[OpenAFS] OpenAFS speed - some benchmarks
Paul Blackburn
mpb@acm.org
Wed, 25 Jun 2003 21:13:12 +0100
Russ Allbery wrote:
>Rodney M Dyer <rmdyer@uncc.edu> writes:
>
>
[stuff deleted]
>
>
> I believe this is not the case with NFSv4, which
>would allow a department with a grant to throw up their own NFSv4 server,
>have referrals inserted at the right place in a global namespace, and be
>off and running without compromising the security of the whole
>infrastructure if their system is broken into.
>
>
>
Hmmm, interesting.
It sounds like you are prepared to accept that that, say, the Chemistry
faculty may budget
and pay for their own hardware, support, and administrators for their
NFSv4 server
(to heck with the other departments :-) AND you are prepared for them
to establish such a service
in a not-secure way because you don't care if their NFSv4 server is
compromised.
Hey, it's the chemistry faculty's problem!
I have to point out that a "favorite game" of the folks who are trying
to compromise your
systems is to "own" whatever machines they can in order for these to be
used for whatever
whim they have.
That whim is usually applying this same game to machines on the LAN.
(which is probably closer to your machines than you may think.)
So you see, it is a good idea to care what the faculties are doing when
they
"throw up their own NFSv4 server".
It is probably an even better idea to pool your resources and skills
to securing servers
for your whole site.
--
cheers
paul http://acm.org/~mpb