ICC Home  /  Members  /  Meetings  /  Peer Support  /  Documentation  /  Projects

File Services


Lead: Wayne Hyde

Return to IT/SA Services Documentation Home
 

The IFAS File Server:

top
Current configuration

The new IFAS campus fileserver is part of a three-node cluster and Wayne has all the LUNs split out so each department has its own LUN. This will make it easier to expand quotas and disk sizes down-the-road. This can be done at the department level rather than the current situation where eight departments share a single LUN and one department can blow-up the quota for the other seven.

The node names are IF-SRVC-FILER1 and IF-SRVC-FILER2. Shares for units whose names begin with zero through I are on FILER1 and J through Z are on FILER2. You can just do a NET VIEW on the node and see all the shares directly. This makes it easier to see where your data is, which has been important in supporting Macintosh users who can't access shares via DFS names.

This new file server system is running Windows Storage Server 2008 R2 which provides single instance storage (SIS) that should save us around 6TB of storate space initially.

The storage space is protected via DPM which provides clients the ability to restore files for themselves via "previous versions".


IFAS DFS:

top

The IFAS DFS structure

Individual OU folders with Private, Unit and Users sub-folders

The IFAS DFS root is accessible at \\ad.ufl.edu\ifas and contains a folder structure for each OU consisting of the Private, Unit and Users sub-folders. With this latest file cluster, each IFAS OU will have its own share that is mapped to DFS.

The "Private" folder can be configured with various sub-folders and files permissioned to support workgroup collaboration either within or across units within UFAD. The "Unit" folder is writeable by all unit users and may thus be used for intra-departmental file exchange. The "Users" folder contains the individual storage areas intended as private storage for various users within the unit.

DFS is used to populate \\ad.ufl.edu\ifas with this OU folder structure. Our servers are also configured with Access based Enumeration (ABE). For info on ABE see:

Mapping cluster node shares to the current DFS structure

With the new file cluster, the existing DFS structure will not change but the lack of DFS support on Mac OSX prior to Lion (10.7) means that clients need to know the new direct share paths. Details are as follows for \\IF-SRVC-FILER1...

Windows DFS path OS X DFS path OS X path if DFS does not work
\\AD.UFL.EDU\IFAS\4H SMB://AD.UFL.EDU/IFAS/4H SMB://IF-SRVC-FILER1.AD.UFL.EDU:139/4H
\\AD.UFL.EDU\IFAS\AEC SMB://AD.UFL.EDU/IFAS/AEC SMB://IF-SRVC-FILER1.AD.UFL.EDU:139/AEC
\\AD.UFL.EDU\IFAS\AGEN SMB://AD.UFL.EDU/IFAS/AGEN SMB://IF-SRVC-FILER1.AD.UFL.EDU:139/AGEN
\\AD.UFL.EDU\IFAS\AGR SMB://AD.UFL.EDU/IFAS/AGR SMB://IF-SRVC-FILER1.AD.UFL.EDU:139/AGR
\\AD.UFL.EDU\IFAS\ANS SMB://AD.UFL.EDU/IFAS/ANS SMB://IF-SRVC-FILER1.AD.UFL.EDU:139/ANS
\\AD.UFL.EDU\IFAS\BUDFIN SMB://AD.UFL.EDU/IFAS/BUDFIN SMB://IF-SRVC-FILER1.AD.UFL.EDU:139/BUDFIN
\\AD.UFL.EDU\IFAS\CALS SMB://AD.UFL.EDU/IFAS/CALS SMB://IF-SRVC-FILER1.AD.UFL.EDU:139/CALS
\\AD.UFL.EDU\IFAS\CALS-LAB SMB://AD.UFL.EDU/IFAS/CALS-LAB SMB://IF-SRVC-FILER1.AD.UFL.EDU:139/CALS-LAB
\\AD.UFL.EDU\IFAS\DNOFEXT SMB://AD.UFL.EDU/IFAS/DNOFEXT SMB://IF-SRVC-FILER1.AD.UFL.EDU:139/DNOFEXT
\\AD.UFL.EDU\IFAS\ENH SMB://AD.UFL.EDU/IFAS/ENH SMB://IF-SRVC-FILER1.AD.UFL.EDU:139/ENH
\\AD.UFL.EDU\IFAS\ENTNEM SMB://AD.UFL.EDU/IFAS/ENTNEM SMB://IF-SRVC-FILER1.AD.UFL.EDU:139/ENTNEM
\\AD.UFL.EDU\IFAS\FAS-CAMPUS SMB://AD.UFL.EDU/IFAS/FAS-CAMPUS SMB://IF-SRVC-FILER1.AD.UFL.EDU:139/FAS
\\AD.UFL.EDU\IFAS\FETL SMB://AD.UFL.EDU/IFAS/FETL SMB://IF-SRVC-FILER1.AD.UFL.EDU:139/FETL
\\AD.UFL.EDU\IFAS\FORESTDB SMB://AD.UFL.EDU/IFAS/FORESTDB SMB://IF-SRVC-FILER1.AD.UFL.EDU:139/FORESTDB
\\AD.UFL.EDU\IFAS\FRE SMB://AD.UFL.EDU/IFAS/FRE SMB://IF-SRVC-FILER1.AD.UFL.EDU:139/FRE
\\AD.UFL.EDU\IFAS\FSG SMB://AD.UFL.EDU/IFAS/FSG SMB://IF-SRVC-FILER1.AD.UFL.EDU:139/FSG
\\AD.UFL.EDU\IFAS\FSHN SMB://AD.UFL.EDU/IFAS/FSHN SMB://IF-SRVC-FILER1.AD.UFL.EDU:139/FSHN
\\AD.UFL.EDU\IFAS\FYCS SMB://AD.UFL.EDU/IFAS/FYCS SMB://IF-SRVC-FILER1.AD.UFL.EDU:139/FYCS

