Archive for January 2013

Roaming Profiles and Redirecting Folders on Windows Server 2008 R2Terminal Servers

redirect

What is a Roaming Profile?

A roaming user profile is user data, stored in a specific folder structure, to follow users as they log on to and log off from different computers. Roaming user profiles are stored on a central server location. At log on, Windows copies the user profile from the central location to the local computer. When the user logs off, Windows copies changed user profile data from the client computer to the central storage location. This ensures that the client data follows users as they roam the environment.

Roaming user profiles solve part of the roaming problem, but it also creates added concerns. User profiles can increase in size, some as large as 20 megabytes or more. This increase causes delays in user logons, because it takes some time for Windows to copy the information to the local computer. Another concern with roaming user profiles is that they are saved only at logoff. Therefore, when a user logs on to one computer and changes data within their profile, the changes remain local and remain local until the user logs off, making real-time access to user data challenging in a roaming user environment. Folder Redirection reduces some of these problems.

Folder Redirection

Folder Redirection is a client side technology that provides an ability to change the target location of predetermined folders found within the user profile. This redirection is transparent to the user and gives the user a consistent way of saving their data, regardless of its storage location. Folder Redirection provides a way for administrators to divide user data from profile data. This division of user data decreases user logon times, and Windows downloads less data. Windows redirects the local folder to a central location, giving the user immediate access to their data when they save it, regardless of the computer they are using. This immediate access removes the need to update the user profile.

Folder Redirection helps with slow logons and missing data problems because the Application Data, Desktop, My Documents, My Pictures, and Start Menu can be supported by Folder Redirection in Windows XP/Vista/7

Windows XP Profile Folder Locations

* These directories are hidden by default. To see these directories, change the View Options.

XPLocation2

Windows 7 Profile Folder Locations

  • The biggest change is the location of the profiles themselves – the user profiles are now located under c:\users\<username> instead of c:\documents and settings\<username>
  • Appdata – This is now a combination of c:\documents and settings\\application data\ and c:\documents and settings\\local settings\ – this folder contains three folders – “Local”, “LocalLow” and “Roaming”

7Location2

Setting up a Profile and Home Directory Folder Requirements

Note: Profiles and Home Directories can be on the same server

  • A Profile Server
  • A Home Directory Server

Instructions

When setting up the file server you need to be sure that the permission on the folder are setup so that a user can create a new folder however you also need to ensure that they can only see their own files.

Note: When creating the Share, it is Best Practice to add a $ sign to the end of the Share which will keep it hidden from regular users

  • Create a new folder and call it Profiles

profile folder

  • Click the Sharing tab and then click Advanced Sharing then click Permissions
  • Make sure the Everyone Group has Full Control
  • Make sure the Administrators Group has Full Control, you may have a differently named Admin Group so add as necessary
  • Make sure the SYSTEM group has Full Control

permissions

  • Click OK
  • Click on the Security Tab and Untick “Include inheritable permission form this object’s parent”
  • Click on the Security Tab and Select Advanced
  • Select Change Permissions and make sure your permissions look like the below screenprint and conform to the below information
  • Configure the folder to not inherit permissions and remove all existing permissions.
  • Add the file server’s local Administrators group with Full Control of This Folder, Subfolders, and Files.
  • Add the Domain Admins domain security group with Full Control of This Folder, Subfolders, and Files.
  • Add the System account with Full Control of This Folder, Subfolders, and Files.
  • Add the Creator/Owner with Full Control of Subfolders and Files.
  • Add the Authenticated Users group with both List Folder/Read Data and Create Folders/Append Data – This Folder Only rights. The Authenticated Users group can be replaced with the desired group, but do not choose the Everyone group as a best practice.

