Discussion:
DFS and FRS - Is this a good solution
(too old to reply)
Dustin
2007-06-14 23:45:01 UTC
Permalink
I am considering utilizing DFS and FRS for our office.

We have a primary data storage location that will house roughly upto 80gig
of information at any one time. The majority of this information will remain
static as many active projects go on and off hold often.

The information contents will be primarily Autocad Files, Office Docs,
Photos - (JPG).

This active storage location will have through the course of one business
day have on avg 1-2 gig of information modified.

I am currently using Windows server 2003 SP1 on the primary master DFS loc I
am testing with. I am finding though that when you open a file it might not
be opening from that same storage location but referring to the secondary
link and actually opening that file.

I am planning to do the upgrade to R2 since were under SA and just awaiting
the media.

The 2 folder locations that are going to be linked togather actually reside
in 2 different sites that are tied togather via static encrypted VPN tunnel.

We currently have the VPN tunnel etc all in place but the users in offsite
location are too slow to access files from the central storage location.

On any given project - we may have users working on the Autocad files in
either location.

My questions are:
1. Is a secure Static VPN tunnel (1.5mb pipe) safe enough to consider DFS /
FRS replication of these files. By safe I am meaning from potential of
corruption etc considering the file sizes can get to be 1-2mb DWG files or
sometimes little larger.

2. Currently in SP1 my tests show this to be very slow cause it is referring
across the VPN instead of keeping user on their local side of the VPN and
only using VPN tunnel to sync the file. I am wondering or been reading it
seems R2 will allow me to control this which should eliminate this
performance issue per say right?

3. Are there any space / size limitiations that should be considered when
using this solution?

I am looking at this solutions to allow the following:

Users on both side of the VPN see a local copy of the files - they can open
and edit that will be fast and not be opening over the VPN, but whenchanges
made the file will be synced to both sides the vpn giving both sides
essentially a local copy.

This will also give us essentialy a active fail over of our current storage
incase one side has a server storage failure for whatever reason.

This also gives us offsite redundancy which is even better for a fail over.

Can anyone point to me reasons that maybe I should not be considering this a
solution or things to be aware of that maybe we have not seen yet of
potential problems. So far this solution we see assuming we can solve the
latency issues of opening files, copying etc... seems to be an ideal
solution.

Because this is a static VPN tunnel it still does rely on stable internet
connection, so biggest point of failure I see if the potential if you lose
your internet connection.

THANKS for any responce and advice :)
Anthony
2007-06-15 07:24:11 UTC
Permalink
Dustin,
1) Yes, no problem there
2) You need to set up your two locations in AD Sites and Services so that
the dfs client knows which copy is local to it. DFS Replication in R2 allows
more control of failover if the local replica is unavailable.
3) The two things to consider are: the volume of replication, with the time
delay involved in that; and the time to resync all files if they get out of
sync.
4) DFS gives you multiple replicas of the same files, and RDC in R2 makes
the replication much more efficient. But you still have the possibility of
simultaneous edits as there is no locking across replicas, and the last
writer wins. If that is a concern you should consider terminal services.
Anthony
http://www.airdesk.co.uk
Post by Dustin
I am considering utilizing DFS and FRS for our office.
We have a primary data storage location that will house roughly upto 80gig
of information at any one time. The majority of this information will remain
static as many active projects go on and off hold often.
The information contents will be primarily Autocad Files, Office Docs,
Photos - (JPG).
This active storage location will have through the course of one business
day have on avg 1-2 gig of information modified.
I am currently using Windows server 2003 SP1 on the primary master DFS loc I
am testing with. I am finding though that when you open a file it might not
be opening from that same storage location but referring to the secondary
link and actually opening that file.
I am planning to do the upgrade to R2 since were under SA and just awaiting
the media.
The 2 folder locations that are going to be linked togather actually reside
in 2 different sites that are tied togather via static encrypted VPN tunnel.
We currently have the VPN tunnel etc all in place but the users in offsite
location are too slow to access files from the central storage location.
On any given project - we may have users working on the Autocad files in
either location.
1. Is a secure Static VPN tunnel (1.5mb pipe) safe enough to consider DFS /
FRS replication of these files. By safe I am meaning from potential of
corruption etc considering the file sizes can get to be 1-2mb DWG files or
sometimes little larger.
2. Currently in SP1 my tests show this to be very slow cause it is referring
across the VPN instead of keeping user on their local side of the VPN and
only using VPN tunnel to sync the file. I am wondering or been reading it
seems R2 will allow me to control this which should eliminate this
performance issue per say right?
3. Are there any space / size limitiations that should be considered when
using this solution?
Users on both side of the VPN see a local copy of the files - they can open
and edit that will be fast and not be opening over the VPN, but whenchanges
made the file will be synced to both sides the vpn giving both sides
essentially a local copy.
This will also give us essentialy a active fail over of our current storage
incase one side has a server storage failure for whatever reason.
This also gives us offsite redundancy which is even better for a fail over.
Can anyone point to me reasons that maybe I should not be considering this a
solution or things to be aware of that maybe we have not seen yet of
potential problems. So far this solution we see assuming we can solve the
latency issues of opening files, copying etc... seems to be an ideal
solution.
Because this is a static VPN tunnel it still does rely on stable internet
connection, so biggest point of failure I see if the potential if you lose
your internet connection.
THANKS for any responce and advice :)
Dustin
2007-06-15 15:28:01 UTC
Permalink
Thanks for the response.

I have to confirm this but AutoCAD creates a DWL file which in my tests so
far seems to sync the DWL file across the DFS once a file is opened which
would infact lock a DWG if it is being edited. I will confirm this today.

With regards to sites and servcies, I have 2 Sites now one for each office
and they are set to sync with each other. Are settings inside of AD Sites
and Services on win 2003 that I am not seeing to tell which is local etc. or
is that a function of R2? Each site has a different subnet created and set to
sync each other.

With your experience, what is the chances of this storage falling out of
sync. My initial tests indicate I will need about 70 hours to sync the
initial storage space, but I am figuring that after the initial sync with
only a few gigs of information a day changing that it will not be all that
bandwidth intensive for a secure t-1 VPN tunnel. The only other traffic that
will be going through this pipe will be if a user manually browses network
locations across the vpn to say like a printer / scanner etc. There will
also be VOIP for about 5 phone devices which is minimal bandwidth, which with
QOS can be prioritzed. If there is a failure in connection does the entire
space have to be resynced or does it scan and recheck to sync kind of like an
incremental backup?

We are eventually also planning to allow for about 512k though video feed
between the offices but that is not in place yet.
Post by Anthony
Dustin,
1) Yes, no problem there
2) You need to set up your two locations in AD Sites and Services so that
the dfs client knows which copy is local to it. DFS Replication in R2 allows
more control of failover if the local replica is unavailable.
3) The two things to consider are: the volume of replication, with the time
delay involved in that; and the time to resync all files if they get out of
sync.
4) DFS gives you multiple replicas of the same files, and RDC in R2 makes
the replication much more efficient. But you still have the possibility of
simultaneous edits as there is no locking across replicas, and the last
writer wins. If that is a concern you should consider terminal services.
Anthony
http://www.airdesk.co.uk
Post by Dustin
I am considering utilizing DFS and FRS for our office.
We have a primary data storage location that will house roughly upto 80gig
of information at any one time. The majority of this information will remain
static as many active projects go on and off hold often.
The information contents will be primarily Autocad Files, Office Docs,
Photos - (JPG).
This active storage location will have through the course of one business
day have on avg 1-2 gig of information modified.
I am currently using Windows server 2003 SP1 on the primary master DFS loc I
am testing with. I am finding though that when you open a file it might not
be opening from that same storage location but referring to the secondary
link and actually opening that file.
I am planning to do the upgrade to R2 since were under SA and just awaiting
the media.
The 2 folder locations that are going to be linked togather actually reside
in 2 different sites that are tied togather via static encrypted VPN tunnel.
We currently have the VPN tunnel etc all in place but the users in offsite
location are too slow to access files from the central storage location.
On any given project - we may have users working on the Autocad files in
either location.
1. Is a secure Static VPN tunnel (1.5mb pipe) safe enough to consider DFS /
FRS replication of these files. By safe I am meaning from potential of
corruption etc considering the file sizes can get to be 1-2mb DWG files or
sometimes little larger.
2. Currently in SP1 my tests show this to be very slow cause it is referring
across the VPN instead of keeping user on their local side of the VPN and
only using VPN tunnel to sync the file. I am wondering or been reading it
seems R2 will allow me to control this which should eliminate this
performance issue per say right?
3. Are there any space / size limitiations that should be considered when
using this solution?
Users on both side of the VPN see a local copy of the files - they can open
and edit that will be fast and not be opening over the VPN, but whenchanges
made the file will be synced to both sides the vpn giving both sides
essentially a local copy.
This will also give us essentialy a active fail over of our current storage
incase one side has a server storage failure for whatever reason.
This also gives us offsite redundancy which is even better for a fail over.
Can anyone point to me reasons that maybe I should not be considering this a
solution or things to be aware of that maybe we have not seen yet of
potential problems. So far this solution we see assuming we can solve the
latency issues of opening files, copying etc... seems to be an ideal
solution.
Because this is a static VPN tunnel it still does rely on stable internet
connection, so biggest point of failure I see if the potential if you lose
your internet connection.
THANKS for any responce and advice :)
Anthony
2007-06-15 16:36:57 UTC
Permalink
That's interesting about the lock file. It might work, most of the time.
You need to set up your two offices as separate Sites in AD Sites and
Services. An AD "Site" is a distinct grouping of one or more subnets,
usually based on how highly connected they are. The DFS client uses these AD
Sites to determine which replica is local.
The RDC in R2 has changed things a lot. But if, for example, you add a new
folder with 3-4 GB of data to the existing folder, then its going to take a
while to sync and also delay the throughput on the line. If you rebuild one
of the servers, then you will need to do a full resync. These are not
problems in DFS, just the way it works. Terminal Services would give you a
different kind of resilience.
Pre-R2 you had to wait while all the files were copied over. You could
pre-stage by doing a backup/restore, but if you did that you still had to
get the backup over to the other side of the connection somehow. With R2, if
you already have the data both sides, then the synching is just an interval
while it compares files. This is explained a bit more here:
http://technet2.microsoft.com/windowsserver/en/library/d3afe6ee-3083-4950-a093-8ab748651b761033.mspx?mfr=true

I think the "classic" use of DFR R is pushing out a large software library
to many sites. There really isn't a better way to get the data local to many
places. Likewise for resilience, creating an off-site copy. Slightly less
appropriate, but still possible, for multiple sites accessing the same data.
Then you might want to think more about Terminal Services,
Hope that helps,
Anthony
http://www.airdesk.co.uk
Post by Dustin
Thanks for the response.
I have to confirm this but AutoCAD creates a DWL file which in my tests so
far seems to sync the DWL file across the DFS once a file is opened which
would infact lock a DWG if it is being edited. I will confirm this today.
With regards to sites and servcies, I have 2 Sites now one for each office
and they are set to sync with each other. Are settings inside of AD Sites
and Services on win 2003 that I am not seeing to tell which is local etc. or
is that a function of R2? Each site has a different subnet created and set to
sync each other.
With your experience, what is the chances of this storage falling out of
sync. My initial tests indicate I will need about 70 hours to sync the
initial storage space, but I am figuring that after the initial sync with
only a few gigs of information a day changing that it will not be all that
bandwidth intensive for a secure t-1 VPN tunnel. The only other traffic that
will be going through this pipe will be if a user manually browses network
locations across the vpn to say like a printer / scanner etc. There will
also be VOIP for about 5 phone devices which is minimal bandwidth, which with
QOS can be prioritzed. If there is a failure in connection does the entire
space have to be resynced or does it scan and recheck to sync kind of like an
incremental backup?
We are eventually also planning to allow for about 512k though video feed
between the offices but that is not in place yet.
Post by Anthony
Dustin,
1) Yes, no problem there
2) You need to set up your two locations in AD Sites and Services so that
the dfs client knows which copy is local to it. DFS Replication in R2 allows
more control of failover if the local replica is unavailable.
3) The two things to consider are: the volume of replication, with the time
delay involved in that; and the time to resync all files if they get out of
sync.
4) DFS gives you multiple replicas of the same files, and RDC in R2 makes
the replication much more efficient. But you still have the possibility of
simultaneous edits as there is no locking across replicas, and the last
writer wins. If that is a concern you should consider terminal services.
Anthony
http://www.airdesk.co.uk
Post by Dustin
I am considering utilizing DFS and FRS for our office.
We have a primary data storage location that will house roughly upto 80gig
of information at any one time. The majority of this information will remain
static as many active projects go on and off hold often.
The information contents will be primarily Autocad Files, Office Docs,
Photos - (JPG).
This active storage location will have through the course of one business
day have on avg 1-2 gig of information modified.
I am currently using Windows server 2003 SP1 on the primary master DFS
loc
I
am testing with. I am finding though that when you open a file it
might
not
be opening from that same storage location but referring to the secondary
link and actually opening that file.
I am planning to do the upgrade to R2 since were under SA and just awaiting
the media.
The 2 folder locations that are going to be linked togather actually reside
in 2 different sites that are tied togather via static encrypted VPN tunnel.
We currently have the VPN tunnel etc all in place but the users in offsite
location are too slow to access files from the central storage location.
On any given project - we may have users working on the Autocad files in
either location.
1. Is a secure Static VPN tunnel (1.5mb pipe) safe enough to consider
DFS
/
FRS replication of these files. By safe I am meaning from potential of
corruption etc considering the file sizes can get to be 1-2mb DWG files or
sometimes little larger.
2. Currently in SP1 my tests show this to be very slow cause it is referring
across the VPN instead of keeping user on their local side of the VPN and
only using VPN tunnel to sync the file. I am wondering or been reading it
seems R2 will allow me to control this which should eliminate this
performance issue per say right?
3. Are there any space / size limitiations that should be considered when
using this solution?
Users on both side of the VPN see a local copy of the files - they can open
and edit that will be fast and not be opening over the VPN, but whenchanges
made the file will be synced to both sides the vpn giving both sides
essentially a local copy.
This will also give us essentialy a active fail over of our current storage
incase one side has a server storage failure for whatever reason.
This also gives us offsite redundancy which is even better for a fail over.
Can anyone point to me reasons that maybe I should not be considering
this
a
solution or things to be aware of that maybe we have not seen yet of
potential problems. So far this solution we see assuming we can solve the
latency issues of opening files, copying etc... seems to be an ideal
solution.
Because this is a static VPN tunnel it still does rely on stable internet
connection, so biggest point of failure I see if the potential if you lose
your internet connection.
THANKS for any responce and advice :)
Dustin
2007-06-15 17:08:01 UTC
Permalink
This is interesting,

because unless I am completely missing something, in my Active Directory
Sites and services, I have 3 DC, which one DC is sitting in the remote office
location it is tied to different subnet but is set to replicate of one of the
main DC in main offce which is different subnet. They do appear to replicate
each other ifne as I have AD and everything in rmeote locaiton working right.
But if I try to open a file from main office location, it is in fact opening
the file across the VPN and from the remote location file storage location.