and for \\IF-SRVC-FILER2...

Windows DFS path OS X DFS path OS X path if DFS does not work
\\AD.UFL.EDU\IFAS\ICS SMB://AD.UFL.EDU/IFAS/ICS SMB://IF-SRVC-FILER2.AD.UFL.EDU:139/ICS
\\AD.UFL.EDU\IFAS\INTPROG SMB://AD.UFL.EDU/IFAS/INTPROG SMB://IF-SRVC-FILER2.AD.UFL.EDU:139/INTPROG
\\AD.UFL.EDU\IFAS\IT SMB://AD.UFL.EDU/IFAS/IT SMB://IF-SRVC-FILER2.AD.UFL.EDU:139/IT
\\AD.UFL.EDU\IFAS\LOGS SMB://AD.UFL.EDU/IFAS/LOGS SMB://IF-SRVC-FILER2.AD.UFL.EDU:139/LOGS
\\AD.UFL.EDU\IFAS\MKTCOMM SMB://AD.UFL.EDU/IFAS/MKTCOMM SMB://IF-SRVC-FILER2.AD.UFL.EDU:139/MKTCOMM
\\AD.UFL.EDU\IFAS\OCI SMB://AD.UFL.EDU/IFAS/OCI SMB://IF-SRVC-FILER2.AD.UFL.EDU:139/OCI
\\AD.UFL.EDU\IFAS\PERSOFC SMB://AD.UFL.EDU/IFAS/PERSOFC SMB://IF-SRVC-FILER2.AD.UFL.EDU:139/PERSOFC
\\AD.UFL.EDU\IFAS\PLP SMB://AD.UFL.EDU/IFAS/PLP SMB://IF-SRVC-FILER2.AD.UFL.EDU:139/PLP
\\AD.UFL.EDU\IFAS\PREC SMB://AD.UFL.EDU/IFAS/PREC SMB://IF-SRVC-FILER2.AD.UFL.EDU:139/PREC
\\AD.UFL.EDU\IFAS\PRIVATE SMB://AD.UFL.EDU/IFAS/PRIVATE SMB://IF-SRVC-FILER2.AD.UFL.EDU:139/PRIVATE
\\AD.UFL.EDU\IFAS\PUBLIC SMB://AD.UFL.EDU/IFAS/PUBLIC SMB://IF-SRVC-FILER2.AD.UFL.EDU:139/PUBLIC
\\AD.UFL.EDU\IFAS\RESEARCH SMB://AD.UFL.EDU/IFAS/RESEARCH SMB://IF-SRVC-FILER2.AD.UFL.EDU:139/RESEARCH
\\AD.UFL.EDU\IFAS\SECURITY-TOOLS SMB://AD.UFL.EDU/IFAS/SECURITY-TOOLS SMB://IF-SRVC-FILER2.AD.UFL.EDU:139/SECTOOLS
\\AD.UFL.EDU\IFAS\SFRC SMB://AD.UFL.EDU/IFAS/SFRC SMB://IF-SRVC-FILER2.AD.UFL.EDU:139/SFRC
\\AD.UFL.EDU\IFAS\SFRC-BOAT SMB://AD.UFL.EDU/IFAS/SFRC-BOAT SMB://IF-SRVC-FILER2.AD.UFL.EDU:139/SFRC-BOAT
\\AD.UFL.EDU\IFAS\SHAREDEV SMB://AD.UFL.EDU/IFAS/SHAREDEV SMB://IF-SRVC-FILER2.AD.UFL.EDU:139/SHAREDEV
\\AD.UFL.EDU\IFAS\SNRE SMB://AD.UFL.EDU/IFAS/SNRE SMB://IF-SRVC-FILER2.AD.UFL.EDU:139/SNRE
\\AD.UFL.EDU\IFAS\SOFTWARE SMB://AD.UFL.EDU/IFAS/SOFTWARE SMB://IF-SRVC-FILER2.AD.UFL.EDU:139/SOFTWARE
\\AD.UFL.EDU\IFAS\STAT SMB://AD.UFL.EDU/IFAS/STAT SMB://IF-SRVC-FILER2.AD.UFL.EDU:139/STAT
\\AD.UFL.EDU\IFAS\SWS SMB://AD.UFL.EDU/IFAS/SWS SMB://IF-SRVC-FILER2.AD.UFL.EDU:139/SWS
\\AD.UFL.EDU\IFAS\SWS-GIS SMB://AD.UFL.EDU/IFAS/SWS-GIS SMB://IF-SRVC-FILER2.AD.UFL.EDU:139/SWS-GIS
\\AD.UFL.EDU\IFAS\VDI SMB://AD.UFL.EDU/IFAS/VDI SMB://IF-SRVC-FILER2.AD.UFL.EDU:139/VDI
\\AD.UFL.EDU\IFAS\VPOFC SMB://AD.UFL.EDU/IFAS/VPOFC SMB://IF-SRVC-FILER2.AD.UFL.EDU:139/VPOFC
\\AD.UFL.EDU\IFAS\WEC SMB://AD.UFL.EDU/IFAS/WEC SMB://IF-SRVC-FILER2.AD.UFL.EDU:139/WEC
\\AD.UFL.EDU\IFAS\WEDGE SMB://AD.UFL.EDU/IFAS/WEDGE SMB://IF-SRVC-FILER2.AD.UFL.EDU:139/WEDGE

File/Share Permissions on the IFAS file server:

top

Using 4H as an example:

Share recommendations:


Quota Management and File Filtering:

top

Quotas will be available with the new file cluster upon request. These are implemented via the File Server Resource Manager.


Folder Redirection on the IFAS file server:

top

Share permissions do not allow the dynamic creation of redirected folders. Consequently, a "CreateProfilesFolders" script was prepared that populates and permissions the "\\ad.ufl.edu\IFAS\OUname\Users" folder within a particular OU with a redirected folder structure appropriate for each user within that unit's related people OU. This script was set to run as a scheduled task on if-srv-file02 but may not have made it past that implementation.

The OUs for which these will be generated will be controlled via a text file which the script will read for input. The "CreateProfilesFolders.txt" input file, with a few example lines, looks like:

IT
PLP
ENTNEM

This input file simply lists the OU names of units that wish to make use of this--one per line. The folder structure to be created will be based on a Template structure that OU Admins create for themselves at \\ad.ufl.edu\ifas\ouname\Users\Template.

The "CreateProfilesFolders" script may be found here.


