[OpenAFS] Firewall politics and AFS deployment

Todd M. Lewis Todd_Lewis@unc.edu
Tue, 27 Sep 2005 11:23:23 -0400

Simeon Miteff wrote:
> [...]
> Looking at the public CellServDB, I can't help wondering how AFS servers 
> are connected at other universities? Are we overly firewalled?


> Do other HPC centres maintain separate AFS cells for cluster users?


> Any thoughts?

You gain nothing by replicating the 4 NFS domains as 4 AFS cells. As 
long as you're going through the pain of an NFS->AFS transition, go all 
the way. Admining one cell with n users is more that four times easier 
than admining four cells with n/4 users each. AFS lets things scale, so 
take advantage of that.

As for the firewall politics, you obviously have some entrenched 
interests to contend with, but I'd be concerned that UP might be 
creating more problems than it's solving by depending on the firewall. 
I'm sure there are plenty of articulate folks who will argue just the 
opposite, but I usually read "firewall" as "abrogated responsibility". 
But maybe that's a good thing...
   / Todd_Lewis@unc.edu  919-962-5273  http://www.unc.edu/~utoddl /
  /       A gossip is someone with a great sense of rumor.       /