Andrew File System - PowerPoint PPT Presentation

1 / 29
About This Presentation
Title:

Andrew File System

Description:

To become an authenticated AFS user, you need to provide a. password to AFS ... An architectural goal of the AFS designers was client/server ratios of 200:1 ... – PowerPoint PPT presentation

Number of Views:319
Avg rating:3.0/5.0
Slides: 30
Provided by: vkp
Category:
Tags: andrew | file | system

less

Transcript and Presenter's Notes

Title: Andrew File System


1
Andrew File System
  • Vishal Patel,
  • George Blank

2
Agenda
  • What is AFS?
  • History of AFS
  • Basics of AFS
  • Benefits of AFS
  • Drawbacks of AFS
  • Versions of AFS
  • References

3
What is AFS?
  • AFS is distributed file system that enables
    co-operating hosts (clients and servers) to
    efficiently share file system resources across
    both local area and wide area networks
  • provides transparent file access between systems
    running AFS
  • Software available for most UNIX platforms and
    Window and Mac. You can install an AFS client on
    your system.
  • AFS runs on systems from HP, Next, DEC, IBM,
    SUN, and SGI.

4
History of AFS
  • AFS is based on a distributed file system
    originally developed at the Information
    Technology Center at Carnegie-Mellon University
    in 1984.
  • The idea was to provide a campus-wide file
    system for home directories which would run
    effectively using a limited bandwidth campus
    backbone network.
  • IBM released AFS as an Open Systems Platform at
    http//www.openafs.org/ and it is now called
    OpenAFS.

5
Basics of AFS
  • Cells
  • Volumes
  • Tokens
  • Cache Manager
  • File Protection
  • File Space Design

6
Cells
  • An AFS cell is a collection of servers grouped
    together administratively and presenting a
    single, cohesive file system.
  • Typically, an AFS cell is a set of hosts that use
    the same Internet domain name.
  • Normally, a variation of the domain name is used
    as the cell name. Users log into AFS client
    workstations which request information and files
    from the cell's servers on behalf of the users.

7
Volumes
  • The storage disks in a computer are divided into
    sections called partitions. AFS further divides
    partitions into units called volumes.
  • The volumes provide a convenient container for
    storing related files and directories.
  • System administrator can move volumes from one
    file server to another without noticing, because
    AFS automatically tracks a volumes location

8
Tokens
  • AFS does not use UNIX user IDs for
    authentication. In order to access files which
    are not world accessible using AFS, you must have
    a valid AFS token. You may see what tokens you
    currently hold using the tokens command.

9
Cache Manager
  • Cache Manager maintains information about the
    identities of the users logged into the machine,
    finds and requests data on their behalf, and
    keeps chunks of retrieved files on local disk.
  • The effect of this is that as soon as a remote
    file is accessed a chunk of that file gets copied
    to local disk and so subsequent accesses (warm
    reads) are almost as fast as to local disk and
    considerably faster than a cold read (across the
    network).

10
File Protection
  • File protections do not work the same way in AFS
    as they do in UNIX.
  • AFS augments the standard UNIX file protection
    mechanism, using a more precise mechanism for
    controlling access to files an access control
    list (ACL).

11
File Space Design
12
File Space Design (Contd)
  • Hierarchical file structure like the UNIX file
    system
  • AFS root is generally named /afs and next level
    is called a cell
  • - administrative domain a defined set of
    AFS
  • servers within a company, university, lab,
    etc.
  • - local cell the default cell associated
    with your
  • workstation
  • - foreign cell other cells in the AFS file
    space
  • Subsequent levels are UNIX files
  • Some facilities use AFS for users login directory

13
File Sharing
  • AFS enables users to share remote files as easily
    as local files. To access a file on a remote
    machine in AFS, you simply specify the file's
    pathname. In contrast, to access a file in a
    remote machine's UNIX file system, you must log
    into the remote machine or create a mount point
    on the local machine that points to a directory
    in the remote machine's UNIX file system
  • AFS users can see and share all the files under
    the /afs root directory, given the appropriate
    privileges. An AFS user who has the necessary
    privileges can access a file in any AFS cell,
    simply by specifying the file's pathname. File
    sharing in AFS is not restricted by geographical
    distances or operating system differences

