Get affordable, high-performance software-defined storage

Reduce storage costs and scale your datacenter with the software-defined storage capabilities of Windows Server 2016.

Reduce storage cost

Build highly available, scalable, software-defined storage solutions at a fraction of the cost of a storage area network (SAN) or network-attached storage (NAS). Storage Spaces Direct lets you use industry-standard servers with local storage.

Create affordable business continuity

Prepare for the worst using synchronous storage replication for disaster recovery across datacenters.

Ensure storage resources for critical apps

Centrally manage and monitor storage performance, control workload access to storage resources, and keep noisy neighbors from impacting performance using storage Quality of Service (QoS) policies.

Get an overview of QoS

Ensure storage resources for critical apps

Reduce capacity needs and cost structure with deduplication

Use improved data deduplication capabilities to support volume sizes up to 64 TB and file sizes up to 1 TB, plus gain volume space savings of up to 90 percent.

Watch a demo on data deduplication

VIDEO

Examine the software-defined datacenter

Discover the compute, network, and storage benefits of the Windows Server 2016 software-defined datacenter.

SERVER STORAGE BLOG

Visit the blog

<?xml version="1.0" encoding="UTF-8"?><rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:wfw="http://wellformedweb.org/CommentAPI/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" xmlns:slash="http://purl.org/rss/1.0/modules/slash/" > <channel> <title>Storage at Microsoft</title> <atom:link href="https://blogs.technet.microsoft.com/filecab/feed/" rel="self" type="application/rss+xml" /> <link>https://blogs.technet.microsoft.com/filecab</link> <description>The official blog of the Windows and Windows Server storage engineering teams</description> <lastBuildDate>Tue, 11 Jul 2017 21:40:46 +0000</lastBuildDate> <language>en-US</language> <sy:updatePeriod>hourly</sy:updatePeriod> <sy:updateFrequency>1</sy:updateFrequency> <item> <title>Storage Spaces Direct on Intel® Xeon® Scalable Processors</title> <link>https://blogs.technet.microsoft.com/filecab/2017/07/11/storage-spaces-direct-on-intel-xeon-processor-scalable-family-codename-purley/</link> <comments>https://blogs.technet.microsoft.com/filecab/2017/07/11/storage-spaces-direct-on-intel-xeon-processor-scalable-family-codename-purley/#comments</comments> <pubDate>Tue, 11 Jul 2017 16:15:33 +0000</pubDate> <dc:creator><![CDATA[clausjor]]></dc:creator> <category><![CDATA[Software Defined Storage]]></category> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[Windows Server 2016]]></category> <category><![CDATA[S2D]]></category> <category><![CDATA[Storage Spaces Direct]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/filecab/?p=8075</guid> <description><![CDATA[Hello, Claus here again. As you have probably noticed by now, we have a great ongoing collaboration with Intel. In this blog post we are going to look at Windows Server 2016 Storage Spaces Direct on Intel’s latest and greatest hardware, which includes a new processor family, Intel® Xeon® Scalable Processors, an iWARP RDMA network... <a aria-label="read more about Storage Spaces Direct on Intel® Xeon® Scalable Processors" href="https://blogs.technet.microsoft.com/filecab/2017/07/11/storage-spaces-direct-on-intel-xeon-processor-scalable-family-codename-purley/" class="read-more">Read more</a>]]></description> <content:encoded><![CDATA[Hello, Claus here again. As you have probably noticed by now, we have a great ongoing collaboration with Intel. In this blog post we are going to look at Windows Server 2016 <a href="http://aka.ms/spacesdirect">Storage Spaces Direct </a>on Intel’s latest and greatest hardware, which includes a new processor family, Intel® Xeon® Scalable Processors, an iWARP RDMA network adapter with the integrated Intel® Ethernet Connection X722, and “Intel® Optane™ Solid State Drives. We use a 4 node cluster, each node with configured with the following hardware: <ul> <li>Intel® Server System R2208WF</li> <li>2x Intel® Xeon® Platinum 8168 CPU (24cores @ 2.7Ghz)</li> <li>128GiB DDR4 DRAM</li> <li>2x 375GB Intel® Optane SSD DC P4800X (NVMe SSD)</li> <li>4x 1.2TB Intel® SSD DC S3610 SATA SSD</li> <li>Intel® Ethernet Connection X722 with 4x 10GbE iWARP RDMA</li> <li>BIOS configuration <ul> <li>C States disabled</li> <li>BIOS performance plan</li> <li>Turbo On</li> <li>HT On</li> </ul> </li> </ul> We deployed Windows Server 2016 Storage Spaces Direct and stood up <a href="https://github.com/Microsoft/diskspd/tree/master/Frameworks/VMFleet">VMFleet </a>with: <ul> <li>4x 3-copy mirror CSV volumes</li> <li>Cache configured for Read and Write</li> <li>24 VMs per node</li> <li>Each VM rate limited to 7,500 IOPS (similar to Azure P40 disk)</li> </ul> Each VM runs <a href="http://aka.ms/diskspd">DISKSPD</a>, with 4K IO size at 90% read and 10% write rate limited at 7,500IOPS. This produces a total IOPS of ~720K (4 * 24 * 7,500). <a href="https://msdnshared.blob.core.windows.net/media/2017/07/Purley_IOPS.png"><img width="874" height="134" class="aligncenter size-full wp-image-8105" alt="" src="https://msdnshared.blob.core.windows.net/media/2017/07/Purley_IOPS.png" /></a> Read IO is served at about 80 microseconds! This is significantly less than anything else we have seen before. Write IO is served at about 300 microseconds. The write latency is higher than read latency mostly due to network latency, as writes are mirrored in 3 copies to peer nodes in the cluster. <a href="https://msdnshared.blob.core.windows.net/media/2017/07/Purley_CPU.png"><img width="437" height="267" class="aligncenter size-full wp-image-8115" alt="" src="https://msdnshared.blob.core.windows.net/media/2017/07/Purley_CPU.png" /></a>   In addition, CPU consumption is less than 25%, which means there is plenty of headroom for applications to consume this storage performance. We are very excited to see these numbers and the value that the new generation of Intel Scalable Processors, Intel Optane DC SSD devices combined with the Intel Ethernet Connection X722 with 4x 10GbE iWARP RDMA adapter can deliver to our joint customers. Let me know what you think.   Until next time Claus ]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/filecab/2017/07/11/storage-spaces-direct-on-intel-xeon-processor-scalable-family-codename-purley/feed/</wfw:commentRss> <slash:comments>2</slash:comments> </item> <item> <title>SMB1 Product Clearinghouse</title> <link>https://blogs.technet.microsoft.com/filecab/2017/06/01/smb1-product-clearinghouse/</link> <comments>https://blogs.technet.microsoft.com/filecab/2017/06/01/smb1-product-clearinghouse/#comments</comments> <pubDate>Thu, 01 Jun 2017 17:04:22 +0000</pubDate> <dc:creator><![CDATA[NedPyle [MSFT]]]></dc:creator> <category><![CDATA[SMB]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/filecab/?p=8026</guid> <description><![CDATA[Hi folks, Ned here again. This blog post contains all products requiring SMB1, where the vendor explicitly states this in their own documentation or communications. This list is not complete and you should never treat it as complete; check back often. All products arranged in alphabetical order, by vendor, by product, with a URL to... <a aria-label="read more about SMB1 Product Clearinghouse" href="https://blogs.technet.microsoft.com/filecab/2017/06/01/smb1-product-clearinghouse/" class="read-more">Read more</a>]]></description> <content:encoded><![CDATA[Hi folks, <a href="https://twitter.com/nerdpyle">Ned</a> here again. This blog post contains all products requiring SMB1, where the vendor explicitly states this in their own documentation or communications. This list is not complete and you should never treat it as complete; check back often. All products arranged in alphabetical order, by vendor, by product, with a URL to their documentation stating SMB1 requirements. Vendor – Product – Documentation <ul> <li>Aerohive – HiveManager, HiveOS (domain join) – <a href="https://community.aerohive.com/aerohive/topics/unable-to-join-activedirectory-with-smbv1-disabled-on-domain-controller">https://community.aerohive.com/aerohive/topics/unable-to-join-activedirectory-with-smbv1-disabled-on-domain-controller</a></li> <li>Aruba – Clearpass, when using MSCHAP for domain join – <a href="https://community.arubanetworks.com/t5/Security/Clearpass-V6-6-2-SMB-version-supported/td-p/296384">https://community.arubanetworks.com/t5/Security/Clearpass-V6-6-2-SMB-version-supported/td-p/296384</a></li> <li>AVM – Fritz!Box – <a href="https://www.avforums.com/threads/windows-10-network-share-problem.2043190/page-2#post-23956280">https://www.avforums.com/threads/windows-10-network-share-problem.2043190/page-2#post-23956280</a></li> <li>Barracuda – SSL VPN – <a href="https://campus.barracuda.com/product/sslvpn/article/SSLVPN/CreateNetworkPlace/">https://campus.barracuda.com/product/sslvpn/article/SSLVPN/CreateNetworkPlace/</a></li> <li>Barracuda – Web Security Gateway backups – <a href="https://community.barracudanetworks.com/forums.php?url=/topic/29561-backup-via-smb/">https://community.barracudanetworks.com/forums.php?url=/topic/29561-backup-via-smb/</a></li> <li>Canon (& Océ) – Printers via “print to share” – <a href="https://support.usa.canon.com/kb/index?page=content&id=ART143573">https://support.usa.canon.com/kb/index?page=content&id=ART143573</a> & <a href="https://files.lfpp.csa.canon.com/media/Assets/PDFs/TSS/external/WF_PrintDrivers/Documentation/Oce_LF_Systems_Connectivity_information_for_Windows_environment_Administration_guide_en.GB.pdf">https://files.lfpp.csa.canon.com/media/Assets/PDFs/TSS/external/WF_PrintDrivers/Documentation/Oce_LF_Systems_Connectivity_information_for_Windows_environment_Administration_guide_en.GB.pdf</a></li> <li>Cisco – Web Security Appliance/WSAv – <a href="https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuo70696/?referring_site=bugquickviewredir">https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuo70696/?referring_site=bugquickviewredir</a> & <a href="https://supportforums.cisco.com/discussion/13295496/wsav-supports-smbv1-only">https://supportforums.cisco.com/discussion/13295496/wsav-supports-smbv1-only</a></li> <li>Cisco – Wide Area Application Services/WAAS 5.0 & older – <a href="http://www.cisco.com/c/en/us/td/docs/app_ntwk_services/waas/waas/v501/release/notes/ws501xrn.html">http://www.cisco.com/c/en/us/td/docs/app_ntwk_services/waas/waas/v501/release/notes/ws501xrn.html</a></li> <li>DataAccess – legacy Dataflex embedded DB (vendor also offers many alternative ways to not need SMB1) – <a href="http://www.dataaccess.com/KBasePublic/Files/2476.Tuning%20Microsoft%20Networks%20for%20the%20Legacy%20Embedded%20Database_PDF_FMT.PDF">http://www.dataaccess.com/KBasePublic/Files/2476.Tuning%20Microsoft%20Networks%20for%20the%20Legacy%20Embedded%20Database_PDF_FMT.PDF</a></li> <li>F5 – RDP client gateway, Microsoft Exchange Proxy – <a