- Controlling Client Access
- Mounting and Unmounting an Xsan Volume
- Moving a Client to a Different SAN
- Controlling User Access
- Using POSIX and ACLs
- Managing Home Folders
- Setting SAN User and Group Quotas
- Understanding Xsan Quotas
- Combining Xsan Controllers and StorNext Clients
- What Youve Learned
- References
- Review Questions
This chapter is from the book
This chapter is from the book
This chapter is from the book
Managing Home Folders
Every Mac OS X or Mac OS X Server user account requires a home folder: a place to store user files and documents, as well as preferences, temporary items, and settings. You can use one of three basic methods to implement a home folder strategy when deploying an Xsan solution: local home folders, network home folders, and portable home folders.
Based on the type of Xsan solution you are deploying and the volume type you’ve implemented, your choice of a home folder solution can be straightforward. If you do not require that multiple users have access to the SAN—and the SAN clients are mainly file servers, mail servers, and so on—you may get by using local accounts. However, if you already have network home folders in place or have users that use multiple machines, you may need to use network home folders for all users. But, if you are deploying your SAN in a high-bandwidth environment with applications that require fast access to caches that are stored in the home directory of the specific user, you may want to use portable home folders.
Choosing Home Folder Locations
There are three basic locations for a home folder. The most common is the internal hard drive of a client computer, followed by a shared network volume using Apple Filing Protocol (AFP) or Server Message Block (SMB). The least common and relatively new location would be a portable home folder (PHD). Each location has its advantages and, of course, disadvantages.
One remaining location for a home folder in an Xsan deployment would be on the SAN volume itself. Although this is possible, and fully supported, the SAN volume that stores the home folder must be configured specifically for user data. In simple terms, home folders contain a large amount of small files, many only a few kilobytes in size. If your Xsan volume is designed for 2K/4K video, such a configuration would waste precious resources. It is far more desirable to create a volume specifically to support home folders.
Locating Local Accounts
As mentioned, the most common place to store user data is on an internal hard drive. Every home user and many business users—especially portable users—have local home folders. The biggest advantage to these is quick and easy access to your data. Users of CPU-intensive applications such as Final Cut Pro benefit from locally stored data because they minimize the latency of accessing files.
For a typical deployment in which the SAN volume is mounted on a computer dedicated to video editing or compositing, a local home folder and identical accounts represent a commonly used solution. When using local accounts, the administrator needs to create user accounts on each client on the SAN. This can be a time-consuming task and, worse, will almost inevitably result in inconsistencies with names, passwords, and data. Of course, it is possible to manipulate the umask settings on all SAN clients; but if you are going to do that, you might as well implement directory services.
Storing Network Accounts
Network-based accounts and home folders centralize user data and user accounts management. Home folders are automatically mounted on the computer, and data is accessed over the Ethernet network, which is accessible by a user when she logs in.
Network-based user accounts solve almost all of the issues that might make local accounts a poor choice. First, administrators can manage users in one location. User accounts are stored in a directory system, like Open Directory, and have consistent names and passwords. Each client is then bound to the directory server, allowing a user to log in from any computer on the network using the same name and password.
For I/O intensive tasks like 3-D modeling and HD video editing, network home folders on an Ethernet network can pose a problem. Data that is stored in a user’s network home folder is transferred relatively slowly because Ethernet has a higher latency than a directly attached hard drive or Fibre Channel. Also, because IP protocol overhead and users access the same shared space on the Ethernet, the bandwidth available to I/O-intensive applications is reduced. Users may notice dropped frames, slow access, or artifacts in their files.
To solve both of these issues—the need for network-managed home directories and the need for the speed derived from local home directories—Apple has developed mobile accounts.
)
Managing Mobile Accounts
In Mac OS X v10.4, Apple introduced true mobile accounts. Mobile accounts are network-based accounts and home folders that can be synchronized with the local computer. Synchronization is controlled mostly by the administrator, but users can force syncing as necessary. The actual data stored in the home folder is synced with the server over Ethernet to the local hard drive. This technique removes the data rate bottleneck created when user data is stored on a remote server. However, users can still log in to any computer bound to the directory server as if they were using network-based home folders. The main difference with a mobile account is that users see a synchronization progress dialog during syncing. The computer checks the data in the home folder and compares it with the home folder located on the local hard drive. Any data that has changed or is updated will be synced depending upon the rules applied to the directories in the home folder. For example, changes could be synchronized only on login and logout.
You can read more about mobile accounts and directory systems, such as Open Directory, in Apple Training Series: Mac OS X Directory Services v10.5 (Peachpit Press).