[OpenAFS] AFS design question: implementing AFS over a highly-distributed, low-bandwidth network

Chaz Chandler clc31@inbox.com
Mon, 19 Jan 2009 18:22:36 -0800 

So, in your considered opinion, would it be wiser to go with one cell, put =
up with potential quorum snafus, ensure the clients set their preferred =
server to a local one, and move R/W volumes when users move locations?  Or =
to go with multiple cells, perhaps one as master, and resolving =
ambiguities on a per-volume basis depending on how that volume is intended =
to be used?

> -----Original Message-----
> From: jaltman=40secure-endpoints.com
> Sent: Mon, 19 Jan 2009 19:02:59 -0500
> To: clc31=40inbox.com
> Subject: Re: =5BOpenAFS=5D AFS design question: implementing AFS over a
> highly-distributed, low-bandwidth network
>=20
> Chaz Chandler wrote:
>>>> 2) There is no good AFS-based solution for group shares in this
>>>> scenario.
>>> i don't agree with that, but it depends on your interpretation.
>>=20
>> Ah, good.  What would you recommend?
>=20
> The problem you are facing is that OpenAFS does not support read-write
> replication.  There can only be one instance of a read-write volume at a
> time.  If your model is
>=20
>>>> Further questions:
>>=20
>>>> a) What is the best way to replicate a volume across cells?
>=20
> There isn't a defined mechanism for this and doing so can create some
> problems specific to the attempt to do so.  As far as each OpenAFS cell
> is concerned the volumes are not replicas.  If modifications are made in
> multiple cell instances they will diverge.  It is possible to use one
> cell as a master and from that cell dump volume images that can then be
> pushed into other cells.  However, they should be treated as readonly in
> the alternate cells.
>=20
>>>> b) How would the presence of multiple cells effect the krb5
>>>> infrastructure (currently: one realm, one cell, cell name =3D realm =
name
>>>> =3D
>>>> internal LAN domain name)?
>>> it doesn't have to be. you can have many cells in a realm, for
>>> instance, the sipb.mit.edu, athena.mit.edu, etc cells in the
>>> ATHENA.MIT.EDU realm.
>>=20
>> True, but is it as simple as adding an afs/newcell=40REALM principle and
>> making sure the
>> users get tokens for all cells?
>=20
> Yes.  On Windows the Network Identity Manager provider and/or the
> OpenAFS integrated logon network provider will permit you to automate
> this for your users.
>=20
>>>> c) Are any of the Morgan Stanley volume management system utilities
>>>> available publicly, or are their methods sufficiently documented
>>>> publicly?  All of what I've read about them are from previous
>>>> afsbpw's.
>>>> (ie,
>>>> =
http://workshop.openafs.org/afsbpw08/talks/wed_1/OpenAFS_and_the_Dawn_of_a_=
New_E
>> ra.pdf)
>>> as far as i know none of their tools are distributed at this time.
>>=20
>> Anyone know any Morgan Stanley folks with whom I could chat about this
>> stuff?  Is this
>> something others would be interested in as well?
>=20
> In my opinion, the Morgan Stanley tools are not general purpose.   They
> do what they do but are very specific to the way that Morgan Stanley
> built their infrastructure.
>=20
> Jeffrey Altman

____________________________________________________________
FREE 3D MARINE AQUARIUM SCREENSAVER - Watch dolphins, sharks & orcas on =
your desktop=21
Check it out at http://www.inbox.com/marineaquarium