href="https://support.f5.com/csp/article/K55889450">https://support.f5.com/csp/article/K55889450</a></li> <li>Forcepoint (Raytheon) – “some Forcepoint products”, Content Gateway proxy authentication – <a href="https://support.forcepoint.com/KBArticle?id=000012832">https://support.forcepoint.com/KBArticle?id=000012832</a></li> <li>HP – Various printers (many do support SMB2) – <a href="http://h10032.www1.hp.com/ctg/Manual/c05547920">http://h10032.www1.hp.com/ctg/Manual/c05547920</a></li> <li>HPE – ArcSight (Legacy Unified Connector, not latest version) – <a href="https://community.saas.hpe.com/t5/ArcSight-Connectors/SmartConnector-for-Microsoft-Windows-Event-Log-Native/ta-p/1585123?attachment-id=59177">https://community.saas.hpe.com/t5/ArcSight-Connectors/SmartConnector-for-Microsoft-Windows-Event-Log-Native/ta-p/1585123?attachment-id=59177</a></li> <li>IBM – NetServer V7R2 or below – <a href="http://www-01.ibm.com/support/docview.wss?uid=nas8N1011878">http://www-01.ibm.com/support/docview.wss?uid=nas8N1011878</a></li> <li>IBM – QRadar Vulnerability Manager 7.2.x or below (7.3 has been updated) – <a href="http://www-01.ibm.com/support/docview.wss?uid=swg22004178">http://www-01.ibm.com/support/docview.wss?uid=swg22004178</a></li> <li>Infusion Business Software – Infusion (requires disabling SMB2) – <a href="https://www.infusionsoftware.co.nz/support/download-documentation/manuals-support-notes/infusion-software-upgrade-notes/streamFile">https://www.infusionsoftware.co.nz/support/download-documentation/manuals-support-notes/infusion-software-upgrade-notes/streamFile</a></li> <li>Lexmark – Firmware eSF 2.x & eSF 3.x MFPs (scan to network) – <a href="http://support.lexmark.com/index?page=content&id=FA716&locale=en&userlocale=EN_US">http://support.lexmark.com/index?page=content&id=FA716&locale=en&userlocale=EN_US</a></li> <li>Linux Kernel – CIFS client 2.5.42 to 3.5.x (3.7 added first SMB2 client implementation) – <a href="https://wiki.samba.org/index.php/LinuxCIFSKernel">https://wiki.samba.org/index.php/LinuxCIFSKernel</a></li> <li>McAfee – Web Gateway – <a href="https://kc.mcafee.com/corporate/index?page=content&id=KB89350">https://kc.mcafee.com/corporate/index?page=content&id=KB89350</a></li> <li>Microsoft – Windows XP, Windows Server 2003 (and older), Windows Embedded Standard 2009</li> <li>Mobotix – various products – <a href="https://www.mobotix.com/eng_GB/Support/User-Forum/Installation-Network/Windows-servers-%253E-SMB1-end-of-life-%253E-THIS-BEAKS-MOBOTIX-FUNCTIONALITY">https://www.mobotix.com/eng_GB/Support/User-Forum/Installation-Network/Windows-servers-%253E-SMB1-end-of-life-%253E-THIS-BEAKS-MOBOTIX-FUNCTIONALITY</a></li> <li>MYOB – Accountants Office & Accountants Enterprise (states requirement for disabling opportunistic locking, i.e. SMB1 behavior option)– <a href="https://www.myob.com/au/accountants-and-partners/support/minimum-system-requirements">https://www.myob.com/au/accountants-and-partners/support/minimum-system-requirements</a></li> <li>NetApp – Versions of ONTAP prior to 8.3.2P5, 9.0P1 & 9.1 require SMB1 for domain join (not client connections). ONTAP 8.3.2P5, 9.0P1, 9.1 can instead utilize SMB2 for domain join as well as client connections via SMB2 & 3, and ONTAP 9.2 allows for complete disabling of any SMB1 connections – <a href="http://mysupport.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=786189">http://mysupport.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=786189</a> & <a href="https://averageguyx.blogspot.com/2017/06/does-ontap-need-smb1-no.html?m=1">https://averageguyx.blogspot.com/2017/06/does-ontap-need-smb1-no.html?m=1 </a></li> <li>NetGear – ReadyNAS running less than OS6, RAIDiator – <a href="https://community.netgear.com/t5/Using-your-ReadyNAS/SMB-1-0-Given-Wanna-Cry/m-p/1283738#M129977">https://community.netgear.com/t5/Using-your-ReadyNAS/SMB-1-0-Given-Wanna-Cry/m-p/1283738#M129977</a> & <a href="https://kb.netgear.com/24923/ReadyNAS-OS-6-SMB-Plus-App">https://kb.netgear.com/24923/ReadyNAS-OS-6-SMB-Plus-App</a></li> <li>Oracle – Solaris 11.3 and older – <a href="http://docs.oracle.com/cd/E86824_01/html/E54775/smb-4.html">http://docs.oracle.com/cd/E86824_01/html/E54775/smb-4.html</a></li> <li>Pulse Secure – PCS devices running 8.1R9 / 8.2R4 and below or PPS devices running 5.1R9 / 5.3R4 and below – <a href="https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB40602/?q=smb&l=en_US&fs=Search&pn=1&atype=">https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB40602/?q=smb&l=en_US&fs=Search&pn=1&atype= </a></li> <li>QNAP – all storage devices using firmware lower than 4.1 – <a href="https://www.qnap.com/en-us/support/con_show.php?cid=11">https://www.qnap.com/en-us/support/con_show.php?cid=11</a> </li> <li>RedHat – RHEL 5, RHEL 6 domain join; earliest SMB2+ CIFS client documented is in RedHat 7.2 (<a href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.2_Release_Notes/file_systems.html">https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.2_Release_Notes/file_systems.html</a>); RedHat server provide by Samba, see Samba note below – <a href="https://access.redhat.com/solutions/3037961">https://access.redhat.com/solutions/3037961</a></li> <li>Ricoh (Ricoh/Savin/Gestetner/Lanier) – all MFP printers (supporting Scan to Folder, Fax Transmission backup to Folder, Fax Forwarding) except SP C220S / C222SF, SP C231SF / C232SF, SP C240SF / C242SF, SP C250SF / C252SF, SP 3400SF / 3410SF, SP 3000SF / 3510SF – <a href="https://msdnshared.blob.core.windows.net/media/2017/06/Announce-19-05-17-WannaCry-Ransomware-and-SMB-v1.0-exploit.pdf">Announce-19-05-17-WannaCry-Ransomware-and-SMB-v1.0-exploit</a></li> <li>RSA – Authentication Manager Server – https://community.rsa.com/thread/191171</li> <li>Samba – versions older than 3.5.0 (note: all supported versions of Samba support SMB2+, see <a href="https://wiki.samba.org/index.php/Samba_Release_Planning#Discontinued">https://wiki.samba.org/index.php/Samba_Release_Planning#Discontinued</a>) – <a href="https://wiki.samba.org/index.php/Samba_3.6_Features_added/changed#SMB2_support">https://wiki.samba.org/index.php/Samba_3.6_Features_added/changed#SMB2_support </a>& <a href="https://wiki.samba.org/index.php/Samba_3.5_Features_added/changed#Protocol_changes">https://wiki.samba.org/index.php/Samba_3.5_Features_added/changed#Protocol_changes</a></li> <li>Sharp – Subset of MFP printers (many do support SMB2 and 3) – <a href="https://msdnshared.blob.core.windows.net/media/2017/06/sharp2017.pdf">https://msdnshared.blob.core.windows.net/media/2017/06/sharp2017.pdf</a></li> <li>Sonos – Wireless speakers – <a href="https://en.community.sonos.com/setting-up-sonos-228990/sonos-support-for-smb-20-protocol-6739642/index1.html">https://en.community.sonos.com/setting-up-sonos-228990/sonos-support-for-smb-20-protocol-6739642/index1.html</a></li> <li>Sophos – Sophos UTM, Sophos XG firewall, Sophos Web Appliance – <a href="https://community.sophos.com/kb/en-us/126733">https://community.sophos.com/kb/en-us/126733</a> & <a href="https://community.sophos.com/kb/en-us/126757">https://community.sophos.com/kb/en-us/126757</a></li> <li>SUSE – SUSE Linux Enterprise Server 11 and older (note: 10 and older versions are unsupported, regardless) – <a href="https://www.suse.com/support/kb/doc/?id=7019892">https://www.suse.com/support/kb/doc/?id=7019892</a></li> <li>Synology – Diskstation Manager (management, not client connection) – <a href="https://www.synology.com/en-us/knowledgebase/DSM/tutorial/File_Sharing/Why_do_I_receive_an_error_message_when_trying_to_join_a_Windows_Domain_with_my_Synology_NAS">https://www.synology.com/en-us/knowledgebase/DSM/tutorial/File_Sharing/Why_do_I_receive_an_error_message_when_trying_to_join_a_Windows_Domain_with_my_Synology_NAS</a></li> <li>Thompson Reuters – CS Professional Suite – <a href="http://cs.thomsonreuters.com/ua/acct_pr/csa/cs_us_en/kb/how-to-disable-opportunistic-locking-or-file-caching.htm">http://cs.thomsonreuters.com/ua/acct_pr/csa/cs_us_en/kb/how-to-disable-opportunistic-locking-or-file-caching.htm</a></li> <li>Tintri – Tintri OS, Tintri Global Center – <a href="https://knowledge.tintri.com/Internal/KB_Drafts/FAQ_-Technical_Service_Bulletin_Document_No._TSB-05242017-01_–_Reduced_Severity">https://knowledge.tintri.com/Internal/KB_Drafts/FAQ_-Technical_Service_Bulletin_Document_No._TSB-05242017-01_–_Reduced_Severity</a></li> <li>VMware Vcenter VMware vCenter Server Appliance, VMware vRealize Automation Identity Appliance – <a href="https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=2134063&sliceId=1&docTypeID=DT_KB_1_1&dialogID=479220377&stateId=0">https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=2134063&sliceId=1&docTypeID=DT_KB_1_1&dialogID=479220377&stateId=0</a> (note: steps to configure SMB2 for VCenter, at least on latest versions, until VMware updates their KB – <a href="https://virtualizationnation.com/2017/04/17/enabling-vcenter-server-appliance-vcsa-to-use-smb2/">https://virtualizationnation.com/2017/04/17/enabling-vcenter-server-appliance-vcsa-to-use-smb2/</a>)</li> <li>VMware – Older than ESXI 6.0 – <a href="https://communities.vmware.com/message/2663902#2663902">https://communities.vmware.com/message/2663902#2663902</a> & <a href="https://communities.vmware.com/message/2668266#2668266">https://communities.vmware.com/message/2668266#2668266</a></li> <li>Worldox – Worldox GX3 DMS (SMB1 recommended but supports SMB2 under some circumstances; note that GX3 is end of life, per vendor) – <a href="https://knowledgebase.worldox.com/wp-content/uploads/2015/09/Worldox-and-SMB-White-Paper.pdf">https://knowledgebase.worldox.com/wp-content/uploads/2015/09/Worldox-and-SMB-White-Paper.pdf</a></li> <li>Xerox – SMB Workflow Scanning on printers not running ConnectKey Firmware, such as WC75XX models. Certain multifunction models – <a href="http://forum.support.xerox.com/t5/Copying-Faxing-Scanning/Xerox-Machines-and-SMBv2-V3-Scanning-Support/td-p/204802/highlight/true/page/2">http://forum.support.xerox.com/t5/Copying-Faxing-Scanning/Xerox-Machines-and-SMBv2-V3-Scanning-Support/td-p/204802/highlight/true/page/2</a> & <a href="https://www.xerox.com/download/security/white-paper/1bcfc-55251eec62dd0/Xerox-Product-SMB-Supported-Versions.pdf">https://www.xerox.com/download/security/white-paper/1bcfc-55251eec62dd0/Xerox-Product-SMB-Supported-Versions.pdf</a></li> </ul> To update this list, please email <a href="mailto:StillNeedsSMB1@microsoft.com">StillNeedsSMB1@microsoft.com</a> or tweet <a href="https://twitter.com/nerdpyle">@nerdpyle</a> with hashtag <a href="https://twitter.com/search?q=StillNeedsSMB1">#StillNeedsSMB1</a>. Adding a product to this list requires direct quote or documentation from the vendor of that product, including their website, knowledgebase, support forums, or other vendor channels; third party forums are not enough to qualify. Consult your vendor for updates and newer product versions that support at least SMB 2.02. If you are a vendor and wish to report requirements for SMB1 or if information above has changed, email <a