Large-scale DFS and storage with distributed IT

  • 165 Views
  • Last Post 17 March 2016
eccoleman posted this 16 March 2016

I’m curious if anyone has implemented DFS for use at a large scale (provided as a service) for distributed IT units, such as that common in higher education. We are embarking on a new storage initiative that will provide block-level storage to units on campus at a low cost. The higher-ups are toying with the idea of providing a networked file system (DFS in particular) in front of it to present the storage to endpoints.  The napkin-sketch looks like they want the ability for each unit to have an assigned DFS root, delegated out to local admins, where they can configure at-will one or more link targets. Some single targets, some replica sets. Most of this will be VMWare based.   Some of the hurdles we foresee are:

- External collaboration - Non-AD-Joined Access - Mac/Linux Access (Macs seem to have improved)   Has anyone tackled this at a large scale (more than 10 DFS roots)?  Would you be willing to point me to your service documentation?   Thanks!

 

Erik Coleman Senior Manager, Enterprise Systems Technology Services at Illinois University of Illinois at Urbana-Champaign            

Order By: Standard | Newest | Votes
barkills posted this 16 March 2016

Yes, although we don’t yet meet your minimum benchmark and our design is slightly different than what you’ve described.

 

Our page for this service capability is at:

https://wiki.cac.washington.edu/x/obv5Aw

 

We tie eligibility and naming of the DFS folder to a delegated OU, with a single domain based root namespace. For years we struggled with how to model which organizations were eligible at various levels in a

DFS hierarchy, which is especially difficult at someplace like a large research university. Tying the DFS folder eligibility to a delegated OU meant that everyone had to meet our minimum criteria for getting a delegated OU, and that no one had special status

in the hierarchy.

 

Working out the delegated perms for creating DFS replication groups (special objects in AD) was a little work for us, so that was an additional feature we added after our initial release, but I’ve documented

those perms right there on that page, so you can benefit from our work. J

 

Brian

 

show

vluu posted this 17 March 2016

We are a multinational financial services company and have a large domain based and standalone (legacy) DFS-N with Netapp NAS (cifs & nfs). We do not delegate out management of DFS to deparments\end users, only to EUS dept. As for your concern about external collaboration, maybe ADFS can be a solution. For Linux access, we export the path on netapp and linux machine are able to mount it. We use NTFS to control permissions. 


show

Close