[OpenAFS] Re: OpenAFS vs Vista

Wed, 29 Nov 2006 02:21:01 -0500

This is a cryptographically signed message in MIME format.

--------------ms090203070608000402050108
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Here is an update to my e-mail of 7 November 2006:

I have been working closely with Microsoft for the last several weeks
and I believe that we have developed an acceptable solution that OpenAFS
can deploy now to enable the AFS Client Service to survive a Vista
standby/suspend operation without resulting in a panic.  The new code
only works on Vista and is activated based upon a run time check.

The basis of the code change is that upon receipt of a standby/suspend
power management event, the AFS client service releases all of its
network resources.  Then when the AFS client service is notified to
resume it will strive to re-obtain the necessary network resources.

This results in some behavioral changes:

(1) file handles and CIFS sessions do not survive a system suspension
    as they did on earlier Windows platforms

(2) I have noticed significant delays ranging from 30 seconds to 120
    seconds for the power management events to be delivered and the
    network resources to be acquired after Vista is resumed.  During
    this time period, the AFS client service will not be available.
    Attempts to update the token list or re-establish open file
    handles will fail.

As indicated in the 7 Nov 2006 e-mail, the long term solution to a
stable AFS client on Windows is the replacement of the SMB gateway
with a native file system driver.  In the meantime, it is my hope that
users will find the forthcoming functionality satisfactory.

There are some other issues related to new security model in Vista
that users must be aware of.  Applications such as the AFS System
Tray tool that mix end user and administrator functionality will no
longer successfully be able to perform the administrator functions.
For example, it is no longer going to be possible to start/stop the
AFS client Service from the System Tray tool.  In addition, it will
no longer be possible to alter the service configuration from the
AFS Control Panel without first performing a "Run as: Administrator"
operation.

These applications will have to be re-written to separate the end
user and administrator functions.  The administrator functions will
need to wrapped in code that triggers a separate administrator
process or COM object to perform the operation.  Organizations that
are interested in contributing to see this work completed are encouraged
to contact me off list.

Jeffrey Altman
Secure Endpoints Inc.

Jeffrey Altman wrote:
> I want to provide you with an update on OpenAFS compatibility and
> Windows Vista.  A couple of months ago a bug was discovered in the
> Vista NetBIOS stack that would cause OpenAFS to crash anytime the
> operating system was placed into "Standby" mode.   Microsoft took
> the bug seriously and fixed it.  Unfortunately, the produced instability
> in other areas of the operating system and Microsoft was forced to
> pull the fix.  Therefore, the final Vista release that will be made
> publicly available in January is going to cause existing OpenAFS
> versions to crash.
> 
> As far as I can tell there is no work around to avoid the problem.
> Microsoft has had an engineer working on the problem for a couple of
> weeks without success.
> 
> Microsoft is committed to fixing this bug for Vista SP1.  Once a fix
> is available they will most likely make a QFE available to customers
> that have support contracts.
> 
> This has left OpenAFS in an awkward situation until a fix is available.
>  The best that I believe I can do is cause OpenAFS to gracefully
> shutdown when this error condition is detected.  The benefit of a
> graceful shutdown is that the data stored in the cache will be
> preserved.   However, if there were applications with files open within
> AFS at the time of Vista entering "Standby" mode, these files would not
> be available when the Operating System restarts.
> 
> It is my hope that Microsoft will allow OpenAFS to distribute the QFE
> (when available) as part of the OpenAFS installers.  If so, the majority
> of the damage can be avoided.
> 
> The long term solution is clear.  The OpenAFS community needs to move
> away from the SMB Gateway model and replace it with a native Network
> Provider / File System Filter model.  Completing this work in such a
> way that it is portable across Windows 2000 SP4 through Vista and
> works on both 32-bit and 64-bit operating systems is going to be time
> consuming and expensive.  I hired a Windows file system and kernel
> driver developer to review the work that has already been done and
> help design an architecture that can support all of the required
> platforms for the next ten years.  We believe that this work can be
> accomplished over a period of ten months provided that the necessary
> financial resources ($250,000 - $300,000) can be acquired.
> 
> The long term benefits of getting rid of the SMB gateway are:
> 
> (1) the use of the Microsoft Loopback Adapter will no longer be required
> 
> (2) all of the problems associated with the CIFS client timeout issues
>     will be removed.   this will not only improve performance but will
>     solve all of the "delayed write" and "network path no longer
>     available" errors.
> 
> (3) performance gains.  There is significant time delays and CPU
>     load added to each transaction as a result of the CIFS client and
>     SMB server both involving the SMB/NetBIOS/TCP/IP stack.
> 
> If your organization is in a position to assist us in financing this
> work, please contact me off-list.
> 
> Jeffrey Altman
> OpenAFS Gatekeeper/Elder
> 
> 
> 

