20 percent more disk I/O operations per second than Windows Server 2003. Figure 20. General disk I/O operation test results
62 Windows Storage Server 2008 Architecture and Deployment White Paper Improving Performance and Scalability for Web Services Workloads Web services workloads running on IIS 7 in Windows Storage Server 2008 have improved performance and scalability compared to previous version of IIS and Windows Server. These improvements are largely due to improvements in data compression of content and caching of content. You can improve the performance and scalability for Web services workloads by: Identifying methods for improving Web services workload performance and scalability. Reviewing Web services workload test results. Identify Methods for Improving Web Services Workload Performance and Scalability IIS 7 provides a powerful, unified facility for output caching by integrating the dynamic output-caching capabilities of ASP.NET with the static output-caching capabilities that were present in IIS 6.0. IIS also lets you use bandwidth more effectively and efficiently by using common compression mechanisms such as Gzip and Deflate. Performance includes the following features: Compression. HTTP compression lets you make more efficient use of bandwidth and enhances the performance of sites and applications. You can configure HTTP compression for both static and dynamic sites. For more information about how to configure compression, see Configuring HTTP Compression in IIS 7. Output Caching. Output caching allows you to manage output caching rules and to control the caching of served content. In IIS Manager, you can create caching rules, edit existing caching rules, and configure output cache settings. For more information about configuring output caching, see Configuring Output Caching in IIS 7. For more information about improving Web services workload performance and scalability, see Optimize IIS Performance (IIS 7). Review Web Services Workload Test Results These results were obtained by measuring the performance of www.microsoft.com running IIS version 6.0 on Window Server 2003 and IIS version 7.0 running on Windows Server 2008. The results were obtained by closely monitoring the performance over a 72- hour period for both test cases. The chart in Figure 21 illustrates the performance gain by running IIS 7.0 and Windows Server 2008 on the same computer resources. IIS 7.0 and Windows Server 2008 can support more than 10 percent higher throughput than IIS 6.0 and Windows Server 2003. This improvement in performance results in www.microsoft.com processing more than an additional 100 million requests per day at the same processor utilization.
63 Windows Storage Server 2008 Architecture and Deployment White Paper Figure 21. Web Services (IIS) Role test results Improving Performance and Scalability for Print Workloads Print server scalability plays a key role in the deployment of Windows Storage Server 2008 print servers. The maximum load and performance level of a print server greatly depends on key configuration decisions. This section of the white paper provides information to help you size a server to meet an organization's needs by identifying and investigating primary issues and configuration details to maximize print server performance. Some of the factors that influence print server performance and capacity include: The number of print server clients. The operating system version or versions on each client machine. The number, size, and frequency of print jobs. The types of print jobs sent to the print server. The number and type of printers served by the print server and the types of printer drivers each printer uses. For more information about improving the performance and scalability of print services workloads, see the Windows Print Server Scalability and Sizing Technical Overview.
64 Windows Storage Server 2008 Architecture and Deployment White Paper Windows Storage Server 2008 Deployment Scenarios You can use Windows Storage Server 2008 to provide a wide range of storage solutions. To select the appropriate deployment scenario for you, review the following: Overview of NAS configurations. Creating branch office solutions. Creating small- to medium-sized business solutions. Creating solutions for storage consolidation. Creating highly-available solutions. Creating solutions for heterogeneous environments. Creating application consolidation solutions. Creating unified storage solutions. Creating virtualization solutions. Overview of NAS Configurations Window Storage Server 2008 provides a wide range of storage solutions for all size organizations. Regardless of the solution complexity, Windows Storage Server 2008 provides the following basic configurations: Stand-alone network attached storage (NAS). Highly-available NAS. NAS gateway. Using Windows Storage Server 2008 as a Stand-alone NAS in Solutions The stand-alone NAS configuration, illustrated in Figure 22, is based on a single Windows Storage Server 2008 appliance. The typical characteristics of the appliance are as follows: The appliance has the appropriate system resources based on the information in Table 22 in the previous section "Running Microsoft File Server Capacity Tool On a High-Speed Network," in this white paper. The processors and storage reside in a single appliance enclosure. The solution is based on low cost, industry standard hardware that can be readily expanded. It can create a variety of disk configurations, such as Just a Bunch of Disks (JBOD Disks) or RAID configurations (RAID 5 or RAID 1+0). It can support 4 to 12 disks in the single enclosure using RAID interfaces. However, some Microsoft partners provide additional storage in external enclosures.
