book

Implementing NFSv4 in the Enterprise: Planning and Migration Strategies

by Gene Curylo, Richard Joltes, Trishali Nayar, Bob Oesterlin, Aniket Patel, Chris Almond

December 2005

Intermediate to advanced

420 pages

11h 3m

English

IBM Redbooks

Read now

Unlock full access

Notices
Trademarks
Preface
The team that wrote this redbook
Acknowledgments
Become a published author
Comments welcome
Part 1: Introduction
Chapter 1: Introduction
Overview of enterprise file systems

The migration landscape today
Strategic and business context
Why NFSv4?
The rest of this book
Chapter 2: Shared file system concepts and history
Characteristics of enterprise file systems
ReplicationMigration
Federated namespace
CachingEnterprise file system technologiesSun Network File System (NFS)Andrew File System (AFS)Distributed Computing Environment/Distributed File System
General considerations when using enterprise file systems
Part 2: NFSv4 on AIX 5L V5.3
Chapter 3: NFSv4 implementation
Implementation of the NFSv4 protocol in AIX 5L V5.3
NFSv4 features supported in the initial AIX 5L V5.3 releaseExternal namespace (exname) supportFSIDs and file handles
Features introduced in AIX 5L V5.3 RML03 (1/5)
DelegationReferral
Features introduced in AIX 5L V5.3 RML03 (2/5)
Features introduced in AIX 5L V5.3 RML03 (3/5)
Replication
Features introduced in AIX 5L V5.3 RML03 (4/5)
Features introduced in AIX 5L V5.3 RML03 (5/5)
List of NFSv4 features supported in AIX 5L V5.3
Chapter 4: Using NFSv4 with JFS2 or GPFS
AIX 5L enhanced journaled file system (JFS2) (1/2)
Comparing JFS2 with JFSJFS2 advanced features
AIX 5L enhanced journaled file system (JFS2) (2/2)
Using JFS2 with NFSv4JFS2 ACLs versus NFSv4 ACLsHow do we implement inheritance NFSv4 ACLs?
General Parallel File System (GPFS) (1/4)
Why GPFS?GPFS advantages
General Parallel File System (GPFS) (2/4)
When to consider GPFSPlanning considerations for GPFSUsing NFSv4 with GPFSNFSv4 export considerations for GPFSNFS usage of GPFS cacheNFSv4 ACL administration
General Parallel File System (GPFS) (3/4)
General Parallel File System (GPFS) (4/4)
NFS client with stale inode data
Backup considerations
Chapter 5: Using NFSv4 features
Using the cache file system (CacheFS)
CacheFS performance benefitsCacheFS performance impactsConfiguring CacheFS
Managing LDAP automount maps
Pseudo file system
NFSv4 ACLs (1/5)
NFSv4 ACLs (2/5)
NFSv4 ACLs: ACL evaluationNFSv4 ACLs: Administration
NFSv4 ACLs (3/5)
NFSv4 ACLs: ACL inheritance and umask
NFSv4 ACLs (4/5)
NFSv4 ACLs (5/5)
NFSv4 ACLs: Permissions scenariosNFSv4 ACLs: ACL evaluation flowchart for NFSv4NFSv4 ACLs: NFSv3 clients
Part 3: Preparing to use NFSv4
Chapter 6: Building an NFSv4 environment
Environment used for demonstration scenarios
Infrastructure setup flow
Network Time Protocol (NTP) configuration
IBM Tivoli Directory Server V5.2Preparing the system for IBM Tivoli Directory Server installationInstalling IBM Tivoli Directory Server
Configuring IBM Tivoli Directory Server
Configuring Tivoli Directory Server to be a client of itself
IBM Network Authentication Services (Kerberos V5) server installation (1/2)
Setting up the environmentConfiguring the NAS server
IBM Network Authentication Services (Kerberos V5) server installation (2/2)
IBM Tivoli Directory Server client configuration
IBM Network Authentication Services client install and configuration (1/2)
Integrated login (single sign-on)Standard loginAdding NAS users
IBM Network Authentication Services client install and configuration (2/2)
Migrating existing users into NASInstallation details
Installing GPFS
Preparing the GPFS nodes for installationCreating the GPFS directoryCreating the GPFS installation table of contents fileInstalling GPFS through the network
Verifying the GPFS installation
Configuring GPFS (1/2)Setting up the environmentCreating the GPFS cluster and nodesCreating a GPFS file system
Configuring GPFS (2/2)
Chapter 7: Migration considerations
General migration considerations
Types of migrations
Switch-over migrationPhased or rolling migrationUser-by-user or self-managed migration
Hardware planning
Individual component considerations (1/2)
SecurityRPCSEC_GSS security flavorsRPCSEC_GSS protection levelsUser identity management optionsUser and group identities and NFSv4RPCSEC_GSS user authentication using KerberosUser accounts and authentication resources
Individual component considerations (2/2)
NFSv4 user authorization methods
Choosing a user authorization methodOther user authorization considerationsNFSv4 host identificationNFSv4 host authenticationNFSv4 host authorization
Choosing the appropriate file system types (1/2)
Backup systemsTime servicesUser data
Choosing the appropriate file system types (2/2)
Chapter 8: Migration scenarios
Part 4: Migrating to NFSv4
Chapter 9: NFSv3 to NFSv4 migration
The test environment
Using NFSv3 and NFSv4 side-by-side
Migrating from NFSv3 to NFSv4
Using NFSv3
Using NFSv4 with NFSv3
Configuring the NFS domainConfiguring the pseudo root file systemExporting file systems for access to NFSv3 and NFSv4 clientsMounting NFSv4 exports on the clientsMounting NFSv3 exports on the clients
Differences between NFSv3 and NFSv4 mounts
Adding security (1/2)Creating NFS service principals in KerberosConfiguring the gssd daemon on the NFS serverMapping Kerberos V5 realms to NFS domainsCreating the NFS keytab file entryConfiguring security on the clients.
Adding security (2/2)
Exporting NFS file systems with security
Mounting an NFSv4 exported file system
Namespace management (1/2)How does the NFSv4 namespace help?Enhancing classic NFSv4 exports using the exname option
Namespace management (2/2)
Setting a different pseudo root file system
Chapter 10: Planning a migration from DFS
An overview of DCE/DFS
Servers and clientsCellsCross-cell communicationsCachingAggregates and filesetsReplication
Component-specific migration considerations (1/2)
Authentication servicesDCE/DFS principal and group considerationsMigrating accounts from DCE to Kerberos V5
Component-specific migration considerations (2/2)
Authentication methodsAdditional considerations
ACL migration considerations (1/2)
Understanding DFS ACL evaluationsDFS to NFSv4 ACL translationDFS and NFSv4 ACL comparisonsExample of DFS to NFSv4 ACL translation
ACL migration considerations (2/2)
Data migration
Chapter 11: Illustrated DFS migration
Test environment
Migrating the DCE cell to LDAP/KRB5
Migrating user data
Capturing existing ACLs in the DFS environmentCopying data from DFS to the NFS namespaceRestoring ACLs on the copied data
Chapter 12: Planning a migration from AFS
A broad overview of AFS
A distributed file systemServers and clientsCellsTransparent access and the uniform namespaceSecurity: Mutual authentication and access control listsVolumes
Efficiency boosters: Replication and caching
Security differences between AFS and NFSv4Security and authorization in AFSSecurity in NFSv4Migration considerations
Migrating AFS users to NFSv4
Migrating AFS groups to NFSv4
Comparing an AFS “cell” and an NFS “domain”
File system semanticsAFS implements save on close
Difference between AFS and NFS
Building a namespacePseudo file systemExternal namespace (exname)Referrals and replication
Migrating AFS data to NFSv4 servers
Migration options
NFS/AFS Translator
Access control lists (1/2)AFS ACL permissionsNFS ACL permissionsDetailed comparison of AFS and NFS ACLsExample of an AFS to NFS ACL conversion
Access control lists (2/2)
Chapter 13: Illustrated AFS migration
Introduction
Existing AFS cell setup
Setting the NFS domain to the AFS cell name
Setting up the KRB5/LDAP environment
Migrating users to Kerberos and LDAP
Migrating group information
Migrating data
Migrating ACLs
Accessing the migrated data from NFSv4 clients
Part 5: Appendixes
Appendix A: Test environment
Appendix B: Case study: IBM Global Storage Architecture
Business problem
Solution
GPFS File system
Security
Load balancing
Server hardware
Storage
Protocols and software
Backups
Time synchronization
Kerberos and NFSv4
Centralization
Scalability
Benefits of GSA File
GSA File status
Appendix C: Configuring Network Time Service
Configuring the NTP server with a reference clock
Configuring the NTP server without a reference clock
Configuring NTP clients
Appendix D: AIX 5L V5.3 NFS quick reference
NFS configuration files
NFS daemons
NFS commands
Export options
mount command options
nfso command options and examples
nfs4cl command options and examples (1/2)
nfs4cl command options and examples (2/2)
Appendix E: Scripts and configuration files
Sample LDAP LDIF file for the KDC realm
Script to add users to the KDC
DFS to AIXC ACL migration example
DFS to NFSv4 migration example (1/2)
DFS to NFSv4 migration example (2/2)
AFS to Kerberos/LDAP user migration
AFS to Kerberos/LDAP group migration
AFS to NFSv4 ACL migration (1/2)
AFS to NFSv4 ACL migration (2/2)
Migrate DCE groups to LDAP
Migrate DCE groups to LDAP
Copy ACL
Appendix F: Installing an AIX 5L maintenance level
Obtaining the latest fixes
On the WebAIX 10/2005 Update CDInstallation tipsInstallation
Verifying the installation
Appendix G: Sample migration planning worksheet
Appendix H: Additional material
Locating the Web material
Using the Web material
Related publications
IBM RedbooksOther publications
Online resources
How to get IBM Redbooks
Help from IBM
Index (1/2)
Index (2/2)
Back cover

