||Home||Switchboard||Unix Administration||Red Hat||TCP/IP Networks||Neoliberalism||Toxic Managers|
|(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and bastardization of classic Unix|
|News||See also||Recommended Links||Unix filesystems||Network File System (NFS)||Samba||
|Loopback filesystem||Proc Filesystem||RAM Disks||History||Humor||Etc|
Science is facts; just as houses are made of stones, so is science made of facts; but a pile of stones is not a house and a collection of facts is not necessarily science.
-- Henri Poincaire
Filesystems is a very interesting area, one of the few areas in Unix where new algorithms still can make a huge difference in performance.
Network filesystems are special subclass of distributed file systems. They allows access to files from multiple hosts via an IP network. This makes it possible for multiple users on multiple machines to share files and storage resources.
A common performance measurement of a network file system is the amount of time needed to satisfy service requests. In conventional systems, this time consists of a disk-access time and a small amount of CPU-processing time. But in a network file system, a remote access has additional overhead due to the distributed structure. This includes the time to deliver the request to a server, the time to deliver the response to the client, and for each direction, a CPU overhead of running the communication protocol software. The performance of a network file system can be viewed as one dimension of its transparency; to be fully equivalent, it would need to be comparable to that of a local disk.
Concurrency control becomes an issue when more than one person or client are accessing the same files and want to update it. Hence updates to the file from one client should not interfere with access and updates from other clients. Concurrency control or locking may be either built into the file system or be provided by an add-on protocol.
[Aug 19, 2000] Opensource.html IBM announces AFS as an open source product under the IBM Public License
|Re:you probably don't want
by jlrobins_uncc (email@example.com) on Thursday August 17, @05:55PM EDT (#113)
(User #136569 Info) http://www.cs.uncc.edu/~jlrobins/
|AFS makes great sense for Web server farms
and/or mirrors of the same site across a WAN such as the Internet
(think an east coast site and a west coast site). Just edit the
file and pow, a server -> client callback notifies any clients caching
the file that they need to refetch.
Couple this with having the content in a read-only replicated volume, then go ahead and update many files, get your new site look-and-feel redone, then once your happy with it, release the read/write volume for replication, and pow -- one atomic transaction to all of the mirroring servers on the WAN!
Mabye this is why AFS is a major component of IBM's Websphere
platform. All of this, currently working like a champ, and it'll
be free and open source!
|Why this has so much potential
for good. (Score:4, Insightful)
by jlrobins_uncc (firstname.lastname@example.org) on Thursday August 17, @05:47PM EDT (#111)
(User #136569 Info) http://www.cs.uncc.edu/~jlrobins/
|AFS is a very stable, tested, enterprise filesystem.
It offers the following features:
Now, it's not a perfect product, but it is way cooler than vanilla NFSv2 or NFSv3, especially on the server-side management side of things. It doesn't do disconnected operation (which CODA strives to do), byte-range locking, strict UNIX file semantics (data most recently written == data viewiable by all file handles to that file), or Kerberos 5, but it is a far simpler system to get running than DCE, which does address some of those issues.
One would hope to see the following things from this open sourcing:
If the MacOS X client happens, then there will be a secure, scaleable enterprise filesystem for the three major computer platforms -- Wintel, UNIX, and Mac, and it'll even be freely available! I don't believe that there are any products available today that offer secure, robust support for all three platforms (and no, I don't consider protocol translators, such as Samba or CAP, which require you to set up the clients to use cleartext passwords over the wire to authenticate (not to downplay in any way the role of either technology -- it's not their fault that you've got to set up the clients in that fashon to interoperate with AFS as it is now), or using NFSv2 or v3 on the UNIX end to talk to something like Novell 5 (which, AFAIK, doesn't talk at all to Macs anymore)).
This will give us one protocol on the wire, multiple server-side implementations (interoperable in the same cell!), multiple client-side implementations, WAN scalability, and secure authentication. A good day for the world!
|As one of the architects
designing DFS in IBM (Score:4, Interesting)
by gelfling on Thursday August 17, @08:06PM EDT (#128)
(User #6534 Info)
|We've always had a hard time selling DFS internally.
In fact we've stopped trying to do that because there weren't enough
internal customers. The hurdle costs were too high the skills were
hard to find and expensive and customers still wanted SMB shares
via Samba which drove the cost even higher. The client side DCE
licence costs drove Samba since the per client cost was $65/seat
in bulk. AFS as open source can only be a good thing since we can
always find someone to pick up the development and maintenance and
foregoing DCE-Kerberos is really not that big a deal from an internal
perspective. In our environment the challenge was to collapse hundreds
of LanServer domains. DFS or AFS fit the bill and the cost dynamics
work very well compared to staffing 1 headcount/25-35 servers in
the LanServer world. The problem anyone will find though is backup
and storage management. butc or buta just don't scale very well
even with multiple replicas of the fldb core so whoever tries to
manage this, as we did, will be forced to write extensions to their
storage management code, as we did with ADSM. Also you will find
that Samba doesn't scale nearly as well as you want with only a
few hundred accounts on a Samba server even if it sits on a huge
Unix machine. This leaves you will a few hundred or more SMB gateways
if you try to scale up to the huge numbers we did.