The share permissions of the folder can be configured to grant administrators Full Control and authenticated users Change permissions.

perms2

  • After you configure the share and security permissions, click on the Sharing tab and then the “Caching” button and select the “No Files or programs from the share folder are available offline” options then press OK then OK then Close.

caching

  • Next do exactly the same to create a shared folder for the Home Directory folder

Setting up a User account with a Profile Path Remote Desktop Profile Path and Home Directory

NOTE: This can be controlled by Group Policy but do it manually while you test a user

NOTE: I had to put the same path in the Profile Path and the Remote Desktop Services Profile Path to get full roaming profile on my folders

  • You configure the profile location for a user on the Profile or Remote Desktop Services Profile tab within Active Directory Users and Computers. Type a UNC path to where Windows should create the user profile. The following screen shots below give you an example a user account configured with a profile path and a Remote Desktop Services Profile
  • The folder redirection client side extension is only able to process two environment variables: %username% and %userprofile%. Other environment variables such as %logonserver%, %homedrive% and %homepath% will not work with folder redirection.

profiles2

  • And also add the same for the Remote Desktop Services Profile (Note this can be controlled by Group Policy as detailed at the end of this document. For now, I’ve just added it in manually so you can see where it is)

rdprofile

Setting up Group Policy for re-directing User Profile folders

  • To start the Group Policy snap-in from the Active Directory Users and Computers snap-in, click Start, point to Programs, click Administrative Tools, and then click Group Policy Management
  • In the MMC console tree, right-click the domain or the OU for which to access Group Policy and select  Create a GPO in this domain and link it here
  • Click New, and type the name to use for the GPO. For example, type Roaming Profile GPO
  • Expand the OU so you can see the new Policy and right click and Edit to open the Group Policy
  • Click Edit to open the Group Policy snap-in and edit the new GPO
  • In the Group Policy console, expand the User Configuration, Policies, Windows Settings, and Folder Redirection nodes. Icons for the personal folders that can be redirected will be displayed

gpfolders1

  • Right click on AppData (Roaming) and select Properties
  • There are 3 settings to choose from –  Not Configured, Basic Redirection and Advanced Redirection

Basic Redirection and Advanced Redirection are available to all folders listed in the snap-in. You use basic redirection when you store the selected folder in the Group Policy object on the same share for all users. You use Advanced Redirection when you want to redirect the selected folder to a different location based on a security group membership of the user. For example, you would use Advanced Folder Redirection when you want to redirect folders belonging to the Accounting group to the Finance server and folders belonging to the Sales group to the Marketing server

  • Choose Basic – Redirect everyone’s folder to the same location
  • Choose Create a folder for each user under the root path
  • Type the root path to the shared folder

appdatar

  • Click Settings
  • Untick Grant the User Exclusive rights to AppData(Roaming)

If you leave “Grant the user exclusive rights to Documents” ticked then when the folder is initially setup Windows will block inheritance on the folder and grant exclusive access to the users on these files. This will lockout even administrators to the files which makes administration of these folders very difficult. If an administrator did need to access these files they will need to take ownership which in turn removes access from the users to their files. The admin will then need to ensure that they need to re-setup the permission on the folder to ensure that they users can still access the files.

gpappdatasettings

  • Only apply redirection policy when you have multiple O/S’s
  • Generally recommended for Policy Removal to Leave the folder in the new location when the policy is removed
  • The Pictures, Music and Videos Properties page provides an additional options for the folder as seen in the below screenprint: Follow the Documents Folder

gppictures

  • When it comes to the My Documents/Documents folder there are several options again
  • Note: Unlike Windows 2000, you do not need to type in the %username% variable. The folder redirection code will automatically create a My Documents folder for each user, inside a folder based on their user name. For example, type \\FolderServer\MyDocumentsFolders rather than \\FolderServer\MyDocumentsFolders\%username% as you would on Windows 2000.

docsnew1

  • Click the Settings Tab
  • By default, Administrators do not have permissions to users’ redirected folders. If you require the ability to go into the users folders you will want to go to the “Settings” Tab, and uncheck: “Grant the user exclusive rights to” on each folder that is redirected. This allows Administrators to enter the users redirected folder locations without taking ownership of the folder and files.

