0% found this document useful (0 votes)
13 views17 pages

Chapter3 - Resource Access

Uploaded by

Nguyễn Du
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
13 views17 pages

Chapter3 - Resource Access

Uploaded by

Nguyễn Du
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 17

VNUHCM UNIVERSITY OF SCIENCE

FACULTY OF ELECTRONICS TELECOMMUNICATIONS


DEPARTMENT OF TELECOMMUNICATIONS NETWORKS

COURSE
NETWORK TECHONOLOGY

Chapter 1 FILE SYSTEM


RESOURCE ACCESS
03
Editor: Nguyen Viet Ha, Ph.D.

October 01, 2024

Lecturer: Nguyen Minh Tri, Ph.D. Email: [email protected] 2

File system File system


File system is a way for a computer to FAT (The File Allocation Table) (1970s)
organize the data on a storage device. It may be older than most operating systems around today, but it's
Is a collection of algorithms and data still useful.
structure. Sizes of the clusters: 8 bits
o Perform the translation from logical file
operations to actual physical storage of
FAT32 (1995)
information.
Sizes of the clusters: 32 bits
Maximum size of the individual files is 4 GB.
Responsible for separating a piece of data from Partition should be less than 8 TB.
what's next to it, controlling which users have
access to what files, storing attributes of files,
and much more. Still use because it's a universally recognized file system.
o E.g., transfer files between different operating systems.

3/68
/50 4/68
/50
File system File system
exFAT (Extensible FAT) (2006) NTFS (New Technology File System) (1993)
In 2019, no longer proprietary (Microsoft). Default used by Windows. Default for OS partition.
Sizes of the clusters: 4 KB to 2 MB.
Sizes of the clusters: 64 bits No practical limitations on file sizes or partition sizes.
o Maximum volume size: 256 TB.
No practical limitations on file sizes or partition sizes. o Maximum file size: 256 TB.
o File size limit is just under 16 EB (Exbibyte) or 1.845e+7 TB
Supports permissions and encryption (Encrypting File System - EFS).
Faster at writing and reading data than FAT32 drives. Compress files, folders, or the whole drive.
Allows to recover when computer crashes.
Can restore deleted or formatted files. Disk quotas format volumes up to 2TB (limiting the number of space
users can consume).
Shadow copies of your backup (a snapshot of a volume)
5/68
/50 6/68
/50

File system File system


ReFS (Resilient File System) (2012) ReFS (Resilient File System) (2012)
Microsoft's newest file system. Microsoft's newest file system.
Supports both 4K and 64K cluster sizes. Supports both 4K and 64K cluster sizes.

Key benefits Key benefits


o Resiliency o Scalability
Can precisely detect and fix corruptions while remaining Extremely large data sets - millions of terabytes.
online. Maximum file size: 35 PB (petabytes)
Provide increased integrity and availability for data. Maximum volume size: 35 PB.
o Performance 1 PB = 1000 TB
New features for performance-sensitive and virtualized
workloads.
Ex: Real-time tier optimization, block cloning, and sparse
VDL.
7/68
/50 8/68
/50
File system File system
ReFS (Resilient File System) (2012) ReFS (Resilient File System) (2012)
NTFS specifically for general-purpose but ReFS for customers NTFS specifically for general-purpose but ReFS for customers
specially requiring the availability, resiliency, and/or scale. specially requiring the availability, resiliency, and/or scale.