So if I am in the main office and I am opening the main office storage
location, one would think it would not open the file over the VPN but find
the local one.

is this simply a limitation of 2003 and in r2 you can force where the file
is opened from, IE lmain office location always open from main office storage
location and remote location always open from remote storage location?

Or do you think maybe I have a config wrong somewhere in my AD?

THANKS!!!

Dustin
Post by Anthony
That's interesting about the lock file. It might work, most of the time.
You need to set up your two offices as separate Sites in AD Sites and
Services. An AD "Site" is a distinct grouping of one or more subnets,
usually based on how highly connected they are. The DFS client uses these AD
Sites to determine which replica is local.
The RDC in R2 has changed things a lot. But if, for example, you add a new
folder with 3-4 GB of data to the existing folder, then its going to take a
while to sync and also delay the throughput on the line. If you rebuild one
of the servers, then you will need to do a full resync. These are not
problems in DFS, just the way it works. Terminal Services would give you a
different kind of resilience.
Pre-R2 you had to wait while all the files were copied over. You could
pre-stage by doing a backup/restore, but if you did that you still had to
get the backup over to the other side of the connection somehow. With R2, if
you already have the data both sides, then the synching is just an interval
http://technet2.microsoft.com/windowsserver/en/library/d3afe6ee-3083-4950-a093-8ab748651b761033.mspx?mfr=true
I think the "classic" use of DFR R is pushing out a large software library
to many sites. There really isn't a better way to get the data local to many
places. Likewise for resilience, creating an off-site copy. Slightly less
appropriate, but still possible, for multiple sites accessing the same data.
Then you might want to think more about Terminal Services,
Hope that helps,
Anthony
http://www.airdesk.co.uk
Post by Dustin
Thanks for the response.
I have to confirm this but AutoCAD creates a DWL file which in my tests so
far seems to sync the DWL file across the DFS once a file is opened which
would infact lock a DWG if it is being edited. I will confirm this today.
With regards to sites and servcies, I have 2 Sites now one for each office
and they are set to sync with each other. Are settings inside of AD Sites
and Services on win 2003 that I am not seeing to tell which is local etc. or
is that a function of R2? Each site has a different subnet created and set to
sync each other.
With your experience, what is the chances of this storage falling out of
sync. My initial tests indicate I will need about 70 hours to sync the
initial storage space, but I am figuring that after the initial sync with
only a few gigs of information a day changing that it will not be all that
bandwidth intensive for a secure t-1 VPN tunnel. The only other traffic that
will be going through this pipe will be if a user manually browses network
locations across the vpn to say like a printer / scanner etc. There will
also be VOIP for about 5 phone devices which is minimal bandwidth, which with
QOS can be prioritzed. If there is a failure in connection does the entire
space have to be resynced or does it scan and recheck to sync kind of like an
incremental backup?
We are eventually also planning to allow for about 512k though video feed
between the offices but that is not in place yet.
Post by Anthony
Dustin,
1) Yes, no problem there
2) You need to set up your two locations in AD Sites and Services so that
the dfs client knows which copy is local to it. DFS Replication in R2 allows
more control of failover if the local replica is unavailable.
3) The two things to consider are: the volume of replication, with the time
delay involved in that; and the time to resync all files if they get out of
sync.
4) DFS gives you multiple replicas of the same files, and RDC in R2 makes
the replication much more efficient. But you still have the possibility of
simultaneous edits as there is no locking across replicas, and the last
writer wins. If that is a concern you should consider terminal services.
Anthony
http://www.airdesk.co.uk
Post by Dustin
I am considering utilizing DFS and FRS for our office.
We have a primary data storage location that will house roughly upto 80gig
of information at any one time. The majority of this information will remain
static as many active projects go on and off hold often.
The information contents will be primarily Autocad Files, Office Docs,
Photos - (JPG).
This active storage location will have through the course of one business
day have on avg 1-2 gig of information modified.
I am currently using Windows server 2003 SP1 on the primary master DFS
loc
I
am testing with. I am finding though that when you open a file it
might
not
be opening from that same storage location but referring to the secondary
link and actually opening that file.
I am planning to do the upgrade to R2 since were under SA and just awaiting
the media.
The 2 folder locations that are going to be linked togather actually reside
in 2 different sites that are tied togather via static encrypted VPN tunnel.
We currently have the VPN tunnel etc all in place but the users in offsite
location are too slow to access files from the central storage location.
On any given project - we may have users working on the Autocad files in
either location.
1. Is a secure Static VPN tunnel (1.5mb pipe) safe enough to consider
DFS
/
FRS replication of these files. By safe I am meaning from potential of
corruption etc considering the file sizes can get to be 1-2mb DWG files or
sometimes little larger.
2. Currently in SP1 my tests show this to be very slow cause it is referring
across the VPN instead of keeping user on their local side of the VPN and
only using VPN tunnel to sync the file. I am wondering or been reading it
seems R2 will allow me to control this which should eliminate this
performance issue per say right?
3. Are there any space / size limitiations that should be considered when
using this solution?
Users on both side of the VPN see a local copy of the files - they can open
and edit that will be fast and not be opening over the VPN, but whenchanges
made the file will be synced to both sides the vpn giving both sides
essentially a local copy.
This will also give us essentialy a active fail over of our current storage
incase one side has a server storage failure for whatever reason.
This also gives us offsite redundancy which is even better for a fail over.
Can anyone point to me reasons that maybe I should not be considering
this
a
solution or things to be aware of that maybe we have not seen yet of
potential problems. So far this solution we see assuming we can solve the
latency issues of opening files, copying etc... seems to be an ideal
solution.
Because this is a static VPN tunnel it still does rely on stable internet
connection, so biggest point of failure I see if the potential if you lose
your internet connection.
THANKS for any responce and advice :)
Anthony
2007-06-15 17:34:17 UTC
Permalink
Hi,
You're right, that's not how it should be working.
Its not an R2 thing. The DFS client knows what is local from Sites and
Services. R2 has developed this further by adding failover and failback, and
by allowing you to set a different priority for non-local replicas. It is
still based on sites in Sites and Services. That's where the "cost" of
different routes comes from.
I assume you are not R2. In DFS there was a curious anomaly that if you
pre-built a server at one location and shipped it to another, it did not
update the site it thought it was at. So if you pre-built these DC's you
might have this problem.

