creating highly available file and printer shares with

Creating Highly Available Creating Highly Available File and Printer Shares with File and Printer Shares with Windows Cluster ServiceWindows Cluster Service

Richard P. SasserRichard P. SasserPremier SupportPremier SupportMicrosoft CorporationMicrosoft Corporation

2

AgendaAgenda

Introduction Introduction Clustering basicsClustering basics LanManServer serviceLanManServer service Creating a virtual serverCreating a virtual server

File sharesFile shares Introducing file shares in WindowsIntroducing file shares in Windows®® 2000 2000 Normal file sharesNormal file shares Share subdirectories shareShare subdirectories share DFS sharesDFS shares

3

AgendaAgenda (2) (2)

Print SpoolersPrint Spoolers Introduction to the spooler resourceIntroduction to the spooler resource Dependency TreeDependency Tree Creating a spooler resourceCreating a spooler resource Adding printersAdding printers Adding more non-Windows 2000 driversAdding more non-Windows 2000 drivers

4

IntroductionIntroduction

The basicsThe basics Shared nothing architectureShared nothing architecture ResourcesResources Dependencies Dependencies GroupsGroups Failover and failbackFailover and failback Virtual ServersVirtual Servers

The LanManServer serviceThe LanManServer service Creating a virtual serverCreating a virtual server

5

Shared Nothing ArchitectureShared Nothing Architecture

Server AServer A Server BServer B

Disk cabinet ADisk cabinet A

Disk cabinet BDisk cabinet B

HeartbeatHeartbeat

Cluster managementCluster management

6

ResourcesResources

Smallest unit of management in MSCSSmallest unit of management in MSCS A resource provides a service to a client, A resource provides a service to a client,

such as storage, a disk, an IP address, or a such as storage, a disk, an IP address, or a network namenetwork name

Resources can depend on other resourcesResources can depend on other resources Resources “fail over” or move from one node Resources “fail over” or move from one node

to another in groupsto another in groups

7

DependenciesDependencies Resources may “depend” on other resourcesResources may “depend” on other resources This means a resource will not start until all This means a resource will not start until all

of its dependencies come onlineof its dependencies come online Defines order of offline and onlineDefines order of offline and online Typically illustrated as dependency treesTypically illustrated as dependency trees Can only exist for resources in the same Can only exist for resources in the same

groupgroup Considered to be transitiveConsidered to be transitive For more informationFor more information

Q171791 “Creating Dependencies in Microsoft CluQ171791 “Creating Dependencies in Microsoft Cluster Server”ster Server”

Q195462 “WINS Registration and IP Address BehaQ195462 “WINS Registration and IP Address Behavior for MSCS 1.0”vior for MSCS 1.0”

http://support.microsoft.com/support/kb/articles/q171/7/91.asp




8

GroupsGroups

Logical collection of resources that must all Logical collection of resources that must all run on the same node to function properlyrun on the same node to function properly

Hint: Build groups around disksHint: Build groups around disks Unit of failoverUnit of failover

9

FailoverFailover

Failover is the process by which a group Failover is the process by which a group moves from one server to anothermoves from one server to another

Reasons for failover include:Reasons for failover include:1.1. The Admin has manually requested a failoverThe Admin has manually requested a failover

2.2. A resource in the group has failedA resource in the group has failed

3.3. The group is configured for failback and the The group is configured for failback and the preferred owner has returned to servicepreferred owner has returned to service

10

FailbackFailback

Failback is a user-configured option where a Failback is a user-configured option where a group will “fail back” to a preferred owner group will “fail back” to a preferred owner when that node returns to servicewhen that node returns to service

For more information:For more information: Q197047 “Failover/Failback Policies on Microsoft Q197047 “Failover/Failback Policies on Microsoft

Cluster Server”Cluster Server” Q171277 “Q171277 “

Information About Microsoft Cluster Server ClusteInformation About Microsoft Cluster Server Cluster Resource Failover Timer Resource Failover Time””







11

Virtual ServerVirtual Server

A virtual server is considered to be a A virtual server is considered to be a combination of two resources:combination of two resources: IP addressIP address Network nameNetwork name

Provides a consistent method of access to Provides a consistent method of access to clustered resourcesclustered resources

Organizing virtual servers into groups Organizing virtual servers into groups provides better granularity and scalabilityprovides better granularity and scalability

Do not use the default Cluster Group virtual Do not use the default Cluster Group virtual server for anything other than administering server for anything other than administering the clusterthe cluster

12

Virtual Server Dependency TreeVirtual Server Dependency Tree

Network NameResource(VFILE)

IP AddressResource

(192.168.1.3)

