Manage Windows Server file servers

-

 


Define the Windows Server file system

    Some time recently you'll store information on a volume, you must to begin with arrange the volume. To do so, you must select the record framework that the volume ought to utilize. A few record frameworks are accessible, each with its possess focal points and disadvantages.

What is a file system?

    A file system provides a range of features that implement storage and retrieval of files on storage devices. It allows you to organize files in a hierarchical structure and controls their format and naming convention. File systems support a wide range of storage devices, including hard disks and removable media.

    All file systems available on Windows operating system consist of the following storage components:
  • Files. A file is a logical grouping of related data.
  • Directories. A directory is a hierarchical collection of directories and files.
  • Volumes. A volume is a collection of directories and files.

What are the distinguishing features of Windows Server file system types?

    The Windows Server file system types include:

  • File allocation table (FAT), FAT32, and extended file allocation table (exFAT).
  • The NT File System (NTFS).
  • Resilient File System (ReFS).

FAT, FAT32, and exFAT

    The FAT file system is the simplest file system available in the Windows operating systems support. It keeps track of file system objects by using a volume-level table. FAT maintains two copies of the table for resiliency. Both tables and the root directory must reside at a fixed location on the formatted disk.

    Because of the size limitation of the file allocation table, you cannot use FAT to create volumes larger than 4 gigabytes (GB). To accommodate larger disks, Microsoft developed FAT32, which supports partitions of up to 64 GB.

    exFAT is the file system designed for flash drives, with support for volume sizes larger than those available with FAT32. It works with media devices, such as modern flat panel TVs, media centers, and portable media players.

    Neither FAT nor FAT32 provide file system-level security. You should not create FAT or FAT32-volumes on disks attached to the servers running any of the Windows Server operating systems. However, you might consider using FAT, FAT32, or exFAT to format external media such as USB flash drives.

NTFS

    Traditionally, NTFS has been the most common choice of the file system for the Windows Server operating systems. NTFS offer numerous improvements over FAT, which leverage advanced data structures to improve performance, reliability, and disk space utilization. NTFS also provides built-in security, with such access control capabilities as access control lists (ACLs), auditing, file-system journaling, and encryption. NTFS also supports file system compression and encryption, although they are mutually exclusive so you cannot apply both to the same file or folder.

ReFS

    Microsoft introduced ReFS in Windows Server 2012 to enhance the capabilities of NTFS. One of primary strengths of ReFS, as indicated by its name, is its enhanced resiliency to data corruption through a more accurate detection mechanism and the ability to remediate integrity issues online. ReFS also offers support for larger sizes of individual files and volumes, including their deduplication.

    In most cases, ReFS is the optimal file system choice for data volumes in Windows Server 2022. However, you should keep in mind that ReFS doesn't offer full feature parity with NTFS. For example, ReFS doesn't support file-level compression and encryption. It's also not suitable for boot volumes and removable media.

What are sectors and allocation units?

    A sector is the minimum amount of data that can be read or written to a hard drive. Traditionally, sector size has been fixed at 512 bytes. Modern drives support larger sizes, such as 1 KB, 2 KB, or 4 KB. Formatting a volume with a file system combines sectors into logical clusters, also referred to as allocation units. For example, if the sectors of a hard drive are 512 bytes, a 4 KB cluster has eight sectors, and a 64 KB cluster has 128 sectors. If you initiate the formatting process, you have the option of designating the preferred cluster size. Alternatively, you can rely on defaults, which determine the cluster size based on the size of the volume.

    Cluster size represents the smallest amount of disk space that can be used to hold a file, based on the format defined by the file system. When file size doesn't match the individual or multiple cluster sizes, this results in some degree of disk space usage inefficiencies. However, choosing a smaller cluster size could negatively impact performance, because reading from or writing to a file might require an increased number of disk operations. Besides choosing the optimal cluster size, you should ensure that the cluster boundaries align with the underlying sectors.

    To improve performance, try to match the allocation unit size as closely as possible to the typical file or record size written to or read from the disk. For example, if you have a database that writes 8,192-byte records, the optimum allocation unit size would be 8 KB. This setting would allow the operating system to write a complete record in a single allocation unit on the volume. By using a 4 KB allocation unit size, the operating system would have to split the record across two allocation units and manage updates to the underlying metadata. By using an appropriately sized allocation unit, you can reduce the workload on the server's disk subsystem.

List the benefits and uses of File Server Resource Manager

    Traditional file management techniques are no longer sufficient when dealing with continually increasing volumes of data that need to be monitored, audited, classified, archived, or blocked. Instead, you need to consider a more comprehensive approach that leverages tools such as FSRM.

Overview of FSRM

    You can use FSRM to manage and classify data that is stored on file servers. FSRM includes the following features:

  • Quota management. This feature facilitates limiting the space allowed for a volume or folder. Quotas can apply automatically to new folders that you create on a volume. You can also define quota templates that you can apply to new volumes or folders.
  • File screening management. This feature helps control the types of files that users can store on a file server. You can limit the file types with specific file extensions that users can store on your file shares. For example, you can create a file screen that doesn't allow users to save files with an.mp3 extension in a file server's personal shared folders.
  • Storage reports. This feature helps with identifying trends in disk usage and effectiveness of data classification. You can also monitor attempts by a selected group of users to save unauthorized files.
  • File Classification Infrastructure. This feature automates the data classification process. You can dynamically apply access policies to files based on their classification. Example policies include Dynamic Access Control for restricting access to files, file encryption, and file expiration. You can classify files automatically by using file classification rules, or you can classify them manually by modifying the properties of a selected file or folder.
  • File management tasks. This feature allows you to apply conditional policies and actions to files based on such criteria as file location, classification properties, in addition to file creation, modification, or access date. The actions that file management tasks support include the ability to expire files, encrypt files, or run a custom command.
  • Access-denied assistance. This feature generates custom error messages to users who are not able to access files because of insufficient permissions or FSRM-based protection mechanisms.

Define SMB and its security considerations

    Managing collaboration and data sharing is an important part of an IT administrator's responsibilities. To fulfill these responsibilities, it is helpful to understand technologies that serve as the basis for Windows file sharing, such as the Server Message Block (SMB) protocol.

What is SMB?

    SMB is a TCP/IP-based network file sharing protocol that allows applications on a computer to read and write to files, and to request services from server programs in a computer network. Using the SMB protocol, an application (or the user of an application) can access files or other resources at a remote server. This allows applications to read, create, and update files on the remote server.

What are the benefits of SMB 3.x?

    Microsoft developed Server Message Block (SMB) in the 1980s. The original specification, SMB 1, was bandwidth inefficient and lacked sufficient level of security. The subsequent SMB versions addressed these shortcomings through such features as built-in encryption, SMB Multichannel, and SMB Direct.

    SMB 2.0, which Microsoft introduced in Windows Server 2008, offered meaningful performance improvements, however, didn't address in any significant manner the security challenges.

    SMB 3.0, which Microsoft introduced in Windows Server 2012, includes the following features:
  • SMB Transparent Failover. This feature enables you to perform the hardware or software maintenance of nodes in a clustered file server without interrupting server applications that are storing data on file shares.
  • SMB Scale Out. In clustered configurations, you can create file shares that provide simultaneous access to data files, with direct input/output (I/O), through all the nodes in a file server cluster.
  • SMB Encryption. This feature provides the end-to-end encryption of SMB data on untrusted networks, and it helps to protect data from eavesdropping.
  • Windows PowerShell commands for managing SMB. You can manage file shares on the file server, end to end, from the command line.
  • SMB Multichannel. This feature enables you to aggregate network bandwidth and network fault tolerance if multiple paths are available between the SMB 3.x client and server.
  • SMB Direct. This feature supports network adapters that have the Remote Direct Memory Access (RDMA) capability and can perform at full speed with very low latency and by using very little central processing unit (CPU) processing time.
    SMB 3.1.1, which Microsoft introduced in Windows Server 2016, offers several additional enhancements, including:
  • Preauthentication integrity. Preauthentication integrity provides improved protection from a man-in-the-middle attack that might tamper with the establishment and authentication of SMB connection messages.
  • SMB Encryption improvements. SMB Encryption, introduced with SMB 3.0, uses a fixed cryptographic algorithm, AES-128-CCM. However, AES-128-GCM, available with SMB 3.1.1 performs better with most modern processors.
  • The removal of the RequireSecureNegotiate setting. Because some third-party implementations of SMB don't perform this negotiation correctly, Microsoft provides a switch to disable Secure Negotiate. However, the default for SMB 3.1.1 servers and clients is to use preauthentication integrity, as described earlier.

What are the most common use cases of SMB 3.x performance enhancements?

    SMB Direct and SMB Multichannel enable you to deploy cost-efficient, continuously available, and high-performance storage for server applications on file servers. Both SMB Multichannel and SMB Direct are enabled by default on Windows Server. You can use multiple network connections simultaneously with SMB Multichannel, which enhances overall file-sharing performance. SMB Direct ensures that multiple network adapters can coordinate the transfer of large amounts of data at line speed while using fewer CPU cycles.