65 Windows Storage Server 2008 Architecture and Deployment White Paper Figure 22. Windows Storage Server 2008 stand-alone NAS configuration Using Windows Storage Server 2008 as a Highly-Available NAS in Solutions The highly-available NAS configuration, illustrated in Figure 23, is based on two or more Windows Storage Server 2008 appliances that provide some degree of fault tolerance. The typical characteristics of the appliances are as follows: They have the appropriate system resources based on the information in Table 22 in the previous section "Running Microsoft File Server Capacity Tool On a High-Speed Network," in this reference. Multipath I/O connections exist between the appliances. The appliances are configured as nodes in a Windows failover cluster to provide higher availability. Storage is separate from the appliance enclosure, and it is shared between two or more appliances. Additional appliances can be added to the solution to provide improved scalability. New storage is included as part of the solution (existing storage is not used in the solution).
66 Windows Storage Server 2008 Architecture and Deployment White Paper Figure 23. Windows Storage Server 2008 highly-available NAS configuration Using Windows Storage Server 2008 as a NAS Gateway in Solutions The NAS gateway configuration, in Figure 24, is based on one or more Windows Storage Server 2008 appliances that provide connectivity to existing storage devices. The typical characteristics of the appliances are as follows: They have the appropriate system resources based on the information in Table 22 in the previous section "Running Microsoft File Server Capacity Tool On a High-Speed Network," in this white paper. They connect to existing storage that supports SAN block I/O protocols.
67 Windows Storage Server 2008 Architecture and Deployment White Paper They provide an inexpensive iscsi target, SMB file access, and NFS file access to storage. They provide highly-available configurations based on solution availability requirements. Figure 24. Windows Storage Server 2008 NAS gateway configuration
68 Windows Storage Server 2008 Architecture and Deployment White Paper Creating Branch Office Solutions In a branch office solution, an organization has a number geographically distributed branch office locations that are connected to one or more centralized head offices. Table 23 lists the types of data to manage in the branch office solution, as illustrated in Figure 25, and a description of the type of data. Table 23. Types of Data to Manage in the Branch Office Solution Type of data User folders Published content Collaboration content Description Contains user home directories and user shares within the branch office in addition to the well-known Windows folders, such as Documents, Videos, Pictures, and Music. The well-known Windows folders are typically stored on the local computer, but can be stored on network shared folders using the Folder Direction feature. The Folder Redirection feature allows user folders to be stored on appliances in the branch offices and to be replicated to appliances in the head office for backup and centralized management using DFS Replication. The user folders are accessed within the branch office, but are archived in the head office. Contains content that is published from the head offices to the branch offices as read-only content. The content is a set of data that is relevant to the branch office, regardless of the region where the branch office is located, for example: Templates, such as Word or Excel templates. Source for software distribution files, such as files from 2007 Microsoft Office System or Windows 7. Contains content used in collaborative efforts between branch offices. The collaboration content is stored on the Windows Storage Server 2008 appliances in the head office. Users in the branch offices access the collaboration content over the WAN connections. The collaboration content can be stored in network shared folders or in Windows SharePoint Service document libraries.
