Export (0) Print
Expand All

Deploying a Virtualized Client Data Access and Protection Service

IntelliMirror Solution Provides Automatic Data Synchronization and Backup, and Self-Service Recovery

Technical White Paper

Published: January 2011

Download

Download Technical White Paper, 675 KB, Microsoft Word file

Gg591271.icon_PowerPoint(en-us,TechNet.10).gif IT Pro Webcast

Situation

Solution

Benefits

Products & Technologies

Microsoft IT wanted to deliver a cost-effective, centrally managed, self-service user data virtualization, backup and restore system that would lower IT costs and a provide near-continuous data protection. At the same time, MSIT did not want to make significant investments in its existing network infrastructure to realize the solution.

MSIT delivered a holistic IntelliMirror solution. The system automatically synchronizes user data and folder structures to managed servers and provides near continuous data protection. Centrally managed, it provides universal access to end user data, regardless of network connection, reduces infrastructure costs, and enhances data security.

  • Reduced network bandwidth consumption
  • Offline data files encrypted
  • Self-service model for data backups and restores eliminates the need for Helpdesk engagement
  • Synchronized data model maintains same view of user data from computer to computer
  • Near continuous data protection, without WAN link degradation
  • Cost-effective model - average monthly cost to provide the IntelliMirror service is between $3.50 – $5.00 US per user, per month
  • Virtualized branch office servers lower service overhead
  • Windows Server 2008 R2
  • Windows 7
  • Data Protection Manager 2010
  • IntelliMirror
  • Active Directory
  • Group Policy
  • Hyper-V

Gg591271.arrow_px_down(en-us,TechNet.10).gif Executive Summary

Gg591271.arrow_px_down(en-us,TechNet.10).gif Introduction

Gg591271.arrow_px_down(en-us,TechNet.10).gif Infrastructure Planning

Gg591271.arrow_px_down(en-us,TechNet.10).gif Architecture Overview

Gg591271.arrow_px_down(en-us,TechNet.10).gif User Participation Model

Gg591271.arrow_px_down(en-us,TechNet.10).gif Key Features and Functionality Deliver on Business Goals

Gg591271.arrow_px_down(en-us,TechNet.10).gif Benefits

Gg591271.arrow_px_down(en-us,TechNet.10).gif Best Practices

Gg591271.arrow_px_down(en-us,TechNet.10).gif Conclusion

Gg591271.arrow_px_down(en-us,TechNet.10).gif For More Information

Executive Summary

Microsoft® IT (MSIT) deployed IntelliMirror, a holistic data centralization and backup solution using Microsoft Windows® User State Virtualization features, across its enterprise. The solution provides users with fast access to their data, regardless of how they connect to the corporate network, where they connect from, or the speed of their connection. IntelliMirror secures user data such as My Documents, Desktop, Microsoft Internet Explorer® Favorites, and Windows Contacts folders, and allows access at any time. The solution speeds the configuration of new computers, and enables self-service data restores.

IntelliMirror is a security-enhanced solution that automatically synchronizes user data and folder structures to managed servers. IntelliMirror uses Offline Folders and Folder Redirection in Windows User State Virtualization, and leverages powerful features built into Windows Server® 2008 R2, Windows® 7, and Microsoft® Data Protection Manager (DPM) 2010.

In using DPM, the backup solution achieves a near Continuous Data Protection (CDP) model, with minimal impact on WAN links. MSIT was able to leverage the existing network infrastructure at Microsoft for the implementation. This reduced costs, and reduced WAN utilization.

The purpose of this paper is to describe the planning and deployment of the IntelliMirror solution. This paper is intended for technical decision makers, technical implementers, and all other IT professionals that are interested or involved in the planning or deployment stages of an end-user state virtualization and centralized data backup solution.

It is important to note that this document should not function as a deployment roadmap. Each organization's operational environment is different. The unique needs of individual organizations should be considered when planning any centralized data virtualization and backup solution.

Introduction

In 2009, Microsoft spent approximately $1.4 million US for data backup, loss, and recovery solutions. This included Helpdesk engagements, data backup and restore requests, and individual purchases of external hard drives.

MSIT wanted to deliver an enhanced, self-service user data management solution that lowered IT costs. It needed to provide an enhanced process for end users and administrators. It also needed to be centrally managed, synchronizing and storing client files on MSIT-managed servers, while providing a robust offline experience.

MSIT chose to deploy IntelliMirror, a service that enables users to redirect specific folders to centrally managed network servers for data security and recovery. IntelliMirror offered a cost effective data centralization and client backup solution that stores client files on managed servers. At the same time, IntelliMirror allows users full access to a copy of their files, even when disconnected from the corporate network. User data synchronization occurs as a background task when network connectivity is restored.

The solution has made improvements in a variety of areas for end users. A robust self-service restore feature is available, and offline file encryption provides for data protection. The offline mode feature is always available and does not incur performance lags.

Before detailing the solution architecture and infrastructure, a discussion of business requirements that influenced the design and deployment of the solution follows.

Business Requirements

Microsoft IT worked with service stakeholders, IT administrators, and end users to define requirements for the IntelliMirror solution. The IntelliMirror service management team defined key categories of business requirements:

Data Centralization and Management

A subset of folders in the user profile stored on client computers needed to be centralized for IT administration monitoring and management. Users also needed to have access to their data from any corporate domain—joined computer at all times.

Data Availability and Mobility

Achieving high availability of user data was a key business objective because users rely on consistent file access to perform their work. MSIT needed to maintain fast access to data, independent of either network connectivity, or the link quality to the centralized storage location. The following data availability and mobility goals were developed:

  • 99.99% data availability to user data from client computers

  • Fast access to user data, regardless of:

    • Infrequent connections to the corporate network

    • The throughput and latency of the network connecting the user's computer to the centralized storage location

Data Protection and Portability

Protecting the user from a partial or full data loss incident was another key requirement. MSIT wanted to protect user data from a variety of events. These include accidental file modification or deletion, laptop loss, or client or server hardware failure.

