SlideShare a Scribd company logo

AFS case study

M
Manfred Furuholmen
Technology
1 of 40
Download to read offline
AFS Case Study Manfred at zeropiu.it EuroBsdCon November 2006
Agenda •  Overview •  Basic Concepts •  AFS Servers Type •  Arla Overview •  Best practice •  Planning •  AFS Convention •  Case Study •  Solution •  Architecture •  Result Pagina 2
Overview Andrew File System is a distributed file system designed to : •  handle terabytes of data •  handle thousands of users •  working in WAN environment Pagina 3
Brief history of a AFS •  1983 Andrew Project started at Carnegie Mellon University (CMU) •  1987 Coda research work begun (based on AFS) •  1988 First use of AFS version 3 First use of AFS outside Carnegie Mellon University •  1988 Institutional File System project at University of Michigan – •  1989 Transarc Corporation founded to commercialize AFS, •  1993 Arla project started at Kungliga Tekniska Högskolan •  1998 Transarc Corporation becomes wholly owned subsidiary of IBM •  2000 IBM releases OpenAFS as OpenSource (IBM License), •  2000 OpenAFS release version 1.0 based on Transarc 3.6 •  2001 OpenAFS release version 1.2 first release with better support of new operating system and fix several memory leak •  2005 OpenAFS release version 1.4 with a lot of new feature •  2005 AFS was discontinued from IBM Pagina 4
Basic Concepts •  Transparent Access and Uniform Namespace •  Cell •  Partitions and Volumes •  Mount Points •  Scalability •  Client Caching •  Replication •  Security •  Authentication and secure communication •  Authorization and flexible access control •  System Management •  Single system interface •  Delegation •  Backup Pagina 5
Transparent Access and Uniform Namespace •  Cell •  Cell is collection of file servers and workstation •  The directories under /afs are cells , unique tree •  Fileserver contains volumes •  Volumes •  Volumes are "containers" or sets of related files and directories •  Have size limit •  3 type rw,ro,backup •  Mount Point •  Access to a volume is provided through a mount point •  A mount point looks and just like a static directory Pagina 6
Scalability •  Cache Manager (Client Side) •  Maintain information about identities users •  Retrieve data from fileserver •  Keeps chunks of retrieved files on local disk (cache) •  Replication •  Frequently accessed data can be replicated (read-only) on several server •  Cache Manager make use of replicate volumes first Pagina 7
Security •  Authentication •  Kerberos IV native (kaserver) •  External Kerberos V •  Unique identity •  Encryption communication on data transfer (crypt option) •  Authorization •  Access control list with 7 types permissions •  Groups definition by user Pagina 8
System Management •  Single system interface •  Configuration changes can made from any client •  Move volume in transparent way •  On-line upgrade and extend system •  Delegation •  Group delegation •  Admin delegation •  Backup •  Backup volume and file •  Built in backup function •  User direct access (backup mounted) Pagina 9
Example write operation client side 1 create file rpc 2 write chunks into cache (interrupted by store_data RPC) 3 read from cache 4 transfer over network 5 write to /vicepXX Pagina 10
Example write operation server side 1 Create file 2 Check metadata, permission, quota and return file path 3 write file into /vicepXX 4 Update meta data on server 5 Update db Pagina 11
AFS Servers Type •  Fileserver machine •  file storage •  Database server machine •  File and Volume localization •  ACL and groups administration •  Authentication provider •  Binary distribution •  Master server for afs binary (specific architecture) •  System control machine •  Time server •  AFS configuration master Pagina 12
AFS Server Process •  Bosserver, system monitor •  Fileserver, serves file •  Volserver, serves volume data •  Vlserver, volume location server •  Kaserver, kerberos IV server •  Ptserver, protection server (group,acl) •  Buserver, backup server •  Upserver •  Update conf •  Update binary Pagina 13
Weakness •  File restriction •  Pipes •  Devices files •  Sockets •  Unicode name •  AFS Lock •  Only advisory locks (byte-range locking underway) •  ACL •  Only on directory •  Volume •  Read only •  Manual sync •  Write on close •  Date time operation Pagina 14
Arla •  AFS client alternative •  *BSD support •  Disconnected operation Pagina 15
Where used ? •  University •  Cmu, Stanford,MIT,KTH(Sweden), Chemitz(Germany), Roma3(italy),… •  Research Labs •  SLAC, DESY,CERN(EUROPE),INFN(ITALY),… •  Companies: •  Intel,Morgan Stanley,Pictage,.. Pagina 16
Conventions and Best Practices •  AFS file space layout •  Server planning •  Volume naming and schemas •  Volume replication •  Username schemas •  Partition Filesystem •  Backup planning •  Security consideration •  Client Cache tuning •  AFS limitations Pagina 17
Cell Name • Convention •  Company Domain name •  Company Kerberos Realm • Cell name •  Short name (Max size cell is 64 characters) •  Cell name can contain only lowercase characters •  Suitable for different operating system. (Do not include command shell metacharacters). Pagina 18
Server planning • Fileserver •  Ratio 200:1 client server (many site today have 1000:1) •  Replica server location •  Big machine vs small machine • Database server •  3 machine for election algorithm (ubik) •  Separate from Fileserver • Update server •  One system • Binary distribution •  One system per architecture Pagina 19
Volume naming and schemas • Volume name limit •  Read/write volume names can be up to 22 characters in length •  The .readonly and .backup extensions are reserved word •  root.afs and root.cell name are used for default • Volume naming •  Mount point prefix name (user.manfred) •  Function suffix name Pagina 20
Volume layout and replication • Volume •  User have its own volume for simplify load balance operations (move,backup) •  Volume for group of file (binary, documents ..) • Replication is not appropriate for volumes that change frequently • Replicate the root.afs and root.cell most as possible • Backup volume use the same partition (it is a copy of the source volume's vnode index) Pagina 21
Username • Username • Characters, which have special meanings to the command shell • The colon ( : ), because AFS reserves it as a field separator in protection group names; • The period ( . ); it is conventional used to identify special username that have administrator capability (ex. manfred.admin ) • AFS UID, 32766, is reserved for the user anonymous. • UID maching, unix uid / AFS uid •  Unix ldap •  NIS •  kerberos ldap backend •  smb Pagina 22