69 Windows Storage Server 2008 Architecture and Deployment White Paper Figure 25. Branch office solution for Windows Storage Server 2008
70 Windows Storage Server 2008 Architecture and Deployment White Paper The assumptions in this scenario are: The data centers have local IT personnel, while the branch offices have minimal or no local IT personnel. Most of the configuration and all of the support is provided by the IT personnel in the head office. Centralized management of the appliances in the branch office is essential and remote administration is required. Stand-alone NAS appliances are used. Due to cost constraints and lack of local IT personnel, failover clusters can be an optional part of this solution, depending on the availability requirements of the branch offices. For more information about this type of appliance, see the previous section "Using Windows Storage Server 2008 as a Stand-alone NAS in Solutions," in this white paper. Minimizing the utilization of the WAN connections is essential. The available network speed of the WAN connections between the head offices and the branch offices is a limited resource in terms of both available bandwidth and cost. The solution must minimize the utilization of the WAN connection as much as possible. Computers are running mostly Windows operating systems. Most of the computers in the branch office are running Windows operating systems. In some instances there may be computers running other operating systems, such as Linux or the Mac OS. Users must have access to their user folders regardless of connectivity to the branch office appliance. Mobile users need to access their user folders when they are not connected to the internal network in the branch office. Also, all users need to access their user folders regardless of any scheduled maintenance of the appliance or appliance failure. Consolidating of data in head office to provide centralized management. All user profile folders in the branch offices need to be copied to the head offices for centralized management, such back up and data protection. This helps protect the user profile folders in the branch office in the event of a catastrophic disaster in the branch office location that results in the total failure of the appliance. Centralized management of the branch office. The branch offices typically do not have local IT personnel and require assistance from the IT personnel in the head office. IT personnel in the head office must be able to manage the configuration settings of the devices and users in the branch offices. Table 24 lists the Windows Storage Server 2008 and Windows client operating system features used in the branch office solution and provides a brief description of the role each plays in the solution. Table 24. Features Used In Branch Office Solutions Feature File services using SMB 2.0 File services using NFS Description Provides file services for computers running Windows operating systems. In addition, SMB 2.0 helps minimize WAN network utilization because of the efficiencies provided by SMB 2.0. For more information, see the section "Review Improvements in the SMB Protocol," earlier in this white paper. Provides file services for computers running NFS clients, including the computers running Linux or Mac OS.
71 Windows Storage Server 2008 Architecture and Deployment White Paper Feature DFS Replication Shadow Copies of Shared Folders Folder Redirection Description Provides replication of files and folder structure from the: Head office to the branch offices, which reduces WAN network utilization by providing local access to the files. This is primarily for files that are for public use and are typically read-only at the branch office. Branch offices to the head office, which provides data consolidation in the head office so that all backups are performed in the head office. This allows the head office to avoid doing backups over the WAN link. DFS Replication uses RDC to transmit only the changes to a file, which dramatically reduces the network bandwidth utilization. For example, if a user updates a slide in a Microsoft PowerPoint presentation, only the changes in that slide are sent, not the entire presentation. For more information, see the section, "Using DFS Replication to Protect Data," earlier in this white paper. Allows users to recover files by themselves without the assistance of IT professionals. Helps reduce the effort spent by IT personnel in data centers for recovery of files. For more information, see the section "Using Shadow Copies of Shared Folders to Protect Data," earlier in this white paper. Computers running Windows client operating systems are using the Folder Redirection feature to redirect the user folders to network shared folders on the appliance in the branch office. The Folder Redirection feature allows the user folders to be available from any computer on the network. The user folders are copied to the head office for backup and centralized management functions. The Folder Redirection feature is available in all current Windows client operating systems, including Windows 7, Windows Vista, and Windows XP. You can administer the Folder Redirection feature using Group Policy. For more information, see: Folder Redirection Overview. Folder redirection overview for GPMC. Configuring Folder Redirection.
72 Windows Storage Server 2008 Architecture and Deployment White Paper Feature Offline Files Print Server LPD Print Services Description The Offline Files feature allows users to always have access to files from network shared folder by synchronizing the contents of the network shared folder to the Offline Files cache on the user s computer. The Offline Files feature provides access to files: When users are not connected to the branch office network. Mobile users may want to access their files while away from the office. The Offline Files feature allows users to modify local copies of their files while disconnected from the network. When users reconnect to the network, any new or modified files are automatically synchronized with the network shared folders on the appliance. In the event the appliance is taken offline for maintenance or of an appliance failure. Users can continue to work on copies of the files on their local computers. When the appliance is restored to service, any new or modified files are automatically synchronized with the network shared folders on the appliance. The Offline Files feature is available in all current Windows client operating systems, including Windows 7, Windows Vista, and Windows XP. You can administer the Offline Files feature using Group Policy. For more information, see: Understanding offline files. Working with network files when you are offline. Configuring Offline Files. Configuring Group Policy for Offline Files. Computers running Windows can print to the printers in the branch office using the print services workloads provided by Windows Storage Server 2008. For more information, see the section "Providing Access to Print Services Workloads," earlier in the white paper. Computers running Linux or Mac OS can print to the printers in the branch office using the print services workloads provided by Windows Storage Server 2008. For more information, see the section "Providing Access to Print Services Workloads," earlier in the white paper.
