[OpenAFS] New Cell setup - ideas?

Harald Barth haba@kth.se
Wed, 27 Jan 2010 09:46:36 +0100 (CET)


You may want to think through how you manage the pts entries, how you
add and subtract users / groups. If you need or have another
infrastructure for that anyway, you could easily push to that data
to pts. And then it does not matter if you push it to one or 20 cells.
(or not pushing but with a backend to pts)

Because of the security implications I would go for several cells.
Then you only have a "security disaster" if someone gets your KDC,
not if someone gets one site.

> It must be easy to manage for the organization - thats why I think one
> cell could be best.

You need to do some preconfigured shipping anyway, if you automate the
generate boot CD process it does not matter much if you need to add a
new cellname and security KeyFile in that process.

> Data just needs to be kept at one organization, RW on one partition, RO
> on a second, maybe another RO on a 2nd fileserver in the same organization.

Sounds like different cells to me.

Harald.