Transcript Planning File and Print Services

Planning File and Print Services
Lesson 5
File Services Role
• The File Services role and the other storagerelated features included with Windows Server
2008 provide tools that enable system
administrators to address problems like these on
a scale appropriate to a large enterprise network.
Arranging Shares
• File-sharing strategy:
– how many shares to create
– where to create shares.
– one single file server vs. many servers scattered around the
network.
• A well-designed sharing strategy provides each user with three
resources:
– A private storage space to which the user has exclusive access.
– A public storage space, where each user can store files that they
want colleagues to be able to access.
– Access to a shared work space for communal and collaborative
documents.
Controlling Access
• On most enterprise networks, the principle of
“least privileges” should apply.
• This principle states that users should have only
the privileges they need to perform their required
tasks, and no more.
Controlling Access
• A user’s private storage space should be exactly that,
private and inaccessible, if not invisible, to other users.
• This is a place in which each user can store his or her
private files, without exposing them to other users.
• Each user should, therefore, have full privileges to his or
her private storage, with the ability to create, delete,
read, write, and modify files.
• Other users should have no privileges to that space at all.
Controlling Access to Private Folders
• The easiest way to
create private folders
with the appropriate
permissions for each
user is to create a
home folder through
each Active
Directory user
object.
Controlling Access to Public Folders
• Each user should also have full privileges to his or her
public folder. This is a space where users can share files
informally.
• Users should be able to list the contents of all public
folders and read the files stored there, but not be able to
modify or delete files in any folder but their own.
• Users should also be able to navigate throughout the
Public folder tree so that they can read any user’s files
and copy them to their own folders.
Assigning Permissions
• To simplify the administration process, you should always
assign permissions to security groups and not to
individuals.
• On a large Active Directory network, you might also
consider the standard practice of assigning the NTFS
permissions to a domain local group, placing the user
objects to receive the permissions in a global (or
universal) group, and making the global group a member
of a domain local group.
Mapping Drives
• After you have created the folders for each user and
assigned permissions to the folders, the next step is to
make sure that users can access their folders.
– Folder Redirection settings in Group Policy to map each
user’s Documents folder to his or her home folder on the
network share.
– Another way to provide users with easy and consistent
access to their files is to map drive letters to each user’s
directories using the Drive Maps feature in Group Policy so
that they can always find their files in the same place using
Windows Explorer.
Creating Folder Shares
• After you have devised a file sharing strategy for your
network, you can begin to create the shares that enable
users to access your server drives.
• Your file sharing strategy should include the following
information:
–
–
–
–
What folders you will share.
What names you will assign to the shares.
What permissions you will grant users to the shares.
What Offline Files settings you will use for the shares.
Distributed File System (DFS)
• The Distributed File System (DFS) implemented in the Windows
Server 2008 File Services role includes two technologies:
– DFS Namespaces
– DFS Replication
• DFS address these problems and enable administrators to do the
following:
– Simplify the process of locating files.
– Control the amount of traffic passing over WAN links.
– Provide users at remote sites with local file server access.
– Configure the network to survive a WAN link failure
– Facilitate consistent backups.
DFS Namespace
• DFS is a virtual namespace technology that enables
administrators to create a single directory tree that
contains references to shared folders on various file
servers, all over the network.
• This directory tree is virtual; it does not exist as a true
copy of the folders on different servers.
• Instead, it is a collection of references to the original
folders, which users can browse as though it were an
actual server share.
• The actual shared folders are referred to as the targets of
the virtual folders in the namespace.
DFS Namespace
Replicating Shares
• The DFS Replication role service performs these
tasks.
• DFS Replication is a multimaster replication
engine that can create and maintain copies of
shared folders on different servers throughout an
enterprise network.
DFS Replication
• DFS Replication service copies files from one
location to another.
• However, DFS Replication also works in tandem
with DFS Namespace to provide unified services:
– Data distribution.
– Load balancing.
– Data collection.
Configuring DFS
• Implementing DFS on a Windows Server 2008
computer is more complicated than simply
installing the File Services role and the Distributed
File System role services.
• After the role and role services are in place, you
have to perform at least some of the following
configuration tasks:
– Create a namespace.
– Add folders to the namespace.
– Create a replication group.
DFS Replication Groups
• To enable replication for a DFS folder with multiple
targets, you must create a replication group, which is a
collection of servers, known as members, each of which
contains a target for a particular DFS folder.
• In its simplest form, a folder with two targets requires a
replication group with two members: the servers hosting
the targets.
• At regular intervals, the DFS Replication engine on the
namespace server triggers replication events between
the two members, using the RDC protocol so that their
target folders remain synchronized.
DFS Replication Groups
• DFS Replication is also highly scalable and configurable.
• A replication group can have up to 256 members, with
256 replicated folders, and each server can be a member
of up to 256 replication groups, with as many as 256
connections (128 incoming and 128 outgoing).
• A member server can support up to one terabyte of
replicated files, with up to eight million replicated files
per volume.
Replication Groups
Replication Groups
• No matter which topology you use, DFS replication
between two members is always bidirectional by default.
• This means that the Replicate Folder Wizard always
establishes two connections, one in each direction,
between every pair of computers involved in a replication
relationship.
• To create unidirectional replication relationships, you can
either disable selected connections between the
members of a replication group in the DFS Management
console or use share permissions to prevent the
replication process from updating files on certain
member servers.