Partition Filesystem (inode vs iname) Inode faster •  Dedicated partition •  Special fsck for the system partition •  No journaling file system •  Restore on same filesystem layout (same inode structure) Iname slower •  OS fsck •  Filesystem independent, with advantage of journaling •  The aren’t special requirement for /VicepXX, it could be a mounted filesystem •  Simply restore operation Pagina 23
Backup • Native backup system and recovery AFS can be configured to create a full or incremental backup • Volume dump This operation permit to create a binary file with all information of backup volume • Backup system with AFS support • Amanda • Bacula • Other commercial product Pagina 24
Security consideration •  User Accounts: •  Kerberos integration with modified login utility •  replace kaserver with Unix Kerberos solution or Windows AD (OpenAFS support basic Kerberos 5 2b protocol) •  including the unlog command in every user's .logout file or equivalent •  Server Machines •  Change the AFS server encryption key on a frequent and regular schedule. •  Particularly limit access to the local superuser root account on a server machine. •  System Administrators •  Create an administrative account for each administrator separate from the personal account •  assign AFS privileges only to the administrative account. •  Set the token lifetime for administrative accounts to a fairly short amount of time. Pagina 25
Client Cache •  Cache Size •  single user machine 128MB •  Multi-user machine 1GB/4GB •  Cache partition •  Directory, the partition must grantee enough space •  Disk partition, better performance (Terminal Server) •  Login Integration Pagina 26
AFS limitations General Limit • OpenAFS can support a maximum of 104.000 clients per server • tmpfs no work as AFS Cache, (ramdisk work) • Max 255 partition per server (/vicepa-/vicepiv), no limits in partition size • Max 4,294,967,295 volumes per partition (this a limit of VLDB), • Max Volume size is 2TB • Max file limit per directory is 64,000 files (less than 16 characters). Windows Limit • Write-on-close, the changes are synchronized only on close operation • No integration on Microsoft DFS • No support for files greater than 2GB on windows platform ( work in progress). Pagina 27
Case Study Italsempione is nowadays the biggest Italian fully indipendent forwarding company covering any service related to transports and logistics with a worldwide agency network. Company: •  Head Quarter in Italy •  16 Branch Office in Italy •  7 branch outside Italy •  400 PC , Windows XX •  150 PC , Linux •  8 Windows NT Domain •  Wide Area Network •  No IT stuff on the branch office Pagina 28
Solution •  Primary goals •  Reduce cost of Software License •  Simplify System Administration task. •  Solution •  Thin client replacement, terminal server •  Server Virtualization , VMware •  Storage Virtualization, OpenAFS Pagina 29
Architecture Pagina 30
Architecture Head Quarter 3 Fileserver Machines • User:Server rate 200:1. • The read-write information volumes are replicated with circular schema • The volumes of binary and programs are replicated on all fileserver. • The fileserver are based on OpenBSD 3.9. 3 Database Servers • installed on the same machine of fileserver 2 Authentication Servers •  Heimdal Kerberos V •  ldap backend (samba, heimdal, unix, profile info) 8 VMmachine • windows terminal server image • Linux terminal server image • OpenBSD network service image Pagina 31
Architecture •  Cell name= domain name •  Main Directory tree = country/city/function •  User Directory tree = usr/m/manfred •  User volume •  Volume name Directory usage Volume name User home user.username prefix= mount point User home backup user.username.backup Suffix= function Application apps.applicationname OS Software software.soname •  Volume replication Groups groups.groupname Binary data VMware image image.osname Root volume(afs,cell) Pagina 32
Architecture •  Partition •  inode base •  Small partition for quick check •  Odd vicepX for rw volume even for ro volume •  Backup •  Bacula for incremental / total dump •  User backup volume mounted in home dir •  Monitoring •  Zabbix •  AFS monitor and performance Pagina 33
Hardware Fileserver /DbServer: • 1GB of RAM, • 3GHz Xeon single processor • 2x36Gb SCSI RAID 1 for operating system partition • 4x 143GB SCSI RAID5 storage (/vicepXX) Authentication server: •  1GB of RAM •  3GHz Xeon single processor •  2x36Gb SCSI RAID 1 for operating system and db backend VMmachine: • 4GB of RAM • 3GHz Xeon dual processor. • 2x36Gb SCSI RAID 1 for operating system and local vmware image. Pagina 34
Why OpenBSD •  OpenAFS support •  Porting Server side and client side •  Security level •  Heimdal integration •  AFS emulation •  LDAP backend •  2ab protocol (large kerberos ticket) •  Small and fast •  Stable Pagina 35
Consideration • Iron server vs Small server •  small number of inexpensive fileservers (provides equivalent performance) •  inexpensive incremental increase in capacity •  better manageability and redundancy. NFS file sharing vs AFS •  AFS resulted in a 60% decrease in network traffic. •  The server's load decreased by 80% •  task execution time was reduced by 30%. Pagina 36
Benefit • Reduced cost • Reduced software costs for 150.000 Euro • Increase performance (Server and Desktop) • Reduced down time • Reduced helpdesk load • Simplify System Administration task •  Improved manageability •  Full disaster recovery protection •  Data accessible from Spain to Singapore with a •  High security level •  Single sign-on Pagina 37
Next OpenAFS •  Lock subsystem •  Windows support •  Kerberos V support External project (www.beolink.org) •  Ptserver with ldap backend •  Web interface Pagina 38
Reference Install •  bsdcan http://www.bsdcan.org/2006/papers/ •  http://www.public.iastate.edu/~kula/talks/afs-bpw-2005/ afs-bpw-2005-iowa.html Openafs •  www.openafs.org •  http://www.stacken.kth.se/project/arla/ •  http://web.mit.edu/kerberos/www/ •  http://www.pdc.kth.se/heimdal Pagina 39
The End Pagina 40

Recommended

The NFS Version 4 Protocol
The NFS Version 4 ProtocolThe NFS Version 4 Protocol
The NFS Version 4 ProtocolKelum Senanayake
 
Unit II - 2 - Operating System - Threads
Unit II - 2 - Operating System - ThreadsUnit II - 2 - Operating System - Threads
Unit II - 2 - Operating System - Threadscscarcas
 
Heterogeneous computing
Heterogeneous computingHeterogeneous computing
Heterogeneous computingRashid Ansari
 
5 things you didn't know nginx could do
5 things you didn't know nginx could do5 things you didn't know nginx could do
5 things you didn't know nginx could dosarahnovotny
 
Kernel Configuration and Compilation
Kernel Configuration and CompilationKernel Configuration and Compilation
Kernel Configuration and CompilationBud Siddhisena
 
Nfs
NfsNfs
NfsWaqas !!!!
 
Common linux ubuntu commands overview
Common linux ubuntu commands overviewCommon linux ubuntu commands overview
Common linux ubuntu commands overviewAmeer Sameer
 
GlusterFs Architecture & Roadmap - LinuxCon EU 2013
GlusterFs Architecture & Roadmap - LinuxCon EU 2013GlusterFs Architecture & Roadmap - LinuxCon EU 2013
GlusterFs Architecture & Roadmap - LinuxCon EU 2013Gluster.org
 

Recommended

The NFS Version 4 Protocol
The NFS Version 4 ProtocolThe NFS Version 4 Protocol
The NFS Version 4 ProtocolKelum Senanayake
 
Unit II - 2 - Operating System - Threads
Unit II - 2 - Operating System - ThreadsUnit II - 2 - Operating System - Threads
Unit II - 2 - Operating System - Threadscscarcas
 
Heterogeneous computing
Heterogeneous computingHeterogeneous computing
Heterogeneous computingRashid Ansari
 
5 things you didn't know nginx could do
5 things you didn't know nginx could do5 things you didn't know nginx could do
5 things you didn't know nginx could dosarahnovotny
 
Kernel Configuration and Compilation
Kernel Configuration and CompilationKernel Configuration and Compilation
Kernel Configuration and CompilationBud Siddhisena
 
Nfs
NfsNfs
NfsWaqas !!!!
 
Common linux ubuntu commands overview
Common linux ubuntu commands overviewCommon linux ubuntu commands overview
Common linux ubuntu commands overviewAmeer Sameer
 
GlusterFs Architecture & Roadmap - LinuxCon EU 2013
GlusterFs Architecture & Roadmap - LinuxCon EU 2013GlusterFs Architecture & Roadmap - LinuxCon EU 2013
GlusterFs Architecture & Roadmap - LinuxCon EU 2013Gluster.org
 
Supporting Apache HBase : Troubleshooting and Supportability Improvements
Supporting Apache HBase : Troubleshooting and Supportability ImprovementsSupporting Apache HBase : Troubleshooting and Supportability Improvements
Supporting Apache HBase : Troubleshooting and Supportability ImprovementsDataWorks Summit
 
An introduction to the linux kernel and device drivers (NTU CSIE 2016.03)
An introduction to the linux kernel and device drivers (NTU CSIE 2016.03)An introduction to the linux kernel and device drivers (NTU CSIE 2016.03)
An introduction to the linux kernel and device drivers (NTU CSIE 2016.03)William Liang
 
AIXpert - AIX Security expert
AIXpert - AIX Security expertAIXpert - AIX Security expert
AIXpert - AIX Security expertdlfrench
 
Cloud Presentation and OpenStack case studies -- Harvard University
Cloud Presentation and OpenStack case studies -- Harvard UniversityCloud Presentation and OpenStack case studies -- Harvard University
Cloud Presentation and OpenStack case studies -- Harvard UniversityBarton George
 
Thread scheduling in Operating Systems
Thread scheduling in Operating SystemsThread scheduling in Operating Systems
Thread scheduling in Operating SystemsNitish Gulati
 
Presentation on samba server
Presentation on samba serverPresentation on samba server
Presentation on samba serverVeeral Bhateja
 
Linux kernel modules
Linux kernel modulesLinux kernel modules
Linux kernel modulesDheryta Jaisinghani
 
VMware Cloud Foundation - PnP presentation 8_6_18 EN.pptx
VMware Cloud Foundation - PnP presentation 8_6_18 EN.pptxVMware Cloud Foundation - PnP presentation 8_6_18 EN.pptx
VMware Cloud Foundation - PnP presentation 8_6_18 EN.pptxBradLai3
 
Unix Shell Scripting
Unix Shell ScriptingUnix Shell Scripting
Unix Shell ScriptingMustafa Qasim
 
VMware vSphere vMotion: 5.4 times faster than Hyper-V Live Migration
VMware vSphere vMotion: 5.4 times faster than Hyper-V Live MigrationVMware vSphere vMotion: 5.4 times faster than Hyper-V Live Migration
VMware vSphere vMotion: 5.4 times faster than Hyper-V Live MigrationVMware
 
Red Hat Enterprise Linux 8 Workshop
Red Hat Enterprise Linux 8 WorkshopRed Hat Enterprise Linux 8 Workshop
Red Hat Enterprise Linux 8 WorkshopAhmed El-Rayess
 
Storage Requirements and Options for Running Spark on Kubernetes
Storage Requirements and Options for Running Spark on KubernetesStorage Requirements and Options for Running Spark on Kubernetes
Storage Requirements and Options for Running Spark on KubernetesDataWorks Summit
 
Aca2 08 new
Aca2 08 newAca2 08 new
Aca2 08 newSumit Mittu
 
Oracle Managed File Transfer
Oracle Managed File TransferOracle Managed File Transfer
Oracle Managed File TransferJohan Louwers
 
Multi threading models
Multi threading modelsMulti threading models
Multi threading modelsDarakhshanNayyab
 
Setting SLOs and SLIs in the Real World
Setting SLOs and SLIs in the Real WorldSetting SLOs and SLIs in the Real World
Setting SLOs and SLIs in the Real WorldNew Relic
 