- Check the Sites in AD. You say "location". Do you actually have separate
Sites in AD Sites and Services? Does the client you are testing from have an
IP address in one of the Sites?
- Check AD replication with the usual tools: dcdiag, replmon etc
- Check that clients are authenticating to the local DC, with %logonserver%

Anthony
http://www.airdesk.co.uk
Post by Dustin
This is interesting,
because unless I am completely missing something, in my Active Directory
Sites and services, I have 3 DC, which one DC is sitting in the remote office
location it is tied to different subnet but is set to replicate of one of the
main DC in main offce which is different subnet. They do appear to replicate
each other ifne as I have AD and everything in rmeote locaiton working right.
But if I try to open a file from main office location, it is in fact opening
the file across the VPN and from the remote location file storage location.
So if I am in the main office and I am opening the main office storage
location, one would think it would not open the file over the VPN but find
the local one.
is this simply a limitation of 2003 and in r2 you can force where the file
is opened from, IE lmain office location always open from main office storage
location and remote location always open from remote storage location?
Or do you think maybe I have a config wrong somewhere in my AD?
THANKS!!!
Dustin
Post by Anthony
That's interesting about the lock file. It might work, most of the time.
You need to set up your two offices as separate Sites in AD Sites and
Services. An AD "Site" is a distinct grouping of one or more subnets,
usually based on how highly connected they are. The DFS client uses these AD
Sites to determine which replica is local.
The RDC in R2 has changed things a lot. But if, for example, you add a new
folder with 3-4 GB of data to the existing folder, then its going to take a
while to sync and also delay the throughput on the line. If you rebuild one
of the servers, then you will need to do a full resync. These are not
problems in DFS, just the way it works. Terminal Services would give you a
different kind of resilience.
Pre-R2 you had to wait while all the files were copied over. You could
pre-stage by doing a backup/restore, but if you did that you still had to
get the backup over to the other side of the connection somehow. With R2, if
you already have the data both sides, then the synching is just an interval
http://technet2.microsoft.com/windowsserver/en/library/d3afe6ee-3083-4950-a093-8ab748651b761033.mspx?mfr=true
I think the "classic" use of DFR R is pushing out a large software library
to many sites. There really isn't a better way to get the data local to many
places. Likewise for resilience, creating an off-site copy. Slightly less
appropriate, but still possible, for multiple sites accessing the same data.
Then you might want to think more about Terminal Services,
Hope that helps,
Anthony
http://www.airdesk.co.uk
Post by Dustin
Thanks for the response.
I have to confirm this but AutoCAD creates a DWL file which in my tests so
far seems to sync the DWL file across the DFS once a file is opened which
would infact lock a DWG if it is being edited. I will confirm this today.
With regards to sites and servcies, I have 2 Sites now one for each office
and they are set to sync with each other. Are settings inside of AD Sites
and Services on win 2003 that I am not seeing to tell which is local
etc.
or
is that a function of R2? Each site has a different subnet created and
set
to
sync each other.
With your experience, what is the chances of this storage falling out of
sync. My initial tests indicate I will need about 70 hours to sync the
initial storage space, but I am figuring that after the initial sync with
only a few gigs of information a day changing that it will not be all that
bandwidth intensive for a secure t-1 VPN tunnel. The only other
traffic
that
will be going through this pipe will be if a user manually browses network
locations across the vpn to say like a printer / scanner etc. There will
also be VOIP for about 5 phone devices which is minimal bandwidth,
which
with
QOS can be prioritzed. If there is a failure in connection does the entire
space have to be resynced or does it scan and recheck to sync kind of
like
an
incremental backup?
We are eventually also planning to allow for about 512k though video feed
between the offices but that is not in place yet.
Post by Anthony
Dustin,
1) Yes, no problem there
2) You need to set up your two locations in AD Sites and Services so that
the dfs client knows which copy is local to it. DFS Replication in R2 allows
more control of failover if the local replica is unavailable.
3) The two things to consider are: the volume of replication, with the time
delay involved in that; and the time to resync all files if they get
out
of
sync.
4) DFS gives you multiple replicas of the same files, and RDC in R2 makes
the replication much more efficient. But you still have the
possibility
of
simultaneous edits as there is no locking across replicas, and the last
writer wins. If that is a concern you should consider terminal services.
Anthony
http://www.airdesk.co.uk
Post by Dustin
I am considering utilizing DFS and FRS for our office.
We have a primary data storage location that will house roughly upto 80gig
of information at any one time. The majority of this information
will
remain
static as many active projects go on and off hold often.
The information contents will be primarily Autocad Files, Office Docs,
Photos - (JPG).
This active storage location will have through the course of one business
day have on avg 1-2 gig of information modified.
I am currently using Windows server 2003 SP1 on the primary master DFS
loc
I
am testing with. I am finding though that when you open a file it
might
not
be opening from that same storage location but referring to the secondary
link and actually opening that file.
I am planning to do the upgrade to R2 since were under SA and just awaiting
the media.
The 2 folder locations that are going to be linked togather actually reside
in 2 different sites that are tied togather via static encrypted VPN tunnel.
We currently have the VPN tunnel etc all in place but the users in offsite
location are too slow to access files from the central storage location.
On any given project - we may have users working on the Autocad
files
in
either location.
1. Is a secure Static VPN tunnel (1.5mb pipe) safe enough to consider
DFS
/
FRS replication of these files. By safe I am meaning from potential of
corruption etc considering the file sizes can get to be 1-2mb DWG
files
or
sometimes little larger.
2. Currently in SP1 my tests show this to be very slow cause it is referring
across the VPN instead of keeping user on their local side of the
VPN
and
only using VPN tunnel to sync the file. I am wondering or been
reading
it
seems R2 will allow me to control this which should eliminate this
performance issue per say right?
3. Are there any space / size limitiations that should be
considered
when
using this solution?
Users on both side of the VPN see a local copy of the files - they
can
open
and edit that will be fast and not be opening over the VPN, but whenchanges
made the file will be synced to both sides the vpn giving both sides
essentially a local copy.
This will also give us essentialy a active fail over of our current storage
incase one side has a server storage failure for whatever reason.
This also gives us offsite redundancy which is even better for a
fail
over.
Can anyone point to me reasons that maybe I should not be considering
this
a
solution or things to be aware of that maybe we have not seen yet of
potential problems. So far this solution we see assuming we can
solve
the
latency issues of opening files, copying etc... seems to be an ideal
solution.
Because this is a static VPN tunnel it still does rely on stable internet
connection, so biggest point of failure I see if the potential if
you
lose
your internet connection.
THANKS for any responce and advice :)
Dustin
2007-06-15 17:52:02 UTC
Permalink
hmmmm, That would be the case then.

The remote server was pre-built in corp office, and was configured in corp
office and then moved to new subnet with everything preconfiged.

So essentially does this mean that even though everyingthing in AD site and
services looks to be correct it is not correct?
Post by Anthony
Hi,
You're right, that's not how it should be working.
Its not an R2 thing. The DFS client knows what is local from Sites and
Services. R2 has developed this further by adding failover and failback, and
by allowing you to set a different priority for non-local replicas. It is
still based on sites in Sites and Services. That's where the "cost" of
different routes comes from.
I assume you are not R2. In DFS there was a curious anomaly that if you
pre-built a server at one location and shipped it to another, it did not
update the site it thought it was at. So if you pre-built these DC's you
might have this problem.
- Check the Sites in AD. You say "location". Do you actually have separate
Sites in AD Sites and Services? Does the client you are testing from have an
IP address in one of the Sites?
- Check AD replication with the usual tools: dcdiag, replmon etc
- Check that clients are authenticating to the local DC, with %logonserver%
Anthony
http://www.airdesk.co.uk
Post by Dustin
This is interesting,
because unless I am completely missing something, in my Active Directory
Sites and services, I have 3 DC, which one DC is sitting in the remote office
location it is tied to different subnet but is set to replicate of one of the
main DC in main offce which is different subnet. They do appear to replicate
each other ifne as I have AD and everything in rmeote locaiton working right.
But if I try to open a file from main office location, it is in fact opening
the file across the VPN and from the remote location file storage location.
So if I am in the main office and I am opening the main office storage
location, one would think it would not open the file over the VPN but find
the local one.
is this simply a limitation of 2003 and in r2 you can force where the file
is opened from, IE lmain office location always open from main office storage
location and remote location always open from remote storage location?
Or do you think maybe I have a config wrong somewhere in my AD?
THANKS!!!
Dustin
Post by Anthony
That's interesting about the lock file. It might work, most of the time.
You need to set up your two offices as separate Sites in AD Sites and
Services. An AD "Site" is a distinct grouping of one or more subnets,
usually based on how highly connected they are. The DFS client uses these AD
Sites to determine which replica is local.
The RDC in R2 has changed things a lot. But if, for example, you add a new
folder with 3-4 GB of data to the existing folder, then its going to take a
while to sync and also delay the throughput on the line. If you rebuild one
of the servers, then you will need to do a full resync. These are not
problems in DFS, just the way it works. Terminal Services would give you a
different kind of resilience.
Pre-R2 you had to wait while all the files were copied over. You could
pre-stage by doing a backup/restore, but if you did that you still had to
get the backup over to the other side of the connection somehow. With R2, if
you already have the data both sides, then the synching is just an interval
http://technet2.microsoft.com/windowsserver/en/library/d3afe6ee-3083-4950-a093-8ab748651b761033.mspx?mfr=true
I think the "classic" use of DFR R is pushing out a large software library
to many sites. There really isn't a better way to get the data local to many
places. Likewise for resilience, creating an off-site copy. Slightly less
appropriate, but still possible, for multiple sites accessing the same data.
Then you might want to think more about Terminal Services,
Hope that helps,
Anthony
http://www.airdesk.co.uk
Post by Dustin
Thanks for the response.
I have to confirm this but AutoCAD creates a DWL file which in my tests so
far seems to sync the DWL file across the DFS once a file is opened which
would infact lock a DWG if it is being edited. I will confirm this today.
With regards to sites and servcies, I have 2 Sites now one for each office
and they are set to sync with each other. Are settings inside of AD Sites
and Services on win 2003 that I am not seeing to tell which is local
etc.
or
is that a function of R2? Each site has a different subnet created and
set
to
sync each other.
With your experience, what is the chances of this storage falling out of
sync. My initial tests indicate I will need about 70 hours to sync the
initial storage space, but I am figuring that after the initial sync with
only a few gigs of information a day changing that it will not be all that
bandwidth intensive for a secure t-1 VPN tunnel. The only other
traffic
that
will be going through this pipe will be if a user manually browses network
locations across the vpn to say like a printer / scanner etc. There will
also be VOIP for about 5 phone devices which is minimal bandwidth,
which
with
QOS can be prioritzed. If there is a failure in connection does the entire
space have to be resynced or does it scan and recheck to sync kind of
like
an
incremental backup?
We are eventually also planning to allow for about 512k though video feed
between the offices but that is not in place yet.
Post by Anthony
Dustin,
1) Yes, no problem there
2) You need to set up your two locations in AD Sites and Services so that
the dfs client knows which copy is local to it. DFS Replication in R2 allows
more control of failover if the local replica is unavailable.
3) The two things to consider are: the volume of replication, with the time
delay involved in that; and the time to resync all files if they get
out
of
sync.
4) DFS gives you multiple replicas of the same files, and RDC in R2 makes
the replication much more efficient. But you still have the
possibility
of
simultaneous edits as there is no locking across replicas, and the last
writer wins. If that is a concern you should consider terminal services.
Anthony
http://www.airdesk.co.uk
Post by Dustin
I am considering utilizing DFS and FRS for our office.
We have a primary data storage location that will house roughly upto 80gig
of information at any one time. The majority of this information
will
remain
static as many active projects go on and off hold often.
The information contents will be primarily Autocad Files, Office Docs,
Photos - (JPG).
This active storage location will have through the course of one business
day have on avg 1-2 gig of information modified.
I am currently using Windows server 2003 SP1 on the primary master DFS
loc
I
am testing with. I am finding though that when you open a file it
might
not
be opening from that same storage location but referring to the secondary
link and actually opening that file.
I am planning to do the upgrade to R2 since were under SA and just awaiting
the media.
The 2 folder locations that are going to be linked togather actually reside
in 2 different sites that are tied togather via static encrypted VPN
tunnel.
We currently have the VPN tunnel etc all in place but the users in offsite
location are too slow to access files from the central storage location.
On any given project - we may have users working on the Autocad
files
in
either location.
1. Is a secure Static VPN tunnel (1.5mb pipe) safe enough to consider
DFS
/
FRS replication of these files. By safe I am meaning from potential of
corruption etc considering the file sizes can get to be 1-2mb DWG
files
or
sometimes little larger.
2. Currently in SP1 my tests show this to be very slow cause it is
referring
across the VPN instead of keeping user on their local side of the
VPN
and
only using VPN tunnel to sync the file. I am wondering or been
reading
it
seems R2 will allow me to control this which should eliminate this
performance issue per say right?
3. Are there any space / size limitiations that should be
considered
when
using this solution?
Users on both side of the VPN see a local copy of the files - they
can
open
and edit that will be fast and not be opening over the VPN, but whenchanges
made the file will be synced to both sides the vpn giving both sides
essentially a local copy.
This will also give us essentialy a active fail over of our current storage
incase one side has a server storage failure for whatever reason.
This also gives us offsite redundancy which is even better for a
fail
over.
Can anyone point to me reasons that maybe I should not be considering
this
a
solution or things to be aware of that maybe we have not seen yet of
potential problems. So far this solution we see assuming we can
solve
the
latency issues of opening files, copying etc... seems to be an ideal
solution.
Because this is a static VPN tunnel it still does rely on stable internet
connection, so biggest point of failure I see if the potential if
you
lose
your internet connection.
THANKS for any responce and advice :)
Anthony
2007-06-15 18:14:19 UTC
Permalink
The problem does not affect AD replication. You can move a DC and it will
rebuild its connections in AD Sites and Services using the topology
generator.
The problem just affects DFS replicas, which do not dynamically rebuild
their site attribute if they move location.
http://support.microsoft.com/kb/260857
Hope that helps,
Anthony
http://www.airdesk.co.uk
Post by Dustin
hmmmm, That would be the case then.
The remote server was pre-built in corp office, and was configured in corp
