Creating Highly Available File and Printer Shares with Windows Cluster Service Richard P. Sasser Pre

1
Creating Highly Available File and Printer Shares
with Windows Cluster ServiceRichard P.
SasserPremier SupportMicrosoft Corporation
2
Agenda

• Introduction
• Clustering basics
• LanManServer service
• Creating a virtual server
• File shares
• Introducing file shares in Windows 2000
• Normal file shares
• Share subdirectories share
• DFS shares

3
Agenda (2)

• Print Spoolers
• Introduction to the spooler resource
• Dependency Tree
• Creating a spooler resource
• Adding printers
• Adding more non-Windows 2000 drivers

4
Introduction

• The basics
• Shared nothing architecture
• Resources
• Dependencies
• Groups
• Failover and failback
• Virtual Servers
• The LanManServer service
• Creating a virtual server

5
Shared Nothing Architecture
Server A
Server B
Heartbeat
Cluster management
Disk cabinet A
Disk cabinet B
6
Resources

• Smallest unit of management in MSCS
• A resource provides a service to a client, such
  as storage, a disk, an IP address, or a network
  name
• Resources can depend on other resources
• Resources fail over or move from one node to
  another in groups

7
Dependencies

• Resources may depend on other resources
• This means a resource will not start until all of
  its dependencies come online
• Defines order of offline and online
• Typically illustrated as dependency trees
• Can only exist for resources in the same group
• Considered to be transitive
• For more information
• Q171791 Creating Dependencies in Microsoft
  Cluster Server
• Q195462 WINS Registration and IP Address
  Behavior for MSCS 1.0

8
Groups

• Logical collection of resources that must all run
  on the same node to function properly
• Hint Build groups around disks
• Unit of failover

9
Failover

• Failover is the process by which a group moves
  from one server to another
• Reasons for failover include
• The Admin has manually requested a failover
• A resource in the group has failed
• The group is configured for failback and the
  preferred owner has returned to service

10
Failback

• Failback is a user-configured option where a
  group will fail back to a preferred owner when
  that node returns to service
• For more information
• Q197047 Failover/Failback Policies on Microsoft
  Cluster Server
• Q171277 Information About Microsoft Cluster
  Server Cluster Resource Failover Time

11
Virtual Server

• A virtual server is considered to be a
  combination of two resources
• IP address
• Network name
• Provides a consistent method of access to
  clustered resources
• Organizing virtual servers into groups provides
  better granularity and scalability
• Do not use the default Cluster Group virtual
  server for anything other than administering the
  cluster

12
Virtual Server Dependency Tree
Network Name Resource (VFILE)
Group 1
Required Dependency
IP Address Resource (192.168.1.3)
13
Virtual Server Namespace
14
Virtual Server Limitations

• Q235529 MSCS Virtual Server Limitations in
  Windows 2000 Domain Environment
• Virtual servers require NetBIOS for browsing to
  function properly
• Do not restrict NTLM authentication

15
The LanManServer Service

• Clustering does not reinvent the wheel it
  registers clustered shares with the LanManServer
  service
• Certain limitations are imposed because of this
• Share names must be unique across the cluster
• Q170762 Cluster Shares Appear in Browse List
  Under Other Names

16
Creating a Virtual Server

• Pick a group, or create a new one
• Create a new IP address resource
• Create a new network name resource with a
  dependency on an IP address
• Refer to
• Q195462 WINS Registration and IP Address Behavior
  for Microsoft Cluster

17
Creating a Virtual Server Walkthrough (1)
18
Creating a Virtual Server Walkthrough (2)
19
Creating a Virtual Server Walkthrough (3)
20
Creating a Virtual Server Walkthrough (4)
21
Creating a Virtual Server Walkthrough (5)
22
Creating a Virtual Server Walkthrough (6)
23
Creating a Virtual Server Walkthrough (7)
24
Creating a Virtual Server Walkthrough (8)
25
File Shares

• Introducing file shares in Windows 2000
  clustering
• Typical file share dependency tree
• Creating a file share
• A word about security
• Normal file shares
• Share subdirectories shares
• DFS Shares
• Active Directory DFS shares

26
Introduction to File Shares

• Behave exactly like stand-alone file shares
• Creation and admin is different
• Three different types based on the Advanced
  button in the Resource Parameters dialog box
• Normal
• Share subdirectories
• DFS root
• Cluster service account requires NTFS read
  permissions to create the share

