Presentation is loading. Please wait.

Presentation is loading. Please wait.

Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode Department.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode Department."— Presentation transcript:

1 Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department of Computer Science Rutgers University

2 2 File System Evolution Single user (desktop) FS to shared infrastructures –Centrally managed –24/7 –Shared access –High maintenance requirements –Interoperability: standards Unprecedented growth –Size of storage infrastructures Today - Tera Tomorrow - Peta, Exa, ??? User density: user consolidation Data sources –File sharing, document management, email, IM, VOIP

3 3 File System Management Problems Monitoring: –Minimal built-in support for statistical monitoring (e.g., nfsstat) –Administrators required to gather data from many sources Access control: –Access control maintained per file at the discretion of the owner –Administrators must enforce access control to shared resources despite ignorant non-malicious users Maintenance: –Patching newly exposed bugs in the file system –Debugging, testing, and deployment of new code –Administrator error impact much larger Evolution: –New functionality cannot be introduced without code extensions

4 4 File System Management Problems Monitoring: –Minimal built-in support for statistical monitoring (e.g., nfsstat) –Administrators required to gather data from many sources Access control: –Access control maintained per file at the discretion of the owner –Administrators must enforce access control to shared resources despite ignorant non-malicious users Maintenance: –Patching newly exposed bugs in the file system –Debugging, testing, and deployment of new code –Administrator error impact much larger Evolution: –New functionality cannot be introduced without code extensions Management tools have not evolved to match administrator needs

5 5 Policy vs. Data Access Data Access: –Evolves independently –Performance enhancement –Protocol optimization –Acceptable to most Policy: –Evolves due to functionality requirements –Difficult to specify and reason about –Administration requirements differ between installations and must be implemented independent of user requirements

6 6 Policy vs. Data Access Data Access: –Evolves independently –Performance enhancement –Protocol optimization –Acceptable to most Policy: –Evolves due to functionality requirements –Difficult to specify and reason about –Administration requirements differ between installations and must be implemented independent of user requirements File systems implement a minimal set of management functionality

7 7 Monitoring Policy : Example

8 8

9 9

10 10 Monitoring Policy : Example

11 11 Monitoring Policy : Example

12 12 Our Goal We propose a novel approach to implement network file system policies externally, without modifying the client or server, by transforming messages flowing between them.

13 13 Network File Systems FS_OP NFS_REQ() NFS_REQ RPC Transport read() NFS_OP() NFS_RSP RPC Transport

14 14 Observations All file system access are performed through messages –Message transformations can be used to enforce policies –File system state can be constructed using information contained in messages All state relevant to file system accesses is available in messages –Policies can use file attributes contained in messages in policy evaluation –Statistical information can also be used

15 15 FileWall Model FS_OP NFS_READ() NFS_REQ RPC Transport FS_OP NFS_READ() NFS_RSP RPC Transport NFS_REQ RPC Transport NFS_RSP RPC Transport

16 16 Monitoring Policy: Revisited

17 17 Monitoring Policy: Revisited

18 18 Monitoring Policy: Revisited

19 19 Monitoring Policy: Revisited FileWall enables the separation of concerns of network aware policy enforcement and the file systems

20 20 Outline Motivation Design Implementation Evaluation Related Work Conclusions

21 21 Design Guidelines Specification –Ease of specify and reason about policies Protocol semantics –Message reordering and aggregation –Retransmissions and lost bytes Performance –In critical path  cannot have large delays Fault tolerance and availability –Cannot maintain “hard-state” –Limited access to stable storage

22 22 FileWall Design Overview Specification –Policies specified using macro-like language –Message transformation State Maintenance (Access Context) –Local policy state and global environment –Read-only state specified by the administrator –State generated and stored by policies during execution –Time, available disk space, CPU load, etc. Execution –Policy scheduling and execution –Logging and debugging

23 23 FileWall Architecture FS Client File Server FileWall Engine Access Context Policies FileWall M M’ RR’

24 24 FileWall Policies Transform messages (requests and replies) –REQ handler –RSP handler Use: –File attributes contained in messages –Access context

25 25 FileWall Policy Example Policy: “Show files accessed today” For each client-visible file: –Access Time = TODAY Transform directory listing messages –READDIR and READDIRPLUS

26 26 FileWall Policy Example FileWall Engine Access Context Policies FileWall

27 27 FileWall Policy Example FileWall Engine Access Context Policies FileWall READDIR

28 28 FileWall Policy Example FileWall Engine Access Context Policies FileWall READDIR

29 29 FileWall Policy Example FileWall Engine Access Context Policies FileWall READDIR

30 30 FileWall Policy Example READDIRPLUS FileWall Engine Access Context Policies FileWall READDIR

31 31 FileWall Policy Example FileWall Engine Access Context Policies FileWall READDIRPLUS

32 32 FileWall Policy Example FileWall Engine Access Context Policies FileWall READDIRPLUS

33 33 FileWall Policy Example FileWall Engine Access Context Policies FileWall READDIRPLUS

34 34 FileWall Policy Example FileWall Engine Access Context Policies FileWall READDIRPLUSREADDIR

35 35 Policy Chains Defined by administrator –Lists policies in order of request processing Scheduler –Determines policy execution schedule Fowarder –Forwards messages between policies –Determines next policy in chain as a message flows along the policy chain –Discards messages Default Policies –RECV Policy (start), SEND Policy (end)

36 36 Policy Chains

37 37 Outline Motivation Design Implementation Evaluation Related Work Conclusions

38 38 Implementation FileWall –Click Modular Router –NFS over UDP Unmodified Linux NFS client and server Policies –Statistics monitoring policy –Temporal Access Control –File Handle Security –Client Transparent Failover

39 39 Outline Motivation Design Implementation Evaluation Related Work Conclusions

40 40 Fstress Performance (2.4 GHz Server)

41 41 Interposition Overheads

42 42 Varying Network Delay

43 43 Fstress Performance (Overloaded Server)

44 44 Scalability

45 45 Related Work Distributed and Extensible File Systems: –FiST [Zadok ’00] –Interposed Request Routing [Anderson ’02] –SFS [Mazieres ’99] Extensible Policies: –SPIN [Sirer ’95] –VINO [Seltzer ’96] –Exokernel [Engler ’95] –Infokernel [Arpaci-Dusseau ’03] –LGI [Minsky ’00], [He ’05] Composable Network Processing: –Packet filters [Bos ’04] –x-kernel [Hutchinson ’91] –Scout [Montz ’94] –Click [Kohler ’00]

46 46 Future Work High-Level Policy language –Constraints –Debugging and logging

47 47 Future Work High-Level Policy language –Constraints –Debugging and logging User study –Real deployment –Behavior models

48 48 Future Work High-Level Policy language –Constraints –Debugging and logging User study –Real deployment –Behavior models Data transformations –Censorship –Protocol translations NFS -> CIFS Recipe-based file system (CASPER) IP -> RDMA –Video encoding –Content adaptation

49 49 Conclusions FileWall –Architecture, Design, and Implementation Policy enforcement through message transformation Implementation of four real-world policies Policy implementations are portable Interposition overheads are low Given sufficient resources, relative to an NFS server, FileWall imposes minimal overheads

50 50 Acknowlegements Fabio Picconi (Universite de Paris 6) Cristian Ungureanu (NEC Labs)

51 Thank You Questions?

Download ppt "Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode Department."

Similar presentations

Distributed Systems Major Design Issues Presented by: Christopher Hector CS8320 – Advanced Operating Systems Spring 2007 – Section 2.6 Presentation Dr.

Distributed Systems Major Design Issues Presented by: Christopher Hector CS8320 – Advanced Operating Systems Spring 2007 – Section 2.6 Presentation Dr.
Dr. Kalpakis CMSC 621, Advanced Operating Systems. Fall 2003 URL: Distributed System Architectures.

Dr. Kalpakis CMSC 621, Advanced Operating Systems. Fall 2003 URL: Distributed System Architectures.
Department of Computer Science and Engineering University of Washington Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,

Department of Computer Science and Engineering University of Washington Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,
Optimizing Windows Vista Performance Lesson 10. Skills Matrix Technology SkillObjective DomainObjective # Introducing ReadyBoostTroubleshoot performance.

Optimizing Windows Vista Performance Lesson 10. Skills Matrix Technology SkillObjective DomainObjective # Introducing ReadyBoostTroubleshoot performance.
Tam Vu (tvu@mail.eecis.udel.edu) Remote Procedure Call CISC 879 – Spring 03 Tam Vu (tvu@mail.eecis.udel.edu) March 06, 03.

Tam Vu Remote Procedure Call CISC 879 – Spring 03 Tam Vu March 06, 03.
A Server-less Architecture for Building Scalable, Reliable, and Cost-Effective Video-on-demand Systems Jack Lee Yiu-bun, Raymond Leung Wai Tak Department.

A Server-less Architecture for Building Scalable, Reliable, and Cost-Effective Video-on-demand Systems Jack Lee Yiu-bun, Raymond Leung Wai Tak Department.
Using DSVM to Implement a Distributed File System Ramon Lawrence Dept. of Computer Science

Using DSVM to Implement a Distributed File System Ramon Lawrence Dept. of Computer Science
An Adaptable Benchmark for MPFS Performance Testing A Master Thesis Presentation Yubing Wang Advisor: Prof. Mark Claypool.

An Adaptable Benchmark for MPFS Performance Testing A Master Thesis Presentation Yubing Wang Advisor: Prof. Mark Claypool.
Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.

Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.
FileWall : Implementing File Access Policies Using Dynamic Access Context Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode DiscoLab Department of Computer.

FileWall : Implementing File Access Policies Using Dynamic Access Context Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode DiscoLab Department of Computer.
Shadow Configurations: A Network Management Primitive Richard Alimi, Ye Wang, Y. Richard Yang Laboratory of Networked Systems Yale University.

Shadow Configurations: A Network Management Primitive Richard Alimi, Ye Wang, Y. Richard Yang Laboratory of Networked Systems Yale University.
OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”

OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”
An Overlay Multicast Infrastructure for Live/Stored Video Streaming Visual Communication Laboratory Department of Computer Science National Tsing Hua University.

An Overlay Multicast Infrastructure for Live/Stored Video Streaming Visual Communication Laboratory Department of Computer Science National Tsing Hua University.
Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.

Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.
SIMPLEStone – A presence server performance benchmarking standard SIMPLEStone – A presence server performance benchmarking standard Presented by Vishal.

SIMPLEStone – A presence server performance benchmarking standard SIMPLEStone – A presence server performance benchmarking standard Presented by Vishal.
The Future of the Internet Jennifer Rexford ’91 Computer Science Department Princeton University

The Future of the Internet Jennifer Rexford ’91 Computer Science Department Princeton University
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.

Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
A Web Services Based Streaming Gateway for Heterogeneous A/V Collaboration Hasan Bulut Computer Science Department Indiana University.

A Web Services Based Streaming Gateway for Heterogeneous A/V Collaboration Hasan Bulut Computer Science Department Indiana University.

Similar presentations

Ads by Google