office and then moved to new subnet with everything preconfiged.
So essentially does this mean that even though everyingthing in AD site and
services looks to be correct it is not correct?
Post by Anthony
Hi,
You're right, that's not how it should be working.
Its not an R2 thing. The DFS client knows what is local from Sites and
Services. R2 has developed this further by adding failover and failback, and
by allowing you to set a different priority for non-local replicas. It is
still based on sites in Sites and Services. That's where the "cost" of
different routes comes from.
I assume you are not R2. In DFS there was a curious anomaly that if you
pre-built a server at one location and shipped it to another, it did not
update the site it thought it was at. So if you pre-built these DC's you
might have this problem.
- Check the Sites in AD. You say "location". Do you actually have separate
Sites in AD Sites and Services? Does the client you are testing from have an
IP address in one of the Sites?
- Check AD replication with the usual tools: dcdiag, replmon etc
- Check that clients are authenticating to the local DC, with
%logonserver%
Anthony
http://www.airdesk.co.uk
Post by Dustin
This is interesting,
because unless I am completely missing something, in my Active Directory
Sites and services, I have 3 DC, which one DC is sitting in the remote office
location it is tied to different subnet but is set to replicate of one
of
the
main DC in main offce which is different subnet. They do appear to replicate
each other ifne as I have AD and everything in rmeote locaiton working right.
But if I try to open a file from main office location, it is in fact opening
the file across the VPN and from the remote location file storage location.
So if I am in the main office and I am opening the main office storage
location, one would think it would not open the file over the VPN but find
the local one.
is this simply a limitation of 2003 and in r2 you can force where the file
is opened from, IE lmain office location always open from main office storage
location and remote location always open from remote storage location?
Or do you think maybe I have a config wrong somewhere in my AD?
THANKS!!!
Dustin
Post by Anthony
That's interesting about the lock file. It might work, most of the time.
You need to set up your two offices as separate Sites in AD Sites and
Services. An AD "Site" is a distinct grouping of one or more subnets,
usually based on how highly connected they are. The DFS client uses
these
AD
Sites to determine which replica is local.
The RDC in R2 has changed things a lot. But if, for example, you add a new
folder with 3-4 GB of data to the existing folder, then its going to
take
a
while to sync and also delay the throughput on the line. If you
rebuild
one
of the servers, then you will need to do a full resync. These are not
problems in DFS, just the way it works. Terminal Services would give
you
a
different kind of resilience.
Pre-R2 you had to wait while all the files were copied over. You could
pre-stage by doing a backup/restore, but if you did that you still had to
get the backup over to the other side of the connection somehow. With
R2,
if
you already have the data both sides, then the synching is just an interval
http://technet2.microsoft.com/windowsserver/en/library/d3afe6ee-3083-4950-a093-8ab748651b761033.mspx?mfr=true
I think the "classic" use of DFR R is pushing out a large software library
to many sites. There really isn't a better way to get the data local
to
many
places. Likewise for resilience, creating an off-site copy. Slightly less
appropriate, but still possible, for multiple sites accessing the same data.
Then you might want to think more about Terminal Services,
Hope that helps,
Anthony
http://www.airdesk.co.uk
Post by Dustin
Thanks for the response.
I have to confirm this but AutoCAD creates a DWL file which in my
tests
so
far seems to sync the DWL file across the DFS once a file is opened which
would infact lock a DWG if it is being edited. I will confirm this today.
With regards to sites and servcies, I have 2 Sites now one for each office
and they are set to sync with each other. Are settings inside of AD Sites
and Services on win 2003 that I am not seeing to tell which is local
etc.
or
is that a function of R2? Each site has a different subnet created and
set
to
sync each other.
With your experience, what is the chances of this storage falling
out
of
sync. My initial tests indicate I will need about 70 hours to sync the
initial storage space, but I am figuring that after the initial sync with
only a few gigs of information a day changing that it will not be
all
that
bandwidth intensive for a secure t-1 VPN tunnel. The only other
traffic
that
will be going through this pipe will be if a user manually browses network
locations across the vpn to say like a printer / scanner etc. There will
also be VOIP for about 5 phone devices which is minimal bandwidth,
which
with
QOS can be prioritzed. If there is a failure in connection does
the
entire
space have to be resynced or does it scan and recheck to sync kind of
like
an
incremental backup?
We are eventually also planning to allow for about 512k though video feed
between the offices but that is not in place yet.
Post by Anthony
Dustin,
1) Yes, no problem there
2) You need to set up your two locations in AD Sites and Services
so
that
the dfs client knows which copy is local to it. DFS Replication in
R2
allows
more control of failover if the local replica is unavailable.
3) The two things to consider are: the volume of replication, with
the
time
delay involved in that; and the time to resync all files if they get
out
of
sync.
4) DFS gives you multiple replicas of the same files, and RDC in R2 makes
the replication much more efficient. But you still have the
possibility
of
simultaneous edits as there is no locking across replicas, and the last
writer wins. If that is a concern you should consider terminal services.
Anthony
http://www.airdesk.co.uk
Post by Dustin
I am considering utilizing DFS and FRS for our office.
We have a primary data storage location that will house roughly
upto
80gig
of information at any one time. The majority of this information
will
remain
static as many active projects go on and off hold often.
The information contents will be primarily Autocad Files, Office Docs,
Photos - (JPG).
This active storage location will have through the course of one business
day have on avg 1-2 gig of information modified.
I am currently using Windows server 2003 SP1 on the primary
master
DFS
loc
I
am testing with. I am finding though that when you open a file it
might
not
be opening from that same storage location but referring to the secondary
link and actually opening that file.
I am planning to do the upgrade to R2 since were under SA and
just
awaiting
the media.
The 2 folder locations that are going to be linked togather
actually
reside
in 2 different sites that are tied togather via static encrypted VPN
tunnel.
We currently have the VPN tunnel etc all in place but the users
in
offsite
location are too slow to access files from the central storage location.
On any given project - we may have users working on the Autocad
files
in
either location.
1. Is a secure Static VPN tunnel (1.5mb pipe) safe enough to consider
DFS
/
FRS replication of these files. By safe I am meaning from
potential
of
corruption etc considering the file sizes can get to be 1-2mb DWG
files
or
sometimes little larger.
2. Currently in SP1 my tests show this to be very slow cause it is
referring
across the VPN instead of keeping user on their local side of the
VPN
and
only using VPN tunnel to sync the file. I am wondering or been
reading
it
seems R2 will allow me to control this which should eliminate this
performance issue per say right?
3. Are there any space / size limitiations that should be
considered
when
using this solution?
Users on both side of the VPN see a local copy of the files - they
can
open
and edit that will be fast and not be opening over the VPN, but
whenchanges
made the file will be synced to both sides the vpn giving both sides
essentially a local copy.
This will also give us essentialy a active fail over of our
current
storage
incase one side has a server storage failure for whatever reason.
This also gives us offsite redundancy which is even better for a
fail
over.
Can anyone point to me reasons that maybe I should not be considering
this
a
solution or things to be aware of that maybe we have not seen yet of
potential problems. So far this solution we see assuming we can
solve
the
latency issues of opening files, copying etc... seems to be an ideal
solution.
Because this is a static VPN tunnel it still does rely on stable internet
connection, so biggest point of failure I see if the potential if
you
lose
your internet connection.
THANKS for any responce and advice :)
Dustin
2007-06-15 18:41:03 UTC
Permalink
I did not read your whole message before responding. I did check the
suggested items. They do all seem correct. I have since then ested
connecting to the files they seem tp be correctly opening from the local
replica locations. Maybe when I set this up it need time to replicate
correctly or config I dunno. It appears to be working as intended though
now.

