Implementing NFSv4 in the Enterprise: Planning and Migration Strategies

Book description

The most recent maintenance release of IBM AIX 5L Version 5.3 includes a significant set of new features added to the NFSv4 implementation. In 2004, the first IBM Redbooks publication devoted to the topic of NFSv4 implementation in AIX 5L was published: "Securing NFS in AIX: An Introduction to NFS V4 in AIX 5L," SG24-7204.

This book provides additional up-to-date information to help IBM clients understand and take advantage of the new NFSv4 functions provided by AIX 5L Version 5.3 with the 5300-03 Recommended Maintenance Package.

The NFSv4 implementation in AIX 5L has now expanded to provide core features that make it capable of providing a much broader range of distributed file system services than any prior version of NFS. The scope of this book includes methods for implementing NFSv4 in the enterprise and extensive coverage of methods for how it can potentially be used as a migration target for existing AFS-based and DCE/DFS-based enterprise file systems.

Please note that the additional material referenced in the text is not available from IBM.

Table of contents

  1. Notices
    1. Trademarks
  2. Preface
    1. The team that wrote this redbook
    2. Acknowledgments
    3. Become a published author
    4. Comments welcome
  3. Part 1: Introduction
    1. Chapter 1: Introduction
      1. Overview of enterprise file systems
      2. The migration landscape today
      3. Strategic and business context
      4. Why NFSv4?
      5. The rest of this book
    2. Chapter 2: Shared file system concepts and history
      1. Characteristics of enterprise file systems
        1. Replication
        2. Migration
        3. Federated namespace
        4. Caching
      2. Enterprise file system technologies
        1. Sun Network File System (NFS)
        2. Andrew File System (AFS)
        3. Distributed Computing Environment/Distributed File System
      3. General considerations when using enterprise file systems
  4. Part 2: NFSv4 on AIX 5L V5.3
    1. Chapter 3: NFSv4 implementation
      1. Implementation of the NFSv4 protocol in AIX 5L V5.3
      2. NFSv4 features supported in the initial AIX 5L V5.3 release
        1. External namespace (exname) support
        2. FSIDs and file handles
      3. Features introduced in AIX 5L V5.3 RML03 (1/5)
      4. Features introduced in AIX 5L V5.3 RML03 (2/5)
      5. Features introduced in AIX 5L V5.3 RML03 (3/5)
      6. Features introduced in AIX 5L V5.3 RML03 (4/5)
      7. Features introduced in AIX 5L V5.3 RML03 (5/5)
        1. Delegation
        2. Referral
        3. Replication
      8. List of NFSv4 features supported in AIX 5L V5.3
    2. Chapter 4: Using NFSv4 with JFS2 or GPFS
      1. AIX 5L enhanced journaled file system (JFS2) (1/2)
      2. AIX 5L enhanced journaled file system (JFS2) (2/2)
        1. Comparing JFS2 with JFS
        2. JFS2 advanced features
        3. Using JFS2 with NFSv4
        4. JFS2 ACLs versus NFSv4 ACLs
        5. How do we implement inheritance NFSv4 ACLs?
      3. General Parallel File System (GPFS) (1/4)
      4. General Parallel File System (GPFS) (2/4)
      5. General Parallel File System (GPFS) (3/4)
      6. General Parallel File System (GPFS) (4/4)
        1. Why GPFS?
        2. GPFS advantages
        3. When to consider GPFS
        4. Planning considerations for GPFS
        5. Using NFSv4 with GPFS
        6. NFSv4 export considerations for GPFS
        7. NFS usage of GPFS cache
        8. NFSv4 ACL administration
        9. NFS client with stale inode data
      7. Backup considerations
    3. Chapter 5: Using NFSv4 features
      1. Using the cache file system (CacheFS)
        1. CacheFS performance benefits
        2. CacheFS performance impacts
        3. Configuring CacheFS
      2. Managing LDAP automount maps
      3. Pseudo file system
      4. NFSv4 ACLs (1/5)
      5. NFSv4 ACLs (2/5)
      6. NFSv4 ACLs (3/5)
      7. NFSv4 ACLs (4/5)
      8. NFSv4 ACLs (5/5)
        1. NFSv4 ACLs: ACL evaluation
        2. NFSv4 ACLs: Administration
        3. NFSv4 ACLs: ACL inheritance and umask
        4. NFSv4 ACLs: Permissions scenarios
        5. NFSv4 ACLs: ACL evaluation flowchart for NFSv4
        6. NFSv4 ACLs: NFSv3 clients
  5. Part 3: Preparing to use NFSv4
    1. Chapter 6: Building an NFSv4 environment
      1. Environment used for demonstration scenarios
      2. Infrastructure setup flow
      3. Network Time Protocol (NTP) configuration
