Professional Documents
Culture Documents
Copyright 2010 Microsoft Corporation. All rights reserved. Complying with the applicable copyright laws is your responsibility. By using or providing feedback on this documentation, you agree to the license agreement below. If you are using this documentation solely for non-commercial purposes internally within YOUR company or organization, then this documentation is licensed to you under the Creative Commons AttributionNonCommercial License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc/2.5/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA. This documentation is provided to you for informational purposes only, and is provided to you entirely "AS IS". Your use of the documentation cannot be understood as substituting for customized service and information that might be developed by Microsoft Corporation for a particular user based upon that users particular environment. To the extent permitted by law, MICROSOFT MAKES NO WARRANTY OF ANY KIND, DISCLAIMS ALL EXPRESS, IMPLIED AND STATUTORY WARRANTIES, AND ASSUMES NO LIABILITY TO YOU FOR ANY DAMAGES OF ANY TYPE IN CONNECTION WITH THESE MATERIALS OR ANY INTELLECTUAL PROPERTY IN THEM. Microsoft may have patents, patent applications, trademarks, or other intellectual property rights covering subject matter within this documentation. Except as provided in a separate agreement from Microsoft, your use of this document does not give you any license to these patents, trademarks or other intellectual property. Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, email addresses, logos, people, places and events depicted herein are fictitious. Microsoft, Active Directory, ActiveX, BitLocker, Excel, Forefront, Internet Explorer, PowerPoint, SharePoint Portal Server, SharePoint Services, SQL Server, Visual Basic, Windows, Windows 7, Windows PowerShell, Windows Server, Windows Storage Server 2008, Windows Server 2008, Windows Server 2003, Windows XP and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. You have no obligation to give Microsoft any suggestions, comments or other feedback ("Feedback") relating to the documentation. However, if you do provide any Feedback to Microsoft then you provide to Microsoft, without charge, the right to use, share and commercialize your Feedback in any way and for any purpose. You also give to third parties, without charge, any patent rights needed for their products, technologies and services to use or interface with any specific parts of a Microsoft software or service that includes the Feedback. You will not give Feedback that is subject to a license that requires Microsoft to license its software or documentation to third parties because we include your Feedback in them.
Contents
Introduction ................................................................................................ 1 Windows Storage Server 2008 R2 Overview .................................................... 3 Comparing Windows Server Operating System Storage Offerings .................. 3 Comparing Windows Storage Server with Windows Server ..................... 3 Identifying Windows Storage Server Features ....................................... 4 Whats New in Windows Storage Server 2008 R2 .................................. 5 Comparing Windows Storage Server 2008 R2 with Windows Server 2008 R2 ................................................................................................ 8 Windows Storage Server 2008 R2 Editions ................................................10 Identifying Storage Challenges ................................................................12 Identify Scalability Storage Challenges ................................................12 Identify Availability Storage Challenges ...............................................13 Identify Security Storage Challenges ..................................................14 Identify Manageability Storage Challenges ..........................................14 Identify Data Recovery Storage Challenges .........................................14 Identifying Windows Storage Server Solution Benefits ................................14 Identifying Scalability Benefits ...........................................................15 Identifying Availability Benefits ..........................................................15 Identifying Security Benefits ..............................................................16 Identifying Manageability Benefits ......................................................16 Identifying Data Recovery Benefits .....................................................18 Exploring Windows Storage Server Features and Capabilities ............................19 Providing Access to File Services Workloads ..............................................20 Supporting File Services Workloads Using CIFS, SMB, or SMB2 ..............20 Supporting File Services Workloads Using NFS .....................................21 Supporting File Services Workloads Using WebDAV ..............................22 Supporting File Services Workloads Using Windows SharePoint Services ..........................................................................................23 Providing Access to iSCSI Block I/O Workloads ..........................................23 Supporting iSCSI Block I/O Workloads Using Microsoft iSCSI Software Target ...............................................................................24 Supporting iSCSI Boot ......................................................................27 Providing Access to Web Services Workloads .............................................30 Providing Access to FTP Services Workloads ..............................................31 Providing Access to Print Services Workloads ............................................31 Providing Reduction in Power Consumption ...............................................33 Improve the Power Efficiency of Individual Servers ...............................33 Processor Power Management ............................................................33 Storage Power Management ..............................................................34 Additional Power Saving Features .......................................................35 Performing Highly Automated Installations ................................................35 Managing Windows Storage Server ................................................................36 Management Tools for All Workloads ........................................................36 Managing Power Consumption for All Workloads ........................................37
ii
Remote Manageability of Power Policy.................................................37 In-Band Power Metering and Budgeting ..............................................38 Managing File Services Workloads ............................................................38 Managing File Services Using File Server Resource Manager ..................38 Managing File Services Using Share and Storage Management ...............41 Managing DFS Namespaces and DFS Replication ..................................41 Managing Single Instance Storage ......................................................43 Managing iSCSI Block I/O Workloads .......................................................44 Managing the Microsoft iSCSI Software Target for iSCSI Block I/O Workloads .......................................................................................45 Managing the Microsoft iSCSI Software Initiator for iSCSI Block I/O Workloads .......................................................................................45 Managing iSCSI Block I/O Workloads Using Windows PowerShell ............46 Managing Web Services Workloads ..........................................................47 Managing Print Services Workloads ..........................................................49 Protecting Windows Storage Server Workload Data .........................................51 Using Windows Server Backup to Protect Data...........................................51 Using Shadow Copies of Shared Folders to Protect Data .............................52 Using the Volume Shadow Copy Service to Protect Data .............................53 Using LUN Resynchronization to Protect Data ............................................54 Comparison of LUN Resynchronization and Traditional Volume Shadow Copy Service .......................................................................54 Comparison of LUN Resynchronization and LUN Swap ...........................55 Benefits of Performing Full Volume Recovery Using LUN Resynchronization ............................................................................55 Process for Performing Full Volume Recovery Using LUN Resynchronization ............................................................................56 Using DFS Replication to Protect Data ......................................................56 Using Automated System Recovery to Protect Data ....................................56 Using System Center Data Protection Manager 2007 to Protect Data ............57 Using Virtual Disk Snapshots to Protect Data .............................................57 Using the Appcmd.exe Tool to Backup IIS Configuration .............................58 Using the PrintBRM.exe Tool to Backup Printer Information .........................58 Securing Windows Storage Server Workloads .................................................59 Securing Windows Storage Server for All Workloads ...................................59 Securing File Services Workloads .............................................................61 Securing iSCSI Block I/O Workloads .........................................................62 Securing Web Services Workloads............................................................63 Securing Print Services Workloads ...........................................................64 Improving Availability of Windows Storage Server Workloads............................65 Improving Availability of File Services Workloads .......................................65 Improving Availability of iSCSI Block I/O Workloads ...................................67 Creating Highly-Available iSCSI Targets ..............................................68 Creating Highly-Available iSCSI Initiators ............................................70 Improving Availability of Web Services Workloads ......................................72 Improving Availability of Print Services Workloads .....................................73
iii
Improving Performance and Scalability for Windows Storage Server Solutions ....................................................................................................74 Improving Performance and Scalability for All Workloads ............................74 Improvements in Processor and Memory Capacity ................................74 Improvements in the Next Generation TCP/IP Protocol ..........................75 Improvements in Network Adapter Performance...................................76 Reduction in Processor Utilization for I/O Operations ............................77 Improving Performance and Scalability for File Services Workloads ..............78 Review Improvements in the SMB2 Protocol ........................................79 Review SMB-based File Services Workload Test Results.........................82 Reviewing Performance Improvements in SMB Version 2.1 in Windows Server 2008 R2 ..................................................................85 Improving Performance for Branch Offices Using BranchCache ...............87 Improving Performance for Folder Redirection and Offline Files ..............90 Improving Performance and Scalability for iSCSI Block I/O Workloads ..........90 Identify Methods for Improving iSCSI Block I/O Workload Performance and Scalability ...............................................................90 Review I/O Storage Test Results ........................................................93 Improving Performance and Scalability for Web Services Workloads .............94 Identify Methods for Improving Web Services Workload Performance and Scalability ...............................................................94 Review Web Services Workload Test Results ........................................94 Improving Performance and Scalability for Print Workloads .........................95 Windows Storage Server Deployment Scenarios ..............................................96 Overview of Windows Storage Server Configurations ..................................96 Using Windows Storage Server in a Stand-Alone NAS Configuration .......96 Using Windows Storage Server in a Highly-Available NAS Configuration ...................................................................................97 Using Windows Storage Server in a NAS Gateway Configuration ............98 Using Windows Storage Server in iSCSI Block I/O Configuration .......... 100 Creating Branch Office Solutions ............................................................ 101 Creating Highly-Available Solutions ........................................................ 109 Creating Solutions for Storage Consolidation ........................................... 110 Creating Small to Medium Business Solutions .......................................... 113 Creating Solutions for Heterogeneous Environments ................................ 113 Creating Application Consolidation Solutions ........................................... 114 Creating Unified Storage Solutions ......................................................... 115 Creating Virtualization Solutions ............................................................ 116 Connecting Virtual Machines to iSCSI LUNs........................................ 116 Running Virtual Machines on Windows Storage Server ........................ 118 Creating iSCSI Boot Solutions ............................................................... 119 Conclusion ................................................................................................ 120 More Information ...................................................................................... 120
Introduction
Windows Storage Server 2008 R2 is the latest in the Windows Storage Server family of products and is based on the technologies and features found in Windows Server 2008 R2. Windows Storage Server is only available through Microsoft Partners. This white paper describes the features and technologies in Windows Storage Server, and how to create secure, extensible, scalable, and highly-available storage solutions, including file services, iSCSI block input/output (I/O), Web services, and print services workloads. This white paper is intended for IT professionals who design, deploy, and operate storage solutions.
Note This white paper focuses on all Windows Storage Server editions except for Windows Storage Server 2008 R2 Essentials. Windows Storage Server 2008 R2 Essentials provides entrylevel solutions intended for use in organizations with 24 or less computers. For more information about Windows Storage Server 2008 R2 Essentials, see Windows Storage Server 2008 R2.
Windows Storage Server 2008 R2 is built on Windows Server 2008 to create efficient and effective storage solutions. Microsoft OEM partners offer specialized hardware and additional software components to create network attached storage appliances. Windows Storage Server provides solutions that complement the file services provided by Windows Server. Windows Storage Server extends the file services in Windows Server by providing addition storage features not found in Windows Server. In addition to providing extended features, purchasing Windows Storage Server bundled with partner appliances can be more cost effective than purchasing Windows Server and a server computer separately.
Note In this white paper, Windows Storage Server refers to Windows Storage Server 2008 R2, unless otherwise specified.
Windows Storage Server provides a unified solution for the following workloads: Files services. Provides access to files managed by the appliance for computers using file access protocols, such as Common Internet File System (CIFS) or Network File System (NFS). Provides access to files using the Server Message Block (SMB) version 2.0, NFS version 3.0, Web-based Distributed Authoring and Versioning (WebDAV), File Transfer Protocol (FTP) and Hypertext Transfer Protocol (HTTP) protocols. SMB2 provides a superset of the features found in CIFS and provides improved performance and reliability over previous versions of SMB. iSCSI Block storage services. Provides remote network attached storage that appears as a disk logical unit number (LUN) to other computers, which are connected using the Internet Small Computer System Interface (iSCSI) standard. These services also provide high-performance access to remote disk LUNs using the iSCSI industry standard and can act as an iSCSI initiator or an iSCSI target. Web services. Provides access to Web-based content and services, which can be accessed using HTTP, Hypertext Transfer Protocol Secure (HTTPS), WebDAV, or FTP. Windows SharePoint Services. Provides the ability to share documents, track tasks, use email efficiently and effectively, and share ideas and information. The most common feature is to store files in document libraries, which supports check-in and check-out features, version control, and file history. Print services. Provides access to printers using Microsoft print services, Line Printer Daemon (LPD) services, or Internet printing services. Virtualization services. Provides the ability to run up to two virtual machines on an appliance, depending on the Windows Storage Server edition. The following table lists some of the problems and pain points that organizations have with network attached storage appliances, and how Windows Storage Server appliances address them.