What is strange though is:
When I first set this up - if I opened an Autocad file, it would replicate
the DWL file it creates across to the other replication folder. Now it is
not doing this which means that 1 person from each location could in fact
open the same file and edit it. Is there a way to force a replication of a
specific file type like *.dwl file. If this file would replicate to the other
storage location then DWG files would be locked on editing. This file type
has a std hidden formatting to it.

THANKS!!!

Dustin
Post by Anthony
Hi,
You're right, that's not how it should be working.
Its not an R2 thing. The DFS client knows what is local from Sites and
Services. R2 has developed this further by adding failover and failback, and
by allowing you to set a different priority for non-local replicas. It is
still based on sites in Sites and Services. That's where the "cost" of
different routes comes from.
I assume you are not R2. In DFS there was a curious anomaly that if you
pre-built a server at one location and shipped it to another, it did not
update the site it thought it was at. So if you pre-built these DC's you
might have this problem.
- Check the Sites in AD. You say "location". Do you actually have separate
Sites in AD Sites and Services? Does the client you are testing from have an
IP address in one of the Sites?
- Check AD replication with the usual tools: dcdiag, replmon etc
- Check that clients are authenticating to the local DC, with %logonserver%
Anthony
http://www.airdesk.co.uk
Post by Dustin
This is interesting,
because unless I am completely missing something, in my Active Directory
Sites and services, I have 3 DC, which one DC is sitting in the remote office
location it is tied to different subnet but is set to replicate of one of the
main DC in main offce which is different subnet. They do appear to replicate
each other ifne as I have AD and everything in rmeote locaiton working right.
But if I try to open a file from main office location, it is in fact opening
the file across the VPN and from the remote location file storage location.
So if I am in the main office and I am opening the main office storage
location, one would think it would not open the file over the VPN but find
the local one.
is this simply a limitation of 2003 and in r2 you can force where the file
is opened from, IE lmain office location always open from main office storage
location and remote location always open from remote storage location?
Or do you think maybe I have a config wrong somewhere in my AD?
THANKS!!!
Dustin
Post by Anthony
That's interesting about the lock file. It might work, most of the time.
You need to set up your two offices as separate Sites in AD Sites and
Services. An AD "Site" is a distinct grouping of one or more subnets,
usually based on how highly connected they are. The DFS client uses these AD
Sites to determine which replica is local.
The RDC in R2 has changed things a lot. But if, for example, you add a new
folder with 3-4 GB of data to the existing folder, then its going to take a
while to sync and also delay the throughput on the line. If you rebuild one
of the servers, then you will need to do a full resync. These are not
problems in DFS, just the way it works. Terminal Services would give you a
different kind of resilience.
Pre-R2 you had to wait while all the files were copied over. You could
pre-stage by doing a backup/restore, but if you did that you still had to
get the backup over to the other side of the connection somehow. With R2, if
you already have the data both sides, then the synching is just an interval
http://technet2.microsoft.com/windowsserver/en/library/d3afe6ee-3083-4950-a093-8ab748651b761033.mspx?mfr=true
I think the "classic" use of DFR R is pushing out a large software library
to many sites. There really isn't a better way to get the data local to many
places. Likewise for resilience, creating an off-site copy. Slightly less
appropriate, but still possible, for multiple sites accessing the same data.
Then you might want to think more about Terminal Services,
Hope that helps,
Anthony
http://www.airdesk.co.uk
Post by Dustin
Thanks for the response.
I have to confirm this but AutoCAD creates a DWL file which in my tests so
far seems to sync the DWL file across the DFS once a file is opened which
would infact lock a DWG if it is being edited. I will confirm this today.
With regards to sites and servcies, I have 2 Sites now one for each office
and they are set to sync with each other. Are settings inside of AD Sites
and Services on win 2003 that I am not seeing to tell which is local
etc.
or
is that a function of R2? Each site has a different subnet created and
set
to
sync each other.
With your experience, what is the chances of this storage falling out of
sync. My initial tests indicate I will need about 70 hours to sync the
initial storage space, but I am figuring that after the initial sync with
only a few gigs of information a day changing that it will not be all that
bandwidth intensive for a secure t-1 VPN tunnel. The only other
traffic
that
will be going through this pipe will be if a user manually browses network
locations across the vpn to say like a printer / scanner etc. There will
also be VOIP for about 5 phone devices which is minimal bandwidth,
which
with
QOS can be prioritzed. If there is a failure in connection does the entire
space have to be resynced or does it scan and recheck to sync kind of
like
an
incremental backup?
We are eventually also planning to allow for about 512k though video feed
between the offices but that is not in place yet.
Post by Anthony
Dustin,
1) Yes, no problem there
2) You need to set up your two locations in AD Sites and Services so that
the dfs client knows which copy is local to it. DFS Replication in R2 allows
more control of failover if the local replica is unavailable.
3) The two things to consider are: the volume of replication, with the time
delay involved in that; and the time to resync all files if they get
out
of
sync.
4) DFS gives you multiple replicas of the same files, and RDC in R2 makes
the replication much more efficient. But you still have the
possibility
of
simultaneous edits as there is no locking across replicas, and the last
writer wins. If that is a concern you should consider terminal services.
Anthony
http://www.airdesk.co.uk
Post by Dustin
I am considering utilizing DFS and FRS for our office.
We have a primary data storage location that will house roughly upto 80gig
of information at any one time. The majority of this information
will
remain
static as many active projects go on and off hold often.
The information contents will be primarily Autocad Files, Office Docs,
Photos - (JPG).
This active storage location will have through the course of one business
day have on avg 1-2 gig of information modified.
I am currently using Windows server 2003 SP1 on the primary master DFS
loc
I
am testing with. I am finding though that when you open a file it
might
not
be opening from that same storage location but referring to the secondary
link and actually opening that file.
I am planning to do the upgrade to R2 since were under SA and just awaiting
the media.
The 2 folder locations that are going to be linked togather actually reside
in 2 different sites that are tied togather via static encrypted VPN
tunnel.
We currently have the VPN tunnel etc all in place but the users in offsite
location are too slow to access files from the central storage location.
On any given project - we may have users working on the Autocad
files
in
either location.
1. Is a secure Static VPN tunnel (1.5mb pipe) safe enough to consider
DFS
/
FRS replication of these files. By safe I am meaning from potential of
corruption etc considering the file sizes can get to be 1-2mb DWG
files
or
sometimes little larger.
2. Currently in SP1 my tests show this to be very slow cause it is
referring
across the VPN instead of keeping user on their local side of the
VPN
and
only using VPN tunnel to sync the file. I am wondering or been
reading
it
seems R2 will allow me to control this which should eliminate this
performance issue per say right?
3. Are there any space / size limitiations that should be
considered
when
using this solution?
Users on both side of the VPN see a local copy of the files - they
can
open
and edit that will be fast and not be opening over the VPN, but whenchanges
made the file will be synced to both sides the vpn giving both sides
essentially a local copy.
This will also give us essentialy a active fail over of our current storage
incase one side has a server storage failure for whatever reason.
This also gives us offsite redundancy which is even better for a
fail
over.
Can anyone point to me reasons that maybe I should not be considering
this
a
solution or things to be aware of that maybe we have not seen yet of
potential problems. So far this solution we see assuming we can
solve
the
latency issues of opening files, copying etc... seems to be an ideal
solution.
Because this is a static VPN tunnel it still does rely on stable internet
connection, so biggest point of failure I see if the potential if
you
lose
your internet connection.
THANKS for any responce and advice :)
Anthony
2007-06-15 20:08:22 UTC
Permalink
DFSR is asynchronous. This means you will not have a consistent interval
within which a file is replicated. It depends what is going on. For example,
if someone dumps a whole new folder in the replica, then the line is going
to be busy and replication will be delayed.
If you truly want people at different locations to work on the same data,
using only the application lock file as the way of preventing duplicate
edits, then you should look at terminal services. But it is a matter of
judgement. If you mean that, just very occasionally people might work on the