href="mailto:StillNeedsSMB1@microsoft.com">StillNeedsSMB1@microsoft.com</a>. There are vendors who are not publishing their SMB1 requirements. It is up to you, their customer, to have them publish this information – Microsoft cannot make them do so. If a vendor does not state if they require SMB1 but you believe they do, please contact that vendor directly. If you need assistance getting a vendor response, email <a href="mailto:StillNeedsSMB1@microsoft.com">StillNeedsSMB1@microsoft.com</a> and we will try our best to assist. Politeness works best; the person you are speaking to at a vendor is extremely unlikely to have put SMB1 into the product & probably isn’t any happier about it than you are! For more information on why using SMB1 is unsafe, see <a href="https://aka.ms/StopUsingSMB1">StopUsingSMB1</a>. SMB1 has been deprecated for years and will be removed by default from many editions and SKUs of Windows 10 and Windows Server 2016 in the RS3 release. Important: if your vendor requires disabling SMB2 in order to force SMB1, they will also often require disabling oplocks. Disabling Oplocks is not recommended by Microsoft, but required by some older software, often due to using legacy database technology. Windows 10 RS3 and Windows Server 2016 RS3 allow a special oplock override workaround now for these scenarios – see <a href="https://twitter.com/NerdPyle/status/876880390866190336">https://twitter.com/NerdPyle/status/876880390866190336</a>. This is only a workaround – just like SMB1 oplock disable is only a workaround – and your vendor should update to not require it. Be safe out there, Ned Pyle, Principal Program Manager of the SMB protocol family at Microsoft ]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/filecab/2017/06/01/smb1-product-clearinghouse/feed/</wfw:commentRss> <slash:comments>18</slash:comments> </item> <item> <title>Work Folders updates for Windows 10 version 1703, Android and iOS</title> <link>https://blogs.technet.microsoft.com/filecab/2017/05/31/work-folders-updates-for-windows-10-version-1703-android-and-ios/</link> <comments>https://blogs.technet.microsoft.com/filecab/2017/05/31/work-folders-updates-for-windows-10-version-1703-android-and-ios/#respond</comments> <pubDate>Wed, 31 May 2017 23:20:18 +0000</pubDate> <dc:creator><![CDATA[Jeff Patterson - MSFT]]></dc:creator> <category><![CDATA[Information Worker]]></category> <category><![CDATA[Windows Server 2012 R2]]></category> <category><![CDATA[Windows Server 2016]]></category> <category><![CDATA[Work Folders]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/filecab/?p=7916</guid> <description><![CDATA[We’re excited to announce several improvements to the Work Folders clients for Windows 10 version 1703, Android and iOS: Remote users can securely access their files on the Work Folders server using Azure Active Directory Application Proxy Improved single sign on experience (fewer authentication prompts) when using Azure Active Directory Application Proxy Group policy setting... <a aria-label="read more about Work Folders updates for Windows 10 version 1703, Android and iOS" href="https://blogs.technet.microsoft.com/filecab/2017/05/31/work-folders-updates-for-windows-10-version-1703-android-and-ios/" class="read-more">Read more</a>]]></description> <content:encoded><![CDATA[We’re excited to announce several improvements to the Work Folders clients for Windows 10 version 1703, Android and iOS: <ul> <li>Remote users can securely access their files on the Work Folders server using Azure Active Directory Application Proxy</li> <li>Improved single sign on experience (fewer authentication prompts) when using Azure Active Directory Application Proxy</li> <li>Group policy setting to manage the Work Folders directory location on Windows devices</li> </ul> For more details, please review the sections below. <h3>Azure Active Directory Application Proxy Support</h3> Applies to: Windows 10 version 1703, Android and iOS Work Folders supports using VPN, Web Application Proxy (WAP) or a third-party reverse proxy solution to enable remote users access to their files on the Work Folders server. These remote access solutions require expensive hardware or additional on-premises servers that need to be managed. Work Folders now supports using Azure AD Application Proxy to enable remote users to securely access their files on the Work Folders server. Benefits of using Azure AD Application Proxy <ul> <li>It’s easier to manage and more secure than on-premises solutions because you don’t have to open any inbound connections through your firewall.</li> <li>When you publish Work Folders using Azure AD Application Proxy, you can take advantage of the rich authorization controls and security analytics in Azure.</li> <li>Improved single sign on experience, the Work Folders clients prompt less frequently for authentication.</li> </ul> To learn more about Azure AD Application Proxy, please see the following article: <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-application-proxy-get-started">How to provide secure remote access to on-premises applications</a> How to enable remote access to Work Folders using Azure Active Directory Application Proxy For more details on how to configure Work Folders access using Azure AD Application Proxy, please see the following blog: <a href="https://blogs.technet.microsoft.com/filecab/?p=7945">Enable remote access to Work Folders using Azure Active Directory Application Proxy </a> <h3>Token Broker Support </h3> Applies to: Windows 10 version 1703, Android and iOS A common complaint when using AD FS authentication is the remote user is prompted for credentials every 8 hours if the device is not registered with the AD FS server. To reduce the frequency of credential prompts, you can enable the Keep Me Signed In (KMSI) <a href="https://technet.microsoft.com/windows-server-docs/identity/ad-fs/operations/ad-fs-2016-single-sign-on-settings?f=255&MSPPError=-2147217396">feature</a> but the maximum single sign on period for a non-registered device is 7 days. To register the device, the user needs to use the Workplace Join <a href="https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/walkthrough--workplace-join-with-a-windows-device">feature</a>. To improve the user experience when using Azure AD Application Proxy, Work Folders now supports Token Broker which is an authentication broker that supports device registration. When using Token Broker with Azure AD Application Proxy for remote access, the client device can be registered in Azure AD when configuring the Work Folders client. Once the device is registered, device authentication will be used to access the Work Folders server. Device registration provides the following benefits: <ul> <li>Improved single sign on experience (less authentication prompts)</li> <li>Device-based conditional access</li> </ul> For more details on Azure Active Directory device registration, please see the following article on TechNet: <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-device-registration-overview">Get started with Azure Active Directory device registration</a> How to enable Token Broker To enable Token Broker on a Windows 10 version 1703 system, enable the “Enables the user of Token Broker for AD FS authentication” group policy setting which is located under User Configuration\Administrative Templates\Windows Components\Work Folders <a href="https://msdnshared.blob.core.windows.net/media/2017/05/TokenBrokerGP.png"><img width="500" height="161" class="alignnone size-mediumlarge wp-image-7925" alt="" src="https://msdnshared.blob.core.windows.net/media/2017/05/TokenBrokerGP-500x161.png" /></a> For Android and iOS devices, Token Broker will be used automatically when using Azure AD Application Proxy. Note: Token Broker is currently supported when using Azure AD Application Proxy for remote access. Using Token Broker with AD FS authentication may be supported in a future update. How to register devices using the Work Folders client When Token Broker is enabled on a Windows client, the user will be prompted to register their device in Azure AD when configuring the Work Folders client. If the Work Folders client is managed via group policy, the device is automatically registered in Azure AD. For devices (Android and iOS), the device is automatically registered when configuring the Work Folders client. <h3>Managing Work Folders client directory location using group policy </h3> Applies to: Windows 10 version 1703 A common request when managing Work Folders clients via group policy is to configure the Work Folders client directory location. How to configure the Work Folder client directory location using group policy On Windows 10 version 1703, a group policy setting “Work Folders Local Path” has been added to configure the Work Folders client directory location. This group setting is located under User Configuration\Administrative Templates\Windows Components\Work Folders\Specify Work Folders settings. <a href="https://msdnshared.blob.core.windows.net/media/2017/05/LocalPathGP.png"><img width="500" height="328" class="alignnone size-mediumlarge wp-image-7935" alt="" src="https://msdnshared.blob.core.windows.net/media/2017/05/LocalPathGP-500x328.png" /></a> Note: The Work Folders Local Path group policy setting applies to Windows 10 version 1607 and Windows 10 version 1703 systems. If the value is not defined, the client directory will be located under %userprofile%\Work Folders. <h4>Additional Resources</h4> <ul> <li><a href="https://technet.microsoft.com/en-us/windows-server-docs/storage/work-folders/work-folders-overview">Work Folders documentation on TechNet</a></li> <li><a href="https://blogs.technet.microsoft.com/filecab/tag/work-folders/">Work Folders blog on TechNet</a></li> </ul> ]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/filecab/2017/05/31/work-folders-updates-for-windows-10-version-1703-android-and-ios/feed/</wfw:commentRss> <slash:comments>0</slash:comments> </item> <item> <title>Enable remote access to Work Folders using Azure Active Directory Application Proxy</title> <link>https://blogs.technet.microsoft.com/filecab/2017/05/31/enable-remote-access-to-work-folders-using-azure-active-directory-application-proxy/</link> <comments>https://blogs.technet.microsoft.com/filecab/2017/05/31/enable-remote-access-to-work-folders-using-azure-active-directory-application-proxy/#respond</comments> <pubDate>Wed, 31 May 2017 23:19:19 +0000</pubDate> <dc:creator><![CDATA[Jeff Patterson - MSFT]]></dc:creator> <category><![CDATA[Information Worker]]></category> <category><![CDATA[Windows Server 2012 R2]]></category> <category><![CDATA[Windows Server 2016]]></category> <category><![CDATA[Work Folders]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/filecab/?p=7945</guid> <description><![CDATA[We’re excited to announce Work Folders now supports using Azure Active Directory Application Proxy to enable remote users to securely access their files on the Work Folders server. Work Folders supports using VPN, Web Application Proxy (WAP) or a third-party reverse proxy solution to enable remote users access to their files on the Work Folders... <a aria-label="read more about Enable remote access to Work Folders using Azure Active Directory Application Proxy" href="https://blogs.technet.microsoft.com/filecab/2017/05/31/enable-remote-access-to-work-folders-using-azure-active-directory-application-proxy/" class="read-more">Read more</a>]]></description> <content:encoded><![CDATA[We’re excited to announce Work Folders now supports using Azure Active Directory Application Proxy to enable remote users to securely access their files on the Work Folders server. Work Folders supports using VPN, Web Application Proxy (WAP) or a third-party reverse proxy solution to enable remote users access to their files on the Work Folders server. These remote access solutions require expensive hardware or additional on-premises servers that need to be managed. Benefits of using Azure AD Application Proxy <ul> <li>It’s easier to manage and more secure than on-premises solutions because you don’t have to open any inbound connections through your firewall.