NFS still going strong
- 15 September, 2004 10:32
We have spent so much time talking about new file systems recently it only seems fair to give a bit of space to NFS, the Network File System that Sun first gave us about 20 years ago.
Because NFS is agnostic when it comes to machines, operating systems, network architectures, and transport protocols, it provides remote access to shared file systems across networks. NFS thus allows users on a network to access disks on remote hosts. To do this users mount disk partitions on remote machines, with the result that the remote files appear to be files on the local machines.
One result is that NFS has long been the standard for sharing files across LANs. Add to this the fact that NFS came into being more or less at the same time as the Internet was being birthed, and you have a historical perspective on why NFS became the de facto Internet file standard as well.
NFS was originally developed to work with Sun's version of Unix, but it was also designed to enable DOS (and later, Windows) to share files on disk drives running under Unix. As networked computing requirements have developed over the years, NFS has adapted pretty well; NFS now works with every flavor of Unix and, of course, with Linux.
If NFS has been around for so long, if it is the de facto standard, and if in the final analysis it really does work - all of these are true, by the way - why not leave well enough alone and just keep on using it?
Essentially, there are two reasons.
For a long time, security - or more appropriately, the lack of security - was the major knock on NFS. The historical reason for this is that NFS grew up in the Unix world, where security was frequently an afterthought, and in most cases was pretty much ignored.
Although the vendors never paid much attention to this topic until relatively recently, Project Athena at MIT began to develop its Kerberos authentication infrastructure about 15 years ago. Kerberos uses encrypted keys to provide security for client-server applications, offering inside-the-firewall security for Unix and several other operating systems. The academic community lead the way when it came to NFS security, and it wasn't until Unix began to move into enterprise companies in support of commercial applications that the vendor community saw there was a need for a comparatively secure file system.
Kerberos now plays a major role in most NFS security applications.
Kerberos is also used by Microsoft Windows for network authentication. In connection with this, a good introduction to Kerberos is available from a Microsoft white paper located at: http://www.nwfusion.com/nlstorage583
NFS's second shortcoming, according to many people, is that it is incapable of providing for the throughput demands of a high-performance computing environment. You decide if this issue applies to your site or not.
Of course, if you really want to learn about Kerberos and NFS security, or about benchmarking your NFS performance, you will have to talk to the experts.