Required Dependency

Group 1

13

Virtual Server NamespaceVirtual Server Namespace

Node A

192.168.1.1

VFILE

192.168.1.3

Node B

192.168.1.2

14

Virtual Server LimitationsVirtual Server Limitations

Q235529 “MSCS Virtual Server Limitations in Q235529 “MSCS Virtual Server Limitations in Windows 2000 Domain Environment”Windows 2000 Domain Environment”

Virtual servers require NetBIOS for browsing Virtual servers require NetBIOS for browsing to function properlyto function properly

Do not restrict NTLM authentication Do not restrict NTLM authentication



15

The LanManServer ServiceThe LanManServer Service

Clustering does not reinvent the wheel; it Clustering does not reinvent the wheel; it registers clustered shares with the registers clustered shares with the LanManServer serviceLanManServer service

Certain limitations are imposed because of Certain limitations are imposed because of thisthis Share names must be unique across the clusterShare names must be unique across the cluster Q170762 “Cluster Shares Appear in Browse List UQ170762 “Cluster Shares Appear in Browse List U

nder Other Names”nder Other Names”



16

Creating a Virtual ServerCreating a Virtual Server

1.1. Pick a group, or create a new onePick a group, or create a new one

2.2. Create a new IP address resourceCreate a new IP address resource

3.3. Create a new network name resource with a Create a new network name resource with a dependency on an IP addressdependency on an IP address

4.4. Refer to Refer to Q195462 WINS Registration and IP Address BehaviQ195462 WINS Registration and IP Address Behavi

or for Microsoft Clusteror for Microsoft Cluster



17

Creating a Virtual Server – Creating a Virtual Server – WalkthroughWalkthrough (1) (1)

18

Creating a Virtual Server – Creating a Virtual Server – Walkthrough Walkthrough (2)(2)

19


20


21


22


23


24


25

File SharesFile Shares

Introducing file shares in Windows 2000 Introducing file shares in Windows 2000 clusteringclustering Typical file share dependency treeTypical file share dependency tree Creating a file shareCreating a file share A word about securityA word about security

Normal file sharesNormal file shares Share subdirectories sharesShare subdirectories shares DFS SharesDFS Shares Active Directory™ DFS sharesActive Directory™ DFS shares

26

Introduction to File SharesIntroduction to File Shares

Behave exactly like stand-alone file sharesBehave exactly like stand-alone file shares Creation and admin is differentCreation and admin is different Three different types based on the Three different types based on the

“Advanced” button in the Resource “Advanced” button in the Resource Parameters dialog boxParameters dialog box NormalNormal Share subdirectoriesShare subdirectories DFS rootDFS root

Cluster service account requires NTFS read Cluster service account requires NTFS read permissions to create the sharepermissions to create the share

27

Typical File Share Dependency Typical File Share Dependency TreeTree

File ShareResource

NetworkName

Resource

IP AddressResource

Disk (Storage)Resource

Group 1

VirtualServer

28

Creating a File ShareCreating a File Share

1.1. Create Folder to be sharedCreate Folder to be shared

2.2. Start the new resource wizardStart the new resource wizard

3.3. Choose file share resourceChoose file share resource

4.4. Add appropriate dependenciesAdd appropriate dependencies

5.5. Provide file share resource parametersProvide file share resource parameters

29

Resource Parameters Page: File Resource Parameters Page: File Share Share

30

A Word About SecurityA Word About Security

Two types of permissionsTwo types of permissions NTFS permissions NTFS permissions Share-level permissionsShare-level permissions

Share-level permissions enforced by Share-level permissions enforced by LanManServer and administered in cluster LanManServer and administered in cluster adminadmin

NTFS-level permissions enforced by file NTFS-level permissions enforced by file system and administered through explorersystem and administered through explorer

ALL types of permissions should be granted ALL types of permissions should be granted to to domaindomain groups, groups, not localnot local groups groups

31

SecuritySecurity (2) (2)

NTFS permissions NTFS permissions preferredpreferred Domain controllers (DCs) can use domain Domain controllers (DCs) can use domain

local groups only if all members of the local groups only if all members of the cluster are DCscluster are DCs

Native-mode domains can use universal Native-mode domains can use universal groupsgroups

32

Normal File SharesNormal File Shares

Default when a file share is first createdDefault when a file share is first created Functions just like a regular share, but clients Functions just like a regular share, but clients

connect to the virtual server nameconnect to the virtual server name Should have a dependency on the network Should have a dependency on the network

name for consistent accessname for consistent access If data is located on shared drive, then the If data is located on shared drive, then the

resource should depend on that driveresource should depend on that drive

33

Normal File Shares - SecurityNormal File Shares - Security

Share-level permissions administered Share-level permissions administered through Cluster Administratorthrough Cluster Administrator

