Afs manager

597 views

Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Afs manager

  1. 1. BeoLink.org AFS Identity Management Fabrizio Manfredi FuruholmenAFS Workshop October 2008
  2. 2. Agenda BeoLink.org   Introduction   AFS Manager   Introduction   Features   Demo   Next Steps   PtServer-NG   Introduction   Architecture   Demo   Open Points
  3. 3. PtServer BeoLink.orgIntroduction Centrally administration “means” security and time/resource savings
  4. 4. PtServer BeoLink.orgIntroduction Accounts Centralization • Enterprise Directory • Change Application • High Availability Centralized Provisioning • Connectors for applications • Product • Identity Management
  5. 5. PtServer BeoLink.orgIntroduction Distributed Centralized • You don’t need change apps • Real-time • Low problem on HA • Consistency View • IDM with RBAC • Reuse existing Architecture
  6. 6. PtServer BeoLink.orgIntroduction AFS Manager • Graphical User Interface • Provisioning Interface ( multi mode) • Administration Task PtServer NG • Active Directory Integration • Directory Integration
  7. 7. BeoLink.orgAFS Manager
  8. 8. AFS Manager BeoLink.orgGoalsGUI • Interface for Windows Administrators • Simple to use • Complete overview of the Cell • Standard object for php scripting (CLI)Monitoring • Volume Access Monitoring • Volume Space Usage • System StatisticsWebService Interface • Provisioning Interface for Volume, User, Group • Automatic volume layout • Re-Balance (replications, move volumes ..)
  9. 9. AFS Manager BeoLink.orgDemo Demo …
  10. 10. AFS Manager BeoLink.orgArchitecture Client • AJAX • Acrobat APACHE + PHP • XML • JSON • PHP >= 5 • SQL Lite AFS • Adm Command Line
  11. 11. AFS Manager BeoLink.orgNext Code • Java backend ? • PHP Library • Object Cache WebService Interface • Automatic volume layout • Re-Balance (replications, move volumes ..)
  12. 12. BeoLink.orgEnd of part 1
  13. 13. BeoLink.orgPtserver NG
  14. 14. PtServer BeoLink.orgOverview Ptserver keeps user/group information • Ptserver contains entries for every user and group in the cell • Ptserver allocates AFS IDs for new user, machine and group entries and maps each ID to the corresponding name. • Ptserver generates a current protection subgroup (CPS) at the File Servers request. The CPS lists all groups to which a user or machine belongs Ubik is the openAFS database • Ubik is a single linear database • Ubik is automatically replicated across a number of servers. • Ubik is a ‘transactional’ database (supports fully distributed changes as long as a majority of the servers are up and are synchronized together in a write quorum)
  15. 15. PtServer BeoLink.orgGoals Create Pluggable user storage • Ubik • Ldap • Windows Create flexible user mapping • Mapping user id on existing system • Mapping group id on existing system
  16. 16. PtServer BeoLink.orgWinbindWinbind unifies UNIX and Windows NT account management byallowing a UNIX box to become a full member of an NT domainAuthentication • NTLM • ADS (Kerberos)Users Information • Account info • ID mappingGroups Information • Group info • ID Mapping
  17. 17. PtServer BeoLink.orgArchitecturePtserver • Network Layer • AD DriverWindbind • Cache • IDMAP EngineIDMAP Storage • Ldap • ADS • FileDomain Controller • Samba • WinNT/Win2*
  18. 18. Overview BeoLink.orgDemo Demo … high probability of crash ..
  19. 19. PtServer BeoLink.org Advantages • Single identity (single storage) • id mapping • gid mapping • Real time update • Pluggable in existing infrastructure Disvantages • Reliability • Performance
  20. 20. PtServer BeoLink.orgOpen points .. Licences • Load GPL 3 library, compatibility ? Performance • How many request per second ? Where to Store .. • Flags • Quota Group
  21. 21. BeoLink.org Reference• For Further Questions:• Fabrizio Manfredi• fabrizio.manfredi@gmail.com manfred.furuholmen@gmail.com• http://www.beolink.org Too Long The End
  22. 22. AD as IDM BeoLink.orgIdMappingIDMAP SID<->UID/GID • LDAP • Internal (TDB) • ADS (SFU/RFC)

×