      4. IBM Tivoli Directory Server V5.2
        1. Preparing the system for IBM Tivoli Directory Server installation
        2. Installing IBM Tivoli Directory Server
        3. Configuring IBM Tivoli Directory Server
        4. Configuring Tivoli Directory Server to be a client of itself
      5. IBM Network Authentication Services (Kerberos V5) server installation (1/2)
      6. IBM Network Authentication Services (Kerberos V5) server installation (2/2)
        1. Setting up the environment
        2. Configuring the NAS server
      7. IBM Tivoli Directory Server client configuration
      8. IBM Network Authentication Services client install and configuration (1/2)
      9. IBM Network Authentication Services client install and configuration (2/2)
        1. Integrated login (single sign-on)
        2. Standard login
        3. Adding NAS users
        4. Migrating existing users into NAS
        5. Installation details
      10. Installing GPFS
        1. Preparing the GPFS nodes for installation
        2. Creating the GPFS directory
        3. Creating the GPFS installation table of contents file
        4. Installing GPFS through the network
        5. Verifying the GPFS installation
      11. Configuring GPFS (1/2)
      12. Configuring GPFS (2/2)
        1. Setting up the environment
        2. Creating the GPFS cluster and nodes
        3. Creating a GPFS file system
    2. Chapter 7: Migration considerations
      1. General migration considerations
      2. Types of migrations
        1. Switch-over migration
        2. Phased or rolling migration
        3. User-by-user or self-managed migration
      3. Hardware planning
      4. Individual component considerations (1/2)
      5. Individual component considerations (2/2)
        1. Security
        2. RPCSEC_GSS security flavors
        3. RPCSEC_GSS protection levels
        4. User identity management options
        5. User and group identities and NFSv4
        6. RPCSEC_GSS user authentication using Kerberos
        7. User accounts and authentication resources
      6. NFSv4 user authorization methods
        1. Choosing a user authorization method
        2. Other user authorization considerations
        3. NFSv4 host identification
        4. NFSv4 host authentication
        5. NFSv4 host authorization
      7. Choosing the appropriate file system types (1/2)
      8. Choosing the appropriate file system types (2/2)
        1. Backup systems
        2. Time services
        3. User data
    3. Chapter 8: Migration scenarios
  6. Part 4: Migrating to NFSv4
    1. Chapter 9: NFSv3 to NFSv4 migration
      1. The test environment
      2. Using NFSv3 and NFSv4 side-by-side
      3. Migrating from NFSv3 to NFSv4
      4. Using NFSv3
      5. Using NFSv4 with NFSv3
        1. Configuring the NFS domain
        2. Configuring the pseudo root file system
        3. Exporting file systems for access to NFSv3 and NFSv4 clients
        4. Mounting NFSv4 exports on the clients
        5. Mounting NFSv3 exports on the clients
        6. Differences between NFSv3 and NFSv4 mounts
      6. Adding security (1/2)
      7. Adding security (2/2)
        1. Creating NFS service principals in Kerberos
        2. Configuring the gssd daemon on the NFS server
        3. Mapping Kerberos V5 realms to NFS domains
        4. Creating the NFS keytab file entry
        5. Configuring security on the clients.
        6. Exporting NFS file systems with security
        7. Mounting an NFSv4 exported file system
      8. Namespace management (1/2)
      9. Namespace management (2/2)
        1. How does the NFSv4 namespace help?
        2. Enhancing classic NFSv4 exports using the exname option
      10. Setting a different pseudo root file system
    2. Chapter 10: Planning a migration from DFS
      1. An overview of DCE/DFS
        1. Servers and clients
        2. Cells
        3. Cross-cell communications
        4. Caching
        5. Aggregates and filesets
        6. Replication
      2. Component-specific migration considerations (1/2)
      3. Component-specific migration considerations (2/2)
        1. Authentication services
        2. DCE/DFS principal and group considerations
        3. Migrating accounts from DCE to Kerberos V5
        4. Authentication methods
        5. Additional considerations
      4. ACL migration considerations (1/2)
      5. ACL migration considerations (2/2)
        1. Understanding DFS ACL evaluations
        2. DFS to NFSv4 ACL translation