14
Figure 8.12 File name space seen by clients of AFS
15
Login and Authentication
  • To become an authenticated AFS user, you need to
    provide a
  • password to AFS
  • On machines that use an AFS-modified login
    utility, logging in is a one-step process your
    initial login automatically authenticates you
    with AFS.
  • On machines that do not use an AFS-modified login
    utility, you must perform two steps.
  • Log in to your local machine.
  • Issue the klog command with the -setpag argument
    to authenticate with AFS and get your token.
  • Your system administrator can tell you whether
    your machine uses an AFS-modified login utility
    or not

16
AFS Commands
  • AFS commands are grouped into three categories
  • File server commands (fs)
  • - lists AFS server information
  • - set and list ACLs (access control list)
  • Protection commands (pts)
  • - create and manage (ACL) groups
  • Authentication commands
  • - klog, unlog, kpasswd, tokens

17
Benefits of AFS
  • Caching facility
  • Caching significantly reduces the amount of
    network traffic, improving performance when a
    cold read is necessary
  • Location Independence
  • AFS does its mapping (filename to location) at
    the server. This has the tremendous advantage of
    making the served file space location independent

18
Benefits of AFS (Contd)
  • Scalability
  • An architectural goal of the AFS designers
    was client/server ratios of 2001 which has been
    successfully exceeded at some sites.
  • Single systems image (SSI)
  • Establishing the same view of file store from
    each client and server in a network of systems
    (that comprise an AFS cell) is an order of
    magnitude simpler with AFS than it is with, say,
    NFS.

19
Benefits of AFS (Contd)
  • Improved security
  • Firstly, AFS makes use of Kerberos to
    authenticate users. This improves security
  • Secondly, AFS uses access control lists (ACLs)
    to enable users to restrict access to their own
    directories.

20
Benefits of AFS (Contd)
  • "Easy to use" networking
  • Accessing remote file resources via the
    network becomes much simpler when using AFS
  • Improved system management capability
  • Systems administrators are able to make
    configuration changes from any client in the AFS
    cell
  • Improved robustness to server crash
  • Replicated AFS volumes

21
Drawbacks of AFS
  • Invasive install
  • Complexity of backend server function
  • Authentication issues with applications (e.g.
    ticket expiration)

22
Some useful Open AFS commands
  • sar 2 10 ( to check the CPU idle)
  • top ( will give which process was taking the
    highest CPU)
  • /usr/bin/lsof (give the open ports and open files
    that are not closed)
  • netstat -an grep will give you whether the port
    you were going to use for the server /client
    program is being utilized.

23
The fs command
  • The fs (filesystem) command allows you to do many
    things in OpenAFS. Some examples
  • fs listacl Find what Access Control List
    permissions have been granted in your account.
  • fs sa /project gblank l Grant user gblank
    permission to look up (read) the directory
    project.
  • fs sysname Find the system name, for which you
    can substitute _at_sys in AFS pathnames.

24
The fs sa Access Control List permissions
  • lookup List contents of directory
  • insert Add files or directories
  • delete Delete entries in directory
  • administer Change ACL rights in directory
  • read Read file content, query file status
  • write Read file content, change permissions
  • lock Full file advisory lock

25
AFS Access Control and Unix file permissions
  • Unix file permissions (chmod) are used by AFS,
    but in a way that may be difficult to understand.
  • Group g and Other o permissions are ignored.
    Rights are based on rights granted to a user u.
  • Any authorized user (systemauthusers) can
    execute a file with these rights -rwx------ if
    they have lookup permission in that directory.
    They need read and write permissions for full
    access.

26
AFS man pages and Wiki
  • The traditional Unix manual format man is
    available for Open AFS, listing all AFS commands
    in alphabetical order with their options, at
    http//www.openafs.org/manpages/
  • There is also an OpenAFS Wiki at
    http//www.dementia.org/twiki/bin/view/AFSLore/

27
Scripting in OpenAFS
  • Probably the best scripting language for AFS is
    AFS Perl.
  • There are Perl functions for all AFS command line
    functions.
  • There is a scripting tool that comes with AFS
    called uss, but AFS Perl is more flexible, more
    robust and is easy for Perl users to comprehend.

28
Controlling AFS from Java
  • There is a Java API for AFS.
  • See http//www.dementia.org/twiki/bin/view/AFSLore
    /JavaAdminAPI for more information.

29
References
  • Full documentation for OpenAFS is available
    online at http//www.openafs.org/ Significant
    material for this lecture came from Alf
    Wachsmanns lecture there Introduction to AFS
    and its Best Practices
  • Also see left hand menu at http//web.njit.edu/
Write a Comment
User Comments (0)
About PowerShow.com