[OpenAFS-devel] Re: [OpenAFS] OpenAFS.org web site design project

Jeffrey Altman jaltman@secure-endpoints.com
Thu, 13 Nov 2008 09:55:07 -0700 

Doug Hirsch wrote:
> Jeffrey,
> 
> What's the winning formula of information to put in front of my CIO's
> team?  I'm trying to figure that out!  I think our organization would
> be well served to have a trustworthy uniform ubiquitous file space,
> with provisions for both common administration and separation of
> domains to meet individual projects' needs.  The biggest challenge is
> building the trust that
> 
> - the technology works and is relevant to real corporate IT problems
> - it won't become a hole in our security infrastructure
> - it will not turn into an administrative nightmare
> - the technology can be installed without an overwhelming investment
> 
> Our particular environment is like a university in that there are
> separate departments with separate projects and budgets.  It's unlike
> a university in the very limited budget for common facilities.  

In many if not most Universities the central IT budget is very limited
except for authentication, e-mail and the web.  Everything else is
controlled by departments.  Your situation is very similar.

> I'm
> trying to make the case that, like the physical building, ubiquitous
> data storage will provide a flexible platform which will enable each
> project to focus more on its specialty and less on system
> administration, while I don't want to trigger the defense mechanisms
> of each project who don't want to lose control over their unique
> computing environments.  To a certain extent, I see this exercise like
> a campaign to explain to a bunch of people who've been living in tents
> and have never seen a building why they might find it expedient to
> build a building together.  Of course, I'm not an architect, nor do I
> play one on television...

One approach would be a common central authentication system (Kerberos
v5) and then provide each department their own cell that they can have
administrative control over.

---

Back to the question of the web site.  Perhaps an approach is to provide
a variety of organizational scenarios and how AFS can be configured and
managed to address them.

We would need the community to come together to help write both the
scenarios and the solutions.

Jeffrey Altman