>> Hmmm... How feasible is VPN serving the number of concurrent users the >> OpenAFS is capable of? > > I know somewhere where they terminated direct world access to AFS and > required users to go through VPN first. It's not a bottleneck, at least > in that configuration. The number of AFS users is likely magnitudes > smaller than in your projections, though. But if you're not getting > adequate speed with even just one client, it doesn't sound like you > should be worrying about expansion first...
The correct (future oriented) behavior is still more important than speed. If I can only choose one, that is. There is no rush currently when it comes to number of concurrent users, but there shouldn't be any limitations to it. If nothing else, Moore's law is on our side :) > >> Integrated to GDM login, seamless single-sign-on? > > Nothing to do with that. You have to start it manually after logging in > to your favourite operating system in that particular use case, and the > use of VPN is by no means specific to their AFS use. That's what I thought, and it sounds like a problem against the concept design. You should be able to just log into your account straight from the boot and spreading processes seamlessly among other similar computer nodes. > >> Because the communication is much more two ways than basic Internet use >> (homedir in AFS), the 5Mb out is a clear cap. But still, it seems like a >> ~200Kb traffic from client to server is already on the limit. E.g. >> Firefox >> keeps writing to Homedir constantly with a speed that leaves afs >> communication behind. > > Even on a workstation connected through gigabit to the same network as > the (rather modestly loaded) AFS servers and nothing in the way, I > figured I wanted to use Firefox with a local profile directory. Your > mileage may vary. I wouldn't do it on a direct connect - I most > certainly wouldn't do it from at home or over another kind of WAN. > >> I know that you can tweak Firefox'es behavior (and I have) > > I found that was not good enough. YMMV, as said. I understand this, but the configuration is such that you have _everything_ in AFS and you can access it from any Liitin client. This is purposefully so. > > Do you get a different reading if you leave out the encryption? If it > is as Lars stated, a rather poor piece of work in every which way anyway, > you're probably better off not using it. I haven't tried it yet (and it's getting quite late now), but I will try it anyway to verify if it's the issue. > >> These should be the defaults (common network settings and OpenAFS). I >> tried to tweak them at some point, but without a noteable improvement). >> The server currently runs virtualised and on a relatively old Intel >> machine. > > What kind of speed do you get on directly connected AFS clients on the > LAN? I need to verify this, but as far as I remember, it's some MBs. Basic use is fine, but if you move GB's it's clearly slower than normal networking over SSH. br, jukka > >> notable improvement. Since the encryption is critical (in some way or >> another), It's been on from the beginning. I guess it's time to test its >> influence, at least. > > With VPNs at least, you don't have to run the encryption work on the > file server host. > > Best regards, Atro > _______________________________________________ > OpenAFS-info mailing list > OpenAFS-info@openafs.org > https://lists.openafs.org/mailman/listinfo/openafs-info > _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info