200 likes | 322 Views
Internet Services Administration CS35910. File Services Administration and File Access Services. Backups. Don’t worry, your data is safely backed up on multiple redundant RAID servers. Principles of System Administration. Corollary 25: Redundancy
E N D
Internet Services AdministrationCS35910 File Services Administration and File Access Services
Backups Don’t worry, your data is safely backed up on multiple redundant RAID servers
Principles of System Administration • Corollary 25: Redundancy • Reliability is often safeguarded by redundancy, or backup services running in parallel, ready to take over at a moments notice • Principle 46: Data Invulnerability • The purpose of a backup copy is to provide an image of data which is unlikely to be destroyed by the same act that destroys the original • Corollary 47 • Backup copies should be stored at a different physical location to the originals
Redundancy • To lose one parent, Mr. Worthing, may be regarded as a misfortune; to lose both looks like carelessness Lady Bracknell, The Importance of Being Earnest • When a RAID disk fails, fix it straight away • Don’t forget the importance of backups
Backups • Full and incremental backups • Backup storage solutions • Off-site storage • Amanda and tar • Linux Journal Reader’s Choice Awards Favourite Backup Solution 1. tar (65%) 2. Amanda (5%) 3. Arkeia Network Backup (<1%)
Check your Disaster Recovery • Backups always succeed • Restores always fail! The backup motel – files check in but never check out
File Transfer • Why transfer files • File transfer technologies • Sneakernet • UUCP • FTP • SSH - SCP and SFTP • Network Filestore • HTTP • Webdav etc.
FTP Access • Advantages • Easy to set up • Well supported • Easy to use • Fast • Disadvantages • Problems with firewalls (use passive mode) • Plain text transfers, including password
FTP: Anonymous or not • Problems with user FTP security: • Plain text passwords can be easily snooped • Real user accounts can allow exploits such as uploading .rhosts etc. • SCP/SFTP provides a better solution for these needs • See also SSLftp: ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps • Problems with anonymous FTP: • Configuration needs more care • No method to uniquely identify users
Management of NFS • /etc/exports • TCP Wrappers (hosts.allow, hosts.deny) protect the vulnerable portmapper • Root squashing • mountd, nfsd
NFS Cookies • NFS is stateless. Cookies are passed by mountd to indicate a successful mount • Limited persistence of cookies • Cookies usually changed when remounting filestore • For crash recovery, the cookie persists across a reboot • Stateless nature makes locking very difficult • TCP may be used for NFS over routers and even on LANS, but the protocol remains stateless
NFS Automounter • Administrative nightmare of cross mounting home filestore from multiple servers • Auto mounter uses maps to mount filestore on demand • Maps may be shared by RDIST, NIS or LDAP or some other means • May also be used to mount loopback filesystems • Possible to emulate a CD server using ISO images and the automounter
Principles of System Administration • Principle 12: Separation • Data which are separate from the O.S. should be kept in a separate directory tree, preferably on a separate disk partition. If they are mixed with the O.S. system file-tree it makes re-installation or upgrade of the O.S. unnecessarily difficult • Principle 20: Freedom • Quotas, limits and restrictions tend to antagonize users. Users place a high value on personal freedom. Restrictions should be minimized
Timing issues with network filestore • The problem: datagram networks are unpredictable • Latency • NT Opportunistic locking • Oplocks • Delayed writes for network shares • When tuning Samba servers, fake oplocks may be used on read-only shares for improved performance • Strict locking • Neither oplocks nor strict locks are very good for JET databases • NFS inconsistencies • flock(), lockf() timing issues • rpc.lockd – a partial solution
Principle 4 (Communities) • What one member of a cooperative community does affects every other member and vice versa. Each member of the community therefore has a responsibility to consider the effect of his/her actions on all the other users • Principles of Network and System Administration
Management of SMB • Windows NT shares • Directory Security and Share Security • Hidden shares, e.g. \\myhost\backup$ • Not very well hidden • Administrative Shares • UNIX shares with Samba • Browse lists • Read and Write lists
Permissions and Privileges • Permissions (rights) always associated with a particular object • Permission to read a file etc. • Privileges associated with particular actions on the system and granted to users • E.g. SE_SYSTEMTIME_NAME privilege to change system time
Network Attached Storage • Drives attached to embedded unit • Cut down OS provides only data storage, access and management functionality • Usually provides multiple access protocols • NFS • SMB/CIFS
Storage Area Networks • Enterprise Solution • Devices attached to a network, called a fabric • Access to the device at block I/O level • SCSI protocol is usually used