Table 1. Network Attached Storage Appliance Problems and Pain Points Problem or pain point Windows Storage Server solution
Dedicated or limited function Provides servicing of multiple workloads on highly appliance. extensible Microsoft OEM vendor hardware platforms. Limited breadth of vendor support. Management of workloads. Minimal or no integration with existing authentication and authorization system. Loosely integrated with clients that consume the services. Limited provisions for failover or fault tolerant configurations. Takes advantage of the breadth and depth of the software and hardware products provided by other vendors that are provided for Windows Server 2008. Uses familiar Windows Server management consoles. Integrates with Active Directory Doman Services (AD DS) and Active Directory Lightweight Directory Services. Designed to work "better together" with Windows operating systems, including Windows Vista and Windows 7, to provide optimal security, performance, scalability, availability, and manageability. Supports Windows Server Failover Clusters, Distributed File System (DFS), and Network Load Balancing for improved availability and fault tolerance in addition to the hardware fault tolerance features provided by Microsoft OEM partners. Supports industry standard protocols and services that provide interoperability in heterogeneous environments. Supports a wide variety of security products and technologies, including BitLocker Drive Encryption, NTFS permissions, Share permissions, and Microsoft Forefront. Provides a set of software update management technologies and products for any sized organization, including Windows Update, Windows Software Update Services (WSUS), and Microsoft System Center Configuration Manager. Many on-going operations and management tasks can also be automated using System Center Configuration Manager or System Center Operations Manager. Many of the management consoles can be customized to include Microsoft OEM partner branding, and the server software supports extensibility using any application programming interfaces (APIs) supported by Windows Server 2008. Provides Windows Server Backup as part of Windows Storage Server, and supports other disaster recovery products from Microsoft, such as System Center Data Protection Manager, and from Microsoft partners.
Implements nonstandard or proprietary protocols or services. Limited protection of information stored on the appliance. Lack of comprehensive software update management.
Ongoing operations and maintenance is labor intensive. Limited customization and extensibility.
There are many instances in which Windows Storage Server provides a more costeffective and efficient storage solution than Windows Server. In other instances, Windows Server many have distinct advantages over Windows Storage Server. Table 2 lists the reasons for selecting Windows Storage Server or Windows Server as your storage solution. Table 2. Reasons to Select Windows Storage Server or Windows Server Solution Windows Storage Server Why select this solution Windows Server Provides iSCSI block I/O storage for application storage scenarios. Provides file deduplicaton using SIS. Consolidate file services and iSCSI block I/O on one appliance Provides file services for an existing SAN solution by acting as a SAN gateway. Potentially lowers deployment cost than Windows Server when new hardware is required. Provides multiple roles on the same computer, such as file services and domain controller on the same computer. Runs applications on the same computer, such as database services or messaging services. Installs on existing computers. Provides additional installation and configuration options. Runs more than two virtual machines in a Microsoft Hyper-V environment.
Description Reduced administrative effort for installing and configuring a failover cluster using two appliances using the Initial Configuration Tasks window, the Cluster Name and Domain Join Wizard and the Cluster Validation and Setup Wizard. For more information, see the following sections in this whitepaper: Improving Availability of File Services Workloads Improving Availability of iSCSI Block I/O Workloads Windows PowerShell providers are included for Single Instance Storage and iSCSI block I/O workloads. For more information, see the following sections in this whitepaper: Managing Single Instance Storage Using Windows PowerShell Managing iSCSI Block I/O Workloads Using Windows PowerShell IT pros can remotely perform full-screen remote desktop management using Internet Explorer or any web browser that supports Java, see the Management Tools for All Workloads section in this white paper. Dramatic reduction in power consumption due to improvements in system resource power management, such as processor power consumption. In addition, the power management features can be configured using Group Policy settings. For more information, see the following sections in this whitepaper: Providing Reduction in Power Consumption Management Tools for All Workloads Overall performance enhancements due to operating system optimization, 64-bit processor support, and increased memory capacity. For more information, see the following sections in this white paper: Improvements in Processor and Memory Capacity Improving Performance for Branch Offices Using Branch Cache Performance for I/O operations has been dramatically improved. For more information, see the Reduction in Processor Utilization for I/O Operations section in this white paper. Performance and manageability for FTP services have been improved. For more information, see Providing Access to FTP Services Workloads section in this white paper.
I/O performance
FTP services
Feature
Description
Windows File Classification Management of files has been improved though the infrastructure Windows File Classification Infrastructure, which allows files to be managed based on their classification. The classification of files is defined by IT administrators. For more information, see Managing File Services Workloads Using File Classification Infrastructure in this white paper. Windows PowerShell Windows PowerShell support has been improved for helping to automate storage management tasks. For more information, see the following sections in this white paper: Managing Single Instance Storage Using Windows PowerShell Managing iSCSI Block I/O Workloads Using Windows PowerShell
Unattended installation and Storage settings can be configured at installation time configuration of storage using the unattended installation, which facilitates fully settings automated installations. For more information, see Performing Highly Automated Installations in this white paper. Windows Server Backup Windows Server Backup provides improved features for performing backup and recovery scenarios. For more information, see Using Windows Server Backup to Protect Data section in this white paper. LUN resynchronization can be used to provide faster recovery in some disaster recovery scenarios. For more information, see the Using LUN Resynchronization to Protect Data section in this white paper. Provides snapshots of volumes virtual hard disks (VHDs), supports concurrent restores, and reduced effort for developing a backup extension. For more information, see the Using the Volume Shadow Copy Service to Protect Data section in this white paper.
LUN resynchronization
BITS Server Extensions Desktop Experience DFS Namespace DFS Replication DHCP Server Failover Clustering
Note Failover clustering is available only in the Enterprise edition of Windows Storage Server 2008 R2.
File Server Resource Manager (FSRM) Full Text Search Group Policy Management Console Integration with Windows Server ecosystems (including backup software, and antivirus software.) Internet Printing Client LPR Port Monitor Microsoft file services based on SMB2 Microsoft Message Queuing (MSMQ) Multipath I/O Network File System (NFS) Peer Name Resolution Protocol Remote Assistance Remove Desktop Connection Remote Differential Compression Remote Server Admin Tools RPC Over HTTP Proxy Simple TCP/IP Services SNMP Subsystem for UNIX-Based Applications (SUA) Telnet Server TFTP Client Windows Biometric Framework Windows Firewall with Advanced Security Windows Network Load Balancing Windows PowerShell Integrated Scripting Environment (ISE) Windows PowerShell Windows Process Activation Server
Windows Server Migration Tools WS-Management Windows Management Instrumentation (WMI) Although Windows Storage Server 2008 R2 is based on the features and technologies in Windows Server 2008 R2, there are some differences between the two products. Table 4 lists the feature and technology differences between the two products. Table 4. Windows Storage Server 2008 R2 and Windows Server 2008 R2 Differences Feature or technology Availability to organizations. Supports deduplication of files using Single Instance Storage (SIS). Supports acting as an iSCSI target using Microsoft iSCSI Software Target 3.3. Supports customized branding of user interface. Supports full screen remote desktop management using Web RDP. Optimized for file services workloads. Windows Server 2008 R2 Retail channels Windows Storage Server 2008 R2 Microsoft OEM partners Optionally performed by Microsoft OEM partners
10
11
Workgroup Optional
Standard Optional
Enterprise Optional
Failover clusters. Multipath I/O. Hyper-V guest support. Number of printers supported for Print Services workloads. Domain membership. Fax services. Domain name system (DNS). AD DS read-only domain controller. DHCP Server services. Windows Search services. Windows Management Instrumentation. Windows Server Backup. OEM customization of user interface and experience. Active Directory Lightweight Directory Services. Any 1 Any
2 Any
For more information about the Microsoft iSCSI Software Target specifications, see the section, "Identifying Microsoft iSCSI Software Target Specifications" later in this white paper.
12
Security Manageability
Data recovery
Identify storage solution challenges by performing the following steps: Identify scalability challenges in storage solutions. Identify availability challenges in storage solutions. Identify security challenges in storage solutions. Identify manageability challenges in storage solutions. Identify data recovery challenges in storage solutions.
Decentralization of Data
As the number of systems increase, data is increasingly dispersed throughout a company, making it difficult for users to know what resources exist, and where to find them. This is an especially troublesome problem with data stored on desktops without file sharing enabled on these computers, it can be difficult to make the data accessible to others. Even when sharing is enabled, there is no effective mechanism to determine exactly where information is stored or which version of a document is the most up-todate. Many organizations must adhere to data retention regulatory requirements to not keep data older than a defined age. However, in a decentralized structure an administrator can
13
face many hurdles when building and applying a consistent policy to the type and age of data that is stored, and ensuring that the data is protected well enough to meet requirements. Migrating a companys critical data to a centralized server can help the situation, because the data can be readily shared across the network. But, as more servers are added to increase storage capacity (and to provide redundancy in the event of hardware failure), users still have the problem of not being able to find the data that they need or in some cases even knowing that it exists. As data is centralized, organizations can experience bandwidth bottlenecks as users in remote locations attempt to access data in a central location via potentially slow, high latency WAN links. In this case, mechanisms need to be put in place to ensure data availability so that user productivity is not negatively affected.
14
Server Redundancy
Failover clustering allows two or more computer systems to perform and be managed as a single system. With Failover Clustering, applications remain online, even if a server goes down. Users are redirected to another computer without any loss of services.
15
16
Improved recovery from configuration errors. An error in the configuration of the storage subsystem can negatively affect storage availability. Windows Storage Server allows you to take configuration snapshots of the storage subsystem (for example, the iSCSI configuration). In the event of a subsequent configuration failure, you can quickly restore the configuration to a previous version.
17
Migrates from other storage solutions to Windows Storage Server. You can migrate workloads from existing Windows Server operating systems to Windows Storage Server using highly-automated migration tools, such as the File Server Migration Tools. These tools help protect the integrity of your existing data while ensuring the current user permissions and security configuration is transferred to Windows Storage Server. In addition, many Microsoft partners produce products to help in migrating workloads to Windows Server products. Provides unified solution to storage management and operations. You can use the same set of tools and process to manage all the workloads supported by Windows Storage Server. You can manage file services, iSCSI block I/O services, Web services, and print services workloads using the well-known management consoles and utilities in Windows Storage Server, instead of using a different set of management tools for each workload. Provides centralized storage for applications. The Microsoft iSCSI Software Target component in Windows Storage Server allows you to create iSCSI disk LUNs. Disk LUNs can be remotely mounted by application servers, such as Microsoft Exchange Server 2010 running on a Windows Server operating system, using the Microsoft iSCSI Software Initiator or application servers running other operating systems, such as Linux, using available iSCSI initiators. Reduces administration effort for storage solutions. You can automate repetitive administrative tasks using Windows PowerShell scripts in Windows Storage Server. For example, you can draw on the large number of existing scripts developed by the partner and peer communities to further reduce the time required to achieve automation. You can also centrally manage many of the Windows Storage Server configuration settings using Group Policy. In addition, you can use other Microsoft products to further automate the administration of Windows Storage Server, such as System Center Configuration Manager or System Center Operations Manager. Robust storage solutions. The Windows Storage Server 2008 operating system is a multi-purpose server designed to handle a diverse set of server roles, including file and print, web, remote desktop, storing Exchange Server and virtual server data and directory services. Windows Storage Server 2008 is a network-attached storage (NAS) operating system, built on Windows Server 2008 R2 operating system technologies. The integrated storage services available in Windows Server and Windows Storage Server 2008 have been enhanced in Windows Storage Server 2008 R2, and new features have been added aimed at helping businesses control storage management costs and increase availability of data. For example, Windows Server 2008 R2 and Windows Storage Server 2008 R2 make it easier to manage and maintain disks, which in turn helps lower total cost of ownership (TCO) especially in complex multivendor storage environments. Takes advantage of existing network infrastructure for SAN storage. Windows support for iSCSI technology allows users to connect computers to consolidated storage devices using existing Ethernet technologies, rather than having to install a separate Fibre Channel network. iSCSI technology helps bring the advantages of storage area networking (SAN) to midsize and small businesses that otherwise could not afford the extra cost and management of running a separate Fibre Channel network. SAN technology based on IP also removes the physical limitations of moving data associated with Fibre Channel. The Windows Storage Server 2008 platform now provides better support for SANs. Enhancements include: Administrators can now control volume mounting to protect volumes from unintentional access. Fibre Channel and iSCSI SANs handling has been improved. SAN Host Bus Adapter (HBA) interoperability has been simplified with the SAN MMC management snap-in.
18
Minimizes storage solution adoption risk. Because Windows Storage Server is based on Windows Server, you can minimize the risk of adoption for your new storage solution. Your IT organization and users are less likely to experience difficulties in using and operating Windows Storage Server because they are already familiar with Windows Server. You can use many of the existing tools, Microsoft Solution Accelerators, and best practice guidance to help make certain that the planning, deployment, and ongoing operations of Windows Storage Server succeed.
19
20
These features and capabilities help you provide access to: File services workloads. iSCSI block I/O workloads. Web services workloads. Print services workloads This section includes the following topics: Providing access to file services workloads. Providing access to iSCSI block I/O workloads in development, test, or production environments, including the following workloads: Hyper-V Microsoft SQL Server Microsoft Exchange Server iSCSI boot Providing access to Web services workloads. Providing access to FTP services workloads. Providing access to print services workloads.
21
For more information about installing and configuring the Services for Network File System role service, see Services for NFS Step-by-Step Guide for Windows Server 2008.