docsnew2

  • Note: If you already have a shared home folder as we set up earlier, it is best not to select Redirect to the Users Home Directory. See Link below for more info

http://support.microsoft.com/kb/321805

gpdocuments_homedir

  • Go through all the rest of the folders you want to redirect
  • Finish

When you enable folder redirection for users for the first time, you will find the logon to be very slow. You are in effect copying the contents of all the user’s personal folders across the network to the server and you can imagine the effect if you are doing this for multiple users at the same time when the login. Before applying this policy to an OU containing hundreds of users, it may be worth creating a new OU and migrating a few users at a time across and will also help you troubleshoot easier without thousands of helpdesk calls about profiles.

You can enable Access based Enumeration however if there is going to a lot of user folders on any one of these shares you could experience degradation of performance. Enabling ABE on a share does come at a price of performance

Other Group Policy Settings

  • Setting the same Roaming Profile path for all users logging on

Navigate to Computer Configuration > Policies > Administrative Templates > System > User Profiles and enable the “Set roaming profile path for all users logging onto this computer” and configure the path to the shared folder for profiles.

gp1

  • Add the Administrators Security Group to roaming user profiles

Navigate to Computer Configuration > Policies > Administrative Templates > System > User Profiles and enable the “Add the Administrators Security Group to roaming user profiles”

gp2

  • Set Path for the Remote Desktop Services Roaming User Profile

Navigate to Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host\Profiles

rdgp

  • Set Remote Desktop Services User Home Directory

Navigate to Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host\Profiles

rdhome2

  • Background upload of a roaming profile’s registry while user is logged on

Navigate to Computer Configuration > Policies > Administrative Templates > System > User Profiles > Background upload of a roaming profile’s registry while user is logged on

sync

  • User Group Policy loopback processing mode

Navigate to: Computer Configuration > Policies > Admin Templates > System > Group Policy and change the following setting: User Group Policy loopback processing mode to Replace

loopback

Quotas

Quotas on Profile and Home Directories can be controlled to stop them growing large. Please see the following Blog post for details on setting this up

http://www.electricmonk.org.uk/?s=quota

Issues

  • If you set the Group Policy Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Profiles > Set Remote Desktop Services User Home Directory as per below

gpo

and

gpo2

  • You will get a folder mapped which is actually \\server\homedrive%username%.%domain%
  • The username only folder which is what you actually want when it is mapped not the username.domain folder is created just after the username.domain folder, this is actually when the redirection policy is running. The folder redirection is creating the username directory and you will see the redirected folders underneath this. If you try redirecting to %username%.%userdomain% it starts to mess redirection up.

What can you do?

  • You could live with the fact that your \\server\homedrive\%userame% folder is holding the redirected folders and
  • You could live with the fact that your \\server\homedrive%username%.%domain% folder is the offiical GPO created tshome folder
  • But you can not set this policy at all and simply leave it as unconfigured and set the home drive on the user’s AD Profile as per below
  • Then it setups correctly and you’ll see all your redirected folders in here as well.

gpo3

 

 

RAID Levels

mirror-from-IKEA

What is RAID?

RAID stands for Redundant Array of Inexpensive (Independent) Disks. Data is distributed across the drives in one of several ways called “RAID levels”, depending on what level of redundancy and performance is required.

RAID Concepts

  • Striping
  • Mirroring
  • Parity or Error Correction
  • Hardware or Software RAID

RAID Levels

0,1,5 and 10 are the most commonly used RAID Levels

  • RAID 0

RAID_0.svg

RAID 0 (block-level striping without parity or mirroring) has no (or zero) redundancy. It provides improved performance and additional storage but no fault tolerance. Hence simple stripe sets are normally referred to as RAID 0. Any drive failure destroys the array, and the likelihood of failure increases with more drives in the array. A single drive failure destroys the entire array because when data is written to a RAID 0 volume, the data is broken into fragments called blocks. The number of blocks is dictated by the stripe size, which is a configuration parameter of the array. The blocks are written to their respective drives simultaneously on the same sector. This allows smaller sections of the entire chunk of data to be read off each drive in parallel, increasing bandwidth. RAID 0 does not implement error checking, so any read error is uncorrectable. More drives in the array means higher bandwidth, but greater risk of data loss.

  • RAID 1

RAID_1.svg

In RAID 1 (mirroring without parity or striping), data is written identically to two drives, thereby producing a “mirrored set”; the read request is serviced by either of the two drives containing the requested data, whichever one involves least seek time plus rotational latency. Similarly, a write request updates the stripes of both drives. The write performance depends on the slower of the two writes (i.e., the one that involves larger seek time and rotational latency); at least two drives are required to constitute such an array. While more constituent drives may be employed, many implementations deal with a maximum of only two. The array continues to operate as long as at least one drive is functioning. With appropriate operating system support, there can be increased read performance as data can be read off any of the drives in the array, and only a minimal write performance reduction; implementing RAID 1 with a separate controller for each drive in order to perform simultaneous reads (and writes) is sometimes called “multiplexing” (or “duplexing” when there are only two drives)

When the workload is write intensive you want to use RAID 1 or RAID 1+0

  • RAID 5

RAID_5.svg

RAID 5 (block-level striping with distributed parity) distributes parity along with the data and requires all drives but one to be present to operate; the array is not destroyed by a single drive failure. Upon drive failure, any subsequent reads can be calculated from the distributed parity such that the drive failure is masked from the end user. However, a single drive failure results in reduced performance of the entire array until the failed drive has been replaced and the associated data rebuilt, because each block of the failed disk needs to be reconstructed by reading all other disks i.e. the parity and other data blocks of a RAID stripe. RAID 5 requires at least three disks. Best cost effective option providing both performance and redundancy. Use this for DB that is heavily read oriented. Write operations will be dependent on the RAID Controller used due to the need to calculate the parity data and write it across all the disks

When your workloads are read intensive it is best to use RAID 5 or RAID 6 and especially for web servers where most of the transactions are read

Don’t use RAID 5 for heavy write environments such as Database servers

  • RAID 10 or 1+0 (Stripe of Mirrors)

RAID_10

In RAID 10 (mirroring and striping), data is written in stripes across primary disks that have been mirrored to the secondary disks. A typical RAID 10 configuration consists of four drives, two for striping and two for mirroring. A RAID 10 configuration takes the best concepts of RAID 0 and RAID 1, and combines them to provide better performance along with the reliability of parity without actually having parity as with RAID 5 and RAID 6. RAID 10 is often referred to as RAID 1+0 (mirrored+striped) This is the recommended option for any mission critical applications (especially databases) and requires a minimum of 4 disks. Performance on both RAID 10 and RAID 01 will be the same.

  • RAID 01 (Mirror of Stripes)

raid01

RAID 01 is also called as RAID 0+1. It requires a minimum of 3 disks. But in most cases this will be implemented as minimum of 4 disks. Imagine  two groups of 3 disks. For example, if you have total of 6 disks, create 2 groups. Group 1 has 3 disks and Group 2 has 3 disks.
Within the group, the data is striped. i.e In the Group 1 which contains three disks, the 1st block will be written to 1st disk, 2nd block to 2nd disk, and the 3rd block to 3rd disk. So, block A is written to Disk 1, block B to Disk 2, block C to Disk 3.
Across the group, the data is mirrored. i.e The Group 1 and Group 2 will look exactly the same. i.e Disk 1 is mirrored to Disk 4, Disk 2 to Disk 5, Disk 3 to Disk 6. This is why it is called “mirror of stripes”. i.e the disks within the groups are striped. But, the groups are mirrored. Performance on both RAID 10 and RAID 01 will be the same.