</li> <li>When you publish Work Folders using Azure AD Application Proxy, you can take advantage of the rich authorization controls and security analytics in Azure.</li> <li>Improved single sign on experience, the Work Folders clients prompt less frequently for authentication</li> </ul> To learn more about Azure Active Directory Application Proxy, please see the following article: <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-application-proxy-get-started">How to provide secure remote access to on-premises applications</a> To enable Work Folders access using Azure AD Application proxy, please follow the steps below. <h3>Prerequisites</h3> Before you can enable Work Folders access using Azure AD Application Proxy, you need to have: <ul> <li>A <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-editions">Microsoft Azure AD basic or premium subscription</a> and an Azure AD directory for which you are a global administrator</li> <li>An Active Directory Domain Services forest with Windows Server 2012 R2 schema extensions</li> <li>Your on-premises Active Directory user accounts are synchronized to Azure AD using <a href="https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-whatis">Azure AD Connect</a> <ul> <li>Note: <a href="https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-feature-device-writeback">Device writeback</a> should be enabled if using conditional access</li> </ul> </li> <li>A Work Folders server running Windows Server 2012 R2 or Windows Server 2016 <ul> <li>See <a href="https://docs.microsoft.com/en-us/windows-server/storage/work-folders/deploy-work-folders">Deploying Work Folders</a> on TechNet to configure the Work Folders server and sync shares</li> </ul> </li> <li>A server running Windows Server 2012 R2 or higher on which you can install the Application Proxy Connector</li> <li>A Windows 10 version 1703, Android or iOS client</li> </ul> <h3>Overview of the steps required to enable Work Folders access using Azure AD Application proxy</h3> High-level overview of the steps required: <ol> <li>Create a Work Folders proxy application in Azure AD and give users access.</li> <li>Create a Work Folders native application in Azure AD.</li> <li>Install the Application Proxy Connector on an on-premises server.</li> <li>Verify the Application Proxy Connector status.</li> <li>Verify the Work Folders server is configured to use Integrated Windows Authentication.</li> <li>Create an SPN for the Work Folders server.</li> <li>Configure constrained delegation for the App Proxy Connector server.</li> <li>Optional: Install the Work Folders certificate on the App Proxy Connector server.</li> <li>Optional: Enable Token Broker for Windows 10 version 1703 clients.</li> <li>Configure a Work Folders client to use the Azure AD App Proxy URL.</li> </ol> <h3>Create a Work Folders proxy application in Azure AD and give users access</h3> <ol> <li>Sign in to <a href="https://portal.azure.com">Azure</a> with your global administrator account.</li> <li>Select Azure Active Directory, click Switch Directory and then select the directory that will be used for the Work Folders proxy application.</li> <li>Click Enterprise applications and then click New application.</li> <li>On the Categories page, click All and then click On-premises application.</li> <li>On the Add your own on-premises application page, enter the following and click Add:</li> </ol> <ul> <li>Name = You can choose any name. For this example, we’ll use Work Folders Proxy</li> <li>Internal URL = https://workfolders.domain.com <ul> <li>Note: This value should match the internal URL of your Work Folders server. If workfolders.domain.com is used for the internal URL, a workfolders CNAME record must exist in DNS.</li> </ul> </li> <li>External URL = The URL is auto-populated based on the application name but can be changed <ul> <li>Note or write down the External URL. This URL will be used by the Work Folders client to access the Work Folders server.</li> </ul> </li> <li>Pre Authentication = Azure Active Directory</li> <li>Translate URL in Headers = Yes</li> <li>Backend Application Timeout = Default</li> <li>Connector Group = Default</li> </ul> Example <a href="https://msdnshared.blob.core.windows.net/media/2017/05/AppProxyCreation.png"><img width="440" height="350" class="alignnone size-mediumlarge wp-image-7955" alt="" src="https://msdnshared.blob.core.windows.net/media/2017/05/AppProxyCreation-440x350.png" /></a> <ol start="6"> <li>Click OK to the notification that no connectors are configured (will be done in a later step)</li> <li>On the Work Folders Proxy enterprise application page, click Single sign-on.</li> <li>Change Mode to Integrated Windows Authentication.</li> <li>In the Internal Application SPN field, enter http/workfolders.domain.com <ul> <li>Note: This value should match the FQDN of your Work Folders server</li> </ul> </li> <li>Click Save to save the changes.</li> <li>On the Work Folders Proxy enterprise application page, click Users and groups.</li> <li>Click Add user, select the users and groups that can access the Work Folders proxy application and click Assign.</li> </ol> Note: If you have multiple Work Folders servers, you need to create a proxy application for each Work Folders server (repeat steps 1-12). <h3>Create a Work Folders native application in Azure AD</h3> <ol> <li>In the <a href="https://portal.azure.com/">Azure</a> portal, click Azure Active Directory and verify the directory that was used to create the Work Folders proxy application is selected.</li> <li>Click App registrations and then click New application registration.</li> <li>On the Create page, enter the following and click Create:</li> </ol> <ul> <li>Name = You can choose any name. For this example, we’ll use Work Folders Native</li> <li>Application Type = Native</li> <li>Redirect URI = <a href="https://168f3ee4-63fc-4723-a61a-6473f6cb515c/redir">https://168f3ee4-63fc-4723-a61a-6473f6cb515c/redir</a></li> </ul> Example <a href="https://msdnshared.blob.core.windows.net/media/2017/05/NativeAppCreation.png"><img width="289" height="173" class="alignnone size-full wp-image-7956" alt="" src="https://msdnshared.blob.core.windows.net/media/2017/05/NativeAppCreation.png" /></a> <ol start="4"> <li>On the App registrations page, click Work Folders Native.</li> <li>Select Redirect URIS under Settings, add the following URIs one at a time and click Save:</li> </ol> <ul> <li>msauth://code/x-msauth-msworkfolders%3A%2F%2Fcom.microsoft.workfolders</li> <li>x-msauth-msworkfolders://com.microsoft.workfolders</li> <li>msauth://com.microsoft.workfolders/Cb61uxHImS0Da29PGZyTdl9APp0%3D</li> <li>ms-appx-web://microsoft.aad.brokerplugin/* <ul> <li>Replace * with the Application ID that is listed for the Work Folders Native application. If the Application ID is 3996076e-7ec2-4e87-a57f-5a69b7aa8865, the URI should be ms-appx-web://microsoft.aad.brokerplugin/3996076e-7ec2-4e87-a57f-5a69b7aa8865</li> </ul> </li> </ul> Example <a href="https://msdnshared.blob.core.windows.net/media/2017/05/RedirectURIs.png"><img width="500" height="240" class="alignnone size-mediumlarge wp-image-7957" alt="" src="https://msdnshared.blob.core.windows.net/media/2017/05/RedirectURIs-500x240.png" /></a> <ol start="6"> <li>Select Required permissions under Settings.</li> <li>Click Windows Azure Active Directory, grant the following permissions and click Save:</li> </ol> <ul> <li>Sign in and read user profile</li> <li>Access the directory as the signed-in user</li> </ul> <ol start="8"> <li>Under Required permissions, click Add, click Select an API, select Windows Azure Service Management API and click Select.</li> <li>On the Select Permissions for Windows Azure Service Management API page, grant the following permission, click Select and then click Done:</li> </ol> <ul> <li>Access Azure Service Management as organization users</li> </ul> <ol start="10"> <li>Under Required permissions, click Add, click Select an API, in the search box type Work Folders Proxy (or the name of the Work Folders proxy application).</li> <li>Click Work Folders Proxy and then click Select.</li> <li>On the Select Permissions for Work Folders Proxy page, grant the following permission, click Select and then click Done:</li> </ol> <ul> <li>Access Work Folders Proxy</li> </ul> Note: If you have multiple Work Folders servers and you created multiple Work Folders proxy applications, please repeat the steps above to give the Work Folders native application access to all Work Folders proxy applications. <ol start="13"> <li>Verify the following applications are listed under the Required Permissions section:</li> </ol> <a href="https://msdnshared.blob.core.windows.net/media/2017/05/Native_Permissions.png"><img width="500" height="217" class="alignnone size-mediumlarge wp-image-8065" alt="" src="https://msdnshared.blob.core.windows.net/media/2017/05/Native_Permissions-500x217.png" /></a> <h3>Install the Application Proxy Connector on an on-premises server</h3> <ol> <li>In the <a href="https://portal.azure.com/">Azure</a> portal, click Azure Active Directory and verify the directory that was used to create the Work Folders proxy application is selected.</li> <li>Click Application proxy.</li> <li>Click Enable application proxy if not enabled.</li> <li>Click Download connector and follow the steps to download the AADApplicationProxyConnectorInstaller.exe package.</li> <li>Copy the AADApplicationProxyConnectorInstaller.exe installer package to the server that will run the Application Proxy Connector.</li> <li>Run the AADApplicationProxyConnectorInstaller.exe installer package on the Application Proxy Connector server.</li> <li>Follow the instructions to complete the installation.