NFS Authentication
The Server for NFS component can use Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS) for mapped identity management. In Windows Storage Server, Windows Server 2008, and later Windows Server operating systems, the Identity Management for UNIX Active Directory schema extension includes the UNIX user identifier (UID) and group identifier (GID) fields. This enables Server for NFS and Client for NFS to look up Windows-to-UNIX user account mappings directly from AD DS or AD LDS. In addition, Server for NFS can support unmapped user access using: Unmapped UNIX User Access. This method allows users to access shared resources using automatically generated Windows Security Identifiers (SIDs) based on the UNIX UID and GID. Anonymous access. This method allows all unmapped users to access shared resources using a common anonymous account is configurable. Select this protocol to support heterogeneous environments that contain computers running an NFS client that access file services workloads using the NFS protocol. For more information about enabling identity (account) mapping for Services for NFS, download NFS Account Mapping in Windows Server 2008 R2.
22
23
allowing one set of security settings for normal HTTP requests, and a separate set of security settings for WebDAV requests. Select this protocol to support heterogeneous environments that contain computers running WebDAV redirectors that need to access the file services workloads using the HTTP or HTTPS protocol. For more information about providing WebDAV support on Windows Storage Server, see WebDAV for IIS 7.0.
24
Figure 2. iSCSI block I/O workloads supported by Windows Storage Server Windows Storage Server supports iSCSI block I/O workloads using the iSCSI standard. Windows Storage Server can function as an iSCSI target (the server component) or an iSCSI initiator (the client component). This allows a large number of configuration options for iSCSI block I/O workload solutions.
Supporting iSCSI Block I/O Workloads Using Microsoft iSCSI Software Target
The Microsoft iSCSI Software Target version 3.3 available for Windows Storage Server provides iSCSI target functionality. The Microsoft iSCSI Software Target version 3.3 is the latest version of the iSCSI target software and is an optional component in Window Storage Server Workgroup, Standard, and Enterprise editions.
Note Some Microsoft partners include the Microsoft iSCSI Software Target by default.
For more information about the Microsoft iSCSI Software Target version 3.3 in Windows Storage Server, see Microsoft iSCSI Software Target 3.3.
25
Table 7. Microsoft iSCSI Software Target Version 3.3 Specifications Specification Maximum number of iSCSI target instances per appliance. Maximum number of virtual disk per iSCSI target instance. Maximum number of snapshots per virtual disk. Maximum number of virtual disks per appliance. Maximum number of virtual disks or snapshots that can be locally mounted by the appliance. Maximum number of iSCSI initiators per appliance. Maximum number of iSCSI initiators that can connect to the same iSCSI target instance. Maximum number of iSCSI initiator sessions that can connect to the same iSCSI target instance. IPv4. IPv6. TCP offload. iSCSI offload. Jumbo frames. IPsec. Value 64 128 128 512 32 (or 4 per cluster node) 64 16 64 Yes Yes Yes No Yes Yes
Windows Storage Server includes support for single path and multipath I/O connections to nonclustered and clustered configurations. Multipath I/O connections allow for improved fault-tolerance and performance for iSCSI block I/O workloads. The Microsoft iSCSI Software Initiator includes a multipath I/O Device Specific Module (DSM) for the Microsoft Multipath I/O (MPIO) in Windows Server. Table 8 lists the support for the Microsoft iSCSI Software Initiator and the Microsoft iSCSI Software Target with single or multipath I/O connections when connecting to nonclustered or clustered configurations. For more information about multipath I/O, see the section "Improving Availability of iSCSI Block I/O Workloads," later in this white paper. Table 8. Support for Single or Multipath IO Connections for Non-Clustered or Clustered Configurations Specification Windows Server 2008 (multipath I/O connection) Windows Server 2008 (single path I/O connection) Windows Server 2008 (multipath I/O connection) Windows Server 2003 (single path I/O connection) Nonclustered Supported Supported Supported Supported Clustered Supported Limited * Limited * Limited*
* There is limited support for iSCSI initiators or iSCSI targets in clustered configurations of Windows Server 2003 when connected to the Microsoft iSCSI Software Target. Failures on the iSCSI network path may result in delayed failover and recovery times. Failures for non-network related issues have been tested with acceptable recovery times. For these reasons, we recommend to use Windows Server 2008 or Windows Server 2008 R2 in clustered configurations when connecting to the Microsoft iSCSI Software Target.
26
Note The limitation for iSCSI initiators or iSCSI targets in clustered configurations of Windows Server 2003 is specific to Microsoft iSCSI Software Target usage. Customers using a different iSCSI target should refer to the storage array vendor for supported configurations.
Identifying Microsoft iSCSI Software Target Support for VSS and VDS Providers
Microsoft iSCSI Software Target version 3.3 includes a hardware provider for: Volume Shadow Copy Service (VSS). VSS is a set of APIs that implement a framework to allow volume backups to be performed while applications on a system continue to write to the volumes. iSCSI snapshots are created using VSS and a storage array with a hardware provider designed for use with VSS. The Microsoft iSCSI Software Target VSS Hardware Provider is required to create transportable snapshots of iSCSI virtual disks and application-consistent snapshots from iSCSI initiators. Install this hardware provider on the computer running the iSCSI initiator and the computer that is to perform backups. The backup software must support transporting snapshots. Virtual Disk Service (VDS). VDS is a set of APIs that provides a single interface for managing disks. VDS provides an end-to-end solution for managing storage hardware and disks, and for creating volumes on those disks. The Microsoft iSCSI Software Target VDS Hardware Provider is required to manage virtual disks on a storage subsystem. Install the Microsoft iSCSI Software Target VDS Hardware Provider on each iSCSI initiator computer running a storage management application (such as the Microsoft Storage Manager for SANs) that uses the hardware provider to manage storage The most recent version of these hardware provider APIs is Microsoft iSCSI Software Target VSS Hardware Provider version 3.3 and Microsoft iSCSI Software Target VDS Hardware Provider version 3.3.
Note Microsoft iSCSI Software Target version 3.3 supports only version 3.3 of the Microsoft iSCSI Software Target VSS Hardware Provider, and Microsoft iSCSI Software Target VDS Hardware Provider. Prior versions of the hardware providers are not supported by Microsoft iSCSI Software Target version 3.3.
The Microsoft iSCSI Software Target VSS Hardware Provider version 3.3 and the Microsoft iSCSI Software Target VDS Hardware Provider version 3.3 support the following operating systems: Windows Server 2008 R2. 32-bit or 64-bit versions of Windows Server 2008 SP1. 64-bit versions of Windows Storage Server 2008. 64-bit versions of Windows Storage Server 2008 R2. 32-bit or 64-bit versions of Windows Server 2003 SP2.
27
The following operating systems are not supported by Microsoft iSCSI Software Target VSS Hardware Provider version 3.3, and Microsoft iSCSI Software Target VDS Hardware Provider version 3.3: Any Windows client operating system, including Windows XP, Windows Vista, and Windows 7. 32-bit version of Windows Storage Server 2008.
Figure 3. iSCSI boot process for Windows operating systems For iSCSI boot-enabled network adapters and host bus adapters, all the necessary preboot phase components are in firmware on the adapter. For network boot programs, these components are provided by the partner providing the program. Table 9 lists the components in an iSCSI boot solution using Windows Storage Server and provides a brief description of the purpose for each component.
28
Table 9. Components in an iSCSI Boot Solution Using Windows Storage Server Component Microsoft iSCSI Software Target Description Provides iSCSI block I/O access to virtual disks stored on Windows Storage Server. The iSCSI boot process and Microsoft iSCSI Software Initiator can access these virtual disks during the boot process. Virtual disk files (.vhd files) stored on Windows Storage Server. Differencing virtual disks can be used for multiple computers based on the same fixed virtual disk. This allows for fast deployment and recovery of diskless computers. The diskless computer requires an iSCSI connection to Windows Storage Server, which can be any one of the following: Network adapter that supports iSCSI boot. iSCSI host bus adapter. iSCSI boot software. Provides IP configuration for iSCSI boot using network adapters using DHCP reservation that is configured for BOOTP support.
Note The DHCP server is optional if the network adapter supports IP and iSCSI boot configuration or if you are using an iSCSI host bus adapter. However, the DHCP is practical requirement for any scalable requirement.
Virtual disk
DHCP server
Provides download of boot image to target computer when the virtual disk cannot be directly accessed using the iSCSI connection in the diskless computer.
Note The TFTP server is required only if you are using iSCSI boot software that requires a TFTP server. The TFTP server is not required for network adapters that support iSCSI boot or an iSCSI host bus adapter.
Figure 4 illustrates how diskless computers can boot from virtual disk files (.vhd files) stored on Windows Storage Server using a network boot program that provides iSCSI boot capability.
29
Figure 4. iSCSI boot process from Windows Storage Server DHCP and TFTP services can be provided by Windows Storage Server or Windows Server. As illustrated in Figure 4, the diskless computer can boot from a virtual disks stored on Windows Storage Server using the following steps for a network boot program: 1. The diskless client computer requests IP configuration from the DHCP Server. 2. The DHCP Server sends IP configuration information to the diskless client. 3. The diskless client computer requests a Preboot Execution Environment (PXE) boot image from the TFPT Server. 4. The TFTP Server provides a PXE boot image to the diskless computer. 5. The diskless computer establishes a connection with Windows Storage Server and connects to a virtual disk stored on Windows Storage Server.
30
6. The diskless computer boots from Differencing Virtual Disk - B that is stored on Windows Storage Server, which is the iSCSI LUN specified in the configuration for the computer. 7. The Windows operating system starts. 8. All subsequent disk I/O is performed using iSCSI I/O to the virtual disk stored on Windows Storage Server. You can use separate virtual disks for each diskless computer or you can use differencing virtual disks. A differencing virtual disk is a virtual disk type that is based on a fixed or expandable virtual disk. Any subsequent writes to the differencing disk are written to the differencing virtual disk and the parent virtual disk is not modified. For example, you can create clean-install system boot operating system virtual disk as a parent, and create a differencing virtual disk as the current virtual disk for the diskless computer. Using this method, the operating system on the parent virtual disk stays in its original state for quick recovery or for quickly creating more boot images based on additional differencing virtual disks. Microsoft iSCSI Software Target version 3.3 supports iSCSI boot for the following iSCSI initiators: Any Windows operating system running Microsoft iSCSI Initiator version 2.07 or 2.08 Red Hat Enterprise Linux iSCSI Initiator version 5.x SUSE Enterprise Linux version 10.x PCI-E network iSCSI Initiator adapter Broadcom network adapter qLogic iSCSI host bus adapter Netboot software For more information about iSCSI boot in Windows operating systems, see: Microsoft iSCSI Boot Step-by-Step Guide. About VHD. The Creating iSCSI Boot Solutions section later in this white paper.
31
Table 10. Protocols Supported for Web Services Workloads Protocol HTTP Support description Provides: Access to traditional Web-based content accessed through Web browsers. The foundation for the WebDAV protocol used in accessing file services workloads. The foundation for Web-based remote administration using Terminal Services Web Access. Provides support for the Internet Printing role service. Simplified file transfer, download only, for the same files and folders accessed using any of the file services workloads protocols, which can be essential in some heterogeneous environments. Provides the same level of support as HTTP, but includes additional security protection of using secure sockets layer (SSL) encryption between clients and Windows Storage Server. Provides a simplified file transfer, upload or download, using the same folders that can be accessed using any of the file services workloads protocols, which can be essential in some heterogeneous environments. File transfer can be performed using Windows Internet Explorer, a mapped drive, a UNC path, or from a command line.
HTTPS
FTP
32
print services workloads in homogeneous Windows network environments or heterogeneous network environments that include a variety of operating system. Windows Storage Server provides support for homogeneous or heterogeneous print services workloads using the Print Server role services listed in Table 11. Table 11. Print Server Role Services Supported for Print Services Workloads Role Service Print Server Support description Provides support for Windows-based computers running Client for Microsoft Networks. The Print Server role service is a mandatory role service for the Print Services role. When the Print Server role is installed, the Print Services Tools Remote Server Administration Tool feature is also installed. The Print Management Console (PMC) is then accessible from Server Manager, Administrative Tools, or as an MMC snap-in. Although the installation of the Print Server role service does not require a system restart, the removal of the role service does. Select this Print Server role service to support any print services workloads in Windows Storage Server. If you are supporting only Windows-based computers that are printing with your homogeneous environment, select only this role service. Provides support for computers that run Line Printer Remote (LPR), typically used in heterogeneous environments. The LDP Service is an optional Print Services role service. The LPD Service installs and starts the TCP/IP Print Server (LPDSVC) service which is implemented in lpdsvc.dll. When the LPD Service is installed, an inbound firewall exception for TCP port 515 is created. There is no configuration necessary for the LPD service. However, the installation of the service does require a restart of the Print Spooler service, which is done automatically during installation. If the Print Spooler service is stopped or restarted after the LPD Service is installed, the TCP/IP Print Server service is also stopped and you must restart it manually. Select this Print Server role service to support LPR clients in heterogeneous environments. Provides support for computers that run an Internet Printing client, typically used in heterogeneous environments or to print over the Internet. Internet Printing provides access to shared printers using the Internet Printing Protocol (IPP) that is encapsulated in HTTP. In order to install the Internet Printing role service, the Print Services and Web Server roles must also be installed. Select the Printer Server role services when clients must print to printers using the only HTTP protocol.
Internet Printing
For more information about: The Print Services server role, see Print and Document Services. Printer management in Windows Storage Server, see Print Management.
33
34
current demands. New parameters for PPM which administrators can configure further improve power efficiency. Core parking is a feature that enables Windows Storage Server to reduce multi-core processor power consumption by consolidating processing onto fewer processor cores and suspending the inactive cores. The workloads of every logical core in a server are tracked relative to all the others. The workloads of cores that are not fully utilized can be suspended, and their workloads then shifted to alternate cores. Keeping the unutilized cores in an idle state reduces system power consumption. When additional processing power is required, the system activates the idle processor cores to handle the increased processing requirements.
35
Figure 6. Servers without local storage that each consume less power
36
37
Windows PowerShell. Windows PowerShell is a task-based command-line shell and scripting language designed especially for system administration. Windows PowerShell is built on the Microsoft .NET Framework and is designed to help you automate the administration of Windows Storage Server, and the applications and services that run on Windows Storage Server. A vast library of existing Windows PowerShell scripts reduces the effort and learning curve for using Windows PowerShell to automate administrative tasks. For more information, see Windows PowerShell. Telnet. You can use any Telnet client to create a remote command console session on a Windows Storage Server appliance. You can run command-line programs, and scripts in the remote command console session, just as if you were locally logged on to the host and using a local command prompt. For more information, see Telnet. VDS. You can perform disk management for any of the workloads using VDSenabled management tools. Microsoft storage partners develop VDS hardware providers that allow management of their storage solutions. You can manage storage with VDS hardware providers using VDS-enabled management tools, such as the Diskpart command-line tool, Diskraid command-line tool, Storage Manager for SANs snap-in, or the Share and Storage Management console.
38
Managing Disk Usage Quotas, Unauthorized File Types, and Storage Reports
With the File Server Resource Manager snap-in, you can perform three tasks to manage storage resources on local or remote servers: Quota management. Set soft or hard space limits on a volume or folder tree. You can create and apply quota templates with standard quota properties.
39
File screening management. Define filtering rules that monitor or block attempts by users to save certain file types on a volume or folder tree. You can create and apply screening templates with standard file exclusions. Storage reports management. Generate built-in reports to track quota usage, file screening activity, and patterns of storage use. The File Classification Infrastructure feature is also managed with the File Services Resource Manager snap-in, but is covered separately in the Managing File Services Workloads Using File Classification Infrastructure section in this white paper. You can also apply quota and file screening policies when you provision a shared folder, or through a command-line interface. For more information, see File Server Resource Manager.
40
using the File Services Resource Manager snap-in. This centralized approach allows you to classify user files without requiring their intervention. You can use the Windows File Classification Infrastructure to: Define classification properties and values, which can be assigned to files on a per-server basis by running classification rules. Property types can include Boolean, date, numbered, ordered lists, and string values. Create, update, and run classification rules. Each rule assigns a single predefined property and value to files within a specified directory, based on installed classification plug-ins. When running a classification rule, optionally re-evaluate files that are already classified. You can choose to overwrite existing classification values, or add the value to properties that support multiple values. File Management Tasks The Windows File Classification Infrastructure allows you to perform file management tasks based on the classifications that you define using the File Services Resource Manager snap-in. You can use the Windows File Classification Infrastructure to help you perform common file management tasks, including: Grooming of data. You can automatically delete data by using policies based on data age or classification properties to free valuable storage space and intelligently reduce storage demand growth. Custom Tasks. Execute custom commands based on age, location or other classification categories. For example, IT administrators are able to automatically move data based on policies for either centralizing the location of sensitive data or for moving data to a less expensive storage resource. The Windows File Classification Infrastructure allows you to automate any file management task by using the file classifications you establish for your organization. Reporting on Information Stored in Files Most IT organizations have no easy method of providing information about the types of files that are stored and managed. Without classification of the files, there is minimal information that can be used to help identify the usage of the files, the sensitivity of the files, and other relevant information about the files. The Windows File Classification Infrastructure allows you to generate reports in multiple formats that can provide statistical information about the files stored on each file server. You can use the reporting infrastructure to generate information that can be used by another application (such as a comma separated variable format text file that could be imported into Microsoft Excel). File Owner Notification of File Management Tasks Another feature of the Windows File Classification Infrastructure that reduces your administrative effort is the ability to send notifications to content owners when an automated file management task runs. For example, when files become old enough to be automatically expired, the content owners can be notified in advance and given the opportunity to prevent the files from being archived or deleted. You can also select the method for notification based on the type of file management task being performed. And the extensible nature of the Windows File Classification Infrastructure allows you to integrate with existing messaging systems or information portals. Improved Development of File Management Tasks You can extend the file management features of the Windows File Classification Infrastructure by creating your own custom file management solution or purchasing a file management solution from an independent software vendor. The architecture of the Windows File Classification Infrastructure allows the use of any supported development
41
environments for Windows Storage Server including Windows PowerShell and Microsoft Visual Basic Scripting Edition (VBScript). This architecture allows you to select the level of programming sophistication required to automate your file management tasks. For example, you could write Windows PowerShell scripts to manage files based on the classifications you define for your organization.
42
increases availability and automatically connects users to shared folders in the same AD DS site, when available, instead of routing them over WAN connections. DFS Replication. DFS Replication is an efficient, multiple-master replication engine that you can use to keep folders synchronized between servers across limited bandwidth network connections. DFS Replication uses a new compression algorithm known as remote differential compression (RDC), which replaces the File Replication Service (FRS) as the replication engine for DFS Namespaces, as well as AD DS SYSVOL folder replication in domains that use the Windows Server 2008 domain functional level. RDC is a "diff-over-the wire" client-server protocol that can be used to efficiently update files over a limited-bandwidth network. RDC detects insertions, removals, and re-arrangements of data in files, enabling DFS Replication to replicate only the changed file blocks when files are updated. This can greatly reduce the amount of traffic transferred over limited-bandwidth networks, such as in Branch office locations. Read-only DFS Replication. Read-only DFS Replication is a secure method for replicating data where read-only access is required to the data. For example, you can use read-only DFS Replication to publish data from a head office to branch offices where users in the branch office should not change the data, and the data is not replicated back to the head office. For more information, see the following sections in this white paper: Securing File Services Workloads Creating Branch Office Solutions You can manage DFS Namespaces and DFS Replication using the: The DFS Management snap-in hosted by Server Manager. The DFS Management snap-in from the Administrative Tools folder. The following command line tools: DfsUtil.exe DfsCmd.exe DfsDiag.exe DfsrAdmin.exe DfsrDiag.exe You also can use DFS to replicate files and folders in geographically dispersed environments so that users have a local copy of the files and folders. In addition, you can replicate files and folders to another location using DFS for disaster recovery scenarios. For more information about: DFS, see Distributed File System. Managing DFS Namespaces and DFS Replication, see DFS Management. Using DFS to replicate file services workloads for disaster recovery scenarios, see the section "Using DFS Replication to Protect Data," later in this white paper. For more information about DFS Replication, see Replication.
43
44
For more information about managing the Single Instance Storage feature using Windows PowerShell, see Single Instance Storage Cmdlets in Windows PowerShell.
45
Managing the Microsoft iSCSI Software Target for iSCSI Block I/O Workloads
The Microsoft iSCSI Software Target feature allows Windows Storage Server appliances to act as an iSCSI target. You can manage this feature by using the: Microsoft iSCSI Software Target snap-in. Share and Storage Management console.
Managing the Microsoft iSCSI Software Target Using Microsoft iSCSI Software Target Snap-in
Typical tasks that you use the Microsoft iSCSI Target snap-in to perform include managing: iSCSI targets. iSCSI targets are the logical endpoint to which an iSCSI initiator connects. Typically, you assign just one iSCSI initiator to each iSCSI target. If you assign multiple iSCSI initiators to the same iSCSI target, there is a potential for conflict between the computers running the iSCSI initiators. The most typical reason for assigning multiple iSCSI initiators to the same iSCSI target is for shared storage in failover clusters. You manage iSCSI targets using the iSCSI Targets node in the Microsoft iSCSI Software Target snap-in. Virtual disks. Virtual disks are the LUNs that the computer running an iSCSI initiator uses. An iSCSI target can manage multiple virtual disks, but a virtual disk can only be managed by one iSCSI target. You manage virtual disks using the iSCSI Targets node in the Microsoft iSCSI Software Target snap-in. Virtual disk snapshots. Virtual disk snapshots are point-in-time copies of virtual disks that you can use to back up active virtual disks for disaster recover scenarios or to restore a LUN to a previous state. You manage virtual disks using the Snapshots node in the Microsoft iSCSI Software Target snap-in. For more information about using virtual disk snapshots for backup and in disaster recovery scenarios, see the section "Using Virtual Disk Snapshots to Protect iSCSI Block I/O Workload Data," later in this white paper.
Managing the Microsoft iSCSI Software Target Using Share and Storage Management Console
You can manage storage on the Microsoft iSCSI Software Target using Share and Storage Management. The Microsoft iSCSI Software Target includes the Microsoft iSCSI Software Target VDS Hardware Provider that allows LUNs on Windows Storage Server to be managed by any application that uses VDS, such as Share and Storage Management. For more information about the Microsoft iSCSI Software Target VDS Hardware Provider, see the previous section, "Identifying Microsoft iSCSI Software Target Support for VSS and VDS Providers" in this white paper. For more information about Share and Storage Management, see Overview of Share and Storage Management. For more information about managing Microsoft iSCSI Software Target for iSCSI block I/O workloads, see: Configuring the Microsoft iSCSI Software Target. Microsoft iSCSI Software Target 3.3
Managing the Microsoft iSCSI Software Initiator for iSCSI Block I/O Workloads
The Microsoft iSCSI Software Initiator enables you to connect Windows operating systems to an external iSCSI-based storage array, such as the Microsoft iSCSI Software Target, through an Ethernet network adapter. All current Windows operating systems support the Microsoft iSCSI Software Initiator, and the most current version of the
46
Microsoft iSCSI Software Initiator is version 2.08. The Microsoft iSCSI Software Initiator in Windows Storage Server allows the server software to connect to other external iSCSIbased storage arrays, such as those described in the section "Using Windows Storage Server in a NAS Gateway Configuration," later in the white paper. You can manage the Microsoft iSCSI Software Initiator by using the: Graphical user interface in the Microsoft iSCSI Software Initiator. iSCSI Control Panel configuration utility (iSCSICPL.exe). iSCSICLI.exe tool from a command line. For more information about managing the Microsoft iSCSI Software Initiator, see the Microsoft iSCSI Initiator Step-by-Step Guide.
47
Cmdlet and description Add-VirtualDiskTargetMapping. Assigns a virtual disk to an iSCSI target. Once a virtual disk has been assigned to a target, an iSCSI initiator can access the virtual disk after the initiator connects to the target. All the virtual disks assigned to the same iSCSI target will be accessible by the connected iSCSI initiator. Remove-VirtualDiskTargetMapping. Removes the assignment between a virtual disk and iSCSI target. The virtual disk will be no longer accessible by an iSCSI initiator once the assignment is removed.
For more information about managing the Microsoft iSCSI Software Target version 3.3 using Windows PowerShell, see PowerShell cmdlets for the Microsoft iSCSI Target 3.3.
For more information, see IIS Manager (IIS 7). Appcmd.exe You can manage IIS 7 using the command-line tool Appcmd.exe to configure and query objects on your web server, and to return output in text or you can use XML.Appcmd.exe, which provides consistent commands for common queries and configuration tasks, reducing the complexity of learning syntax. In addition, you can combine commands to return more complex data about objects on your web server or to perform tasks that are more complex. For example, you can complete complex tasks like stopping all sites with pending requests that have been running longer than sixty seconds. For more information, see Appcmd.exe.
48
Description You can manage IIS 7 using the XML-based configuration store that is modeled after the ASP.NET configuration. IIS configuration is stored in the ApplicationHost.config file and can also be distributed among Web.config files for sites, applications, and directories. Settings configured at one level are inherited automatically by lower levels, unless they have been locked to prevent changes. By default, the server administrator is the only user who has permission to view and edit the ApplicationHost.config file. For more information, see Configuration Store (IIS 7). You can use WMI to build scripts for web administration. The IIS 7 WMI provider namespace, WebAdministration, contains classes and methods that enable you to script administration of websites, web applications, and their associated objects and properties using any scripting language that supports WMI, such as Windows PowerShell. For more information, see Windows Management Instrumentation (WMI) in IIS 7.
Windows Storage Server includes the following features which help reduce administration, support, and troubleshooting effort: Automation of common tasks through the PowerShell provider. The Windows PowerShell Provider for IIS is a Windows PowerShell snap-in that allows you to perform IIS administrative tasks, and manage IIS configuration and run-time data. In addition, a collection of task-oriented cmdlets provide a simple way to manage websites, web applications and web servers. Enhancements to IIS Manager. New features have been added to IIS Manager for the 7.5 release that make it possible to manage obscure settings such as those used for FastCGI and ASP.NET applications or adding and editing request filtering rules through a graphical user interface. These enhancements include updates to: Configuration Editor. Allows you to manage any configuration section available in the configuration system. Configuration Editor exposes several configuration settings that are not exposed elsewhere in IIS Manager. IIS Manager UI extensions. Utilizing the extensible and modular architecture introduced with IIS 7.0, the new IIS 7.5 integrates and enhances existing extensions and allows for further enhancements and customizations in the future. The FastCGI module, for example, allows management of FastCGI settings while the ASP.NET module allows management of authorization and custom error settings. Request Filtering. This module includes the filtering features previously found in URLScan 3.1. By blocking specific HTTP requests, the Request Filter module helps prevent potentially harmful requests from being processed by Web applications on the server. The Request Filtering user interface provides a graphical user interface for configuring the Request Filtering module. Managed service accounts. Windows Storage Server allows domain-based service accounts to have passwords that are managed by AD DS. These new type of accounts reduce the recurrent administrative task of having to update passwords on processes running with these accounts. IIS 7.5 supports the use of managed service accounts for application pool identities. Hostable Web Core. Developers are able to service HTTP requests directly in their applications by using the hostable Web core feature. Available through a set of APIs, this feature lets the core IIS Web engine to be consumed or hosted by other applications, allowing those apps to service HTTP requests directly. The hostable
49
Web core feature is useful for enabling basic Web server capabilities for custom applications or for debugging applications. Enhanced auditing of changes to IIS 7.5 and application configuration. The new Configuration Logging feature in IIS 7.5 provides enhanced auditing of changes to IIS and application configuration, which allows you to track the configuration changes made to your test and production environments. This provides logging of both reads and writes, as well as logon attempts, changes to path mappings, file creations and more. Failed Request Tracing for FastCGI. In IIS 7.5, PHP developers can use the FastCGI module to include IIS trace calls in their applications. This reduces the effort required for debugging code during development and troubleshooting application errors after deployment by using IIS Failed Request Tracing. Best Practices Analyzer (BPA). The BPA for IIS 7.5 is a management tool that can help you reduce best practice violations by scanning an IIS 7.5 Web server and reporting on potential configuration issues found. You can access the BPA through Server Manager and Windows PowerShell.
Group Policy
50
Description The Printer Migration Wizard allows you to export print queues, printer settings, printer ports, and language monitors, and then import them on another print server that is running a Windows operating system. This is an efficient way to consolidate multiple print servers or replace an older print server. For more information, see the Print Migration Tool. Provides the same features and functionality as the Printer Migration Wizard. Use Windows PowerShell to manage print services workloads. For more information about using Windows PowerShell to manage print services workloads, see Printer Management Using PowerShell.
51
You can protect the data managed by Windows Storage Server using: The Windows Server Backup feature. The Shadow Copies of Shared Folders feature. The Volume Shadow Copy Service feature. The LUN resynchronization capabilities. The DFS Replication feature. The Automated System Recovery feature. System Center Data Protection Manager, which is available separately. The Appcmd.exe tool to backup IIS configuration. The PrintBRM.exe tool to backup printer information.
52
Features
Limitations Only supports backup of entire volumes (cannot be used to backup individual files and folders. Only supports backup of local volumes (cannot be used to backup network shared folders).
If your backup and recovery requirements are affected by any of the limitations listed above, consider using: System Center Data Protection Manager 2007. For more information, see the section "Using System Center Data Protection Manager 2007 to Protect Data," later in this white paper. Backup and recovery solutions from Microsoft partners. For more information, contact the appropriate Microsoft partner.
The default storage area is on the same volume and its size requires 10 percent of the available space. There is a limit of 64 shadow copies per volume (when this limit is reached, the oldest shadow copy will be deleted and cannot be retrieved).
Shadow copies are read-only and as such you cannot edit the contents of a shadow copy.
Note
For more information about the Shadow Copies of Shared Folders feature, see: Shadow Copies for Shared Folders Technical Reference. Shadow Copies of Shared Folders.
53
Figure 7. Volume Shadow Copy Service Architecture Table 18 lists the components in the Volume Shadow Copy Service architecture and how the components relate to each other. Table 18. Components in the Volume Shadow Copy Architecture Component Volume Shadow Copy Service Requestor Description A service that coordinates various components to create consistent shadow copies of one or more volumes. An application that requests that a volume shadow copy be taken. For example, the Windows Server Backup feature, Shadow Copy of Shared Folders feature, System Center Data Protection Manager, or the Diskshadow command-line tool. A component of an application that stores persistent information on one or more volumes that participate in shadow copy synchronization. Typically, this is a database application like SQL Server or Exchange Server, or a system service like Active Directory. A component that creates and maintains the shadow copies. Examples include the system provider included with the Windows Storage Server operating system, and the hardware providers included with storage arrays, such as the Microsoft iSCSI Software Target VSS Hardware Provider. The volume that contains the data to be shadow copied. The volume that holds the shadow copy storage files for the system copy-on-write software provider.
Writer
Provider
54
As described in Table 18 and illustrated in Figure 7, the Microsoft iSCSI Software Target Volume Shadow Copy Service Hardware Provider is required to create point-in-time snapshots, or copies, of the virtual hard disks managed by the Microsoft iSCSI Software Target. The Volume Shadow Copy Services uses the Microsoft iSCSI Software Target Volume Shadow Copy Service Hardware Provider to create these snapshots.
Note You can use DiskShadow.exe command-line tool to manage Volume Shadow Copy Services for the Microsoft iSCSI Software Target.
For more information about the: Volume Shadow Copy Service, see Volume Shadow Copy Service Technical Reference. Microsoft iSCSI Software Target VSS Hardware Provider, see the "Hardware Providers" section of Virtual Disks and Snapshots.
55
Must create another shadow copy to perform recovery. Destination LUN does not have to exist or can be unusable. Source LUN must have the same performance as the production LUN.
56
You can find more information about how these steps are performed by viewing the Volume Shadow Copy Service APIs on MSDN, and in the Windows Software Development Kit (SDK) for Windows 7 and Windows Server 2008 R2.
57
ASR provides a VSS Writer for the preparation of an ASR set. During a restore operation the ASR VSS writer is executed within the Windows PE environment, which recreates all critical volumes and restores the required data. Finally, in addition to supporting dynamic disks, ASR has been enhanced to support EFI system partitions. This change removes a previous problem in which dynamic disks were always recreated even if a restoration was not necessary. Windows 2008 also provides the Recovery Console that utilizes the Windows Recovery Environment (Windows RE), a version of Windows PE that contains numerous troubleshooting and system resolution utilities.
58
Snapshots can be mounted locally or exported to facilitate backup and recovery operations. Snapshots do not require that you close files or stop programs when you create them, so application servers can continue servicing clients without disruption.
Note Snapshots that are created on the iSCSI target server are crash consistent. Most modern file systems can recover from this state. To create an application-consistent snapshot, the snapshot must be created from the iSCSI initiator computer by using the Microsoft iSCSI Software Target Volume Shadow Copy Service Hardware Provider and other backup software that works with the Volume Shadow Copy Service.
Table 21 lists scenarios for using virtual disk snapshots. Table 21. Uses for Virtual Disk Snapshots Scenario Provide disaster recovery Create a restore point Use of the virtual disk snapshots The snapshots can be saved to other appliances, servers, or archival media and then later used to restore the data in the event of a failure. The snapshot can be used to provide the ability to rollback services to a previous version. For example, you could create snapshots prior to performing an upgrade to provide the ability to roll back the environment should the upgrade fail.
Virtual disk snapshots require the Volume Shadow Copy Service and the Microsoft iSCSI Software Target Volume Shadow Copy Service Hardware Provider. To perform backups of the virtual disks, you need to use backup software that works with Volume Shadow Copy Service from a Microsoft partner. For more information about: Virtual disks and virtual disk snapshots, see Virtual Disks and Snapshots. The Volume Shadow Copy Service, see the previous section "Using the Volume Shadow Copy Service to Protect Data," in this white paper.
59
Active Directory Domain AD DS provides centralized management of credentials, Services (AD DS) accounts, passwords, and is used for accessing all workloads. For more information, see Active Directory Domain Services Overview. NTFS permissions NTFS permissions, included in Windows Storage Server, help prevent unauthorized local and network access to files and folders stored on NTFS volumes. NTFS permissions work with share folder permissions to help prevent unauthorized network access to files and folders stored on NTFS volumes.
Note For remote or network users, access to files and folders are defined by the combination of NTFS permissions and shared folder permissions.
For more information, see the section "NTFS Permissions" in Managing Permissions for Shared Folders.
60
Description Shared folder permission, included in Windows Storage Server, only help prevent unauthorized network access to the files and folders stored on Windows Storage Server. These shared folder permissions affect users accessing the files and folders using the SMB protocol. Shared folder permissions work with NTFS permissions to help prevent unauthorized network access to files and folders stored on NTFS volumes.
Note For remote or network users, access to files and folders are defined by the combination of NTFS permissions and shared folder permissions.
For more information, see the section "SMB Permissions" in Managing Permissions for Shared Folders. Windows Firewall with Advanced Security Windows Firewall with Advanced Security, included in Windows Storage Server, helps reduce the attack surface by blocking unauthorized network traffic flowing into or out of the appliance. Windows Firewall with Advanced Security is integrated with Network Awareness so that it can apply security settings appropriate to the types of networks to which the computer is connected. Windows Firewall is also integrated with Internet Protocol Security (IPsec), so that the IPsec configuration settings are integrated into the Windows Firewall with Advanced Security snap-in. For more information, see Windows Firewall with Advanced Security and IPsec. IPsec, included in Windows Storage Server, allows you to protect the communications between Windows Storage Server and other Windows operating systems. IPsec supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. You can centrally manage IPsec using Group Policy, which dramatically reduces the ongoing administrative and operations effort. For more information, see IPsec and Windows Firewall with Advanced Security and IPsec. Microsoft Forefront products, available separately, provide protection, and access, and management solutions that are integrated with Microsoft user identity management, Windows operating systems, and other Microsoft products. Specifically, you can help protect: Windows Storage Server and other Windows-based computers or appliances that communicate with the appliance using Forefront Client Security. Communication with other computers or appliances over the Internet using Forefront Threat Management Gateway 2010. Remote connectivity to Windows Storage Server using Forefront Unified Access Gateway 2010.
IPsec
Microsoft Forefront
61
Description There are a large number of security related products and technologies that are available from Microsoft partners. Typically, any security product that is compatible with Windows Server 2008 R2 is also compatible with Windows Storage Server 2008 R2.
In addition to features and technologies listed in Table 22, you can use the following resources to help secure Windows Storage Server: Microsoft Security. This is the home page for all Microsoft security products and technologies for all operating systems and products. Security Solution Accelerators. This collection of tools and guidance are free, authoritative resources to help you to proactively plan, integrate, and operate your security infrastructure. Specifically, the Security Compliance Management Toolkit Series provides an end-to-end solution to help plan, deploy, and monitor security baselines of Windows operating systems.
Table 23. File Services Protocols and How to Secure the Protocols Protocol SMB How to secure this protocol Use NTFS permissions and shared folder permissions to secure SMB-based access to shared resources. For more information, see "NTFS Permissions" and "SMB Permissions" sections in Managing Permissions for Shared Folders. Use read-only DFS Replication to provide read-only copies of file and folders to servers where only readonly access is allowed. For more information, see the Creating Branch Office Solutions section in this white paper. NFS-based access control for a shared resource is determined based on network names and groups. To use NFS permissions, you must first install the Services for Network File System (NFS) role service using Server Manager. After installing Services for NFS, use NFSAdmin.exe to create client groups and to add client computers to those groups before configuring NFS share permissions. You can manage the NFS share permissions using the Share and Storage Management snap-in. For more information, see the "NFS Permissions" section in Managing Permissions for Shared Folders. Use read-only DFS Replication to provide read-only copies of file and folders to servers where only read-
NFS
62
Protocol
How to secure this protocol only access is allowed. For more information, see the Creating Branch Office Solutions section in this white paper. Encrypt all WebDAV communication with the appliance using secure socket layer (SSL). For more information, see Authentication and Security Using WebDAV. Require authentication for all users that access the appliance using WebDAV. For more information, see Authentication and Security Using WebDAV. Encrypt all Windows SharePoint communication with the appliance using SSL. For more information, see Plan authentication settings for Web applications (Windows SharePoint Services). Require authentication for all users that Windows SharePoint Server on the appliance. For more information, see Plan authentication settings for Web applications (Windows SharePoint Services).
WebDAV
63
Protocol
For more information, see iSCSI Security. Encrypt all communication Protect communication between the iSCSI initiators and the Microsoft iSCSI Software Target using IPsec encryption. For more information, see IPsec and Windows Firewall with Advanced Security and IPsec. Isolate the network segments used for communication between the iSCSI initiators and the Microsoft iSCSI Software Target by using separate physical network segments or by using virtual local area networks (VLANs).
Table 25. Web Services Protocols and How to Secure the Protocols Protocol HTTP How to secure this protocol Use the HTTPS protocol instead to provide encryption of all communication between the appliance and the clients. Allow connectivity to the appliance only from computers on your internal network. Ensure that all HTTP connections require authentication as necessary.
HTTP is an insecure protocol and sends all traffic in clear text.
Note
HTTPS
HTTPS is a secure protocol and does not need further protection for confidentiality. Ensure that all HTTPS connections require authentication as necessary. Ensure that all FTP connections require authentication. Allow connectivity to the appliance only from computers on your internal network. Use IPsec to protect communication between the appliance and FTP clients.
FTP is an insecure protocol and sends all traffic in clear text.
FTP
Note
IIS 7.5 builds on the application pool isolation that was available with IIS 7.0 that increased security and reliability, every IIS 7.5 application pool now runs with a unique, less-privileged identity. This helps harden the security of applications and services running on IIS 7.5.
64
Table 26. Print Server Role Services and How to Secure the Role Service Role service Print Server How to secure this protocol Use printer permissions to control access to the appliance running the Print Server role services using the Print Management snapin. For more information, see Assigning Delegated Print Administrator and Printer Permission Settings in Windows Server 2008 R2. The communication between the LPD Service and LPR clients is unsecured. There is no authentication available or security permissions available. If required, use IPsec to protect the communication between the LPD Service and LPR clients. For more information, see IPsec and Windows Firewall with Advanced Security and IPsec. Protect all communication between the Internet Printing clients and the appliance using SSL. Use the HTTPS protocol instead when connecting to the URL for the printer. For more information, see Internet Printing and Resulting Internet Communication in Windows Server 2008.
LPD Service
Internet Printing
65
Failover clusters. Failover clusters in Windows Storage Server, as illustrated in Figure 8, can be used to improve the availability of SMB-based file services workloads. The method supports read and write access to the files. Windows Storage Server provides an easy to install and configure user interface for creating a two node failover cluster. This user interface reduces the learning curve, complexity, and effort required to create a two node cluster. For more information about failover clusters for file services workloads, see Failover Clusters in Windows Server 2008 and Failover Cluster Step-by-Step Guide: Configuring a Two-Node File Server Failover Cluster. DFS. You can use DFS Replication to create replica copies of shared network folders. Then you can use DFS Namespace to provide automatic failover to replica copies of content when a local copy of the content is unavailable. In addition, you can improve DFS Replication availability by running on failover clusters in Windows Storage Server.
66
Method
SMB
NFS
WebDAV
For more information, see Distributed File System. Network Load Balancing. The Network Load Balancing (NLB) feature in Windows Storage Server can be used to provide fault tolerance for file services workloads. For more information about using NLB to improve availability for file services workloads, see Network Load Balancing.
The most common method of improving the availability for file services workloads is by using failover clusters. Figure 8 illustrates a typically two-node failover cluster for file services workloads. The shared storage in Figure 8 can be iSCSI, SAS, or Fibre Channel connected storage. PCI RAID controllers are not supported for shared storage.
Note The cluster storage illustrated in Figure 8 could be provided by the Microsoft iSCSI Software Target in Windows Storage Server.
67
68
running the Microsoft iSCSI Software Target. In the event that one or more of these components fails, causing the path to fail, multipathing logic uses an alternate path for I/O so that applications running on the iSCSI initiator can still access their data. Each iSCSI network interface card should be connected by using redundant switch infrastructures to provide continued access to storage in the event of a failure in a storage fabric component.
Note Multipath connections for Microsoft iSCSI Software Initiators is provided by the MPIO feature in Windows Server. Redundancy for iSCSI initiators on other operating systems or hardware iSCSI initiators is provided by network adapter teaming from the network adapter vendor. Redundancy for file services and print services is also provided by network adapter teaming support from the network adapter vendor.
For more information, see Multipath I/O Overview. This section also discusses the following combinations of failover clustering and multipath I/O features: Creating highly-available iSCSI targets with single or multipath connections. Creating highly-available iSCSI initiators with single or multipath connections.
69
Figure 9. Highly-available Microsoft iSCSI Software Target with a single path connection
The configuration in Figure 10 illustrates combining multipath I/O with the failover cluster solution. The network infrastructure for the iSCSI communication between the iSCSI initiator and the clustered nodes running the Microsoft iSCSI Software Target has been updated to include redundant network adapters, switches, and network cables. This redundancy in the physical connectivity helps eliminate any single point of failures due to the network infrastructure for the storage fabric used by iSCSI, such as a switch failure or a disconnected network cable.
70
Figure 10. Highly-available Microsoft iSCSI Software Target with multipath connections
71
Figure 11. Highly-available Microsoft iSCSI Software Target and iSCSI initiators with single path connections
The configuration in Figure 12 illustrates combining multipath I/O with the failover cluster solution for the iSCSI initiators and iSCSI targets in Figure 11. The network infrastructure for the iSCSI communication between the clustered nodes running the iSCSI initiators and the clustered nodes running the Microsoft iSCSI Software Target has been updated to include redundant network adapters, switches, and network cables. This redundancy in the physical connectivity helps eliminate any single point of failure due to the network infrastructure for the storage fabric used by iSCSI, such as a switch failure or a disconnected network cable.
72
Figure 12. Highly-available Microsoft iSCSI Software Target and iSCSI initiators with multipath connections
73
Figure 13. Typical two-node failover cluster for Print services workloads This method helps prevent any print services outages due to the failure a node in the cluster. Print services outages for specific printers occur in the event of a printer failure. However, the print jobs for the printer continue to be queued until the printer failure is resolved and the printer is restored to normal operation. For more information about failover clusters for file services workloads, see Failover Clusters in Windows Server 2008 and the Failover Cluster Step-by-Step Guide: Configuring a Two-Node Print Server Failover Cluster.
74
75
76
and prevent segment losses. Reducing IP packet resending improves the overall performance of traffic that uses the TCP protocol. For more information about the Next Generation TCP/IP protocol suite in Windows Server 2008, see: Next Generation TCP/IP Stack. New Networking Features in Windows Server 2008 and Windows Vista. Performance Enhancements in the Next Generation TCP/IP Stack.
Figure 14 illustrates how the architecture of NDIS 6.0 with RSS prevents bottlenecks for incoming network traffic. Because all processors are able to process incoming network traffic, all processors have available capacity and none are a bottleneck for incoming network traffic.
Figure 14. Incoming network traffic with RSS For more information about RSS, see Receive-Side Scaling Enhancements in Windows Server 2008.
77
Figure 15. Multiprocessor I/O operation without NUMA optimization Figure 16 illustrates an example of the components that might be required for processing a dynamically directed I/O completion by using NUMA I/O. In this example, the I/O operation is initiated on Processor 3, the interrupt from the disk is directed to Processor 3, and the subsequent completion processing of the I/O occurs on Processor 3. If the completion processing accesses the data read from the disk, the data will go from memory to Processor 3, and the application will experience a high cache hit ratio when it accesses the data.
78
In this example, the node interconnect and all unrelated processors are unaffected by the I/O completion. In scenarios where the system consists of only Processors 3 and 4 in a single node configuration, the fact that Processor 4 is unaffected by the I/O operation still results in performance benefits.
Figure 16. Multiprocessor I/O operation with NUMA optimization The dynamic I/O completion redirection (NUMA I/O) improvements in Windows Server 2008 provide the following benefits: Support for the Message Signaled Interrupt eXtension (MSI-X) that enables a PCI-X or PCI-Express device to use new APIs to specify a processor to complete processing of each specific I/O operation. Better NUMA and non-NUMA processor architecture. For NUMA architectures, the I/O processing is localized to a NUMA node or a specific processor within the node. For non-NUMA architectures, the I/O processing is performed on a specific processor. In the current implementation, the selected completion processor for an I/O is ideally the same processor that initiated the I/O operation. For more information about NUMA support in Windows Server 2008, see: The "NUMA Support" section of the "Advances in Memory Management for Windows" white paper. Download NUMA I/O Optimizations.
79
Improving network performance between client computers and Windows Storage Server for the folder redirection and offline files features.
80
Figure 17. Write operations in SMB 1 Figure 18 illustrates how SMB2 processes multiple write operations between a client computer running Windows Vista and a server computer running Windows Server 2008. In SMB2, multiple write requests can be issued before receiving a write response. The overall effect, especially on high-latency network connections, is that remote file operations are much faster.
81
Figure 18. Write operations in SMB2 For more information about SMB2, see the "Server Message Block 2.0" section of New Networking Features in Windows Server 2008 and Windows Vista.
82
Figure 19. Environment for performing File Services role tests The following tests were performed for the File Servers role: Running the Microsoft File Server Capacity Tool (FSCT) on a high-speed network. Copying large files to a remote location over a WAN connection. Accessing files on a shared folder at a remote location over a WAN connection.
Note The tests results reflect the performance of Windows Server 2008 with Windows Firewall enabled. The test results for Windows Server 2003 do not include Windows Firewall. Windows Firewall imposes a minimal impact (approximately 5 percent) on network throughput. The performance gains that are illustrated in these tests are a direct result of the performance and scalability features in Windows Server 2008.
83
450 Number of Scenarios per Second 400 350 300 250 200 150 100 50 0 2000 2400 2800 3200 3600 4000 4400 4800 Number of users
100.00% 90.00% 80.00% Procesor utilization 70.00% 60.00% 50.00% 40.00% 30.00% 20.00% 10.00% 0.00%
Figure 20. File Services Role scalability test results The scenarios include common operations such as browsing a directory, copying files, and modifying Microsoft Office files. For a given number of users accessing data on a file server, the tool will compute a throughput number corresponding to the average scenario per second that the server is able to sustain. The tool also provides the ability to collect performance counters such as processor, memory, network, and disk subsystem utilization details to help identify potential bottlenecks. Table 28 lists example performance characteristics for appliances with different system resources. In these examples, the appliances contained only a single or dual processor socket that is typical for these types of appliances at the time of writing. As reflected by these performance characteristics, you can expand the processor and disk resources of the appliances to support tens of thousands of users on a single appliance. Table 28. Example Performance Characteristics of Appliances with Different System Resources Processor sockets Single socket Single socket Single socket Dual socket Disk configuration 4 SATA drives 10 SATA drives 10 SATA drives 24 SAS drives Raid level RAID 5 RAID 5 RAID 1+0 RAID 1+0 Users supported 600 1,200 1,700 5,000 Processor utilization 7.7% 5.6% 7.5% 11.2%
A significantly higher number of users can be supported by adding more drives, memory, and processors. The number and speed of the drives has the largest influence on the number of users who can be supported.
84
85
86
Figure 23. Performance results with first hardware configuration In the performance results comparison in Figure 23, the server has the following system resources: One processor. 16 GB of memory. 24 hard disks configured in a RAID-10 array. One Fibre Channel host bus adapter.
87
In the performance results comparison in Figure 24, the server has the following system resources: Two processors. 72 GB memory. 96 hard disks configured in a RAID-10 array. Two Fibre Channel host bus adapters. As illustrated in Figure 24, the increased system resources allow Windows Server 2008 R2 to support almost twice as many users as the system resources in Figure 23. The performance improvements in SMB 2.1 are realized only when both operating systems support SMB 2.1. Table 29 shows the version of SMB used between two computers running different combinations of operating systems. Table 29. Versions of SMB Supported Between Different Windows Operating Systems Windows Vista, Windows Server 2003, and prior operating systems Windows Vista, Windows Server 2003, and prior operating systems. Windows Vista Service Pack 1 and Windows Server 2008 Windows 7 and Windows Server 2008 R2 SMB 1 Windows Vista Service Pack 1 and Windows Server 2008 SMB 1 Windows 7 and Windows Server 2008 R2 SMB 1
SMB 1
SMB2 (v2.002)
SMB2 (v2.002)
SMB 1
SMB2 (v2.002)
SMB 2.1
For example, if a computer running Windows XP is accessing a computer running Windows Server 2008 R2, SMB 1 is used for file services traffic. SMB 2.1 is only supported when both computers are running Windows 7 or Windows Server 2008 R2.
BranchCache Modes
BranchCache supports the following operational modes: Distributed Cache mode Hosted Cache mode
88
Distributed Cache Mode In Distributed Cache mode, content is cached on the branch on client computers running Windows 7. The disadvantage to this solution is that content is cached on client computers, so if the computer containing the cached content is unavailable, the content must be retrieved over the WAN connection, as illustrated in Figure 25.
Figure 25. BranchCache Distributed Cache mode The following sequence reflects how the Distributed Cache mode caches content: 1. Client 1 issues a request for a file on a BranchCache-enabled server in the head office. This request can be transmitted over any of the BranchCache-enabled protocols, such as SMB, HTTP, or Background Intelligent Transfer Service (BITS). The client computer indicates to the server that it is BranchCache capable, using fields, messages, or headers that are already part of the BranchCache-enabled protocol. The server responds, and transmits a set of identifiers that describe the chunks of content the client computer wants to download. These identifiers are transmitted by using the BranchCache-enabled protocol. 2. Client 1 searches locally for a computer that has already downloaded and cached the content. This search is conducted by using the BranchCache discovery protocol, which in turn uses WS-Discovery, a multicast protocol sent over UDP. Client 1 is the first computer in the branch to download this piece of content, so it does not receive any responses. 3. Client 1 issues another request to the server in the head office by using the BranchCache-enabled protocol, such as SMB, HTTP, or BITS. This request is not marked as BranchCache capable. The server responds with the requested data. The client then adds this data to its local cache. 4. Client 2 issues a request for the same content that Client 1 downloaded earlier. Client 2 receives identifiers describing the content from the server in the head office. 5. Client 2 uses the BranchCache discovery protocol to search for the content. Client 1 receives this request, finds the requested content in its local cache, and sends a response to Client 2. 6. Client 2 requests the content from Client 1 by using the BranchCache retrieval protocol, which in turn uses HTTP. Client 1 transmits the content to Client 2, protecting it with the BranchCache encryption scheme. Client 2 verifies the data against the identifiers downloaded from the server in the head office.
89
Note Hosted Cache mode and Distributed Cache mode are mutually exclusive. A client computer can be configured to use only a single caching mode at one time.
Hosted Cache Mode In Hosted Cache mode, content is cached at the branch office on client computers running Windows Server 2008 R2. The advantage to this mode is that the server is always available, so the cached content is always available. The unavailability of any client computer running Windows 7 does not affect the availability of the content cache, as illustrated in Figure 26.
Figure 26. BranchCache Hosted Cache mode The following sequence reflects how the Hosted Cache mode caches content: 1. Client 1 issues a request to a BranchCache-enabled server in the head office. This request can be transmitted over any of the BranchCache-enabled protocols, such as SMB, HTTP, or BITS. The client computer indicates to the server that it is BranchCache capable, using fields, messages, or headers that are already part of the BranchCache-enabled protocol. The server responds, and transmits a set of identifiers that describe the chunks of content that the client computer wants to download. These identifiers are transmitted by using the BranchCache-enabled protocol. 2. Client 1 requests the content from the hosted cache in the branch office by using the BranchCache retrieval protocol (MS-PCCRD), which in turn uses HTTP. The hosted cache response informs Client 1 that the target data is not available. 3. Client 1 issues another request to the server in the head office by using the BranchCache-enabled protocol, such as SMB, HTTP, or BITS. This request is not marked BranchCache capable. The server responds with the requested data. 4. Client 1 advertises the newly downloaded content to the Hosted Cache server running Windows Storage Server by using the BranchCache hosted cache protocol (MS-PCHC), which in turn uses HTTPS.
90
5. The Hosted Cache server connects to the client and downloads the recently advertised content by using the BranchCache retrieval protocol (MS-PCCRD), which in turn uses HTTP. 6. Client 2 issues a request for the same content that Client 1 downloaded earlier. Client 2 receives identifiers describing the content from the server in the head office. 7. Client 2 requests the content from the hosted cache in the branch office by using the BranchCache retrieval protocol (MS-PCCRD), which in turn uses HTTP. The hosted cache responds with the data. Client 2 verifies the data by using the identifiers downloaded from the server in the head office. If a client computer cannot locate content on the hosted cache server, the client computer returns to the server in the head office and requests a download.
Note Hosted Cache mode and Distributed Cache mode are mutually exclusive. A client computer can be configured to use only a single caching mode at one time.
BranchCache Management You can configure BranchCache behavior by using Group Policy. Windows Storage Server includes a Group Policy administrative template that you can use to administer the BranchCache configuration settings. You can also manage BranchCache by using the NetSH command. For more information about configuring BranchCache by using the NetSH command, see Network Shell (Netsh) Commands for BranchCache.
Identify Methods for Improving iSCSI Block I/O Workload Performance and Scalability
You can improve the performance and scalability for iSCSI block I/O workloads by using the following methods: Ensure the system resources of the appliance are sufficient. The typical system resources that are heavily utilized by iSCSI block I/O workloads include memory,
91
disk, and network. Ensure that the appliance has sufficient resources to provide adequate performance and scaling. Always size disks for performance in addition to capacity. Although a given number of disks may have adequate storage capacity, the number may not provide sufficient I/O throughput. After ensuring the number of disks is sufficient for capacity, also ensure they are sufficient for I/O throughput. Isolate different types of workloads using dedicated physical arrays. Different types of workloads on the same physical array can degrade performance for the workloads, such as sequential I/O workloads, random I/O workloads, NFS workloads, or SMB workloads. Dedicate a physical array for each conflicting workload. Isolate different types of workloads using separate physical network segments. Different types of workloads on the same physical network can cause overutilization and performance problems. When encountering network utilization problems, segregate each type of workload to a separate physical network segment to reduce network contention. Configure sector alignment for iSCSI Target volumes and .vhd files. Sector alignment allows Windows Storage Server to create partitions that align with the underlying physical disk. Sector alignment helps prevent an I/O operation from spanning two tracks, which causes performance degradation. You can configure sector alignment for physical disks using the Diskpart.exe command line tool.
Note Consult your storage vendor to determine the proper values to use with the Diskpart.exe.
Isolate different types of workloads using separate physical network segments. Different types of workloads on the same physical network can cause overutilization and performance problems. When encountering network utilization problems, segregate each type of workload to a separate physical network segment to reduce network contention. Figure 27 illustrates a Windows Storage Server solution that has been optimized to provide improved performance and scalability. In this example, the Windows Storage Server solution is optimized to support Exchange Server connecting to disk LUNs on Windows Storage Server.
92
Figure 27. A Windows Storage Server solution optimized for performance For the sample scenario in Figure 27, the following optimizations were chosen: Sufficient system resources of the Windows Storage Server appliance for the given workloads. An optimized number of disks for disk I/O bandwidth capacity. Separate network segments for workload types, including iSCSI sequential I/O, iSCSI random I/O, and file services access using SMB or NFS. Separate network adapters in the Exchange server to support the separate network segments. Separate arrays dedicated to different iSCSI I/O traffic as the Exchange storage group data is random I/O, while the Exchange storage group logs are sequential I/O. Separate iSCSI targets that corresponds to the iSCSI sequential I/O and iSCSI random I/O.
93
Sector-aligned disk arrays to help prevent I/O operations from spanning multiple tracks.
94
Identify Methods for Improving Web Services Workload Performance and Scalability
IIS 7.0 provides a powerful, unified facility for output caching by integrating the dynamic output-caching capabilities of ASP.NET with the static output-caching capabilities that were present in IIS 6.0. IIS also lets you use bandwidth more effectively and efficiently by using common compression mechanisms such as Gzip and Deflate. Performance includes the following features: Compression. HTTP compression lets you make more efficient use of bandwidth and enhances the performance of sites and applications. You can configure HTTP compression for both static and dynamic sites. For more information about how to configure compression, see Configuring HTTP Compression in IIS 7. Output Caching. Output caching allows you to manage output caching rules and to control the caching of served content. In IIS Manager, you can create caching rules, edit existing caching rules, and configure output cache settings. For more information about configuring output caching, see Configuring Output Caching in IIS 7. For more information about improving Web services workload performance and scalability, see Optimize IIS Performance (IIS 7).
95
96
97
98
99
They provide an inexpensive iSCSI target, SMB file access, and NFS file access to storage. They provide highly-available configurations based on solution availability requirements.
100
101
Published content
Collaboration content
102
103
The assumptions in this scenario are: The data centers have local IT personnel, while the branch offices have minimal or no local IT personnel. Most of the configuration and all of the support is provided by the IT personnel in the head office. Centralized management of the appliances in the branch office is essential and remote administration is required. Stand-alone NAS appliances are used. Due to cost constraints and lack of local IT personnel, failover clusters can be an optional part of this solution, depending on the availability requirements of the branch offices. For more information about this type of appliance, see the previous section "Using Windows Storage Server in a Stand-alone NAS Configuration," in this white paper. Minimizing the utilization of the WAN connections is essential. The available network speed of the WAN connections between the head offices and the branch offices is a limited resource in terms of both available bandwidth and cost. The solution must minimize the utilization of the WAN connection as much as possible. Computers are running mostly Windows operating systems. Most of the computers in the branch office are running Windows operating systems. In some instances there may be computers running other operating systems, such as Linux or the Mac OS. Users must have access to their user folders regardless of connectivity to the branch office appliance. Mobile users need to access their user folders when they are not connected to the internal network in the branch office. Also, all users need to access their user folders regardless of any scheduled maintenance of the appliance or appliance failure. Consolidating of data in head office to provide centralized management. All user profile folders in the branch offices need to be copied to the head offices for centralized management, such back up and data protection. This helps protect the user profile folders in the branch office in the event of a catastrophic disaster in the branch office location that results in the total failure of the appliance. Centralized management of the branch office. The branch offices typically do not have local IT personnel and require assistance from the IT personnel in the head office. IT personnel in the head office must be able to manage the configuration settings of the devices and users in the branch offices. Table 31 lists the Windows Storage Server and Windows client operating system features used in the branch office solution and provides a brief description of the role each plays in the solution. Table 31. Features Used In Branch Office Solutions Feature File services using SMB2 Description Provides file services for computers running Windows operating systems. In addition, SMB2 helps minimize WAN network utilization because of the efficiencies provided by SMB2. For more information, see the section "Review Improvements in the SMB Protocol," earlier in this white paper. Provides file services for computers running NFS clients, including the computers running Linux or Mac OS. Provides local caching of the collaboration content stored on the appliances in the head office. The appliance in the branch office is configured for BranchCache hosted caching mode, which allows the appliance to provide local caching of the collaboration content accessed using the SMB and HTTP protocols. BranchCache dramatically reduces the network
104
Feature
Description utilization for accessing these files. Any updates to the collaboration content are automatically saved on the appliances in the head office. For more information, see the section, "Improving Performance for Branch Offices Using BranchCache," earlier in this white paper.
DFS Replication
Provides replication of files and folder structure from the branch offices to the head office, which provides data consolidation in the head office so that all backups are performed in the head office. This allows the head office to avoid doing backups over the WAN link. DFS Replication uses RDC to transmit only the changes to a file, which dramatically reduces the network bandwidth utilization. For more information, see the section, "Using DFS Replication to Protect Data," earlier in this white paper. Uses DFS Replication to provide replication of files and folder structure from the head office to the branch offices, which: Reduces WAN network utilization by providing local access to the files. Provides improved file access for users in the branch office because the files are accessed locally instead of over the WAN connection. This is primarily for files that are for public use and are typically read-only at the branch office. The files and folders are set to read-only access by DFS Replication. For more information, see the section, "Using DFS Replication to Protect Data," earlier in this white paper. Allows users to recover files by themselves without the assistance of IT professionals. Helps reduce the effort spent by IT personnel in data centers for recovery of files. For more information, see the section "Using Shadow Copies of Shared Folders to Protect Data," earlier in this white paper. Computers running Windows client operating systems are using the Folder Redirection feature to redirect the user folders to network shared folders on the appliance in the branch office. The Folder Redirection feature allows the user folders to be available from any computer on the network. The user folders are copied to the head office for backup and centralized management functions. The Folder Redirection feature is available in all current Windows client operating systems, including Windows 7, Windows Vista, and Windows XP. You can administer the Folder Redirection feature using Group Policy. For more information, see: Folder Redirection Overview.
Folder Redirection
105
Feature
Description Folder redirection overview for GPMC. Configuring Folder Redirection. The Improving Performance for Folder Redirection and Offline Files section in this white paper. The Offline Files feature allows users to always have access to files from network shared folder by synchronizing the contents of the network shared folder to the Offline Files cache on the users computer. The Offline Files feature provides access to files: When users are not connected to the branch office network. Mobile users may want to access their files while away from the office. The Offline Files feature allows users to modify local copies of their files while disconnected from the network. When users reconnect to the network, any new or modified files are automatically synchronized with the network shared folders on the appliance. In the event the appliance is taken offline for maintenance or of an appliance failure. Users can continue to work on copies of the files on their local computers. When the appliance is restored to service, any new or modified files are automatically synchronized with the network shared folders on the appliance. The Offline Files feature is available in all current Windows client operating systems, including Windows 7, Windows Vista, and Windows XP. You can administer the Offline Files feature using Group Policy. For more information, see: Understanding offline files. Working with network files when you are offline. Configuring Offline Files. Configuring Group Policy for Offline Files. The Improving Performance for Folder Redirection and Offline Files section in this white paper. Computers running Windows can print to the printers in the branch office using the print services workloads provided by Windows Storage Server. For more information, see the section "Providing Access to Print Services Workloads," earlier in the white paper. Computers running Linux or Mac OS can print to the printers in the branch office using the print services workloads provided by Windows Storage Server. For more information, see the section "Providing Access to Print Services Workloads," earlier in the white paper. Authentication is performed using an AD DS read-only domain controller on the local appliance. The read-only domain controller provides enhanced security by preventing unauthorized or inadvertent updates to AD DS. The local read-only domain controller also
Offline Files
Print Server
106
Feature
Description reduces network traffic between the head office and branch offices because authentication is performed locally.
