Solved

Speedy Filesharing independent to the users location / DFS?

Posted on 2010-11-09
7
498 Views
Last Modified: 2012-05-10
Hi Experts

We are just setting up a new Resource Topology with 1 Resource Forest spread over 2 locations (US and EU) and 2 Account Forests (US and EU). The Resource Forest locations are different to the office locations.

We would like to put all our Files, redirected folders and user account profiles in the Resource Forest and no matter where the user logs in (US or EU) he/she will always get speedy access to fileshares.

Would DFS be the solution we are looking for?
How would a user from the US Account Forest authenticate in the EU Account Forest?
Which kind of Trust do I need between those two Forests then?

My thought for DFS:
 
Account Forest -------------------------Resource   Forest -----------------------------------Account Forest
US-------------------------------------------US---------EU--------------------------------------------------------EU
User Account --------------------------Share-------Share-----------------------------------------User Account
User Account ------------------------Redirected---Redirected-----------------------------------User Account

Would this work? What is common practise for this?

Thanks for your help in advance
0
Comment
Question by:Dan-IT
  • 3
  • 2
  • 2
7 Comments
 
LVL 8

Expert Comment

by:PaperTiger
Comment Utility
What kind of files and what kind of connections do you have?
0
 
LVL 24

Accepted Solution

by:
Awinish earned 500 total points
Comment Utility
Authentication happens using site/subnet user belongs to while login to domain. On login to domain, SRV records are query which site user belongs to & it send authentication request to mapped site with subnet the user machine belong to from where he is try to access domain resource.

http://technet.microsoft.com/en-us/library/cc759550%28WS.10%29.aspx
http://activedirectoryfaq.blogspot.com/2007/09/how-kerberos-authentication-works.html

If the two forest is different you can use external forest trust with dns(stubzone,forwarder or secondary zone) & firewall port in place.

If you want user from any forest access resource in any domain of forest two way transitive trust relationship is required.

DFS is the solution for sharing the files & user doesn't have to remember the different server name.

Bandwidth Link will play important role here.
0
 

Author Comment

by:Dan-IT
Comment Utility
Thanks Guys

It's going to be sharedfiles (spreadsheets, documents, pdfs ect. ), redirected folders and userprofiles.
Bandwidth is more than sufficient I guess. Slowest link will be a 20Mb site to site.

There will be no active user accounts in the Resource Forest. User accounts from Account Forests only access files in the Resource Forest.

Each location (US and EU) has its own Fileserver.
Do I have to put the 2 Fileservers together under one big DFS namespace so when USuser is in the EU, he would get his files from the EU Fileserver in the Resource Forest.
Same with the Redirected Folders. If I set redirected folders via Group Policy to the same namespace for US and EU users. Will that be enough that when USusers login from EU don't have to wait until their files get downloaded over the ocean?


Awinish: Is there an advantage if I put a DC from US into the EU site and vice versa?


Let me know if you have any questions... maybe I'm not explaining correctly what I'm trying to achieve.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 24

Assisted Solution

by:Awinish
Awinish earned 500 total points
Comment Utility
Authentication will be faster because a user who is in US will not have to authenticated by EU which can take time.

Have you heard of Branch Cache, its new feature of windows 2008 R2 & windows 7.

http://www.windowsnetworking.com/articles_tutorials/Introduction-BranchCache-Part1.html

If you put two file server in US & EU it will be better from the point of redundancy & balanced load as both the file server will contain same data & there will be sync in the data from time to time.

Yes,configuring the name in the server is fine.
 
0
 

Author Comment

by:Dan-IT
Comment Utility
Awinish

BranchCache sounds good. Will look into this.

I'm still concerned having those many files under one DFS Namespace. Is there any reason for concern?

Cheers
Dan

0
 
LVL 24

Expert Comment

by:Awinish
Comment Utility
I don't think, regular backup & redundancy should remove your concern.


0
 
LVL 8

Expert Comment

by:PaperTiger
Comment Utility
If you have 20MB, the speed shouldn't be a concern. I run a 3MB line between US-Canada-Mexio, I am still OK.

If it is, you can look into something called WAN Optimization. Many prominent companies make products like that such as CISCO, RiverBed, and Bluecoat. WAN Optimization is a piece of hardware you deploy at each site. It then does compression and caching. The improvement of speed is amazing - about 50% to 200%. It's more impressive on documents like Word, Excel etc. and HTTP traffic.

This is something I am implementing.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now