Files are that box of information which is most frequently used by an average office worker. Anyhow, we read, change, copy and exchange a huge amount of files during a work day. Without a proper organisation of the storage and file management structure, in just a week a small office network can turn into a big file-trash hole. The use of file servers will help to avoid this. We have already spoken about file storage organisation based on the OwnCloud product. In this article we are going to speak about file services based on Microsoft Windows Server.

Windows Server 2016 enables using the file server for both the users and other services and applications. You can configure file services for solving the tasks as follows:

  1. Organisation of the general folders for users
  2. Users’ profile storage
  3. Organisation of the general source for the Hyper-V servers
  4. Organisation of database storage place for SQL Server
  5. Organisation of the publicly -available file space for the apps (e.i., Citrix PVS, Microsoft IIS and so on)
  6. Other options.

The clear understanding of the task provides insight into the requirements for fail-safety, production, capacity, access control and coding. After that it’s possible to start planning the architecture and the further necessary service configuration.

In the productive environment the use of a fail-safe file service is more required. The only drawback of the Windows Server Failover Cluster use is the cluster use in the Active-Passive mode. Beginning with Windows Server 2012 you can use scaling cluster Scale Out File Server that can run in Active-Active mode with reading cashing, increasing the general productivity and capacity of a file service. However, it also has a number of downsides. For example, Scale Out File Server is not well suitable for the file storage scenario with frequent metadata change. So, the main tasks of its use are Hyper-V, SQL Server, the library of the images with rare changes and few referring users. Follow the link to have a look at the full list of sustainable by both cluster types Windows Server 2016 storage technologies.

Using the last version of Windows Server, you also get the advantages of SMB3.0 technology. It includes:

  • SMB Transparent Failover. It lets transparently switch into another node of the fail-save cluster.
  • SMB Multichannel. It lets increase capacity and fail-safety by creating a few transmit channels and aggregating of several network cards for the SMB protocol.

However, you should remember that for getting the result the given technology should be supported by the server as well as a client. That’s why it’s necessary to upgrade the operating systems of both the servers and the workstations that will refer to them. SMB 3.0 technology is supported by the operating systems beginning with Windows 8 and Windows Server 2012. Our professionals are ready to help you in case you have problems with the upgrading of either servers or workstations managed by the Windows OS.

From our experience, the most widely spread case of file service appliance is creation of the file resource for the shared users’ folders storage and location of the redirected from the local profiles users’ personal folders. Apart from the choice of architecture solution for the creation of such resource, a shared volume is necessary which is accessible to the both node clusters. It can be located on the hardware and program DSS. If you have a bought Windows Server 2016 Datacenter version than you can think of using Storage Spaces Direct or similar products of other vendors such as DatacoreSANSymphony, Dell EMC ScalelO, Starwind Virtual SAN. The latter can be used for a budget variant and testing. This variant becomes more appealing for the recent changes in the product distribution policy. The developers eliminated restrictions of the functions and a number of nodes for the free version, but eliminating visual interface of the control and technical support. Though there is a 30-days trial period with all functional included. Since there are a lot of articles with the step-by-step configuration of the fail-safe file cluster based on the Windows Server OS, we won’t give you detailed instructions but stop at some of the most useful shades from our point of view:

  1. It’s necessary to develop a folder system according to the needs at the planning stage. Most frequently it will be individual for each company. While planning it’s preferable to stick to the rule “Safety configuration split only on the root folder of the shared resource”.
  2. Deduplication is one of the useful functions. Scenario-user data storage can achieve substantial savings of disk space. This is confirmed by testing.
  3. You want to provide access to *nix systems? For this you need to raise the role of the NFS server.
  4. If the branches via WAN links are planned to be connected with the resources, you can configure the BranchCache for network files. It allows you not to download to a remote site once re-loaded data once again.
  5. If it does not contradict security policies, you can use your corporate lightweight “OneDrive” -Work folders (WorkFolders) service. This will allow you to synchronize files between the server and multiple worker devices.
  6. A DFS namespace allows you to display to the user only those folders to which he has access. In the same namespace, you can display shared resources with different file servers. You can also expand its role in the failover cluster. It is convenient that if you change the actual file locations, you just need to replace the path to the resource in the DFS Namespace settings instead of having to reconfigure some (sometimes very large) number of client PC.
  7. Instead of assigning many network drives, now it is possible to add only the root of the DFS space as your home folder and all the necessary folders will be inside.
  8. We recommend you to install the file server resource Manager. Reporting and alerting help in administration.
  9. We also recommend you to enable the auditing of access to the files to know who deleted or modified a file. If standard functionality is not enough, you can use paid solutions, for example: CondusivUndeleteServer or NetwrixAuditorforWindowsFileServers.
  10. It is quite enough to configure the notification of free disk space termination. If you need tighter restrictions, you can use the quota arrangement. Often this complicates both the setup and ongoing administration.
  11. The same effect is caused by the use of file masks to limit the type of stored files. It can be easily bypassed by renaming the extensions. However, it works well in the case of the organization of protection “from the fool”.
  12. For work of the function SMB TransparentFailoverwhile creating a shared folder, you must specify the ContinuousAvailability attribute.
  13. For each directory with different access a security group in active directory is created. All changes are made only in the group ActiveDirectory and do not lead to the reassignment of NTFS permissions for each file and folder in the directory. Thus, the access to the file resource just changes the next time the user logs into the system. Also you can use group policy to automatically change access rights.
  14. It is important to use a naming policy that will allow defining clearly its purpose by the name. For example, SF-Finance-RW (ShareFolder-Finance-ReadWrite — access group with the right on writing a shared folder, Finance).
  15. Aerobatics is the use of dynamic access control when access to a file resource is provided by compliance of all values of users, device and the folder or file tags. The tags are created in advance and can be assigned to files and folders both manually and automatically. The access policies and tags themselves are created in ActiveDirectory. This solution adds great flexibility when creating access policies, and cay consider different objectattributes, such as country and usersDepartment, whether you use a corporate computer to access and time of day. That’s the theory. In practice, the specialists of our company were not able to face such solutions.
  16. But useful in practice appeared to be the inclusion of functional storage ofseveral previous versions of documents based on the shadow copies. In this case, the user can restore old versions of files by themselves. Features and setup instructions can be found in this article.
  17. But remember that none of the above mentioned eliminates the need to have a backup system! Any. Microsoft DPM, Veeam backup and replication, Veritas backup Exec, convenient backup. Free WindowsImageBackup and CobianBackup.

To crown it all, we can say that the file service is not as easy as many believe, and their proper design and operation are the keys of the productive and secure user work and enterprise applications!

If You are in doubt about the correct configuration of Your file services, our specialists are ready to audit Your system and provide recommendations based on best practices and extensive experience of the company, and implement the solution [email protected]