1. Novell Storage Services ™ File System Performance, Clustering and Auditing in Novell ® Open Enterprise Server on Linux Marcus Gould Premium Support Engineer Novell, Inc. [email_address] Bart Schoofs WorldWide Support Engineer Novell, Inc. [email_address] Adam Jerome Senior Software Engineer Novell, Inc. [email_address] Vijai Babu Madhavan Filesystem Engineer Novell, Inc. [email_address]
39. VFS (Virtual File Services) (1) Create File foo.txt logged in as Joe with a UID of 705 Client NSS Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
40. VFS (Virtual File Services) (1) Create File foo.txt logged in as Joe with a UID of 705 (2) NSS requests eDirectory name for UID 705 LUM returns joe.acme Client LUM NSS Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
41. VFS (Virtual File Services) (1) Create File foo.txt logged in as Joe with a UID of 705 (2) NSS requests eDirectory name for UID 705 LUM returns joe.acme (3) NSS requests security equivalence information for joe.acme – eDirectory returns a list of equivalent users and group memberships Client LUM eDirectory NSS Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
42. VFS (Virtual File Services) (1) Create File foo.txt logged in as Joe with a UID of 705 (2) NSS requests eDirectory name for UID 705 LUM returns joe.acme (3) NSS requests security equivalence information for joe.acme – eDirectory returns a list of equivalent users and group memberships (4) NSS does normal trustee checking based on users and groups returned by eDirectory Client LUM eDirectory NSS Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
43.
44.
45.
46.
47.
48.
49.
50. User quotas and salvage will work Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
51. NCP ™ Server Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
52. NCP ™ Server (1) User and Group information for the connection joe.acme is using NCP Server eDirectory Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
53. NCP ™ Server (2) Create file foo.txt logged in as joe.acme (1) User and Group information for the connection joe.acme is using NCP Client NCP Server eDirectory Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
54. NCP ™ Server (2) Create file foo.txt logged in as joe.acme (1) User and Group information for the connection joe.acme is using (3) Apply trustee rights based on path & connection NCP Client NCP Server eDirectory Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
55. NCP ™ Server (2) Create file foo.txt logged in as joe.acme (1) User and Group information for the connection joe.acme is using (3) Apply trustee rights based on path & connection (4) Create foo.txt as root NCP Client NCP Server eDirectory NSS Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
56. NCP ™ Server (2) Create file foo.txt logged in as joe.acme (1) User and Group information for the connection joe.acme is using (3) Apply trustee rights based on path & connection (4) Create foo.txt as root (5) Change owner to joe.acme (by GUID) NCP Client NCP Server eDirectory NSS Device Drivers EVMS (Enterprise Volume Management System) Media Manager Logic NSS Storage Subsystem Linux Semantic Agent Linux Applications (e.g. SAMBA) NCP _ Admin Management (Virtual File System) eDirectory Handler Up Call VFS (Virtual File Services) Reiser EXT3 XFS
143. Unpublished Work of Novell, Inc. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.
Hinweis der Redaktion
The vigil_ncp.ko module was architected to audit these (2) specific NCP internal events. The NCP engine has been modified to pass these events (through a sysfs interface) to vigil_ncp.ko. For each of these specific NCP internal events, vigil_ncp.ko module retrieves the NCP/NDS client metadata through the Process Metadata Table (in the same fassion as does the vigil_nss.ko module). An audit record is created and passed on to vigil.ko for further processing.
The vigil_ncp.ko module was architected to audit these (2) specific NCP internal events. The NCP engine has been modified to pass these events (through a sysfs interface) to vigil_ncp.ko. For each of these specific NCP internal events, vigil_ncp.ko module retrieves the NCP/NDS client metadata through the Process Metadata Table (in the same fassion as does the vigil_nss.ko module). An audit record is created and passed on to vigil.ko for further processing.
The vigil_ncp.ko module was architected to audit these (2) specific NCP internal events. The NCP engine has been modified to pass these events (through a sysfs interface) to vigil_ncp.ko. For each of these specific NCP internal events, vigil_ncp.ko module retrieves the NCP/NDS client metadata through the Process Metadata Table (in the same fassion as does the vigil_nss.ko module). An audit record is created and passed on to vigil.ko for further processing.
The vigil_ncp.ko module was architected to audit these (2) specific NCP internal events. The NCP engine has been modified to pass these events (through a sysfs interface) to vigil_ncp.ko. For each of these specific NCP internal events, vigil_ncp.ko module retrieves the NCP/NDS client metadata through the Process Metadata Table (in the same fassion as does the vigil_nss.ko module). An audit record is created and passed on to vigil.ko for further processing.
