Why Use AFS at UWM?

AFS is being used by some research groups at UWM. We are considering using it for class accounts as well. This web page contains some of the reasons why we are considering AFS for the whole department.

What is AFS?

AFS is an open-source distributed filesystem that uses Kerberos for security. It is available on just about all UNIX platforms (including MacOS 10) and on Windows. For more information see the OpenAFS web page and its FAQ pages.

What benefits would AFS bring to UWM students?

There are a number of benefits:

Self-service restores. AFS makes available a complete copy of your files ``yesterday'' so that if you accidentally delete a file, you can get yesterday's version without having to send a request to labstaff. Older backups still require administrative assistance.
Group projects. Several UWM CS classes allow students to work in groups. With AFS, it is easy to create groups, or to give access to specific other people, without letting in everybody (the standard problem with "world readability" with standard UNIX permissions).
External access. Students could install AFS clients on their home machines, and then work on their files without having to copy files back and forth. AFS was originally designed for students at Carnegie Mellon University to access their campus files over slow networks. AFS using local file caches to avoid network latency problems. Kerberos security makes external access relatively secure.
With AFS, you can even access your files from a laptop far from home.
Achitecture independence: AFS makes is easier to maintain different binary architectures.
OpenAFS is freely available and under active development.

There are also benefits that administrators can benefit from

There would be no need for 'tash': instructors can be automatically added to the access control lists for class directories. Similarly with various submit and grade checking routines. There would be no need for SUID programs.
Course administrators can manage their own instructor lists.
Directories can be moved from one file server to another without reconfiguring clients or taking machines down.
Each student's home directory can be managed as a separate volume which enables it to be mounted in a different place if the student switches sections or unmounted if a student drops the course.

What are some problems with using AFS?

As with any system, there is a learning curve. The learning curve is gentle for users (clients), but steeper for administrators. The fact that we already have an AFS cell which has been used for over 6 years will help.
Group and world permission bits on AFS are unused, and may confuse people.
If you make a directory in AFS ``world readable'' it is really world readable: anyone in the world with AFS client software can read the files in the directory!

Plans

AFS has been used successfully for CompSci 252 (Spring 2005), CompSci 552 (Fall 2003,2004,2005), CompSci 431 (Spring 2004) and CompSci 654 (Spring 2004, 2005). The CS UWM AFS cell now uses Kerberos V for authentication. We are getting new hardware (Dec. 2005) from Sun for AFS servers.