Directly to CTERA Portal

During normal operations end users access their files residing in a CTERA Edge Filer via network drives that map via the SMB protocol. In the background, the edge filer is capable of syncing, in near real time, any file changes to the CTERA Portal, effectively creating another identical copy of the data.

If an edge filer fails, end users want to continue with minimal downtime and as seamlessly as possible. Until the faulty edge filer is replaced and fully operational, CTERA provides end users with access to their files in the CTERA Portal, also via mapped network drives, providing a very similar user experience to the edge filer access the end users are familiar with. Virtually immediate data-access recovery is enabled by diverting end users from the edge filer directly to the CTERA Portal, in order to access their files and folders.

Setting up business continuity to a portal is described in the following sections:

• Overview
• Setting Up Business Continuity to a CTERA Portal
• Triggering Failover to the Portal and Failback to the Edge Filer

Overview

To enable business continuity to a CTERA Portal, customers need to purchase endpoint Cloud Drive Connect licenses for every edge filer end user. A Cloud Drive Connect license provides an end user with access to the files on the portal for disaster recover, but excludes file collaboration options.

How does it work?

For business continuity to a CTERA Portal to be enabled, the edge filer must be a Caching Gateway so that all data written to it is immediately synced to the portal.

When the edge filer operates normally, workstations have access to it via one or more network drive letters, which are mapped to the edge filer. The mapping is achieved via a mapping policy that is pushed to the workstation by default.

If the edge filer fails, an alternate mapping policy is pushed to the workstation. In this situation the workstation has access to the portal via one or more network drive letters to the same data that it had access to with the edge filer.

When the edge filer recovers, the default mapping policy is pushed to the workstation, thus restoring normal access to the edge filer via the original network drive letters, which is are once again mapped to the edge filer.

Setting Up Business Continuity to a CTERA Portal

Business continuity to a CTERA Portal requires setting up the CTERA Edge Filer as a a Caching Gateway so that any files written to the edge filer are immediately synced to the CTERA Portal. The portal contains a duplicate set of all the files on the edge filer and it is this set of files that can be used if the edge filer fails.

Setting Up Failover and Failback Policies

During normal edge filer operations, end users access the edge filer through SMB, via one or more mapped drives. Thus, the end user accesses the folders and files using Windows File Explorer, in the same way that all folders and files are accessed. The mapped network drive can be accessed by using the following UNC path: \\edge_filer_ip\Cloud\Shared With Me\WinFS.

If the edge filer fails, the end users need to maintain access to their data through a similar mechanism, except that the data now originates from the portal. Access is provided though WebDAV technology, which allows mapping the same drive letter to the portal. The portal supports the WebDAV protocol and serves as a WebDAV server.

Mapping the portal through WebDAV depend on the WebDAV client implementation. The Microsoft WebDAV implementation is available in Windows 7, Windows 8.x, Windows 10, and Windows 11. CTERA provides its own WebDAV client implementation, through installation of the CTERA Agent on each workstation.

The following method does not require the installation of CTERA Drive Connect or CTERA Agent:

• Mapping Using the Native Microsoft WebDAV Implementation and DFS – Access is provided through the Microsoft WebDAV implementation and the Microsoft Distributed File System (DFS) technology. DFS allows a logical mapping of physical resources, and supports both mapping of Network Drives on the edge filer and of WebDAV paths.

The following method can be used with or without the installation of a CTERA Agent:

• Mapping Using WebDAV and Active Directory GPO – Access is provided either through the Microsoft WebDAV implementation or the CTERA Agent WebDAV client implementation.

In both cases, administrative preparation is required, so that the end user is connected to the edge filer during normal edge filer operation and to the portal if the edge filer fails, as transparently as possible.

Mapping Using the Native Microsoft WebDAV Implementation and DFS

The administrator is responsible for DFS configurations that maps the network drive letter to the edge filer during normal operation or, when disaster recovery is required, to the portal.

After an edge filer failure, the administrator switches the configuration in DFS to the one mapping to the portal. When normal operations with the edge filer are resumed, the administrator switches back the configuration in DFS to the one mapping to the edge filer.

End user workstations automatically switch to the current DFS configuration.

The following procedure is generic and must be tailored to each enterprise, based on their specific DFS practices and polices.

To configure DFS for both edge filer and portal access:

1. In the Server Manager, select Tools > DFS Management.
2. Define a folder in a DFS namespace.
   
   For example, after defining a folder, WinFS in the DFS namespace mynamespace, access is via the \\mynamespace\WinFS path.
3. Define two folder targets for the WinFS logical folder: A folder target for the edge filer and a folder target for the portal.
   
   For the edge filer: \\edge_filer_name\Cloud\share_name\WinFSRoot
   For the portal: \\portal_name@SSL\WebDAV\Shared With Me\share_name\WinFSRoot
   where edge_filer_name is the edge filer name, shared_name is the shared folder name, and portal_name is the portal name with the DNS suffix.
   Both folder targets are defined as enabled by default. The folder must be the first folder shared in the portal.
   Note

   By default access is only available for the share_name owner. The share_name owner must define the end users as collaborators in the CTERA Portal for these users to have access to the share_name content.

4. Right-click the portal folder target and select Disable Folder Target.
   
   The enterprise is now set up so that users access the edge filer during normal operation. For details about handling a edge filer failing and failing over to the portal, see Triggering Failover to the Portal and Failback to the Edge Filer.