The vigil_ncp.ko module was architected to audit these (2) specific NCP internal events. The NCP engine has been modified to pass these events (through a sysfs interface) to vigil_ncp.ko. For each of these specific NCP internal events, vigil_ncp.ko module retrieves the NCP/NDS client metadata through the Process Metadata Table (in the same fassion as does the vigil_nss.ko module). An audit record is created and passed on to vigil.ko for further processing.
The vigil_ncp.ko module was architected to audit these (2) specific NCP internal events. The NCP engine has been modified to pass these events (through a sysfs interface) to vigil_ncp.ko. For each of these specific NCP internal events, vigil_ncp.ko module retrieves the NCP/NDS client metadata through the Process Metadata Table (in the same fassion as does the vigil_nss.ko module). An audit record is created and passed on to vigil.ko for further processing.
The vigil_ncp.ko module was architected to audit these (2) specific NCP internal events. The NCP engine has been modified to pass these events (through a sysfs interface) to vigil_ncp.ko. For each of these specific NCP internal events, vigil_ncp.ko module retrieves the NCP/NDS client metadata through the Process Metadata Table (in the same fassion as does the vigil_nss.ko module). An audit record is created and passed on to vigil.ko for further processing.
The vigil_ncp.ko module was architected to audit these (2) specific NCP internal events. The NCP engine has been modified to pass these events (through a sysfs interface) to vigil_ncp.ko. For each of these specific NCP internal events, vigil_ncp.ko module retrieves the NCP/NDS client metadata through the Process Metadata Table (in the same fassion as does the vigil_nss.ko module). An audit record is created and passed on to vigil.ko for further processing.
The vigil_ncp.ko module was architected to audit these (2) specific NCP internal events. The NCP engine has been modified to pass these events (through a sysfs interface) to vigil_ncp.ko. For each of these specific NCP internal events, vigil_ncp.ko module retrieves the NCP/NDS client metadata through the Process Metadata Table (in the same fassion as does the vigil_nss.ko module). An audit record is created and passed on to vigil.ko for further processing.
The vigil_ncp.ko module was architected to audit these (2) specific NCP internal events. The NCP engine has been modified to pass these events (through a sysfs interface) to vigil_ncp.ko. For each of these specific NCP internal events, vigil_ncp.ko module retrieves the NCP/NDS client metadata through the Process Metadata Table (in the same fassion as does the vigil_nss.ko module). An audit record is created and passed on to vigil.ko for further processing.
The vigil_ncp.ko module was architected to audit these (2) specific NCP internal events. The NCP engine has been modified to pass these events (through a sysfs interface) to vigil_ncp.ko. For each of these specific NCP internal events, vigil_ncp.ko module retrieves the NCP/NDS client metadata through the Process Metadata Table (in the same fassion as does the vigil_nss.ko module). An audit record is created and passed on to vigil.ko for further processing.
The vigil_ncp.ko module was architected to audit these (2) specific NCP internal events. The NCP engine has been modified to pass these events (through a sysfs interface) to vigil_ncp.ko. For each of these specific NCP internal events, vigil_ncp.ko module retrieves the NCP/NDS client metadata through the Process Metadata Table (in the same fassion as does the vigil_nss.ko module). An audit record is created and passed on to vigil.ko for further processing.
The vigil_ncp.ko module was architected to audit these (2) specific NCP internal events. The NCP engine has been modified to pass these events (through a sysfs interface) to vigil_ncp.ko. For each of these specific NCP internal events, vigil_ncp.ko module retrieves the NCP/NDS client metadata through the Process Metadata Table (in the same fassion as does the vigil_nss.ko module). An audit record is created and passed on to vigil.ko for further processing.
The vigil_ncp.ko module was architected to audit these (2) specific NCP internal events. The NCP engine has been modified to pass these events (through a sysfs interface) to vigil_ncp.ko. For each of these specific NCP internal events, vigil_ncp.ko module retrieves the NCP/NDS client metadata through the Process Metadata Table (in the same fassion as does the vigil_nss.ko module). An audit record is created and passed on to vigil.ko for further processing.
The vigil_ncp.ko module was architected to audit these (2) specific NCP internal events. The NCP engine has been modified to pass these events (through a sysfs interface) to vigil_ncp.ko. For each of these specific NCP internal events, vigil_ncp.ko module retrieves the NCP/NDS client metadata through the Process Metadata Table (in the same fassion as does the vigil_nss.ko module). An audit record is created and passed on to vigil.ko for further processing.
The vigil_ncp.ko module was architected to audit these (2) specific NCP internal events. The NCP engine has been modified to pass these events (through a sysfs interface) to vigil_ncp.ko. For each of these specific NCP internal events, vigil_ncp.ko module retrieves the NCP/NDS client metadata through the Process Metadata Table (in the same fassion as does the vigil_nss.ko module). An audit record is created and passed on to vigil.ko for further processing.