3 Too many sectors Tied up with the concept of FAT is the notion of clusters. The hard drive is organized into sectors but a large hard drive has a large number of sectors. –E.g. 10 GB drive has approx. 20,000,000 sectors.
CSIT 301 (Blum)4 FAT Review FAT (16) uses up to 16 bits to address data on the hard drive (or partition thereof) –2 16 = 65,536 –If you address 65,536 sectors, each having 512 bytes then you would have 65,536 512 = 33,554,432 bytes = 32,768 kilobytes = 32 megabytes (MB)
CSIT 301 (Blum)5 Clusters The various sectors must be addressed. Operating systems have a limited size address which in turn limits the number of sectors. –Early partitioning was used to allow hard drives to exceed this limit. Another solution to this limitation was to address groups of sectors instead of individual sectors. –A set of sectors (4 to 64) grouped together for addressing purposes is known as a cluster.
CSIT 301 (Blum)6 Cluster Clusters are groups of sectors addressed in the FAT system. Within FAT(16) Sectors/ClusterCluster Size (KB)Partition Capacity (MB) (= 1 GB) (= 2 GB)
CSIT 301 (Blum)7 The bigger the cluster, the more the slack The cluster size is the minimal space that can be used to store a file. With 32 sectors per cluster, a cluster was 16KB, much larger than many of the files that need to be stored on a typical partition. The unused portion of all of these clusters is called slack. While large clusters allowed for larger partitions, they resulted in unacceptable amounts of slack.
CSIT 301 (Blum)8 More addresses needed To have large capacity partitions without sacrificing much of that capacity to slack, a larger address space is needed. FAT 32 can devote up to 28 bits to addressing (the other four bits are reserved for other purposes). –Allows one to address 2 28 = 268,435,456 things
CSIT 301 (Blum) is a lot Even if one addressed sectors then theoretically one could have a capacity of 268,435,456 512 bytes 137,438,953,472 bytes 134,217,728 kilobytes 131,072 megabytes 128 gigabytes And that’s if you’re addressing sectors, it’s even larger if you’re addressing clusters.
CSIT 301 (Blum)10 A very fat FAT The price one pays for having small clusters (which save on slack) is to have a large FAT table. The FAT table does not take up much room as far as disk space is concerned but it is something one probably wants in memory (disk cache). But a large FAT table will take up too much space in memory. So partition size, cluster size and FAT table size is a balancing act.
CSIT 301 (Blum)11 Partitioning helped Breaking the drive down into smaller pieces helped since the address only had to identify clusters within a partition. This allowed for smaller clusters and less slack. The switch from FAT (FAT16) to FAT32 increased the size of the address used to identify clusters. Thus the cluster size could be reduced without introducing a lot of partitions.
CSIT 301 (Blum)12 Partitioning can still help Although FAT 32 allows one to address many more clusters, doing so can have detrimental effects. –The size of the file allocation table increases if there are more clusters. –The file allocation is something you may read often and thus something you might want to cache. But if it is too big, it will not fit in the cache or take up too much room in cache. The level of cache we are talking about here is holding something in memory to access faster than going to hard drive.
CSIT 301 (Blum)13 FAT The file allocation table (FAT) stores information about clusters. The FAT describes how each cluster is being used, for example, which clusters are free and which are being used. –Sometimes the operating system indicates that a cluster is being used when it is not. This is called a lost cluster. –You can free up disk space by reassigning lost clusters with the ScanDisk utility. The FAT also indicates how clusters are chained together to form files.
CSIT 301 (Blum)14 Disk scanning Depending on options selected, this may require a restart.
CSIT 301 (Blum)15 FAT The FAT is located right after the volume boot sector. The differences in filesystems (such as FAT, FAT32 and NTFS) lie in the size of the address and the management of the FAT. For example, there are usually two copies of the FAT (the second serving as a backup of the first). FAT and FAT32 differ in how they manage this backing up process. One can determine the filesystem of a drive by using the chkdsk command.
