Deploying Work Folders in
HPE StoreEasy 1000 and 3000
Best practices
Contents
Challenge .......................................................................................................................................................................................................................................................................................... 2
Technologies used to address the challenges ............................................................................................................................................................................................... 2
Objective of this white paper.......................................................................................................................................................................................................................................... 2
Best practice to configure Work Folders ............................................................................................................................................................................................................. 2
Prerequisite .............................................................................................................................................................................................................................................................................. 3
Configure Work Folders in HPE StoreEasy .................................................................................................................................................................................................4
Additional configuration in domain controller for Work Folders ............................................................................................................................................. 6
Additional configuration in DNS for Work Folders............................................................................................................................................................................... 6
Additional configuration in HPE StoreEasy for Work Folders ................................................................................................................................................... 9
Configure Work Folders in the client connected to the domain controller...................................................................................................................11
Configure Work Folders in client not connected to the domain controller .................................................................................................................14
Data sync of Work Folders..............................................................................................................................................................................................................................................15
Summary .........................................................................................................................................................................................................................................................................................16
Resources .......................................................................................................................................................................................................................................................................................16
Technical white paper
Technical white paper
Page 2
Introduction
In an organization, every user wants to have one centralized file location where they can
work on their files anytime and anywhere. There should be no worries about Internet
connection and login or password to access their corporate network, and more
importantly, files should be up to date whenever they are accessed. Microsoft® introduces
Work Folders in Windows® 2012 R2 to give users the flexibility to work on files offline or
online. This allows data to auto sync with the centralized file server once it is connected to
the Internet.
Challenge
A single point of access to the user files, anytime and anywhere, is a major challenge any organization would face. Users are connected to their
work or personal computer and devices, where the commonly used data is duplicated. The bigger challenge exists in porting the data with the
latest revision from one computer or device to another. This issue becomes a concern when there is no Internet connectivity and login or
password to access their corporate network, or information whether users are part of the domain or not. In all this, there is a certain amount of
security risk to the user’s files moving from one computer or device to another.
Technologies used to address the challenges
The above challenges can be addressed by configuring Work Folders on HPE StoreEasy Storage. With this configuration, users have a single
point of access to work-related files from their personal or office PC. To manage data, existing file server technologies such as file classification,
folder quota; and for the security of files several device policies such as “encrypt Work Folders” or “use a lock screen password” can be configured
with Work Folders.
Objective of this white paper
This white paper describes the best practices for configuring Work Folders on HPE StoreEasy Storage running software version 4.00.0a or newer.
Work Folders should be configured on both HPE StoreEasy Storage and the client machine.
Best practice to configure Work Folders
Share configuration and security permission
1. On HPE StoreEasy Storage, first create a pool using the Pool Manager tool available on the HPE StoreEasy 1000 series. Pool Manager
analyzes the configuration of HPE StoreEasy Storage and guides you in choosing the best possible disk configuration.
Hewlett Packard Enterprise strongly recommends the use of Pool Manager on 1000 series systems to configure disks. When implementing
Work Folders on HPE StoreEasy 3000 series, use the storage system management tools to create pools.
2. Once the disk pool or LUN is configured, go to File and Storage Services of Server Manager to create virtual disks.
3. On the virtual disk, create a volume and on these volumes, create a server message block (SMB) share where Work Folders will be configured.
Note
Volume should be formatted with NT File System (NTFS).
Technical white paper
Page 3
4. Work Folders can also be configured on a clustered file server.
Note
Work Folders is only supported on the general file server and not on scale-out file servers.
5. To create an SMB share, go to Server Manager->File and Storage Services->Shares->Tasks->New Share->SMB Share. Follow the instruction
and create a share.
6. Security permission can be set according to requirement. For Work Folders, user or group permission should be set carefully.
Note
For more information on how to configure SMB share, refer to the following link:
h20195.www2.hpe.com/v2/GetPDF.aspx%2F4AA4-7477ENW.pdf
Best practice recommendations
For the 1000 series, if the users intend to use the Work Folders for normal files, pictures, or videos then “capacity” pool type needs to be
configured and if the users intend to keep application data then “performance” pool type needs to be configured.
For the 3000 series, if the users intend to use the Work Folders for normal files, pictures, or videos then “RAID 5” LUN needs to be provisioned by
the back-end array and if the users intend to keep application data then RAID 1+0 LUN needs to be provisioned by the back-end array.
Note
From the client side, only one Work Folder can be configured at a time, so it is very important for the administrator to configure Work Folders on
an appropriate RAID level and map users accordingly.
