Hi Jeff,
For clarification - Are you saying it's routine for customers to do NFSv4 with Kerberos? Or just NFSv4 sec=sys style?
-- Mike Garrison
On Sat, Nov 8, 2014 at 12:13 AM, Steiner, Jeffrey < Jeffrey.Steiner@netapp.com> wrote:
I work for NetApp and while I’m not really involved in general file services projects, I see the email discussions internally and I know adoption of NFSv4 is quite widespread. It’s a routine customer practice to just go to NFSv4. It’s not just file services, there are applications like WebSphere that leverage some of the features of NFSv4.
There were some growing pains with AIX and linux for a while, but recent versions of all OS’s seem just fine with NFSv4. I’ve worked on some internal projects relating to databases where we beat up NFSv4 with various workloads and we didn’t run into any problems with performance or stability.
There was some use of kerberized NFSv3, but it never really caught on much.
*From:* toasters-bounces@teaparty.net [mailto: toasters-bounces@teaparty.net] *On Behalf Of *Michael Garrison *Sent:* Friday, November 07, 2014 10:53 PM *To:* toasters@teaparty.net *Subject:* "Sensitive data" storage needs
We currently offer a NFS v3 service that people can purchase. It's relatively inexpensive and basic, but thats what folks like. They can access it from their desktop and then access the data on a cluster to do compute jobs. However, it doesn't meet the requirements of being able to store sensitive data - like ePHI.
I've been exploring the route of NFS v4 with Kerberos, but the Linux client leaves a lot to be desired. Additionally, folks are so used to how NFS v3 works that introducing Kerberos into the mix is challenging.
How are other groups (business, academic, whatever), addressing security, yet doing it in an inexpensive manner and allowing cross-platform access? Is anyone doing NFS v4 (or v3) with Kerberos today?
Thanks,
Mike Garrison