----- Original Message ----- | On Wed, 2010-10-27 at 14:26 -0700, James A. Peltier wrote: | > ----- Original Message ----- | | > | You mean, NFSv4 seems more "transparent" to you (whatever that | > | means) | > | than, say, NFSv2? | > | > No, in that NFSv4 with Kerberos was an easier move from NFSv3 than | > to move to something like AFS, which seem would have required much | > more work to migrate the existing systems. | | What problem were you trying to solve by moving to NFSv4 from NFSv3? | | AFS was interesting in 1990. It also had some security flaws that led | to it being sunset in many environments by about 1998. It also had | some | damn annoying issues with cache coherency between systems which made | it | a nightmare for running circuit simulations and synthesis on a | cluster. | DCE/DFS was interesting 12-15 years ago, but lacked wide platform | adoption and was essentially killed off when key people quit working | on | it in 2000. | | If you're actually writing oodles and oodles from many servers at | once, | you're going to want a cluster filesystem suitable for scientific | computing. | If you're doing manipulation of the files from workstations... you go | with whatever is supported on them... but I'm not seeing OpenBSD as a | prime candidate for workstations. | | Thanks, | Chris Dukes
The move to NFSv4, more specifically, NFSv4 with Kerberos security, was to continue to be able to provide our users the ability to log into any UNIX, GNU/Linux or Mac OS X machine, and have their home directories be mounted on each of those platforms. We are currently doing this with NFSv3 and NIS. VLANs were used to segment this insecure environment from the rest of the university network. We are now moving towards a larger campus wide solution. One where VLANs are not permitted, nor is MPLS/VRF functionality currently available. We are also moving towards single sign on using AD 2008 w/Kerberos tickets for secure access to file system mounts. This better allows us to provide relatively secure file system access using fix or automounts to other campuses over insecure networks at varying levels of security based on mounts and security requirements. As I stated earlier. I'm not doing any NFSv4 with OpenBSD. I am using Solaris, OS X, GNU/Linux and Windows mostly in my environment. I was just interested more towards why NFSv4 was deemed so bad. This has now been pointed out much more clearly in recent posts, but still seems to be the best of the worst choice. -- James A. Peltier Systems Analyst (FASNet), VIVARIUM Technical Director Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.fas.sfu.ca | http://vivarium.cs.sfu.ca http://blogs.sfu.ca/people/jpeltier MSN : subatomic_s...@hotmail.com -- -- James A. Peltier Systems Analyst (FASNet), VIVARIUM Technical Director Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.fas.sfu.ca | http://vivarium.cs.sfu.ca http://blogs.sfu.ca/people/jpeltier MSN : subatomic_s...@hotmail.com