        3. DFS and NFSv4 ACL comparisons
        4. Example of DFS to NFSv4 ACL translation
        5. Data migration
    3. Chapter 11: Illustrated DFS migration
      1. Test environment
      2. Migrating the DCE cell to LDAP/KRB5
      3. Migrating user data
        1. Capturing existing ACLs in the DFS environment
        2. Copying data from DFS to the NFS namespace
        3. Restoring ACLs on the copied data
    4. Chapter 12: Planning a migration from AFS
      1. A broad overview of AFS
        1. A distributed file system
        2. Servers and clients
        3. Cells
        4. Transparent access and the uniform namespace
        5. Security: Mutual authentication and access control lists
        6. Volumes
        7. Efficiency boosters: Replication and caching
      2. Security differences between AFS and NFSv4
        1. Security and authorization in AFS
        2. Security in NFSv4
        3. Migration considerations
      3. Migrating AFS users to NFSv4
      4. Migrating AFS groups to NFSv4
      5. Comparing an AFS “cell” and an NFS “domain”
      6. File system semantics
        1. AFS implements save on close
        2. Difference between AFS and NFS
      7. Building a namespace
        1. Pseudo file system
        2. External namespace (exname)
        3. Referrals and replication
      8. Migrating AFS data to NFSv4 servers
        1. Migration options
        2. NFS/AFS Translator
      9. Access control lists (1/2)
      10. Access control lists (2/2)
        1. AFS ACL permissions
        2. NFS ACL permissions
        3. Detailed comparison of AFS and NFS ACLs
        4. Example of an AFS to NFS ACL conversion
    5. Chapter 13: Illustrated AFS migration
      1. Introduction
      2. Existing AFS cell setup
      3. Setting the NFS domain to the AFS cell name
      4. Setting up the KRB5/LDAP environment
      5. Migrating users to Kerberos and LDAP
      6. Migrating group information
      7. Migrating data
      8. Migrating ACLs
      9. Accessing the migrated data from NFSv4 clients
  7. Part 5: Appendixes
    1. Appendix A: Test environment
    2. Appendix B: Case study: IBM Global Storage Architecture
      1. Business problem
      2. Solution
      3. GPFS File system
      4. Security
      5. Load balancing
      6. Server hardware
      7. Storage
      8. Protocols and software
      9. Backups
      10. Time synchronization
      11. Kerberos and NFSv4
      12. Centralization
      13. Scalability
      14. Benefits of GSA File
      15. GSA File status
    3. Appendix C: Configuring Network Time Service
      1. Configuring the NTP server with a reference clock
      2. Configuring the NTP server without a reference clock
      3. Configuring NTP clients
    4. Appendix D: AIX 5L V5.3 NFS quick reference
      1. NFS configuration files
      2. NFS daemons
      3. NFS commands
      4. Export options
      5. mount command options
      6. nfso command options and examples
      7. nfs4cl command options and examples (1/2)
      8. nfs4cl command options and examples (2/2)
    5. Appendix E: Scripts and configuration files
      1. Sample LDAP LDIF file for the KDC realm
      2. Script to add users to the KDC
      3. DFS to AIXC ACL migration example
      4. DFS to NFSv4 migration example (1/2)
      5. DFS to NFSv4 migration example (2/2)
      6. AFS to Kerberos/LDAP user migration
      7. AFS to Kerberos/LDAP group migration
      8. AFS to NFSv4 ACL migration (1/2)
      9. AFS to NFSv4 ACL migration (2/2)
      10. Migrate DCE groups to LDAP
      11. Migrate DCE groups to LDAP
      12. Copy ACL
    6. Appendix F: Installing an AIX 5L maintenance level
      1. Obtaining the latest fixes
      2. On the Web
      3. AIX 10/2005 Update CD
      4. Installation tips
      5. Installation
      6. Verifying the installation
    7. Appendix G: Sample migration planning worksheet
    8. Appendix H: Additional material
      1. Locating the Web material
      2. Using the Web material
  8. Related publications
    1. IBM Redbooks
    2. Other publications
    3. Online resources
    4. How to get IBM Redbooks
    5. Help from IBM
  9. Index (1/2)
  10. Index (2/2)
  11. Back cover

Product information

  • Title: Implementing NFSv4 in the Enterprise: Planning and Migration Strategies
  • Author(s): Gene Curylo, Richard Joltes, Trishali Nayar, Bob Oesterlin, Aniket Patel, Chris Almond
  • Release date: December 2005
  • Publisher(s): IBM Redbooks
  • ISBN: 9780738494234