To reduce service support costs, MSIT wanted to provide end users with the ability to recover multiple previous versions of their files without Helpdesk assistance. Requirements for data protection and portability were as follows:

  • Provide a self-service model, allowing end users to perform selective file and folder recovery without Helpdesk assistance

  • Mitigate end user performance impact during backup operations

  • Ease computer replacement, allowing users to maintain access to their data without migrating data

  • Achieve near zero data loss for centralized data

  • Globally protect all file servers by employing a single backup server in each of the regional datacenters

  • Minimize WAN traffic during backup operations

Total cost of ownership (TCO)

Reducing the costs associated with backup, recovery, and data centralization was an important requirement. Long term, the goal was to move to a model that was low-cost to deploy, and did not require IT intervention for regular operation. The focus of the initial deployment was to centralize user files and to lower the total cost of ownership in the scenario when a user needs to do one or more of the following:

  • Configure a new computer

  • Restore data from back up

  • Synchronize and access their individual business data from multiple computers

Infrastructure Planning

During the crucial planning phase, MSIT designed a solution that met its defined business objectives. MSIT also developed an effective deployment strategy that delivered the solution on time and on budget. Several key technology factors were considered during planning:

  • File server capacity

  • File server storage configuration

  • Server location and network infrastructure

File Server Capacity

MSIT needed to provide the service in a way that met immediate needs, while ensuring that it could scale for future growth. To do this within budget, MSIT needed to understand several factors. These included workload characteristics, current needs, future needs, and how to best leverage the existing corporate infrastructure.

Server Workload Characteristics

The types of workloads applied to the servers were important variables in properly sizing the system components. Workload characteristics define relative needs in terms of server CPU, memory, storage, and network requirements. Broad workload categories include Database, File, E-Mail, Web, and High Performance Computing. Each workload stresses system resources differently.

MSIT knew that they would be applying a File workload to servers where multiple clients would access files on a server through the Server Messaging Block (SMB) protocol. Understanding the broad category in which the workload belongs was straightforward. However, characterizing resource requirements based only on this data point was challenging. Multiple subcategories within the File workload have their own distinct characteristics. MSIT defined the workload as a Home Folder workload. Some characteristics of a Home Folder workload are:

  • Little file sharing between clients, because each user has a dedicated folder typically accessed by one computer at a time

  • Folders mainly contain Microsoft Office documents, pictures, and videos

  • Mostly random read and write operations. Approximately 70% are read, 30% are write.

  • Light client load, with sporadic access over the course of a work day

  • Potentially large numbers of clients and network connections

From a hardware standpoint, this translated into the following characteristics of a Home Folder workload:

  • More stress on the storage subsystem, with greater performance requirements for small and medium random input/output, or I/Os

  • Storage subsystem using RAID 5 or RAID 6, for data availability

  • More stress on the networking subsystem, with the ability to efficiently handle a large number of concurrent connections and transfer a large number of small and medium packets

  • Less stress on the CPU, which mainly moves data for this workload

  • Less stress on memory, which mainly caches the file system

To define hardware needs more precisely, MSIT needed to quantify current and future scalability requirements. Before the deployment, it was important to know the amount of data each user had in the folders MSIT wanted to redirect. Only then could the appropriate amount of storage be provisioned. The deployment team developed a simple script that ran on client computers. The script calculated the amount of data stored in the redirected folders.

Current and Future Needs

Initially it had been the goal of MSIT to offer 10 GB of storage to all users. After assessing the environment, it was determined that 10 GB was excessive. The average amount of space required by most users to store their local user profile folder data was about 3 GB.

Note: To determine how many users a given configuration can support, MSIT recommends using the Microsoft File Server Capacity Tool (FSCT) tool. For more information, see the File Server Capacity Tool - (32 bit) at http://go.microsoft.com/fwlink/?LinkId=166651.

File Server Storage Configuration

After MSIT established the amount of storage required and its type, they defined the data's configuration and presentation to the operating system. In earlier versions of Windows Server, it was not recommended to create NTFS volumes larger than 2 terabytes in a system requiring high availability of data. Although NTFS was fully capable of handling very large volumes, the time needed to run the chkdsk function was a high availability barrier.

Since then, chkdsk run time has improved substantially. Windows Server 2008 R2 introduced the Block Caching feature. Block Caching makes better use of available RAM on the system to reduce chkdsk run times. Chkdsk run time depends on many parameters, such as the number of files, size of files, speed of the storage subsystem, volume of data, and the level of volume fragmentation.

Because measuring absolute performance gains can be difficult, MSIT determined that the best way to evaluate chkdsk completion time was to test a representative system and data set. To optimize chkdsk performance, MSIT implemented a variety of disk connections based on the type of host server, connection options, and connection speed. The focus was on providing the best possible performance for each scenario.

Server Location and Network Infrastructure

To define server infrastructure, Microsoft IT first needed to understand how client computers would access the servers. Geographical location and user mobility were essential considerations. Both affect characteristics of the network link, such as link latency, throughput, and corporate network availability. The following table represents user base classifications and average network latency (RTT) between various user locations and the data facility.

Table 1. User Base Classsifications and Average Network Latency

User category

Description

Average network latency

Local users

At the same location as the main office or data center. Typically a LAN connection between client computers and the datacenter.

< 3 milliseconds (ms)

Near branch office users

In branch offices on the same continent as the main office or data center location. Depending on the infrastructure, typically a relatively fast WAN connection between client computers and the datacenter.

80 to 100 ms

Far branch office users

In branch offices on a different continent from the main office or data center location. Typically a relatively slow WAN connection between client computers and the datacenter.

250 to 300 ms

Mobile users

Laptop computers, having sporadic access to the network, and connecting to the corporate network by using RAS or Direct Access, which is new to Windows 7. Typically, a transient WAN connection between client computers and the datacenter, with latency and speed varying depending on the location of the connection point.

Variable

Testing showed that the initial logon performance for supported client operating systems was acceptable for local users and near branch users with a file server located in the main datacenter.

The Offline Files feature allowed MSIT to meet business requirements for the near branch users. For mobile users, MSIT used Offline Files to meet data access performance and availability needs, because the characteristics of the underlying network can vary widely.

Architecture Overview

Microsoft IT provides the IntelliMirror Service to all Microsoft corporate domains. The deployment contains two groups. Each is provisioned by geographical location with Windows Server 2008 R2 Hyper-V® solutions. Overall, the goal for physical capacity growth for calendar year 2011 is 20%

Figure 1. Architecture Overview

Figure 1. Architecture Overview

As depicted above, the Redmond IntelliMirror deployment resides on eight dedicated IntelliMirror Hyper-V virtualized servers running Windows Server 2008 R2. The Redmond deployment supports 7,000 users and has 60 terabytes of storage. The Field IT/Worldwide International implementation of the IntelliMirror service, which includes the North America region, uses Hyper-V Virtualization on branch office servers (VBOS). IntelliMirror is one of six services running on the VBOS site server. This implementation supports 240 regional office sites, and currently has 11,000 users.

