Identifying Mapping the OneFS Clustered File System

webinar

Author(s)/Presenter(s):

Steven Danneman

Library Content Type

Presentation

Library Release Date

Focus Areas

Data Governance & Security

Abstract

Building a NAS appliance, which seamlessly provides both SMB and NFS file sharing protocols, requires supporting both the authentication and access control semantics of Windows and Unix. In a unified file system like this, between the authentication and authorization steps, arises a requirement for identity mapping. ID mapping is a unique third step that equates security identifiers from both domains, in order to provide an authenticated ID that can be used in access control checks. This talk will cover the design and implementation of the Isilon OneFS identity mapping system.

Learning Objectives

Fundamental security object types on the Windows and Unix platforms.
A method of equating security objects between these two different domains.
A simple grammar for making runtime ID mapping decisions.
The Isilon implementation of these methods.