Read-only replicated folders on Windows Server 2008 R2

Why deploy read-only replicated folders?

Consider the following scenario. Contoso Corporation has a replication infrastructure similar to that depicted in the diagram below. Reports are published to the datacenter server and these need to be distributed to Contoso’s branch offices. DFS Replication is configured to replicate a folder containing these published reports between the datacenter server and branch office servers.

The DFS Replication service is a multi-master file replication engine – meaning that changes can be made to replicated data on any of the servers taking part in replication. The service then ensures that these changes are replicated out to all other members in that replication group and that conflicts are resolved using ‘last-writer-wins’ semantics.

Now, a Contoso employee working in a branch office accidentally deletes the ‘Specs’ sub-folder from the replicated folder stored on that branch office’s file server. This accidental deletion is replicated by the DFS Replication service, first to the datacenter server and then via that server to the other branch offices.

Soon, the ‘Specs’ folder gets deleted on all of the servers participating in replication. Contoso’s file server administrator now needs to restore the folder from a previously taken backup and ensure that the restored contents of the folder once again replicate to all branch office file servers.

Administrators need to monitor their replication infrastructure very closely in order to prevent such situations from arising or to recover lost data if needed. Strict ACLs are a way of preventing these accidental modifications from happening, but managing ACLs across many branch office servers and for large amounts of replicated data quickly degenerates into an administrative nightmare. In case of accidental deletions, administrators need to scramble to recover data from backups (often up-to-date backups are unavailable) and in the meantime, end-users face outages leading to loss of productivity.

This situation can be prevented by configuring read-only replicated folders on branch office file servers. A read-only replicated folder ensures that no local modifications can take place and the replica is kept in sync with a read-write enabled copy by the DFS Replication service. Therefore, read-only replicated folders enable easy-to-deploy and low-administrative-overhead data publication solutions especially for branch office scenarios.

How does all this work?

For a read-only replicated folder, the DFS Replication service intercepts and inspects every file system operation. This is done by virtue of a file system filter driver that layers above every replicated folder that is configured to be read-only. Volumes that do not host read-only replicated folders or volumes hosting only read-write replicated folders are ignored by the filter driver.

• Only modifications initiated by the service itself are allowed – these modifications are typically caused by the service installing updates from its replication partners. This ensures that the read-only replicated folder is maintained in sync with a read-write enabled replicated folder on another replication partner (presumably located at the datacenter server).

• All other modification attempts are blocked – this ensures that the contents of the read-only replicated folder cannot be modified locally. As shown in the below figure, end-users are unable to modify the contents of the replicated folder on servers where it has been configured to be read-only. The behavior is similar to that of a read-only SMB share – contents can be read and attributes can be queried for all files, however, modifications are not possible.

A note on connections

Please note that connections between replication members should continue to be two-way connections.Microsoft does not recommend or support the configuration of one-way connections between replication members.

The DFS Replication service prevents local modifications to replicated data on members hosting read-only replicated folders. Also, the service ensures that absolutely no changes are replicated out from a member hosting a read-only replicated folder to other replication member servers. Therefore, there is no fear of unwanted changes replicating out from a member server configured to be read-only. As a result of these features, we recommend setting up two-way connections even if one of the replication partners hosts a read-only replicated folder. The outbound connection from the member server hosting the read-only replicated folder will only be used for version vector comparison and the service will ensure that no changes are replicated out.

Therefore, the read-only replicated folders feature precludes the need for configuring one-way replication using one-way replication connections between member servers.

Deployment configurations

In a given replication group, a member server hosting a read-only replicated folder must be connected to a replication partner hosting the corresponding read-write enabled replicated folder.

Therefore, it is not possible to connect two members hosting read-only replicated folders to each other. On Windows Server 2008 R2, the DFS Management console performs appropriate connection topology validation to ensure that this requirement is met.