User Home Folders

[glenimp617]

Hi Everyone,

Just wondered what everyone else is going with their users home drives?

Let's say a company with 5,000 employees gives their users 10gb each. That's 50tb in total. Ignoring data dedupe and the like I'm interested in how you are provisioning the storage and serving it to users.

Obviously creating a 50tb volume and sharing it out is a big no no. If the volume needed a chkdsk or simply failed and needed restoring it would take ages. San snapshots are in place for cyber attacks already.

Currently we have a large file server farm under a DFSN share. Each file server has multiple 2tb volumes with departments living on each. There is also DFSR enabled for various departments replicated to a secondary data centre.

Example

FILESERVER1

D:\Marketing
E:\Finance

FILESERVER2

D:\HR
E:\Facilities

so all the users in marketing get their home drives within the marketing folder. The issue is one company has a huge turn over of staff and they often change departments. This is an issue when their data then finds itself in the wrong department.

Ideally I'd like to merge all user data together, but don't want a huge volume, nor add to any admin burden

any tips?

 

[glenimp617]

Thanks for your reply. What you have suggested is pretty much what we are already doing. Kinda thought in this day and age there would be a better solution. The project was designed and implemented by myself a couple of years ago but now have a bit of free time I'm looking to make some improvements.

 

[glenimp617]

Move the home folders out of the a departmental structure into the own areas.
\\Server1\Homefolders\%username%

We do it by physical branch location

\\Server1\Birmingham\HomeFolders\%username%
\\Server1\Southampton\HomeFolders\%username%

Then you have another area for Departmental data

\\Server1\HR\

I've thought about that, but we only have two huge sites

 

[glenimp617]

Have you thought through permissions issues?

Do you allow people to have access to others' home drives? E.g. secretary & boss or boss & employee who's left. If so, I suggest you resist the temptation to assign them directly but create groups instead (e.g. u_%username%). This makes management much easier. You can refine it to add read-only, read-write, etc.

We would never allow that. Permissions are 100% perfect

 

[glenimp617]

Another reason for implementing groups on home directories is security: it allows first-line support to change the groups' memberships without giving them permissions to home directories.

Yeah that was all done during the file server project

I think the original solution was correct, we just need a small finishing piece to perfect it. It's going to almost certainly involve some kind of automation (be it MIM or even some powershell/vbs)