Solved

Can one iSCSI target be used between two servers in a server migration preserving the NTFS file system and file rights?

Posted on 2008-10-22
4
1,090 Views
Last Modified: 2013-11-14
Hi,

Currently we are using a Windows 2003 R2 server / DC that hosts our file shares on an iSCSI drive mounted to that server.
All users access these file shares by using a DFS namespace, so the backend of these mappings to the real shares can be changed easily.
In the next weeks we are planning to use a new DC that also will host the DFS namespaces and must also take over the iSCSI target at the end of our server migration.

My question is really if NTFS will still function right and if it will not be damaged when i change the iSCSI to the newer server?
the SID's of the folder and files will still be the same..

I guess attaching the iSCSI target to both servers at the same time is dangerous and may damage the flle system or am i wrong?
Because these migration steps are taking outside of working hours, read and/or write errors, file locks should not happen i think.

Thanks in advance.

Best regards,
Rick

0
Comment
Question by:Rick
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 5

Expert Comment

by:mren08
ID: 22782265
You shouldn't attached more than one server to the same iSCSI target. Someone else can probably qualify this further but from my understanding Windows is unable to control which server has dedicated control at any one time.. it's certainly possible but will likely cause data corruption.

I have seen iSCSI targets moved to different servers within the same security domain without compromising NTFS security.

0
 
LVL 3

Accepted Solution

by:
VXDguy earned 500 total points
ID: 22837353
NTFS is not a clustered files system designed to be used by multiple servers at the same time.  Each server will cache a copy of the MFT independently and, on shutdown, will flush to disk corrupting the MFT and destroying the integrity of the NTFS filesystem.  Even though NTFS is a journaled filesystem, it will be damaged beyond repair if you "share" it between two non-clustered servers.

Doesn't matter if it's a shared SCSI bus, FC SAN, ATAoE, or iSCSI, the result is the same.

If you accidently expose a LUN to two different server, do NOT shut down the server.  Power them off, pull the disks out, or otherwise *DROP* the disk and you *MIGHT* be able to get your data back.  Doing a clean shutdown is guaranteed to destroy the filesystem.

Even when clustered, NTFS filesystems are accessible to only on the *active* node.  Other clustered nodes can see the LUN but no reads or writes (and this is enforced by SCSI reserves).


As for changing the owner of the iSCSI targets, as long as you remove the current owner before adding the new owner, you should be fine.  At no point do two servers see the same target LUN which is where the risk of corruption comes in.

As for filesystem permissions, I'd use an activeperl script to recursively dump the ACL list for each file before the migration.  You can do a search/replace through the ACL dump to adjust owners if necessary and run another script to set the ACL permissions.  There's a book called Win32 Perl Scripting that actually comes with an example Perl script to do this--I'm sure there's free scripts online to do this as well.
0
 

Author Closing Comment

by:Rick
ID: 31509013
Sorry for the late reply, i'm gonna try to switch servers this weekend.
But first gonna make sure our backup works 100%! :-)
0
 

Expert Comment

by:cturcott
ID: 23170471
Lots of details here about NTFS and clustering that I didn't know, but in my practical experience, you can open disk management, right click on the iscsi array and choose Offline.  From then, you can disconnect from your iscsi share safely using the Initiator.  After that, connect to your iscsi device from any computer you wish.  My array is as the polite term goes, promiscuous.  It's been connected to several domains, various workgroups, and just bounces around while the files remain happily intact.  This is in a home lab sort of environment so I am not sure about the security info but the files are fine.
0

Featured Post

Major Incident Management Communications

Major incidents and IT service outages cost companies millions. Often the solution to minimizing damage is automated communication. Find out more in our Major Incident Management Communications infographic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Finding original email is quite difficult due to their duplicates. From this article, you will come to know why multiple duplicates of same emails appear and how to delete duplicate emails from Outlook securely and instantly while vital emails remai…
The question appears often enough, how do I transfer my data from my old server to the new server while preserving file shares, share permissions, and NTFS permisions.  Here are my tips for handling such a transfer.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question