Testing real-time Linux. What to test and how
Testing real-time Linux. What to test and how Testing real-time Linux. What to test and how
Testing real-time Linux. What to test and how Chirag Jog
 
Virtual memory
Virtual memoryVirtual memory
Virtual memoryaaina_katyal
 
IBM Spectrum Scale Networking Flow
IBM Spectrum Scale Networking FlowIBM Spectrum Scale Networking Flow
IBM Spectrum Scale Networking FlowSandeep Patil
 
Summary of linux kernel security protections
Summary of linux kernel security protectionsSummary of linux kernel security protections
Summary of linux kernel security protectionsShubham Dubey
 
Inexpensive storage
Inexpensive storageInexpensive storage
Inexpensive storageManfred Furuholmen
 
Ibm aix Online Training
Ibm aix Online TrainingIbm aix Online Training
Ibm aix Online TrainingNagendra Kumar
 

More Related Content

What's hot

Supporting Apache HBase : Troubleshooting and Supportability Improvements
Supporting Apache HBase : Troubleshooting and Supportability ImprovementsSupporting Apache HBase : Troubleshooting and Supportability Improvements
Supporting Apache HBase : Troubleshooting and Supportability ImprovementsDataWorks Summit
 
An introduction to the linux kernel and device drivers (NTU CSIE 2016.03)
An introduction to the linux kernel and device drivers (NTU CSIE 2016.03)An introduction to the linux kernel and device drivers (NTU CSIE 2016.03)
An introduction to the linux kernel and device drivers (NTU CSIE 2016.03)William Liang
 
AIXpert - AIX Security expert
AIXpert - AIX Security expertAIXpert - AIX Security expert
AIXpert - AIX Security expertdlfrench
 
Cloud Presentation and OpenStack case studies -- Harvard University
Cloud Presentation and OpenStack case studies -- Harvard UniversityCloud Presentation and OpenStack case studies -- Harvard University
Cloud Presentation and OpenStack case studies -- Harvard UniversityBarton George
 
Thread scheduling in Operating Systems
Thread scheduling in Operating SystemsThread scheduling in Operating Systems
Thread scheduling in Operating SystemsNitish Gulati
 
Presentation on samba server
Presentation on samba serverPresentation on samba server
Presentation on samba serverVeeral Bhateja
 
VMware Cloud Foundation - PnP presentation 8_6_18 EN.pptx
VMware Cloud Foundation - PnP presentation 8_6_18 EN.pptxVMware Cloud Foundation - PnP presentation 8_6_18 EN.pptx
VMware Cloud Foundation - PnP presentation 8_6_18 EN.pptxBradLai3
 
Unix Shell Scripting
Unix Shell ScriptingUnix Shell Scripting
Unix Shell ScriptingMustafa Qasim
 
VMware vSphere vMotion: 5.4 times faster than Hyper-V Live Migration
VMware vSphere vMotion: 5.4 times faster than Hyper-V Live MigrationVMware vSphere vMotion: 5.4 times faster than Hyper-V Live Migration
VMware vSphere vMotion: 5.4 times faster than Hyper-V Live MigrationVMware
 
Red Hat Enterprise Linux 8 Workshop
Red Hat Enterprise Linux 8 WorkshopRed Hat Enterprise Linux 8 Workshop
Red Hat Enterprise Linux 8 WorkshopAhmed El-Rayess
 
Storage Requirements and Options for Running Spark on Kubernetes
Storage Requirements and Options for Running Spark on KubernetesStorage Requirements and Options for Running Spark on Kubernetes
Storage Requirements and Options for Running Spark on KubernetesDataWorks Summit
 
Oracle Managed File Transfer
Oracle Managed File TransferOracle Managed File Transfer
Oracle Managed File TransferJohan Louwers
 
Setting SLOs and SLIs in the Real World
Setting SLOs and SLIs in the Real WorldSetting SLOs and SLIs in the Real World
Setting SLOs and SLIs in the Real WorldNew Relic
 
Testing real-time Linux. What to test and how
Testing real-time Linux. What to test and how Testing real-time Linux. What to test and how
Testing real-time Linux. What to test and how Chirag Jog
 
IBM Spectrum Scale Networking Flow
IBM Spectrum Scale Networking FlowIBM Spectrum Scale Networking Flow
IBM Spectrum Scale Networking FlowSandeep Patil
 
Summary of linux kernel security protections
Summary of linux kernel security protectionsSummary of linux kernel security protections
Summary of linux kernel security protectionsShubham Dubey
 

What's hot (20)

Supporting Apache HBase : Troubleshooting and Supportability Improvements
Supporting Apache HBase : Troubleshooting and Supportability ImprovementsSupporting Apache HBase : Troubleshooting and Supportability Improvements
Supporting Apache HBase : Troubleshooting and Supportability Improvements
 
An introduction to the linux kernel and device drivers (NTU CSIE 2016.03)
An introduction to the linux kernel and device drivers (NTU CSIE 2016.03)An introduction to the linux kernel and device drivers (NTU CSIE 2016.03)
An introduction to the linux kernel and device drivers (NTU CSIE 2016.03)
 
AIXpert - AIX Security expert
AIXpert - AIX Security expertAIXpert - AIX Security expert
AIXpert - AIX Security expert
 
Cloud Presentation and OpenStack case studies -- Harvard University
Cloud Presentation and OpenStack case studies -- Harvard UniversityCloud Presentation and OpenStack case studies -- Harvard University
Cloud Presentation and OpenStack case studies -- Harvard University
 
Thread scheduling in Operating Systems
Thread scheduling in Operating SystemsThread scheduling in Operating Systems
Thread scheduling in Operating Systems
 
Presentation on samba server
Presentation on samba serverPresentation on samba server
Presentation on samba server
 
Linux kernel modules
Linux kernel modulesLinux kernel modules
Linux kernel modules
 
VMware Cloud Foundation - PnP presentation 8_6_18 EN.pptx
VMware Cloud Foundation - PnP presentation 8_6_18 EN.pptxVMware Cloud Foundation - PnP presentation 8_6_18 EN.pptx
VMware Cloud Foundation - PnP presentation 8_6_18 EN.pptx
 