</li> </ol> To learn more about the Application Proxy Connector and the outbound network ports that are required, please see the following article: <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-application-proxy-enable">Get started with Application Proxy and install the connector</a> <h3>Verify the Application Proxy Connector status</h3> <ol> <li>In the <a href="https://portal.azure.com/">Azure</a> portal, click Azure Active Directory and verify the directory that was used to create the Work Folders proxy application is selected.</li> <li>Click Application proxy.</li> <li>In the Connector groups and connectors section, verify the connector is listed and the status is Active.</li> </ol> <h3>Verify the Work Folders server is configured to use Integrated Windows Authentication</h3> The Work Folders server is configured by default to use Integrated Windows Authentication. To verify the server is configured properly, perform the following steps: <ol> <li>On the Work Folders server, open Server Manager.</li> <li>Click File and Storage Services, click Servers, and then select your Work Folders server in the list.</li> <li>Right-click the server name and click Work Folders Settings.</li> <li>Click Windows Authentication (if not selected) and click OK.</li> </ol> Note: If the Work Folders environment is currently configured to use ADFS authentication, changing the authentication method from ADFS to Windows Authentication will cause existing users to fail to authenticate. To resolve this issue, the Work Folders clients will need to be re-configured to use the Work Folders proxy application URL or create another Work Folders server that will be used for Azure AD Application Proxy. <h3>Create an SPN for the Work Folders server</h3> <ol> <li>On a domain controller, open an elevated command prompt.</li> <li>Type the following command and hit enter:</li> </ol> setspn -S http/workfolders.domain.com servername Example: setspn -S http/workfolders.contoso.com 2016-wf In the example above, the FQDN for the work folders server is workfolders.contoso.com and Work Folders server name is 2016-wf. Note: The SPN value entered using the setspn command must match the SPN value entered in the Work Folders proxy application in the Azure portal. Example <a href="https://msdnshared.blob.core.windows.net/media/2017/05/ApplicationSPN.png"><img width="368" height="37" class="alignnone size-full wp-image-7975" alt="" src="https://msdnshared.blob.core.windows.net/media/2017/05/ApplicationSPN.png" /></a> <h3>Configure constrained delegation for the App Proxy Connector server</h3> <ol> <li>On a domain controller, open Active Directory Users and Computers.</li> <li>Locate the computer the connector is running on (example: 2016-appc).</li> <li>Double-click the computer and then click the Delegation tab.</li> <li>Select Trust this computer for delegation to the specified services only and then select Use any authentication protocol.</li> <li>Click Add, click Users or Computers, enter the Work Folders sever name and click OK.</li> <li>In the Add Services window, select the SPN that was created and click OK,</li> <li>Verify the SPN was added and click OK.</li> </ol> <a href="https://msdnshared.blob.core.windows.net/media/2017/05/Delegation.png"><img width="471" height="279" class="alignnone size-full wp-image-7985" alt="" src="https://msdnshared.blob.core.windows.net/media/2017/05/Delegation.png" /></a> <h3>Optional: Install the Work Folders certificate on the App Proxy Connector server</h3> You can skip this section if you’re not using a self-signed certificate on the Work Folders server. If the Work Folders server is using a self-signed certificate, you need to export the certificate on the Work Folders server and import the certificate on the App Proxy Connector server. This step is necessary for the App Proxy Connector server to communicate with the Work Folders server. To export the certificate on the Work Folders server, follow these steps: <ol> <li>Right-click Start, and then click Run.</li> <li>Type MMC, and then click OK.</li> <li>On the File menu, click Add/Remove Snap-in.</li> <li>In the Available snap-ins list, select Certificates, and then click Add. The Certificates Snap-in Wizard starts.</li> <li>Select Computer account, and then click Next.</li> <li>Select Local computer: (the computer this console is running on), and then click Finish.</li> <li>Click OK.</li> <li>Expand the folder Console Root\Certificates(Local Computer)\Personal\Certificates.</li> <li>Right-click the Work Folders certificate, click All Tasks, and then click Export.</li> <li>The Certificate Export Wizard opens. Select Yes, export the private key.</li> <li>On the Export File Format page, leave the default options selected, and click Next.</li> <li>Create a password for the certificate. This is the password that you’ll use later when you import the certificate to other devices. Click Next.</li> <li>Enter a location and name for the certificate, and then click Finish.</li> </ol> To import the certificate on the App Proxy Connector server, follow these steps: <ol> <li>Right-click Start, and then click Run.</li> <li>Type MMC, and then click OK.</li> <li>On the File menu, click Add/Remove Snap-in.</li> <li>In the Available snap-ins list, select Certificates, and then click Add. The Certificates Snap-in Wizard starts.</li> <li>Select Computer account, and then click Next.</li> <li>Select Local computer: (the computer this console is running on), and then click Finish.</li> <li>Click OK.</li> <li>Expand the folder Console Root\Certificates(Local Computer)\Trusted Root Certification Authorities\Certificates.</li> <li>Right-click Certificates, click All Tasks, and then click Import.</li> <li>Browse to the folder that contains the Work Folders certificate, and follow the instructions in the wizard to import the file and place it in the Trusted Root Certification Authorities store.</li> </ol> <h3>Optional: Enable Token Broker for Windows 10 version 1703 clients</h3> Token Broker is an authentication broker that supports device registration. When using Token Broker with Azure AD Application Proxy for remote access, the client device can be registered in Azure AD when configuring the Work Folders client. Once the device is registered, device authentication will be used to access the Work Folders server. Device registration provides the following benefits: <ul> <li>Improved single sign on experience (fewer authentication prompts)</li> <li>Device-based conditional access</li> </ul> How to enable Token Broker To enable Token Broker on a Windows 10 version 1703 system, enable the “Enables the user of Token Broker for AD FS authentication” group policy setting which is located under User Configuration\Administrative Templates\Windows Components\Work Folders. <a href="https://msdnshared.blob.core.windows.net/media/2017/05/TBGP.png"><img width="500" height="161" class="alignnone size-mediumlarge wp-image-7995" alt="" src="https://msdnshared.blob.core.windows.net/media/2017/05/TBGP-500x161.png" /></a> For Android and iOS devices, Token Broker will be used automatically when using Azure AD Application Proxy. How to register devices using the Work Folders client When Token Broker is enabled on a Windows client, the user will be prompted to register their device in Azure AD when configuring the Work Folders client. If the Work Folders client is managed via group policy, the device is automatically registered in Azure AD. For devices (Android and iOS), the device is automatically registered when configuring the Work Folders client. <h3>Configure a Work Folders client to use the Azure App Proxy URL</h3> How to configure a Windows 10 version 1703 client to use the Azure AD App Proxy URL: <ol> <li>On the client machine, open the Control Panel and click Work Folders.</li> <li>Click Set up Work Folders.</li> <li>On the Enter your work email address page, click Enter a Work Folders URL instead and enter the Work Folders application proxy URL (e.g., <a href="https://workfolders-contoso.msappproxy.net">https://workfolders-contoso.msappproxy.net</a>), and then click Next. <ul> <li>Note: The Work Folders application proxy URL is listed as External URL in the Azure portal when you view the Work Folders proxy application settings.</li> </ul> </li> <li>Enter your credentials and click Sign in.</li> <li>After you have authenticated, the Introducing Work Folders page is displayed, where you can optionally change the Work Folders directory location. Click Next.</li> <li>On the Security Policies page, check I accept these policies on my PC and click Set up Work Folders.</li> <li>A message is displayed stating that Work Folders has started syncing with your PC. Click Close.</li> </ol> How to configure an Android or iOS client to use the Azure App Proxy URL: <ol> <li>Install the Work Folders app from the Google Play Store or Apple App Store.</li> <li>Open the Work Folders app and then click Continue.</li> <li>Click Enter a Work Folders URL Instead.</li> <li>Enter the Work Folders application proxy URL (e.g., <a href="https://workfolders-contoso.msappproxy.net">https://workfolders-contoso.msappproxy.net</a>), and then click Continue.</li> <li>Click Launch Web Site, enter your credentials and click Sign In.</li> <li>Add a passcode for the Work Folders application.</li> <li>Work Folders will start syncing your files to your device.</li> </ol> <h3>Troubleshooting</h3> If you experience an issue when configuring or using a Work Folders client, please see our troubleshooting guide: <a href="https://social.technet.microsoft.com/wiki/contents/articles/38066.how-to-troubleshoot-remote-access-to-work-folders-using-azure-ad-application-proxy.aspx">How to troubleshoot remote access to Work Folders using Azure AD Application Proxy</a> <h3>Additional Resources</h3> <ul> <li><a href="https://technet.microsoft.com/en-us/windows-server-docs/storage/work-folders/work-folders-overview">Work Folders overview</a></li> <li><a href="https://blogs.technet.microsoft.com/filecab/tag/work-folders/">Work Folders blog on TechNet</a></li> <li><a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-application-proxy-get-started">Azure AD Application Proxy overview</a></li> <li><a href="https://blogs.technet.microsoft.com/applicationproxyblog/2016/08/16/network-topology-considerations-when-using-azure-ad-application-proxy/">Azure AD Application Proxy blog on TechNet</a></li> <li><a href="https://blogs.technet.microsoft.com/applicationproxyblog/2016/08/16/network-topology-considerations-when-using-azure-ad-application-proxy/">Network topology considerations when using Azure AD Application Proxy</a></li> <li><a href="https://www.microsoft.com/en-us/cloud-platform/microsoft-intune-apps">Management with Microsoft Intune</a></li> </ul> ]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/filecab/2017/05/31/enable-remote-access-to-work-folders-using-azure-active-directory-application-proxy/feed/</wfw:commentRss> <slash:comments>0</slash:comments> </item> <item> <title>To RDMA, or not to RDMA – that is the question</title> <link>https://blogs.technet.microsoft.com/filecab/2017/03/27/to-rdma-or-not-to-rdma-that-is-the-question/</link> <comments>https://blogs.technet.microsoft.com/filecab/2017/03/27/to-rdma-or-not-to-rdma-that-is-the-question/#comments</comments> <pubDate>Mon, 