2. Aujourd’hui
Gestion de l’espace de stockage local.
Gestion des serveurs fichiers.
Gestion des services d’impression.
Gestion de serveurs à distance.
4. Objectifs
4
• Introduction au stockage
• Vue des différences entre DAS, NAS et SAN.
• Gestion formats de partition et systèmes de fichier
• Implémentation d’un espace de stockage
• Windows Storage Space
5. Stockage – Types de disques
5
• SATA
• SATA 3.0 Débit théorique 6 Gb/s (750 Mo/s)
• Typiquement 5k-7k rpm.
• Un disque par port.
• Insérable à chaud – selon le disque.
• Lowest price per gigabyte.
• Serial attached SCSI (SAS)
• Fiable - Conçu pour entreprises - run 24x7 days
• Chaque disque offre jusqu’à 12 Gb/s (<128 disks par HBA).
• Typiquement 10k-15k rpm.
• Insérable à chaud – chaînable.
• SAS HBAs also support SATA devices.
• Peut gérer plusieurs requêtes simultanément.
7. Stockage – Type de disques
7
• SSD
• Interface SATA – PCIe.
• Flash – onéreuse – performante.
• Green – More than 30 mns battery boost.
• Flash in SSD faster and more reliable than USB flash.
• Circuits imprimés - Random access.
8. Performance des disques durs
8
• Mechanical – Slower.
• Cache to improve perfs.
• Temps de lecture / écriture.
• Vitesse transfert de l’interface (bus).
• Vitesse de rotation – Temps de recherche.
9. Espace de stockage
9
• DAS
• NAS
• SAN
• LUN – logical unit number
• Fibre channel vs iSCSI
10. Utilisation de la technologie RAID
10
• Redundant Array of Independent disk
• RAID 0 – stripped
• RAID 1 - mirrored
• RAID 5 – stripped w/ parity
• RAID 10
• …
12. Software vs Hardware RAID
12
• Soft RAID
• Drive virtualization managed by OS (Ms, Linux, Apple)
- Processing on the motherboard
• Lower overhead for RAID 0 and RAID 1.
- OS specific
• Hardware RAID
• Managed by a controller card
• Better performance and interoperability
• Hot-swappable drives
• Expensive
14. Gestion des disques et volumes - MBR
14
• Partition primaire
• Supporte l’installation d’un OS.
• 4 partitions maxi pour un disque.
• Partition étendue
• 3 partitions maxi + partition étendue
• Peut contenir plusieurs volumes.
• Taille disque limitée à 2TB
GPT : 128 partitions
Partition jusqu’à 8zB (10^21)
Disque jusqu’à 18 EB (10^18)
15. Systèmes de fichiers
15
• FAT/FAT32/exFAT
• No security except exFAT - Widely compatible
• NTFS
• Security perms (ACL)
• Encryption xor compression
• Auditing - Quotas
• Large files and volumes
• ReFS
• Even larger files, dirs, vols
• High resiliency – error correction – verification
• Backward compatible
16. Windows disk management – Basic disk
16
• Basic disk – Dynamic disk
• Basic disks
• Default disk type
• Widely compatible ( can plug it to Linux/MacOS
depending on the FS)
• No fault tolerance (apart from RAID controller)
• Only simple volume is available
• You can make simple volume available to folder
17. Windows disk management - Dynamic disk
17
• No direct performance benefit
• Volumes not partitions
• Allows for multi-disk configurations
• Simple - spanned – striped – mirrored –
striped+parity
• Most admins don’t use SAN, cloud storage,
RAID controller/
• Dynamic disk is Microsoft specific
• RAID-10 is not available.
• Sustain failures of more than one disk.
18. Storage spaces – Poor man’s SAN
18
• SAN are very expensive and require high
expertise
• Win-12 et win-8
• Virtual disk
• Not VHD, VHDX.
• Formed from storage pool.
• Storage pool
• 1 or more disks (internal, external, various interfaces)
• Easily extended w/more unformatted disks
• Can be fault tolerant (include hot spare)
• Can be thin provisioned
19. Virtual disk configurations
19
• Storage layout
• Simple
• Mirror
• Parity
• Provisioning
• Fixed vs thin
• Allocation
• Data store
• Manual
• Hot spare
21. Objectifs
• Mise en place des permissions NTFS et partage.
