Despite the perception that the world is moving to cloud FTP solutions, many companies prefer to keep file servers on premise based on factors like security, availability, and cost. For such companies, the most common environment in the world, with approximately 50% market share, is Windows Server.
In this post, we will examine various on-premise file sharing configuration options within Windows Server 2019, discuss which of them are most suitable for your needs, and see how to optimize Windows Server for SFTP.
Creating a Lean On-Premise File Server Solution
Less is more, especially with intensive applications such as a file server. Keeping your server using as few resources as possible requires identifying and removing unused processes and components, which you can do in two ways:
- Minimizing the FTP or SFTP server’s footprint
Operating as small a footprint as possible is a security best practice to reduce your attack surface. Windows Server 2019 lets you pick roles and features that your SFTP server’s configuration will install and support. This highly modular, flexible option helps administrators build fine-grained control over their file server’s footprint by disabling unused services and elements.
- Restricting File Server Roles and Features
Windows Server also gives fine-grained control over the file server and IIS roles. To minimize resources and maximize security, take advantage of this ability to restrict your file transfer roles as much as possible. In cases where virtualization options are part of the deployment plan, such as running multiple virtual machines or network interfaces, an Additional Hyper-V role should be installed.
Choosing a file system – Compatibility vs. Robustness (NTFS vs. ReFS)
Up until recently, utilizing ReFS has meant compromising on features and abilities that NTFS offered. Windows Server 2019’s file server enhancements have brought ReFS much closer to feature parity with NTFS, which is helping some of ReFS’s core advantages shine through.
Both systems have key differentiators, and it is important to be familiar with the main differences and options of each to best configure your Windows server for file transfer:
- ReFS was designed for scalability, resilience, and robustness. It supports far larger volume sizes (up to 35 PB) and offers data protection and data integrity features that are part of the FS core.
NTFS provides better support for file server tools like DOS filenames, file system level compression, encryption, and disk quotas, which may be a determining factor for environments that are less data intensive.
Distributed File Support (DFS) for Windows Server
Windows Server 2019’s DFS support is a way to create a single namespace that encompasses multiple file servers.
This approach has multiple advantages, including:
- Allowing users to find data without needing to know which server holds the files or replicating data in multiple directories
- Silently redirecting user requests to the closest file server in order to reduce network file transfer loads.
How to Pick the Right Server Message Block (SMB) Protocol – Know Your Environment
The Server Message Block (SMB) Protocol is a network file sharing protocol consisting of a set of message packets that defines a particular version of the protocol (called a dialect or version).
While there are three different versions of the SMB protocol, supporting all three is unnecessary for most file server environments. Identifying the most suitable scenario for your organizational needs and disabling the other protocol versions can help improve file transfer security.
For backwards compatibility and support of older Windows versions, SMB v1.0 support for file transfer is required, but is also considered the least secure option. If the operational environment allows it, a preferable option is to disable SMB v1.0 and use more recent versions of the SMB protocol.
How to Leverage File Server Resource Manager (FSRM) to Enforce Compliance
FSRM is a Windows Server role used to enforce folder quotas on the file server and generate reports on storage usage. In addition, FSRM adds a file screening function that prevents users from storing certain file types on the file server, enabling a measure of protection to help against ransomware attacks.
If your team supports a storage-hungry user base or has issues with lax file security, FSRM can help enforce an additional level of file server protection.
Disable Windows Auto-Tuning for High-Volume File Transfer
When transferring large numbers of files, disabling Windows Auto-Tuning can improve a client’s connection stability and maintain a continuous connection without dropping and compromising the transfer.
To do so, open a Command Prompt and run as Administrator:
netsh int tcp set global autotuninglevel=disabled
Microsoft Windows Server Best Practices to Benchmark an Optimized Configuration
Windows 2019 server comes with an extremely handy tool – the “Best Practices Analyzer”. This tool will gather information about your server configuration and compare it to other similarly deployed configurations to recommend the best practices and for your specific configuration.
This evolving and constantly updating benchmarking tool is a good “Sanity check” to make sure all aspects are up to date on your file sharing application.
Of course, keep in mind that any “suggested recommendation” should be reviewed and applied with care.
We hope that these tips for optimizing Windows Server for SFTP have been helpful. If you have questions about on-premise file transfer, visit Cerberus FTP Server’s forum or consider contacting our in-house support.
