Post by Dave WarrenPost by DaveMillsI'm not sue I agree. Having a flag that determines that "all copies are closed
and available" therefore it is a safe edit, i.e. no warning v a warning that
continuing to edit the file may result in data loss, may be better. In the
latter case I can continue knowing that there may be a conflicting edit. In the
former I am safe.
Okay great, but if all servers aren't available or reachable, then what?
You still haven't addressed how you'd handle failure cases.
1) Do you lie to users and omit the warning, telling users they're safe
to proceed with editing when they aren't?
No: if DFS can see all copies and know that nobody is editing the file anywhere
then no warning. In all other cases a warning.
Post by Dave Warren2) Do you block all attempts to open a file for write and if so, from
all servers across the entire replication group just because one box
somewhere isn't reachable right now?
Never block just warn and allow the user to proceed just as Office does when the
file is locked except you should not be forced to do Read Only.
Overall this would introduce a warning when there is a risk and no warning when
there is no risk. If the user proceeds than they cannot argue that they did not
know. This is no worse that the current situation. However it gives the option
of declining the edit and making a copy.
It could even be implemented with an admin setting in the DFS console with
"Warn", "Block" or "Ignore" options so the Admin can choose the behaviour for
individual DFS folders.
In HAL07's case he may wish to block opens even if this is simply because one
server is unavailable. It could also be possible to get round a failed server
by for example disabling the Link which would remove the failed server from
consideration. The key point being that the Admin is acutely aware of what
copies are at risk and can take special measures. It all depends upon the
perception of the business risk. I can foresee cases when the loss arising form
a lost edit (especially undetected ones) could run to very large money.
Post by Dave WarrenPost by DaveMillsI see the difficulties but being warned of a potential conflict, even if not
100% reliable, must be better than never being warned.
Not at all, a false sense of security is *always* worse then knowing
your risks.
As it is right now, you *know* that you need to take precautions to
avoid conflicts and you can plan your infrastructure appropriately.
A half-way implementation would provide a nice false sense of safety,
and once users get used to being able to modify anything anywhere
without worrying about conflicts you'll have a minor outage, say a DFS-R
hub reboots while two VPs make changes to the same file on different
leaf nodes, not realizing that one of their changes was lost.
--
Dave Mills
There are 10 types of people, those that understand binary and those that don't.