Unix Shell Scripting
Unix Shell ScriptingUnix Shell Scripting
Unix Shell Scripting
 
VMware vSphere vMotion: 5.4 times faster than Hyper-V Live Migration
VMware vSphere vMotion: 5.4 times faster than Hyper-V Live MigrationVMware vSphere vMotion: 5.4 times faster than Hyper-V Live Migration
VMware vSphere vMotion: 5.4 times faster than Hyper-V Live Migration
 
Red Hat Enterprise Linux 8 Workshop
Red Hat Enterprise Linux 8 WorkshopRed Hat Enterprise Linux 8 Workshop
Red Hat Enterprise Linux 8 Workshop
 
Storage Requirements and Options for Running Spark on Kubernetes
Storage Requirements and Options for Running Spark on KubernetesStorage Requirements and Options for Running Spark on Kubernetes
Storage Requirements and Options for Running Spark on Kubernetes
 
Aca2 08 new
Aca2 08 newAca2 08 new
Aca2 08 new
 
Oracle Managed File Transfer
Oracle Managed File TransferOracle Managed File Transfer
Oracle Managed File Transfer
 
Multi threading models
Multi threading modelsMulti threading models
Multi threading models
 
Setting SLOs and SLIs in the Real World
Setting SLOs and SLIs in the Real WorldSetting SLOs and SLIs in the Real World
Setting SLOs and SLIs in the Real World
 
Testing real-time Linux. What to test and how
Testing real-time Linux. What to test and how Testing real-time Linux. What to test and how
Testing real-time Linux. What to test and how
 
Virtual memory
Virtual memoryVirtual memory
Virtual memory
 
IBM Spectrum Scale Networking Flow
IBM Spectrum Scale Networking FlowIBM Spectrum Scale Networking Flow
IBM Spectrum Scale Networking Flow
 
Summary of linux kernel security protections
Summary of linux kernel security protectionsSummary of linux kernel security protections
Summary of linux kernel security protections
 

Similar to AFS case study

Ibm aix Online Training
Ibm aix Online TrainingIbm aix Online Training
Ibm aix Online TrainingNagendra Kumar
 
VDI storage and storage virtualization
VDI storage and storage virtualizationVDI storage and storage virtualization
VDI storage and storage virtualizationSisimon Soman
 
CNIT 152: 13 Investigating Mac OS X Systems
CNIT 152: 13 Investigating Mac OS X SystemsCNIT 152: 13 Investigating Mac OS X Systems
CNIT 152: 13 Investigating Mac OS X SystemsSam Bowne
 
Disaggregated Container Attached Storage - Yet Another Topology with What Pur...
Disaggregated Container Attached Storage - Yet Another Topology with What Pur...Disaggregated Container Attached Storage - Yet Another Topology with What Pur...
Disaggregated Container Attached Storage - Yet Another Topology with What Pur...DoKC
 
Disaggregated Container Attached Storage - Yet Another Topology with What Pur...
Disaggregated Container Attached Storage - Yet Another Topology with What Pur...Disaggregated Container Attached Storage - Yet Another Topology with What Pur...
Disaggregated Container Attached Storage - Yet Another Topology with What Pur...DoKC
 
CNIT 121: 13 Investigating Mac OS X Systems
CNIT 121: 13 Investigating Mac OS X SystemsCNIT 121: 13 Investigating Mac OS X Systems
CNIT 121: 13 Investigating Mac OS X SystemsSam Bowne
 
Dustin Black - Red Hat Storage Server Administration Deep Dive
Dustin Black - Red Hat Storage Server Administration Deep DiveDustin Black - Red Hat Storage Server Administration Deep Dive
Dustin Black - Red Hat Storage Server Administration Deep DiveGluster.org
 
Introduction to distributed file systems
Introduction to distributed file systemsIntroduction to distributed file systems
Introduction to distributed file systemsViet-Trung TRAN
 
CNIT 152 13 Investigating Mac OS X Systems
CNIT 152 13 Investigating Mac OS X SystemsCNIT 152 13 Investigating Mac OS X Systems
CNIT 152 13 Investigating Mac OS X SystemsSam Bowne
 
SRV401 Deep Dive on Amazon Elastic File System (Amazon EFS)
SRV401 Deep Dive on Amazon Elastic File System (Amazon EFS)SRV401 Deep Dive on Amazon Elastic File System (Amazon EFS)
SRV401 Deep Dive on Amazon Elastic File System (Amazon EFS)Amazon Web Services
 
OSDC 2010 | Use Distributed Filesystem as a Storage Tier by Fabrizio Manfred
OSDC 2010 | Use Distributed Filesystem as a Storage Tier by Fabrizio ManfredOSDC 2010 | Use Distributed Filesystem as a Storage Tier by Fabrizio Manfred
OSDC 2010 | Use Distributed Filesystem as a Storage Tier by Fabrizio ManfredNETWAYS
 
Storage virtualization citrix blr wide tech talk
Storage virtualization citrix blr wide tech talkStorage virtualization citrix blr wide tech talk
Storage virtualization citrix blr wide tech talkSisimon Soman
 

Similar to AFS case study (20)

Inexpensive storage
Inexpensive storageInexpensive storage
Inexpensive storage
 
Ibm aix Online Training
Ibm aix Online TrainingIbm aix Online Training
Ibm aix Online Training
 
IBM-AIX Online Training
IBM-AIX Online TrainingIBM-AIX Online Training
IBM-AIX Online Training
 
IBM-AIX Classroom Training
IBM-AIX Classroom TrainingIBM-AIX Classroom Training
IBM-AIX Classroom Training
 
VDI storage and storage virtualization
VDI storage and storage virtualizationVDI storage and storage virtualization
VDI storage and storage virtualization
 
AFS introduction
AFS introductionAFS introduction
AFS introduction
 
CNIT 152: 13 Investigating Mac OS X Systems
CNIT 152: 13 Investigating Mac OS X SystemsCNIT 152: 13 Investigating Mac OS X Systems
CNIT 152: 13 Investigating Mac OS X Systems
 
Disaggregated Container Attached Storage - Yet Another Topology with What Pur...
Disaggregated Container Attached Storage - Yet Another Topology with What Pur...Disaggregated Container Attached Storage - Yet Another Topology with What Pur...
Disaggregated Container Attached Storage - Yet Another Topology with What Pur...
 
