We help IT Professionals succeed at work.

DFS-R Design

1,176 Views
Last Modified: 2013-11-05
So, I am in the process of deploying a simple DFS-R infrastructure.  I have about 70+ servers in just as many remote offices that act as File & Print servers but, they also will double as App-V streaming servers.  I want to use DFS-R to keep the App-V content share consistent on each server.  Now I know that DFS-R uses RPC to replicate the data to each server.

My road blocks are: We will have a mixed bag of '03 R2 and '08 R2 systems which use different RPC ports.  Another is: our network security team will not allow these RPC random ports.  Rather than just isolate DFS-R replication to a single port as outlined in:  http://support.microsoft.com/kb/319553/en-us.  I was thinking I can accomplish both issues by limiting all RPC coming from the server on a port range of 300 (Example: 5000-5300)  I chose 300 because the minimum port range for Windows server '08 is 255 and I wanted a round number:).

I was going to follow the following articles:

Windows Server 2003: http://support.microsoft.com/kb/154596

Windows Server 2008: http://blogs.technet.com/b/askds/archive/2007/08/24/dynamic-client-ports-in-windows-server-2008-and-windows-vista-or-how-i-learned-to-stop-worrying-and-love-the-iana.aspx

I was hoping that someone could provide feedback or flaws.

Thanks,
Comment
Watch Question

PberSolutions Architect
CERTIFIED EXPERT

Commented:
Ugh, I feel your pain.  Anything that I deploy usually has to deal with a firewall and my network guys are very stingy when it comes to what I can do.  
The Microsoft article 319553 will work.  I've used this before through the firewalls as well.    Normally you would need high ports to a destination of 135 and then it will negotiate a random high port, but hardcoding it as per the 319553 works.  
I have also limited the RPC ports ranges as you also are considering.  The one thing to keep in mind is that limiting your RPC ports can have some downside if your servers are really busy because they may run out of ports.
My network guys also like the limited range as well.  If I can give them a port rule small source port range, they are usually much happier.
 

Author

Commented:
Thanks for the info!

So, as far as restricting RPC as a whole from the server.  Would you suggest increasing the amount of ports to say 1000 from 300?

Also, have you run DFSR in an enviornment this way instead of using microsoft's KB319553.
Solutions Architect
CERTIFIED EXPERT
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
I appreciate the input!
PberSolutions Architect
CERTIFIED EXPERT

Commented:
Glad to help.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.