Link to home
Start Free TrialLog in
Avatar of mshaikh22

asked on

Urgent! need help with DFS setup across 4 domains over wan connections

Dear Experts,

We are currently in the middle of a domain migration, we looking at  implementing DFS on our windows 2003 enteprise sp2 clustered file server that resides in domain b

we have domain c, domain d and domain e.

All of these domains are migrating to domain f.

so ideally we would all users in domain f to see the two shared folders in domain b but since we have office globally, we are trying implement dfs replicas so that can improve performance.

i create a dfs domain root share on domain b but only could create it on the active node which is 2 on the cluster and not on the cluster node itself.
which is in active/passive configuration


1 I need to know if its possible to create on the cluster as i know dfs is not cluster aware

i need to setup dfs target replicas on file servers all across the globe in domain f to syncronize the folder that are in domain b cluster file server.

I would like detailed instructions on how to achieve this.

I would like to know if its possible to setup a dfs namespace on the domain b cluster file server that is running windows 2003 ent sp2 and not r2.

and domain f servers are running 2008 sp2.

Thank you, experts
Avatar of arnold
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of mshaikh22


the reason for choosing dfs is and is improve performance for our hong kong and new york users so they can have a local copy replicated.

1. IF we upgrade 2003 sp2 to r2 will that break the cluster
2. one folder is 750 gb and the other is 20 gb will dfs help in performance.
3. how can you set this up.

all domains have a 2 way trust and all sites are on mpls network

I do not know whether you could do an inplace OS upgrade on a cluster.
Since you have to consolidate five AD domains into on, I do not know whether it is an option for you to add a fileserver with windows 2003R2 or newer that is joined to the end AD domain (f) with which you can setup DFS/DFS-R.

I think it will be too risky to attempt an inplace OS upgrade on a cluster but seems possible.
Since you still have to migrate the cluster from one domain to another, there might be other options.

Do you have a windows 2008 Ent where you can setup a Virtual machine to function as the local DFS on the F domain?

With this amount of data, the traffic back through the MPLS might be more cost effective that having 770GB of data streamed to the various locations initially and then have the changed files go around.

create the dfs share on the clusters using the cluster name, not the node name, the cluster name should always be visable as long as one of the cluster nodes is active, then create all the DFS share on the other servers in the other domains, i would then suggest using visa-versa software, this handles data better and you have more control of how much bandwidth is used.

the problem with DFS on server 2003 r1 nd r2, is if one of the servers updates from the windows updates site, then the DFS is broken and you can lose alot of data, and time to re-create all the shares.
You think Visa versa software will work fine in this scenario,
Planning to deploy a two node cluster in london and 2008 r 2 servers in hk and us.
do i need to setup both dfs namespace and dfs . Whats the difference between the both.

which replication topology should i go with

full mesh or spoke and huib.

have a concern abut users access the same file at the same time.

~Another concern is if a london user is accessing dfs namespace share will he be access the london dfs share or any other. Same case with ny and hk users.

No response to what?
The mesh or hub and spoke will be determined based on the type of connection you have among the locations.
I.e. if your WAN network setup is a hub and spoke, you would use DFS in the same configuration. If your branches can communicate amongs themselves via the HUB i.e. each branch has routes to reach the others, a mesh will be better, but you should give thought to your HUB connection as it may see a large amount of traffic that might push the limit of the available bandwidth.  Depending on what else is going through the VPN, you may need to limit the bandwidth allocated to DFS replication which could lead to a long delay in propagation of large files.

It also depends on how you are setting up the DFS.  i.e. you can have HUB - spoke1 have a common share, HUB - spoke2 have a common share and have one share to which individuals in all locations have access.  I.e. there is no point in replicating data through all the spoke that is only relevant to a specific location and to the HUB as the main repository/backup location.

Depending on how you configure the DFS and provided each location has its own local DC, the first choice will be for the local DFS access. OU/GPO configuration.

DFS has conflict detection which merely means if there is a change to the same file, one of them will be kicked out.
The planning on how you setup the DFS shares will control whether you have a higher likelyhood of running into a conflict i.e. all files are accessible by all and your replication bandwidth is such that a change on spoke1 to filea may take a day to propagate to spoke2 where another user might also edit filea.

Document management might be a better option i.e. there is a limited set of active documents. While the DFS will be more as a content that does not change i.e. policies/procedures,etc.  
sorry for the delay in getting back to you, busy working.

visa-versa is a good option, using DFS to create the shares, then use the software to replicate between servers.

replication toplogy depends on your current setup, as described by arnolds point above. his points are valid and considaration should be given to the whole setup, not just the DFS setup.

the other point about users accessing the same file, well that will be handeled by DFS conrol, the newer file is kept or merged with the other file, both users can not be saving at the exact moment.

if you have concerns over files being accessed at the same time then software like vault would be a good choice as you have book the file out and book the file back in, stopping unwanted merges.

dfs namespace in the name of the dfs share location, dfs shares are the shares accessed by users when they connect either via logon script or manuall URL. both need to be setup again good planning is required.
Thank you, arnold and not an expert. We currently have a mpls network setup between our branch offices and they have their own dcs, but im fearing that full mesh might put strain on bandwidth but then again they all in different time zones so this should be ok in terms of accessing files.

not an expert, could give me the link to visa versa or is it vice versa software u r talking about.

I am planning to implement a two node cluster in the main office and use cluster name as namespace and replicate it with the branch offices.

ideally we are looking at replicating file shares about 200 gb.

i have been reading that its best to start with something small and work your way. can do restore 200gb to branch office file share and then replication.

You should not use server/cluster specific name, but use the domain as the foundation of the namespace \\ADdomainname\primary and within here you will define the links such that a user will see a list of directories when accessing \\addomainname\primary
and when they click on
share1 their request will be redirected to the local fileserver that has this share.
The use of the addomainname as the basis of the share, means that should you need to add capacity in one location i.e. have two fileservers share the load to service these requests, you can add another target to the share1
share1 -> server1
share1 -> server2
The DC will see all the requests for \\addomainname\primary\share1 and will direct them to one of the two available targets in the location.

Thank you, Arnold. I am planning to implement a 2 node cluster on a shared storage and use the virtual name as a namespace and have 2 other dfs replicas at different offices.

I am going to be following this document.,

The reason is that there already 2003 cluster setup that does file and print service so management need to expect that.

so do we create the dfs namespace on the dcs or the file server themselves along the replication group.

Thank you, Arnold. I am planning to implement a 2 node cluster on a shared storage and use the virtual name as a namespace and have 2 other dfs replicas at different offices.

I am going to be following this document.,

The reason is that there already 2003 cluster setup that does file and print service so management need to expect that.

so do we create the dfs namespace on the dcs or the file server themselves along the replication group.

The idea behind DFS is that clustering fileservers will become obsolete.
i.e. Distributed File System means that there are duplicate data versus clustering where you have two or more nodes having access to a single shared storage where only one node services the requests. The other issue is that you rely on the local HD space versus the more expensive shared storage.

IMHO, while it is doable you are wasting resources, i.e. the passive node will spin its drives and do nothing or you are doing an active/active cluster setup where node1 is active for one application while passive for another and the same for the other node/nodes??

It is a different matter if the cluster resources are for a separate set of application i.e. SQL, etc and you are setting up the DFS as a piggy back on the cluster.

The DFS setup and replication should be configured from the servers where the shares reside, but can be done from the DC's or any other server provided they have the correct DFS version i.e. win 2003 R2 and newer for DFS-R options along with the DFS management MMC.
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.