ReFS for use with the following configurations and scenarios: ReFS for use with the following configurations and scenarios:
o Storage Spaces Direct: a software-defined storage solution that o Storage Spaces: a technology in Windows and Windows Server
allows you to share storage resources in your converged and that can help protect your data from drive failures.
hyperconverged IT infrastructure. Similar to RAID, implemented in software

o Basic disks: a type of hard drive configuration, available with the


Windows operating system.

o Backup target.
9/68
/50 10/68
/50

File system File system


https://learn.microsoft.com/en-us/windows- https://learn.microsoft.com/en-us/windows-
ReFS (Resilient File System) (2012) server/storage/refs/refs-overview ReFS (Resilient File System) (2012) server/storage/refs/refs-overview

11/68
/50 12/68
/50
File system
https://learn.microsoft.com/en-us/windows-
ReFS (Resilient File System) (2012) server/storage/refs/refs-overview

2 File Attributes

13/68
/50 14

File Attributes File Attributes


Each folder and file that is stored on a filesystem contains a metadata Basic Attributes (cont.)
component that stores information about the folder or file.
Read-only attribute for a file:
Attributes are stored within this metadata o Contents cannot be saved to the same file name
component, along with other characteristics o Cannot delete by using a command within a Windows PowerShell
including ownership, permissions, date of or Command Prompt window.
creation, and time of last access.
However, it can be deleted within File Explorer.

Basic Attributes Read-only attribute for a folder:


Read-only o Applies to existing files within the folder only, and not the folder
Hidden itself.

15/68
/50 16/68
/50
File Attributes File Attributes
Basic Attributes (cont.) Basic Attributes (cont.)

Hidden attribute: Hidden attribute:


You also can o Prevent users from listing their names.
configure File
Explorer to view o However, you can add an option to a command to view the
hidden folders. hidden folder or file.
EX:
in MS-DOS command
in Windows PowerShell
command.

17/68
/50 18/68
/50

File Attributes File Attributes


Advanced Attributes Advanced Attributes
NTFS offers four advanced attributes for folders and files: Archive Attribute
o Archive o Indicates that the folder or file needs to be backed up.
o Index o Automatically enabled on files, but not folders.
o Compress
o Encrypt o File backup software can detect files with the archive attribute to
ensure that modified files are backed up.
o The backup software often removes the archive attribute
following the backup process.

19/68
/50 20/68
/50
File Attributes File Attributes
Advanced Attributes Advanced Attributes
Index Attribute Compress Attribute
o Legacy Windows Indexing Service is used to obtain a list of o In order to conserve space, the contents of a file can be stored
files whose name or content matches your search based on a pre- on the filesystem in compressed format.
created list called an index.
o The Windows Search Service is a faster and available on o If you enable the compress attribute on a file the system
Windows Server. compresses the file on the filesystem, and automatically
Windows 10, 11 clients can directly access the Windows decompresses it when you access it.
Search Service on a Windows Server file server when
searching for shared files. o Any changes you make to the file are then compressed before
being written to the filesystem.
o By default, all new files have the index attribute.
o Apply changes to this folder, subfolders and files when prompted.
21/68
/50 22/68
/50

File Attributes File Attributes


Advanced Attributes Advanced Attributes
Encrypt Attribute Encrypt Attribute
o Encrypt the data before it is stored on the filesystem. o In a workgroup, your local user account stores EFS public and
o This filesystem feature is called Encrypting File System (EFS). private keys.

o The system symmetrically encrypts the data within the file using o In Active Directory domain, these keys are stored within your
a randomly generated symmetric key that is stored in the domain user account such that you can access them from any
metadata. computer within the forest.
o Next, the public key within your user account is used to EFS private key is integrated into the password attribute of
asymmetrically encrypt the symmetric key stored within the your user account.
metadata. If clear or reset your password, the private key is lost.
If your user account does not have public and private keys, Will not be able to access any EFS-encrypted files.
they will be generated and stored within your user account.
23/68
/50 24/68
/50
File Attributes File Attributes
Advanced Attributes Advanced Attributes
Encrypt Attribute Encrypt Attribute
o Each time you encrypt a file using a domain user account, a o Optionally allow other users
second copy of the symmetric key is added to the metadata to decrypt its contents.
and encrypted with a recovery public key.
Default is the Domain Admins group in your domain. Work on a sensitive file
Any member of the Domain Admins group will be able to with other people in your
decrypt your EFS-encrypted files organization.
You can then encrypt them again to secure their contents.

