Dfs: A Logical View of Physical Resources

Simplify how users view and navigate enterprise networks

The Microsoft Distributed File System (Dfs) for Windows NT Server is autility, currently in public beta, that lets you create a single, hierarchicalview of your network's physical resources. Don't confuse Dfs with otherdistributed file systems used in UNIX environments (for information about thedifferences see "Dfs vs. DFS,"). With Dfs, you can build a Dfs namespace (or directory tree) so users view only one directory that spans allthe file servers and server shares in the network, instead of a long list ofservers and shares, each with a separate directory. You can position eachnetwork resource in the most logical place in your Dfs tree, regardless of whereit is actually located in the network. Furthermore, Dfs is only software. No newfile systems are created, so no extra security is required beyond native NTsecurity. Screen 1 shows an example Dfs tree created in the Windows NTMagazine Lab.

Dfs adds a layer of abstraction to the physical \servershare universalnaming convention (UNC) name, so you can access network resources in a moreintuitive manner. For example, suppose you need to find your human resourcesdepartment's benefit information. Which search is easier: looking incorpsrv3hrallinfopubinfo1996benefits (where you first have to hunt aroundfor the server and share names), or looking in tdfsdfsroothrbenefit info(where you can search down the dfsroot directory tree if necessary)?

Dfs Benefits
Dfs benefits are numerous. System administrators and designers will like howsimple it is to consolidate server shares into a single tree that's easy tomaintain. You can centrally manage a Dfs tree by controlling rights to the Dfsservers, and transparently add storage where it's needed. Users can connect toone or two Dfs network shares and easily locate data throughout the networkwithout having to remember server or share names--you can assign logical,descriptive names to resources in the Dfs tree regardless of their names in thenetwork. Because a Dfs tree is a virtual representation of physical shares, youcan also move the physical location of each share without affecting what theuser sees. The Dfs administrator needs to know where the new share physicallyresides, but your users access the data exactly as before.

Suppose you need to take down a server to upgrade it, but also keep itsdata available to users. With Dfs you can simply move the data from one serverto another, point the Dfs tree at the new physical location (using the DfsAdministrator program shown in Screen 2), and upgrade the original server atyour convenience.

A Dfs volume can increase data availability because you can use multipleservers (a.k.a. alternate paths) as duplicate storage points for anypart of the Dfs tree. Any share in the Dfs tree can point to any number ofduplicate data sources. Dfs doesn't replicate the data among the multiple datasources (so you need to use NT's directory replication services or otherproducts to do that), but it does transparently distribute the load (shown inScreen 3). Every user is routed to a different physical resource in around-robin fashion: The first user goes to duplicate resource A, the next usergoes to duplicate resource B, and so on. Each user accesses the same data onphysically different servers represented as one virtual directory. (All thesemaneuvers, of course, are transparent to the user.) With this capability, Dfsprovides some measure of fault tolerance: If any of the duplicate resourcesfail, as long as at least one still functions, users can continue to access thedata. Unfortunately, however, Dfs doesn't calculate connection costs; if youhave a pair of alternate paths and one is across the country, Dfs will not favorthe local path over the long-distance path.

Can your company benefit from Dfs? Before you spend any time planning whatgreat things you can do with Dfs, you need to see whether your network can useit. Because Dfs uses an updated version of Microsoft's Server Message Block(SMB), you must have the newest network redirectors:

Thus, how your company benefits from Dfs depends on how many Win95 and NTW4.0 clients your network includes. If your company plans to upgrade its clientsto NTW 4.0 or Win95 in the near future, you can deploy a well-designed Dfs namespace now so that it's ready and waiting as users upgrade. As clients upgrade toWin95 and NTW 4.0, they immediately can access the Dfs name space and takeadvantage of the benefits of Dfs (and entice other users to upgrade).

How Dfs Works
Although you don't need to know how Dfs works to design a Dfs name space, aworking knowledge of Dfs is a great help when you troubleshoot your network.Figure 1 shows a typical Dfs session. The following steps provide abehind-the-scenes look at how it works. (You can also view this process withNetwork Monitor 1.2, which can parse the Transact 2 Data SMB, as shown inFigure 2).

In other words, Dfs tells the client where to go, but it doesn't handle thedata transfer. Although all requests to a Dfs share must begin through a Dfsserver, the server tells the client which network share to establish aconnection with before data transfer begins. This action frees Dfsresources, resulting in a higher overall service capacity for the Dfs server.The user may notice one difference from an ordinary directory tree--the short(you hope) network delay that occurs when the computer connects to \corpsrv3.

In this example, Dfs could use alternate paths for high-availability loadbalancing for these heavily accessed shares. In that case, the Benefit Info Dfsshare would consist of three or four identical shares on different servers; userrequests to access the volume get distributed among the alternate paths.Remember, though, that Dfs 4.0 won't handle synchronization of these volumes, soyou have to add a replication step to the process.

Planning a Dfs Name Space
You need to consider several factors when planning a Dfs name space. First,the database that contains the Dfs share information is on only the Dfs server,so you have a single point of failure.

Second, a Dfs server will have high-availability requirements because allDfs share users must initially go through the Dfs server. Because of its singledatabase and high-availability requirements, a Dfs server is an excellentcandidate for a two-node standby cluster. (For more information about clusters,see Mark Smith, "Closing In on Clusters," August 1996). If the Dfsserver fails, however, network resources are still accessible by their UNC sharenames.

Third, because Dfs gives you the opportunity to construct a name spacebased on logical design rather than physical constraints, you can bypass theinherent limitations that come from trying to organize a company's data based onphysical server and share names. You can build a Dfs name space that looks likethe organization it serves, and you can easily modify it when reorganizationsoccur.

Fourth, it's better to build a Dfs server as a domain server rather than adomain controller. Besides removing the load of user authentication, a domainserver has local security that can differ from that of the domain in which itresides. With a Dfs domain server, you can tightly control who has rights tocreate, modify, and delete Dfs directories.

Fifth, the Dfs directory tree above the junction point (i.e., thepoint where a Dfs directory within the Dfs server points to a real NT share onthe network) resides on the Dfs server. If any data is in that tree, it will beon the Dfs server and the server will function like a file server. Clientswithout the Dfs software (native Win95, WFW, OS/2, NetWare) that access theon-server data won't disconnect from the server like users passing through toget to the junction points. For example, a file in tdfsdfsroothrbenefitinfo is actually on \corpsrv3hrallinfopubinfo1996benefits, whereas a filein tdfsdfsroothr resides on the tdfs server.

Last, you can encourage use of Dfs by making new server shares hidden (byplacing a dollar sign ($) in the share name). Once you add the new shares to theDfs name space, users can access them like any other resource, but they won't bevisible for connection outside Dfs.

Designing a Corporate Enterprise Dfs Name Space
You can use Dfs to design an enterprise NT name space that avoids some ofthe limitations of conventional NT domains. Figure 3 shows an example of how touse Dfs to organize the NT shares of a multinational corporation.

In this example, the XYZ corporation has three operating regions: Japan, theUnited States, and Europe. For the sake of simplicity, each region has threeservers (xxSRV1, xxSRV2, and xxSRV3), each with oneshare, that the entire corporation can access. Each region has its own Dfsserver, with network addresses 193, 192, and 194, respectively. Each region alsohas a DNS server that contains the IP address of its region's Dfs server, mappedto a host name dfs.xyz.com. All the clients and servers in each region use onlytheir region's DNS server.

With this design (and the considerations that follow), every user in theXYZ corporation can connect to only one share and access all its servers via aneasy-to-understand hierarchy. For example, users in the United States can reachdata on \eusrv2 by drilling down into their corporate-standard Dfsshare to \dfsrooteuropeserver2. You can centrally administer the Dfs pathsto the resources, while users can still access the shares directly if they wantto. Searching for files is easier because massive resources can come under oneDfs root volume (although an indexing server would help avoid networkwidesearches). As needed, you can add storage capacity transparently.

To make this design work, the setup must meet several conditions.

Figure 4 shows a design for small businesses. Each department in the companyhas a Dfs server for its users, and the corporate division has a Dfs server withjunction points to the department servers. Corporate employees can view theentire company's server resources through their Dfs server, and sales andengineering department employees usually access only their own resources.

The Big Picture
Dfs takes the concept of disk file systems--the logical naming and accessingof data on the physical disk--and applies it to networks. Dfs provides astandard naming convention and mapping for collections of servers, shares, andfiles. Dfs has limitations now, but you can assume Dfs's capabilities willexpand to integrate with the Active Directory, the Microsoft Management Consoletool, Domain Dfs, and other emerging Cairo technologies. ("Dfs: One Pieceof the New Directory Service Solution" shows what part Dfs plays in theActive Directory, NT's new directory service solution.)

See Also "Dfs: One Piece of the New Directory Service Solution"