[OpenAFS] Some AFS Architectural Questions

Leggett, Jeff jeffrey.leggett@etrade.com
Fri, 27 Oct 2006 13:58:24 -0400

Hi, Sorry if these are covered somewhere, but my Architecture team is
having issues with my proposal to evaluate AFS as part of an
Environmental Segregation project.  We have an issue where we have four
distinct environments, that are basically mirrors of each other.  From
what I am reading, it seems AFS would provide some functionality to
allow us to segregate application environments (in conjunction with
other tools).  Our four environments are:

Dev - Development
SIT - System Integration Testing
UAT - user Acceptance testing
PRD - production

We want to limit developers having access to say UAT and PRD, QA people
from getting into DEV, etc.  Am I completely off-base in thinking that
this is possible?  From what I read, a combination of authentication
mechansisms with AFS ACL's would allow this.  I realize a big piece of
this would be the network segregation part, but it seems like AFS would
go along ways toward letting us maintain a mirrored application arena
for each.  Does this make sense?

My team is rather adamantly opposed to this idea as AFS has a horrible
reputation as a nightmare to integrate.  Has that improved?   I have not
used AFS since my days at IBM in the early 90's (Damn that makes me feel
old to type that).

Anyway, any help or pointers appreciated.

Jeff Leggett
Sr. Staff, Security Architecture, ACE
E*TRADE Financial