IBM NFS/DFS Authentication Gateway

A migration bridge to NFS Version 4

Take advantage of the new features Network File System Version 4 (NFS Version 4) now has to offer. With the ever-growing storage needs in large enterprises and NFS implementations offering more and more features, it makes business sense for enterprises to migrate to NFS Version 4. In this article, we discuss the need and various strategies for migrating from the IBM Distributed Computing Environment (DCE)/Distributed File System™(DFS™) infrastructure to NFS Version 4 on AIX® and Linux®.

Sandeep Ramesh Patil (rsandeep@in.ibm.com), Staff Software Engineer, EMC

Photo of SandeepRamesh PatilSandeep Ramesh Patil is an Advisory Software Engineer for the IBM India System and Technology Lab. His professional experience has been on distributed technology and security products such as the IBM Network Authentication Services (IBM Kerberos). He is an IBM developerWorks Professional Author with most of his articles on information security. He also plays a active role in IP generation. Sandeep holds a BE degree in computer science and engineering from the University of Pune, India. You can contact him at rsandeep@in.ibm.com .



Ravikumar Ramaswamy (ravi.kumar@in.ibm.com), Staff Software Engineer, EMC

Photo of Ravikumar RamaswamyRavikumar Ramaswamy is a Staff Software Engineer for the IBM India Software Labs. He has worked for IBM for the past three years, focusing on distributed technology including DCE and SARPC. Prior to IBM, he has worked for around three years with Cabletron and Cygnet on system management products like Spectrum. His areas of expertise are mainly in network management and distributed computing. You can contact him at ravi.kumar@in.ibm.com.



26 January 2006

Introduction

Open source products, such as Network File System (NFS), now offer industrial grade capabilities and have gained major vendor support. NFS has evolved into a powerful enterprise file system that enables it to take advantage of more powerful servers and storage. Older enterprise file systems, such as Andrew File System (AFS) and Distributed File System™ (DFS™), have architectural limitations that limit their ability to process large files and take advantage of the increased memory and multiprocessor support available in modern servers. Since NFS Version 4 is an outcome of standards, it offers the ability to quickly deploy an enterprise file system without imposing dependencies on custom code. NFS Version 4 has come a long way to overcome the shortcomings of NFS Version 2 and Version 3, and many vendors are already out with their implementation of NFS Version 4, including IBM with its AIX® 5.3 release and the Open NFS Version 4 with the Linux® 2.6 kernel release. The industry is looking at NFS Version 4 as the next generation distributed file system. So with the end of support declared for IBM DFS and AFS products and NFS Version 4 emerging as the upcoming enterprise file system, administrators will be busy sketching strategies for migrating to NFS Version 4. This article takes you through the migration strategies that administrators can use when migrating data from IBM DFS to NFS Version 4. We discuss the importance of NFS Version 4 and then propose some strategies for migration, such as phased, partial, and full migration. Lastly, we briefly describe the IBM NFS/DFS Authentication Gateway, which is shipped along with IBM DFS, and then move on to elaborate how this authentication gateway can aid the migration on AIX and Linux platforms.


Migration strategies from IBM DFS to NFS Version 4

You can use different approaches to migrate from IBM DFS to NFS Version 4. It depends on the existing organizational role of IBM DFS and the potential impact on existing applications, services, network, migration deadlines, size of data, administrative expertise, and so forth. In this section, we discuss some of the basic migration strategies to adopt for migration.

The following approach allows you to expand a small NFS Version 4 configuration to manage increasing amounts of IBM DFS data. To start out, we recommend moving only a few of the IBM DFS filesets to NFS Version 4 in such way that both IBM DFS and NFS users can access them. Over a period of time, as your NFS Version 4 expertise grows and more IBM DFS filesets are moved to NFS, you can choose to completely migrate to NFS Version 4 and phase out of IBM DFS. This gradual migration process allows administrators to ease their IBM DFS users into NFS Version 4, while taking advantage of DFS-only machines. The following migration strategies provide a broad overview that can help in planning the migration:

Phased migration
A phased migration occurs over a long period of time, possibly as long as a year. In this strategy, the DFS users and data are moved gradually to NFS Version 4. Users need to access both the DFS as well as NFS space during the migration period. Typically, a phased migration procedure is recommended if the DFS cell of your organization is large or if you choose to take a long time to migrate to NFS Version 4 for some reason. Later in this article, you'll see how the IBM NFS/DFS Authentication Gateway proves handy for phased migration.
Partial migration
The partial migration procedure is applicable when converting huge DFS cells wherein you might like to migrate only a limited amount of data to NFS Version 4, continue to have the rest on DFS, or have reasons for keeping DFS machines online for an extended period of time after completing your migration work from DFS to NFS Version 4. For this reason, you can use the IBM NFS/DFS Authentication Gateway for NFS Version 4 clients to access DFS data.
Full migration
A full migration procedure is generally suitable for a small DFS cell where the migration work is expected to complete within a small period of time (from several hours to few days). In this procedure, the entire DFS cell is migrated to NFS Version 4 in a short span of time. As data is moved from DFS to NFS Version 4, the DFS server machines can be decommissioned and configured as NFS Version 4 server. Since migration is expected to complete over a short period of time, administrators might choose not to allow users to access both the DFS and NFS Version 4 space.

Though a full migration strategy seems to look pretty straightforward in actual practice, it's the phased migration that is preferred by most of the administrators and recommended for enterprises having medium to large DFS cells. The major concern to address in the phased migration is that the administrators are required to give the end users access to both the DFS as well as the NFS Version 4 space.