NTFS permissions administered through NTFS permissions administered through explorerexplorer

34

Share Subdirectories File SharesShare Subdirectories File Shares

Ideal for creating home directoriesIdeal for creating home directories Shares out subdirectories one level below the Shares out subdirectories one level below the

root share automatically without the need for root share automatically without the need for additional resourcesadditional resources

Cannot use share-level permissions hereCannot use share-level permissions here

35

The ResourceThe Resource

36

Folder Structure Versus SharesFolder Structure Versus Shares

Shares Created:Shares Created:

usersusers

guyguy

johnjohn

martinmartin

mattmatt

mikemike

rickrick

Folder Structure

37

DFS SharesDFS Shares

Required Dependencies: Netname and Required Dependencies: Netname and Storage Class ResourceStorage Class Resource

One DFS root per clusterOne DFS root per cluster Stand-alone DFS rootsStand-alone DFS roots

No root-level DFS shared foldersNo root-level DFS shared folders No FRS replication of root sharesNo FRS replication of root shares No site preferenceNo site preference May only have a single level of linksMay only have a single level of links

38

DFS Shares (2) DFS Shares (2)

Administered via DFS snap-inAdministered via DFS snap-in Domain-based DFS roots better for read-Domain-based DFS roots better for read-

mostly datamostly data For more information on DFS see the For more information on DFS see the

Distributed Systems Guide in the Windows Distributed Systems Guide in the Windows 2000 Server Resource Kit2000 Server Resource Kit

39

Security for DFS TreesSecurity for DFS Trees

Significant overhead if a strategy is not Significant overhead if a strategy is not identified earlyidentified early

May point to FAT partitions – share-level May point to FAT partitions – share-level security only for these linkssecurity only for these links

Best practice: Use NTFSBest practice: Use NTFS

40

Print SpoolersPrint Spoolers

IntroductionIntroduction Dependency treeDependency tree Creating the print spooler resourceCreating the print spooler resource Adding printersAdding printers Adding additional non-Windows 2000 driversAdding additional non-Windows 2000 drivers

41

Introducing the Print Spooler Introducing the Print Spooler ResourceResource One spooler resource per groupOne spooler resource per group Required dependencies for network name Required dependencies for network name

and storage class resourceand storage class resource Supports only LPR and SPMSupports only LPR and SPM Printer and port information stored in cluster Printer and port information stored in cluster

databasedatabase

42

Introducing the Print Spooler Introducing the Print Spooler ResourceResource (2) (2)

Printers published to Active Directory are Printers published to Active Directory are published published byby the spooler resource the spooler resource

Published printers show under owning nodePublished printers show under owning node Print spooler failoverPrint spooler failover Share-level permissions administered Share-level permissions administered

through virtual serverthrough virtual server

43

Print Spooler Dependency TreePrint Spooler Dependency Tree

Print SpoolerResource

NetworkName

Resource

IP AddressResource

Disk (Storage)Resource

Group 2

VirtualServer

44

Creating a Print Spooler Creating a Print Spooler (1)(1)

45


46


47


48

Adding a Printer: Procedural Adding a Printer: Procedural OverviewOverview

1.1. Connect to the virtual server that the print Connect to the virtual server that the print spooler resource depends onspooler resource depends on

2.2. Run the Add Printers WizardRun the Add Printers Wizard

3.3. Install drivers on the node that does not Install drivers on the node that does not currently own the print spooler resourcecurrently own the print spooler resource

49

Adding a Printer Walkthrough Adding a Printer Walkthrough (1)(1)

50


51


52


53


54


55


56


57


58


59


60


61


62

Adding a Printer Walkthrough (14)Adding a Printer Walkthrough (14)rundll32 printui.dll, PrintUIEntry /id

63

Adding Non-Windows 2000 Adding Non-Windows 2000 DriversDrivers1.1. Connect to the virtual serverConnect to the virtual server2.2. Open the Printers folderOpen the Printers folder3.3. Right-click the printer to add drivers to and Right-click the printer to add drivers to and

select propertiesselect properties4.4. Select the Sharing tabSelect the Sharing tab5.5. Click the Additional Drivers buttonClick the Additional Drivers button6.6. After the driver has been added, return to the After the driver has been added, return to the

Printers folderPrinters folder7.7. Fail the group to the other nodeFail the group to the other node8.8. Repeat steps 1 thru 6Repeat steps 1 thru 6

creating highly available file and printer shares with

Technology

virtual server file

virtual server walkthrough1

virtual server walkthrough2

virtual server walkthrough3

virtual server walkthrough4

virtual server walkthrough5

virtual server walkthrough6

virtual server walkthrough7