same file at the same time, then DFS may be fine.
I must admit, my inclination is to view DFSR as a way of distributing copies
of material: not as a way to provide a single file store to multiple sites.
Anthony
http://www.airdesk.co.uk
Post by Dustin
I did not read your whole message before responding. I did check the
suggested items. They do all seem correct. I have since then ested
connecting to the files they seem tp be correctly opening from the local
replica locations. Maybe when I set this up it need time to replicate
correctly or config I dunno. It appears to be working as intended though
now.
When I first set this up - if I opened an Autocad file, it would replicate
the DWL file it creates across to the other replication folder. Now it is
not doing this which means that 1 person from each location could in fact
open the same file and edit it. Is there a way to force a replication of a
specific file type like *.dwl file. If this file would replicate to the other
storage location then DWG files would be locked on editing. This file type
has a std hidden formatting to it.
THANKS!!!
Dustin
Post by Anthony
Hi,
You're right, that's not how it should be working.
Its not an R2 thing. The DFS client knows what is local from Sites and
Services. R2 has developed this further by adding failover and failback, and
by allowing you to set a different priority for non-local replicas. It is
still based on sites in Sites and Services. That's where the "cost" of
different routes comes from.
I assume you are not R2. In DFS there was a curious anomaly that if you
pre-built a server at one location and shipped it to another, it did not
update the site it thought it was at. So if you pre-built these DC's you
might have this problem.
- Check the Sites in AD. You say "location". Do you actually have separate
Sites in AD Sites and Services? Does the client you are testing from have an
IP address in one of the Sites?
- Check AD replication with the usual tools: dcdiag, replmon etc
- Check that clients are authenticating to the local DC, with
%logonserver%
Anthony
http://www.airdesk.co.uk
Post by Dustin
This is interesting,
because unless I am completely missing something, in my Active Directory
Sites and services, I have 3 DC, which one DC is sitting in the remote office
location it is tied to different subnet but is set to replicate of one
of
the
main DC in main offce which is different subnet. They do appear to replicate
each other ifne as I have AD and everything in rmeote locaiton working right.
But if I try to open a file from main office location, it is in fact opening
the file across the VPN and from the remote location file storage location.
So if I am in the main office and I am opening the main office storage
location, one would think it would not open the file over the VPN but find
the local one.
is this simply a limitation of 2003 and in r2 you can force where the file
is opened from, IE lmain office location always open from main office storage
location and remote location always open from remote storage location?
Or do you think maybe I have a config wrong somewhere in my AD?
THANKS!!!
Dustin
Post by Anthony
That's interesting about the lock file. It might work, most of the time.
You need to set up your two offices as separate Sites in AD Sites and
Services. An AD "Site" is a distinct grouping of one or more subnets,
usually based on how highly connected they are. The DFS client uses
these
AD
Sites to determine which replica is local.
The RDC in R2 has changed things a lot. But if, for example, you add a new
folder with 3-4 GB of data to the existing folder, then its going to
take
a
while to sync and also delay the throughput on the line. If you
rebuild
one
of the servers, then you will need to do a full resync. These are not
problems in DFS, just the way it works. Terminal Services would give
you
a
different kind of resilience.
Pre-R2 you had to wait while all the files were copied over. You could
pre-stage by doing a backup/restore, but if you did that you still had to
get the backup over to the other side of the connection somehow. With
R2,
if
you already have the data both sides, then the synching is just an interval
http://technet2.microsoft.com/windowsserver/en/library/d3afe6ee-3083-4950-a093-8ab748651b761033.mspx?mfr=true
I think the "classic" use of DFR R is pushing out a large software library
to many sites. There really isn't a better way to get the data local
to
many
places. Likewise for resilience, creating an off-site copy. Slightly less
appropriate, but still possible, for multiple sites accessing the same data.
Then you might want to think more about Terminal Services,
Hope that helps,
Anthony
http://www.airdesk.co.uk
Post by Dustin
Thanks for the response.
I have to confirm this but AutoCAD creates a DWL file which in my
tests
so
far seems to sync the DWL file across the DFS once a file is opened which
would infact lock a DWG if it is being edited. I will confirm this today.
With regards to sites and servcies, I have 2 Sites now one for each office
and they are set to sync with each other. Are settings inside of AD Sites
and Services on win 2003 that I am not seeing to tell which is local
etc.
or
is that a function of R2? Each site has a different subnet created and
set
to
sync each other.
With your experience, what is the chances of this storage falling
out
of
sync. My initial tests indicate I will need about 70 hours to sync the
initial storage space, but I am figuring that after the initial sync with
only a few gigs of information a day changing that it will not be
all
that
bandwidth intensive for a secure t-1 VPN tunnel. The only other
traffic
that
will be going through this pipe will be if a user manually browses network
locations across the vpn to say like a printer / scanner etc. There will
also be VOIP for about 5 phone devices which is minimal bandwidth,
which
with
QOS can be prioritzed. If there is a failure in connection does
the
entire
space have to be resynced or does it scan and recheck to sync kind of
like
an
incremental backup?
We are eventually also planning to allow for about 512k though video feed
between the offices but that is not in place yet.
Post by Anthony
Dustin,
1) Yes, no problem there
2) You need to set up your two locations in AD Sites and Services
so
that
the dfs client knows which copy is local to it. DFS Replication in
R2
allows
more control of failover if the local replica is unavailable.
3) The two things to consider are: the volume of replication, with
the
time
delay involved in that; and the time to resync all files if they get
out
of
sync.
4) DFS gives you multiple replicas of the same files, and RDC in R2 makes
the replication much more efficient. But you still have the
possibility
of
simultaneous edits as there is no locking across replicas, and the last
writer wins. If that is a concern you should consider terminal services.
Anthony
http://www.airdesk.co.uk
Post by Dustin
I am considering utilizing DFS and FRS for our office.
We have a primary data storage location that will house roughly
upto
80gig
of information at any one time. The majority of this information
will
remain
static as many active projects go on and off hold often.
The information contents will be primarily Autocad Files, Office Docs,
Photos - (JPG).
This active storage location will have through the course of one business
day have on avg 1-2 gig of information modified.
I am currently using Windows server 2003 SP1 on the primary
master
DFS
loc
I
am testing with. I am finding though that when you open a file it
might
not
be opening from that same storage location but referring to the secondary
link and actually opening that file.
I am planning to do the upgrade to R2 since were under SA and
just
awaiting
the media.
The 2 folder locations that are going to be linked togather
actually
reside
in 2 different sites that are tied togather via static encrypted VPN
tunnel.
We currently have the VPN tunnel etc all in place but the users
in
offsite
location are too slow to access files from the central storage location.
On any given project - we may have users working on the Autocad
files
in
either location.
1. Is a secure Static VPN tunnel (1.5mb pipe) safe enough to consider
DFS
/
FRS replication of these files. By safe I am meaning from
potential
of
corruption etc considering the file sizes can get to be 1-2mb DWG
files
or
sometimes little larger.
2. Currently in SP1 my tests show this to be very slow cause it is
referring
across the VPN instead of keeping user on their local side of the
VPN
and
only using VPN tunnel to sync the file. I am wondering or been
reading
it
seems R2 will allow me to control this which should eliminate this
performance issue per say right?
3. Are there any space / size limitiations that should be
considered
when
using this solution?
Users on both side of the VPN see a local copy of the files - they
can
open
and edit that will be fast and not be opening over the VPN, but
whenchanges
made the file will be synced to both sides the vpn giving both sides
essentially a local copy.
This will also give us essentialy a active fail over of our
current
storage
incase one side has a server storage failure for whatever reason.
This also gives us offsite redundancy which is even better for a
fail
over.
Can anyone point to me reasons that maybe I should not be considering
this
a
solution or things to be aware of that maybe we have not seen yet of
potential problems. So far this solution we see assuming we can
solve
the
latency issues of opening files, copying etc... seems to be an ideal
solution.
Because this is a static VPN tunnel it still does rely on stable internet
connection, so biggest point of failure I see if the potential if
you
lose
your internet connection.
THANKS for any responce and advice :)
Continue reading on narkive:
Loading...