CSIT 301 (Blum)16 chkdsk Command
CSIT 301 (Blum)17 Chkdsk on a floppy
CSIT 301 (Blum)18 FAT Comparison Not 32 as the name might suggest (2G)
CSIT 301 (Blum)19 Directories and Folders Users think of files are stored in directories (or folders). So in addition to the actual location of the information associated with a file, the disk must also store the logical information about where the user believes the file to be stored – the directory structure. To each directory, there corresponds a file containing a table with information about what files are in the folder.
CSIT 301 (Blum)20 Directory entry data Each directory table entry has data for –Name of the file (and extension) –Attribute byte (whether the file is read-only, etc.) –Last data/time the file was modified –File size –Pointer to the first cluster
CSIT 301 (Blum)21 Attribute Byte
CSIT 301 (Blum)22 File Properties (Right click on file)
CSIT 301 (Blum)23 File Properties Dialog Box
CSIT 301 (Blum)24 Directory Tree The files are in directories (folders). The directories are in directories. Ultimately every file on a drive is contained in the root directory. The root directory plays a special role. The corresponding file is located right after the two copies of the FAT.
CSIT 301 (Blum)25 Limited Size? FAT (a.k.a. FAT16) limited the size of the root directory. –See table on next slide FAT32 lifted this restriction. –Still the root directory is a poor place to locate too many files.
CSIT 301 (Blum)26 File name size limitations Originally MSDOS filesystems used 11 bytes for the name (8 bytes) and extension (3 bytes) of the file in the directory table entry. –Users were stuck with this naming convention. Microsoft introduced VFAT in Windows 95 to allow for longer file names. –An alias table was set up, a user’s long file name was assigned to a short file name.
CSIT 301 (Blum)27 NTFS New Technology File System (NTFS) was built to provide features like: –Reliability: introduced ideas like “transactions” (grouping certain updates together to maintain integrity) –Security and Access Control: built-in features to manage who can access files and what type of access they have
CSIT 301 (Blum)28 NTFS Features (Cont.) Large-capacity partitions: allows large partitions and even RAID (Redundant Array of Inexpensive Disks, treating multiple disk as one large disk) Slack reduction: allocates space differently from FAT Allows for long file names (not limited to 8- character names with 3 character extensions) Networking: built with networking in mind
CSIT 301 (Blum)29 A more structured file system In NTFS files are more than just pools of data, they have structure –The difference between FAT and NTFS is somewhat analogous to the difference between a flat file and a database. –Just as in databases where one has data and metadata (the data about the data), NTFS has metadata files (files that contain data about other files).
CSIT 301 (Blum)30 Partition/Volume Boot Sector/Record One of the first things made when an NTFS partition is created is the volume boot sector, which contains: –BIOS parameter block: identifies the partition, how big it is, etc. –Volume boot code: code that starts to load the operating system
CSIT 301 (Blum)31 All else is files After the volume boot sector, just about everything else is a file. There are –metadata files: files about files Created automatically when the partition is formatted Placed at the beginning –(Actual or real) Data files
CSIT 301 (Blum)32 MFT Think of the Master File Table (MFT) as a database containing records about all of the files (both data and metadata, including itself). Each file’s record holds the values of its attributes. –The actual data in a data file is simply one of its attributes.
CSIT 301 (Blum)33 The first several records The first several records in the MFT are about other important metadata files, including –MFT itself –MFT Mirror (1 st 16 records) –Log file (keeps account of transactions) –Attribution Definition Table (names file properties and says what they are) –Root Directory Folder –Bad cluster file –Etc.
CSIT 301 (Blum)34 MFT Zone There will be a record in the MFT for every file on the partition. Thus the MFT needs room to grow. Some space in the partition, called the MFT Zone, is reserved for this purpose. If one needs part of the MFT zone for storage, it will eventually be used. On the other hand, the MFT can grow to be larger than the MFT zone. It is then fragmented which could affect performance.