27
Typical File Share Dependency Tree
File Share Resource
Group 1
Network Name Resource
Virtual Server
IP Address Resource
Disk (Storage) Resource
28
Creating a File Share

• Create Folder to be shared
• Start the new resource wizard
• Choose file share resource
• Add appropriate dependencies
• Provide file share resource parameters

29
Resource Parameters Page File Share
30
A Word About Security

• Two types of permissions
• NTFS permissions
• Share-level permissions
• Share-level permissions enforced by LanManServer
  and administered in cluster admin
• NTFS-level permissions enforced by file system
  and administered through explorer
• ALL types of permissions should be granted to
  domain groups, not local groups

31
Security (2)

• NTFS permissions preferred
• Domain controllers (DCs) can use domain local
  groups only if all members of the cluster are DCs
• Native-mode domains can use universal groups

32
Normal File Shares

• Default when a file share is first created
• Functions just like a regular share, but clients
  connect to the virtual server name
• Should have a dependency on the network name for
  consistent access
• If data is located on shared drive, then the
  resource should depend on that drive

33
Normal File Shares - Security

• Share-level permissions administered through
  Cluster Administrator
• NTFS permissions administered through explorer

34
Share Subdirectories File Shares

• Ideal for creating home directories
• Shares out subdirectories one level below the
  root share automatically without the need for
  additional resources
• Cannot use share-level permissions here

35
The Resource
36
Folder Structure Versus Shares

• Shares Created
• users
• guy
• john
• martin
• matt
• mike
• rick

Folder Structure
37
DFS Shares

• Required Dependencies Netname and Storage Class
  Resource
• One DFS root per cluster
• Stand-alone DFS roots
• No root-level DFS shared folders
• No FRS replication of root shares
• No site preference
• May only have a single level of links

38
DFS Shares (2)

• Administered via DFS snap-in
• Domain-based DFS roots better for read-mostly
  data
• For more information on DFS see the Distributed
  Systems Guide in the Windows 2000 Server Resource
  Kit

39
Security for DFS Trees

• Significant overhead if a strategy is not
  identified early
• May point to FAT partitions share-level
  security only for these links
• Best practice Use NTFS

40
Print Spoolers

• Introduction
• Dependency tree
• Creating the print spooler resource
• Adding printers
• Adding additional non-Windows 2000 drivers

41
Introducing the Print Spooler Resource

• One spooler resource per group
• Required dependencies for network name and
  storage class resource
• Supports only LPR and SPM
• Printer and port information stored in cluster
  database

42
Introducing the Print Spooler Resource (2)

• Printers published to Active Directory are
  published by the spooler resource
• Published printers show under owning node
• Print spooler failover
• Share-level permissions administered through
  virtual server

43
Print Spooler Dependency Tree
Print Spooler Resource
Group 2
Network Name Resource
Virtual Server
IP Address Resource
Disk (Storage) Resource
44
Creating a Print Spooler (1)
45
Creating a Print Spooler (2)
46
Creating a Print Spooler (3)
47
Creating a Print Spooler (4)
48
Adding a Printer Procedural Overview

• Connect to the virtual server that the print
  spooler resource depends on
• Run the Add Printers Wizard
• Install drivers on the node that does not
  currently own the print spooler resource

49
Adding a Printer Walkthrough (1)
50
Adding a Printer Walkthrough (2)
51
Adding a Printer Walkthrough (3)
52
Adding a Printer Walkthrough (4)
53
Adding a Printer Walkthrough (5)
54
Adding a Printer Walkthrough (6)
55
Adding a Printer Walkthrough (7)
56
Adding a Printer Walkthrough (8)
57
Adding a Printer Walkthrough (9)
58
Adding a Printer Walkthrough (10)
59
Adding a Printer Walkthrough (11)
60
Adding a Printer Walkthrough (12)
61
Adding a Printer Walkthrough (13)
62
Adding a Printer Walkthrough (14)
rundll32 printui.dll, PrintUIEntry /id
63
Adding Non-Windows 2000 Drivers

• Connect to the virtual server
• Open the Printers folder
• Right-click the printer to add drivers to and
  select properties
• Select the Sharing tab
• Click the Additional Drivers button
• After the driver has been added, return to the
  Printers folder
• Fail the group to the other node
• Repeat steps 1 thru 6

64
(No Transcript)