[dba-Tech] Windows Server: DFS, Distributed File System

Gustav Brock Gustav at cactus.dk
Wed Jul 13 09:28:54 CDT 2011 

Hi Jim et al

This works like a dream. We have two locations but no fancy fibre WAN connection, just plain public ADSL at 10/1 Mbit/s.

The two locations each have an "outer" LAN to manage the eight public IP addresses each place.
At each place, one IP address is NAT'ed to the "inner" LAN via a Draytek router.
These two Draytek routers have an internal VPN connection (takes minutes to set up and works extremely reliable) connecting the two inner LANs. We have used 192.168.1.0 and 192.168.10.0 respectively.
The two inner LANs are configured as Sites in our Active Directory.

Now, with two 2003/2008 servers (must be version R2), one at each site, you can set up DFS with replication.
This is true replication. Files and directories added/changed/renamed/deleted at one site is at once (as line speed allows) delta-replicated to the other site. Small files nearly at once, GB-sized ISO DVD-images an a couple of days(!) given the bandwidth you allow the service to consume. Of course, Access files holding data can only be used at one site at a time. And _every_ file and AD security attribute is replicated as well. The only major change from the default settings we have done is to raise the disk cache from 4 to 8 GB because of the ISO images. 

DFS includes virtual folders which means that the user doesn't see which file server is attached. For example, at site North a shared folder is serveralfa\data and its replica at site south is serverbeta\data. These are linked to "\\cactus.dom\cactus data\data" which is what the user connects to, like (where cactus.dom is our internal domain):

\\cactus.dom\cactus data\data\document for drive R:

The clever part is, that AD sees at which site the user logs in, and then attaches the nearest (on-site) server for that share, thus at site North that would behind the scene be \\serveralfa\data\document. However, if this server is down, you can set up DFS to let the user attach another server in the pool, here serverbeta. When serveralfa is online again, replication will bring it up to date asap.

I would never have thought that I would have to do VBScript but, as you may know, this is the default language for logon scripts etc. in Windows Server 2000+.
For some reason, we couldn't get IE - and thus Windows - to automatically retrieve the local domain to the list of Intranet domains. This is necessary to avoid the pop-up warning about "dangerous files" whenever you attach a file on the share. Thus I created (by copy and paste from several sources) this script to force that:

<vbscript>
Option Explicit

' Retrieve current AD domain and add it to the Intranet domains
' as listed in Internet Explorer security settings.
' 2011-07-12. Cactus Data ApS, CPH.

' Main script

  Const HKEY_CURRENT_USER = &H80000001

  Dim strDomainDNSName

  ' Retrieve current AD domain.
  strDomainDNSName = GetCurrentDomainDNSName()
  If Len(strDomainDNSName) >= 3 Then
    ' Append the AD domain to the list of Intranet domains.
    AddIntranetDomain(strDomainDNSName)
  End If

' End script
' --------------------------------------------------


Private Function GetCurrentDomainDNSName()

  Dim objADSysInfo

  Set objADSysInfo = CreateObject("ADSystemInfo")
  GetCurrentDomainDNSName = objADSysInfo.DomainDNSName

  Set objADSysInfo = Nothing

End Function


Private Sub AddIntranetDomain(strSubKey)

  Dim objReg
  Dim strComputer
  Dim strKey
  Dim strKeyPath
  Dim strValueName
  Dim dwValue

  strKey = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
  strComputer = "."

  ' Open Registry.
  Set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")

  ' Create a sub key for the domain. 
  strKeyPath = strKey & "\" & strSubKey
  objReg.CreateKey HKEY_CURRENT_USER, strKeyPath

  ' Create an entry for all protocols using the value for the Intranet zone.
  strValueName = "*"
  dwValue = 1
  ' Create/write the value to the entry.
  objReg.SetDWORDValue HKEY_CURRENT_USER, strKeyPath, strValueName, dwValue

  Set objReg = Nothing

End Sub
</vbscript>

This is run by a group policy at user logon.

/gustav


>>> accessd at shaw.ca 01-05-2011 22:10 >>>
No, but I will send out a call to my geek group and get back to you.

Jim



-----Original Message-----
From: dba-tech-bounces at databaseadvisors.com 
[mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Gustav Brock
Sent: Sunday, May 01, 2011 9:43 AM
To: dba-tech at databaseadvisors.com 
Subject: [dba-Tech] Windows Server: DFS, Distributed File System

Hi all

Anyone having experience with DFS across a WAN, like ADSL?

/gustav

More information about the dba-Tech mailing list