|
Last Updated: October 22, 2009 U-M Windows Distributed File System (DFS)U-M Windows DFS BasicsThe Microsoft Distributed File System (DFS) available in Windows provides location independence and replication. Collections of files located on various Windows servers and workstations can be tied together under a DFS root share, so it is no longer necessary to mount a drive for each server individually. Unlike the Andrew File System (AFS), in widespread use across the U-M campus, MS DFS does not necessarily maintain central file store, but only provides a sort of superstructure that ties together file resources locate across the U-M Windows forest.Each domain in a Windows forest may create a DFS root, which contains subdirectories pointing to files on other machines. ITCS maintains such a DFS root. The ITCS root, \\adsroot.itcs.umich.edu\dfs, contains subdirectories which point to other DFS roots in the U-M forest, along with ITCS maintained files. The ITCS DFS root is replicated between three servers, so if one server fails, another server continues to provide DFS service.
Using DFSA user referencing a file in the DFS root will be subject to the same security checks that take place during any Windows file share. Share permissions restrict access to the share itself, and NTFS file permissions restrict access to specific files and directories. Windows files and directories may be permitted to anyone in the U-M UMRoot forest. Best practice is to create a W2k security group, and permit the file resources to that security group.Be sure to check the NTFS file permissions of shares available under DFS to make sure that permissions for the "everyone" and "authenticated users" principals are set to accommodate the intended audience. Using the Universal Naming Convention (UNC) notation, a DFS share should only use DNS names.
For more information, see How to configure DFS to use fully qualified domain names in referrals, in Microsoft's KnowledgeBase.
|