IBM NFS/DFS Authentication Gateway

The NFS/DFS Authentication Gateway provides authenticated access to the IBM DFS filespace in the Distributed Computing Environment (DCE) for users of NFS clients. The ability of NFS clients to access the IBM DFS filespace from an IBM DFS client is already inherent in IBM DFS. However, NFS client users are limited to unauthenticated access, because the authentication information differs for DFS and NFS. The NFS/DFS Authentication Gateway bridges this difference and connects an NFS client user with an authenticated DCE principal. For detailed information, refer to the IBM DFS for AIX/Solaris NFS/DFS Authentication Gateway Guide and Reference (see Resources). Figure 1 below shows the overview of the NFS/DFS Authentication Gateway.

Figure 1: Overview of the NFS/DFS Authentication Gateway
Figure 1: Overview of the NFS/DFS Authentication Gateway

In Figure 1 above, the following versions of software were successfully tested:

  • DFS server: IBM DFS 3.1, PTF 9 for AIX 5.2
  • DFS client: IBM DFS 3.1, PTF 9 for AIX 5.2
  • NFS server: IBM AIX 5.2 NFS Version 3
  • NFS client: IBM AIX 5.3 NFS Version 4 and Red Hat Enterprise Linux 4.0 (RHEL 4) (kernel 2.6) NFS Version 4

IBM DFS -- NFS Version 4 migration bridge

As discussed earlier during the migration from IBM DFS to NFS Version 4, there will be a need for users to access both the DFS as well as NFS space at the same time. Since the primary function of the NFS/DFS Authentication Gateway is to enable NFS clients to have access to DFS, administrators can make use of this gateway to help bridge across the two file systems. Using this gateway, the NFS client can then view the same file system hierarchy as the DFS client. In short, the NFS/DFS Authentication Gateway provides a migration capability for NFS Version 4 clients to access DFS objects that still need to be migrated while making the transition from DFS to the NFS Version 4 file sharing environment.

The following are the high-level steps for setting up the IBM DFS to AIX NFS Version 4 migration bridge:

  1. Configure the IBM NFS/DFS Authentication Gateway when you plan for the migration. You can either choose to configure the authentication gateway on one of the existing DFS server machines or have it on a separate machine, as you would not want to load your server machines. For details about configuring the IBM NFS/DFS Authentication Gateway, please refer to the IBM DFS for AIX NFS/DFS Authenticating Gateway Guide and Reference.
  2. You can now us your client machines (with NFS Version 4 client) to access both the DFS as well as NFS space by appropriately mounting the file systems. Care should be taken while mounting DFS using the NFS Version 4 client. None of the NFS Version 4 features, such as enhanced authentication, authorization, and so forth, should be used. In other words, the NFS Version 4 client should mount the DFS space just like the NFS Version 3 client.

The previous steps allow NFS Version 4 client machines to access both the migrated data from the NFS Version 4 space as well as the data still under migration from the DFS space. In fact, administrators can use this kind of setup to transfer data from DFS to NFS Version 4. Keep in mind that such a transfer of data will not take care of the existing data in the Access Control List (ACL). Administrators must deal with this situation separately.

Figure 2 below illustrates the migration setup involving the IBM NFS/DFS Authentication Gateway that administrators can use while migrating from IBM DFS to NFS Version 4.

Figure 2: DFS to NFS Version 4 migration setup with NFS/DFS Authentication Gateway
DFS to NFS Version 4 migration setup with NFS/DFS Authentication Gateway

The previous setup was tested with the following combination:

  • IBM DFS servers -- IBM DFS 3.1 PTF9 running AIX 5.2
  • NFS Version 4 servers -- AIX 5.3 , RHEL 4 (kernel 2.6)
  • NFS Version 4 clients -- AIX 5.3, RHEL 4 (kernel 2.6)
  • IBM NFS/DFS Authentication Gateway -- IBM DFS 3.1 PTF9 running on AIX 5.2

Conclusion

With the NFS Version 4 emerging as the next generation enterprise file system and IBM DFS nearing its end, administrators should start planning to migrate from IBM DFS to NFS Version 4. As discussed above, having the IBM NFS/DFS Authentication Gateway in the migration setup proves very handy to administrators when migrating from IBM DFS to NFS Version 4.

Resources

Learn

Get products and technologies

  • Get your hands on application development tools and middleware products from DB2®, Lotus®, Rational®, Tivoli®, and WebSphere®. You can download evaluation versions of the products at no charge, or select the Linux or Windows® version of developerWorks' Software Evaluation Kit.

Discuss

Comments

developerWorks: Sign in

Required fields are indicated with an asterisk (*).


Need an IBM ID?
Forgot your IBM ID?


Forgot your password?
Change your password

By clicking Submit, you agree to the developerWorks terms of use.

 


The first time you sign into developerWorks, a profile is created for you. Information in your profile (your name, country/region, and company name) is displayed to the public and will accompany any content you post, unless you opt to hide your company name. You may update your IBM account at any time.

All information submitted is secure.

Choose your display name



The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerWorks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

Required fields are indicated with an asterisk (*).

(Must be between 3 – 31 characters.)

By clicking Submit, you agree to the developerWorks terms of use.

 


All information submitted is secure.

Dig deeper into AIX and Unix on developerWorks


static.content.url=http://www.ibm.com/developerworks/js/artrating/
SITE_ID=1
Zone=AIX and UNIX, Linux
ArticleID=102650
ArticleTitle=IBM NFS/DFS Authentication Gateway
publish-date=01262006