o No recovery agent in workgroup


should back up your EFS public and private keys to removable
media.
25/68
/50 26/68
/50

File Attributes File Attributes


Advanced Attributes Advanced Attributes
Encrypt Attribute
o When you copy or move an encrypted file to another folder Notes:
within an NTFS, FAT32, or exFAT filesystem on the same o Because the encrypt and compress attribute use the same
computer or removable media, that file remains encrypted, metadata section, you cannot enable the encrypt and compress
even if you rename it. attributes on the same file.

o In Active Directory domain, the same holds true for copying or o If you attempt to enable the encrypt attribute on a compressed
moving the file to a different NTFS, FAT32, or exFAT filesystem on file, the compress attribute will be deselected automatically.
another system.

o If a filesystem that does not support EFS (such as ReFS, or FAT32


on a Windows 7 system), the file is automatically decrypted.

27/68
/50 28/68
/50
File Attributes
Extended attributes
File system features associated files with metadata not interpreted
by the filesystem.

Typical uses include storing the author/owner of a document, file


times, the character encoding of a plain-text document, or a
checksum, cryptographic hash or digital certificate, and discretionary
access control list (DACL).
3 Managing Folder and File Security

NTFS can store arbitrary-length extended attributes in the form of


Alternate Data Streams (ADS), a type of resource fork.

* fork is a set of data associated with a file-system object.


29/68
/50 30

Access Control Lists (ACLs) Access Control Lists (ACLs)


Two types of ACLs: Two types of ACLs:

Discretionary Access Control List (DACL) System Access Control List (SACL)
o Lists the permissions given to user and group accounts and is o Contains information used to audit the access to
used to grant or deny access to the resource. the resource.
Can monitor who has successfully viewed the
Security contents and who has tried to view the
Identifiers (SID) contents but failed because of DACL
restrictions.
If no SACL is configured, auditing is disabled
for the resource.
Access Control
Entries (ACE)

31/68
/50 32
Access Control Lists (ACLs) NTFS/ReFS Folder and File Basic Permissions
Two types of ACLs:

By default, the owner of a resource, the local Administrator user


account (within a workgroup), and members of the Domain Admins
group (within a domain) can configure DACLs and SACLs.

Folders and files on an NTFS or ReFS filesystem support both DACLs


and SACLs.

33/68
/50 34/68
/50

NTFS folder Effects of Copying and Moving Files and Folders


and file Effects of copying files and folders
Advanced Within a single NTFS partition: the copy of the folder or file inherits
permissions the permissions of the destination folder.

To a different NTFS partition: the copy of the folder or file inherits


the permissions of the destination folder.

To a non-NTFS partition (e.g., FAT partition): the copy of the folder


or file loses its NTFS permissions.

35 36/68
/50
Effects of Copying and Moving Files and Folders Inherited permissions
Effects of moving files and folders Permissions are best managed for containers of objects.
Within an NTFS partition: the folder or file retains its original
permissions.
Objects within the container inherit
To a different NTFS partition: the folder or file inherits the all the access permissions in that
permissions of the destination folder. container.
To stop subfolders from
To a non-NTFS partition: the folder or file loses its NTFS permissions. inheriting access permissions,
you must explicitly clear a
setting that causes the
inheritance. (Disable inheritance)

37/68
/50 38/68
/50

Inherited permissions Inherited permissions


You receive the permissions on a folder or file that are assigned to your If none of the Allow or Deny boxes are checked, then the associated
user account and any group accounts that you belong to. user or group has no access to the folder.

Ex: If the Deny box is checked, this overrides any other access.
o If your user account is granted Read permission to a file and a Ex:
group that your user account belongs to is granted Full control to o If your user account is granted Read permission to a file, and a
the same file group that your user account belongs to is denied Read
Receive Full control when accessing the file. permission to the same file.
Denied Read access to the file.

39/68
/50 40/68
/50
Folder and File Ownership
Each folder and file on a system must have an owner, which, by default,
is the user that created the file.