DNS Server
Computers in the branch office can resolve DNS names using the DNS Server running on the local appliance. The local DNS Server reduces network traffic between the head office and branch offices because DNS queries are resolved locally. Computers in the branch office that are configured using DHCP can be configured using the DHCP Server running on the local appliance. The local DHCP Server reduces network traffic between the head office and branch offices because DHCP configuration is performed locally. File Server Resource Manager allows you to understand, control, and manage the quantity and type of data stored on Windows Storage Server 2008 R2. You can use File Server Resource Manager to: Limit the amount of disk space used by using the Quota Management feature. Prevent storage of certain file types by using the File Screening feature. Use Storage Reports to profile storage usage and trends within the branch. For more information, see File Server Resource Manager. Group Policy allows you to centrally configure the Windows Storage Server appliances and Windowsbased computers in the branch office. Most of the features and configuration settings available in all Windows products can be configured by using Group Policy. For more information, see Group Policy.
DHCP Server
Group Policy
107
Table 32. Managing Types of Data in the Branch Office Solution Type of data User folders Managed using Offline Files. This feature allows users to access their user profile folders when not connected to the appliance. Any new files or changes made to the cached copy of the files are automatically synchronized when the connection to the appliance is restored. Once these files are synchronized with the branch office appliances, any changes in the user profile folders are replicated to the head office using DFS Replication. Remote Differential Compression in DFS Replication replicates only the changes to the user profile folders, which minimizes the bandwidth utilization on the connection between the branch offices and the head office. Folder Redirection. This feature stores the user profile folders, which are typically stored locally on the users computer, on the branch office appliance. After the user profile folders are stored on the branch office appliance. DFS Replication replicates the user profile folders to the head office so that they can be centrally backed up and managed by the IT personnel. In addition, the Folder Redirection feature helps in fast recovery of computers because the user profile folders are not stored on the local computer. Read-only DFS Replicated Folders. DFS Replication replicates the published content stored on the head office appliances to the branch office appliances. The replica copies of the published content in the branch offices are maintained read-only by DFS Replication so that users in the branch office have read-only access to the replica content. DFS Namespace. This feature allows for users to transparently access the published content on the appliances in the branch office or in the head office, depending on the availability of the branch office appliance. This feature determines which replica copy to access based on the availability of the copy and the location of the copy using Active Directory sites. The head office and each of the branch offices is a separate Active Directory site. DFS Namespace always preferentially directs client computers to access a local replica copy of the published content within the local site (lower cost than other sites). If the branch office replica copy is unavailable, then DFS Namespace directs the client computers to access the replica copy in the Active Directory site with the next lowest cost, which in this scenario is the head office. When the branch office replica copy becomes available again, DFS Namespace will automatically direct users to use the replica copy in the branch office.
Published content
108
Managed using Network shared folders. This feature allows users to access the content from the head office appliances. The SMB2 protocol dramatically reduces the bandwidth utilization between the head office and the branch offices for: The initial local caching of the content using BranchCache. Any updates to the content from users in the branch offices. The BranchCache feature dramatically reduces the bandwidth utilization between the head office and the branch office when users access content stored on the network shared folders that has already been locally cached on the appliance in the branch office. Windows SharePoint Services. This feature allows users to access the content from the head office appliances using the HTTP or HTTPS protocol. This feature also supports version control, check in, and check out capabilities. The BranchCache feature dramatically reduces the bandwidth utilization between the head office and the branch offices when users access Web content that has already been locally cached on the appliance in the branch office.
For the collaboration content in Table 32, network shared folders and Windows SharePoint services are used instead DFS Replication. This is because DFS Replication in Windows Storage Server is appropriate when only one copy of the content is centrally modified and all replica copies are read-only. Because multiple users need to modify the content, network shared folders and SharePoint Services with the BranchCache feature provide the appropriate solution.
109
Figure 35. Highly-available solution using Windows Storage Server The key elements of the highly-available solution include: The appliances have the appropriate system resources based on the information in Table 28. The application servers are configured in a failover cluster to provide fault tolerance in the event of an application server failure.
110
The Windows Storage Server appliances act as iSCSI targets by running the Microsoft iSCSI Software Target. The appliances are configured in a failover cluster to provide fault tolerance in the event of an appliance failure. The application servers are using the multipath I/O feature to provide redundant connections to the clustered appliances. There are redundant network connections between the cluster application servers and the clustered appliances to provide fault tolerant network connectivity. For more information about Windows failover clustering for iSCSI targets, see the following sections earlier in this white paper: "Improving Availability of iSCSI Block I/O Workloads." "Using Windows Storage Server in a Highly-Available NAS Configuration." "Using Windows Storage Server in a NAS Gateway Configuration." For more information about Multipath I/O for iSCSI initiators in Windows Server operating system, see the following sections earlier in this white paper: "Improving Availability of iSCSI Block I/O Workloads." "Using Windows Storage Server in a NAS Gateway Configuration."
111
Figure 37 illustrates the same IT environment after implementing the storage consolidation solution. The number of computers to be supported has been dramatically decreased, which reduces ongoing operations effort and complexity. Also, the overall availability of workloads has been improved. Because storage is centralized, the effort for ongoing storage management is dramatically reduced. And, because all storage resources are pooled, storage can be easily allocated to the appropriate computer.
112
113
The key elements of the storage consolidation solution include: The appliances have the appropriate system resources based on the information in Table 28. The Windows Storage Server appliances are: Acting as iSCSI targets and are running the Microsoft iSCSI Software Target. Providing SMB file services. Providing NFS file services. The appliances are configured in a failover cluster to provide fault tolerance in the event of an appliance failure. The appliances have redundant network connections to support the multipath I/O feature from the storage fabric. There are redundant network connections between the cluster application servers and the storage fabric to provide fault tolerant network connectivity.
114
NFS file services for NFS clients. Windows print services for Windows operating systems. LPR print services for other operating systems. Access to Web-based content using IIS 7.0. Collaboration using Windows SharePoint Services. Centralized storage for all operating systems that have supported iSCSI initiators using Microsoft iSCSI Software Target. For more information about supported iSCSI initiators, see the section "Identifying Microsoft iSCSI Software Target Support for iSCSI Initiators" earlier in this white paper. AD LDS can be used to provide identity mapping for NFS file services in environments where an Active Directory infrastructure does not already exist. For more information, see AD LDS Identity Mapping for Services for NFS. The appliances may be configured in a failover cluster to provide fault tolerance in the event of an appliance failure, depending on the availability requirements of the organization. The appliances have redundant network connections to support the multipath I/O feature from the storage fabric. There are redundant network connections between the cluster application servers and the storage fabric to provide fault tolerant network connectivity. The appliances provide centralized storage management, which dramatically reduces the level of effort for ongoing operations and management. Highly-automated management tools, such as Group Policy, help reduce the effort required for ongoing operations and management.
115
116
Figure 38. Windows Storage Server in virtualization solutions Table 33 lists the different methods that virtual machines can use to connect to iSCSI LUNs
117
Table 33. Methods that Virtual Machines Can Use to Connect to iSCSI LUNs Method VHD created on parent partition volume Description The iSCSI LUN is attached to the parent partition and is formatted as an NTFS volume and assigned a drive letter in the parent partition. A .vhd file is created on the volume that is accessed by the virtual machine. As illustrated in Figure 38, the parent partition formats LUN-C as E: and the .vhd file for Virtual Machine C is created on the E: volume. This method: Allows multiple virtual machines to store .vhd files on the same iSCSI LUN. Works for all supported operating systems in the virtual machine, regardless if the operating system supports an iSCSI initiator. Allows the virtual machine to boot from the iSCSI LUN. Supports Live Migration scenarios using Cluster Shared Volumes. For more information, see Hyper-V: Using Live Migration with Cluster Shared Volumes in Windows Server 2008 R2. The iSCSI LUN is attached to the parent partition and the virtual machine directly accesses the partition. As illustrated in Figure 38, the parent partition connects to LUN-B and Virtual Machine B directly connects to the partition. This method: Allows only one virtual machine to use the iSCSI LUN. However, the parent partition is also aware of the child partition using the LUN. Works for all supported operating systems in the virtual machine, regardless if the operating system supports an iSCSI initiator. Allows the virtual machine to boot from the iSCSI LUN. The iSCSI LUN is attached to the child partition and the virtual machine directly accesses the partition. As illustrated in Figure 38, the child partition connects to LUN-A. This method: Allows only one virtual machine to use the iSCSI LUN. However the parent partition is unaware of the child partition using the LUN because the child partition is directly accessing the LUN. Works for all supported operating systems in the virtual machine that have a supported iSCSI initiator. Does not natively support boot from the iSCSI LUN and requires products available from Microsoft partners to support iSCSI boot for virtual machines.
118
Note Performing a complete backup of the parent partition will back up iSCSI LUNs that are connected using the VHD created on parent partition method. iSCSI LUNs that are connected using the Pass-through parent partition disk or the Child partition iSCSI initiator direct to LUN methods must be backed up separately in addition to performing a complete backup of the parent partition.
The recommended method is the VHD created on parent partition method for the following reasons: Backups are complex using the Pass-through parent partition disk or the Child partition iSCSI initiator direct to LUN methods. The associated virtual machine files, such as the .bin files, are stored on the same LUN where the .vhd files reside using this method. There is minimal performance difference between the VHD created on parent partition and the Pass-through parent partition disk methods. It is also recommended that you create a separate iSCSI target for each LUN that you connect to the parent partition to improve performance. Creating a separate iSCSI target for each LUN will improve performance because each iSCSI target has its own I/O submission queue.
119
Figure 39. Windows Storage Server in Windows HPC iSCSI Boot Deployment By using iSCSI and Windows Storage Server, the nodes in the cluster do not require a local hard disk drive to serve as a system disk. Instead, the nodes can use the storage
120
resources on Windows Storage Server to boot Windows HPC Server over the network. Nodes that use the storage resources on the storage array to boot over iSCSI are called iSCSI boot nodes. Each cluster node boots from a differencing virtual disk that is based on the same fixed virtual disk. This allows for fast deployment and recovery of the nodes. Using this solution, you can: Deploy Windows HPC Server to 256 cluster nodes in approximately 34 minutes. Subsequently boot the 256 cluster nodes in less than 9 minutes.
Conclusion
Windows Storage Server provides storage solutions for all types and sizes of organizations. Because Windows Storage Server is an optimized version of Windows Server 2008 R2, IT pros can quickly plan, deploy, and operate Window Storage Server solutions in their organization. Tight integration with other Microsoft products and technologies also helps IT pros use existing infrastructure services (such as AD DS), operations and management products (such as the System Center family of products), and security products (such as Microsoft Forefront products). Windows Storage Server can run file services, print services, Web services, and iSCSI block I/O services on a single appliance. This allows small- to medium-sized organizations and branch offices to take advantage of a multifunction appliance, instead of dedicated or single function appliances. The NFS file services, LPR print services, and iSCSI target services features in Windows Storage Server help protect investments in existing networks with other operating systems, such as Linux or Mac OS. The SMB2 protocol, DFS Namespace, and DFS Replication features in Windows Storage Server enhance performance, availability, and scalability for Windows operating systems. Also, the NAS gateway capabilities extend the storage services provided by existing storage solutions. The high-availability features in Windows Storage Server help create mission-critical solutions that require maximum uptime. Solutions can be scaled up by adding costeffective, industry-standard hardware to appliances or they can be scaled out by adding additional appliances. Highly-efficient, centralized management features, such as Group Policy, help reduce the ongoing operations and management of storage solutions. All aspects of storage management can be centrally managed, including filtering of content, disk usage quotas, and the creation of shared network storage resources. Branch offices can be easily managed from central head offices using these management features. A variety of Windows Storage Server appliances are available from Microsoft partners that can support entry level to enterprise level workloads. Windows Storage Server appliances can provide storage solutions that are flexible, easier to maintain, and more cost effective than other dedicated appliances or storage solutions.
More Information
For more information, see the following resources: Windows Storage Server 2008 R2 home page. Windows Storage Server blog. Windows Storage Server 2008 R2 Technical Library Microsoft iSCSI Software Target 3.3 Technical Library