73 Windows Storage Server 2008 Architecture and Deployment White Paper Feature File Server Resource Manager Group Policy Description File Server Resource Manager allows you to understand, control, and manage the quantity and type of data stored on Windows Storage Server 2008. You can use File Server Resource Manager to: Limit the amount of disk space used by using the Quota Management feature. Prevent storage of certain file types by using the File Screening feature. Use Storage Reports to profile storage usage and trends within the branch. For more information, see File Server Resource Manager. Group Policy allows you to centrally configure the Windows Storage Server 2008 appliances and Windows-based computers in the branch office. Most of the features and configuration settings available in all Windows products can be configured by using Group Policy. For more information, see Group Policy. Table 25 lists how to manage each type of data is accessed by users. Note All of these features operate transparently to users in the branch office, and they are centrally configured by the IT personnel in the head office using Group Policy. Table 25. Managing Types of Data in the Branch Office Solution Type of data Managed using User folders Offline Files. This feature allows users to access their user profile folders when not connected to the appliance. Any new files or changes made to the cached copy of the files are automatically synchronized when the connection to the appliance is restored. Once these files are synchronized with the branch office appliances, any changes in the user profile folders are replicated to the head office using DFS Replication. Remote Differential Compression in DFS Replication replicates only the changes to the user profile folders, which minimizes the bandwidth utilization on the connection between the branch offices and the head office. Folder Redirection. This feature stores the user profile folders, which are typically stored locally on the user s computer, on the branch office appliance. After the user profile folders are stored on the branch office appliance. DFS Replication replicates the user profile folders to the head office so that they can be centrally backed up and managed by the IT personnel. In addition, the Folder Redirection feature helps in fast recovery of computers because the user profile folders are not stored on the local computer.
74 Windows Storage Server 2008 Architecture and Deployment White Paper Type of data Managed using Published content DFS Replication. This feature replicates the published content stored on the head office appliances to the branch office appliances. The replica copies of the published content in the branch offices have permissions set so that users in the branch office have read-only access to the replica content. DFS Namespace. This feature allows for users to transparently access the published content on the appliances in the branch office or in the head office, depending on the availability of the branch office appliance. This feature determines which replica copy to access based on the availability of the copy and the location of the copy using Active Directory sites. The head office and each of the branch offices is a separate Active Directory site. DFS Namespace always preferentially directs client computers to access a local replica copy of the published content within the local site (lower cost than other sites). If the branch office replica copy is unavailable, then DFS Namespace directs the client computers to access the replica copy in the Active Directory site with the next lowest cost, which in this scenario is the head office. When the branch office replica copy becomes available again, DFS Namespace will automatically direct users to use the replica copy in the branch office. Collaboration content Network shared folders. This feature allows users to access the content from the head office appliances. The SMB 2.0 protocol dramatically reduces the bandwidth utilization between the head office and the branch offices. Windows SharePoint Services. This feature allows users to access the content from the head office appliances using the HTTP or HTTPS protocol. This feature also supports version control, check in, and check out capabilities. For the collaboration content in Table 25, network shared folders and Windows SharePoint services are used instead DFS Replication. This is because DFS Replication in Windows Storage Server 2008 is appropriate when only one copy of the content is centrally modified and all replica copies are read-only. Because multiple users need to modify the content, network shared folders and SharePoint Services provide the appropriate solution.
75 Windows Storage Server 2008 Architecture and Deployment White Paper Creating Highly-available Solutions In a highly-available solution, the workloads provided by Windows Storage Server 2008 must provide improved fault tolerance. Figure 26 illustrates how create highly-available solutions using Windows Storage Server 2008 and Windows Server operating systems using Windows failover clusters and multipath I/O. Figure 26. Highly-available solution using Windows Storage Server 2008 The key elements of the highly-available solution include: The appliances have the appropriate system resources based on the information in Table 22. The application servers are configured in a failover cluster to provide fault tolerance in the event of an application server failure. The Windows Storage Server 2008 appliances act as iscsi targets and are running the Microsoft iscsi Software Target. The appliances are configured in a failover cluster to provide fault tolerance in the event of an appliance failure. The application servers are using the multipath I/O feature to provide redundant connections to the clustered appliances.
