[OpenAFS] OpenAFS speed - some benchmarks

[Russ Allbery]

Derek Atkins <warlord@MIT.EDU> writes:

> So, if it were possible to give each fileserver its own Server Key, one
> that authenticated it to the cell but did not provide any real power
> over other servers (or the cell in general), would that make you happy?

Yes, very.  And I know there was previous discussion of that, and I was
sort of indirectly hinting at my support for that discussion.  :)

> Granted, that opens up a whole can of worms in terms of authenticating
> various operations like volume creation, backup, cloning and
> replication, etc...  It also doesn't help add new users to the cell.

Yes.  But that's okay.  We can provide tools to departments to take care
of all that stuff (well, backup may be interesting, but I'm sure we can
work something out).  That's not a problem, as long as they can maintain
the physical hardware of the file server on their own personal disk.

> Is this a reasonable goal?  Or would it be better to create a much
> easier setup system to reduce the overhead and learning curve of setting
> up a new AFS Cell?  In other words, "run this script and you'll have
> your new cell setup while you hold your breath"?

It's not the setup of the AFS cell so much (although that's certainly an
issue) as it is the issues of cross-realm authentication.  I know that
some other schools do this routinely, but I think it would be a pretty
high learning curve for a lot of our users.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>