remote file access problems and solutions
play

Remote File Access: Problems and Solutions Authentication and - PowerPoint PPT Presentation

Aug 01, 2023 •455 likes •886 views

Remote File Access: Problems and Solutions Authentication and authorization Performance Synchronization Robustness Lecture 13 CS 111 Page 1 Summer 2013 Authorization and Authentication Authorization is determined if someone

  1. Remote File Access: Problems and Solutions • Authentication and authorization • Performance • Synchronization • Robustness Lecture 13 CS 111 Page 1 Summer 2013

  2. Authorization and Authentication • Authorization is determined if someone is allowed to do something • Authentication is determining who someone is • Both are required for good file system security – Be sure who someone is first – Then see if that entity can do what he asked for • Both are more challenging when file system spans multiple machines Lecture 13 CS 111 Page 2 Summer 2013

  3. Problems in Authentication/ Authorization • How does remote server know requestor identity? – User isn’t logged into his machine • Where should we enforce access control rules? – On the requesting client side? • That’s who really knows who the client is – On the responding server side? • That’s who has responsibility to protect the data – On both? • Name space issues – Do the client and server agree on who’s who? Lecture 13 CS 111 Page 3 Summer 2013

  4. Approaches to These Security Issues • User-session protocols (e.g., CIFS) – RFS session establishment includes authentication • So server authenticates requesting client – Server performs all authorization checks • Peer-to-peer protocols (e.g., NFS) – Server trusts client to enforce authorization control – And to authenticate the user • Third party authentication (e.g., Kerberos) – Server checks authorization based on credentials Lecture 13 CS 111 Page 4 Summer 2013

  5. Performance Issues • Performance of the remote file system now dependent on many more factors – Not just the local CPU, bus, memory, and disk • Also on the same hardware on the server that stores the files – Which often is servicing many clients • And on the network in between – Which can have wide or narrow bandwidth Lecture 13 CS 111 Page 5 Summer 2013

  6. Some Performance Solutions • Appropriate transport and session protocols – Minimize messages, maximize throughput • Partition the work – Minimize number of remote requests – Spread load over more processors and disks • Client-side pre-fetching and caching – Fetching whole file at a once is more efficient – Block caching for read-ahead and deferred writes – Reduces disk I/O and network I/O (vs. server cache) Lecture 13 CS 111 Page 6 Summer 2013

  7. Protocol-Related Solutions • Minimize messages – Allow any key operation to be performed with a single request and a single response – Combine short messages and responses into a single packet • Maximize throughput – Design for large data transfers per message – Use minimal flow control between client and server Lecture 13 CS 111 Page 7 Summer 2013

  8. Partitioning the Work Clearly on Open file instances, offsets client side Data packing and unpacking Authentication/authorization Either side Directory searching (or both) Block caching Specialized caching (directories, file descriptors) Logical to physical block mapping On-disk data representation Clearly on Device driver integration layer server side Device driver Lecture 13 CS 111 Page 8 Summer 2013

  9. Server Load Balancing • If multiple servers can handle the same file requests, we can load balance – Improving performance for multiple clients • Provide a pool of servers – All with access to the same data • E.g., they all have copies of all the same files – Spread client traffic across all of the servers • E.g., using a load-balancing front-end router – Increase capacity by adding servers to pool • With potentially linear scalability – Works best if requests are idempotent Lecture 13 CS 111 Page 9 Summer 2013

  10. Client-Side Caching • Benefits – Avoids network latencies – Clients can cache name-to-handle bindings • Eliminating repetition of the same search – Clients can cache blocks of file data • Eliminating the need to re-fetch them from the server • Dangers – Multiple clients, each with his own cache – Cache invalidation issues • Challenges – Serializing concurrent writes from multiple clients – Keeping client side caches up-to date • Without sending N messages per update Lecture 13 CS 111 Page 10 Summer 2013

  11. The Cache Invalidation Issue • Two (or more) clients cache the same block • One of them updates it • What about the other one? • Server could notify every client of every write – Very inefficient • Server could track which clients to notify – Higher server overhead • Clients could obtain lock on files before update • Clients could verify cache validity before use Lecture 13 CS 111 Page 11 Summer 2013

  12. Synchronization Issues • Distributed synchronization is slow and difficult – Provide a centralized synchronization server • All locks are granted by a single server • Changes are not official until he acknowledges them • He notifies other nodes of “interesting” changes • Distributed systems have complex failure modes – Locks are granted as revocable leases • Update transaction must be accompanied by valid lease – Versioned files can detect stale information – All cached information should have a “time to live” • A tradeoff between performance and consistency Lecture 13 CS 111 Page 12 Summer 2013