76 Windows Storage Server 2008 Architecture and Deployment White Paper There are redundant network connections between the cluster application servers and the clustered appliances to provide fault tolerant network connectivity. For more information about Windows failover clustering for iscsi targets, see the following sections earlier in this white paper: "Improving Availability of iscsi Block I/O Workloads." "Using Windows Storage Server 2008 as a Highly-Available NAS in Solutions." "Using Windows Storage Server 2008 as a NAS Gateway in Solutions." For more information about Multipath I/O for iscsi initiators in Windows Server operating system, see the following sections earlier in this white paper: "Improving Availability of iscsi Block I/O Workloads." "Using Windows Storage Server 2008 as a NAS Gateway in Solutions." Creating Solutions for Storage Consolidation In the storage consolidation solution, all the myriad of devices providing SMB file services, NFS file services, and iscsi block I/O are consolidated into a few, highlyavailable Windows Storage Server 2008 appliances. Typically this solution is used in medium to large organizations that want to reduce the number and types of devices in the organization. This consolidation effort can help reduce the ongoing operating effort and complexity. Figure 27 illustrates an IT environment prior to implementing the storage consolidation solution. There are a number of different computers providing file services and applications. Each computer has local storage that is used to support the services that each provides. This configuration provides inefficient storage management and usage. For example, one Exchange server may have insufficient available disk space while a file server may have many more times the available disk space than is required.
77 Windows Storage Server 2008 Architecture and Deployment White Paper Figure 27. IT environment prior to implementing the storage consolidation solution Figure 28 illustrates the same IT environment after implementing the storage consolidation solution. The number of computers to be supported has been dramatically decreased, which reduces ongoing operations effort and complexity. Also, the overall availability of workloads has been improved. Because storage is centralized, the effort for ongoing storage management is dramatically reduced. And, because all storage resources are pooled, storage can be easily allocated to the appropriate computer.
78 Windows Storage Server 2008 Architecture and Deployment White Paper Figure 28. IT environment after implementing the storage consolidation solution The key elements of the storage consolidation solution include: The appliances have the appropriate system resources based on the information in Table 22. The Windows Storage Server 2008 appliances are: Acting as iscsi targets and are running the Microsoft iscsi Software Target.
79 Windows Storage Server 2008 Architecture and Deployment White Paper Providing SMB file services. Providing NFS file services. The appliances are configured in a failover cluster to provide fault tolerance in the event of an appliance failure. The appliances have redundant network connections to support the multipath I/O feature from the storage fabric. There are redundant network connections between the cluster application servers and the storage fabric to provide fault tolerant network connectivity. Creating Small to Medium Business Solutions In small- to medium-sized business solutions, the organization needs to provide multiple workloads on Windows Storage Server 2008 appliances. The key elements of the smallto medium-sized business solution include: The appliances have the appropriate system resources based on the information in Table 22. The Windows Storage Server 2008 appliances provide: SMB file services for Windows operating systems or for other operating systems with CIFS support. NFS file services for NFS clients. Windows print services, LPR print services, and Internet printing. Access to Web-based content using IIS 7. Collaboration using Windows SharePoint Services. Centralized storage for application servers using Microsoft iscsi Software Target, such as providing iscsi LUNs for SQL Server or Exchange Server. Typically configured as a stand-alone NAS, as described in the section "Using Windows Storage Server 2008 as a Standalone NAS in Solutions," earlier in this white paper. The appliances may be configured in a failover cluster to provide fault tolerance in the event of an appliance failure, depending on the availability requirements of the organization. The appliances provide centralized storage management, which dramatically reduces the level of effort for ongoing operations and management. Highly-automated management tools, such as Group Policy, help reduce the effort required for ongoing operations and management. Creating Solutions for Heterogeneous Environments In solutions for heterogeneous environments, the organization needs to support a variety of operating systems. The key elements of the solutions for heterogeneous environments include: Windows Storage Server 2008 appliances that provide: SMB file services for Windows operating systems or for other operating systems with CIFS support. NFS file services for NFS clients. Windows print services for Windows operating systems. LPR print services for other operating systems. Access to Web-based content using IIS 7. Collaboration using Windows SharePoint Services.