MSIT employs Failover Clustering to ensure service availability for the Redmond domain and the large site deployments. Small and medium sites rely on data backup for service restoration.

The following table shows the configurations for the various size sites:

Table 2. Field IT/Worldwide InternationalSite Configurations

Site Server Type

Users Supported

Storage

Capacity

Small

440

2 terabytes

440 x 50% adoption x 5GB + Growth

Medium

Up to 1,150

4 terabytes

1,150 x 50% adoption x 5GB + Growth

Large

More than 1,150

Up to 10 terabytes

SAN Storage + Shared Storage

Before the introduction of Hyper-V, IntelliMirror was one of six core services that co-existed on a local branch office network server, known as the User Services Platform (USP) server. The USP server solution reduced server sprawl and realized cost savings by simplifying the infrastructure and reducing the number of servers by 20%. However, other areas required improvement. Service overlaps incurred significant administrative overhead. Changes to one service had to be coordinated with all service managers. Maintaining 99% availability became more difficult. Hyper-V effectively resolved the limitation on branch offices servers by giving complete ownership of the virtual machines to the individual service management teams.

Operating system configuration

Windows Server 2008 R2 was the operating system used for both stand-alone servers and failover clusters. Table 3 describes the various operating system configurations.

Table 3. Operating System Configuration

Detail

Failover Cluster Servers

Stand-alone Servers

Operating system version

Windows Server 2008 R2 Enterprise

Windows Server 2008 R2 Enterprise

Install drive

C:\

C:\

Partition size

146 GB

72 GB

Windows Update

Download updates but user decides whether to install them

Download updates but user decides whether to install them

Hotfixes

Not applicable at time of deployment

Not applicable at time of deployment

Roles installed

File Services

File Services

Role services installed

File Server Resource Manager

File Server Resource Manager

Features installed

Windows Server Backup

Failover Clustering

Windows Server Backup

Backup

DPM Agent

DPM Agent

Virus protection

Microsoft Forefront™

Microsoft Forefront™

Server and Storage Hardware

The team did not acquire hardware specifically for the deployment. Servers and storage were allocated from an available hardware pool. Failover Clustering required the use of a shared storage array. An available Fiber Channel storage area network (SAN) with adequate capacity was utilized.

Standalone Server Hardware

The standalone server configuration maintained in the far branch office location is relatively basic. Table 4 describes the specifications.

Table 4. Standalone Server Specifications

Component

Specification

Processor

1 x Dual Core Processor (3.00 GHz)

Memory

4 GB

Network adapter

1 x 1 Gbps (file traffic at 100 Mbps)

Internal controller

Embedded SAS Array Controller (read cache only)

Internal drives

10 x 146-GB RAID5 SCSI drives

OS LUN / volume

146 GB (operating system)

Data LUN / volume

1 terabyte (data and scripts) for Folder Redirection content and a script repository

Failover Cluster Hardware

The failover cluster is a dual node configuration that uses identical server specifications, BIOS, and driver revisions across both computers.

32 GB of system memory was allocated. This amount was more than needed for the deployment, but was already configured in the hardware allocated from the pool. Having four to eight GB of RAM would have sufficed. The team chose to maintain 32 GB to leverage the new Windows Server 2008 R2 Block Caching feature.

The operating system was installed on a pair of mirrored 146-GB drives connected to an internal SAS PCI RAID Controller. The failover cluster has two Logical Unit Numbers (LUNs) allocated. One is a 10-GB RAID5 LUN. The other is a 2 terabyte RAID5 LUN. The 2 terabyte LUN supports a file server for Folder Redirection content, and a script repository. Table 5 describes the clustered server specifications.

Table 5. Clustered Server Specifications.

Component

Specification

Operating System

Windows Server 2008 R2 Enterprise

Processor

2 x Quad-Core - Processors (3.00 GHz)

Memory

32 GB

Network adapter

2 x 1 Gbps (one for file traffic, one for cluster communication connected at 1 Gbps)

Internal controller

Embedded RAID Controller (read cache only)

Internal drives

2 x 146-GB SAS drives

OS LUN / volume

146-GB Mirror for C: Drive (operating system)

External controller

Single 4-Gbps host bus adapter (default parameters)

External drives (FC array)

9 x 300-GB FC

Data LUN / volume

2 terabyte RAID5 (Data and Scripts)

10-GB RAID5

The deployment team implemented two network adapters per cluster node. One adapter supports file access, and the other supports internal cluster communication. The file access network adapter connects to a corporate 1-Gbps switch port. Both the switch port and the network adapter are set to autonegotiate. The second network adapter, used for cluster communication, uses a crossover cable between both nodes. The network adapter is set to autonegotiate, and automatically allocates an IPv6 LinkLocal IP address. No configuration was required on this network.

Storage controllers and arrays for failover clusters

The deployment team used an existing shared Fiber Channel storage array, which provided two volumes. One was a 10-GB witness volume, which held a copy of the cluster configuration database. The other was a 2 terabyte volume, which supports user data. Each host connected to the fabric using a single host bus adapter, without the use of Microsoft Multipath I/O (MPIO.) This could be interpreted as a Single Point of Failure (SPOF.) However, it was not a goal to eliminate all SPOFs within the deployment because of the added resiliency provided through the Offline Files feature.

Servers for a two-node failover cluster must run the same version of Windows Server. It is recommended that they also apply the same software updates and service packs. The deployment team installed Windows Server 2008 R2 Enterprise on both nodes.

User Participation Model

IntelliMirror is unusual at Microsoft in that user participation is optional. Currently, approximately 20,000 users participate. The goal is to increase the user base to 50,000 to 80,000 users within the next three years.

Capacity and resource requirements are a consideration while planning the growth of the solution. The available server storage in the infrastructure, IT administration requirements, service management requirements, and support resource requirements are all considerations as the user base grows.

New employees are encouraged to sign up for the service during their new employee orientation process. MSIT Marketing and Communications also runs a communications program to promote the service's lower cost and security benefits. Potential users are reminded that once they join, they no longer need to back up their Desktop, Favorites, Contacts, or Documents folders.