--------------ms090203070608000402050108
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJeTCC
AxcwggKAoAMCAQICEBW00lKwoWJXt8wbmTl1M0kwDQYJKoZIhvcNAQEEBQAwYjELMAkGA1UE
BhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMT
I1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA2MDUyNzIyMDMzMloX
DTA3MDUyNzIyMDMzMlowczEPMA0GA1UEBBMGQWx0bWFuMRUwEwYDVQQqEwxKZWZmcmV5IEVy
aWMxHDAaBgNVBAMTE0plZmZyZXkgRXJpYyBBbHRtYW4xKzApBgkqhkiG9w0BCQEWHGphbHRt
YW5Ac2VjdXJlLWVuZHBvaW50cy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC19SD7DncCP/+wfQlLzAAcxf1nJ/7UQgh4o/nxzvuY55XwHdLQjqWuFUnM5vecfyZKwq0o
fGCucDfcQbSIrkhHD9z4TZ8vDaYWVY9Foz8Rp8G0PNdbRFoFtfJbaeVBX5hG3aQXIc/T1b9U
8uN3kLyqXAFIGWKO8DJVGTKKtOiPVOp1U+9CwujyYmUSKF+suutKABhhK1ZGHsTnFczLZ2g0
ma0H7PiFJ2kLfOf///07E1fbr4IRb+cd87kpWLcjtEZ0rbBr9HlOy9dkeEii/qFoo1ahfKCD
A9bNErMiOXA3dudaNNzXlN/70slq5fboBXbepamJGrsnXYcCsS9+LtCTAgMBAAGjOTA3MCcG
A1UdEQQgMB6BHGphbHRtYW5Ac2VjdXJlLWVuZHBvaW50cy5jb20wDAYDVR0TAQH/BAIwADAN
BgkqhkiG9w0BAQQFAAOBgQDBzWhkrW+ol3iyT1rV8ZBQB0+z/6dFH3djQfNf7jDXNoXx4Vbo
pA7BAR4ihAPibv7j7ZaxmyMxWiDACRGS934uvUS0K6L6q14hTWMostJgFsAEDArrmbrES03v
L3EVETiGFqTB2sLp5MLc6+z+72pLXRuDPL3lO2GOQuBbILswRzCCAxcwggKAoAMCAQICEBW0
0lKwoWJXt8wbmTl1M0kwDQYJKoZIhvcNAQEEBQAwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoT
HFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25h
bCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA2MDUyNzIyMDMzMloXDTA3MDUyNzIyMDMzMlow
czEPMA0GA1UEBBMGQWx0bWFuMRUwEwYDVQQqEwxKZWZmcmV5IEVyaWMxHDAaBgNVBAMTE0pl
ZmZyZXkgRXJpYyBBbHRtYW4xKzApBgkqhkiG9w0BCQEWHGphbHRtYW5Ac2VjdXJlLWVuZHBv
aW50cy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC19SD7DncCP/+wfQlL
zAAcxf1nJ/7UQgh4o/nxzvuY55XwHdLQjqWuFUnM5vecfyZKwq0ofGCucDfcQbSIrkhHD9z4
TZ8vDaYWVY9Foz8Rp8G0PNdbRFoFtfJbaeVBX5hG3aQXIc/T1b9U8uN3kLyqXAFIGWKO8DJV
GTKKtOiPVOp1U+9CwujyYmUSKF+suutKABhhK1ZGHsTnFczLZ2g0ma0H7PiFJ2kLfOf///07
E1fbr4IRb+cd87kpWLcjtEZ0rbBr9HlOy9dkeEii/qFoo1ahfKCDA9bNErMiOXA3dudaNNzX
lN/70slq5fboBXbepamJGrsnXYcCsS9+LtCTAgMBAAGjOTA3MCcGA1UdEQQgMB6BHGphbHRt
YW5Ac2VjdXJlLWVuZHBvaW50cy5jb20wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOB
gQDBzWhkrW+ol3iyT1rV8ZBQB0+z/6dFH3djQfNf7jDXNoXx4VbopA7BAR4ihAPibv7j7Zax
myMxWiDACRGS934uvUS0K6L6q14hTWMostJgFsAEDArrmbrES03vL3EVETiGFqTB2sLp5MLc
6+z+72pLXRuDPL3lO2GOQuBbILswRzCCAz8wggKooAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAw
gdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUg
VG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRp
b24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFp
bCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0w
MzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxU
aGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwg
RnJlZW1haWwgSXNzdWluZyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV
+065yplaHmjAdQRwnd/p/6Me7L3N9VvyGna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfAr
hVqqP3FWy688Cwfn8R+RNiQqE88r1fOCdz0Dviv+uxg+B79AgAJk16emu59l0cUqVIUPSAR/
p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCBkTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8
MDowOKA2oDSGMmh0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVtYWls
Q0EuY3JsMAsGA1UdDwQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxh
YmVsMi0xMzgwDQYJKoZIhvcNAQEFBQADgYEASIzRUIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/
TCG4+DYfqi2fNi/A9BxQIJNwPP2t4WFiw9k6GX6EsZkbAMUaC4J0niVQlGLH2ydxVyWN3amc
OY6MIE9lX5Xa9/eH1sYITq726jTlEBpbNU1341YheILcIRk13iSx0x1G/11fZU8xggNkMIID
YAIBATB2MGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5
KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIQ
FbTSUrChYle3zBuZOXUzSTAJBgUrDgMCGgUAoIIBwzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcN
AQcBMBwGCSqGSIb3DQEJBTEPFw0wNjExMjkwNzIxMDFaMCMGCSqGSIb3DQEJBDEWBBTVakYq
mRlJaYfDwfDKC30B/eJ+CzBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3
DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDCBhQYJKwYB
BAGCNxAEMXgwdjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcg
KFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3Vpbmcg
Q0ECEBW00lKwoWJXt8wbmTl1M0kwgYcGCyqGSIb3DQEJEAILMXigdjBiMQswCQYDVQQGEwJa
QTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhh
d3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECEBW00lKwoWJXt8wbmTl1M0kwDQYJ
KoZIhvcNAQEBBQAEggEAQPtJF29gzn+bK6ViYchXbojK41gRLVe3y6lYtu9wYiba/NjPbqY0
tb085u40eDGsEHseB4M23OS2xdeCutXES+aqDD1dXCpjqu79aK0cA1pNbMVpv5ixytNt3BJ7
5Z7+U4UXWLrKMqvAY5f09e+VPEd7Zn4Sikeub72L/AV6SkM0cLCnxlo4ZPsHnFzGI/dcI8Qx
2Di/cXnOYcDY1KLIRhVPTrIkf/sqa7Cs49e7HMpTfCQ1k8SqslA6NA6H+khXvlb2OB22mluC
M45VMWCfVpkNTAE19Y7IC9++dh5/JFrng3cHmd8ZYnHW4p3wqS7L6egmfTblunnJv3mXDO+U
ywAAAAAAAA==
--------------ms090203070608000402050108--