Overview

The most recent maintenance release of IBM AIX 5L Version 5.3 includes a significant set of new features added to the NFSv4 implementation. In 2004, the first IBM Redbooks publication devoted to the topic of NFSv4 implementation in AIX 5L was published: "Securing NFS in AIX: An Introduction to NFS V4 in AIX 5L," SG24-7204.

This book provides additional up-to-date information to help IBM clients understand and take advantage of the new NFSv4 functions provided by AIX 5L Version 5.3 with the 5300-03 Recommended Maintenance Package.

The NFSv4 implementation in AIX 5L has now expanded to provide core features that make it capable of providing a much broader range of distributed file system services than any prior version of NFS. The scope of this book includes methods for implementing NFSv4 in the enterprise and extensive coverage of methods for how it can potentially be used as a migration target for existing AFS-based and DCE/DFS-based enterprise file systems.

Please note that the additional material referenced in the text is not available from IBM.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 0738494232Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Implementing NFSv4 in the Enterprise: Planning and Migration Strategies

by Gene Curylo, Richard Joltes, Trishali Nayar, Bob Oesterlin, Aniket Patel, Chris Almond

Overview

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

More than 5,000 organizations count on O’Reilly

Julian F.

Addison B.

Amir M.

Mark W.

You might also like

What Successful Project Managers Do

The Human Factor in AI-Based Decision-Making

Coaching for High Performance

iSCSI: The Universal Storage Connection

Publisher Resources