Chaz Chandler wrote: >>> 2) There is no good AFS-based solution for group shares in this >>> scenario. >> i don't agree with that, but it depends on your interpretation. > > Ah, good. What would you recommend?
The problem you are facing is that OpenAFS does not support read-write replication. There can only be one instance of a read-write volume at a time. If your model is >>> Further questions: > >>> a) What is the best way to replicate a volume across cells? There isn't a defined mechanism for this and doing so can create some problems specific to the attempt to do so. As far as each OpenAFS cell is concerned the volumes are not replicas. If modifications are made in multiple cell instances they will diverge. It is possible to use one cell as a master and from that cell dump volume images that can then be pushed into other cells. However, they should be treated as readonly in the alternate cells. >>> b) How would the presence of multiple cells effect the krb5 >>> infrastructure (currently: one realm, one cell, cell name = realm name = >>> internal LAN domain name)? >> it doesn't have to be. you can have many cells in a realm, for >> instance, the sipb.mit.edu, athena.mit.edu, etc cells in the >> ATHENA.MIT.EDU realm. > > True, but is it as simple as adding an afs/newc...@realm principle and making > sure the > users get tokens for all cells? Yes. On Windows the Network Identity Manager provider and/or the OpenAFS integrated logon network provider will permit you to automate this for your users. >>> c) Are any of the Morgan Stanley volume management system utilities >>> available publicly, or are their methods sufficiently documented >>> publicly? All of what I've read about them are from previous afsbpw's. >>> (ie, >>> http://workshop.openafs.org/afsbpw08/talks/wed_1/OpenAFS_and_the_Dawn_of_a_New_E > ra.pdf) >> as far as i know none of their tools are distributed at this time. > > Anyone know any Morgan Stanley folks with whom I could chat about this stuff? > Is this > something others would be interested in as well? In my opinion, the Morgan Stanley tools are not general purpose. They do what they do but are very specific to the way that Morgan Stanley built their infrastructure. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature