[OpenAFS] New Cell setup - ideas?

Lars Schimmer l.schimmer@cgv.tugraz.at
Wed, 27 Jan 2010 09:22:38 +0100 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi!

As the other thread is more about limits, I switched to a new thread.

We need a "distributed filestorage" for 20-200 organizations EU wide.
I think about setting up a single OpenAFS cell with a central krb5
server and 3 db servers (managed by the main-admin).
Requirements:
- -organisations save mostly graphics data on that storage
- -data needs to be kept local at the organizations
- -each organization needs the control over access to their files
- -access for the users will be granted via additional "proxy"
- -setup and usage should be transparent to the organizations (e.g. the
organization buys a server, gets a CD, run the CD and it works; for
usage a "organization admin" enters users and groups into a webapp and
it works afterwards).
- -users/departments should be able to make some small subset of the data
available to another department of same/other organization (and revoke
access)
- -no single user (person) should be identified accessing that data by
sharing organization (to see which department is fine, but not the
single persons of the accessing department)

I think about one cell with 1 krb5 server (and replicas) and 3 db
servers. Additional 1+ fileservers per organization and one group per
department.

One cell per organization could be done, to - but it needs far more
admin overhead at the organizations (which are NOT technical
organizations and admin alike, which means lots of training and kinda
"thats to much technical stuff, I do not like it, I do not want it").
It must be easy to manage for the organization - thats why I think one
cell could be best.
Data just needs to be kept at one organization, RW on one partition, RO
on a second, maybe another RO on a 2nd fileserver in the same organizatio=
n.

Right now I see the limit of 20 groups per ACL in a directory as a
problem - but thats a point we could work araound, somehow.

Any other ideas?




MfG,
Lars Schimmer
- --
- -------------------------------------------------------------
TU Graz, Institut f=FCr ComputerGraphik & WissensVisualisierung
Tel: +43 316 873-5405       E-Mail: l.schimmer@cgv.tugraz.at
Fax: +43 316 873-5402       PGP-Key-ID: 0x4A9B1723
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAktf984ACgkQmWhuE0qbFyOzhQCeJ8GIhNmZjTycTyKc2sz1C6jL
3GgAmgPP4XvdEkM8WnqgMX9GcjoTQ+Wb
=3D9i0m
-----END PGP SIGNATURE-----