To attract more users to the service, storage quotas have increased to a minimum of 3 GB and a maximum of 15 GB.

Activation

At Microsoft, when a new user signs up for the IntelliMirror service, their security group and Group Policy update the specific Folder Redirection policy to the user account in Microsoft Active Directory®. When the user logs on to their Windows 7 client computer for the first time, an enhanced logon process enables fast logon and bypasses Folder Redirection. A Group Policy Object (GPO) detects network speed. Group Policy first evaluates the throughput of the link between the client computer and the authenticating domain controller. If the speed of the link is lower than the defined threshold, currently configured at 35 ms, Group Policy determines that a slow link logon has occurred. Policy settings do not apply, including the Folder Redirection policy. MSIT adopted this mechanism to avoid long logon times for users attempting to log on to the corporate network through a slow Remote Access Service (RAS) connection.

For the Folder Redirection policy setting and IntelliMirror path to apply, a corporate network connection must exist at the time of logon. The connection may be through either RAS, or a direct connection. The Folder Redirection policy setting applies at logon only, and not during a Group Policy background refresh. This prevents long loading times. Similarly, the policy setting does not apply if the user logs on while disconnected from the corporate network, also referred to as cached logon. Subsequently, RAS establishes the corporate network connection.

Once the policy is applied, IntelliMirror constantly synchronizes the following user profile data items while connected to the corporate network:

  • Documents (Pictures, Music, and Video folders can be excluded by user request)

  • Desktop

  • Favorites

  • Windows Contacts

Key Features and Functionality Deliver on Business Goals

As described earlier, the implementation of the IntelliMirror solution incorporated new features in Windows Server 2008 R2 and Windows 7. The solution also leveraged existing technology features in components and products such as Active Directory, Group Policy, and Data Protection Manager 2007. This section shows how the features and functionalities helped to deliver on the specific business and technology goals defined for the solution.

Failover Clustering

Failover clustering supports the solution goal of data availability. Failover clusters in Windows Server 2008 R2 provide high availability for mission-critical applications such as databases, messaging systems, file and print services, and virtualized workloads. Failover clusters can scale to include sixteen servers, or nodes, in a single cluster. A shared storage backend supports Serial Attached SCSI (SAS), Internet SCSI (iSCSI), or Fibre Channel interconnects.

Nodes communicate constantly, which ensures service availability. If a cluster node becomes unavailable, due to an unscheduled or scheduled failure, another node immediately provides service. Users accessing a service that moves from one cluster node to another due to failure or another service-impacting outage will typically not notice any service impact and will continue to work without issue.

The Windows Offline Files feature diminishes the need for a highly available file server because users maintain access to their data through their local cache if the file server is down. However, an unavailable file server will provide a degraded service because some operations will not be available during an outage, such as:

  • Add and remove users

  • Client and server file synchronization

  • Access to previous versions of files, using the shadow copy for shared folders feature

  • Recover files from backup and place files in their original location

To maintain the highest level of IntelliMirror service at all times, MSIT decided to implement a highly available file server by using Windows Server Failover Clustering technology and implemented a two-node cluster functioning in active-passive mode.

The MSIT Failover Cluster

The MSIT failover cluster, as represented below, is standard within a dual node configuration. A single Highly Available (HA) file server instance is active on only one node at a time. This model is an active passive configuration. The file server runs on Node 1. The file server can, as part of a controlled move, switch to Node 2, to address any maintenance needs for Node 1. In the unlikely event that Node 1 terminates due to hardware or software failures, the HA file server will fail over to Node 2 automatically, restoring service to users.

Figure 2. Failover cluster representation

Figure 2. Failover cluster representation

There are two network adapters per cluster node. One adapter services client file and cluster management traffic, and is referred to as Network 1. The other adapter supports internal cluster heartbeat communications, and is referred to as Network 2. Network 1 connects to the corporate network and uses IPv4 and IPv6 DHCP assigned addresses. Network 2 uses a crossover cable that is ideal for a two-node cluster configuration and uses an IPv6 Link Local IP address. All network adapter properties remain at their default settings.

Node 1 and Node 2 connect using a single 4-Gbps host bus adapter to a Fiber Channel storage array that provisions two LUNs, as required for the deployment. The first LUN is a 10-GB LUN . The second is a 2-terabyte LUN, which supports a highly available file server, called File-Server-1. File-Server-1 maintains all user folder redirected content and a series of required scripts.

File Server Resource Manager

MSIT used File Server Resource Manager (FSRM), a suite of tools in Windows Server 2008 R2, to deliver the data centralization and management goals of the solution. FSRM achieved appropriate control and monitoring of the data stored at the central location in terms of size and content.

Microsoft IT used FSRM to accomplish the following:

  • Place storage limits, or quotas, on volumes and folders

  • Warn users about saving specific file types to the server

  • Generate comprehensive storage reports

The suite of FSRM tools allow administrators to understand, control, and manage the quantity and type of data stored on computers that are running Windows Server 2008 R2. FSRM helps MSIT efficiently monitor existing storage resources, and aids in the planning and implementation of future policy changes. FSRM defines reusable quota and file screening templates that can easily apply to new volumes or folders. Flexible storage reports help identify disk usage, and FSRM monitors unauthorized file save attempts for all users, or for a selected group of users.

File Classification Infrastructure

File Classification Infrastructure (FCI) automates file classification processes, allowing more effective data management. The FSRM interface controls FCI, and FCI installs along with the FSRM role service.

MSIT reduces risk by storing and retaining files based on their business value or impact. MSIT uses the content-detection capability in FCI to classify information on file servers. Business impact drives the classification, and FCI tags information for personally identifiable information (PII). Low, medium, and high impact files do not require encryption.

Implementing Quotas

During the initial stage of deployment, the team used soft quota and passive file screening techniques to prevent user impact during the initial deployment. A soft quota allows users to exceed the quota limit, but users receive notifications. Passive file screening monitors users saving specific file types and generates notifications, but does not prevent users from saving those files.

The team created a quota template and applied it to each of the six folders corresponding to the shares created on the file servers. The template initially enables a soft quota that generates an event log entry and an e-mail notification to the administrator and user. The event log and e-mail are created when users breach 85% of their allocated quota. Another series of notifications follows when users approach 100% of their quota.