IFAS WebDAV Implementation:

top

WebDAV access to our DFS structure has been implemented using the methods of the University of Michigan. An SSL gateway has been created for that purpose, accessible via https://files.ifas.ufl.edu. Additionally, a redirection site has been created at http://files.ifas.ufl.edu which makes access to that fairly simple. That page had been designed with special links to the top level DFS folders that obviates the need for accessing https://files.ifas.ufl.edu directly via IE and its "File, Open > Open as web folder" method. It also eliminates direct access to the root and the concomitant long wait that occurs there while permissions are enumerated across the entire DFS structure. An example of this linking method is shown below:

<a FOLDER="https://files.ifas.ufl.edu/ENTNEM" 
  STYLE="behavior: url(#default#AnchorClick); text-decoration:none" 
  href="https://files.ifas.ufl.edu/ENTNEM">
<img src="http://itsa.ifas.ufl.edu/folder.gif" align="middle">
<font color="#000000" face="Tahoma" size="1">ENTNEM</font></a>

Note that you can create your own custom launch page with links to deeper locations by altering the path in such code and saving it as an html file. That file could then be distributed as a custom "links page", for example, to users.

It would seem quite practical to create a simple web application that could help assist folks in posting files to the server and e-mailing links rather than attachments. Imagine a treeview control on a web page that would provide an interface for locating the desired target folder within our DFS structure, uploading a file to which they browse and then pasting a path to the clipboard. Then it could launch a new e-mail message into which to paste the link. For speed considerations, the directory tree could be populated from a cached snapshot and a button could be made available that would update that via inspection of the DFS--this is assuming that on-the-fly population would be too slow. Of course, it would require a web programmer, but shouldn't be a huge undertaking. Chris had found the suggestion interesting and even mentioned having access to a sample application that might lend itself to easy modification for this purpose.

When utilizing the http://files.ifas.ufl.edu site, one may either drag-and-drop or copy-and-paste to move files in and out of folders on the file server. Editing in place does not work via WebDAV; rather files must be moved locally, edited, and then replaced on the share. When links are placed into e-mails to a location beneath the root, such as http://files.ifas.ufl.edu/public, the recipient will only be sent to the http://files.ifas.ufl.edu redirection page. (This is because that page is implemented as a custom error page.) The solution to that is to specify the url via the secure http protocol, https://files.ifas.ufl.edu/public, instead. This permits direct read access anywhere into the DFS file structure (permissions allowing of course).

Also worthy of note is that no "ufad\" prefix is needed on the username when supplying credentials; this is great, but might actually confuse some folks, since secure websites do require that.

This internal file sharing method can be extended for collaboration outside of UF. The Gatorlink Account Management project will provide us a simple way of creating guest accounts having a 7-day expiration. Those could be used for permissioning for short-term access needs. Longer needs could be addressed by creating a standard Gatorlink with the "departmental associate" role.

On 9-8-06, the ICC agreed to a policy that files placed in public folders will be deleted after three days. The actual retention time will be extended to five days, however, to account for weekends and holidays. We may consider simply hiding the files for a further period, at least initially, just to facilitate restoration should the need arise. The first iteration of this should likely make a copy of all the files elsewhere to facilitate the expected initial demand for returned files. Also, notification should be made to IFAS-ALL prior to implementing the deletion process.

IFAS is using the notification feature of the server's quota management system to deliver an e-mail to a person when they deposit a file anywhere within the public folder. The following is an example message:

Deletion Time for Files Saved in the Public Folder
* FSRM@if-srv-file02.ad.ufl.edu
To: Lasley, Steven E

User UFAD\sel saved E:\DATA\PUBLIC\TestDocument.txt to E:\DATA\PUBLIC.  
Files saved in the Public Folder will be deleted in 3 Days.

If you need additional information or assistance, please call the IFAS 
Help Desk at (352) 392-4636 or Suncom at 622-4636.

The ICC believes that this policy should be documented and that this documentation should mention that unencrypted private information (HIPAA, FERPA, credit card info, etc.) should never be placed in the public area. We may want to consider tools like (Spider from Cornell, for example) to search for SSNs/CCs on the public shares so inappropriate information could be located, moved and file owners informed directly of the risk. Users should also be warned that they should never place their only copy of some file into this location.


Software Installation Shares:

top

last edited 4 June 2014 by Steve Lasley