  13. Robustness Issues • Three major components in remote file system operations – The client machine – The server machine – The network in between • All can fail – Leading to potential problems for the remote file system’s data and users Lecture 13 CS 111 Page 13 Summer 2013

  14. Robustness Solution Approaches • Network errors – support client retries – Have file system protocol uses idempotent requests – Have protocol support all-or-none transactions • Client failures – support server-side recovery – Automatic back-out of uncommitted transactions – Automatic expiration of timed-out lock leases • Server failures – support server fail-over – Replicated (parallel or back-up) servers – Stateless remote file system protocols – Automatic client-server rebinding Lecture 13 CS 111 Page 14 Summer 2013

  15. Idempotent Operations • Operations that can be repeated many times with same effect as if done once – If server does not respond, client repeats request – If server gets request multiple times, no harm done • Examples: – Read block 100 of file X – Write block 100 of file X with contents Y – Delete file X, version v • Examples of non-idempotent operations: – Read next block of current file – Append contents Y to end of file X Lecture 13 CS 111 Page 15 Summer 2013

  16. State-full and Stateless Protocols • A state-full protocol has a notion of a “session” – Context for a sequence of operations – Each operation depends on previous operations – Server is expected to remember session state – Examples: TCP (message sequence numbers) • A stateless protocol does not assume server retains “session state” – Client supplies necessary context on each request – Each operation is complete and unambiguous – Example: HTTP Lecture 13 CS 111 Page 16 Summer 2013

  17. Server Fail-Over • When is handling server failure by switching to another server feasible? – If the other server can access the required data • Because files are replicated to multiple servers • Because new server can access old server’s disks – If the protocol allows stateless servers • Client will not expect server to remember anything – If clients can be re-bound to a new server • IP address fail-over may make this automatic • RFS client layer might rebind w/o telling application • Idempotent requests can be re-sent with no danger Lecture 13 CS 111 Page 17 Summer 2013

  18. Remote File System Examples • Common Internet File System (classic client/ server) • Network File System (peer-to-peer file sharing) • Andrew File System (cache-only clients) • Hyper-Text Transfer Protocol (a different approach) Lecture 13 CS 111 Page 18 Summer 2013

  19. Common Internet File System • Originally a proprietary Microsoft Protocol – Newer versions (CIFS 1.0) are IETF standard • Designed to enable “work group” computing – Group of PCs sharing same data, printers – Any PC can export its resources to the group – Work group is the union of those resources • Designed for PC clients and NT servers – Originally designed for FAT and NT file systems – Now supports clients and servers of all types Lecture 13 CS 111 Page 19 Summer 2013

  20. CIFS Architecture • Standard remote file access architecture • State-full per-user client/server sessions – Password or challenge/response authentication – Server tracks open files, offsets, updates – Makes server fail-over much more difficult • Opportunistic locking – Client can cache file if nobody else using/writing it – Otherwise all reads/writes must be synchronous • Servers regularly advertise what they export – Enabling clients to “browse” the workgroup Lecture 13 CS 111 Page 20 Summer 2013

  21. Benefits of Opportunistic Locking • A big performance win • Getting permission from server before each write is a huge expense – In both time and server loading • If no conflicting file use 99.99% of the time, opportunistic locks greatly reduce overhead • When they can’t be used, CIFS does provide correct centralized serialization Lecture 13 CS 111 Page 21 Summer 2013

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Distributed-File Systems Background Naming and Transparency Remote File Access

Distributed-File Systems Background Naming and Transparency Remote File Access

Distributed-File Systems Background Naming and Transparency Remote File Access Stateful versus Stateless Service File Replication Example Systems Typeset by Foil T EX 1 Background Distributed file system (DFS)

1.1k views • 73 slides
Distributed File Systems 14A. Remote Data Access: Architectures Operating Systems Principles

Distributed File Systems 14A. Remote Data Access: Architectures Operating Systems Principles

5/25/2016 Distributed File Systems 14A. Remote Data Access: Architectures Operating Systems Principles 14B. Remote Data Access: Security 14C. Remote Data Access: Reliability Distributed File Systems 14D. Remote Data Access: Performance 14E.