Once again AFS open source can only be a good thing - it will propagate
a great technology into large sites where they would shied away
from it previously.
|[ Reply to This | Parent ]|
Articles IBM Open Sourcing AFS
AFS semantics are very different from UNIX file system semantics: permissions are associated with directories only, access is determined only by the containing directory, if multiple clients modify the same file, updates are lost, you can't have any special files in an AFS file system, etc. AFS uses its own authentication, it doesn't work well for big files, it always requires extra work to get it to work with daemons, and it has severe problems for scientific compute clusters. IBM has long ago moved onto DFS (unrelated to Microsoft DFS), which fixes many of the problems of AFS (but is itself big, even more complex than AFS, and hard to administer). Many places are trying to get rid of AFS because it's just too much of a hassle to run it (and converting back to a UNIX file system isn't easy because AFS encourages permissions and ACLs to mushroom unnecessarily).
AFS may be acceptable for specific applications (in fact, what it was designed for originally): a large untrusted user population, dedicated system management staff, and smallish files and problems (text file editing, small programming jobs). But for many environments where Linux is used--big software development projects, web servers, scientific computing, home networking--it just doesn't seem like a good fit.
If it's the security you care about, NFSv4 might be for you, although it clearly also has some problems. If you want something AFS-like, Coda might be an option (but I don't know how mature it is yet). MFS and GFS are options for compute clusters. Maybe we can get 9P or Styx up on Linux.
Re:you probably don't want AFS (Score:2, Informative)
(User #125105 Info) http://www.cae.wisc.edu/~gerdts
The problems you mention with "not working well with daemons" is likely related to the fact that it uses Kerberos IV. If the daemon needs to have more access to AFS directories than you are willing to give to any other user on the system, there is a lot of work to do.
Specifically, you need to stash a password away such that the daemon can authenticate and periodically reauthenticate so that it does not lose the rights that it has.
AFS does allow you to have ACL's based on IP address. As such, if you are running a daemon on a machine than only system administrators have access to, it may not be a big deal to allow everyone on that machine to write to a directory. Other machines, though, may have read-only or no access to the directory.
NFS 4 will have the same problem, as a requirement for it is that Kerberos V is supported as an authentication mechanism. If you don't give world write to a file/directory, then you cannot write to it without a kerberos V ticket.
Too little, too late? (Score:4, Insightful)
(User #131596 Info)
As someone who has worked with AFS for the past 8 years, I have to say that I greet this announcement with a somewhat more pessimistic view.
Namely: AFS is now officially dead.
I say "officially" because, IMO, AFS is already dead, and has been for years (ever since Transarc (now IBM Transarc Labs, but I'll refer to them as Transarc for brevity)) came out with DCE/DFS, really).
Oh, there were bouts of heavy maintenance and limited development. These periods were inevitably precipitated by Transarc's AFS customers becoming vocal and complaining. But when the complaints died down, so did Transarc's commitment.
Transarc has never treated AFS like a real product. Their "development" efforts have been limited to ports to new versions of the same operating systems, a few ports to new architectures, bugfixes, and very limited feature additions (mostly backports from DFS).
In fact, this year has seen Transarc's AFS support sink to a new low. From what I've been able to garner, all AFS development is being outsourced to India. Responses from Transarc's AFS hotline support (a support service which customers purchase!) have been inept. There was no Decorum (Transarc's yearly AFS conference) this year, nor even an announcement concerning it. It's been ages since anyone from Transarc has posted on the AFS mailing list.
So, why is Transarc (now IBM Transarc labs) open-sourcing AFS? For one simple reason: AFS is IBM's red-headed stepchild, and they don't know what else to do with it.
If you read the announcement at http://www.transarc.com/News/pre ss/opensource.html, you'll note this entry in the FAQ:
Is IBM still investing in AFS?
Yes. IBM recognizes that many of our customers will still want a commercially-supported version of AFS IBM AFS. IBM/Transarc will still sell, maintain, port (to new versions of currently-supported OS), support, and provide minor enhancements to "IBM AFS".
Good software grows or dies. AFS died a long time ago. I, personally, think this is tragic, because AFS had great potential. But Transarc never made a long-term commitment to anything other than keeping it on life support. Perhaps it can be resuscitated back to health, but I can't help but wonder if the Open Source community's effort would be better spent towards other distributed filesystems efforts, such as CODA (which I admittedly haven't investigated, but plan to).
Re:you probably don't want AFS (Score:1)
by Tower (/dev/whoop-ass) on Thursday August 17, @04:55PM EDT (#89)
(User #37395 Info)
Actually, both AFS and DFS are in use here at IBM (and at every other site I've vistited... no AFS on the windows boxen, but everyone using the RS/6ks seems to prefer AFS... Personally, I prefer the ACLs of AFS to traditional permission structures, and they are really rather flexible. You can still set rwx on the files, so it doesn't take a whole lot away...
