|
Frequently Asked Questions
1. What is the Trellis NAS Bridge Appliance (aka
TNBA, aka Trellis NBA)?
|
Trellis NBA is an appliance that makes it easier to access
files from one location (i.e., a client) even though
files may be stored on different computers,
different file servers, and different operating systems. The
servers might also be under the control of different systems
administrators.
With Trellis NBA, files can be accessed by
applications and interactively as if they were local files.
|
2. What makes a VM-based appliance a good way to deploy Trellis NBA?
(aka TNBA, aka Trellis NBA)?
|
- need to use privileged ports (for SAMBA)
- privilege for user id management, ability to support multiple
users
|
3. How is Trellis NBA different from using CIFS/SMB to access files?
|
Trellis NBA supports accessing files using CIFS/SMB too.
But, TNBA has other, new features including: support for
Secure Shell access, whole-file caching (which can improve
performance), and consolidating multiple CIFS/SMB servers
into one single, virtualized server. With a single mount
point, it is possible to access files on multiple servers
and use multiple protocols.
More details are found in the other FAQ entries.
|
4. What operating systems are supported/targeted by Trellis NBA?
|
Most importantly, Trellis NBA targets users whose *clients*
are Windows or Unix machines. The file servers can be running
any operating system that supports Secure Shell access or
will export files using CIFS/SMB.
In our testing, we have focused on Linux and Windows clients.
In theory, TNBA should work with any operating system that
can mount a volume that is exported using CIFS/SMB. Thus,
TNBA should work with Mac OS X clients, but we have not tested
this.
|
5. How can I use Trellis NBA? What are some basic use-case scenarios?
|
Use-Case Scenario 1:
I have a Windows machine/client at home. Some of my files
are on a server at work. My work does not allow me to mount
my folders directly on my home machine (usually for security
reasons). But, I can Secure Shell into the server at work.
Trellis NBA allows my Windows client at home to mount my
folders/files from work so that I can directly use them
with my applications. My alternative is to use, say, WinSCP
to copy the files from work to home, work with them, and
then (remember to) copy them back. With Trellis NBA, I
simply mount and use, like a normal file server.
Use-Case Scenario 2:
I have a Linux machine/client at home. Some of my files
are on a server at work. My work does not allow me to NFS
mount my folders directly on my home machine (for security
and performance reasons). But, I can Secure Shell into the
server at work. Trellis NBA allows my Linux client at home
to mount my folders/files from work so that I can directly
use them with my applications. My alternative was to use,
say, Secure Copy to copy the files from work to home, work
with them, and then (remember to) copy them back. With
Trellis NBA, I simply mount and use, like a normal file
server.
Use-Case Scenario 3:
I have either a Windows or a Linux machine/client. I need
to access some files from Department A on their Windows
server. I need to access some files from Department B on
their Unix server. Specifically, the Unix server will not
allow me to NFS mount the files because of security reasons.
With Trellis NBA, I can set it up so that I can mount and
access files from *both* servers with one step.
Use-Case Scenario 4:
My work involves multiple, separate groups. Some groups have their own backups and some don't have backups at all. With Trellis NBA, all my data appears under a single Windows drive or Unix directory, greatly simplifying the backup process.
|
6. Why is there nothing interesting to "see" after the virtual
machines boots?
|
The Trellis NBA is designed to be used and (mainly) configured
via a Web browser connection. On the console, Trellis NBA
does not use any interesting graphics or X windows.
|
7. What is a "bridge", in the context of Trellis NBA?
|
Trellis NBA is a bridge in the sense that heterogeneous
clients and servers continue to use their native operating
systems and protocols (e.g., Windows, Linux, CIFS/SMB, SSH)
and Trellis NBA will translate and interoperate between them.
|
8. What is a client, in the context of Trellis NBA?
|
The client is the machine on which the user will either
run applications with the files or manipulate the files
interactively.
We have focused our testing and development on Linux and
Windows clients. But, any operating system (e.g., Mac OS X,
other BSD-based Unices) that can mount a CIFS/SMB
exported volume can also be a client of Trellis NBA.
|
9. What is a NAS, in the context of Trellis NBA?
|
NAS stands for networked attached storage. Common examples
of NAS include Network File System (NFS) servers, SAMBA-based
servers, and Windows servers exporting via CIFS/SMB.
