LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Filesystem security: NFSv4 vs AFS vs...? (https://www.linuxquestions.org/questions/linux-security-4/filesystem-security-nfsv4-vs-afs-vs-743445/)

cotton213 07-28-2009 12:22 PM
Filesystem security: NFSv4 vs AFS vs...?
 
My small company is currently using NFS v3 on our primary file servers and we need to switch to something more secure for our mixed Linux (80%) Windows (20%) environment. I'd like opinions on some of the various filesystems out there -- maturity, ease of setup and use, availability of clients, speed. Googling seems to mostly get me articles from 2003 and I seem incapable of searching this forum effectively (sorry). We are looking mostly at NFS v4, Samba/CIFS, and AFS. Any insight is greatly appreciated.

Barb

edgester 08-02-2009 02:36 PM
Quote:
Originally Posted by cotton213 (Post 3623190)
My small company is currently using NFS v3 on our primary file servers and we need to switch to something more secure for our mixed Linux (80%) Windows (20%) environment. I'd like opinions on some of the various filesystems out there -- maturity, ease of setup and use, availability of clients, speed. Googling seems to mostly get me articles from 2003 and I seem incapable of searching this forum effectively (sorry). We are looking mostly at NFS v4, Samba/CIFS, and AFS. Any insight is greatly appreciated.

Barb
Hi Barb,

I'm not sure how well NFSv4 would work on windows with good security. Most places want to firewall NFS and SMB from off-site.

SMB is mature, but migrating your data to a another server when the server gets full can be a pain.

AFS is very mature. It has been around for over 10 years. The OpenAFS project (http://www.openafs.org) is the dominant AFS platform. There are AFS clients for Windows, Linux, Solaris, MacOS X, BSD, AIX, and a few others. You can run AFS servers on almost any Unix-like platform (Linux and Solaris are the most popular OpenAFS server platforms).

While AFS has a bit of a learning curve, it gives you SAN-like features like snapshots and live migrations of data between servers using commodity hardware and disks. No SAN is required. AFS also has can also host multiple read-only copies of data for redundancy. AFS has advanced caching so that frequently access data doesn't require re-fetching from the server.

AFS also has per-directory access control lists, user-managed access groups, and optional encryption (which does degrade performance). AFS is very well suited to WAN and LAN environments. It uses Kerberos as the authentication layer.

Oh, and did I mention that migrating data between servers is nearly transparent to users and doesn't require any reconfiguration?

Feel free to post any questions you may have to the openafs-info list at https://lists.openafs.org/mailman/listinfo/openafs-info

There are many helpful people there, including myself, who can answer any questions that you may have and help you make the right choice (even if it isn't AFS), and help you to get started.

Thanks,
Jason

chrism01 08-02-2009 07:55 PM
For security aspect, you could look at sshfs: http://en.wikipedia.org/wiki/SSHFS


All times are GMT -5. The time now is 02:51 PM.