80 Windows Storage Server 2008 Architecture and Deployment White Paper Centralized storage for all operating systems that have supported iscsi initiators using Microsoft iscsi Software Target. For more information about supported iscsi initiators, see the section "Identifying Microsoft iscsi Software Target Support for iscsi Initiators" earlier in this white paper. AD LDS can be used to provide identity mapping for NFS file services in environments where an Active Directory infrastructure does not already exist. For more information, see AD LDS Identity Mapping for Services for NFS. The appliances may be configured in a failover cluster to provide fault tolerance in the event of an appliance failure, depending on the availability requirements of the organization. The appliances have redundant network connections to support the multipath I/O feature from the storage fabric. There are redundant network connections between the cluster application servers and the storage fabric to provide fault tolerant network connectivity. The appliances provide centralized storage management, which dramatically reduces the level of effort for ongoing operations and management. Highly-automated management tools, such as Group Policy, help reduce the effort required for ongoing operations and management. Creating Application Consolidation Solutions In the application consolidation solution, all the local or shared storage for the application servers in the IT environment are consolidated into a few, highly-available Windows Storage Server 2008 appliances. This solution is very similar to the storage consolidation solution described in the section "Creating Solutions for Storage Consolidation" and as illustrated in Figure 27 and Figure 28, earlier in this white paper. The types of application servers that are consolidated include those running Exchange Server, SQL Server, and other application servers that have a significant dependency on storage. Typically this solution is used in medium to large organizations that want to increase the efficiency of storage allocation and management for application servers. This consolidation effort can help reduce the ongoing operating effort and complexity. The key elements of the application consolidation solution include: The appliances have the appropriate system resources based on the information in Table 22. The Windows Storage Server 2008 appliances act as iscsi targets and are running the Microsoft iscsi Software Target. The appliances are configured in a failover cluster to provide fault tolerance in the event of an appliance failure. The appliances have redundant network connections to support the multipath I/O feature from the storage fabric. There are redundant network connections between the cluster application servers and the storage fabric to provide fault tolerant network connectivity. Typically the application servers are configured in clustered configurations to improve availability, such as described in the section "Creating Highly-available Solutions" earlier in this white paper.
81 Windows Storage Server 2008 Architecture and Deployment White Paper Creating Unified Storage Solutions In the unified storage consolidation solution, file and iscsi block I/O storage services in the IT environment are consolidated into a few, highly-available Windows Storage Server 2008 appliances. This solution is very similar to the storage consolidation solution described in the section "Creating Solutions for Storage Consolidation" and as illustrated in Figure 27 and Figure 28, earlier in this white paper. In this scenario, the existing IT environment has separate devices provide SMB-based file services, NFS-based file services, iscsi block I/O storage, and other storage connections (such as Fibre Channel or SAS). After implementing this scenario, all of the storage resources in the organization are managed using Windows Storage Server 2008. This centralization of storage management helps reduce the inefficiency of storage allocation and management and helps reduce the ongoing operating effort and complexity. The key elements of the solutions for heterogeneous environments include: Windows Storage Server 2008 appliances that provide: SMB file services for Windows operating systems or for other operating systems with CIFS support. NFS file services for NFS clients. Centralized storage for all operating systems that have supported iscsi initiators using Microsoft iscsi Software Target. For more information about the supported iscsi initiators, see the section "Identifying Microsoft iscsi Software Target Support for iscsi Initiators" earlier in this white paper. NAS gateway services for existing storage solutions that do not provide SMBbased file services, NFS-base file services, or iscsi connectivity. For more information about NAS gateway configurations, see the section "Using Windows Storage Server 2008 as a NAS Gateway in Solutions" earlier in this white paper. AD LDS can be used to provide identity mapping for NFS file services in environments where an Active Directory infrastructure does not already exist. For more information, see AD LDS Identity Mapping for Services for NFS. The appliances are typically configured in a failover cluster to provide fault tolerance in the event of an appliance failure, depending on the availability requirements of the organization. The appliances have redundant network connections to support the multipath I/O feature from the storage fabric and provide fault tolerant network connectivity. The appliances provide centralized storage management, which dramatically reduces the level of effort for ongoing operations and management. Highly-automated management tools, such as Group Policy, help reduce the effort required for ongoing operations and management.
