1

I have some theoretical questions which I'm not clear with, so if someone can explain I would be very grateful, it's related to file systems.

What I want to ask, in a distributed system, if we have file services structured out of a directory service and a flat file service, and then we have some client module which accesses them over interfaces they export (by RPC). So the client module implements functionalities like in UNIX, but flat file and directory services do not have UNIX-like "open" or "close" operations? But can gain access to files immediately by quoting UFID? (I think it's like this, asking for confirmation and reason why it is like that.)

And when talking about distributed file systems, what makes AFS more scalable than NFS?

Dennis Williamson
  • 62,149
  • 16
  • 116
  • 151
Angela
  • 13
  • 3
  • Not sure what you are asking here. Directory Services are only peripherally involved in file systems, such as looking up a username given a file owner's userid. Using library calls, the /etc/nsswitch.conf should direct the library code to the information either locally (files) or in a Directory Service (NIS, LDAP). – kmarsh Nov 18 '09 at 12:51

2 Answers2

1

NFS up to NFS3 has very poor security. NFS4 offers much better security but does not have as much industry acceptance outside of Sun shops. AFS offers built-in kerberos, which is already popular in University environments and therefore a good fit there.

No matter which technology you choose, when you implement a secure distributed file system, you greatly increase the complexity of administration required. NFS3 is much easier than Samba or Windows Server for this reason, and much less secure as well.

kmarsh
  • 3,103
  • 16
  • 22
  • Why was the RPC interface in previous implementations insecure? Is security loophole in version 4 was closed with the encryption? – Angela Nov 18 '09 at 19:53
  • A typical NFS3 server trusts clients (listed by IP) to use the same user id map as the server. Spoofing users is as simple as creating a user on a trusted machine with the same userid. Adding encryption in Version 4 kills performance but the user security issue is actually addressed by an authentication and authorization method. Encryption is to address the network sniffing issue. – kmarsh Nov 18 '09 at 21:49
  • Great, i understand, thank you very much. But what about scalability? Is the AFS more scalable then NFS because it is caching whole files on client nodes? – Angela Nov 18 '09 at 22:36
  • I have no direct experience with AFS, but I've heard that NFS4 is a major reason for its popularity. – kmarsh Nov 19 '09 at 12:54
1

The term "Directory service" probably caused some problems here. What you probably mean is that a distributed file system usually consists of a meta data component, storing the directory and the file metadata information, and a file access service, enabled read and write access to the data. The difference exists in nearly all DFS, but it is pretty clear in systems like CEPH or pNFS.

And the answer is: It depends. On NFS it should be possible to access files directly if you have gained a file handle (similar to an inode) before. NFS has no open or close in the server protocol because it is by design as stateless as possible. In a stateful DFS system, this might be different. Especially if the security is handled by the meta data server (MDS).

And to the AFS vs. NFS question? NFS is pretty scalable. Look at NetApp or Isilon NAS systems, scaling to multiple PB. I haven't heard about a AFS system anything near that. While the caching aspects of AFS are very good for DFS in the area of personal home directories, they aren't a good fit for multimedia data or databases. The stateless NFS design makes it much easier to scale it.

P.S. I still don't understand why this question was migrated to serverfault.com. I understand this question as a filesystem design question and that is a stackoverflow thing. Why do people migrate everything related to filesystems? P.P.S. Sorry, can point to some useful sites here, because serverfault.com allows only a single hyperlink for new users.

dmeister
  • 195
  • 5