1 / 20

Internet Services Administration CS35910

Internet Services Administration CS35910. File Services Administration and File Access Services. Backups. Don’t worry, your data is safely backed up on multiple redundant RAID servers. Principles of System Administration. Corollary 25: Redundancy

amina
Télécharger la présentation

Internet Services Administration CS35910

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internet Services AdministrationCS35910 File Services Administration and File Access Services

  2. Backups Don’t worry, your data is safely backed up on multiple redundant RAID servers

  3. Principles of System Administration • Corollary 25: Redundancy • Reliability is often safeguarded by redundancy, or backup services running in parallel, ready to take over at a moments notice • Principle 46: Data Invulnerability • The purpose of a backup copy is to provide an image of data which is unlikely to be destroyed by the same act that destroys the original • Corollary 47 • Backup copies should be stored at a different physical location to the originals

  4. Redundancy • To lose one parent, Mr. Worthing, may be regarded as a misfortune; to lose both looks like carelessness Lady Bracknell, The Importance of Being Earnest • When a RAID disk fails, fix it straight away • Don’t forget the importance of backups

  5. Backups • Full and incremental backups • Backup storage solutions • Off-site storage • Amanda and tar • Linux Journal Reader’s Choice Awards Favourite Backup Solution 1. tar (65%) 2. Amanda (5%) 3. Arkeia Network Backup (<1%)

  6. Check your Disaster Recovery • Backups always succeed • Restores always fail! The backup motel – files check in but never check out

  7. File Transfer • Why transfer files • File transfer technologies • Sneakernet • UUCP • FTP • SSH - SCP and SFTP • Network Filestore • HTTP • Webdav etc.

  8. FTP Access • Advantages • Easy to set up • Well supported • Easy to use • Fast • Disadvantages • Problems with firewalls (use passive mode) • Plain text transfers, including password

  9. FTP: Anonymous or not • Problems with user FTP security: • Plain text passwords can be easily snooped • Real user accounts can allow exploits such as uploading .rhosts etc. • SCP/SFTP provides a better solution for these needs • See also SSLftp: ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps • Problems with anonymous FTP: • Configuration needs more care • No method to uniquely identify users

  10. NFS – A network Filesystem

  11. Management of NFS • /etc/exports • TCP Wrappers (hosts.allow, hosts.deny) protect the vulnerable portmapper • Root squashing • mountd, nfsd

  12. NFS Cookies • NFS is stateless. Cookies are passed by mountd to indicate a successful mount • Limited persistence of cookies • Cookies usually changed when remounting filestore • For crash recovery, the cookie persists across a reboot • Stateless nature makes locking very difficult • TCP may be used for NFS over routers and even on LANS, but the protocol remains stateless

  13. NFS Automounter • Administrative nightmare of cross mounting home filestore from multiple servers • Auto mounter uses maps to mount filestore on demand • Maps may be shared by RDIST, NIS or LDAP or some other means • May also be used to mount loopback filesystems • Possible to emulate a CD server using ISO images and the automounter

  14. Principles of System Administration • Principle 12: Separation • Data which are separate from the O.S. should be kept in a separate directory tree, preferably on a separate disk partition. If they are mixed with the O.S. system file-tree it makes re-installation or upgrade of the O.S. unnecessarily difficult • Principle 20: Freedom • Quotas, limits and restrictions tend to antagonize users. Users place a high value on personal freedom. Restrictions should be minimized

  15. Timing issues with network filestore • The problem: datagram networks are unpredictable • Latency • NT Opportunistic locking • Oplocks • Delayed writes for network shares • When tuning Samba servers, fake oplocks may be used on read-only shares for improved performance • Strict locking • Neither oplocks nor strict locks are very good for JET databases • NFS inconsistencies • flock(), lockf() timing issues • rpc.lockd – a partial solution

  16. Principle 4 (Communities) • What one member of a cooperative community does affects every other member and vice versa. Each member of the community therefore has a responsibility to consider the effect of his/her actions on all the other users • Principles of Network and System Administration

  17. Management of SMB • Windows NT shares • Directory Security and Share Security • Hidden shares, e.g. \\myhost\backup$ • Not very well hidden • Administrative Shares • UNIX shares with Samba • Browse lists • Read and Write lists

  18. Permissions and Privileges • Permissions (rights) always associated with a particular object • Permission to read a file etc. • Privileges associated with particular actions on the system and granted to users • E.g. SE_SYSTEMTIME_NAME privilege to change system time

  19. Network Attached Storage • Drives attached to embedded unit • Cut down OS provides only data storage, access and management functionality • Usually provides multiple access protocols • NFS • SMB/CIFS

  20. Storage Area Networks • Enterprise Solution • Devices attached to a network, called a fabric • Access to the device at block I/O level • SCSI protocol is usually used

More Related