There are many different kinds of NAS and different protocols
for NAS. Trellis NBA tries to virtualize different NAS and
protocols into a single mount point, provided by a single
appliance.
|
10. What is a home node, in the context of Trellis NBA?
|
The "home node" is the original source of a file's data.
Trellis NBA can use Secure Shell (and Secure Copy) or
CIFS/SMB to access the file on the home node. When the
application or user is done with the file, Trellis NBA
copies back the new data to the home node.
|
11. How is Trellis NBA different from WinSCP?
|
WinSCP provides a nice graphical user interface (GUI) to
interactively browse remote files and copy a file from
remote-to-local and vice versa. Applications cannot directly
open the files on a remote server; the user has to explicitly
copy the files into and out of the local file system.
Trellis NBA allows you to mount a remote account (e.g., via
Secure Shell) or file server (e.g., via CIFS/SMB) and use
it as if it was just another file system. In particular,
applications can access those files without the user having
to use a GUI to copy those files locally first.
|
12. What can Trellis NBA do that other systems cannot do?
|
Mounting a remote server via a Secure Shell connection is
a key feature of Trellis NBA. WinSCP allows one to
interactively copy files via Secure Shell and Secure Copy,
but Trellis NBA allows applications to access the files
without the need for explicit copying by the user.
There are systems that support, for example, the CIFS/SMB
or NFS protocol over Secure Shell (often, via tunneling).
For example, there is Secure NFS Over SSH
(http://www.math.ualberta.ca/imaging/snfs/). If the user
has superuser privileges and/or the trust of systems
administrators, this is a viable solution. However, NFS
has some known security (with respect to arbitrary users
being able to mount arbitrary volumes) and performance
issues. In contrast, Trellis NBA does not require any
special privilege and Trellis NBA uses whole-file caching
for better performance across slower networks. As a bridging
system, Trellis NBA does NOT "simply" provide a way to
carry, say, the NFS protocol over a tunnel. Currently,
Trellis NBA uses one set protocols to access the home node
(e.g., SSH, CIFS/SMB) and one (with more to come in the
future) protocol (e.g., CIFS/SMB) to serve the file to the
client.
|
13. What are the basics of using Trellis NBA?
|
There are four major steps to using the appliance:
(a) Installing the Appliance
First, you need to get a copy of the appliance,
(TrellisNBA-1.0.0.zip), uncompress it somewhere, and open it
in VMware Player.
You will be prompted to select a root password as well as a
password for the web user interface. The web password will
be used to connect to the appliance and configure it via a
web browser. The root password allows you to log into the
appliance directly, via the console or ssh, and is typically
not required. Take care to pick good passwords and keep them
secret. After these passwords have been provided, the IP
address will be displayed via the console, e.g.:
"The appliance's web GUI is accessible through the URL:
https://192.168.107.128"
The web interface is now accessible, at this address, with
the username 'trellis' and the password you provided.
(b) Optional Configuration -- Allowing Network Users to Access
the Appliance
By default, the appliance ships with the NAT networking mode.
This is ideal for the case where other users on the network
will not use the appliance, or when the host computer is
portable and connects to different networks at different
times. In this mode, the appliance is automatically assigned
a private IP address by VMware's internal DHCP server.
As an alternative, it is possible to use bridged networking.
In this mode, the appliance will request its IP address from
a DHCP server on the local network. It will then be
accessible to other users on the network. To change the
networking mode, select 'Bridged' or 'NAT' from the 'Ethernet'
menu, and then reboot the appliance. If you can connect to
the appliance via a web browser (e.g. at
https://192.168.107.128 in the example above), you can select
the 'Reboot System' option from the 'Status & Diagnostics'
menu in the web interface. Or, you can log into the console
as root, with the password you supplied earlier, and type
'reboot <return>' at the prompt.
Finally, it is possible to use NAT networking but also share
access to the appliance with other users on the network. This
is useful, for example, when an external DHCP server is not
available. In this case, use NAT networking, but configure
VMware to forward ports 80 (http), 443 (https), and 139 (CIFS
file sharing) from the host computer to the appliance. In
this configuration, it is also necessary to configure the host
firewall, if any, to allow access to these ports. For this to
work, the host must not be using ports 80, 443, or 139, e.g.
to serve web pages or files. Therefore, this does not work on
default configurations of Windows where port 139 is used for
remote access to shared folders. To configure port forwarding
under Linux, stop all instances of VMware player, Workstation,
etc., and then, as root, add the following lines to the file
'/etc/vmware/vmnet8/nat/nat.conf' in the '[incomingtcp]'
section:
80 = <appliance IP address goes here>:80
443 = <appliance IP address goes here>:443
139 = <appliance IP address goes here>:139
Should the appliance's IP address change in the future, this
file would need to be edited again.
(c) Configuring the Web GUI
As mentioned in step (a), you can connect to the web
interface via your web browser at the address displayed
on the console, e.g. 'https://192.168.107.128'. To
authenticate, use the username 'trellis' and the password
you provided earlier.
(d) Mounting from the client
|
14. What's wrong with manually copying files from server-to-client
and client-to-server, in order to use them?
|
Short answer: Most applications (e.g., Microsoft Office, or
Unix tools and editors) expect to be given the name of a file
and then the application simply opens the file. If the file
must be copied, then the user has to assume that tedious and
error-prone responsibility. Trellis NBA handles the chore
of copying files automatically such that applications simply
open and close the files they need.
Longer answer: ????
|
15. Tell me honestly, what works well and what does not work well
with Trellis NBA, version 1.0.
|
What works well:
- Using Trellis NBA on a Windows client that is running the
NBA under VMWare on the same Windows machine.
- Using Trellis NBA on a Linux client that is running the
NBA under VMWare on the same Linux machine.
What is not yet tested:
- Using Trellis NBA with a Mac OS X client.
|
16. What are the rules-of-thumb of maintaining security when using
the Trellis NBA?
|
First, as with any computer system, never give out the root
password for the virtual machine / appliance. Files, keys,
and passwords are at risk if someone is able to login as root.
Second, the default configuration of Trellis NBA is to:
- Only allow root to log into the virtual machine.
- Only allow Web browsers to connect to the appliance
using encrypted https.
Do not change any of these default configurations unless you
are sure of what you are doing.
There is more information on the security of the Trellis NBA in the security section. See the Security link in the menu to the left.
|
17. Who produced the Trellis NBA?
|
The Trellis research group, with Paul Lu as Principal
Investigator, at the Department of Computing Science,
University of Alberta, Edmonton, Alberta, Canada is the
author of the Trellis NBA.
http://www.cs.ualberta.ca/~paullu/Trellis/
http://www.cs.ualberta.ca/~paullu/TrellisNBA/
Over the years, a number of people have contributed to the
design and code base of Trellis NBA. But, for this release,
the primary developers are Mike Closson, Paul Lu, Cam
Macdonell, and Paul Nalos.
|
18. What is the Trellis research group and project?
|
The Trellis Project is an academic research project on the
techniques and technologies required to create overlay
metacomputers (i.e., user-level aggregations of computing
resources that may be in different administrative domains)
for high-performance computing (HPC). Although the Trellis
Project shares many goals with well-known projects in grid
computing, we are investigating different approaches to
solving the research problem.
Our academic papers can be found via:
http://www.cs.ualberta.ca/~paullu/Trellis/
The Trellis Project has developed prototypes of global
metaschedulers (for computational jobs), a security
infrastructure (based on Secure Shell), and distributed
file systems (based on bridging between LAN and WAN protocols).
A milestone of of the Trellis Project was the CISS-3
experiment (Canadian Internetworked Scientific Supercomputer,
version 3) in September 2004, in which over 4,100 processors
from universities across Canada were aggregated to complete
two different computational science workloads, using the
Trellis scheduler and Trellis NFS distributed file system.
The Trellis NBA draws heavily from the ideas and code base
for both the Trellis Security Infrastructure and the Trellis
distributed file system.
|
19. Why is an academic research project producing an appliance?
|
We want people to use our software. Of course, we hope to
influence the design of systems with our ideas and results.
One way to accomplish that goal is to produce useful software.
Also, our future research efforts and future CISS experiments
will use appliance-like approaches to deploying software.
|
20. I was able to mount a file system/server, then I rebooted,
and now I cannot mount the same file system. Why?
|
The SSH agent with the key must be reloaded with each reboot.
Please repeat Step 2 and continue.
|
Credits and Thank Yous
|
Software:
- Linux
- Gentoo Distribution
- GNU
- FreeNAS
- SAMBA
- OpenSSH
- VMWare
People:
Mike Closson, Paul Lu, Cam Macdonell, Paul
Nalos, the Trellis Team
|
| |