Users were not impacted if they exceeded quota during enrollment. However, users were advised to either remove unneeded content or request a quota allocation increase. Users were asked to provide an appropriate business justification for the increase.

Server Message Block

Use of the Server Message Block (SMB) protocol supports the data availability goals of the solution. SMB is the primary remote file protocol used by Windows client and server operating systems. When first introduced, local area network (LAN) speeds were 10 megabits per second (Mbps) or less, WAN use was limited, and wireless LANs did not yet exist. The original SMB protocol evolved over time.

MSIT leveraged an important performance enhancement available in SMB 2.1, which is available in Windows Server 2008 R2 and Windows 7. SMB 2.1 introduced an improved model, called leasing, which processes client requests to cache data and file handles from the server. This improves performance considerably, especially on slower network connections, by limiting the amount of data that must transfer between the client and server. SMB 2.1 preserves data integrity, allows greater file and handle caching opportunities, and requires no application changes.

The benefits of this change are:

  • Reduced network bandwidth consumption

  • Greater file server scalability

  • Better application response time when accessing files over a network

Roaming User Profiles

Microsoft IT considered the option of making all user profile content available by redirecting all user folders and using Roaming User Profiles (RUP). While this is a viable option for many organizations, Microsoft IT chose to redirect a subset of the profile folders using Folder Redirection.

Operating system configurations and available applications are not highly standardized across computers at Microsoft. Since RUP does not currently have the ability to conditionally roam data to a given client machine based on the operating system and application configuration, this could negatively impact the user experience.

Folder Redirection

Folder Redirection is the primary technology that achieved the data centralization goal of the IntelliMirror solution. Folder Redirection centralized user profile folders on a managed server. Folder Redirection also contributed to the TCO goal for the deployment.

Folder Redirection allows users and administrators to redirect the path of a user profile folder to a new location. The new location can be a local computer folder, or a network share folder. Folder Redirection provides users with a centralized and consistent view of select user profile folders from any domain-joined computer. Users can work with server documents as if they were located on a local drive. For example, the Documents folder is usually stored on a computer's local hard disk drive. With Folder Redirection, the Documents folder can redirect to a network location.

Folder Redirection offers many benefits to users and administrators. Data is stored on a server, which can be easily backed up as part of routine system administration tasks. It also allows a user to log on to different physical computers while automatically maintaining access to their data.

Folder Redirection Improvements

Prior to Windows 7, a drawback of Folder Redirection was the first logon experience when Folder Redirection was deployed. The user could experience significant delays during their first logon, while local data was copied over the network to the server. A Windows 7 user with the Offline Files feature enabled sees a greatly improved first logon experience. User data is moved from their local drive into their local cache, and not over the network. After the initial move completes, the user may access their data normally. Locally cached data is then synchronized over the network to the server as a background task.

To configure Folder Redirection for the IntelliMirror solution, MSIT needed to make several decisions.

Determine the User Profile Folders to Redirect

The first step was to determine which user profile folders to redirect. The focus of this deployment was to centralize user files and to lower the total cost of ownership in the scenario when a user configures a new computer. Folder Redirection is an effective technology to enable this scenario as it can restore user data on a computer upon logon. MSIT chose to redirect the following user profile folders: Desktop, Documents, Pictures, Music, Videos, Favorites, and Contacts.

Determine the Computers to Redirect

Redirection of user profile folders is associated with a user account, regardless of the computer used. In the Microsoft environment, users log on to a variety of different computers, including shared computers, and computers used for testing purposes. Every Folder Redirection -enabled user that logs on to a computer has a copy of their redirected data stored on to the local hard drive, also called an Offline File. When several different users log on to the same computer, the local hard drive can run out of space.

At this time, no native Windows administrative mechanism exists that can specify the computers to apply Folder Redirection to. MSIT implemented a custom Security Group to exclude specific client computers from Folder Redirection. It utilizes a Windows Management Instrumentation filter, a computer startup script, and a logon script. In the MSIT environment, the administrator is made aware of the computers on which Folder Redirection should apply for given users. This information is then stored in a custom database and only specific computers are redirected.

Determine the Client Operating System

The type of operating system installed on a computer affects the Folder Redirection experience. Microsoft users mainly run Windows 7 and Windows Server 2008 R2. Including only those operating systems both simplified the deployment, and allowed MSIT to take advantage of new features.

MSIT concluded that the added complexity required to provide data centralization and backup services to the minority of legacy operating system users was not a viable investment. The solution would not provide the same functionality to those computers. For example, Windows XP lacks APIs for Offline Files. This makes the implementation of any automatic background synchronization mechanism challenging.

Factor In Network Characteristics

User locations and network link characteristics impacted the MSIT implementation. For Folder Redirection, there were two important factors to consider. Both had an impact on the initial redirection experience:

  • The end-to-end throughput of the link between the client computer and the domain controller used to authenticate the user logging on to the client computer

  • The end-to-end throughput and latency of the link between the client computer and the Folder Redirection server

In extreme cases, with a very large amount of data to move over a slow network, it could require an hour for the first logon to complete. Prior to applying the policy setting, MSIT utilized the custom script solution referenced earlier to determine the amount of data each user has in their local folders. The script also records the characteristics of the networks between the file server and the clients, which are important data points to consider when planning a deployment.

These considerations have different implications from a planning point of view depending on user categories as defined in Table 6.

Table 6. Network Characteristics Impact

User Category

Clients to Domain Controller Network Impact

Local users

Users have a fast (>100 Mbps) LAN connection to their authenticating domain controller. Throughput is greater than the slow link Group Policy default threshold. The Folder Redirection policy setting applies when the user logs on after the administrator has set the policy setting.

Near branch office users

Users have a fast LAN connection to their authenticating domain controller. WAN link between the branch offices and the main office exists, but each branch office has a local authenticating domain controller. The behavior is equivalent to local users.

Far branch office users

Same behavior as that of the near branch office users.

Mobile users

Client to domain controller link is potentially below the default 500 Kbps threshold. If the logs on using RAS, or a cached logon, the Folder Redirection policy setting does not apply.

The Folder Redirection policy will apply only with RAS logon on a faster connection, or when the user is directly connected to the corporate network.

The process described in the table occurs only once, after the policy setting has been deployed by the administrator. It will not occur again, as long as the Folder Redirection policy setting remains unchanged.

Note: When deploying Folder Redirection to Windows Vista and earlier operating systems there may be a significant delay between the client computer and the file server. When the Folder Redirection policy setting applies to Windows 7 computers, the first logon is not an issue, even over a slow network connection.

Offline Files

The Offline Files feature, also known as Client Side Caching, makes network files available at performance levels near local access conditions when a network connection to the server is unavailable or slow. Offline Files supports the data portability goal of the MSIT IntelliMirror solution.

Offline Files maintains a local cached copy of network files and folders on the client computer. Cached files are used when no network connection is available to the file servers. When the connection is restored, file changes automatically synchronize to the file server. If a user modifies the same file from multiple computers when working offline, conflicts are surfaced and can be resolved.

Many improvements have been made to Offline Files in Windows 7, including:

  • Automatic background synchronization when working offline due to a slow network connection

  • Automatic transition to an online state when a fast link is detected

For compliance reasons, some files, such as .pst, .ost, and .exe, are excluded from secondary backup by data policy, regardless of whether they are online or offline.

Offline Files and Operating System Versions

By default, Offline Files is enabled on the following client operating systems:

  • Windows 7 Professional

  • Windows 7 Enterprise

  • Windows 7 Ultimate

Offline Files is off by default on Windows Server 2008 R2 and previous Windows Server operating systems. To use Offline Files, Windows Server 2008 R2 users install the desktop experience feature and enables Offline Files. The desktop experience feature enables Windows Server 2008 R2 users to leverage a variety of Windows 7 features, including Offline Files.

If Offline Files is turned off, redirected folder content is unavailable if the server cannot not be reached. Additionally, access is slow if the server can only be reached over a slow network.

Offline Files and Caching

Redirecting folder contents using the Offline Files feature involves copying data into the local Offline Files cache. This requires adequate disk space on the user's computer. By default, the initial cache size is 25% of the system volume free space. Microsoft IT uses Group Policy to configure the default as the maximum amount of disk space allocated to the Offline Files cache for Windows Server 2008 R2 and Windows 7.

Depending on the amount of data stored in redirected folders, the Offline Files cache size, and the disk space available on the client computer, a local computer may have insufficient disk space. When this is the case, the cache fills to capacity, and quota is exceeded. Then a message is presented to the user during synchronization operations. In this state, files that have not been cached are only available when there is network connectivity between the client and the server.

After redirected folders are cached, they can be available to the user in different states, depending on the server connection, the settings deployed by the administrator, and the user intent. Table 7 represents the different states, the impact on file operations, and how the changes synchronize with the server.

According to the MSIT hardware inventory, the client computers that deployed the solution had at least enough disk space to hold the maximum amount of data allowed.

Table 7. Folder States

Folder state

Condition

File operations

Client/Server relationship

Online

Fast server connection, above slow link threshold conditions.

Read operations serviced from cache.

Other operations, such as write, serviced from server, or server and cache.

Highly coupled

Changes made directly to the server copy and the cached copy.

Offline

No server connectivity, or unavailable server.

All operations from cache only.

Decoupled

Changes made only to the cached copy, synchronized to the server when available.

Offline, Slow Connection

Slow server connection, below slow link threshold conditions.

All operations from cache only.

Loosely coupled

Changes made only to the cached copy, synchronized to the server in the background, or upon user request.

Background Synchronization

When redirected folders are offline, background synchronization can maintain client and server consistency. Users initiate manual synchronization, which is available by default on Windows XP, Windows Vista, and Windows 7. Automatic background synchronization is only available on Windows 7. Automatic background synchronization allows administrative, central configuration of both synchronization frequency and the synchronization time period. In addition, on Windows 7, the administrator can set a policy to enable automatic background synchronization when in offline mode. Although automatic background synchronization is not built into Windows Vista, a small application can be written to enable the same functionality. Using Offline Files APIs, a scheduled task can then launch the application.

Optimizing Folder States Based on User Category

To guarantee the best user experience, MSIT needed to optimize Offline Files settings based on the characteristics of the underlying network used by clients to connect to the server. Table 8 represents the user experience that MSIT anticipated, based on various user profiles.

Table 8. Optimizing Folder States Based on User Categories

User category

Desired predominant state

Desired user experience

Local users

Online

Users connect to the file server through a fast LAN link. Users access their files online directly on the server. Occasionally, if the server is unavailable, users temporarily work offline, automatically transitioning online when the server becomes available again.

Near branch office users

Usually offline

Users connect to the file server through a WAN link. Users predominately work in offline mode, with background synchronization occurring at regular intervals. Users can sporadically work offline if the server is unavailable.

Far branch office users

Online

A local file server is present. Same experience as the local user.

Mobile Users

Usually offline

Users predominately work in offline mode, with background synchronization occurring when system it connect to the corporate network via DirectAccess or MSIT VPN through a high speed internet connection.

Data Protection, Backup, and Recovery

Prior to implementing the IntelliMirror solution, users maintained their own user profile folders and corresponding unstructured data on various client computers. The content on these computers was often not backed up. Data was sometimes lost due to hardware failure, or by users reformatting and reinstalling their operating systems. By implementing data centralization, end users and MSIT administrators realized the benefits of a single representation of user profile folders across all domain-joined client computers.

Near Zero Data Loss

The deployment team also needed to implement a data protection model with the objective of achieving near zero data loss. A related goal was to use a backup infrastructure located in the head office by using a near Continuous Data Protection (CDP) model for unstructured data stored on file servers. Another goal was to mitigate user performance impacts while also minimizing the network traffic caused by backing up branch office file servers. The final goal was to provide a service that allowed users to perform their own data recovery operations for previous versions of files and folders without IT support staff assistance.

The first challenge for the deployment team was to achieve an effective yet consistent server schedule, regardless of geographical location. The second challenge was to mitigate the impact of the backup itself on the WAN links. This is sometimes difficult to achieve during full, incremental, or even differential backups. With a goal to implement a centralized backup solution that also provided a near CDP capability, it was clear to the team that the typical mid-market backup product would make this challenge difficult to achieve. The third goal was to limit any sustained noticeable performance impact during full, incremental, or differential backups.

Self-Service End User Data Recovery

One primary goal of data protection was to implement a solution that allowed end users to recover previous versions of their user profile folder content without the need for any IT involvement. MSIT chose to implement shadow copy for shared folders.

Shadow copy for shared folders can slightly impact performance. Lightly loaded servers detected no noticeable performance impact. To address performance impact on more heavily loaded servers, MSIT chose to allocate dedicated disks to help offload I/O activity.

MSIT chose to maintain two snapshots per day, but extended the operation to Saturday and Sunday. The snapshot allocation was maintained on the same volume that stored the data, with the default space allocation of 10%. The allocation provided users with access to a month of previous versions.

Note: For more information, about end user data recovery, see Planning for End-User Recovery at http://go.microsoft.com/fwlink/?LinkId=166655.

Shadow Copy for Shared Folders

Shadow copy for shared folders contributed to the TCO goal for the IntelliMirror solution. Shadow copy for shared folders, also known as previous version, is a Windows XP, Window Vista, Windows 7, Windows Server 2003, and Windows Server 2008 client and server feature that transparently maintains previous versions of files on selected volumes. It takes snapshots of an entire volume at particular points in time. Users can then selectively restore their own files and folders. Shadow copy for shared folders is enabled on a per-volume basis.

By default, snapshots are taken at 7:00 A.M. and 12:00 P.M. every weekday. In the MSIT implementation, the feature reduces IT operational costs by eliminating the need for Helpdesk intervention. Users can restore deleted, modified, or corrupted files from a snapshot of the volume. This represents a significant savings for Microsoft. The estimated overhead cost of a single standard Helpdesk and support team engagement is $200.

Data Protection Manager

The challenge to implement a backup solution that achieved a near Continuous Data Protection (CDP) model with minimum impact on WAN links was realized with Microsoft Data Protection Manager (DPM) 2007 SP1. This supported the data protection goal of the implementation.

DPM 2007 SP1 is a full featured data protection product designed to protect compatible applications and the Windows Server operating system. DPM delivers continuous data protection by using seamlessly integrated disk, tape, or cloud storage as a backup target.

Figure 2. Backing up client data using DPM

Figure 2. Backing up client data using DPM

DPM invokes Volume Shadow Copy Services (VSS) to create a one-time full replica of the protected data. Incremental recovery point synchronizations follow, by default every fifteen minutes. DPM is intended to provide a zero data loss recovery model when protecting applications such as Microsoft Exchange and Microsoft SQL Server®, and a near Continuous Data Protection (CDP) model for file servers where content can be protected on a fifteen-minute schedule.

Enable Continuous Data Protection

At the time of the initial IntelliMirror solution deployment, far branch office file servers had approximately 118 GB of consolidated data. Moving this data on a typical full backup schedule would have required more than six hours, based on WAN bandwidth and utilization. The deployment team confirmed this time requirement by testing various mid-market backup engines. Both tape and disk were used as backup targets. Moving this amount of data on a daily basis was not viable due to the impact on the WAN link between the head office and the far branch office. Implementing subsequent Incremental or differential backups were viable, but neither met the objective of achieving a near CDP model.

The team then tested DPM to validate its capability. The centralized DPM server protected file servers in the head office and the far branch office. Enabling centralized data protection for the far branch office server was the team's biggest concern. DPM mitigated this concern.

The team created two DPM protection groups, one for the far branch office server and another for the head office server. This configuration created an initial replica of the data for each server on a storage pool on the DPM server. The amount of data transferred over the network during this operation was comparable to a standard full backup implemented by other backup products. The time to complete the initial replica of approximately 118 GB of data for the far branch office server over the corporate WAN link was similar to the time to complete the initial replica of approximately 800 GB of data for the head office server over the LAN. Both initial replica jobs completed within six hours.

After the initial replica was completed, there would be no need to repeat the operation because the replica would update with periodic incremental synchronization operations according to a set schedule. This effectively allowed the team to remove 118 GB worth of network traffic. Otherwise, the WAN link would have been impacted on a daily or weekly basis, depending on data protection needs.

The deployment team maintained the default incremental synchronization policy that runs every fifteen minutes for the head office server and changed the synchronization policy to every two hours for the far branch office servers. This synchronization ensured that any data changes since the last synchronization were transferred and applied to the replica. DPM's ability to enable a one-time initial replica, along with subsequent incremental synchronization capabilities, allowed the team to achieve most of their data protection requirements.

Data Recovery Planning and Protecting the DPM Infrastructure

Backing up the file servers is a key requirement and the only way to ensure full recovery of data in the unlikely event that the integrity of the file server data is compromised.

Having a well-documented step-by-step procedure to enable data restoration was a key requirement to prevent data loss in any Folder Redirection and Offline Files solution deployment. Microsoft IT has a zero data loss Recovery Point Objective, meaning the solution had to allow for a complete data recovery.

DPM enables protection for file and application data, and provides fast and efficient recovery. Yet like any other infrastructure server, the DPM server itself needs to be protected from data loss or corruption.

Note: For more information about protecting the DPM server, see Preparing for Disaster Recovery at http://go.microsoft.com/fwlink/?LinkId=166657.

Benefits

The IntelliMirror solution realized significant benefits for Microsoft IT end users and administrators.

End Users

From an end user perspective, there are many advantages to participating in the IntelliMirror solution. Many of these advantages are visible to end users, and some are not.

Once a user subscribes to the IntelliMirror service, they have to take no additional action. User data, which previously may have been randomly backed up, or not backed up at all, is now predictably and automatically backed up to MSIT-managed network servers, with no user intervention required.

Data restores are now an easy, self-service operation. What used to require a call to the Helpdesk is now handled by shadow copy features that users can perform themselves.

User data files are available anywhere, and secured. Offline file synchronization enables users to access their documents from any computer and any location. With the use of Offline Files, users now have the same view of their Desktop, Documents, Favorites and Contacts, from any domain-joined computer that they log into. In addition to using Windows BitLocker® Drive Encryption, MSIT users can also encrypt their cached Offline Files.

IntelliMirror eases the setup of new computers, as a user immediately has access to all of their synchronized favorites and data folders.

Less visible to the end user, but just as important, the IntelliMirror solution, leveraging Offline Files, provides enhanced background file synchronization behavior. The solution detects and automatically adapts to a variety of connectivity states. Because of this, slow or unavailable connections do not impact offline file performance. A fast initial logon and a near local access performance experience is enabled from any network connection. These behaviors provide a seamless experience for end users.