The owner of a folder or file can change the ownership to another user.
If granted the Take ownership advanced permission or Full control
permission
Can change the owner of it to yourself.
After that, can change the permissions on it.
4 Shared Folders

The Administrators group always has the right to take ownership of any
folder or file, regardless of the permissions set.
If you create a folder or file as the Administrator user, the
Administrators group automatically becomes the owner of it.

41/68
/50 42

Sharing Folders Using SMB Sharing Folders Using SMB


There are two different protocols Server Message Block (SMB)
that can be used to share folders Client-server communication protocol that provides shared access to
on Windows Server systems: network files and resources between nodes on a network.

Server Message Block (SMB) Also called Common Internet File System (CIFS)

Network File System (NFS) Native protocol for computers running on Microsoft Windows.

Enabled by default.

43/68
/50 44/68
/50
Sharing Folders Using SMB Sharing Folders Using SMB
Sharing a Folder using Folder Properties. Sharing a Folder using Folder Properties.

Shared folder permission:


o Read Allows groups or users to read and execute files.

o Read/Write Allows groups or users to read, execute, delete,


and modify the contents of files, as well as add and delete
subfolders.

o Owner Automatically assigned to the owner of the folder, it


allows the owner to read, execute, delete, and modify the
contents of files, as well as add and delete subfolders and modify
share permissions.
45/68
/50 46/68
/50

Sharing Folders Using SMB Sharing Folders Using SMB


Must be granted both shared folder permissions and NTFS/ReFS To connect to the shared folder from another computer on the network
permissions in order to access files within a shared folder on an NTFS or Searching Universal Naming Convention (UNC) within File Explorer.
ReFS filesystem. Entering UNC within the navigation bar of File Explorer .
Entering UNC the Windows Run dialog box.
EX:
If you are granted Read/Write share permission to a shared folder o UNC:
and attempt to access a file within the shared folder that grants you \\servername\sharedfoldername
Read NTFS/ReFS permission, you will only be able to read the \\IPaddress\sharedfoldername
contents of the file.
If you are granted Read share permission to a shared folder, and
attempt to access a file within the shared folder that grants you
Modify NTFS/ReFS permission, you will only be able to read the On a UNIX, Linux, or macOS system
contents of the file.

47/68
/50 48/68
/50
Sharing Folders Using SMB Sharing Folders Using SMB
Offline file caching feature Sharing a Folder using Server Manager
A copy is downloaded to a cache
folder on their local computer.
o To prevents a network disruption
from impacting the editing of files
or execution of a program within
the shared folder.

When the user disconnects from the shared folder, any modified files
within the cache folder are then uploaded to the shared folder.

If two or more users attempt to cache the same file, they have the
option of choosing whose version to use or of saving both versions.

49/68
/50 50/68
/50

Sharing Folders Using SMB Sharing Folders Using NFS


Sharing a Folder using Server Manager NFS (Network File System)
A file service protocol that enables users to access files on a remote
SMB Share Quick: simple wizard. server, making it a distributed file system.

SMB Share Advanced: to additionally configure file Server-client architecture to provide multiple computers access to
classifications and folder quotas files over a local network.

SMB Share Applications: to automatically configure NTFS/ReFS It allows a computer on which the NFS server is running to export its
permissions on the folder that are compatible with most applications. file systems to other clients, which means it is made available to
clients on different OS platforms.

Designed for UNIX systems and thus, includes support for UNIX
filesystem features, such as ownership and UNIX-style permissions.
51/68
/50 52/68
/50
Sharing Folders Using NFS Sharing Folders Using NFS
On Windows Server, must first install the Server for NFS server role. NFS was designed for UNIX systems that shared the same user
database, either by coordinating the user ID (UID) and group ID (GID)
numbers assigned to each UNIX user in the UNIX user database stored
Sharing a Folder using Folder Properties. on each system, or by providing centralized authentication for users on
the network using Kerberos.