  • RAID 2

RAID2_arch.svg

In RAID 2 (bit-level striping with dedicated Hamming-code parity), all disk spindle rotation is synchronized, and data is striped such that each sequential bit is on a different drive. Hamming-code parity is calculated across corresponding bits and stored on at least one parity drive. This theoretical RAID level is not used in practice. You need two groups of disks. One group of disks are used to write the data, another group is used to write the error correction codes. This is not used anymore. This is expensive and implementing it in a RAID controller is complex, and ECC is redundant now-a-days, as the hard disk themselves can do this themselves

  • RAID 3

RAID_3.svg

In RAID 3 (byte-level striping with dedicated parity), all disk spindle rotation is synchronized, and data is striped so each sequential byte is on a different drive. Parity is calculated across corresponding bytes and stored on a dedicated parity drive. Although implementations exist, RAID 3 is not commonly used in practice. Sequential read and write will have good performance. Random read and write will have worst performance.

  • RAID 4

675px-RAID_4.svg

RAID 4 (block-level striping with dedicated parity) is identical to RAID 5 (see below), but confines all parity data to a single drive. In this setup, files may be distributed between multiple drives. Each drive operates independently, allowing I/O requests to be performed in parallel. However, the use of a dedicated parity drive could create a performance bottleneck; because the parity data must be written to a single, dedicated parity drive for each block of non-parity data, the overall write performance may depend a great deal on the performance of this parity drive.

  • RAID 6

RAID_6.svg

RAID 6 (block-level striping with double distributed parity) provides fault tolerance of two drive failures; the array continues to operate with up to two failed drives. This makes larger RAID groups more practical, especially for high-availability systems. This becomes increasingly important as large-capacity drives lengthen the time needed to recover from the failure of a single drive. Single-parity RAID levels are as vulnerable to data loss as a RAID 0 array until the failed drive is replaced and its data rebuilt; the larger the drive, the longer the rebuild takes. Double parity gives additional time to rebuild the array without the data being at risk if a single additional drive fails before the rebuild is complete. Like RAID 5, a single drive failure results in reduced performance of the entire array until the failed drive has been replaced and the associated data rebuilt.

Don’t use for high random write workloads

What is Parity?

Parity data is used by some RAID levels to achieve redundancy. If a drive in the array fails, remaining data on the other drives can be combined with the parity data (using the Boolean XOR function) to reconstruct the missing data.

For example, suppose two drives in a three-drive RAID 5 array contained the following data:

Drive 1: 01101101
Drive 2: 11010100

To calculate parity data for the two drives, an XOR is performed on their data:

01101101
XOR  11010100
_____________
10111001

The resulting parity data, 10111001, is then stored on Drive 3.

Should any of the three drives fail, the contents of the failed drive can be reconstructed on a replacement drive by subjecting the data from the remaining drives to the same XOR operation. If Drive 2 were to fail, its data could be rebuilt using the XOR results of the contents of the two remaining drives, Drive 1 and Drive 3:

Drive 1: 01101101
Drive 3: 10111001

as follows:

10111001
XOR  01101101
_____________
11010100

The result of that XOR calculation yields Drive 2’s contents. 11010100 is then stored on Drive 2, fully repairing the array. This same XOR concept applies similarly to larger arrays, using any number of disks. In the case of a RAID 3 array of 12 drives, 11 drives participate in the XOR calculation shown above and yield a value that is then stored on the dedicated parity drive.

RAID Level Comparison

RAID

Interesting Link

http://www.miracleas.com/BAARF/RAID5_versus_RAID10.txt

 

Adding the VMware Toobar to your browser

yeechat_help-20110110

For quick access to communities, documentation, downloads, support information and more, download the VMware Support Toolbar available on the link below

Link

http://vmwaresupport.toolbar.fm

TOOLBAR