CSIT 301 (Blum)35 Some File Attributes File name: (can be up to 255 characters, allows a file to have aliases) Standard Information: read-only, hidden, archived, time stamps, etc. Security Descriptor: Access Control Lists (ACLs) who owns the file, who has what privilege, etc. Data: the actual data
CSIT 301 (Blum)36 Security NTFS was designed with the idea of multiple users and security in mind. The features necessary to implement a security policy are built directly into the file system. In FAT32 a file may be hidden or read-only, but in NTFS a file can be hidden from user1, read-only to user2 and fully accessible to user3.
CSIT 301 (Blum)37 Security Concepts Ownership: some user owns a file/folder and he or she grants permissions to other users. Permissions: what a user can do with a file/folder (read, read-write, delete, etc.) –Users are placed in groups (possibly more than one) and permissions are assigned to groups –Permissions can be inherited, e.g. new files gets permissions of folder it was created in Auditing: tracking information about users’ access to and modification of files
CSIT 301 (Blum)38 ACLs An important security attribute of a file is its Access Control List (ACL). The ACL specifies which users can access the file and in what way they can access the file There are two types of ACL: –System ACL: used for auditing purposes –Discretionary ACL: explicit assigning of permissions to users or groups
CSIT 301 (Blum)39 Permissions
CSIT 301 (Blum)40 Other features Improved Security and Permissions: one change is from static to dynamic permission inheritance. –Static: a child inherits the parent’s permissions when it is created but is unaffected by subsequent changes in the parent’s permissions –Dynamic: a change to the parent’s permission will affect the child’s permissions Change Journals: improved auditing (journaling) of file/folder access activity. Encryption: Automatic encryption/decryption of files (when accessed by users with the appropriate permissions).
CSIT 301 (Blum)41 Transactions Don’t forget NTFS is pretty much a database. Almost any activity involving the drive in anyway is going to affect a number of files. NTFS introduces the notion of a transaction – the grouping together of various operations to form an “atomic” unit. –In other words these operations should be viewed as “all or nothing” in order to maintain the file system’s integrity. –Recall the “ACID test” from databases?
CSIT 301 (Blum)42 Logging and Committing There is a special metafile for logging all activity. When all of the components of a transaction are complete, this completion is indicated in the log file and the transaction is said to be committed. If something goes wrong (e.g. power failure) before a transaction is completed, the file system can undo the partially enacted transaction to return the file system to a consistent state. Doing so is said to be rolling back the transaction. –It is also called transaction recovery.
CSIT 301 (Blum)43 Fault Tolerance NTFS has a fault tolerance disk driver known as FTDISK. That’s where one can find the transaction recovery features. Also where one finds support for RAID (redundant array of inexpensive (or is that independent) disks). And where you’ll find dynamic bad cluster remapping. –Basically the drive reads immediately after writing to ensure that the cluster written to was OK. If it was not, it writes it somewhere else and marks the cluster as bad.
CSIT 301 (Blum)44 Compression NTFS has build-in utilities for file compression –File compression takes advantage of patterns in data to reduce the amount of space required to store it. –E.g. instead of ASCII code for text (each character 8 bits) one might use a variable length code with short codes for common letters like e and longer codes for uncommon letters like q or j. On average the files are much smaller. In NTFS one can compress any part of the partition.
CSIT 301 (Blum)45 POSIX support NTFS offers POSIX support. POSIX stands for Portable Operating System Interface for UNIX It allows software developers to make sure that their code can be ported to a POSIX- compliant operating system, which includes most versions of UNIX.
CSIT 301 (Blum)46 Disk Quota support As a genuinely multi-user file system, NTFS support disk quotas –A quota can be set for a particular user or on a particular partition or the combination. –Allows for limits and warnings. The user is warned when he or she exceeds the warning amount. The user is blocked (from writing?) when he or she exceeds the limit amount. –Monitor and log events that cause a user to go over the "limit" or "warning" levels.
CSIT 301 (Blum)47 References PC Hardware in a Nutshell (Thompson and Thompson) All-in-One A+ Certification, Meyers and Jernigan