Microsoft Windows Storage Architecture Flashcards
I/O Subsystem:
Sends I/O requests to file systems
File Systems:
Provides structure on raw volumes
Volume Snapshot Manager:
Manages snapshots
Volume Manager:
Presents volumes and manages dynamic volume collections
Partition Manager:
Manages partitions on volumes
Class Drivers:
Manages device types
Port Drivers
Manages a specific transport
Miniport Driver:
Provides hardware-specific functionality for a specific port driver
Disk Subsystem:
Physical storage device
The storage driver architecture deviates from the standard Windows Driver model, only the topmost class drivers conform to the model, whereas lower-level drivers use…
Specialised interfaces: Port drivers can be considered a collection of support used in turn by miniport drivers
Windows provides Disk.sys as a class driver for…
Mass storage
Windows provides a number of port drivers, such as Storport.sys for…
Current storage components
Windows provides Sciport.sys and Ataport.sys for…
Legacy components
Legacy drivers provide…
Disk scheduling
RAID arrays do not need…
Head movement and rotation optimisation and would even suffer degradation
iSCSI:
An example of Storage Area Network (SAN) protocols must communicate via the regular TCP/IP protocol stack and requires further services for management
Multipath I/O:
For high availability environments, some storage devices may be connected through multiple paths
The Windows kernel doe snot use drive letters - this is an artefact of the user-land interface, instead…
The Object Manager retains a name space for device objects including disks, disks are then provided separate symbolic aliases: \Global??\PhysicalDriveX is thus linked to \Device\HardDiskX\DRX
The Partition Manager acts as…
Function driver for disk devices and maintains the Master Boot Records (MBR) and GUID Partition Tables (GPT) on disk
Storage Architecture - Miniport Drivers hide much of…
The lower-level functionality
Storage Architecture - For SATA drives, the Advanced Host Controller Interface (AHCI) offers such an…
Intermediate layer; Microsoft’s StorAHCI driver covers most devices
Storage Architecture - For solid-state drives, this is largely superseded by…
Non-Volatile Memory Host Controller Interface Specification (NVMHCI) supported since Windows 8.1/Server 2012R2
Storage Architecture - The current NVM Express (NVMe) driver is substantially faster compared to…
SATA/SAS as it does not carry the SCSI or ATA interface legacy for hard disks
The Virtual Disk Service (VDS) subsystem’s Logical Disk Manager (LDM) maintains…
A single database containing partition information for all dynamic disks, including multi-partition logical volumes
Dynamic Disk Concepts - The database resides in a reserved space (1MB) at the end of each dynamic disk divided into…
Records for disks, partitions, components, volumes, a table of contents and private headers
The precise location of the LDM database depends on whether…
The dynamic disk it resides on is a GPT or MBR partition
Translating offsets into volumes for file systems is more involved for multi-partition volumes
- Logical partitions making up a volume can reside on non-contiguous partitions or disks
- Most RAID configurations result in data being divided into different locations
- Although there are multiple variants, Windows supports only simple spanned volumes and RAID levels 0,1 and 5
RAID Level 0 - Striping:
This provides no redundancy and increases the failure rate, but enhances performance and allows grouping of disks
RAID Level 1 - Mirroring:
Used for enhancing reliability or performance - in an intact array, each drive can be read in a different location
RAID Level 5 - Block-Level Striping:
Parity data is distributed across all disks, reducing overhead while enhancing reliability. Performance is dependent on parallel block access
Volume Shadow Copy Service (VSS) allows snapshots to be taken of file systems:
- Clone Shadow Copies
* Copy-on-Write
Clone Shadow Copies:
A split mirror duplicates a volume by software or hardware mirroring, divided into a live and mirror volume - only the live volume is writable
Copy-on-Write:
A differential copy only retains changes to the live data on the shadow volume, requiring overlaying with the live data to recreate an earlier state
From Windows 8/8.1 on volume shadow copy VSC has been offered but required…
A second drive to extract the shadow copy - although not documented, this seems to have deprecated
File History (FH) service relies on similar differential/journaling structures as…
VSS but operates on files rather than blocks
FH acts as a backup service and also includes…
User data (Libraries, Desktop, Contacts and Favourites)
Regular users may recover deleted or previous versions of file and folders which allows…
Forensic examiners to do the same, ideally with access to the drive on which backups are retained
The actual amount of storage taken up by File History, the frequency and time horizon can be configured:
- Within the alternate data stream, files are saved with an appended date/time stamp
- If external storage medium for journal backup is not available, a local cache is used
- On connecting the backup volume, the cache folder is moved to the backup volume and emptied
