Proposals

Linux Multitenant File Servers using Likewise-CIFS

Session information has not yet been published for this event.

*
Refereed Presentations
Presentation
Scheduled: Wednesday, November 3, 2010 from 10:50 – 11:35am in President's Ballroom

One Line Summary

The paper will explain the architecture used by the Likewise-CIFS file server to enable Linux hosts to concurrently operate as a member of multiple Microsoft Active Directory domains.

Abstract

Internet based services such as Web and Email have long supported the concept of virtual domain hosting. However, Intranet based file services, such as NFS and CIFS, have often lagged behind with such features. The challenges in providing multitenant support for any application include, but are not limited to, the following items:

  • Separating run-time state for each authentication domain from one another
  • Routing requests to the appropriate authentication
  • Managing global operating system configuration and data files

File server consolidation is an ongoing activity both in the Intranet and in the cloud. Multitenant file servers provide the most efficient use of storage and hardware capabilities without the additional overhead of virtual machines or multi-instance solutions used to segregate client security domains. Likewise-CIFS, the file server component of the Likewise Open project, provides an administrator with the ability to join an SMB/CIFS file server to more than one Microsoft Active Directory domain which in turn allows him to migrate aging file servers from any number of AD domains to a single host and manage security, backups, and data policies in a central location.

The Likewise-CIFS suite is composed of two main run time services and several smaller supporting components. The heart of authentication is the Likewise Security Authority (lsassd) and the I/O path is managed by the Likewise I/O Manager (lwiod). The lwiod daemon supplies a loadable driver interface for the SMB/CIFS protocol module (SRV) and the user-space File System Driver implementation (PVFS).

This presentation will explain the internal architecture decisions made to enable multitenancy in lsassd, how this impacts the configuration, authentication, and authorization features in the SMB/CIFS file server, and how data protection is enforced in the PVFS driver once data is written to stable storage.

Tags

storage, CIFS, File server, Multitenancy

Presentation Materials

slides
Back to list of proposals

Speaker

  • Dsc_0431

    Gerald Carter

    Likewise Software

    Biography

    Gerald Carter is currently employed by Likewise Software as Director of Engineering and as the project lead for Likewise Open, an open source effort to make integration into Microsoft dominated networks simple for both network administrators and application developers. He has been developing, writing about, and teaching on Open Source since the late 90’s at events such as LISA, LinuxWorld Expo, SANE, SambaXP, OSCON, and the SNIA SDC. He was a member of the Samba core development team from 1998 – 2009 and has authored both “LDAP System Administration” and the third edition of “Using Samba” and for O’Reilly Publishing. He has held previous positions at HP and VA Linux systems and completed his term on the Usenix Association’s Board of Directors in June of this year.

Leave a private comment to organizers about this proposal