321 views • 8 slides
Chapter 16 Distributed-File Systems Background Naming and Transparency Remote File

Chapter 16 Distributed-File Systems Background Naming and Transparency Remote File

Chapter 16 Distributed-File Systems Background Naming and Transparency Remote File Access Stateful versus Stateless Service File Replication Example Systems Operating System Concepts Silberschatz, Galvin and Gagne 2002

168 views • 12 slides
Module 17: Distributed-File Systems Background Naming and Transparency Remote File

Module 17: Distributed-File Systems Background Naming and Transparency Remote File

Module 17: Distributed-File Systems Background Naming and Transparency Remote File Access Stateful versus Stateless Service File Replication Example Systems Silberschatz, Galvin, and Gagne 1999 Applied Operating System

1.3k views • 29 slides
Module 17: Distributed-File Systems Background Naming and Transparency Remote File

Module 17: Distributed-File Systems Background Naming and Transparency Remote File

Module 17: Distributed-File Systems Background Naming and Transparency Remote File Access Stateful versus Stateless Service File Replication Example Systems Silberschatz, Galvin, and Gagne 1999 Applied Operating System

726 views • 58 slides
Chapter 16 Distributed-File Systems Background Naming and Transparency Remote File

Chapter 16 Distributed-File Systems Background Naming and Transparency Remote File

Chapter 16 Distributed-File Systems Background Naming and Transparency Remote File Access Stateful versus Stateless Service File Replication Example Systems Operating System Concepts 16.1 Silberschatz, Galvin and Gagne

277 views • 24 slides
Distributed File Systems Accessing files FTP, telnet Explicit access User-directed

Distributed File Systems Accessing files FTP, telnet Explicit access User-directed

Distributed File Systems Accessing files FTP, telnet Explicit access User-directed connection to access remote resources We want more transparency Allow user to access remote resources just as local ones Focus on file system for

1k views • 66 slides
Distributed File Systems Security: Anonymous access all files available to all users 14B.

Distributed File Systems Security: Anonymous access all files available to all users 14B.

5/30/2018 Distributed File Systems Security: Anonymous access all files available to all users 14B. Remote Data Access: Security no authentication required may be limited to read-only access 14C. Remote Data: Robustness examples:

391 views • 9 slides
Remote Access Plus Enterprise Remote Access Sofuware - Product Overview Covers all your

Remote Access Plus Enterprise Remote Access Sofuware - Product Overview Covers all your

Remote Access Plus Enterprise Remote Access Sofuware - Product Overview Covers all your troubleshooting needs ! On Premises Available on cloud Feature Highlights Advanced remote desktop sharing Voice, video and text chat Remote

222 views • 11 slides
Distributed File Systems Security: Anonymous access all files available to all users 14B.

Distributed File Systems Security: Anonymous access all files available to all users 14B.

6/6/2017 Distributed File Systems Security: Anonymous access all files available to all users 14B. Remote Data: Security no authentication required may be limited to read-only access 14C. Remote Data: Reliability & Robustness

89 views • 8 slides
DTCP + Remote Access Proposal for Discussion with 3S October 28, 2009 1 Remote Access (RA)

DTCP + Remote Access Proposal for Discussion with 3S October 28, 2009 1 Remote Access (RA)

DTCP + Remote Access Proposal for Discussion with 3S October 28, 2009 1 Remote Access (RA) Basic Rules Remote Connection AKE RA Encoding Rules 2 Remote Access Basic Rules Source devices may permit remote access to content

326 views • 15 slides
Distributed File Systems Chi Zhang czhang@cs.fiu.edu NFS Architecture (1) a) The remote access

Distributed File Systems Chi Zhang czhang@cs.fiu.edu NFS Architecture (1) a) The remote access

COP 6611 Advanced Operating System Distributed File Systems Chi Zhang czhang@cs.fiu.edu NFS Architecture (1) a) The remote access model. (like NFS) b) The upload/download model (like FTP) 2 1 NFS Architecture (2) The basic NFS

336 views • 8 slides
Distributed Systems User-directed connection to access remote resources We want more

Distributed Systems User-directed connection to access remote resources We want more

Accessing files FTP, telnet : Explicit access Distributed Systems User-directed connection to access remote resources We want more transparency Distributed File Systems Allow user to access remote resources just as local ones Paul

247 views • 3 slides
Distributed Systems - III Open a file, check status on a file, close a file; Read data

Distributed Systems - III Open a file, check status on a file, close a file; Read data

CSE 421/521 - Operating Systems What does Distributed File System Provide? Fall 2011 Provide access to and manipulation of data stored at remote servers using file system interfaces Lecture - XXV What are the file system interfaces?

236 views • 5 slides
Remote Access and SSH a t t e n t i i g r e e n ! P a y t o t e x t o n n T h e s e c o r r e c t

Remote Access and SSH a t t e n t i i g r e e n ! P a y t o t e x t o n n T h e s e c o r r e c t

Remote Access and SSH a t t e n t i i g r e e n ! P a y t o t e x t o n n T h e s e c o r r e c t i d o n e a f t h e l e c t u r e ! t e r a r e o n s 1 Remote Access Modern computing requires the use of a variety of resources located on

652 views • 44 slides
Operating System Principles: Accessing Remote Data CS 111 Operating Systems Peter Reiher

Operating System Principles: Accessing Remote Data CS 111 Operating Systems Peter Reiher

Operating System Principles: Accessing Remote Data CS 111 Operating Systems Peter Reiher Lecture 16 CS 111 Page 1 Fall 2017 Outline Data on other machines Remote file access architectures Challenges in remote data access

925 views • 56 slides
pNFS State of the Union FAST-11 BoF Sorin Faibish- EMC, Peter Honeyman - CITI Outline What

pNFS State of the Union FAST-11 BoF Sorin Faibish- EMC, Peter Honeyman - CITI Outline What

pNFS State of the Union FAST-11 BoF Sorin Faibish- EMC, Peter Honeyman - CITI Outline What is pNFS? pNFS Tutorial pNFS Timeline Standards Status Industry Support EMC Contributions Q&A 2 pNFS Update November 2010

549 views • 20 slides
Network Bandwidth Utilization Forecast Model on High Bandwidth Networks Scientific Data

Network Bandwidth Utilization Forecast Model on High Bandwidth Networks Scientific Data

Network Bandwidth Utilization Forecast Model on High Bandwidth Networks Scientific Data Management Group Computational Research Division Lawrence Berkeley National Laboratory Wucherl (William) Yoo, Alex Sim Feb. 17, 2015 W. Yoo, CRD , LBNL 1

461 views • 20 slides
Data management in Wireless Sensor Networks (WSN) Giuseppe Amato ISTI-CNR

Data management in Wireless Sensor Networks (WSN) Giuseppe Amato ISTI-CNR

Data management in Wireless Sensor Networks (WSN) Giuseppe Amato ISTI-CNR giuseppe.amato@isti.cnr.it Outline Data management in WSN Query processing in WSN State of the art Future research directions Outline Data management

1.07k views • 86 slides
CSci 4211: Introduction to Computer Networks Time: Monday and Wednesday 2:30 to 3:45 pm

CSci 4211: Introduction to Computer Networks Time: Monday and Wednesday 2:30 to 3:45 pm

CSci 4211: Introduction to Computer Networks Time: Monday and Wednesday 2:30 to 3:45 pm Location: Smith Hall 231 Fall 2018, 3 Credits 1 Instructor David Hung-Chang Du Email: du@cs.umn.edu Office: Keller Hall 4-225B for Office Horus Phone:

292 views • 14 slides
Introduction File System Design for an NFS File In general, appliance is device designed to

Introduction File System Design for an NFS File In general, appliance is device designed to

4/1/2014 Introduction File System Design for an NFS File In general, appliance is device designed to Server Appliance perform specific function Distributed systems trend has been to use Dave Hitz, James Lau, and Michael appliances instead

103 views • 8 slides
Network FS / Access Control 1 last time two-phase commit consensus: workers + coordinator agree

Network FS / Access Control 1 last time two-phase commit consensus: workers + coordinator agree

Network FS / Access Control 1 last time two-phase commit consensus: workers + coordinator agree to commit no take-backs via redo-logging at each node blocking on failure idea of majority-vote consensus 2 logistics note last weeks

1.65k views • 132 slides
CD- -ROM Networking ROM Networking CD Somchai Prasitjutrakul Somchai Prasitjutrakul Dept. .

CD- -ROM Networking ROM Networking CD Somchai Prasitjutrakul Somchai Prasitjutrakul Dept. .

CD- -ROM Networking ROM Networking CD Somchai Prasitjutrakul Somchai Prasitjutrakul Dept. . of Computer Engineering of Computer Engineering Dept Chulalongkorn Univ. . Chulalongkorn Univ CD- -ROM Networking ROM Networking : : Outline

303 views • 28 slides
MulVAL: A logic-based network security analyzer Xinming Ou, Sudhakar Govindavajhala, and Andrew

MulVAL: A logic-based network security analyzer Xinming Ou, Sudhakar Govindavajhala, and Andrew

14th USENIX Security Symposium, August 2005 MulVAL: A logic-based network security analyzer Xinming Ou, Sudhakar Govindavajhala, and Andrew W. Appel Princeton University Outline Introduction Representation Vulnerability

268 views • 23 slides

More recommend