I agree that AFS isn't meant for clustering, but it works well from a security standpoint, especially with Kerberos.
Re:you probably don't want AFS (Score:3, Informative)
by Anonymous Coward on Thursday August 17, @05:41PM EDT (#109)
> AFS semantics are very different from UNIX file system semantics: permissions are associated with
> directories only, access is determined only by the containing directory,
Think about hard links: that's why it works this way.
> if multiple clients modify the same file, updates are lost
That's not entirely true but I agree it's stupid. Anyway, it doesn't matter, if you don't use file locking you should expect corruption anyway.
> you can't have any special files in an AFS file system
I hope you don't expect your users to be able to create /dev/mem nodes in their home directories...
> AFS uses its own authentication
Yes, it's called Kerberos... ever heard of it?
> it doesn't work well for big files
It works reasonably well with big files, unlike Coda which unfortunately doesn't work at all with them. Anyway for huge amounts of data you shouldn't be creating massive files anyway, look into databases or steaming software.
> it always requires extra work to get it to work with daemons
You mean you want root on a given machine to have "root" in your whole enterprise?
> and it has severe problems for scientific compute clusters
What, rsh doesn't work? Just patch it and it works fine. Otherwise what's the problem?
> IBM has long ago moved onto DFS
No they haven't
> (unrelated to Microsoft DFS)
Thank god. But I'm glad Microsoft has finally invented the automounter.
> which fixes many of the problems of AFS (but is itself big, even more complex than AFS, and hard
> to administer).
And nobody uses it...
> Many places are trying to get rid of AFS because it's just too much of a hassle to run it
There really is no better alternative, though.
> (and converting back to a UNIX file system isn't easy because AFS encourages permissions and ACLs
> to mushroom unnecessarily).
You mean it encourages security? :)
> AFS may be acceptable for specific applications (in fact, what it was designed for originally): a
> large untrusted user population, dedicated system management staff, and smallish files and
> problems (text file editing, small programming jobs).
It lets you solve problems on a big scale. I hope the open source release will make it even better and more available for everyone to use.
> But for many environments where Linux is used--big software development projects, web
> servers, scientific computing, home networking--it just doesn't seem like a good fit.
Big software development is one of the first things AFS was used for. It's only recently, ironically, that local disks+Linux have outperformed network file systems so much.
AFS makes sense on web servers for replicating site data and allowing many people to "upload" without the insecurity of FTP.
And I don't see why anyone wouldn't want to use AFS at home. Again, I hope the open source release will allow as many people to have real security in network filesystems as possible.
> If it's the security you care about, NFSv4 might be for you
Whenever that will be available...
> If you want something AFS-like, Coda might be an option (but I don't know how mature it is yet)
Coda is nice but not packaged well enough for everyone to start using it. It also chokes on big files much worse than AFS, unfortunately.
> MFS and GFS are options for compute clusters.
They're nice for high bandwidth to big files. But they give you no security... do you really want a root exploit on one machine in a cluster to destroy all data in the entire site?
Why? CODA (Score:2, Interesting)
by Anonymous Coward on Thursday August 17, @03:49PM EDT (#26)
Why open source it? Because coda is about to replace it. CODA (http://www.coda.cs.cmu.edu/) is a Free (free software), scalible, distributed file system. It covers every feature of AFS, and goes quite a bit further.
Coda is reaching a point of stability and availablity that it's nearly ready for widespread production deployment.
UKUUG Linux 2000 Conference - Timetable
At UKUUG this year, Owen LeBlanc, a Coda expert if there ever was one, said "if you have a small number of users and a relatively small amount of data, then Coda may be just what you need". I also seem to recall him saying he thought AFS is pretty darn nice. He'd be the one to know.
AFS Frequently Asked Questions
Google matched content
FHS Documents, Resources, and Links:
Understanding Filesystems by Emmett Dulaney
http://www.ubi.pt/~dfis-wg/linux/linfs/fsstnd-toc.html#TOC -- Linux filesystem structure
Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers : Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism : The Iron Law of Oligarchy : Libertarian Philosophy
War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda : SE quotes : Language Design and Programming Quotes : Random IT-related quotes : Somerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose Bierce : Bernard Shaw : Mark Twain Quotes
Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 : Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law
Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds : Larry Wall : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOS : Programming Languages History : PL/1 : Simula 67 : C : History of GCC development : Scripting Languages : Perl history : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history
The Peter Principle : Parkinson Law : 1984 : The Mythical Man-Month : How to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Haterís Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite
Most popular humor pages:
Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor
The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D
Copyright © 1996-2021 by Softpanorama Society. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.
FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.
This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...
|You can use PayPal to to buy a cup of coffee for authors of this site|
Last modified: March 12, 2019