Tuesday, November 14, 2006

Features of NFSv4

Hello EB,

Linux team is focused on NFSv4 development to resolve buggy previous nfs versions.
Some features as follow -
Some key features are:

* POSIX ACL support, including Windows ACL interoperability.
* Locking enhancements, including advisory and mandatory locks.
* Data replication or migration is made easier with NFS's help.
* TCP-only, with tons of improvements, making NFS over WAN links viable.
* No more portmap, lock manager, mount and RPC hell; NFSv4 uses RPC, but all over port 2049.
* Security, for the first time: authentication, cryptographic integrity and encryption are all possible.

To expand on the highlights of NFSv4 outlined above, let's begin with ACL support. A fundamental change in the way NFS looks at files was needed. The new model makes sense to Unix as well as Windows, and supports an extended set of permissions attributes. Even the notion of a File Handle has been completely rethought and for conceptual purposes, can be thought of as deprecated.

NFS has always been good at dealing with network failures. Writes to the file systems will block, and when operations resume, they will complete. One limitation has always been with locking, though. NFSv4 now supports a finer granularity in locking, implementing advisory and mandatory lock mechanisms. This means that clients can choose to lock files at more than just "I'm using it" levels, allowing greater amounts of concurrent access to files.

Date replication allows easy copies of file systems to be propagated to multiple servers, and some NFSv4 implementations (AIX, most notably) can even redirect a client to the appropriate server. Many companies are talking about ways to make NFS capable of failover, and IBM has implemented it already. Data migration is also part of the v4 specification, which can provide a simply way to move NFS services and the related data to new hardware.

NFS has historically been very bad over WAN, or high-latency links. For reliability, TCP has always been available, but performance has always been bad across non-local networks. UDP functionality has been removed, making TCP the only option. Couple that with tons of performance enhancements and WAN operation is not only possible, but very efficient. The protocol is also self-contained, enabling Internet usage without opening gaping holes in firewalls. Locking and mounting file systems all happen over port 2049, and if NFSv4 is the only NFS protocol enabled, opening that to the Internet can be quite secure.

Security had to be addressed if NFSv4 was to become an Internet-accessible protocol. The RPCSEC_GSS protocol is required for version 4 implementations, which means it will support: Kerberos v5, LIPKEY, and SPKM-3. A server will control which is allowed, along with the requirements for authentication and encryption. The new school of thought for NFS, similar to what CIFS in Windows requires, is that individual users get authenticated, not just the machines they are on.



Post a Comment

<< Home