5. PtServer BeoLink.org
Introduction
Distributed Centralized
• You don’t need change apps • Real-time
• Low problem on HA • Consistency View
• IDM with RBAC • Reuse existing Architecture
6. PtServer BeoLink.org
Introduction
AFS Manager
• Graphical User Interface
• Provisioning Interface ( multi mode)
• Administration Task
PtServer NG
• Active Directory Integration
• Directory Integration
8. AFS Manager BeoLink.org
Goals
GUI
• Interface for Windows Administrators
• Simple to use
• Complete overview of the Cell
• Standard object for php scripting (CLI)
Monitoring
• Volume Access Monitoring
• Volume Space Usage
• System Statistics
WebService Interface
• Provisioning Interface for Volume, User, Group
• Automatic volume layout
• Re-Balance (replications, move volumes ..)
14. PtServer BeoLink.org
Overview
Ptserver keeps user/group information
• Ptserver contains entries for every user and group in the cell
• Ptserver allocates AFS IDs for new user, machine and group
entries and maps each ID to the corresponding name.
• Ptserver generates a current protection subgroup (CPS) at the
File Server's request. The CPS lists all groups to which a user
or machine belongs
Ubik is the openAFS database
• Ubik is a single linear database
• Ubik is automatically replicated across a number of servers.
• Ubik is a ‘transactional’ database (supports fully distributed
changes as long as a majority of the servers are up and are
synchronized together in a write quorum)
15. PtServer BeoLink.org
Goals
Create Pluggable user storage
• Ubik
• Ldap
• Windows
Create flexible user mapping
• Mapping user id on existing system
• Mapping group id on existing system
16. PtServer BeoLink.org
Winbind
Winbind unifies UNIX and Windows NT account management by
allowing a UNIX box to become a full member of an NT domain
Authentication
• NTLM
• ADS (Kerberos)
Users Information
• Account info
• ID mapping
Groups Information
• Group info
• ID Mapping
18. Overview BeoLink.org
Demo
Demo … high probability of crash ..
19. PtServer BeoLink.org
Advantages
• Single identity (single storage)
• id mapping
• gid mapping
• Real time update
• Pluggable in existing infrastructure
Disvantages
• Reliability
• Performance
20. PtServer BeoLink.org
Open points ..
Licences
• Load GPL 3 library, compatibility ?
Performance
• How many request per second ?
Where to Store ..
• Flags
• Quota Group
21. BeoLink.org
Reference
• For Further Questions:
• Fabrizio Manfredi
• fabrizio.manfredi@gmail.com
manfred.furuholmen@gmail.com
• http://www.beolink.org
Too
Long
The End
22. AD as IDM BeoLink.org
IdMapping
IDMAP SID<->UID/GID
• LDAP
• Internal (TDB)
• ADS (SFU/RFC)