John:
First thing I suggest was rsync, but they are using availl right now and it's not 'doing it' for them. Rsync isn't gonna much better than that. It is a weird need, and the assumptions regarding security are a little off, but this organization is big enough that I won't question how they arrived at them, I'm sure I don't have all the facts that went into why they do this and not that.
GFS is looking the most promising however, and I've checked and Netapp does support it. We'll see if the firewall can let that through.
Thanks
Glenn
-----Original Message----- From: John Stoffel [mailto:john.stoffel@taec.toshiba.com] Sent: Friday, April 06, 2007 3:58 PM To: Glenn Dekhayser Cc: toasters@mathworks.com Subject: Re: Weird NFS need
Glenn> I've got a client that wants to have 2 linux-based ftp/http Glenn> servers, one in the LAN and one in the DMZ, share some data. Glenn> NFS would be perfect.
How closely in-sync do they need to be?
Glenn> However-
Glenn> The security group will not allow server in the DMZ to access Glenn> the LAN-based Netapp through the firewall for its NFS resource. Glenn> Also, I cannot put an interface from the Netapp into the DMZ.
Sure, makes perfect sense.
Glenn> They WILL allow it if it's encrypted.
Huh? This makes no sense...
Glenn> I saw WebNFS, does Netapp support some sort of NFS over HTTPS? Glenn> or SSH?
None that I know of...
Glenn> Alternatively, the client said that what would be allowed is if Glenn> the two servers could share the same LUN- FC only, no iSCSI. Glenn> Has anyone out there tried that before, what needs to be done Glenn> on the linux side to make that happen?
You'd have to get something like GFS (RedHats Global FileSystem) setup on both boxes, but that might not work over a firewall.
Instead, I'd just do an rsync from the internal system to the outside system.
Or make the internal people use 'sftp' or 'scp' to push/pull files from the DMZ host to their internal side.
Maybe understanding what the purpose of the two systems is, and what's going to be accomplished would help more here.
John