( click here to skip navigation links )
 
NC State University College of Engineering

-( Eos )-		  
< Home News Guide Labs Software Help About
 
Accounts and Policies : Labs and Platforms : Logging In and Out : User Space and Quota : Application Software : Mail and Web :
Working Directories : Files and Commands : Printing : Managin File Space : UNIX and Linux : AFS Overview : Remote Access
 
     
 

AFS Overview

    
 
         
 

AFS Subtopics in this Guide

AFS Overview (main)
AFS Permissions
AFS PTS Groups
AFS on Windows

AFS File Sharing (in Guide, PDF)

Never give out the password to your account in order to share information!

Use AFS permissions to grant access to directories of information you wish to share.

Location of Your User Volume

You use a path to get to your information, but that information actually resides in an AFS volume with a fixed quota (see Home Directory and Quota).

It is not necessary for you to know where your user volume is stored on a server because AFS finds it automatically. However, if there is maintenance or downtime scheduled for servers, you may want to know if your volume is affected. To find out on which server your volume currently resides:

fs whereis

On Windows:
Right-click K: drive -> AFS -> Show File Server

 

    

AFS was originally developed as the Andrew File System at Carnegie Mellon University (CMU). Later, it was developed as a commercial product by Transarc Corporation (now IBM Pittsburgh Lab). AFS is the principal file-sytem software of CMU, MIT, Stanford, and a number of other universities, as well as NCSU. Recently, AFS was acquired by IBM and is now distributed as open-source software, or OpenAFS.

Distributed Client-Server Model

AFS is a distributed file system that joins the file systems of networked computers. These computers can be of different manufacture, run different operating systems, or be in different countries even, but AFS unites them into a single, seamless environment.

AFS uses a client-server architecture, whereby special server computers deliver files and software to the client workstations that request them. AFS provides location independence that scales widely and stores and retrieves data transparently across a network of many computers. Files in AFS are as accessible as any stored locally on a personal computer's hard drive.

Authentication and Security

When you log in with your Unity password, the cache manager on your client workstation receives a token, which is a package of information that is scrambled by an AFS authentication program. If the cache manager can unscramble the token and use the information, you are authenticated as an authorized AFS user. AFS requires mutual authentication between servers and clients whenever they communicate with each other. Tokens that pass between them must be recognized as the valid tokens of authenticated users before files can be accessed and services and software delivered.

Root /afs Directory

Like UNIX, AFS uses a hierarchical tree-like file structure. Users logged in and authenticated to AFS will see the /afs root directory in all of their file and directory paths (on UNIX/Linux, type pwd). On Windows AFS computers, /afs is mapped to the J: drive in My Computer. Users open folders descending from /afs (J:) as they move through the file system to their data. The user's home directory in AFS, /afs/unity/users/a-z/userid/, is mapped to the K: drive, /afs (K:), for easy shortcut access from the Windows desktop.

Cells

The directories under /afs are cells. Cells are independently administered sites running AFS and consist of a collection of file servers and client workstations defined as belonging to that cell. There are three main NCSU cells: bp.ncsu.edu (campus backbone), eos.ncsu.edu (engineering), and
unity.ncsu.edu (campus). A computer can belong to only one cell at a time. A cell's administrators determine how workstations and servers are configured for that cell and how much storage space is available to each user, software package, project locker, etc. Each cell can also connect with the file space of other cells running AFS, whether these cells are located across the hall or across the country.

Partitions and Volumes

The storage disks on a server are sectioned into disk partitions. These partitions are further divided into volumes, which are "containers" or sets of related files and directories. Most AFS cells use one volume for each user's home directory. Volumes have a size limit, or quota, assigned by the system administrator. Each user's home directory (volume) is located on a one-gigabyte disk partition with many other users (see Home Directory and Quota).

Mount Points

Directory trees and their files are stored in volumes that are distributed across a number of servers. Access to a volume is provided through a mount point, which indicates the physical storage location of a volume on a server. Your own volume resides on one of many file servers, and the mount point is the pointer that AFS uses to find and retrieve it for you. A mount point looks and just like a static directory to the user, but it actually navigates the file system and servers to store and retrieve data transparently and automatically.

Client Caching

When you use a client machine on campus, its cache manager accesses any file you need from AFS file space. A request is made to the server for the file, and the server transfers a copy of the file back to the client, which is then cached on the client workstation's local disk. Work is done on this local cached file so there is no reliance on communication over the network, which slows activity and increases the load on the network. Only when the file is saved does the cache manager send changes back to the server, and the copy replaces the stored file (see above for authentication tasks the cache manager handles).

Access Contol Lists (ACLs)

AFS makes it easy for groups of people to share information and work together in the same directories (folders), no matter where they are located on the system. File-sharing is not restricted by place, distance, platform, or operating system differences. You can make directories world-readable, e.g., content for the Web, or restricted to a few people you are working with on a project.

AFS uses access control lists (ACLs, pronounced "ackles") to determine who accesses information in AFS file space. An ACL exists for every directory and specifies what actions different users can perform on that directory and its files. AFS uses its own special commands for setting permissions for individual access and access by groups.

AFS augments the standard UNIX file-protection mechanism with access control at the directory level. Three UNIX mode bits--read, write, and execute--protect each file, but seven AFS access rights protect the directory in which the file resides. As a result, individual file permissions do not mean very much in AFS-defined directory space (except for the execute bit x). In AFS, users assign and manage access to directories, not to individual files.

   

Related Resources

AFS at NC State

OpenAFS User Guide

IBM Pittsburgh Lab AFS Documentation



Main NCSU AFS Cells

bp.ncsu.edu
eos.ncsu.edu
unity.ncsu.edu

Other Universities Running AFS

MIT Athena

Carnegie Mellon Andrew

Stanford Leland

U. Michigan IFS

Definitions

access control lists
AFS
authentication
cached file
cache manager
cell
client
client-server
distributed file system
mode bits
mount point
partition
path
quota
root directory
server
token
volume

see also
AFS Glossary

 
         

< to Top]

< Home News Guide Labs Software Help About

 

Information Technology and Engineering Computer Services (ITECS)
College of Engineering, North Carolina State University, Raleigh, NC 27695
Comments to eoshelp@ncsu.edu. URL: http://www.eos.ncsu.edu/

 [ ENGR Template ]

 

This support page is for students, faculty, and
staff at North Carolina State University.