Disaggregated Container Attached Storage - Yet Another Topology with What Pur...
Disaggregated Container Attached Storage - Yet Another Topology with What Pur...Disaggregated Container Attached Storage - Yet Another Topology with What Pur...
Disaggregated Container Attached Storage - Yet Another Topology with What Pur...
 
Hdfs architecture
Hdfs architectureHdfs architecture
Hdfs architecture
 
CNIT 121: 13 Investigating Mac OS X Systems
CNIT 121: 13 Investigating Mac OS X SystemsCNIT 121: 13 Investigating Mac OS X Systems
CNIT 121: 13 Investigating Mac OS X Systems
 
File server-info
File server-infoFile server-info
File server-info
 
Dustin Black - Red Hat Storage Server Administration Deep Dive
Dustin Black - Red Hat Storage Server Administration Deep DiveDustin Black - Red Hat Storage Server Administration Deep Dive
Dustin Black - Red Hat Storage Server Administration Deep Dive
 
Unix File System
Unix File SystemUnix File System
Unix File System
 
Introduction to distributed file systems
Introduction to distributed file systemsIntroduction to distributed file systems
Introduction to distributed file systems
 
CNIT 152 13 Investigating Mac OS X Systems
CNIT 152 13 Investigating Mac OS X SystemsCNIT 152 13 Investigating Mac OS X Systems
CNIT 152 13 Investigating Mac OS X Systems
 
SRV401 Deep Dive on Amazon Elastic File System (Amazon EFS)
SRV401 Deep Dive on Amazon Elastic File System (Amazon EFS)SRV401 Deep Dive on Amazon Elastic File System (Amazon EFS)
SRV401 Deep Dive on Amazon Elastic File System (Amazon EFS)
 
SoNAS
SoNASSoNAS
SoNAS
 
OSDC 2010 | Use Distributed Filesystem as a Storage Tier by Fabrizio Manfred
OSDC 2010 | Use Distributed Filesystem as a Storage Tier by Fabrizio ManfredOSDC 2010 | Use Distributed Filesystem as a Storage Tier by Fabrizio Manfred
OSDC 2010 | Use Distributed Filesystem as a Storage Tier by Fabrizio Manfred
 
Storage virtualization citrix blr wide tech talk
Storage virtualization citrix blr wide tech talkStorage virtualization citrix blr wide tech talk
Storage virtualization citrix blr wide tech talk
 

More from Manfred Furuholmen

Winbind as Identity Management Connector
Winbind as Identity Management ConnectorWinbind as Identity Management Connector
Winbind as Identity Management ConnectorManfred Furuholmen
 
Use Distributed Filesystem as a Storage Tier
Use Distributed Filesystem as a Storage TierUse Distributed Filesystem as a Storage Tier
Use Distributed Filesystem as a Storage TierManfred Furuholmen
 
Managing OpenAFS users with OpenIDM
Managing OpenAFS users with OpenIDMManaging OpenAFS users with OpenIDM
Managing OpenAFS users with OpenIDMManfred Furuholmen
 
Best Practices to create High Load Websites
Best Practices to create High Load WebsitesBest Practices to create High Load Websites
Best Practices to create High Load WebsitesManfred Furuholmen
 

More from Manfred Furuholmen (18)

Pisa
PisaPisa
Pisa
 
Samba4 Introduction
Samba4 IntroductionSamba4 Introduction
Samba4 Introduction
 
Restfs internals
Restfs internalsRestfs internals
Restfs internals
 
Introduction to message_queue
Introduction to message_queueIntroduction to message_queue
Introduction to message_queue
 
Restfs
RestfsRestfs
Restfs
 
Winbind as Identity Management Connector
Winbind as Identity Management ConnectorWinbind as Identity Management Connector
Winbind as Identity Management Connector
 
Use Distributed Filesystem as a Storage Tier
Use Distributed Filesystem as a Storage TierUse Distributed Filesystem as a Storage Tier
Use Distributed Filesystem as a Storage Tier
 
Managing OpenAFS users with OpenIDM
Managing OpenAFS users with OpenIDMManaging OpenAFS users with OpenIDM
Managing OpenAFS users with OpenIDM
 
Afs manager
Afs managerAfs manager
Afs manager
 
Pt server ng
Pt server ngPt server ng
Pt server ng
 
Best Practices to create High Load Websites
Best Practices to create High Load WebsitesBest Practices to create High Load Websites
Best Practices to create High Load Websites
 
Be lazy... make automation
Be lazy... make automationBe lazy... make automation
Be lazy... make automation
 
Disaster recovery
Disaster recoveryDisaster recovery
Disaster recovery
 
Domestic cloud
Domestic cloudDomestic cloud
Domestic cloud
 
Samba management Console
Samba management ConsoleSamba management Console
Samba management Console
 
Link Samba to Cloud Storage
Link Samba to Cloud StorageLink Samba to Cloud Storage
Link Samba to Cloud Storage
 
Samba as a gateway to OpenAFS
Samba as a gateway to OpenAFSSamba as a gateway to OpenAFS
Samba as a gateway to OpenAFS
 
Samba distributed env
Samba distributed envSamba distributed env
Samba distributed env
 

Recently uploaded

Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 

Recently uploaded (20)

Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

AFS case study

  • 1. AFS Case Study Manfred at zeropiu.it EuroBsdCon November 2006
  • 2. Agenda •  Overview •  Basic Concepts •  AFS Servers Type •  Arla Overview •  Best practice •  Planning •  AFS Convention •  Case Study •  Solution •  Architecture •  Result Pagina 2
  • 3. Overview Andrew File System is a distributed file system designed to : •  handle terabytes of data •  handle thousands of users •  working in WAN environment Pagina 3
  • 4. Brief history of a AFS •  1983 Andrew Project started at Carnegie Mellon University (CMU) •  1987 Coda research work begun (based on AFS) •  1988 First use of AFS version 3 First use of AFS outside Carnegie Mellon University •  1988 Institutional File System project at University of Michigan – •  1989 Transarc Corporation founded to commercialize AFS, •  1993 Arla project started at Kungliga Tekniska Högskolan •  1998 Transarc Corporation becomes wholly owned subsidiary of IBM •  2000 IBM releases OpenAFS as OpenSource (IBM License), •  2000 OpenAFS release version 1.0 based on Transarc 3.6 •  2001 OpenAFS release version 1.2 first release with better support of new operating system and fix several memory leak •  2005 OpenAFS release version 1.4 with a lot of new feature •  2005 AFS was discontinued from IBM Pagina 4
  • 5. Basic Concepts •  Transparent Access and Uniform Namespace •  Cell •  Partitions and Volumes •  Mount Points •  Scalability •  Client Caching •  Replication •  Security •  Authentication and secure communication •  Authorization and flexible access control •  System Management •  Single system interface •  Delegation •  Backup Pagina 5
  • 6. Transparent Access and Uniform Namespace •  Cell •  Cell is collection of file servers and workstation •  The directories under /afs are cells , unique tree •  Fileserver contains volumes •  Volumes •  Volumes are "containers" or sets of related files and directories •  Have size limit •  3 type rw,ro,backup •  Mount Point •  Access to a volume is provided through a mount point •  A mount point looks and just like a static directory Pagina 6
  • 7. Scalability •  Cache Manager (Client Side) •  Maintain information about identities users •  Retrieve data from fileserver •  Keeps chunks of retrieved files on local disk (cache) •  Replication •  Frequently accessed data can be replicated (read-only) on several server •  Cache Manager make use of replicate volumes first Pagina 7
  • 8. Security •  Authentication •  Kerberos IV native (kaserver) •  External Kerberos V •  Unique identity •  Encryption communication on data transfer (crypt option) •  Authorization •  Access control list with 7 types permissions •  Groups definition by user Pagina 8
  • 9. System Management •  Single system interface •  Configuration changes can made from any client •  Move volume in transparent way •  On-line upgrade and extend system •  Delegation •  Group delegation •  Admin delegation •  Backup •  Backup volume and file •  Built in backup function •  User direct access (backup mounted) Pagina 9
  • 10. Example write operation client side 1 create file rpc 2 write chunks into cache (interrupted by store_data RPC) 3 read from cache 4 transfer over network 5 write to /vicepXX Pagina 10
  • 11. Example write operation server side 1 Create file 2 Check metadata, permission, quota and return file path 3 write file into /vicepXX 4 Update meta data on server 5 Update db Pagina 11
  • 12. AFS Servers Type •  Fileserver machine •  file storage •  Database server machine •  File and Volume localization •  ACL and groups administration •  Authentication provider •  Binary distribution •  Master server for afs binary (specific architecture) •  System control machine •  Time server •  AFS configuration master Pagina 12
  • 13. AFS Server Process •  Bosserver, system monitor •  Fileserver, serves file •  Volserver, serves volume data •  Vlserver, volume location server •  Kaserver, kerberos IV server •  Ptserver, protection server (group,acl) •  Buserver, backup server •  Upserver •  Update conf •  Update binary Pagina 13
  • 14. Weakness •  File restriction •  Pipes •  Devices files •  Sockets •  Unicode name •  AFS Lock •  Only advisory locks (byte-range locking underway) •  ACL •  Only on directory •  Volume •  Read only •  Manual sync •  Write on close •  Date time operation Pagina 14
  • 15. Arla •  AFS client alternative •  *BSD support •  Disconnected operation Pagina 15
  • 16. Where used ? •  University •  Cmu, Stanford,MIT,KTH(Sweden), Chemitz(Germany), Roma3(italy),… •  Research Labs •  SLAC, DESY,CERN(EUROPE),INFN(ITALY),… •  Companies: •  Intel,Morgan Stanley,Pictage,.. Pagina 16
  • 17. Conventions and Best Practices •  AFS file space layout •  Server planning •  Volume naming and schemas •  Volume replication •  Username schemas •  Partition Filesystem •  Backup planning •  Security consideration •  Client Cache tuning •  AFS limitations Pagina 17
  • 18. Cell Name • Convention •  Company Domain name •  Company Kerberos Realm • Cell name •  Short name (Max size cell is 64 characters) •  Cell name can contain only lowercase characters •  Suitable for different operating system. (Do not include command shell metacharacters). Pagina 18
  • 19. Server planning • Fileserver •  Ratio 200:1 client server (many site today have 1000:1) •  Replica server location •  Big machine vs small machine • Database server •  3 machine for election algorithm (ubik) •  Separate from Fileserver • Update server •  One system • Binary distribution •  One system per architecture Pagina 19
  • 20. Volume naming and schemas • Volume name limit •  Read/write volume names can be up to 22 characters in length •  The .readonly and .backup extensions are reserved word •  root.afs and root.cell name are used for default • Volume naming •  Mount point prefix name (user.manfred) •  Function suffix name Pagina 20
  • 21. Volume layout and replication • Volume •  User have its own volume for simplify load balance operations (move,backup) •  Volume for group of file (binary, documents ..) • Replication is not appropriate for volumes that change frequently • Replicate the root.afs and root.cell most as possible • Backup volume use the same partition (it is a copy of the source volume's vnode index) Pagina 21
