cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Use DFS-N with Azure Files
By
DaveLawlor
Published Sep 09 2020 10:14 AM 14.7K Views
DaveLawlor
Microsoft
‎Sep 09 2020 10:14 AM

Use DFS-N with Azure Files

‎Sep 09 2020 10:14 AM

Recently I was working with a customer who wanted to use Azure Files to help alleviate the on-premises storage issue where they were rapidly running out of space.  One of the targets to help alleviate this issue were the sizeable file shares that migrating to Azure Files would allow for a large amount of on-premises space to be freed up.  

 

Namespaces

One of the challenges that the customer had was that there were LOB applications that would files on these shares, and the namespace they used were hard coded into the applications and could not be easily modified across the entire enterprise in a timely manner.  The migration to Azure Files would definitely change those namespaces and break these LOB applications.  

 

DFS-N

DFS Namespaces is a role service in Windows Server that enables you to group shared folders located on different servers into one or more logically structured namespaces. This makes it possible to give users a virtual view of shared folders, where a single path leads to files located on multiple server. 

 

By installing Stand-Alone DFS-N on the current file servers they were able to keep the same namespace but map it to Azure Files endpoints without interruption to their LOB apps.  This allowed for freeing up of the significant storage space that the file shares were taking up as the shares were migrated, though it did leave the file servers up until the LOB applications could be updated.

 

In our use case they needed to keep the same server names, but if you have domain based namespace it works out even better because you don't have to keep the old file servers up to host the DFS-N but it still works the same.

Steps to Setup

  1. Define and Choose the type of Namespace needed
  2. Create Azure File Share
  3. Setup Active Directory Domain Services authentication for Azure File Shares
  4. Migrate files to make sure that your ACLs stay intact
  5. If not already setup deploy DFS-N based on your Namespace Type
  6. Use the Azure File share as the DFS-N folder target
12 Comments
Gregory Suvalian
Iron Contributor
‎Sep 10 2020 05:34 AM
‎Sep 10 2020 05:34 AM

How did DFSN helped? So LOB application had //server1/share hardcoded into them which was served say from c:\share. What was the challenge? To keep //server1/share in place but move underlying location of c:\share somewhere else?

0 Likes
Like
DaveLawlor
Microsoft
‎Sep 10 2020 05:42 AM
‎Sep 10 2020 05:42 AM

Hi Gregory - Yes the current share namespace (\\Server\Share) could not be changed, but they wanted the files to live on Azure files (\\anexampleaccountname.file.core.windows.net\example-share-name), using DFS-N Standalone they could keep the same namespace and point it to the Azure Files namespace with no change to the LOB applications.  Ill update the article with an example to make it more clear

Gregory Suvalian
Iron Contributor
‎Sep 10 2020 05:47 AM
‎Sep 10 2020 05:47 AM

Would not be easier just leave local share intact and just use Azure FileSync to keep hot cache locally but still achieve the same functionality? Just wondering.

0 Likes
Like
DaveLawlor
Microsoft
‎Sep 10 2020 05:49 AM
‎Sep 10 2020 05:49 AM

Yes that was an option that was offered, but they didn't want to keep any of the data local, even a smaller amount from the tiered cache, this is definitely an edge use case and not something that should be used if you could just do Azure File Sync

David Caruso
Copper Contributor
‎Sep 24 2020 05:05 AM
‎Sep 24 2020 05:05 AM

What if domain-based DFS-N is already in use and I'd just like to add an Azure Files share as a new folder in the namespace? Is there a specific permission on the File Share which needs to be enabled for the on-prem DFS server to be able to reach it? On-prem devices can already reach Azure Files share via long UNC (\\anexampleaccountname.file.core.windows.net\example-share-name), would like to shorten to (\\domain\example-share-name).

0 Likes
Like
DaveLawlor
Microsoft
‎Sep 24 2020 04:52 PM
‎Sep 24 2020 04:52 PM

@David Caruso - I updated the article to include more detail on the steps we needed to achieve this

0 Likes
Like
KeithLaycock
Copper Contributor
‎Oct 24 2020 07:12 AM
‎Oct 24 2020 07:12 AM

@DaveLawlor -  Thank you for posting this discussion.  We are also interested in what @david caruso had to say  "What if domain-based DFS-N is already in use and I'd just like to add an Azure Files share as a new folder in the namespace? Is there a specific permission on the File Share which needs to be enabled for the on-prem DFS server to be able to reach it? On-prem devices can already reach Azure Files share via long UNC (\\anexampleaccountname.file.core.windows.net\example-share-name), would like to shorten to (\\domain\example-share-name)"

 

You mentioned you have updated instructions for this scenario.  Can you post these updated instructions for domain based DFS-N that works with an Azure Files share?  I couldn't find them.

 

Thank you  

0 Likes
Like
David Caruso
Copper Contributor
‎Oct 24 2020 07:27 AM
‎Oct 24 2020 07:27 AM

@KeithLaycockI have this mostly working now with some information not in the original post. Since my DFS Namespace server is on-prem, I needed to add a private endpoint to the Azure Files share, allowing on-prem to resolve to a private ip for the Azure file share over the S2S VPN. In addition, the AFS was also domain-joined as was described above.

 

I do have a DC in Azure now which makes this a bit easier, but once I understood how to properly configure DNS to conditionally forward requests on-prem to core.windows.net, things worked as I was hoping. This video was also helpful for that configuration. https://youtu.be/H04e9AgbcSc

 

Directions I used for private endpoint https://docs.microsoft.com/en-us/azure/storage/files/storage-files-networking-endpoints?tabs=azure-p...

Directions I used for AD join https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-en...

 

So in the end I have an additional folder in the original DFS namespace which targets the Azure Files share and authenticates with AD. Looks pretty seamless.

KeithLaycock
Copper Contributor
‎Oct 24 2020 07:40 AM
‎Oct 24 2020 07:40 AM

@David Caruso - Thanks David.  We will take a look at what you sent.

0 Likes
Like
BillStokerPAC
Copper Contributor
‎Mar 10 2021 04:37 PM
‎Mar 10 2021 04:37 PM

The link for Setup Active Directory Domain Services authentication for Azure File Shares is bad.

0 Likes
Like
DaveLawlor
Microsoft
‎Mar 10 2021 05:16 PM
‎Mar 10 2021 05:16 PM

@BillStokerPAC   Thanks for letting me know, not sure what happened but link should be good now

0 Likes
Like
Isaac930
Copper Contributor
‎Mar 12 2021 09:32 AM
‎Mar 12 2021 09:32 AM

Hello Dave - Excellent article and highly informative.  I have set up a DFS-N (on-prem)  and also Azure File Sync both using the Windows FileServer (on-prem) with 10 HDs/Volumes and 100 TB of data as the target and it works great.   

1. We do not have AD in Azure.  How can I configure DFS-N (on-prem) with "Folder Target" pointing to Azure File Sync  for replication/HA / FT purpose (ie. if the Windows FileServer on-prem is not available).  

2. What are my other options should I want to create a new VM in Azure?  Will I require 10 HDs/Volumes or One Big HD/Volume on this VM?

Would highly appreciate if you could provide step-by-step guidance.  Many thanks. 

0 Likes
Like
Version history
Last update:
‎Sep 24 2020 04:51 PM
Updated by: