7mode allows you to get past the 16 GID limitation by extending GIDs out to 256.
cDOT will offer that parity in the upcoming release – but it will allow 1024.
As for Kerberos, NFSv4, etc… it is challenging to set up, but once you have a working infrastructure, implementing it is no problem.
TR-4073 covers this in detail.
http://www.netapp.com/us/media/tr-4073.pdf
I hear the guy who wrote it is cool, too.
From: toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.net]
On Behalf Of Touretsky, Gregory
Sent: Sunday, November 09, 2014 2:30 AM
To: Michael Garrison; toasters@teaparty.net
Subject: RE: "Sensitive data" storage needs
We’re piloting NFSv3 with Kerberos in our environment.
See
http://snia.org/sites/default/files2/SPDEcon2013/presentations/Security/Gregory_Touretsky_Implementing_Kerberos.pdf for some details.
The main goal is to overcome 16 GIDs limitation.
From:
toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.net]
On Behalf Of Michael Garrison
Sent: Friday, November 07, 2014 23:53
To: toasters@teaparty.net
Subject: "Sensitive data" storage needs
We currently offer a NFS v3 service that people can purchase. It's relatively inexpensive and basic, but thats what folks like. They can access it from their desktop and then access the data on a cluster to do compute jobs. However, it
doesn't meet the requirements of being able to store sensitive data - like ePHI.
I've been exploring the route of NFS v4 with Kerberos, but the Linux client leaves a lot to be desired. Additionally, folks are so used to how NFS v3 works that introducing Kerberos into the mix is challenging.
How are other groups (business, academic, whatever), addressing security, yet doing it in an inexpensive manner and allowing cross-platform access? Is anyone doing NFS v4 (or v3) with Kerberos today?
Thanks,
Mike Garrison
---------------------------------------------------------------------
Intel Israel (74) Limited
This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.