Home Page-->Users' Guide-->Andrew File System (AFS)-->AFS basic ideas

The Consortium

	About us
	Location
	Staff

	Annual Report 2011
	Annual Report 2010
	Annual Report 2009
	Annual Report 2008

	Job opportunities

Activities & services

	Scientific computing and data processing
	Library automation
	Network
	Basic services
	Projects and collaborations
	Training courses
	Summer School of Advanced Computing
	HPC Courses


ISO 9001:2008

AFS BASIC CONCEPTS

AFS is a distributed file system that allows users to accede to files and directories allocated on machines which are physically scattered all over the world. AFS is a proprietary software developed and distributed by Transarc Corp. (Pittsburgh, USA) for UNIX operating system, available on SUN, HP, DEC, IBM and SG platforms. There is a version for Linux, developed at MIT, and one for Windows NT.

AFS is organized into cells. Each cell is a group of servers and constitutes the basic administrative unit. A group of cells sharing the same license is called site. Generally, cells are named according to the usual Internet denomination system: our cell’s name is caspur.it, Transarc cell’s name is transarc.com, and so on.

AFS uses a client/server software architecture. AFS clients are common workstations in which a part of the local disk space is not shared with other resources but dedicated to the AFS client.

You can access the AFS file space only when working on an AFS client machine. The Cache Manager on that machine is your agent in accessing information stored in the AFS file space. When you access a file, the Cache Manager on your client machine requests the file from the appropriate file server machine and stores (caches) a copy of it on your client machine's local disk. Application programs on your client machine use the local, cached copy of the file. This improves performance because it is much faster to use a local file than to send requests for file data across the network to the file server machine.

There is no difference with the situation in which the software is installed on the user’s machine. Most applications will work as they did before. AFS end-users benefit from data centralized management, such as retrieval, installation, update and backup of data and software, which are AFS administrator’s tasks, with a remarkable save of time and disk space.

Security is one of AFS’ basic features. From the user’s point of view, /afs directory does not differ from any other UNIX directory, but a more selective access control is possible by means of the so-called Access Control List (ACL). User can add to his directory some extra permissions, along with UNIX standard permissions. An AFS directory’s proprietary user is able to:

prevent other users to accede to his files
restrict the access to the files’ name only
allow other users to read, write and execute his files
allow or not other users to delete his files
open some of his directories to everybody in AFS world or to specific users only.

All this is based on an authentication method called Kerberos Authentication Server, to which every AFS user is subjected. This authentication has a default time limit of 25 hours, in order to ensure a further protection in case the user forgets to close his session. It is automatically executed at login, and the user can renew it at any time, extending its validity.