Print Email PDF

DFS Consolidation Roots and Namespaces for Qumulo Migrations

  1. Qumulo Care
  2. Qumulo Administration

IN THIS ARTICLE

Outlines how to redirect legacy SMB servers to Qumulo-hosted SMB Shares using DFS Namespaces and DFS Consolidation Roots in Qumulo Core

REQUIREMENTS

  • Cluster running Qumulo Core
  • Windows Server with DFS Namespace Role enabled

Details

Data migrations from legacy SMB servers to Qumulo clusters may require you to re-assign the outgoing legacy server’s SMB Fully Qualified Domain Name (FQDN) and UNC paths to the new Qumulo cluster to support existing hard coded path in scripts or other processes, for example. Additionally, you may need to consolidate two or more individual legacy servers into a single new Qumulo cluster while retaining the original server addresses and paths.

For example, if you have an outgoing legacy SMB server which only uses a single IP Address or DNS entry, you may want to move your new Qumulo’s multiple IP address structure without having to create extra DNS A Records or CNAMEs. 

To seamlessly migrate with the minimum amount of disruption, you can leverage DFS Consolidation Root, a function of Microsoft’s Distributed File System services for Windows Servers (DFS). 

Example Network Resources

In this article, we will referencing the following resources on our network.

An Active Directory Domain, to which all services belong:

  • qumulotest.local

A Windows Server acting as a DFS Namespace server:

  • dfs.qumulotest.local

Two outgoing legacy SMB servers:

  • netnap.qumulotest.local
  • icymon.qumulotest.local

A Qumulo cluster which will replace the outgoing SMB servers:

  • newqumulo.qumulotest.local

The outgoing SMB servers also have the following shares which will be migrated over to our new Qumulo:

  • \\netnap.qumulotest.local\legal
  • \\icymon.qumulotest.local\production
  • \\netnap.qumulotest.local\library
  • \\icymon.qumulotest.local\library

After configuration is complete, end users will be able to continue to seamlessly access the now Qumulo-hosted SMB resources by using the existing UNC paths listed above, including taking full advantage of Kerberos Single Sign-On authentication.

NOTE: The installation of the DFS Server Role in Windows Servers is beyond the scope of this article. Please refer to Microsoft's DFS Namespaces Overview for the installation procedures.

Migrate Data and Configure Qumulo SMB Shares

Migrated data from the legacy servers will be found in the following Qumulo hosted SMB shares:

  • \\newqumulo.qumulotest.local\netnap-legal$
  • \\newqumulo.qumulotest.local\icymon-production$
  • \\newqumulo.qumulotest.local\netnap-library$
  • \\newqumulo.qumulotest.local\icymon-library$

These SMB shares will have the Qumulo-managed SMB Share permissions, visibility settings, and host restrictions that best match your environment’s needs. Please note that these Qumulo SMB access controls are independent of any DFS-specific SMB access controls that could be set on the DFS Namespace Server.

NOTE: The “$” after path names prevents the enumeration of these shares on your client’s UNC path browsers to help reduce possible user confusion about how to reach SMB shares.

smb_shares_dfs.png

Configure the DFS Namespace Servers to Support DFS Consolidation Roots

To enable support for DFS Consolidation Root, you will need to apply some Registry Key entry changes to the dfs.qumulotest.local server. Keep in mind that if you are using multiple DFS Namespace Servers in a High Availability Domain Namespace configuration, you will need to apply these Registry Key changes to all servers hosting our consolidated namespace.

Run the following from an Administrator-elevated Powershell prompt or edit the keys directly via Registry Editor:

new-item -Type Registry HKLM:SYSTEM\CurrentControlSet\Services\Dfs
new-item -Type Registry HKLM:SYSTEM\CurrentControlSet\Services\Dfs\Parameters
new-item -Type Registry HKLM:SYSTEM\CurrentControlSet\Services\Dfs\Parameters\Replicated
new-itemproperty HKLM:SYSTEM\CurrentControlSet\Services\Dfs\Parameters\Replicated ServerConsolidationRetry -Value 1

Reboot the DFS Namespace Server once the changes are applied.

Create the New DFS Namespaces and Consolidation Roots

Create the following DFS Namespaces and related Folder Targets. In the example below, we will use the short names (i.e., “\\dfs” instead of “\\dfs.qumulotest.local”) of each server.

NOTE: The “#” symbols added to the Namespaces are required for Consolidation Root support.

DFS Namespace: \\dfs\#icymon

dfs_ns_folder_targets.png

Folder Targets:

  • \\newqumulo\icymon-production$
  • \\newqumulo\icymon-library$

folder_targets.png

DFS Namespace: \\dfs\#netnap

Folder Targets:

  • \\newqumulo\netnap-legal$
  • \\newqumulo\netnap-library$

Update DNS Records 

Update all A Records and CNAMEs that originally pointed to icymon.qumulotest.local and netnap.qumulotest.local to point to the IP address of dfs.qumulotest.local. If you are using failover clusters with multiple DFS Namespace servers for redundancy, repeat the steps for each DFS Namespace server used:

C:\>nslookup icymon.qumulotest.local
Server: dc1.qumulotest.local
Address: 10.120.249.57

Name: icymon.qumulotest.local
Addresses: 10.120.249.58
 10.121.249.59
 10.122.200.30

NOTE: The IP addresses returned by the nslookup operation are the IP Addresses of the three Windows servers hosting the DFS Namespace.

Configure Kerberos Service Principal Names (SPN) 

To enable the continued use of Kerberos Single Sign-On (SSO) password-less authentication, you will need to update all relevant Kerberos SPN records. In the examples below, the records for icymon and netnap are deleted and redirected to the SPN record for the DFS Namespace server.

In an elevated CMD prompt using an account with Domain Administrator privileges, run the following to delete old SPN records:

Setspn -d HOST/icymon
Setspn -d HOST/icymon.qumulotest.local
Setspn -d HOST/netnap
Setspn -d HOST/netnap.qumulotest.local

To create new SPN records that point to the DFS Namespace server, run the following:

Setspn -a HOST/icymon dfs
Setspn -a HOST/icymon.qumulotest.local dfs
Setspn -a HOST/netnap dfs
Setspn -a HOST/netnap.qumulotest.local dfs

 RESOLUTION

You should now be able to successfully  redirect legacy SMB servers to SMB Shares using DFS Namespaces and DFS Consolidation Roots in Qumulo Core

ADDITIONAL RESOURCES

Qumulo DFS Namespaces Guide

DFS Namespaces Overview

QQ CLI: Networks and IP Addresses 

 

Like what you see? Share this article with your network!

Articles in this section

See more
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Have more questions?
Open a Case
Share it, if you like it.