Work Folders - Deep Dive

Fabian Uhse

background and intro client deployment system Architecture and server

deployment behind the scenes data protection and security multi-server deployments and migrations monitoring and reporting

Agenda

Trusted File Servers

Exabytes deployedannually

Richecosystem

Original serverworkload

Simple andefficient

Trusted File Servers

Introducing Work Folders

• Allow information workers to access their individual data

• … that is centrally located on a traditional file server

• … from all of their devices

• … from wherever they are

• … while remaining in compliance with policies

File Sync Solutions

Consumer / personal

data

Individual work data

Team / group work data

Personal

devices

Data location

OneDrive Public cloud

OneDrive for Business SharePoint / Office 365

Work Folders File server

Offline Files / Folder Redirection File server

Client deployment

Demo

Client Deployment Options• Manual• Auto-discovery of server URL based on email address• Explicit entry of sync server URL

• Opt-in• Settings delivered via Group Policy, SCCM or Intune• User decides if they want to use Work Folders on that device

• Mandatory• Settings delivered via Group Policy, SCCM or Intune• No user action required

Logical System Overview

File and Storage Services sub-roleServer Manager provides a consolidated view of sync activity across your serversAn additional access protocol

Multiple Sync Shares per server Each share maps to a file system location Users/groups associated with a single share Policy defined per share

Files stay in sync across all devices Local changes sync back to server and then to other devices SMB clients can continue to work directly with server files

Single Server Deployment

Data managementQuotasFile screensReportingClassificationRMS protection

Device management policyLimit access to registered devicesFile encryption / selective wipeRequire password / device lock

AuthenticationKerberos (Windows Auth)Digest (Windows Auth)ADFS (OAuth)

https://workfolders.contoso.com

Server deployment

Demo

How A File Stays In Sync

• Data directory• Version database• Download staging

dir

• Data directory• Version tables• Upload staging

dir

1. Local change detected

2. Initiate sync session with server

3. Upload file to server

4. Server applies change to data dir

5. Sync initiated by second client

6. Download file from server

7. Client applies change to data dir• Client limited to 1 partnership per user per device

• Client always drives sync

• Device applying the change responsible for conflict resolution

Sync Communications Protocol

• Allowing http connections• Registry setting on client• Useful only for initial testing

• Defaults• Clients will only connect over port 443• Requires a signed SSL cert on server

to establish trust and encrypt data

• Terminating SSL at the edge• Proxy configured with the same signed

SSL cert• Internal clients routed thru proxy or

directly to sync server

Backup And Recovery

• Server recovery• VSS writer supports full server restore• Database repair is fully automated

• Selective file restore• Can be performed on client or server• Restored file becomes latest version• Sync to other devices

• Client recovery• Exclude database from backups• Work Folders reconstitutes database• Content merged with server content

End-To-End Security

Additional Options

Secure by default

Ecosystem

Protecting your data

Demo

Multi-Server Deployments

Why multiple servers?

• Scale-out for capacity• Branch / regional offices• Departmental server management• Separate data stores for compliance

Challenges we need to solve

• Finding the right server• Keeping configuration simple for the end user• Make it easy to move users between servers

Multi-Server Deploymentsjoe@contoso.com

??

How does Joe connect to the right Work Folders server?

Some simple options:Email him a URL

Configuration management tools

When we migrate Joe to a different server he needs a new URL…

Auto Discovery1

1. Client resolves a standard URL: https://workfolders.contoso.com

joe@contoso.com

Auto Discovery1

2

1. Client resolves a standard URL: https://workfolders.contoso.com

2. DNS returns a server address for discovery (Sync1)

joe@contoso.com

workfolders.contoso.comA=Sync1A=Sync2

Auto Discovery1

2

1. Client resolves a standard URL: https://workfolders.contoso.com

2. DNS returns a server address for discovery (Sync1)

3. Client sends discovery request to server

3

joe@contoso.com

Auto Discovery1

2

1. Client resolves a standard URL: https://workfolders.contoso.com

2. DNS returns a server address for discovery (Sync1)

3. Client sends discovery request to server

4. Server retrieves user property: MSDS-SyncServerURL (Sync3)

4

3

joe@contoso.com

SyncServerURLJill = Sync1Bob = Sync1Joe = Sync3Jen = Sync2

Auto Discovery1

2

1. Client resolves a standard URL: https://workfolders.contoso.com

2. DNS returns a server address for discovery (Sync1)

3. Client sends discovery request to server

4. Server retrieves user property: MSDS-SyncServerURL (Sync3)

5. Client receives and stores its sync server URL for use in all future sync sessions

4

3

5

joe@contoso.com

SyncServerURLJill = Sync1Bob = Sync1Joe = Sync3Jen = Sync2

Auto Discovery1

2

1. Client resolves a standard URL: https://workfolders.contoso.com

2. DNS returns a server address for discovery (Sync1)

3. Client sends discovery request to server

4. Server retrieves user property: MSDS-SyncServerURL (Sync3)

5. Client receives and stores its sync server URL for use in all future sync sessions

6. Client syncs with designated server

4

3

5

joe@contoso.com

6 SyncServerURLJill = Sync1Bob = Sync1Joe = Sync3Jen = Sync2

Interoperability & Migrations

• Moving users between Work Folders servers• Update AD user attribute• Move user to a different Sync Share

group• Auto-discovery kicks in

• Home Folders and Folder Redirection• Server-side full interop for legacy

devices• Not advised on same client as Work

Folders• Map to existing directory structure on

server

• Migrating from another server• Server-side data staging• Client-side data cleanup and migration

Key Takeaways

Fully leverage any existing file server investment

Simple to deploy, use and manage

Maintain control of your organization’s data

Empower employees to be productive

Get insight into data currently on user devices

PCIT-B322 Deploying and Managing Work Folders was Wednesday – watch it online!

Hands-on LabsPCIT-H322: Windows Server 2012 R2: Implementing Work Folders

Hall E: Available any time

MS Blog: “The File Cabinet”http://blogs.technet.com/b/filecab/archive/2013/07/10/introducing-work-folders-on-windows-server-2012-r2.aspx

Related Content 

Evaluate this session

Scan this QR code to evaluate this session.

© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Resources

Learning

Microsoft Certification & Training Resources

www.microsoft.com/learning

msdn

Resources for Developers

http://microsoft.com/msdn

TechNet

Resources for IT Professionals

http://microsoft.com/technet

Sessions on Demand

http://channel9.msdn.com/Events/TechEd

Complete an evaluation and enter to win!

© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.