    SMB Direct and SMB Multichannel-based file shares provide an alternative to storing files on Internet Small Computer System Interface (iSCSI) or Fibre Channel storage area network (SAN) devices. When creating a VM in Hyper-V on Windows Server, you can specify a network share when choosing the VM location and the virtual hard disk location. You can also attach disks stored on SMB 3.x file shares. By using this approach, you can achieve high availability not by clustering Microsoft Hyper-V nodes, but by using clustered file servers that host VM files on their file shares. This is referred to as a Scale-Out File Server. With this capability, Hyper-V can store all VM files, including configuration files, .vhd files, and checkpoints on highly available SMB file shares.

Define Volume Shadow Copy Service

    Backing of critical business data can be a challenging task, primarily because of its size and high volume of changes. Effectively, some of data files might be open or they might be in an inconsistent state. To remediate this challenge, you can use VSS.

What is VSS?

    Backup and restore operations require close coordination between the backup applications, the line-of-business applications that manipulate data being backed up, and the storage management hardware and software. Windows Server Backup uses VSS to perform backups. VSS facilitates communication between these components to optimize their collaboration. VSS coordinates the actions that are necessary to create a consistent shadow copy, also known as a snapshot or a point-in-time copy, of the data that's to be backed up.

VSS solutions have the following basic components:
  • VSS service. This is part of the Windows operating system, which ensures that the other components can communicate with each other properly and work together.
  • VSS requester. This software requests the actual creation of shadow copies or other high-level operations like importing or deleting them. Typically, this is a backup application, such as Windows Server Backup.
  • VSS writer. This component guarantees that you have a consistent dataset to back up. This is typically part of a line-of-business application such as Microsoft SQL Server or Microsoft Exchange Server. The Windows operating system includes VSS writers for various Windows components such as the registry.
  • VSS provider. This component creates and maintains the shadow copies. This can occur in the software or in the hardware. The Windows operating system includes a VSS provider that uses copy-on-write.



Komentar

Posting Komentar

Postingan populer dari blog ini

Implement CI/CD with Azure DevOps

-
Gambar
  Introduction      Imagine you are part of a team of data engineers who are collaborating on one or more notebooks within a development environment, using Azure Databricks. When you are ready to deploy your changes to production, you must coordinate with an operations team to copy the notebooks over to a production Azure Databricks workspace since company policy dictates that you and your team are not allowed to manually copy the changed files over. This process causes bottlenecks and extra work. Leadership has asked you to find an automated process that incorporates version control, automated testing capabilities, and controls for deployment approvals if needed. Automated testing and deployment is a common practice in software development. However, those same principles also apply to data engineering and data science. Data engineers and data scientists need to collaborate on parts of the system and be able to deploy to production without constantly relying on opera...
Baca selengkapnya

Introduction to ASP.NET Core SignalR

-
Gambar
  What is ASP.NET Core SignalR?      All internet-connected applications are composed of servers and clients. Clients rely on servers for data, and their primary mechanism for receiving data is through making Hypertext Transfer Protocol (HTTP) requests. Some client applications require data that changes frequently.      ASP.NET Core SignalR provides an API for creating server-to-client remote procedure calls (RPCs). RPCs invoke functions on clients from the server-side .NET Core code. There are several supported platforms, each with its own client SDK. Because of this, the programming language being invoked by RPC calls varies.      It's helpful to familiarize yourself with the common terminology that's associated with SignalR. In this unit, you'll learn what SignalR components are required in a server application versus those in client applications. Additionally, you'll gain an understanding of the various duplex communication mechanism...
Baca selengkapnya

Microsoft Security, Compliance, and Identity : Describe the concepts of security, compliance, and identity

-
Gambar
    Everybody, and each gadget, has an personality that can be utilized to get to assets. Personality is the way in which individuals and things are recognized on your corporate arrange, and within the cloud. Being certain almost who or what is getting to your organization’s data and other assets may be a essential portion of securing your environment. This zone is known as personality and get to administration, and is made up of two key steps: confirming and authorizing identities. In this module, you'll learn why identity is imperative in securing corporate resources. After completing this module, you will be able to: Describe the concept of identity as a security perimeter. Understand the difference between authentication and authorization. Describe identity-related services. Describe common identity attacks      A few of the foremost common sorts of security dangers that organizations confront nowadays are personality assaults. These assaults are outlined to...
Baca selengkapnya