Because Active Directory provides centralized user authentication using


Kerberos, NFS works well within an Active Directory environment for
sharing files between UNIX, Linux, macOS, and Windows systems.

53 54/68
/50

Sharing Folders Using NFS Sharing Folders Using NFS


Shared folder permissions: NFS shared folder permissions and NTFS/ReFS permissions must both
Read-Only Allows computers to read and execute files. be satisfied in order to gain access to an NFS shared folder.
Read-Write Allows computers to read, execute, delete, and modify
the contents of files, as well as add and delete subfolders. EX:
If your computer is granted Read/Write permission to an NFS shared
o Allow root access option will folder, and you attempt to access a file within the shared folder that
also allow the root user (the grants you Read NTFS/ReFS permission, you will only be able to read
equivalent of Administrator on a the contents of the file.
UNIX, Linux, or macOS system) If your computer is granted Read permission to an NFS shared
to access the NFS share. folder, and you attempt to access a file within the shared folder that
grants you Modify NTFS/ReFS permission, you will only be able to
read the contents of the file.

55/68
/50 56/68
/50
Sharing Folders Using NFS Sharing Folders Using NFS
Sharing a Folder using Server Manager Sharing a Folder using Server Manager

NFS Share Quick: simple wizard.

NFS Share Advanced: to additionally configure file classifications


and folder quotas

57/68
/50 58/68
/50

Publishing a Shared Folder in Active Directory Publishing a Shared Folder in Active Directory
Active Directory allows you to create objects that represent network
resources, such as shared folders. (publishing)

If you publish a shared folder to Active Directory, users will be able to


locate that shared folder quickly using the LDAP (Lightweight Directory
Access Protocol) component of Active Directory.

After a shared folder has been published to Active Directory, domain


users can search Active Directory for shared folders using File Explorer
on their Windows system.

Publishing a shared folder to Searching for published shared


Active Directory folders within File Explorer

59/68
/50 60/68
/50
Distributed File System (DFS)
Distributed File System (DFS) provide the
ability to logically group shares on multiple
servers and to transparently link shares into a
single hierarchical namespace.

5
DFS organizes shared resources on a network
Distributed File System (DFS) in a treelike structure.

61 62/68
/50

Distributed File System (DFS) DFS Namespaces


Two separate server roles comprise DFS: A typical organization has many different file servers.
DFS Namespaces provides a central location from which users can
access the different shared folders within their organization.
Each file server usually hosts many different shared folders.
o It can be installed on one or
more file servers within your
organization. While publishing shared folders makes it easier for users to locate a
specific shared folder, it does not provide an easy way to browse the
available shared folders within the organization.
DFS Replication can
synchronize folder contents
between different servers.
o It must be installed on every Solution: create a DFS namespace shared folder.
server that synchronizes
folder contents.

63/68
/50 64/68
/50
DFS Namespaces DFS Replication
DFS namespace folder provides a visual Allow folders on two or more file servers to synchronize contents.
representation of multiple shared folders
on the network. DFS replication topology:
Full mesh allows each server within
After accessing the DFS namespace the replication group to replicate
folder, users will see subfolders that directly to all other members,
represent the shared folders on the file consuming additional network
servers within the organization. bandwidth as a result.

Hub and spoke will force replication


When users navigate to a target, they are
to occur via a central member to
automatically forwarded to the associated
minimize network traffic.
shared folder on the network.

65/68
/50 66/68
/50

DFS Replication
THANK YOU FOR YOUR ATTENTION
Remote differential compression (RDC)

Only replicates the changes.

Can cause synchronization problems if a


large number of users continually modify
the same file.
o Should disable RDC for each
connection within the replication group
Nguyen Minh Tri, Ph.D.
Department of Telecommunications and Networks
Faculty of Electronics and Communications
University of Science, Vietnam National University, Ho Chi Minh City
Email: [email protected]
67/68
/50

You might also like