Microsoft Windows Storage Architecture

Question 1

I/O Subsystem:

Answer 1

Sends I/O requests to file systems

Question 2

File Systems:

Answer 2

Provides structure on raw volumes

Question 3

Volume Snapshot Manager:

Answer 3

Manages snapshots

Question 4

Volume Manager:

Answer 4

Presents volumes and manages dynamic volume collections

Question 5

Partition Manager:

Answer 5

Manages partitions on volumes

Question 6

Class Drivers:

Answer 6

Manages device types

Question 7

Port Drivers

Answer 7

Manages a specific transport

Question 8

Miniport Driver:

Answer 8

Provides hardware-specific functionality for a specific port driver

Question 9

Disk Subsystem:

Answer 9

Physical storage device

Question 10

The storage driver architecture deviates from the standard Windows Driver model, only the topmost class drivers conform to the model, whereas lower-level drivers use…

Answer 10

Specialised interfaces: Port drivers can be considered a collection of support used in turn by miniport drivers

Question 11

Windows provides Disk.sys as a class driver for…

Answer 11

Mass storage

Question 12

Windows provides a number of port drivers, such as Storport.sys for…

Answer 12

Current storage components

Question 13

Windows provides Sciport.sys and Ataport.sys for…

Answer 13

Legacy components

Question 14

Legacy drivers provide…

Answer 14

Disk scheduling

Question 15

RAID arrays do not need…

Answer 15

Head movement and rotation optimisation and would even suffer degradation

Question 16

iSCSI:

Answer 16

An example of Storage Area Network (SAN) protocols must communicate via the regular TCP/IP protocol stack and requires further services for management

Question 17

Multipath I/O:

Answer 17

For high availability environments, some storage devices may be connected through multiple paths

Question 18

The Windows kernel doe snot use drive letters - this is an artefact of the user-land interface, instead…

Answer 18

The Object Manager retains a name space for device objects including disks, disks are then provided separate symbolic aliases: \Global??\PhysicalDriveX is thus linked to \Device\HardDiskX\DRX

Question 19

The Partition Manager acts as…

Answer 19

Function driver for disk devices and maintains the Master Boot Records (MBR) and GUID Partition Tables (GPT) on disk

Question 20

Storage Architecture - Miniport Drivers hide much of…

Answer 20

The lower-level functionality

Question 21

Storage Architecture - For SATA drives, the Advanced Host Controller Interface (AHCI) offers such an…

Answer 21

Intermediate layer; Microsoft’s StorAHCI driver covers most devices

Question 22

Storage Architecture - For solid-state drives, this is largely superseded by…

Answer 22

Non-Volatile Memory Host Controller Interface Specification (NVMHCI) supported since Windows 8.1/Server 2012R2

Question 23

Storage Architecture - The current NVM Express (NVMe) driver is substantially faster compared to…

Answer 23

SATA/SAS as it does not carry the SCSI or ATA interface legacy for hard disks

Question 24

The Virtual Disk Service (VDS) subsystem’s Logical Disk Manager (LDM) maintains…

Answer 24

A single database containing partition information for all dynamic disks, including multi-partition logical volumes

Question 25

Dynamic Disk Concepts - The database resides in a reserved space (1MB) at the end of each dynamic disk divided into…

Answer 25

Records for disks, partitions, components, volumes, a table of contents and private headers

Question 26

The precise location of the LDM database depends on whether…

Answer 26

The dynamic disk it resides on is a GPT or MBR partition

Question 27

Translating offsets into volumes for file systems is more involved for multi-partition volumes

Answer 27

• Logical partitions making up a volume can reside on non-contiguous partitions or disks
• Most RAID configurations result in data being divided into different locations
• Although there are multiple variants, Windows supports only simple spanned volumes and RAID levels 0,1 and 5

Question 28

RAID Level 0 - Striping:

Answer 28

This provides no redundancy and increases the failure rate, but enhances performance and allows grouping of disks

Question 29

RAID Level 1 - Mirroring:

Answer 29

Used for enhancing reliability or performance - in an intact array, each drive can be read in a different location

Question 30

RAID Level 5 - Block-Level Striping:

Answer 30

Parity data is distributed across all disks, reducing overhead while enhancing reliability. Performance is dependent on parallel block access

Question 31

Volume Shadow Copy Service (VSS) allows snapshots to be taken of file systems:

Answer 31

• Clone Shadow Copies

* Copy-on-Write

Question 32

Clone Shadow Copies:

Answer 32

A split mirror duplicates a volume by software or hardware mirroring, divided into a live and mirror volume - only the live volume is writable

Question 33

Copy-on-Write:

Answer 33

A differential copy only retains changes to the live data on the shadow volume, requiring overlaying with the live data to recreate an earlier state

Question 34

From Windows 8/8.1 on volume shadow copy VSC has been offered but required…

Answer 34

A second drive to extract the shadow copy - although not documented, this seems to have deprecated

Question 35

File History (FH) service relies on similar differential/journaling structures as…

Answer 35

VSS but operates on files rather than blocks

Question 36

FH acts as a backup service and also includes…

Answer 36

User data (Libraries, Desktop, Contacts and Favourites)

Question 37

Regular users may recover deleted or previous versions of file and folders which allows…

Answer 37

Forensic examiners to do the same, ideally with access to the drive on which backups are retained

Question 38

The actual amount of storage taken up by File History, the frequency and time horizon can be configured:

Answer 38

• Within the alternate data stream, files are saved with an appended date/time stamp
• If external storage medium for journal backup is not available, a local cache is used
• On connecting the backup volume, the cache folder is moved to the backup volume and emptied