27 Mar 2017 20:56:31 +0000</pubDate> <dc:creator><![CDATA[clausjor]]></dc:creator> <category><![CDATA[Software Defined Storage]]></category> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[Windows Server 2016]]></category> <category><![CDATA[Storage Spaces Direct]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/filecab/?p=7905</guid> <description><![CDATA[Hello, Claus here again. By now, you have probably seen some of my blogs and demos on Storage Spaces Direct performance. One of Storage Spaces Direct’s advantages is RDMA networking support that lowers latency and reduces CPU consumption. I often get the question “Is RDMA required for Storage Spaces Direct”. The answer to this question... <a aria-label="read more about To RDMA, or not to RDMA – that is the question" href="https://blogs.technet.microsoft.com/filecab/2017/03/27/to-rdma-or-not-to-rdma-that-is-the-question/" class="read-more">Read more</a>]]></description> <content:encoded><![CDATA[Hello, Claus here again. By now, you have probably seen some of my blogs and demos on Storage Spaces Direct performance. One of Storage Spaces Direct’s advantages is <a href="https://en.wikipedia.org/wiki/Remote_direct_memory_access">RDMA</a> networking support that lowers latency and reduces CPU consumption. I often get the question “Is RDMA required for Storage Spaces Direct”. The answer to this question is: no. We support plain-old <a href="https://en.wikipedia.org/wiki/Ethernet">Ethernet</a> as long as it’s 10GbE or better. But let’s look a bit deeper. Recently we did a performance investigation on new hardware, comparing it with an in-market offering (more about that in another post). We ran the tests with RDMA enabled and RDMA disabled (Ethernet mode), which provided the data for this post. For this investigation, we used <a href="https://github.com/Microsoft/diskspd">DISKSPD</a> with the following configuration: <ul> <li><a href="https://github.com/Microsoft/diskspd">DISKSPD</a> version 2.0.17 <ul> <li>4K IO</li> <li>70:30 read/write mix</li> <li>10 threads, each thread at queue depth 4 (40 total)</li> <li>A 10GiB file per thread (“a modest VHDX”) for a total of 100GiB</li> </ul> </li> </ul> We used the following hardware configuration: <ul> <li>4 node cluster <ul> <li>Intel S2600WT Platform</li> <li>2x E5-2699v4 CPU (22c44t 2.2Ghz)</li> <li>128GiB DDR4 DRAM</li> <li>4x Intel P3700 NVMe per node</li> <li>Mellanox CX3 Pro 40Gb, dual port connected, RoCE v2</li> <li>C States disabled, OS High Performance, BIOS Performance Plan, Turbo/HT on</li> </ul> </li> <li>Software configuration <ul> <li>Windows Server 2016 with January roll-up package</li> <li>No cache drive configuration</li> <li>3-copy mirror volume</li> </ul> </li> </ul> We are by no means driving this system hard, which is on purpose since we want to show the delta between RDMA and non-RDMA under a reasonable workload and not at the edge of what the system can do. <table width="887"> <tbody> <tr> <td width="196">Metric</td> <td width="156"> RDMA </td> <td width="140"> TCP/IP </td> <td width="146"> RDMA advantage </td> </tr> <tr> <td width="196">IOPS</td> <td width="156"> 185,500 </td> <td width="140"> 145,500 </td> <td width="146"> 40,000 additional IOPS with the same workload. </td> </tr> <tr> <td width="196">IOPS/%kernel CPU</td> <td width="156"> 16,300 </td> <td width="140"> 12,800 </td> <td width="146"> 3,500 additional IOPS per percent CPU consumed. </td> </tr> <tr> <td width="196">90th percentile write latency</td> <td width="156"> 250µs </td> <td width="140"> 390µs </td> <td width="146"> 140µs (~36%) </td> </tr> <tr> <td width="196">90th percentile read latency</td> <td width="156"> 260µs </td> <td width="140"> 360µs </td> <td width="146"> 100µs (28%) </td> </tr> </tbody> </table> I think there are two key take-away’s from this data: <ol> <li>Use RDMA if you want the absolute best performance. RDMA significantly boosts performance. In this test, it shows 28% more IOPS. This is realized by the reduced IO latency provided by RDMA. It also shows that RDMA is more CPU efficient (27%), leaving CPU to run more VMs.</li> <li>TCP/IP is no slouch, and absolutely a viable deployment option. While not quite as fast and efficient as RDMA, TCP/IP provides solid performance and is well suited for organizations without the expertise needed for RDMA. </li> </ol> Let me know what you think. Until next time Claus   ]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/filecab/2017/03/27/to-rdma-or-not-to-rdma-that-is-the-question/feed/</wfw:commentRss> <slash:comments>9</slash:comments> </item> <item> <title>Storage Spaces Direct with Intel® Optane™ SSD DC P4800X</title> <link>https://blogs.technet.microsoft.com/filecab/2017/03/19/storage-spaces-direct-with-intel-optane-ssd-dc-p4800x/</link> <comments>https://blogs.technet.microsoft.com/filecab/2017/03/19/storage-spaces-direct-with-intel-optane-ssd-dc-p4800x/#comments</comments> <pubDate>Sun, 19 Mar 2017 17:00:27 +0000</pubDate> <dc:creator><![CDATA[clausjor]]></dc:creator> <category><![CDATA[SDS]]></category> <category><![CDATA[Software Defined Storage]]></category> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[Windows Server 2016]]></category> <category><![CDATA[Storage Spaces Direct]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/filecab/?p=7865</guid> <description><![CDATA[Hello, Claus here again. Today Intel is announcing the Intel Optane SSD DC P4800X device family, and of course Windows Server 2016 Storage Spaces Direct will support this device. The P4800X device promises better latency and better endurance, so we took these devices for a spin in a Storage Spaces Direct configuration, comparing them to the... <a aria-label="read more about Storage Spaces Direct with Intel® Optane™ SSD DC P4800X" href="https://blogs.technet.microsoft.com/filecab/2017/03/19/storage-spaces-direct-with-intel-optane-ssd-dc-p4800x/" class="read-more">Read more</a>]]></description> <content:encoded><![CDATA[Hello, Claus here again. Today Intel is announcing the Intel Optane SSD DC P4800X device family, and of course Windows Server 2016 Storage Spaces Direct will support this device. The P4800X device promises better latency and better endurance, so we took these devices for a spin in a Storage Spaces Direct configuration, comparing them to the P3700 devices: <ul> <li>Hardware Platform <ul> <li>4 Intel® Server Systems S2600WT</li> <li>2x Intel® Xeon® E5-2699 v4 @ 2.2 GHz (22c44t)</li> <li>128 GB Memory</li> <li>Mellanox ConnectX®-3 Pro 40GbE</li> </ul> </li> <li>Storage config #1 <ul> <li>4x 800GB Intel® P3700 NVMe SSD</li> <li>20x 1.2TB Intel® S3610 SATA SSD</li> </ul> </li> <li>Storage config #2 <ul> <li>2x 375GB Intel® P4800X NVMe SSD</li> <li>20x 1.2TB Intel® S3610 SATA SSD</li> </ul> </li> </ul> Notice that we have half the devices and a quarter the capacity for the Intel™ Optane™ P4800X device. The software and workload configuration were: <ul> <li> Software configuration <ul> <li>Single pool</li> <li>4x 2TB 3-copy mirror volume</li> <li>ReFS/CSVFS file system</li> <li>176 VM (44 VMs per server)</li> <li>1 virtual core and 1.75 GB RAM</li> </ul> </li> <li>Workload configuration <ul> <li>DISKSPD workload generator</li> <li>VMFleet workload orchestrator</li> <li>Each VM with <ul> <li>4K IO size</li> <li>10GB working set</li> <li>90% read and 10% write mix</li> <li>Storage QoS used to control IOPS / VM</li> </ul> </li> </ul> </li> </ul> The test results are captured in the diagram below: <a href="https://msdnshared.blob.core.windows.net/media/2017/03/OptaneResults.png"><img width="752" height="452" class="aligncenter size-full wp-image-7875" alt="optaneresults" src="https://msdnshared.blob.core.windows.net/media/2017/03/OptaneResults.png" /></a>   The first observation is that we see a 90µs latency improvement across the board from low IOPS to high IOPS. This pretty much aligns with the latency improvements in the device itself, and notice how the improvement is realized at the top of the storage stack in a fully resilient storage configuration. This means that customers can realize the latency improvements provided by the P4800X device in their Storage Spaces Direct deployments. The second observation is that we see the same CPU utilization at 880K IOPS (throttled by Storage QoS), with 258µs latency on the P4800X devices vs 344µs latency on the P3700 devices, meaning that Storage Spaces Direct customers can realize the latency improvements without any additional CPU consumption. Let me know what you think. Until next time Claus     ]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/filecab/2017/03/19/storage-spaces-direct-with-intel-optane-ssd-dc-p4800x/feed/</wfw:commentRss> <slash:comments>1</slash:comments> </item> <item> <title>Survey: File Server Sizing</title> <link>https://blogs.technet.microsoft.com/filecab/2017/03/15/survey-file-server-usage/</link> <comments>https://blogs.technet.microsoft.com/filecab/2017/03/15/survey-file-server-usage/#respond</comments> <pubDate>Wed, 15 Mar 2017 17:35:46 +0000</pubDate> <dc:creator><![CDATA[Will Gries]]></dc:creator> <category><![CDATA[Survey]]></category> <category><![CDATA[Windows Server 2008 R2]]></category> <category><![CDATA[Windows Server 2012]]></category> <category><![CDATA[Windows Server 2012 R2]]></category> <category><![CDATA[Windows Server 2016]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/filecab/?p=7876</guid> <description><![CDATA[Hi folks, To prioritize and plan for investments in vNext experiences for Windows Server, we could use input from you! We would like to understand more about how you are utilizing Windows File Server, especially as it relates to the size of your datasets. This survey should take approximately 2-5 minutes to complete. We appreciate... <a aria-label="read more about Survey: File Server Sizing" href="https://blogs.technet.microsoft.com/filecab/2017/03/15/survey-file-server-usage/" class="read-more">Read more</a>]]></description> <content:encoded><![CDATA[Hi folks, To prioritize and plan for investments in vNext experiences for Windows Server, we could use input from you! We would like to understand more about how you are utilizing Windows File Server, especially as it relates to the size of your datasets. This survey should take approximately 2-5 minutes to complete. We appreciate your feedback! <a href="https://www.surveymonkey.com/r/6C3CD3Y" style="font-weight:bold;font-size:30px;color:blue;text-decoration:underline">Click here to take our survey!