[OpenAFS] WAN speed
Thomas Smith
theitsmith@gmail.com
Wed, 21 Mar 2012 17:12:47 -0700
On Mar 21, 2012, at 4:37 PM, jukka.tuominen@finndesign.fi wrote:
>=20
>=20
>> On 21.03.2012 18:09, jukka.tuominen@finndesign.fi wrote:
>>>=20
>>> Hi,
>>>=20
>>=20
>>> All communication must be encrypted.
>>=20
>> Ok, so you have enabled the fs crypt function in OpenAFS?
> Right
>> That feature is about to change with new RX standard, but current =
crypt
>> function is:
>> 1. very insecure
>> 2. very very slow
>> 3. very very CPU hungry
>> Over all: do not use it, more likely try to use VPN.
> Hmmm... How feasible is VPN serving the number of concurrent users the
> OpenAFS is capable of? Integrated to GDM login, seamless =
single-sign-on?
> At least it sounds like I'm better off waiting for the new RX =
standard.
> When is this due?
Our cell is fairly small, but I would say that it all depends on the =
amount of bandwidth you have as well as how well your VPN server is =
configured (and how well it performs).
In my situation, I have a 25/5 cable connection. Attached to this is an =
ASA 5520. I've got nearly a dozen site-to-site VPN tunnels configured =
(all using ASA 5505s) as well as allowing up to 14 VPN clients to =
connect.
Through this one cable connection, there are about 40 local users on the =
Internet all day as well as every remote office (around 50 users =
combined) accessing AFS and a number of Citrix applications. Most use =
the site-to-site VPN tunnels but some users use VPN clients when they're =
traveling. (There is no public access to our servers, so they're =
required to use the VPN.)
99% of our AFS users are Windows, all with crypt enabled (the =
default)--I have yet to hear of a single perform-related issue from any =
user.
We've been operating very well in this configuration for over a year =
now.=