Prerequisite
Following are the prerequisites to be considered for implementing Work Folders on HPE StoreEasy:
• HPE StoreEasy with Quick Restore (QR) version 4.00.0a or above
• Any client machine with Windows 8.1 operating system installed
• Ensure Active Directory Domain Service (AD DS) and Domain Name System (DNS) is running with Windows Server® 2012
• Users should be familiar with the configuration of AD DS, DNS, and Certificate Authority
• Work Folders require an email address associated with the user profile in AD to operate properly
• Configure Secure Sockets Layer (SSL) in both server and client machine
• Enough free space on a share configured on HPE StoreEasy 1000 or 3000 to store all the users' files in Work Folders
Technical white paper
Page 4
Configure Work Folders in HPE StoreEasy
1. The Work Folders "role" is installed by default on HPE StoreEasy.
2. To create a new "sync share" go to Server Manager->File and Storage Services->Work Folders. Click on "New Sync Share Wizard."
3. In "Server and Path" page, select the SMB share or you can give the path for the local folder as well.
4. In the "User Folder Structure" page, there are two options available. Select any one of them for naming convention.
You can optionally select the "Sync only the following subfolder" checkbox to synchronize only a specific subfolder, such as the "Document Folder."
5. In the "Sync Share Name" page, give a name for "Sync Share."
Technical white paper
Page 5
6. Create one group in the domain with the scope as "Global" and type as "Security", and add users to this group. In the "Sync Access" page, add
the created group that will use sync share. You can also add individual "Active Directory" users.
Note
By default, the admin will not have access to the user data on the server. If you want admin to access user data, uncheck the “Disable inherited
permissions and grant users exclusive access to their files” checkbox.
7. In the “Device Policies” page, specify whether to request any security restrictions on client PCs and devices. There are two device policies that
can be individually selected:
a. "Encrypt Work Folders" requests that Work Folders be encrypted on client PCs and devices.
b. "Automatically lock screen, and require a password" requests that client PCs and devices to lock their screens automatically after
15 minutes. It requires a six-character or longer password to unlock the screen and activate a device lockout mode after 10 failed retries.
8. At the “Confirmation” page, review all the inputs given and click on “Create” to create a new sync share.
Technical white paper
Page 6
Additional configuration in domain controller for Work Folders
1. Create one group in "Active Directory Users and Computer" with the scope as "Global" and type as "Security."
2. Add users, who will use the Work Folders.
Note
No matter whether a user is configuring Work Folders in domain or non-domain joined client PC, all authentication for users will happen through
AD. If Work Folders is configured on a domain-joined client PC then authentication will happen through AD and it will not ask to enter domain
username and password. However, for authentication for non-domain joined client PC, it will ask to enter domain credentials for users to login to
the Work Folders server. So, it is mandatory to add all Work Folders users in Active Directory.
Additional configuration in DNS for Work Folders
1. Go to Server Manager->Tools->DNS.
a. Go to Forward Lookup Zones->Domain, right click, and select on “New Alias.”
b. After clicking on New Alias, the “New Resource Record” page will open. Fill all the fields. Whatever alias name you give, will auto-fill the
“Fully qualified domain name (FQDN)” field. FQDN for target host should be your Work Folders server name with the domain.
c. Click on “OK” and check for new alias entry in the DNS Manager.
Technical white paper
Page 7
2. Configure “Reverse Lookup Zones” in DNS Manager.
a. Go to Server Manager->Tools->DNS. Go to "Reverse Lookup Zones." Right click and create "New Zone." After configuring a new zone, right
click it and select on "New Pointer."
b. “New Resource Record” page will open. In the “Host IP” field, enter the Work Folders server IP. The FQDN field will fill automatically and in
“Host name” provide your Work Folders server hostname with the domain. Click on OK.
3. Install Certificate Authority.
a. Install “Active Directory Certificate Services” through “Add Role and Features Wizard.”
Note
After installing a role, install post-deployment configuration as well.
b. Go to Server Manager->Tools->Certification Authority->Certificate Template, right click, and select “Manage.”
Technical white paper
Page 8
c. The “Certificate Template Console” will open. Go to “Web Server” and right click “Properties.”
d. Go to “Security” and add the group you have created in the domain and select the checkbox to enroll for that group. Give “Enroll”
permission to “Authenticated Users” also.
e. Go to the “Subject Name” tab and check in “Source of subject name.” The radio button for “Supplied in the request” should be selected.
Technical white paper
f.
Page 9
Check the entry for “SSL Certificate” in “Certificate Template Console.” If it is not there, right click the “RAS and IAS Server” template and
click on “duplicate template.” Go to the template and in the “General” tab change the template display name as “SSL certificate.” Right click
SSL Certificate->Properties->Subject Name. Select the radio button for “Supply in the request.”
