[OpenAFS] New to OpenAFS
Hello, I'm new to OpenAFS and was hoping if the community could help me determine if it would be a good fit for my company. We are approx 150 people, with 50 home users and the rest in small offices of about 10-15 people. I would like to have a main file server that everyone can access, but also departmental servers in offices that would allow people to save files quickly (without going over the WAN). In my dream scenario, I would have one main server in our data center that stores everything and is backed up. Each office would have a server that acts as a caching server. These servers would cache specific folders that are often used by the people in that specific office...any times changes are made, it is saved on that server and then transferred to the main server in the background. This would allow users in branch offices to have fast access to files and not have to wait for WAN transfers. And would prevent the admin team from backing up every department's server. Is this possible with OpenAFS? I read something about a Samba/OpenAFS gateway, would this be required? Or are there other products that you think might be a better fit? Also, is the windows desktop client used a lot of most deployments? How reliable is this? Thanks for the help! --Bill -- View this message in context: http://www.nabble.com/New-to-OpenAFS-tp16093093p16093093.html Sent from the OpenAFS - General mailing list archive at Nabble.com. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] New to OpenAFS
Jason, Thanks so much for clarifying things, for the majority of users I think this will solve a lot of file sharing issues. Most of our locations are dedicated to a specific department, so traffic will stay on the local network. I do have a few additional questions if you don't mind... - Our accounting group is distributed with a equal amount of people in NY, NC & LA. Right now they all connect to our server (WebDAV, Oracle Content Services) in NY. It is great for the NY users, but slow for others. Is there anyway to make an accounting folder available for fast access in multiple locations? Is there anyway to have read/write clones? If your example, you say that the read/write copy is accessible via: "/afs/.example.com/shared/procedures". This is different than "/afs/example.com/shared/procedures". Just wanted to confirm that it isn't a typo... - Have you integrated your OpenAFS server into an LDAP or Directory server? We are planning to run Samba with an OpenLDAP backend for our domain. Is this possible? I haven't been able to find my documentation about this. We are actually starting fresh, so we are open to any directory system as long as we can have other other apps authenticate via LDAP. - Lastly, when users are connecting to AFS do they need to only be able to contact one AFS server? Or contact others? For example, do the LA users need to talk to the NY server? Or do they talk to the LA server and the LA server handles interaction with NY? Thanks! --Bill -- View this message in context: http://www.nabble.com/New-to-OpenAFS-tp16093093p16169539.html Sent from the OpenAFS - General mailing list archive at Nabble.com. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] New to OpenAFS
What operating system are these users running? If you are running > nearly all Microsoft Windows machine, you probably want to at least look > at Microsoft's Distributed FileSystem (Dfs.) It allows for multi-master > read-write replicas and a user-defined site topology to optimize > replication and allowing clients to find the closest replica. Be aware > that Dfs is not encrypted and is not a true WAN filesystem. Microsoft > recomends using IPsec to secure connections. There is also no caching > by default (one would need to setup Offline Folders functionality to > cache files locally on the computer.) Thanks for replying! I had looked at DFS, but we currently run almost entirely on Linux servers and I would like to keep it that way. With the licensing fees, I doubt that would even get approved. Also, with our 50 home users...using CIFS over a VPN would be pretty painful. From what I understand, OpenAFS is a more efficient WAN protocol (using WebDAV now, which is much more efficient than CIFS). We may eventually use terminal server or a remote desktop solution, but using CIFS over a WAN would almost make that a necessity. --Bill -- View this message in context: http://www.nabble.com/New-to-OpenAFS-tp16093093p16180548.html Sent from the OpenAFS - General mailing list archive at Nabble.com. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] New to OpenAFS
Thanks for explaining all of this, I have been reading documentation...but some things just aren't very clear. It appears that you can store heimdal in ldap and there is documentation available for settings that up. I have been doing a lot of reading and plan on setting up a test server in the near future. One question I have is about a network layout. To minimize changes in each office...I would like to have our main data center have a network that all VPN users (which is everyone, all the time) connect to...say 10.0.0.0/24. The branch office openafs servers would then have a local ip (192.168.0.0/24 networks) as well as a VPN IP (10.0.0.0/24). Is it possible to do this and have the clients pick the closest server? For example...list our Los Angeles server in the CellDB with a local address and a vpn address giving the local address priority...so only people in that office can connect? Any other user would default to the vpn address. Is this possible? If not, I imagine we would need to redo our ip addressing scheme in each office that would have a server. Thanks again for all the help! --Bill -- View this message in context: http://www.nabble.com/New-to-OpenAFS-tp16093093p16258446.html Sent from the OpenAFS - General mailing list archive at Nabble.com. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] New to OpenAFS
The AFS Servers should have IP addresses that are visible to all offices > so that you have redundancy. You can control the priority of servers > for each office using "server preferences". That is what I had planned on doing, that "visible" ip address would a vpn ip address. Each departmental server would also have its local IP address that only people on that local network would access. Will OpenAFS allow me to list a single physical server multiple times like this (and just select the best IP)? Otherwise, I need to restructure each locations network and VPN configurations... -- View this message in context: http://www.nabble.com/New-to-OpenAFS-tp16093093p16258804.html Sent from the OpenAFS - General mailing list archive at Nabble.com. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info