[OpenAFS] Trying to figure out how to work this

Neulinger, Nathan nneul@umr.edu
Wed, 31 Jul 2002 14:32:05 -0500


You wouldn't even have to do that... Put some servers internal - and put
"internal only" volumes on those servers. DMZ servers would contain
volumes that could be accessed from outside.

Not sure exactly what would be required for the kaserver, but you could
probably put some inside, or all in the DMZ.

-- Nathan

------------------------------------------------------------
Nathan Neulinger                       EMail:  nneul@umr.edu
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216


> -----Original Message-----
> From: Derek Atkins [mailto:warlord@MIT.EDU]=20
> Sent: Wednesday, July 31, 2002 2:25 PM
> To: Chris Snyder
> Cc: openafs-info@openafs.org
> Subject: Re: [OpenAFS] Trying to figure out how to work this
>=20
>=20
> There is not an easy way to synchronize in this manner,
> certainly not in any automatic function.  AFS Cells are
> autonomous units, and do not communicate.  For example,
> there is no way for a user to change their password in
> _both cells_ at once, and if they change it in one cell
> there is no way for that change to propagate to the
> other.
>=20
> Question: Why don't you just run one cell in the DMZ that is
> accessed from both the DMZ and the internal network?  Clearly
> you can get from the internal network to the DMZ.  What is
> the purpose of having two cells?
>=20
> -derek
>=20
> Chris Snyder <csnyder@mvpsoft.com> writes:
>=20
> > I'm trying to figure out how I should go about setting=20
> OpenAFS for my
> > network.  Here's my network configuration:
> >=20
> > There are two domains on this network - mvpsoft.internal and
> > mvpsoft.servers.  Mvpsoft.servers is behind a NAT firewall, and
> > mvpsoft.internal is behind a firewall that is on mvpsoft.servers,
> > which gives it an additional level of security.  Computers on
> > mvpsoft.internal are not accessible by mvpsoft.servers, but boxes on
> > mvpsoft.servers are accesible from mvpsoft.internal. =20
> Mvpsoft.servers
> > is our DMZ, containing web, mail, DNS, etc. servers.
> >=20
> > I'm going to have two AFS cells - mvpsoft.internal, and
> > mvpsoft.servers, hosted on servers on the domains that=20
> match the cell
> > names. Mvpsoft.internal will be primarilly for user file storage,
> > while mvpsoft.servers will have some user file storage (mainly from
> > telecommuters), and will also have our web server files.
> >=20
> > I'd like to have user data synchronized between the two cells.  Is
> > there an easy way to do this automatically?  My goal is to=20
> have users
> > be able to use their usernames and passwords transparently from any
> > computer on the network.  Is this possible?  Thanks in advance.
> >=20
> > _______________________________________________
> > OpenAFS-info mailing list
> > OpenAFS-info@openafs.org
> > https://lists.openafs.org/mailman/listinfo/openafs-info
>=20
> --=20
>        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>        Member, MIT Student Information Processing Board  (SIPB)
>        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>        warlord@MIT.EDU                        PGP key available
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>=20