[OpenAFS] New Cell setup - ideas?
Wed, 27 Jan 2010 09:22:38 +0100
-----BEGIN PGP SIGNED MESSAGE-----
As the other thread is more about limits, I switched to a new thread.
We need a "distributed filestorage" for 20-200 organizations EU wide.
I think about setting up a single OpenAFS cell with a central krb5
server and 3 db servers (managed by the main-admin).
- -organisations save mostly graphics data on that storage
- -data needs to be kept local at the organizations
- -each organization needs the control over access to their files
- -access for the users will be granted via additional "proxy"
- -setup and usage should be transparent to the organizations (e.g. the
organization buys a server, gets a CD, run the CD and it works; for
usage a "organization admin" enters users and groups into a webapp and
it works afterwards).
- -users/departments should be able to make some small subset of the data
available to another department of same/other organization (and revoke
- -no single user (person) should be identified accessing that data by
sharing organization (to see which department is fine, but not the
single persons of the accessing department)
I think about one cell with 1 krb5 server (and replicas) and 3 db
servers. Additional 1+ fileservers per organization and one group per
One cell per organization could be done, to - but it needs far more
admin overhead at the organizations (which are NOT technical
organizations and admin alike, which means lots of training and kinda
"thats to much technical stuff, I do not like it, I do not want it").
It must be easy to manage for the organization - thats why I think one
cell could be best.
Data just needs to be kept at one organization, RW on one partition, RO
on a second, maybe another RO on a 2nd fileserver in the same organizatio=
Right now I see the limit of 20 groups per ACL in a directory as a
problem - but thats a point we could work araound, somehow.
Any other ideas?
TU Graz, Institut f=FCr ComputerGraphik & WissensVisualisierung
Tel: +43 316 873-5405 E-Mail: firstname.lastname@example.org
Fax: +43 316 873-5402 PGP-Key-ID: 0x4A9B1723
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----