On Oct 29 06:54:07, James A. Peltier wrote: > <snip> > | > No I cannot just put and get. Moving hundreds of gigabytes of > | > medical imaging data around with FTP/SSH would be out of the > | > question. > | > | Yet moving hundreds of gigabytes of medical imaging data > | around with NFS is OK. More specifically yet, moving them > | around with NFSv4 is OK, but moving them around with NFSv3 > | is not. Right? > | > | Let's stay technical: what exactly does NFSv4 do for you in your > | situation that NFSv3 does not? "Kerberos security", as in "users > | authenticate themselvzes"? "Firewall friendly"? How exactly is > | NFSv4 more "firewall friendly" than NFSv3? > | > | (Don't get me wrong: I want a multi-platform shared storage too. > | I do it with NFSv3. You use NFSv4, Kerberos, and Samba. How exactly > | is that better?) > | > | Do you need file access or file transfer, in the sense of > | Callahan's standard "NFS Illustrated" book? > | > | Jan > > Okay, while we do employ NIS/NFSv3 now. this is on a completely segmented > network. The data that is being transferred is separate from the rest of the > network. > > In the new setup this will not be the case.
You should have stated this clearly in the original mail: "we have a properly segmented/isolated network where we use NFSv3 to share data. Now the network will no longer be segmented and/or isolated. So I think I need NFSv4 now". > It was but one example of why NFSv4 might be chosen over NFSv3. The added > Kerberos authentication is but one step in providing additional data security. > I understand that it does not substitute for good password security. It was > but one example of why NFSv4 might be chosen over NFSv3. > > NFSv4 with kerberos supports encryption. While using krb5p, every > communication between client and server is sent over the wire after it was > encrypted which was not supported by NFSv3. > > NFSv4 is stateful and uses a single port. Port 2049 > > I am looking for file access just like we are currently providing with NFSv3. > We just need to add additional levels of security in the sense of > authentication and access control to work across a less secure, non-segmented > network. I am *not* using OpenBSD for *any* of this. I was merely > attempting to offer input as to why someone *might* require NFSv4. > > -- > James A. Peltier > Systems Analyst (FASNet), VIVARIUM Technical Director > Simon Fraser University - Burnaby Campus > Phone : 778-782-6573 > Fax : 778-782-3045 > E-Mail : jpelt...@sfu.ca > Website : http://www.fas.sfu.ca | http://vivarium.cs.sfu.ca > http://blogs.sfu.ca/people/jpeltier > MSN : subatomic_s...@hotmail.com