</a> Thanks, The Windows Server Storage Team ]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/filecab/2017/03/15/survey-file-server-usage/feed/</wfw:commentRss> <slash:comments>0</slash:comments> </item> <item> <title>Storage Spaces Direct throughput with iWARP</title> <link>https://blogs.technet.microsoft.com/filecab/2017/03/13/storage-spaces-direct-throughput-with-iwarp/</link> <comments>https://blogs.technet.microsoft.com/filecab/2017/03/13/storage-spaces-direct-throughput-with-iwarp/#comments</comments> <pubDate>Mon, 13 Mar 2017 17:02:52 +0000</pubDate> <dc:creator><![CDATA[clausjor]]></dc:creator> <category><![CDATA[Software Defined Storage]]></category> <category><![CDATA[Windows Server 2016]]></category> <category><![CDATA[failover clustering]]></category> <category><![CDATA[S2D]]></category> <category><![CDATA[Storage Spaces Direct]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/filecab/?p=7835</guid> <description><![CDATA[Hello, Claus here again. It has been a while since I last posted here and a few things have changed since last time. Windows Server has been moved into the Windows and Devices Group, we have moved to a new building with a better café, but a worse view ��. On a personal note, I... <a aria-label="read more about Storage Spaces Direct throughput with iWARP" href="https://blogs.technet.microsoft.com/filecab/2017/03/13/storage-spaces-direct-throughput-with-iwarp/" class="read-more">Read more</a>]]></description> <content:encoded><![CDATA[Hello, Claus here again. It has been a while since I last posted here and a few things have changed since last time. Windows Server has been moved into the Windows and Devices Group, we have moved to a new building with a better café, but a worse view <img src="https://s.w.org/images/core/emoji/2.2.1/72x72/1f60a.png" alt="��" class="wp-smiley" style="height: 1em; max-height: 1em;" />. On a personal note, I can be seen waddling the hallways as I have had foot surgery. At Microsoft Ignite 2016 I did a demo at the 28-minute mark as part of the <a href="https://myignite.microsoft.com/videos/3199">Meet Windows Server 2016 and System Center 2016</a> session. I showed how Storage Spaces Direct can deliver massive amounts of IOPS to many virtual machines with various storage QoS settings. I encourage you to watch it, if you haven’t already, or go watch it again <img src="https://s.w.org/images/core/emoji/2.2.1/72x72/1f60a.png" alt="��" class="wp-smiley" style="height: 1em; max-height: 1em;" />. In the demo, we used a 16-node cluster connected over iWARP using the 40GbE Chelsio iWARP T580CR adapters, showing 6M+ read IOPS. Since then, Chelsio has released their 100GbE T6 NIC adapter, and we wanted to take a peek at what kind of network throughput would be possible with this new adapter. We used the following hardware configuration: <ul> <li>4 nodes of Dell R730xd <ul> <li>2x E5-2660v3 2.6Ghz 10c/20t</li> <li>256GiB DDR4 2133Mhz (16 16GiB DIMM)</li> <li>2x Chelsio T6 100Gb NIC (PCIe 3.0 x16), single port connected/each, QSFP28 passive copper cabling</li> <li>Performance Power Plan</li> <li>Storage: <ul> <li>4x 3.2TB NVME Samsung PM1725 (PCIe 3.0 x8)</li> <li>4x SSD + 12x HDD (not in use: all load from Samsung PM1725)</li> </ul> </li> <li>Windows Server 2016 + Storage Spaces Direct <ul> <li>Cache: Samsung PM1725</li> <li>Capacity: SSD + HDD (not in use: all load from cache)</li> <li>4x 2TB 3-way mirrored virtual disks, one per cluster node</li> <li>20 Azure A1-sized VMs (1 VCPU, 1.75GiB RAM) per node</li> <li>OS High Performance Power Plan</li> </ul> </li> <li>Load: <ul> <li>DISKSPD workload generator</li> <li>VM Fleet workload orchestrator</li> <li>80 virtual machines with 16GiB file in VHDX</li> <li>512KiB 100% random read at a queue depth of 3 per VM</li> </ul> </li> </ul> </li> </ul> We did not configure DCB (PFC) in our deployment, since it is not required in iWARP configurations. Below is a screenshot from the VMFleet Watch-Cluster window, which reports IOPS, bandwidth and latency. <a href="https://msdnshared.blob.core.windows.net/media/2017/03/iWARp-throughput-results.png"><img src="https://msdnshared.blob.core.windows.net/media/2017/03/iWARp-throughput-results-1024x164.png" alt="iwarp-throughput-results" width="879" height="141" class="aligncenter size-large wp-image-7845" /></a> As you can see the aggregated bandwidth exceeded 83GB/s, which is very impressive. Each VM realized more than 1GB/s of throughput, and notice the average read latency is <1.5ms. Let me know what you think. Until next time <a href="https://twitter.com/ClausJor">@ClausJor</a> ]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/filecab/2017/03/13/storage-spaces-direct-throughput-with-iwarp/feed/</wfw:commentRss> <slash:comments>7</slash:comments> </item> <item> <title>Work Folders for iOS can now upload files!</title> <link>https://blogs.technet.microsoft.com/filecab/2017/02/13/7735/</link> <comments>https://blogs.technet.microsoft.com/filecab/2017/02/13/7735/#comments</comments> <pubDate>Tue, 14 Feb 2017 01:37:54 +0000</pubDate> <dc:creator><![CDATA[Fabian Uhse]]></dc:creator> <category><![CDATA[Information Worker]]></category> <category><![CDATA[SMB]]></category> <category><![CDATA[Windows Server 2016]]></category> <category><![CDATA[Work Folders]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/filecab/?p=7735</guid> <description><![CDATA[Work Folders for iOS can now upload files! We are happy to announce, that we’ve just released an update to the Work Folders app on iOS that now allows anyone to upload pictures and documents from other apps, take pictures or even write a simple note – right from within the Work Folders App. We... <a aria-label="read more about Work Folders for iOS can now upload files!" href="https://blogs.technet.microsoft.com/filecab/2017/02/13/7735/" class="read-more">Read more</a>]]></description> <content:encoded><![CDATA[<h1>Work Folders for iOS can now upload files!</h1> We are happy to announce, that we’ve just released an update to the Work Folders app on iOS that now allows anyone to upload pictures and documents from other apps, take pictures or even write a simple note – right from within the Work Folders App. We also released a version with this <a href="https://blogs.technet.microsoft.com/filecab/2016/11/08/work-folders-for-android-can-now-upload-files/">feature set for Android</a>. <a href="https://msdnshared.blob.core.windows.net/media/2017/02/Whats_new_350-and-drop-shadow.png"><img width="400" height="672" class="aligncenter size-full wp-image-7795" alt="What's new: Take pictures and notes and upload documents" src="https://msdnshared.blob.core.windows.net/media/2017/02/Whats_new_350-and-drop-shadow.png" /></a><a href="https://msdnshared.blob.core.windows.net/media/2017/02/Whats_new_400.png"></a> <h2>Overview</h2> Work Folders is a Windows Server feature since 2012 R2 that enables individual employees to access their files securely from inside and outside the corporate environment. The Work Folders app connects to the server and enables file access on your iOS phone and tablet. Work Folders enables this while allowing the organization’s IT department to fully secure that data. <h2>What’s New</h2> Using the latest version of Work Folders for iOS, users can now: <ul> <li>Sync files that were created or edited on their device</li> <li>Take pictures and write notes within the Work Folders application</li> </ul> For the complete list of Work Folders for iOS features, please reference the feature list section below.   <a href="https://msdnshared.blob.core.windows.net/media/2017/02/iOSAddMenu.png"><img width="400" height="673" class="aligncenter size-full wp-image-7825" alt="iosaddmenu" src="https://msdnshared.blob.core.windows.net/media/2017/02/iOSAddMenu.png" /></a>   <h2>Work Folders for iOS – Feature List</h2> <ul> <li>Sync files that were created or edited on your device</li> <li>Take pictures and write notes within the Work Folders app</li> <li>Pin files for offline viewing – saves storage space by showing all available files but locally storing and keeping in sync only the files you care about.</li> <li>Files are always encrypted – on the wire and at rest on the device.</li> <li>Access to the app is protected by an app passcode – keeping others out even if the device is left unlocked and unattended.</li> <li>Allows for DIGEST and Active Directory Federation Services (ADFS) authentication mechanisms including multi factor authentication.</li> <li>Search for files and folders</li> <li>Open files in other apps that might be specialized to work with a certain file type</li> <li>Integration with Microsoft Intune</li> </ul> <h2>Saving your office files into the Work Folders app</h2> Microsoft Office files are read-only when opening the files from the Work Folders app. <ul> <li>Inside any of the office apps, tap “Duplicate” to store the file locally on your iOS device.</li> <li>Make your changes and save the file.</li> <li>Follow the steps below to sync any office file with your Work Folders app:</li> </ul>   <div style="width: 879px;" class="wp-video"> <video class="wp-video-shortcode" id="video-7735-1" width="879" height="495" preload="metadata" controls="controls"><source type="video/mp4" src="https://msdnshared.blob.core.windows.net/media/2017/02/Work_Folders_Office_demo.mp4?_=1" /><a href="https://msdnshared.blob.core.windows.net/media/2017/02/Work_Folders_Office_demo.mp4">https://msdnshared.blob.core.windows.net/media/2017/02/Work_Folders_Office_demo.mp4</a></video></div>   <h2></h2> <h3>Blogs and Links</h3> If you’re interested in learning more about Work Folders, here are some great resources: <ul> <li>Work Folders <a href="https://blogs.technet.microsoft.com/filecab/tag/work-folders/">blogs</a> on Server Storage blog</li> <li>Nir Ben Zvi <a href="https://blogs.technet.microsoft.com/b/filecab/archive/2013/07/09/introducing-work-folders-on-windows-server-2012-r2.aspx">introduced Work Folders on Windows Server 2012 R2</a></li> <li><a href="http://windows.microsoft.com/en-us/windows/work-folders-ipad-faq">Work Folders for iOS help</a></li> <li>Work Folders for Windows 7 SP1: Check out this <a href="https://blogs.technet.microsoft.com/b/filecab/archive/2014/04/24/work-folders-for-windows-7.aspx">post by Jian Yan</a> on the Server Storage blog</li> <li>Roiy Zysman posted <a href="https://blogs.technet.microsoft.com/b/filecab/archive/2014/03/06/windows-server-work-folders-resources-list.aspx">a great list of Work Folders resources in this blog</a>.</li> <li>See this <a href="https://blogs.technet.microsoft.com/b/storageserver/archive/2014/02/26/q-amp-a-with-fabian-uhse-program-manager-for-work-folders-in-windows-server-2012-r2.aspx">Q&A With Fabian Uhse, Program Manager for Work Folders</a> in Windows Server 2012 R2</li> <li>Also, check out these posts about <a href="https://blogs.technet.microsoft.com/b/filecab/archive/2013/07/10/work-folders-test-lab-deployment.aspx">how to setup a Work Folders test lab</a>, <a href="https://blogs.technet.microsoft.com/b/filecab/archive/2013/08/09/work-folders-certificate-management.aspx">certificate management</a>, and <a href="https://blogs.technet.microsoft.com/b/filecab/archive/2013/11/06/work-folders-on-clusters.aspx">tips on running Work Folders on Windows Failover Clusters</a>.</li> <li>Using Work Folders with <a href="https://blogs.technet.microsoft.com/b/filecab/archive/2013/10/15/windows-server-2012-r2-resolving-port-conflict-with-iis-websites-and-work-folders.aspx">IIS websites or the Windows Server Essentials Role (Resolving Port Conflicts)</a></li> </ul> <h3> Introduction and Getting Started</h3> <ul> <li><a href="https://blogs.technet.microsoft.com/b/filecab/archive/2013/07/09/introducing-work-folders-on-windows-server-2012-r2.aspx">Introducing Work Folders on Windows Server 2012 R2</a></li> <li><a href="http://technet.microsoft.com/en-us/library/dn265974.aspx">Work Folders Overview</a> on TechNet</li> <li><a href="http://technet.microsoft.com/en-us/library/dn479242.aspx">Designing a Work Folders Implementation</a> on TechNet</li> <li><a href="http://technet.microsoft.com/en-us/library/dn528861.aspx">Deploying Work Folders</a> on TechNet</li> <li><a href="http://windows.microsoft.com/en-us/windows-8/work-folders-faq">Work folders FAQ (Targeted for Work Folders end users)</a></li> <li><a href="https://blogs.technet.microsoft.com/b/storageserver/archive/2014/02/26/q-amp-a-with-fabian-uhse-program-manager-for-work-folders-in-windows-server-2012-r2.aspx">Work Folders Q&A</a></li> <li><a href="http://technet.microsoft.com/library/dn296644.aspx">Work Folders Powershell Cmdlets</a></li> <li><a href="https://blogs.technet.microsoft.com/b/filecab/archive/2013/07/10/work-folders-test-lab-deployment.aspx">Work Folders Test Lab Deployment</a></li> <li><a href="https://blogs.technet.microsoft.com/b/storageserver/archive/2013/10/09/windows-storage-server-2012-r2-work-folders.aspx">Windows Storage Server 2012 R2 — Work Folders</a></li> <li><a href="https://blogs.technet.microsoft.com/b/filecab/archive/2014/04/24/work-folders-for-windows-7.aspx">Work Folders for Windows 7</a></li> </ul> <h3>Advanced Work Folders Deployment and Management</h3> <ul> <li><a href="https://blogs.technet.microsoft.com/b/filecab/archive/2014/02/24/work-folders-interoperability-with-other-file-server-technologies.aspx">Work Folders interoperability with other file server technologies</a></li> <li><a href="https://blogs.technet.microsoft.com/b/filecab/archive/2013/11/01/performance-considerations-for-large-scale-work-folders-deployments.aspx">Performance Considerations for Work Folders Deployments</a></li> <li><a href="https://blogs.technet.microsoft.com/b/filecab/archive/2013/10/15/windows-server-2012-r2-resolving-port-conflict-with-iis-websites-and-work-folders.aspx">Windows Server 2012 R2 – Resolving Port Conflict with IIS Websites and Work Folders</a></li> <li><a href="https://blogs.technet.microsoft.com/b/filecab/archive/2013/10/09/a-new-user-attribute-for-work-folders-server-url.aspx">A new user attribute for Work Folders server Url</a></li> <li><a href="https://blogs.technet.microsoft.com/b/filecab/archive/2013/08/09/work-folders-certificate-management.aspx">Work Folders Certificate Management</a></li> <li><a href="https://blogs.technet.microsoft.com/b/filecab/archive/2013/11/06/work-folders-on-clusters.aspx">Work Folders on Clusters</a></li> <li><a href="https://blogs.technet.microsoft.com/b/filecab/archive/2013/10/15/monitoring-windows-server-2012-r2-work-folders-deployments.aspx">Monitoring Windows Server 2012 R2 Work Folders Deployments.</a></li> <li><a href="https://blogs.technet.microsoft.com/b/filecab/archive/2014/03/03/deploying-work-folders-with-ad-fs-and-web-application-proxy-wap.aspx">Deploying Work Folders with AD FS and Web Application Proxy (WAP)</a></li> <li><a href="https://blogs.technet.microsoft.com/b/filecab/archive/2014/02/28/deploying-windows-server-2012-r2-work-folders-in-a-virtual-machine-in-windows-azure.aspx">Deploying Windows Server 2012 R2 Work Folders in a Virtual Machine in Windows Azure</a></li> <li><a href="https://blogs.technet.microsoft.com/filecab/2016/08/12/offline-files-csc-to-work-folders-migration-guide/">Offline Files (CSC) to Work Folders Migration Guide</a></li> <li><a href="https://www.microsoft.com/en-us/cloud-platform/microsoft-intune-apps">Management with Microsoft Intune</a></li> </ul> <h3>Videos</h3> <ul> <li><a href="https://channel9.msdn.com/Events/TechEd/Europe/2013/WCA-B214#fbid=">Windows Server Work Folders Overview: My Corporate Data on All of My Devices</a></li> <li><a href="https://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/WCA-B332#fbid=">Windows Server Work Folders – a Deep Dive into the New Windows Server Data Sync Solution</a></li> <li><a href="https://channel9.msdn.com/Shows/Edge/Edge-Show-65-Windows-Server-2012-R2-Work-Folders">Work Folders on Channel 9</a></li> <li><a href="https://channel9.msdn.com/Shows/news/iPad-Workfolder-App">Work Folders iPad reveal – TechEd Europe 2014</a> (in German)</li> <li><a href="https://channel9.msdn.com/Shows/Edge/Edge-Show-140-WorkFolders-for-iPad--exclusive-first-look-at-iPhone" title="Work Folders on the "Edge Show"">Work Folders on the “Edge Show”</a> (iPad + iPhone video, English)</li> <li><a href="https://channel9.msdn.com/Blogs/malte_lantin/A-first-look-at-Work-Folders-for-Android-with-Program-Manager-Fabian-Uhse">Work Folders for Android on Channel 9</a></li> </ul> ]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/filecab/2017/02/13/7735/feed/</wfw:commentRss> <slash:comments>1</slash:comments> <enclosure url="https://msdnshared.blob.core.windows.net/media/2017/02/Work_Folders_Office_demo.mp4" length="8820914" type="video/mp4" /> </item> <item> <title>Windows Server 2016 Data Deduplication users: please install KB4013429!</title> <link>https://blogs.technet.microsoft.com/filecab/2017/01/30/windows-server-2016-data-deduplication-users-please-install-kb3216755/</link> <comments>https://blogs.technet.microsoft.com/filecab/2017/01/30/windows-server-2016-data-deduplication-users-please-install-kb3216755/#comments</comments> <pubDate>Tue, 31 Jan 2017 03:35:40 +0000</pubDate> <dc:creator><![CDATA[Will Gries]]></dc:creator> <category><![CDATA[Software Defined Storage]]></category> <category><![CDATA[Windows Server 2016]]></category> <category><![CDATA[Data Deduplication]]></category> <category><![CDATA[Dedup]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/filecab/?p=7715</guid> <description><![CDATA[Hi folks! Based on several customer bug reports, we have issued a critical fix for Data Deduplication in Windows Server 2016 in the most recent Windows update package, KB4013429. This patch fixes an issue where corruptions may appear in files larger than 2.2 TB. While we always recommend keeping your system up-to-date, based on the... <a aria-label="read more about Windows Server 2016 Data Deduplication users: please install KB4013429!" href="https://blogs.technet.microsoft.com/filecab/2017/01/30/windows-server-2016-data-deduplication-users-please-install-kb3216755/" class="read-more">Read more</a>]]></description> <content:encoded><![CDATA[Hi folks! Based on several customer bug reports, we have issued a critical fix for Data Deduplication in Windows Server 2016 in the most recent Windows update package, <a href="https://support.microsoft.com/kb/4013429">KB4013429</a>. This patch fixes an issue where corruptions may appear in files larger than 2.2 TB. While we always recommend keeping your system up-to-date, based on the severity of any data corruption, we strongly recommend that everyone who is using Data Deduplication on Windows Server 2016 take this update! Long-time users of Dedup on will note that we only officially support files with <a href="https://technet.microsoft.com/en-us/windows-server-docs/storage/data-deduplication/whats-new#large-file-support">size up to 1 TB</a>. While this is true, this is a “soft” support statement – we take your data integrity extremely seriously, and therefore will always address reported data corruptions. Our current defined support statement of 1 TB was chosen for two reasons: 1) for files larger than 1 TB, performance isn’t quite ‘up to snuff’ with our expectations, and 2) dynamic workloads with lots of writes may reach NTFS’ file fragmentation limits, causing the file to become read-only until the next optimization. In short, our 1 TB support statement is about preserving a high quality experience for you. Your mileage may vary… in particular, many users have reported to us that backup workloads that use VHDs or VHD-like container files sized over 1 TB work extremely well with Dedup. This is because backup workloads are typically append-only workloads. We do however recommend that you make use of the new <a href="https://technet.microsoft.com/en-us/windows-server-docs/storage/data-deduplication/understand#usage-type-backup">Backup usage type</a> in Windows Server 2016 to ensure the best performance with backup workloads. Finally, I would just like to thank the three users who reached out to us with this issue and helped us validate the pre-release patch: thank you! We always love to hear from you, our customers, so please feel free to reach out to us with your questions, comments, or concerns anytime: <a href="mailto:dedupfeedback@microsoft.com">dedupfeedback@microsoft.com</a>! <h3>Post history – see Update 4</h3> Update 1 Several folks have asked why KB3216755 is only available in the Windows 10 catalog and not in the Windows Server 2016 catalog. While this does not affect the ability to apply this patch to your Windows Server 2016 deployments, the reason why this patch does not appear in the Windows Server 2016 catalog is important for Windows Server 2016 users to understand. According to our Windows Servicing group, all fixes for Windows 10 and for Windows Server 2016 are “flighted” before release. KB3216755 is a “Windows Insider Preview” patch, meaning it will only be required for folks in the “Windows Insider Preview” program. Since there is no equivalent to the “Windows Insider Preview” program for Windows Server, this patch was only released for Windows 10. Again, this patch can be applied to Windows Server 2016. Update 2 We have heard from a Partner that KB3216755 contains a regression in System.Data.dll that is unrelated to Data Deduplication. The System.Data.dll regression may cause unmanaged memory leaks when issuing queries against a SQL Server. The relevant product and servicing teams at Microsoft are engaged with this issue and working towards a resolution. In the meantime, folks who are using System.Data.dll on Windows Server 2016 directly or through installed software should delay installing this patch until a workaround or fix is released. Update 3 <del>The regression in System.Data.dll will be addressed with KB3217574, which will be released 2017-02-14. It is recommended that everyone who has deployed KB3216755 take KB3217574!</del> Update 4 The regression in System.Data.dll has been fixed with <a href="https://support.microsoft.com/en-us/help/4013429/windows-10-update-kb4013429">KB4013429</a> (released 2017-03-14). It is recommended that everyone who has deployed KB3216755 take KB4013429! As such, the title of this post and body has been updated with the new KB information. ]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/filecab/2017/01/30/windows-server-2016-data-deduplication-users-please-install-kb3216755/feed/</wfw:commentRss> <slash:comments>28</slash:comments> </item> </channel> </rss>

Learn more about Windows Server software-defined datacenter solutions

View solutions