Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

CTE with Microsoft DFSR

Terminology and Topology

search

Please Note:

Terminology and Topology

DFS(R) uses a compression algorithm known as remote differential compression (RDC). RDC detects changes to the data in a file and enables DFS Replication to replicate only the changed file blocks instead of the entire file. DFS(R) uses a database engine that keeps track of all file deltas and is used when reconciling replicated data across servers.

Term Definition
DFS Namespace A central namespace through which you can see a unified view of the shared folders that are included in the DFS.
DFS Namespace Server The server that hosts the DFS Namespace. DFS Namespace Root is the top level of the DFS namespace. The namespace root and the DFS namespace use the same name.
DFS Folder A folder presented to a client within the DFS namespace, but below the DFS root. A DFS folder can exist on the same server that is hosting the DFS root, but it is not required. DFS folders commonly represent file system resources located on other servers.
DFS Tree A DFS tree is a reference to the DFS hierarchy. The tree starts with the DFS root, and contains all of the DFS folders defined within the root.
Replicated folder A folder that stays synchronized on each member. As the data changes in each of the replicated folders, the changes replicate across connections between all members of the replication group.

In order to use DFS(R), administrators designate a namespace on a namespace server. Folders nested within the namespace contain all of the data that is distributed across many servers.

The Tools folder, in the preceding graphic, is part of a replication group composed of two servers, known as members, which participate in the replication of one or more replicated folders.

Creating multiple replicated folders in a single replication group simplifies the process of deploying replicated folders because the topology, schedule, and bandwidth throttling for the replication group are applied to each replicated folder. You can administer DFS(R) by using DFS Management, the DFS(R) Admin and DFS(R) diag commands, or scripts that call WMI. The connections between all members form the replication topology.

DFS(R) Topology

How you deploy CTE in a DFS(R) environment depends on the topology you have chosen for your DFS(R) configuration. Microsoft offers several topology options for DFS(R):

Hub and Spoke

In this configuration, there is a central server (an explicitly-designated hub) whose content is replicated on multiple satellite servers (the spokes). While each spoke server has a two-way communication channel with the hub server, none of the spoke servers can communicate with each other. If the data changes on one spoke server, that server communicates the changes back to the hub server and the hub server initiates the data replication on all of the other spoke servers.

This configuration allows you to encrypt servers one at a time, starting with the hub and then moving outwards to the spokes. This type of topology tends to be very efficient, but the problem with it is that if the initial master fails, then all replication ceases to function until it is online again. This topology is typically used for WANs that consist of faster network connections between major computing hubs and slower links connecting branch offices.

Full Mesh

A full mesh topology allows every replica to replicate with every other replica. In this configuration, data replication can be initiated by any server on all of the other servers. The advantage of using this topology is that replication continues functioning even if a server drops off-line. Users see no interruption in service. Deploying this model is useful for maintenance operations and satisfies data resiliency. The disadvantage to using this method is that it can result in an excessive amount of replication traffic.

As of Windows 2012, Microsoft added support for more than 5 replicas in a set. In addition, DFS(R) now supports multiple Namespaces: good for encrypting different namespaces with different AES keys (when required for “fencing” requirements).

In this configuration, you must stop the replication service while you encrypt the data on all servers in the mesh. You cannot restart the replication service until the initial encryption has completed on all servers.

No Topology

This option allows for creating a replication group without defining any replication topology. This means administrators may create their own custom replication topology later on.

On this page