IT Administrators

Microsoft IT was able to deliver a centralized, cost-effective solution that effectively scales for the enterprise. It provides benefits that span economics, network efficiencies, and an enhanced data protection model.

Deploying the IntelliMirror solution did not require a massive shift in installed systems, or a significant hardware investment. It leveraged technologies and features that were already available by default in Windows Server 2008 R2 and Windows 7. Windows Server 2008 R2 was largely in place in the network infrastructure, and the majority of customers were already using Windows 7. The service was straightforward to configure, as it leveraged the existing Microsoft worldwide enterprise server infrastructure, which was already secured and managed by Microsoft IT. An existing hardware inventory supplied the servers and storage for the solution.

A Continuous Data Protection was model achieved with little impact on WAN links. CDP efficiencies provide incremental file server backups every 15 minutes, and at the same time removed the significant WAN link effects of daily or weekly full backups.

WAN utilization and network usage has improved. The performance of SMB, the primary remote file protocol used by Windows client and server operating systems, has been optimized on slower networks. Lower WAN utilization and costs, combined with faster file access across geographical locations, has enhanced network usage for remote workers and branch offices.

The use of Windows Server 2008 R2 Hyper-V has effectively resolved some limitations on branch offices servers by giving complete ownership of the virtual machines to the individual service management teams.

Finally, the investment required to deploy and gradually scale IntelliMirror to support more users has proven to be more cost effective, particularly when balanced against the reduction in Helpdesk calls for data recovery services.

Best Practices

Infrastructure Planning and Deployment

  • File Server Memory Capacity. Because of the increasing affordability of RAM, which Block Caching uses to reduce chkdsk run times, consider adding extra memory capacity to file servers.

  • Quota Strategies. To avoid space issues, consider using the soft quota feature of File Server Resource Manager. This allows the administrator and the user to be aware of the space issue, while allowing the Folder Redirection process to proceed uninterrupted. After Folder Redirection is deployed, IT can address quota breaches according to its space management policy. Hard quotas can then be enforced, if required.

  • Supporting Legacy Operating Systems. Weigh deployment costs with available functionality when determining whether to include legacy operating systems. MSIT concluded that the complexity required to include the minority of users at Microsoft not yet running Windows 7 or Window Server 2008 R2 outweighed the benefits. The solution would not provide the same functionality to those users. For example, later versions of operating systems greatly improve the Offline Files experience. Users of earlier operating systems may encounter performance issues related to their online state, or may have to synchronize their files manually.

  • Dedicated Disks help offload I/O activity. Consider allocating dedicated storage to offset potential performance impacts. To address the performance impact of shadow copy for shared folders on more heavily loaded servers, MSIT allocated dedicated disks to offload I/O activity.

Failover Clustering

  • Shared Storage Support. Consider using shared storage that is compatible with Windows Server 2008 failover clusters, which requires support for SCSI Primary Commands-3 (SPC-3). The storage should also support Persistent Reservations (PR) as specified in the SPC-3 standard. Ensuring that the storage supports PR natively or with an appropriate firmware upgrade can be achieved by consulting with the storage vendor, or by running the Failover Cluster Validation Wizard included with the cluster feature.

  • Enhancing Redundancy and Availability. In a highly available storage fabric, it is possible to deploy failover clusters with multiple host bus adapters by using multipath I/O software. This provides the highest level of redundancy and availability. For Windows Server 2008, the multipath solution must be based on Microsoft Multipath I/O (MPIO). Hardware vendors usually supply MPIO device-specific modules for their devices. Windows Server 2008 includes several device-specific modules as part of the operating system.

  • Eliminate Single Points of Failure. The single host bus adapter connection is potentially a possible single point of failure. Consider addressing this by adding a second host bus adapter to Node 1 and Node 2. This requires a second fiber switch and the installation of MPIO or an appropriate third-party device-specific module. At the time of deployment, MSIT did not have access to a second switch and proceeded with the implementation with the understanding that a single host bus adapter was not a best practice configuration.

Recreating Data Sets

In a scenario where a backend storage array is impacted by a multi-drive failure that compromises a RAID group, resulting in the loss of all user data, an IT administrator must repair the RAID group and recreate a new volume to recover the data. The Offline Files cache cannot resynchronize to the new volume as a mechanism to recreate the data set. If this occurs, the synchronization algorithm will interpret the missing files and folders on the share as intentionally deleted. Those folders and files would then be deleted on the client's local cache at the next synchronization. If an IT administrator recreates the new volume and subsequently creates a share without restoring the data first, this can result in the deletion of Offline Files cached content.

For recovery from the failure scenario described above, the IT administrator should repair the RAID group, create a new volume, and then perform a full volume restore from the last known good backup. This should be performed without creating a share for the users to access the data. Only when the restore is complete should the original share be recreated, which will allow users to reconnect and synchronize the changes in their Offline Files cache back to the file server.

Conclusion

The IntelliMirror solution is a clear case of doing more with less. Microsoft IT took advantage of existing technologies and infrastructure capabilities to deliver a cost-effective and centrally managed user data backup and management model with self-service capabilities. The solution leveraged technologies available by default in Windows Server 2008 R2 and Windows 7. The IntelliMirror solution leveraged the Microsoft worldwide Enterprise Server Infrastructure, which was already secured and managed by Microsoft IT.

The IntelliMirror solution has lowered storage requirements. The cost of deploying and gradually scaling IntelliMirror to meet increasing user counts has proven to be a cost effect and secure solution, particularly when factoring in the reduction in Help Desk calls for data recovery services. Based on user counts and the need to add and configure additional drive space as required, the average monthly cost to provide the IntelliMirror service is between $3.50 — $5.00 USD per user, per month, depending on quota limits.

For More Information

For a related article on the IntelliMirror deployment at Microsoft, go to:

Improving the IntelliMirror Service at Microsoft Through Windows 7 and Windows Server 2008 R2 at http://technet.microsoft.com/en-us/library/gg261717.aspx.

For more information about Microsoft products or services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Order Centre at (800) 933-4750. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information via the World Wide Web, go to:

http://www.microsoft.com

http://www.microsoft.com/technet/itshowcase

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.

This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

© 2011 Microsoft Corporation. All rights reserved.

Microsoft, Active Directory, Forefront, Hyper-V, IntelliMirror, Internet Explorer, Windows, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

All other trademarks are property of their respective owners.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft