Web-based file systems and WebDAV gateway services to CERN

Download Report

Transcript Web-based file systems and WebDAV gateway services to CERN 

Web-based file systems and WebDAV
gateway services to CERN DFS file system
Alexandre Lossent, Alberto Pace
Agenda

Cross platform File sharing issues

(from 2 years ago)
What is WebDAV ?
 WebDAV software overview




Servers
Clients
WebDAV at CERN
Agenda

Cross platform File sharing issues

(from 2 years ago)
What is WebDAV ?
 WebDAV software overview




Servers
Clients
WebDAV at CERN
Introductory reminder:
a slide from a presentation
made 2 years ago (June 2001)
What we would like for the future
A web based solution
(Native access,)including …




Shell access, Access Control, Source control , versioning,
offline files
Global internet sharing
Consolidated Standard

Multiple vendors, strong support, interoperability,
outsourceable …
(Cross platform)



Difficult to have both …
Windows, Linux, Mac OS X
An AFS/DFS-like
solution
Free


June 2001
At least the client software
Better if source code is available
A good news
A web based solution does no longer
imply non-native
 If the web based file system is
implemented at the OS level, applications
can access it natively !

Back to October 2003
The “Web” is part of the solution



Standard extensions to the HTTP protocol allow
managing files on web servers as if these would
be part of the local file system
HTTP Extensions for Distributed Authoring
(WebDAV IETF RFC 2518) have been widely
adopted on all major OS
Several commercial and public-domain
implementations exists
Agenda

Cross platform File sharing issues

(from 2 years ago)
What is WebDAV ?
 WebDAV software overview




Servers
Clients
WebDAV at CERN
WebDAV


Web Distributed Authoring and Versioning
IETF RFC 2518 (February 1999)


An extension to the HTTP protocol



New verbs (PROPFIND, MKCOL, LOCK...), headers and status codes
Uses XML to format information
Initially designed as a way to author web sites




http://ietf.org/rfc/rfc2518.txt
Redundant with FPSE in the Windows world
Versioning is limited to file locking (check in/out)
Can be used as a low-end network filesystem
WebDAV Home page


http://webdav.org
See it also for related open-source projects
WebDAV today

File access:




Document locking



Create / delete files and folders
Read / write files
Copy / Move / Delete / rename files and folders
prevent the overwrite problem, where two or more
collaborators write to the same resource without first
merging changes
Allow implementation of offline folders
Properties

XML properties provide storage for arbitrary metadata
On Windows
NautilusGnome
On Linux
Windows
Console
SSH session
On Linux
WebDAV tomorrow ?

Access control


Set / View / Modify Access Control lists using http
Versioning and Configuration Management




The V in WebDAV means “Versioning”
Document check-out, check-in
Retrieval of the history list
Offline files and folders
 Other advanced features
 Symbolic links
 Ordered collections
 Aggregated operations
For the “advanced
features” …

The standard is being discussed since few years


Without real consensus on a common standard
Proprietary implementations already available

Example: Microsoft Sharepoint services
Agenda

Cross platform File sharing issues

(from 2 years ago)
What is WebDAV ?
 WebDAV software overview




Servers
Clients
WebDAV at CERN
WebDAV servers

Supported by all common web servers


Apache module mod_dav
WebDAV package in PHP PEAR
 Built-in support in IIS 5 and 6
 Need to activate appropriate HTTP verbs: PUT (write
setting), PROPFIND (directory browsing setting)
 Permissions are managed by NTFS ACLs
 Microsoft adds a header to the WebDAV protocol for a
HTTP GET to return a script’s output or its source
(source access setting)
WebDAV clients

Clients exist on all major platforms


See again http://webdav.org
3 flavors of clients with different usage:



Basic WebDAV clients or libraries
 GUI or command-line to browse/download/upload files (but not edit
them in-place); similar to FTP
 E.g. IE5+, Nautilus, Perl / Java libraries...
WebDAV-enabled applications
 Can access and edit files over WebDAV
 E.g. Adobe, Macromedia, MS Office...
Operating system drivers
 Allow to mount a WebDAV resource in a file system
 Enables in-place edition for all applications
 E.g. WinXP’s mini-redirector, Mac OS X built-in client, Linux davfs...
WebDAV clients: Windows (1)

Office Web Folders (msdaipp.dll)





Included in Office 2000/XP and Windows 2000 but NOT
in XP/2003 (unless Office is installed)
Allows in-place edition of Office documents on web
servers
Allows Internet Explorer to browse WebDAV and FPSEenabled web sites (like FTP sites)
Supports HTTPS and all authentication methods
Implemented as an OLE DB data provider
WebDAV clients: Windows (2)

WinXP/2003 WebClient (WebDAV redirector)





You’ll find it in “Administrative Tools” – “Services”
A network file system driver
WebDAV folders transparently mounted as file system and
made available to all applications using UNC paths !
Folders are viewed in Windows Explorer like usual folders,
with same functionality
Limited to HTTP on port 80 and basic or Kerberos
authentication (!)
 We are in discussion with MS to void the http limitation
WebDAV clients: Windows (3)
MS Office
Internet Explorer
Office Web Folders / MSDAIPP
Ships with MS Office and W2k
FPSE server
Other applications...
WebClient / WebDAV redirector
Ships with Windows XP/2003
WebDAV server
Windows XP/2003 only
WebDAV clients: Windows (4)
WebDAV client used by Internet Explorer when a
WebDAV location is opened
Windows
2000
Windows
XP/2003
HTTP
WebFolders
Redirector
Windows
XP/2003
with Office
Redirector
HTTPS or
custom port
WebFolders
N/A
WebFolders
WebDAV clients: Macintosh

Built-in filesystem driver in OS X




Open-source Goliath project (Mac OS > 8.6)



Similar to XP’s WebDAV redirector
Supports only HTTP and basic authentication (!)
Works ok will all Mac Applications tested so far, including Office
Supports HTTPS
GUI interface to check in/out files
 Files are edited in a local folder
 Then use the GUI to check out modified version
Plus an wide number of commercial applications
with built-in WebDAV support (as for Windows)

Example: Adobe, Macromedia, …
WebDAV clients: Linux

Command-line and GUI utilities (FTP-like)


Filesystem driver




Davfs (again, limited to HTTP and basic authentication) (!)
But source code available and HTTPS prototype exists
Many open-source libraries


E.g. Cadaver is available in standard CERN distributions
KDE, PerlDAV, Jakarta Slide Project...
Plus all commercial applications with built-in
WebDAV support (as for Macintosh and Windows)
Generally, not well integrated yet


The Davfs filesystem being the exception
This might change with KDE/Gnome projects
WebDAV on Windows
WebDAV on Macintosh (1)
WebDAV on Macintosh (2)
WebDAV on Linux
Agenda

Cross platform File sharing issues

(from 2 years ago)
What is WebDAV ?
 WebDAV software overview




Servers
Clients
WebDAV at CERN
The WebDAV–DFS gateway



Built using IIS 6 / Windows 2003
Basically a WebDAV-enabled virtual folder that
points to \\cern.ch\dfs
All script mappings are disabled


Basic authentication


no need for the Microsoft-specific SourceAccess flag
The only method widely supported
http[s]://dfs.cern.ch/dfs
The WebDAV–DFS gateway (2)

Current issues and limitations:





Files Locked in WebDAV are also locked in DFS
 If the client does not explicitly unlock them,
restart IIS to free the lock (!!)
Some clients abusively create additional files/folders
 Mac OS X
Permissions cannot be managed – not an issue for CERN – see below
Internet access limited to https
A web interface has been added



https://dfs.cern.ch/dfsExplorer
Enables access to the DFS from any browser
Complete file management capabilities
 including permission management
 Aggregate operations
Future: web site editing


Replace insecure FTP by a WebDAV service for
web site editing
May Run on different port so that the security of
the main site is not compromised


Configuration similar to the gateway



Remember the “source access setting” ?
Authentication mandatory
No script mappings
Or … cross mount local Web storage into DFS
WebDAV access to Exchange


WebDAV is “the” protocol for exchange / mail
workflow automation
Many native Exchange clients use http instead of
MAPI




Ximian connector on Linux
Outlook 2003 uses http instead of MAPI
After the “Blaster Worm” MAPI on the internet is dead (port
135 closed everywhere)
At CERN, prototype project to integrate Official
Leave requests automatically in the Exchange
calendar using WebDAV
WebDAV access to Exchange
Summary

Use of WebDAV as interoperable network
filesystem possible today


Takes advantage of HTTP and XML ubiquity




Can be applied to collaborative tools as well (Exchange)
Excellent level of interoperability for file access
Really reachable from any device / anywhere
Very simple to implement
But...





Still few implementation glitches
https support is still limited
Not a high-performance file system
Not a replacement for native file system (eg NTFS)
Permission management still require custom implementations