File Server Resource Manager
• Provides tools that enable file server administrators to
monitor and regulate their server storage, by performing
the following tasks:
– Establish quotas that limit the amount of storage space
allotted to each user.
– Create screens that prevent users from storing specific
types of files on server drives.
– Create templates that simplify the process of applying
quotas and screens.
– Automatically send email messages to users and/or
administrators when quotas are exceeded or nearly
exceeded.
– Generate reports providing details of users’ storage
activities.
Quotas
• In Windows Server 2008, a quota is simply a limit on the
disk space a user is permitted to consume in a particular
volume or folder.
• Quotas are based on file ownership. Windows
automatically makes a user the owner of all files that he
or she creates on a server volume.
• The quota system tracks all of the files owned by each
user and totals their sizes.
• When the total size of a given user’s files reaches the
quota specified by the server administrator, the system
takes action, also specified by the administrator.
Quotas
• The actions the system takes when a user approaches or
reaches a quota are highly configurable:
– A hard quota prohibits users from consuming any disk
space beyond the allotted amount.
– A soft quota allows the user storage space beyond the
allotted amount and just sends an email notification to the
user and/or administrator.
– Administrators can also specify the thresholds at which the
system should send notifications and configure the quota
server to generate event log entries and reports in
response to quota thresholds.
File Screen
• FSRM, in addition to creating storage quotas,
enables administrators to create file screens,
which prevent users from storing specific types of
files on a server drive.
Storage Reports
• FSRM can create the following reports:
– Duplicated Files
– File Screening Audit
– Files by File Group
– Files by Owner
– Large Files
– Least Recently Accessed Files
– Most Recently Accessed Files
– Quota Usage
Windows Print Architecture
• Printing in Microsoft Windows typically involves
the following four components:
– Print device
– Printer
– Print Server
– Print Driver
Windows Print Architecture
Direct Printing
• The simplest print architecture consists of one
print device connected to one computer, also
known as a locally attached print device.
• When you connect a print device directly to a
Windows Server 2008 computer and print from an
application running on that system, the computer
supplies the printer, printer driver, and print
server functions.
Direct Printing
Locally Attached Printer Sharing
• In addition to printing from an application running
on that computer, you can also share the printer
(and the print device) with other users on the
same network.
• In this arrangement, the computer with the locally
attached print device functions as a print server.
Locally Attached Printer Sharing
Networked-Attached Printing
• You can connect a print device directly to the network.
• Many print device models are equipped with network
interface adapters while others have have expansion slots
into which you can install a network printing adapter,
purchased separately.
• Finally, for print devices with no networking capabilities,
standalone network print servers are available, which enable
you to attach one or more print devices and connect to the
network.
• Print devices so equipped have their own IP addresses and
typically an embedded Web-based configuration interface.
Network-Attached Print Device
Network-Attached Print Device
Print Services Role
• When you install the Print Services role using
Server Manager’s Add Roles Wizard, you can
select from the following role services:
– Print Server
– LPD Service
– Internet Printing
Fax Server
• By installing the Fax Server role, you enable a
Windows Server 2008 computer to send and
receive faxes for clients.
• The clients send their faxes using a standard
printer interface, which connects to a fax server
on the network as easily as connecting to a local
fax modem.
Fax Server
• The basic steps involved in setting up a fax server
are as follows:
– Add the Fax Server role.
– Add the Desktop Experience feature.
– Share the fax printer.
– Configure the fax device.
– Configure incoming fax routing.
– Designate fax users.
Fax Services Role
• Installing the Fax Server role adds the Fax Service
Manager snap-in to the Server Manager console. Using
the Fax Service Manager, administrators can perform the
following tasks:
–
–
–
–
–
View and configure fax devices, such as modems.
Specify routing policies for inbound faxes.
Specify rules for outbound faxes.
Manage fax users.
Configure fax logging and archiving.
Desktop Experience Feature
• The Fax Service Manager can configure various fax
server functions, but it cannot actually send
outgoing faxes or view incoming ones.
• To send and view faxes, you must use the
Windows Fax and Scan program.
Summary
• The Distributed File System (DFS) includes two
technologies, DFS Namespaces and DFS
Replication, that can simplify the process of
locating files, control the amount of traffic passing
over WAN links, provide users at remote sites with
local file server access, configure the network to
survive a WAN link failure, and facilitate
consistent backups.
Summary
• DFS is a virtual namespace technology that
enables you to create a single directory tree that
contains references to shared folders located on
various file servers all over the network.
• DFS Replication works in tandem with DFS
Namespaces to provide unified services such as
data distribution, load balancing, and data
collection.
Summary
• The File Server Resource Manager console
provides tools that enable file server
administrators to monitor and regulate their
server storage by establishing quotas that limit
the amount of storage space allotted to each user,
creating screens that prevent users from storing
specific types of files on server drives, and
generating reports providing details of users’
storage activities.
Summary
• Printing in Microsoft Windows typically involves
the following four components: print device,
printer, print server, and print driver.
• The simplest form of print architecture consists of
one print device connected to one computer,
known as a locally attached print device. You can
share this printer (and the print device) with other
users on the same network.
Summary
• With network-attached print devices, the
administrator’s primary deployment decision is
which computer will function as the print server.
• The Print Management snap-in for MMC is an
administrative tool that consolidates the controls
for the printing components throughout the
enterprise into a single console.
Summary
• Windows Server 2008 includes a Fax Server role
that enables users to send faxes from and receive
them to their desktops.