On 11/24/2011 04:28 AM, Dmitry Makovey wrote:
On Friday, November 18, 2011, david klein wrote:
You may find that FreeIPA in RHEL 6,2 is a pretty painless way to setup
Kerberos, LDAP and NFSv4, and integrates them nicely. This would allow you
to have the benefits of central authentication and secure filesystem
export.
The big difference between NFS and ISCSI is that NFS exports a filesystem,
while ISCSI exports a raw disk slice or the virtual equivalent thereof.
Both are ready for prime-time, though NFS has had a much longer history, so
it is very mature.
While NFS does not require Kerberos, it benefits *A* *LOT* from a
centralized identity/authentication/authorization.
considering we have no user accounts on machines and that space will mostly be
used by services - central auth is no priority. What we're really shooting for
is speed and some level of security (encryption?).
For VM's
Have you thought of putting the Disk files (vmdk's) on NFS? In a
virtualisation standpoint it makes a lot of sense.
* benefit from host's file cache
* vmdk's are stored on a FS that can be managed remotely if needed
* Can be used as a simple "clustered" storage compatible for migrating
vm's from one host to another.
* VM's can be easily moved from one host/cluster to another
* don't need to bother about LUN's, WWN, etc etc
* NFS is tolerant of brief network pauses because it uses TCP. we are
able to keep VM's running while our core switch reboots and the VM's
just pause their IO.
HTH
--
redhat-sysadmin-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list
