Using the UITS SSH Gateway

Adding the following to your ~/.ssh/config will cause all SSH access to servers named *.uits.uconn.edu to hop through ssh.uits.uconn.edu, authenticating as your NetID.  Note that if you have kinit’d as <NETID>/admin, or if you have copied your public SSH key to ssh.uits.uconn.edu and are using ssh-agent, this will be transparent.

Host ssh.uits.uconn.edu
    ProxyCommand none

Host *.uits.uconn.edu
    ProxyCommand ssh -A <NETID>@ssh.uits.uconn.edu exec nc %h %p

Enterprise, Large Scale File Services

Admittedly, the world of file services has changed since Novell ruled the roost with Netware. All sorts of new buzzwords exist: Web Content Management, Enterprise Document Management, Document Archiving, Knowledge Management … but you still can’t beat simple file storage service like Windows offers natively. Except, it is really hard to provide that kind of service at a very large scale.
So here is the question — how do I provide a file service with the following requirements:

  • Must scale beyond 25,000 users (potentially 100,000), each with private “home” directories, plus whatever permutations of group space can be imagined.
  • Must support large amounts of storage, including individual files of several hundred gigabytes, user/group quotas of several terabytes.
  • Must support access from OSX, Windows, and Linux such that applications on these systems can natively open, read, write files — in other words, similar to simple CIFS access, though a non-native client to support this functionality is acceptable.
  • Must support some level of access from mobile devices, including Android, iPhone/iPad, Windows Mobile, and ideally Blackberry too.
  • Must provide a rich “sexy-looking” web interface.
  • Must provide consistent abstract interface — in other words, scaling across hundreds of servers is acceptable, as long as users never need to be told “connect to server #17 for X, and server #53 for Y”.  There should be some sort of abstracted virtual filesystem.
  • Must support user-controllable ACLs to facilitate sharing and security.
  • Must be accessible by non-technical end users with very little handholding – should be “intuitive”.
  • Must allow integration with backup solution that can provide file-level restoration.
  • Should allow for storage of data to be accessed by Linux and Windows servers, such as user generated web content, HPC-generated research data, etc.
  • Should allow for attachment of metadata for searching.
  • Should allow integration with backup solution that allows end-user to perform file-level restoration.

Some have tried to convince me that Windows DFS can do all this, but I have yet to see a deployment that actually encompasses all of the above.  Anyone have any references?

I am quite intrigued by OpenAFS, using the filedrawers web interface, and possibly using the Samba gateway to avoid deploying the OpenAFS client to every machine — anyone with any experience doing this?  Anyone serve OpenAFS data out over DAV via Apache, mod_dav, and mod_waklog?  Is filedrawers or DAV an acceptable mobile device access mechanism?  Pitfalls?

What else should I be considering?