  • 22. Username • Username • Characters, which have special meanings to the command shell • The colon ( : ), because AFS reserves it as a field separator in protection group names; • The period ( . ); it is conventional used to identify special username that have administrator capability (ex. manfred.admin ) • AFS UID, 32766, is reserved for the user anonymous. • UID maching, unix uid / AFS uid •  Unix ldap •  NIS •  kerberos ldap backend •  smb Pagina 22
  • 23. Partition Filesystem (inode vs iname) Inode faster •  Dedicated partition •  Special fsck for the system partition •  No journaling file system •  Restore on same filesystem layout (same inode structure) Iname slower •  OS fsck •  Filesystem independent, with advantage of journaling •  The aren’t special requirement for /VicepXX, it could be a mounted filesystem •  Simply restore operation Pagina 23
  • 24. Backup • Native backup system and recovery AFS can be configured to create a full or incremental backup • Volume dump This operation permit to create a binary file with all information of backup volume • Backup system with AFS support • Amanda • Bacula • Other commercial product Pagina 24
  • 25. Security consideration •  User Accounts: •  Kerberos integration with modified login utility •  replace kaserver with Unix Kerberos solution or Windows AD (OpenAFS support basic Kerberos 5 2b protocol) •  including the unlog command in every user's .logout file or equivalent •  Server Machines •  Change the AFS server encryption key on a frequent and regular schedule. •  Particularly limit access to the local superuser root account on a server machine. •  System Administrators •  Create an administrative account for each administrator separate from the personal account •  assign AFS privileges only to the administrative account. •  Set the token lifetime for administrative accounts to a fairly short amount of time. Pagina 25
  • 26. Client Cache •  Cache Size •  single user machine 128MB •  Multi-user machine 1GB/4GB •  Cache partition •  Directory, the partition must grantee enough space •  Disk partition, better performance (Terminal Server) •  Login Integration Pagina 26
  • 27. AFS limitations General Limit • OpenAFS can support a maximum of 104.000 clients per server • tmpfs no work as AFS Cache, (ramdisk work) • Max 255 partition per server (/vicepa-/vicepiv), no limits in partition size • Max 4,294,967,295 volumes per partition (this a limit of VLDB), • Max Volume size is 2TB • Max file limit per directory is 64,000 files (less than 16 characters). Windows Limit • Write-on-close, the changes are synchronized only on close operation • No integration on Microsoft DFS • No support for files greater than 2GB on windows platform ( work in progress). Pagina 27
  • 28. Case Study Italsempione is nowadays the biggest Italian fully indipendent forwarding company covering any service related to transports and logistics with a worldwide agency network. Company: •  Head Quarter in Italy •  16 Branch Office in Italy •  7 branch outside Italy •  400 PC , Windows XX •  150 PC , Linux •  8 Windows NT Domain •  Wide Area Network •  No IT stuff on the branch office Pagina 28
  • 29. Solution •  Primary goals •  Reduce cost of Software License •  Simplify System Administration task. •  Solution •  Thin client replacement, terminal server •  Server Virtualization , VMware •  Storage Virtualization, OpenAFS Pagina 29
  • 30. Architecture Pagina 30
  • 31. Architecture Head Quarter 3 Fileserver Machines • User:Server rate 200:1. • The read-write information volumes are replicated with circular schema • The volumes of binary and programs are replicated on all fileserver. • The fileserver are based on OpenBSD 3.9. 3 Database Servers • installed on the same machine of fileserver 2 Authentication Servers •  Heimdal Kerberos V •  ldap backend (samba, heimdal, unix, profile info) 8 VMmachine • windows terminal server image • Linux terminal server image • OpenBSD network service image Pagina 31
  • 32. Architecture •  Cell name= domain name •  Main Directory tree = country/city/function •  User Directory tree = usr/m/manfred •  User volume •  Volume name Directory usage Volume name User home user.username prefix= mount point User home backup user.username.backup Suffix= function Application apps.applicationname OS Software software.soname •  Volume replication Groups groups.groupname Binary data VMware image image.osname Root volume(afs,cell) Pagina 32
  • 33. Architecture •  Partition •  inode base •  Small partition for quick check •  Odd vicepX for rw volume even for ro volume •  Backup •  Bacula for incremental / total dump •  User backup volume mounted in home dir •  Monitoring •  Zabbix •  AFS monitor and performance Pagina 33
  • 34. Hardware Fileserver /DbServer: • 1GB of RAM, • 3GHz Xeon single processor • 2x36Gb SCSI RAID 1 for operating system partition • 4x 143GB SCSI RAID5 storage (/vicepXX) Authentication server: •  1GB of RAM •  3GHz Xeon single processor •  2x36Gb SCSI RAID 1 for operating system and db backend VMmachine: • 4GB of RAM • 3GHz Xeon dual processor. • 2x36Gb SCSI RAID 1 for operating system and local vmware image. Pagina 34
  • 35. Why OpenBSD •  OpenAFS support •  Porting Server side and client side •  Security level •  Heimdal integration •  AFS emulation •  LDAP backend •  2ab protocol (large kerberos ticket) •  Small and fast •  Stable Pagina 35
  • 36. Consideration • Iron server vs Small server •  small number of inexpensive fileservers (provides equivalent performance) •  inexpensive incremental increase in capacity •  better manageability and redundancy. NFS file sharing vs AFS •  AFS resulted in a 60% decrease in network traffic. •  The server's load decreased by 80% •  task execution time was reduced by 30%. Pagina 36
  • 37. Benefit • Reduced cost • Reduced software costs for 150.000 Euro • Increase performance (Server and Desktop) • Reduced down time • Reduced helpdesk load • Simplify System Administration task •  Improved manageability •  Full disaster recovery protection •  Data accessible from Spain to Singapore with a •  High security level •  Single sign-on Pagina 37
  • 38. Next OpenAFS •  Lock subsystem •  Windows support •  Kerberos V support External project (www.beolink.org) •  Ptserver with ldap backend •  Web interface Pagina 38
  • 39. Reference Install •  bsdcan http://www.bsdcan.org/2006/papers/ •  http://www.public.iastate.edu/~kula/talks/afs-bpw-2005/ afs-bpw-2005-iowa.html Openafs •  www.openafs.org •  http://www.stacken.kth.se/project/arla/ •  http://web.mit.edu/kerberos/www/ •  http://www.pdc.kth.se/heimdal Pagina 39
  • 40. The End Pagina 40