[OpenAFS] performance stats

David Bear David.Bear@asu.edu
Fri, 28 Sep 2007 16:39:12 -0700


On Fri, Sep 28, 2007 at 05:50:22PM -0400, Jason Edgecombe wrote:
> David Bear wrote:
> > I think this gets beaten every six months, but I wonder if there are
> > My assumptions are the afs should perform better becuase
> > 1) we don't need to tunnel through a vpn 
> > 2) cache manager should make these work better over a WAN where we
> > don't control the end to end bandwidth -- i.e. over the commodity
> > internet.
> >
> > Since we need to support roaming faculty that connect in hotel
> > lobbies, conferences, etc., we need something that is going to be
> > fairly tolerant of changing network conditions.
> >
> >   
> Hi,
> 
> Don't throw away that VPN just yet. If you need your file sharing
> traffic to be strongly encrypted, then you should continue to use a VPN.
> Authentication for access uses kerberos which is top notch, but file
> traffic encryption is abysmal. Some diligent people are working on
> improving the encryption, but it's not ready yet. If you're not worried
> about traffic sniffers and just want authenticated file access, then
> OpenAFS will fit the bill nicely.
> 

the checkpoint software we use for vpn is horrible. It stops suddenly,
frequently, for no apparent reason, has lousy support (there is no OSX
client) and slows most everything else down. 

I think in our threat model -- the fcrypt encryption is good enough.
Chances are much greater that someone could get a keystroke logger
installed through some idiotic ocx when they visit a web page.

> I'm just saying that you will need to keep using the VPN in the short
> term if your want file traffic encrypted with AFS.
> 
> Sincerely,
> Jason

-- 
David Bear
phone: 	602-496-0424
fax: 	602-496-0955
College of Public Programs/ASU
University Center Rm 622
411 N Central
Phoenix, AZ 85007-0685
 "Beware the IP portfolio, everyone will be suspect of trespassing"