> Our setup would look like: > 1 cell EU wide, with 5-200+ local sites, each has at least one fileserver.
And when one server gets compromised/stolen you do what? Remember, without software development, once cell is one security area. You should design a multiple cell layout (under one or serveral kerberos realms). As long as you are OK to copy instead of move volumes between cells, you are fine. > (setup is guided by the rule "data HAS to be kept local and only local > groups and external persons with special rights should be able to read > it. Local groups should be able to make only very small subpart of data > available to one or more other (external) groups). Sounds like a multiple cell approach to me. Then each group can have their 3 db servers. Harald. _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info