• Mise en place des work folders.
• Création et utilisation de clichés instantanés.
22. Permissions NTFS
22
• Contrôle l’accès aux fichiers et dossiers sur une
partition NTFS.
• Héritage activé par défaut.
• Permissions standards.
• Permissions avancées.
23. Permissions NTFS standards
23
• Contrôle total
• Modification
• Lecture et exécution
• Ecriture
• Affichage du contenu de dossier
24. Permissions NTFS avancées
24
• Parcours du dossier/exécuter le fichier.
• Liste du dossier/Lecture de données.
• Attributs de lecture /Attributs d’écriture
• Création de fichier / Ecriture des données.
• Création de dossier / Ajout de données.
• Suppression de sous-dossier et fichier.
• Suppression.
• Autorisations de lecture.
• Modifier les autorisations.
• Appropriation.
25. Répertoire partagé
25
• Autorisations de sécurité pour confidentialité.
• Partage administratifs (dc1Data$)
• Shared permissions
• Ne s’appliquent qu’aux dossiers et over the network.
• Exception pour RDS
• Read
• Change
• Full Control
• Conflit entre autorisations NTFS héritées et
explicites
• Désactiver l’héritage.
28. Access –Based Enumeration (ABE)
28
• Affiche dans un partage uniquement les
fichiers/dossiers pour lesquels l’utilisateur à des
droits de parcours/lecture.
• Configurable dans les paramètres de partage
depuis le gestionnaire de serveur.
29. Shared vs NTFS permissions
29
• Windows used both.
• NTFS permissions are more in-depth.
• What happens in case of conflict ?
• The more restrictive permission prevails.
30. Work folders - Purpose
30
• BYOD
• Sécuriser les données pour qu’elles soient
inexploitables en cas de vol ou de perte.
• Stockage local, impossibilité de faire des sauvegardes.
• Aucune donnée ne doit être hébergée chez un
fournisseur de cloud non validé par la DSI.
31. Work folders – Fonctionnalités
31
• Fichiers de travail disponibles sur tous les
appareils que vous utilisez.
• Politiques de sécurité
• Chiffrement des Dossiers
• Verrouillage automatique de l’écran
• Authentification requise pour accéder au PC
• Supprime tous les fichiers dans Work Folders, en cas
de perte de PC par exemple.
32. Work folders
32
• Peut-être synchronisé sur Internet en utilisant la
fonctionnalité Web Application Proxy.
• Certificat de serveur requis sur chaque file server
utilisant work folders et sur le proxy.
• Nom de domaine public et intégration DNS.
• Chemin peut être modifié lors de l’installation.
• Clients 8.1.
• Taille fichiers limité à 10 Go.
33. Clichés instantanés (Shadow copy)
33
• VSS permet de sauvegarder des données d’un
volume pendant leur utilisation.
• Stockage sur volume externe possible.
• Possibilité de définir des quotas.
• Possibilité de planifier les quotas.
37. Imprimante réseau
37
• Gestion impression.
• Publication dans AD
• Facilite ajout et suppression par les utilisateurs.
• Jobs imprimés via le serveur.
• Distribution des imprimantes via GPO.
• Simplification administration.
38. Pilote v3 et v4 pour les imprimantes
38
• Pilotes v3
• Depuis win2K
• Pilote spécifique au constructeur
• Pilote 32 bits ≠Pilote 64 bits.
• Pilotes v4
• Classes de pilote d’impression
• XPS, PCL
• Distribué par WSUS ou Windows update.
39. Pools d’imprimantes
39
• Unité logique relié à plusieurs périphériques
• Disponibilité
• Les imprimantes doivent avoir le même pilote et
imprimer dans le même format.
42. Remote Mgmt - Serveurs non membres
42
• La résolution du nom du serveur doit être
possible
• Redirecteur conditionnel
• Serveur non joint au domaine
• Rajouter à Trusted Hosts
PS> Set-item WSMan:localhostClientTrustedHosts -Value
<target> -Force
• In case of problem:
• Configure LocalAccountTokenFilterPolicy
43. Remote server management – contd.
43
Your network contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server
2012 R2 and a server named Server2 that runs
Windows Server 2008 R2 Service Pack 1 (SP1). Both servers are member
servers. On Server2, you install all of the software required to ensure
that Server2 can be managed remotely from Server Manager.
You need to ensure that you can manage Server2 from Server1 by
using Server Manager. Which two tasks should you perform on
Server2?
Run the Confiqure-SMRemoting.ps1script with enable parameter
Run the Set-ExecutionPolicycmdlet.
Difference between disk, drive, volume.
Bring a disk online = set-disk
Defragment volume= optimize-volume
Remove a disk named disk2 from a storage pool = remove-physical disk
Diskpart
create vdisk
attach vdisk
create partition
assign letter
format
Storage pool use unallocated space
- delete volume first
New internal SAS disk
initialize-disk
new-partition
Format-volume
Before making a snapshot - convert to dynamically expanding.
Extérieurement, un disque dur SAS ne se différencie d’un modèle SATA que sur un seul point : le SAS possède un connecteur données + alimentation unique, alors que les deux sont séparés sur le SATA. Il est donc possible de brancher des câbles SAS sur du matériel SATA, mais non l’inverse.
Tous les PC vendus actuels sont équipés de deux, quatre, voire six ports SATA ou plus permettant d’utiliser indifféremment disques durs, SSD ou lecteurs optiques.
SATA - En pratique, on se retrouve souvent jusqu’à 15 % en dessous de ces chiffres, mais il faut savoir qu’en règle générale, c’est le disque dur proprement dit, et non l’interface, qui constitue le goulot d’étranglement.
The mean time between failures (MTBF) for a SAS drive is 1.2 to 1.6 million hours of use at 45 °C, while the MTBF for a SATA drive is 700,000 hours to 1.2 million hours of use at 25 °C.
-Diffen.com
MTBF SSD 2000000 hours.
http://www.storagereview.com/ssd_vs_hdd
SAS drives interoperate with SATA drives to combine the two technologies on the same controller. SAS disk controllers can control SATA drives as well, though the reverse is not true.
http://www.racktopsystems.com/12gbs-sas-what-does-it-mean-for-sata/
Quel est l'intérêt de la technologie SAS ?Le SAS offre un taux de transfert de 3 Gbits/s, légèrement supérieur à l'Ultra 320 SCSI qui plafonne aujourd'hui à 2,56 Gbits/s. Mais, surtout, les débits fournis par le SAS sont exclusifs. Ainsi, chaque disque dispose d'un débit de 3 Gbits/s, contrairement au SCSI parallèle où la bande passante de 2,56 Gbits/s est répartie entre tous les périphériques du contrôleur. Par ailleurs, le SCSI parallèle limitait les connexions à 15 disques par contrôleurs contre 128 disques par connexion pour le SAS.Faudra-t-il changer de matériel ?Non, la rétro-compatibilité avec le matériel SCSI a été assurée, de même que le SAS pourra fonctionner avec des disques SATA si les deux interfaces cohabitent dans une même grappe de stockage. Les connecteurs, mais aussi les câbles d'interfaces, sont communs entre les disques SAS et SATA, ce qui permettra aux administrateurs d'utiliser leurs câbles indifféremment pour l'une ou l'autre de ces technologies.Journaldunet.com
http://www.storagesearch.com/sas-art2.html
SATA allows one drive per channel, unless using a port multiplier. Serial Attached SCSI uses the same physical interconnects as SATA, and most SAS HBAs also support SATA devices.
Wikipedia.fr
http://www.serialstoragewire.org/Articles/2007_07/itinsights24.html
SAS uses the same type of cable as SATA and a very similar connector. The SAS interface can also support SATA devices at 150 MBps. However, SATA interfaces can't support SAS devices. The SAS plug has a key that won't fit a SATA socket.
http://www.computerweekly.com/news/1362941/SATA-SCSI-and-SAS-Which-drive-is-right-for-your-storage-environment
Disk types, RAID
http://www.dell.com/support/article/us/en/19/SLN129581/EN
http://www.storagereview.com/ssd_vs_hdd
Disk latency is around 13 ms – RAM latency is around 83 ns.
http://blog.scoutapp.com/articles/2011/02/10/understanding-disk-i-o-when-should-you-be-worried
Temps accès SSD
0,1 ms, taux de transfert +500 Mo/s.
HDD
Taux de transfert 100 Mo/s.
http://arstechnica.com/information-technology/2012/06/inside-the-ssd-revolution-how-solid-state-disks-really-work/1/
Cache
requests – sort them in the queue
data – pre-fetch
Depends on workload
sequential versus random.
Spanned volume
http://timourrashed.com/differences-between-partition-types/
Software raid versus hardware RAID
http://www.computerweekly.com/news/1367590/Software-RAID-vs-hardware-RAID-Pros-and-cons
http://www.thinkmate.com/storage/reference/what-is-raid
Q: If I use pass-through storage with Windows Server 2012 Hyper-V what are the features I lose?
A: Pass-through storage is a configuration that lets a virtual machine(VM) directly access a disk on the Hyper-V host. In this configuration, the host must have the disk in an offline state and only the VM can access the disk in pass-through configuration, making it an exclusive resource.
While pass-through was required in previous versions of Hyper-V due to limitations in the virtual hard disk (VHD) format (mostly maximum size which was 4TB), Windows Server 2012 has the new VHDX format. This not only has a new maximum size of 64TB but also delivers performance matching native disk levels, even with dynamic disks, removing the need for pass-through. If you do use a pass-through disk, you lose such key features or abilities as these:
Create a snapshot
Virtual Machine backup
Storage Migration
Hyper-V Replica
Storage QoS
http://blogs.technet.com/b/askcore/archive/2008/10/24/configuring-pass-through-disks-in-hyper-v.aspx
On appelle partitionnement le processus qui consiste à écrire les secteurs qui constitueront la table de partition (qui contient les informations sur la partition: taille de celle-ci en terme de nombre de secteurs, position par rapport à la partition principale, types de partitions présentes, systèmes d'exploitation installés,...).
System partition has boot files, boot partition has system files
Contrôle total – Droits complets inclut la possibilité de modifier les autorisations ou de devenir propriétaire.
Affichage du contenu de dossier – sans pouvoir lire nécessairement les fichiers du dossier.
Héritage bloqué : Modification des permissions du dossier parent ne s’appliquent plus sur l’enfant.
http://www.howtogeek.com/72718/how-to-understand-those-confusing-windows-7-fileshare-permissions/
http://www.basvankaam.com/2013/06/15/share-vs-ntfs-permissions/
Supprimer toutes les autorisations héritées de cet objet.
Your network contains an Active Directory domain named contoso_com. The domain contains a domain controller named Serverl that runs Windows Server 2012 R2 On Server1 , you create a work folder named Work1. A user named Userl connects to Workl from a computer named Computer1. You need to identify' the last time the documents in Workl were synchronized successfully from Computerl What should you do? From Server Manager, review the properties of Computer1.From Windows PowerShell, run the Get-SyncUserSettingscmd. From Windows PowerShell, run the Get-SyncSharecmd. *From Server Manager review the properties of User1.
Get-printer printer1 | Format-List
Item 180f50 (70-410, Q7) You have a print server named Server1 that runs Windows Server 2012 R2 You discover that when there are many pending print jobs, the system drive occasionally runs out of free space.You add a new hard disk to Server1 You create a new NTFS volume. You need to prevent the print jobs from consuming disk space on the system volume. What should you modify'? A. The properties on the new volume B. The properties of the Print Spooler service C. The Print Server Properties D. The properties of each shared printer Answer: C
Your network contains an Active Directory domain named contoso_com_ The domain contains a server named Serverl _Server1 runs Windows Server 2012 R2 On Serverl, you create a pnnter named Printed_ You share Pnnted and publish Printed in Active Directory. You need to provide a group named Groupl With the ability to manage Printer1What should you do? A. From Print Management, configure the Sharing settings of Printer1. B. From Active Directory IJsers and Computers, configure the Security settings of Server1- Printer1 C. From Print Management, configure the Security settings of Printerl D. From Print Management, configure the Advanced settings of Printer 1Answer: C
Explanation: If you navigate to the Security tab of the Print Server Properties yo Will find the Permiss Ons that you can set to Allow which wi manage Printerl Set permissions for print servers provide Groupl With the abl ty to Open Print Management. ln the left pane, clickPrint Servers, nght-click the applicable print server and than clickProperties.On theSecuritytab, underGroup or users names, click a user or group for which you want to set permissions. UnderPermissions for user or group names» select theAlloworDenycheck boxes for the permissions listed as needeD To editSpecial permissions, clickAdvanceD On thePermissionstab, click a user group, and then clickEdit ln thePermissionEntrydaog box, select theAlloworDenycheck boxes for the perm ssions that you want to edit_
>Your network contains an Active Directory domain named contoso.com. The domain contains a print server named Server1 that runs Windows Server 2012 R2 You share several printers on Server1. You need to ensure that you can View the pnnter objects associated to Server1 in Active Directory Users and Computers. Which option should you select? You can View printer objects in Active Directory by clicking Users, Groups, and Computers as containers from the View menu ln the Active Directory Users and Computers snap-in_.By default, printer abjects are created under the machine object in which they are shared. After you turn on the Users, Groups, and Computers as containers option, you can see printers by expanding the printers host computer.
Your company has a main office and a sales office. The main office has 2 000 users. The sales office has 20 users. All client computers in the sales office run Windows.The sales office contains a print server named App1 that runs Windows Server 2012 R2. App1 has a shared printer named Printer1. Printer1 connects to a network- attached print device. You plan to connect all of the users in the sales office to Printer1 on App1.You need to ensure that if App1 fails, the users can continue to print to Printer1.What should you configure on App1?
Enable branch office direct printing.
http://technet.microsoft.com/en-us/library/hh921475.aspx
QUESTION 86
Your network contains an Active Directory domain named contoso.com. The domain contains a
server named Server1 that runs Windows Server 2012 R2 and a server named Server2 that runs
Windows Server 2008 R2 Service Pack 1 (SP1). Both servers are member servers. On Server2,
you install all of the software required to ensure that Server2 can be managed remotely from
Server Manager.
You need to ensure that you can manage Server2 from Server1 by using Server Manager.
Which two tasks should you perform on Server2? (Each correct answer presents part of the
solution. Choose two.)
A. Run the systempropertiesremote.execommand
B. Run the Enable-PsRemotingcmdlet.
C. Run the Enable-PsSessionConfigurationcmdlet
D. Run the Confiqure-SMRemoting.ps1script
E. Run the Set-ExecutionPolicycmdlet.
->DE
Your network contains two servers named Serverl and Server2 that run Windows Server 2012 R2_Server1 and Server2 are part of a workgroup_ On Serverl and Server2 you create a local user account named Adm nl _ You add the account to the local Administrators group. On both servers, Admnl has the same password. You log on to Serverl as Adminl _ You open Computer Management and vol_connect to Server2_ When you attempt to create a scheduled task, view the avent logs, and manage the shared folders, you receve Access Denied messages. You need to ensure that you can administer Server2 remotely from Serverl by using Computer Management. What should you configure on Server2? A. From Server Manager, modiFy' the Remote Management setting. B. From Local IJsers and Groups, modiFy' the membership of the Remote Management IJsers group. C. From Windows Firewall, modiFy' the Windows Management Instrumentation (WMI) firewall rule. D. From Registry Editor, configura tha LocalAccountTokanFiltarPolicy registry value.
Your network contains an Active Directory domain named adatum_com. The domain contains a server named Serverl that runs Windows Server 2012 R2 On a server named Corel, you perform a Server Core Installation of Windows Server 2012 R2_You join Corel to the adatum.com domain. You need to ensure that you can use Event Viewer on Serverl to view the event logs on Corel. What should you do on Corel? A. Run tha Enable-NetFirawallRule cmdlet. B. Run the Disable-NetFirewallRule cmdlet. C. Install Windows Management Framework. D. Install Remote Server Administration Tools (RSAT). Answer: A Information regarding IPsec policy changes, etc. can be found in the Event V ewer_ Thus you need to enable the NetFirewallRule command. This Will a Iow to View the avent logs