Mapping Using WebDAV and Active Directory GPO

The administrator is responsible for configurations that maps the network drive letter to the edge filer during normal operation or, when disaster recovery is required, to the portal. The administrator pushes the edge filer mapping policy/configuration to the end user workstations, and the workstations are triggered to use this mapping.

Pushing and triggering the appropriate policy/configuration is based on one of the following:

• Active Directory (AD)/Group Policy Object (GPO) mechanisms and practices, as well as Windows PowerShell scripting. As each organization may have its specific AD practices and policies, the below should be regarded as a general outline as each organization may need to adapt the concepts to its own environment.
  Note

  For assistance setting up the policy/configuration for your environment, contact CTERA Service Delivery.

• Pushing the appropriate policy/configuration, based on CTERA portal configuration templates.

Example Portal Mapping Policy Through the CTERA WebDAV Client

The administrator must define the required portal mapping in terms of drive letter and the portal path to be mapped. An administration template, .adm file, can be defined in Windows Group Policy Management which is then pushed to the workstations of the group of end users accessing the edge filer. This can be a permanent definition, even in normal operation, as the portal mapping is enabled by a further steps, described in the Mapping Cloud Drive Folders.

The portal mapping policy is designed to run as a GPO Login script for the group of end users that are accessing the edge filer. The policy makes sure that the edge filer mapping is off and then enables portal mapping, based on the predefined mapping specified in the mapping .adm file. For example, mapping of drive letter M: to the Portal Cloud Drive of the users Shared With Me\WinFS files.

@echo off
net use M: /del /y
:CheckOS
IF EXIST "%PROGRAMFILES(X86)%" (GOTO 64BIT) ELSE (GOTO 32BIT)
:64BIT
  cd "C:\Program Files (x86)\CTERA_WebDAV\CTERA Agent"
GOTO END
:32BIT
  cd "C:\Program Files\CTERA_WebDAV\CTERA Agent"
GOTO END
:END
cteractl command set /config/cloudMount/enabled true

The portal mapping policy is defined in Windows Group Policy Management as a Login script, linked to the domain group of the users using the edge filer:

Alternatively the policy can be defined as a CTERA configuration template:

Triggering Failover to the Portal and Failback to the Edge Filer

Triggering failover to the portal and failback to the edge filer when it is back up and running is dependent on the configured setup:

• DFS Configuration
• GPO Login Script-Based Configuration
• CTERA Configuration Template-Based Configuration

DFS Configuration

To set failover to the portal if the edge filer fails:

1. In the Server Manager, select Tools > DFS Management.
2. Drill-down to the folder targets set up for the edge filer and portal.
3. Right-click the portal folder target and select Enable Folder Target to enable the portal folder target.
   
4. Right-click the edge filer folder target and select Disable Folder Target to disable the edge filer folder target DFS configuration.

End user workstations automatically switch to the portal DFS configuration.

To set failback to the edge filer when it is fixed:

1. In the Server Manager, select Tools > DFS Management.
2. Drill-down to the folder targets set up for the edge filer and portaL.
3. Right-click the edge filer folder target and select Enable Folder Target to enable the portal folder target.
4. Right-click the portal folder target and select Disable Folder Target to disable the edge filer folder target DFS configuration.

End user workstations automatically switch to the edge filer DFS configuration.

GPO Login Script-Based Configuration

In normal operation, the edge filer mapping policy is applied in the login script of all the workstations of the group of end users accessing the edge filer. For disaster recovery, if the edge filer fails, the administrator activates the portal mapping policy. For failback, the administrator re-activates the edge filer mapping policy.

To activate the portal mapping policy for disaster recovery when the edge filer fails or the edge filer mapping policy for failback:

1. Replace the current mapping policy in the login script by the required mapping policy. This is done through Group Policy Management.
   For disaster recovery replace the edge filer mapping policy with the portal mapping policy and for failback replace the portal mapping policy with the edge filer mapping policy.
2. Trigger a re-login of the workstations, for the new login script to take effect. This can be done in various way, depending on the organization polices and best practices. For example, by running a PowerShell script, remotely run by the administrator on the workstations of the group, presenting a dialog message requiring the end user to re-login or, if allowed, automatically triggering a re-login.

End users work through new portal mapping policy. End users logging in to their workstations after the mapping policy has been set, automatically have the new mapping applied.

Remote Management-Based Configuration

A remapping of the mounted drive letter from the edge filer to the portal for disaster recovery or from the portal to the edge filer for failback may be achieved without the need to re-login.
Such a mechanism can be based on remote PowerShell scripts that disconnects the current mapping and enables the required mapping via a cteractl command, triggering a restart of the CTERA Agent service, for the mapping to take effect.
This method require that Windows Remote management access via PowerShell is enabled on the workstation (that is, the WinRM services is running), and that the PowerShell script runs with administrator privileges.

CTERA Configuration Template-Based Configuration

In normal operation, the edge filer mapping policy is applied in the configuration template of all the workstations of the group of end users accessing the edge filer. For disaster recovery, if the edge filer fails, the administrator activates the portal mapping policy. For failback, the administrator re-activates the edge filer mapping policy.
To activate the portal mapping policy for disaster recovery when the edge filer fails or the edge filer mapping policy for failback:

1. Replace the current mapping policy by the required mapping policy configuration template in the CTERA Portal.
   For disaster recovery, replace the edge filer mapping policy with the portal mapping policy and for failback replace the portal mapping policy with the edge filer mapping policy.
2. Trigger a re-login of the workstations, for the new configuration template to take effect.