Additional configuration in HPE StoreEasy for Work Folders
1. Open Microsoft Management Console (MMC). Go to File->Add/remove snap in, and click on “Certificates” then Add->Select Computer
Account->Select Local Computer->Finish. The certificate snap in under console root will be added. Go to Certificates->Personal and right click
All Tasks->Request New Certificate.
Technical white paper
Page 10
2. In the “Certificate Enrollment” page, select “Web Server” and click on Details->Properties.
3. In Certificate Properties->Subject->Subject Name, select type as “Common name”, and in the value field give your server name with domain
and then click on “Add.” In “Alternative name”, select type as “DNS” and in the value field give server name with domain and the alias name
that you have created in DNS with the domain name.
4. An entry will be created under Certificate->Personal. Save the MMC console. Check the certificate entry in “Trusted Root Certification
Authority” as well.
5. Go to Server Manager->Tools->IIS Manager. If it is not installed, install it through the “Add Roles and Feature” wizard.
6. Go to Sites->Default Websites->Binding.
Technical white paper
Page 11
7. In the “Edit Site Binding” page click on “Add.” In the “Add Site Binding” page select type as “https.” In the “Host name” field give your server
name with domain and in “SSL certificate” select the certificate created.
Configure Work Folders in the client connected to the domain controller
1. Go to Control Panel->System and Security->Work Folders.
2. Click on “Set up Work Folders” and then enter your email address or you can enter Work Folders URL as well. User entry should be there in
the list of Active Directory users and computer, and the user should have permission to access Work Folders.
Note
To configure Work Folders you can also provide Work Folders URL instead of email address.
a. Click on “Enter a Work Folders URL instead” link and give Work Folders URL address.
Technical white paper
3. In the “Confirm Work Folders location” page, check for Work Folders location where you want to keep your data and click on “Next.”
4. In the “Accept security policies” page, select the checkbox for policies and click on “Set up Work Folders.”
Page 12
Technical white paper
Page 13
5. In “Setup finished” you will get the message “Work Folders has started syncing with this PC.”
6. Click on “Close” and you can see that your Work Folders has started syncing with your PC.
Note
After configuring Work Folders, if “The data transferred isn’t in the proper format. (0x80x80001)” error is seen, then download “KB2887595” from
the Microsoft site: support.microsoft.com/kb/2887595, and install it on both HPE StoreEasy and client systems.
Technical white paper
Page 14
7. Check in “This PC” and you will find an additional entry for Work Folders.
Configure Work Folders in client not connected to the domain controller
All configurations are the same as mentioned earlier. Only while entering the input in the email address page, you will be asked for the domain
user name and password. Make sure the user name entry is present in Active Directory. Provide the user name and password and it will work as
mentioned earlier.
Technical white paper
Page 15
Note
In the client side (applicable to domain client and non-domain client) open Internet Explorer and in the URL field enter your Work Folders server
address, for example, https:\\sync1.syncdc.com. Ensure it doesn’t show a certificate error. If it is giving any certificate error then follow these steps:
1. In Work Folders server export the certificate key.
2. Copy the exported key in the client machine.
3. Import the certificate key under “Trusted Root Certification Authorities.”
Data sync of Work Folders
No matter whether you are working in the offline or online mode, you can sync your Work Folders anytime. If you are working in the offline mode
then save all files under Work Folders and once it is connected to the Internet or corpnet, go to your Work Folders, right click, and select
“Sync Now.” All files are synced automatically and it will reflect in your sync server.
Important
If the same file is accessed from the server as well as from the client side and if the “Sync Now” action is executed then it will create two entries in
the same file. Both files will reflect in the server and the client as well. Make sure, after working on documents or files, they are saved and closed.
Technical white paper
Best practice recommendation
This role is specifically designed for clients working online or offline with their documents or files. It’s recommended that any action on
documents or files should be performed from the client side.
It is recommended that the files are accessed from one location at a time, and you save and close the documents or files after working on them.
Summary
Work Folders is a new role introduced in HPE StoreEasy Storage running software version 4.00.0a. Work Folders gives you the freedom to work
with your files, anytime and anywhere, irrespective of whether you are at home or office, whether you are connected to the Internet, corpnet, or
not, or whether your PC is joined to the domain or not.
Resources
Deploying Work Folders
technet.microsoft.com/en-us/library/dn528861.aspx
Work Folders Overview
technet.microsoft.com/en-us/library/dn265974.aspx
Work Folders Test Lab Creation Guidelines
blogs.technet.com/b/canitpro/archive/2013/11/13/step-by-step-creating-a-work-folders-test-lab-deployment-in-windows-server-2012-r2.aspx
Learn more at
hp.com/us/en/products/data-storage/storeeasy.html
Sign up for updates
Rate this document
© Copyright 2014–2016 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without
notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements
accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.
Microsoft, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States
and/or other countries.
4AA5-1651ENW, March 2016, Rev. 2