4.9 Using Remote Shares in an Active Directory Domain

In an Active Directory domain, you can specify UNC (Universal Naming Convention) paths when you create a pair. This allows a remote storage target to be a network share on third-party network filers (such as EMC and NetApp) or Windows Server 2003/2003 R2/2008/2008 R2 servers. The remote share must be published in the same Active Directory domain and forest as the Dynamic File Services server.

A UNC path describes the location of a volume or folder. The format for a UNC path is \\server\volume\folder and is case-sensitive. For example:

\\my_iscsi_svr1\Engineering\ProjectA

Ensure that your setup meets the requirements in the following sections:

4.9.1 Server Requirements in a Domain

The pair must be hosted on a Dynamic File Services server that is located in the same Active Directory domain and forest as the remote shares.

Install Dynamic File Services on a supported Windows server in an Active Directory domain. The server can be a domain controller or a member server. For information, see Supported Platforms in the Dynamic File Services 2.1 Installation Guide.

An Active Directory domain user that has Domain Admin rights must perform the installation. The following user and group are created in the domain to allow remote shares to be used:

  • NDFS-servername proxy user

  • Dynamic File Services Storage Rights group

For details and alternate security setup options, see Section 4.4, Active Directory Domain Configuration for Remote Shares.

In addition the DynamicFS management groups are created on the server, as described in Section 4.2, Management Groups. To add members to the Dynamic File Services group on the server, see Section 6.3.2, Setting Up Administrators in a Domain.

4.9.2 Remote Share Requirements in a Domain

The remote shares must hosted in the same Active Directory domain/forest as the Dynamic File Services server that hosts the pair.

You must publish the remote share in Active Directory. The remote share can be published in any container in the domain where the NDFS-<servername> proxy user or Dynamic File Services Storage Rights group has browse rights.

Use Microsoft Networking to create a share on the remote location, and then publish the network share in Active Directory. For information, see Section 8.3, Preparing Remote Shares for Use in a Pair.

You must add the Dynamic File Services Storage Rights group to the remote share in Active Directory, and grant it all permissions to the share. For information, see Section 4.4, Active Directory Domain Configuration for Remote Shares.

Users must not have direct access to the files in a remote share that is used as the secondary path in a pair.

4.9.3 Remote Path Requirements in a Domain

The remote path can be a network share on either of the following target storage locations. It is not necessary for Dynamic File Services to be running on the remote location.

  • Any Windows Server running an operating system that is supported by DynamicFS

  • Network attached storage or a network filer (such as NetApp and EMC)

To avoid potential data loss and conflicts, use only dedicated volumes when using remote paths.

Users must access files in the pair via a network share on the primary path. Users must not have direct access to the files in a path that is used as a remote path in a pair.