82 Windows Storage Server 2008 Architecture and Deployment White Paper Creating Virtualization Solutions In the virtualization solution, as illustrated in Figure 29, Windows Storage Server 2008 runs the Microsoft iscsi Software Target to provide iscsi LUNs for use by virtual machines performing the Hyper-V server role in Windows Server 2008. In Hyper-V, the physical computer is referred to as the parent partition. Each virtual machine is referred to as a child partition. Figure 29. Windows Storage Server 2008 in virtualization solutions Table 26 lists the different methods that virtual machines can use to connect to iscsi LUNs
83 Windows Storage Server 2008 Architecture and Deployment White Paper Table 26. Methods that Virtual Machines Can Use to Connect to iscsi LUNs Method VHD created on parent partition volume Pass-through parent partition disk Child partition iscsi initiator direct to LUN Description The iscsi LUN is attached to the parent partition and is formatted as an NTFS volume and assigned a drive letter in the parent partition. A.vhd file is created on the volume that is accessed by the virtual machine. As illustrated in Figure 29, the parent partition formats LUN-C as E: and the.vhd file for Virtual Machine C is created on the E: volume. This method: Allows multiple virtual machines to store.vhd files on the same iscsi LUN. Works for all supported operating systems in the virtual machine, regardless if the operating system supports an iscsi initiator. Allows the virtual machine to boot from the iscsi LUN. The iscsi LUN is attached to the parent partition and the virtual machine directly accesses the partition. As illustrated in Figure 29, the parent partition connects to LUN-B and Virtual Machine B directly connects to the partition. This method: Allows only one virtual machine to use the iscsi LUN. However, the parent partition is also aware of the child partition using the LUN. Works for all supported operating systems in the virtual machine, regardless if the operating system supports an iscsi initiator. Allows the virtual machine to boot from the iscsi LUN. The iscsi LUN is attached to the child partition and the virtual machine directly accesses the partition. As illustrated in Figure 29, the child partition connects to LUN-A. This method: Allows only one virtual machine to use the iscsi LUN. However the parent partition is unaware of the child partition using the LUN because the child partition is directly accessing the LUN. Works for all supported operating systems in the virtual machine that have a supported iscsi initiator. Does not natively support boot from the iscsi LUN and requires products available from Microsoft partners to support iscsi boot for virtual machines. Note Performing a complete backup of the parent partition will back up iscsi LUNs that are connected using the VHD created on parent partition method. iscsi LUNs that are connected using the Pass-through parent partition disk or the Child partition iscsi initiator direct to LUN methods must be backed up separately in addition to performing a complete backup of the parent partition.
84 Windows Storage Server 2008 Architecture and Deployment White Paper Conclusion Windows Storage Server 2008 provides storage solutions for all types and sizes of organizations. Because Windows Storage Server 2008 is an optimized version of Windows Server 2008, IT pros can quickly plan, deploy, and operate Window Storage Server 2008 solutions in their organization. Tight integration with other Microsoft products and technologies also helps IT pros use existing infrastructure services (such as AD DS), operations and management products (such as the System Center family of products), and security products (such as Microsoft Forefront products). Windows Storage Server 2008 can run file services, print services, Web services, and iscsi block I/O services on a single appliance. This allows small- to medium-sized organizations and branch offices to take advantage of a multifunction appliance, instead of dedicated or single function appliances. The NFS file services, LPR print services, and iscsi target services features in Windows Storage Server 2008 help protect investments in existing networks with other operating systems, such as Linux or Mac OS. The SMB 2.0 protocol, DFS Namespace, and DFS Replication features in Windows Storage Server 2008 enhance performance, availability, and scalability for Windows operating systems. Also, the NAS gateway capabilities extend the storage services provided by existing storage solutions. The high-availability features in Windows Storage Server 2008 help create missioncritical solutions that require maximum uptime. Solutions can be scaled up by adding cost-effective, industry-standard hardware to appliances or they can be scaled out by adding additional appliances. Highly-efficient, centralized management features, such as Group Policy, help reduce the ongoing operations and management of storage solutions. All aspects of storage management can be centrally managed, including filtering of content, disk usage quotas, and the creation of shared network storage resources. Branch offices can be easily managed from central head offices using these management features. A variety of Windows Storage Server 2008 appliances are available from Microsoft partners that can support entry level to enterprise level workloads. Windows Storage Server 2008 appliances can provide storage solutions that are flexible, easier to maintain, and more cost effective than other dedicated appliances or storage solutions. More Information For more information, see the following resources: Windows Storage Server home page. Windows Storage Server blog.