
IFS TIG #2 - Feb 9, 2001 / 1:45-3:30pm

Present: Zuwei Liu, Kevin Rowland, Gary Dobbins, Chris Fruejwirth, Joseph
Franco, Katie English, Ian Byrne, Paul Go, David Yeh, David Klawiter

A considerable amount of time was spent trying to come to an agreement on
the appropriate focus of the TIG. David Yeh brought up a concern that
aspects of the functional requirements are necessary to keep in mind when
designing the IFS. Coursware, for example, is an area that will be affected
by splitting the file system into two trees. Gary responded to the example
saying that it may not present as big a problem as it might seem. He noted
that this may require a re-thinking in the way we use Courseware. His
thought would be to have non-binary components of Courseware made available
to students via HTTP protocol, thus it would not matter where the files
reside. Binaries then, are platform specific and appropriately would reside
in the file space that services the particular platform.

There were other issues that came up that basically pointed to the
responsibilities of the stakeholders group. Gary proposed that when a
"bullet point" item comes up, that the conversation not take a turn to
discuss the issue fully. He suggests that it be noted in the minutes,
so it is not overlooked, and the dicussion remain focused.

Kevin reiterated the 4 major points of agreement from the first meeting:

1. Two trees are necessary to provide appropriate service to all platforms.
AFS remains in place to service Unix clients while a separate file system is
created to service Windows & Mac clients.

2. Synchronization between the two trees at the server level is not viable.
There is not an efficient means to do this that would satisfy the
expectation of cross-platform availability of files.

3. A CIFS-based file system is the server platform of choice for Windows &
Mac clients.

Gary drew a basic sketch of a proposed IFS, where the communication protocol
for Windows & Mac clients was listed as SMB/TCP. In response to seeing this,
Paul Go asked what CIFS is, as his previous understanding was that CIFS was
presented as the protocol for this communcation. Gary explained that in fact
it was one in the same. While Microsoft had renamed the protocol for
marketing purposes (wanting to get the term Internet included) there was
also a technical difference. SMB (proper) was built on top the NetBIOS
protocol. CIFS was redesigned and optimized for TCP transport.

Joseph Franco (again) stated concerns that he does not understand a
CIFS-based file system to be the best solution for service to Mac clients.
He asked if it provides solutions for all the problems created by using AFS.

Kevin explained that the Windows & Mac clients share many of the same
requirements in terms of the use of a file system (ie: a stateful
connection, file-locking being two shared requirements).

Options for connection to CIFS for Mac:
- Server-side: suffers from scalability problems
- Client-side: two current solutions provide well-accepted connectivity.
Scalability issues are less of a problem because at this point the Macs look
like just another PC client to the server.

Another reason to choose a CIFS architecture is the ability to take
advantage of MS-DFS.

4. Bridging between the file systems at the server level is impractical.
Connectivity would be accomplished at the client.

Kevin shared his recent findings in implementing a solution based around
using a Windows2000 Domain.

There are two modes for running a W2K Domian: Native mode; Mixed Mode

- Mixed mode is necessary to cooperate with NT4-style domains (Enabling
this backward compatibility was never a consideration by the Windows group
for the upcoming Windows 2000 project.)

- Native mode does not imply that NTLM communcation can not happen. Kevin
found that he was able to join a Network Appliance Filer to a W2K domain by
specifying the computer account in the domain to use NTLM authentication.

Kevin drew a schematic of a possible solution using NAS and its relationship
to the Kerberos project.

      - - - -
     |  MIT  | Principal DB
     |  KDC  |
      - - - -
        /\
       /  \
      /    \ One-way trust (for cross-realm authentication)
   - - -    \
  | AFS |    \
   - - -    - - - - -
     |     |   W2K   | Principle DB
     |     |   KDC   |   (Global Catalog Server)
     |      - - - - -
     |               \
     |                 \  W2K Domain Membership
     |                   \
    - - - -               - - - -
   | Unix  | - - - - - - |  FS   |
    - - - -      NTLM    |  NAS  |
                          - - - -
                           /    \
                          /      \
                         /  NTLM  \
                        /          \
                     - - -        - - -
                    | Win |      | Mac |
                     - - -        - - -

Kevin went into a detailed explaination of the relationship of the W2K
domain and the Kerberos system.

The alternate solution would be to use direct attached storage behind a W2K
server.

At the next meeting we need to choose which direction would provide the best
solution.