On Oct 7, 2005, at 2:27 PM, Andrew Lentvorski wrote:
Personally, if you are looking at a distributed file system, I would look much more strongly at one of the more modern SAN, NAS, or distributed, highly parallel replicating systems rather than AFS.
My main point for looking into AFS is that I'm trying to find something better than NFS, if such a beast indeed exists.
What do I want that's better? 1) securityNFS is really, horridly insecure. At best, you can restrict things by NIS Netgroups to determine what hosts can or cannot access exported filesystems on an NFS server, but that relies very heavily on the assumption that hosts and users are not being spoofed in some nefarious way.
Once a filesystem is attached, the best you can do in terms of security is root_squash, which doesn't buy you any security whatsoever if the users have root access on the client systems (which is the case for a good percentage of our linux systems).
Right now, we have things divided into "secure" subnets and "insecure" subnets. Basically, all the machines we maintain for faculty, staff and students are "secure", in that the end-users have no priviledged access at all. Then, there's the "insecure" systems, which are completely unsupported linux installations where the end- user has full control of the system. This has resulted in an administrative nightmare. Faculty have two home directories, on different servers, and which one gets mounted on the system they log in to is determined by whether the machine is on the "secure" or "insecure" subnets. The auto.home maps are ugly messes.
The fact that NFS "security" relies very specifically on NIS netgroups and trust in all systems on the network is a royal pain.
2) reliabilityRight now, if an NFS server fails, there's nothing we can do until we get the server back online. This is only rarely an issue, but when it happens, it'd be really really nice if there was some capability for replication and fail-over on the server side of things.
Another really desirable feature would be some way to automagically have snapshots like on the NetApp we have. AFS apparently has what they call "backup volumes", which would fit the bill. self-service file restores would be a godsend to us. I'm just not sure there's a way for us to do that.
Gregory -- Gregory K. Ruiz-Ade <[EMAIL PROTECTED]> OpenPGP Key ID: EAF4844B keyserver: pgpkeys.mit.edu
PGP.sig
Description: This is a digitally signed message part
-- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
