This page was last updated 04/06/10

OpenAFS for Windows
Requested Features and Road Map

Organizations that rely on OpenAFS for Windows are encouraged to financially support its on-going development.  For the most part, all of the small projects that can be done in a few hours time have all been addressed.  What are left are larger more strategic projects which can only be accomplished by dedicating the appropriate developer resources.  Organizations do not have to pay the full cost of these projects by themselves.  Secure Endpoints Inc. will co-ordinate contracts with multiple organizations in order to distribute the cost.  Please send e-mail to openafs@secure-endpoints.com with questions, feedback, or offers of support

Table of Contents

• AFS Client Service Improvements
  • Native File System Replacement for SMB Server Interface (completed)
  • Disconnected Operations
  • Second Level Cache Architecture
• Explorer Shell Extension Improvements
  • Custom Column Handler
  • Custom Context Menu Handler
  • Property Sheets
  • Tool Band
  • Tool Tips
  • MetaData Handler
  • Name Spaces
  • Recently Viewed Volumes
  • My User Volume
  • Custom Name Spaces for Organizations
• OpenAFS Control Panel Replacement
• OpenAFS Client Service Microsoft Management Console Plug-in
• Vista User Account Control Privilege Separation
• AFS Servers on Microsoft Windows
• Additional Feature Requests?

AFS Client Service Improvements

The AFS Client Service has come a long way in the last three years.  For a summary of the progress please read the latest OpenAFS for Windows Status Report.  Still, there are many things that can be done to improve the user experience and performance of the product.

Native File System Replacement for SMB Server Interface (completed)

The existing OpenAFS Client relies on an SMB server implementation (similar to Samba) to export the AFS name space to Windows Applications.  This has a number of negative side effects that would be avoided if the OpenAFS for Windows client were to be implemented via a combination of Network Redirector and File System Filter drivers.  The current OpenAFS client on Windows is not a true Windows file system.  Instead it operates as a SMB translator service.  The Windows OpenAFS client creates a SMB fileserver on the client machine, and Windows accesses this SMB server as a normal Windows shared volume.  For each I/O operation made to this virtual SMB server, the OpenAFS client translates the SMB request into a comparable operation on the OpenAFS fileserver.  This impacts the Windows OpenAFS client in a number of negative ways:

The semantics of the CIFS file system are different than the semantics provided by OpenAFS.  Because Windows sees the OpenAFS file system as an CIFS share, it has no way of acquiring the true capabilities or semantics of OpenAFS.  This causes some applications to perform poorly when they expect the semantics of CIFS, which OpenAFS does not necessarily provide.

The use of the translator service requires data to be received by the OpenAFS client via RX, translated into SMB packets, and then sent over the virtual loopback interface to the actual SMB server on the same machine.  This results in a number of extra data copies, which greatly reduces OpenAFS performance.  Making OpenAFS a native Windows file system will reduce the number of data copies and protocol translations, which will increase performance.

The CIFS/SMB protocol does not provide any mechanism for the server to inform a client that an operation is actively being processed even if it is taking a long time to complete.  The CIFS clients in Windows 2000 and above implement a dynamic timeout algorithm that estimates how long a request should take based upon the prior response time of the server and the amount of data being transferred.  As the OpenAFS SMB server and cache manager are local to the machine, it is frequently the case that the response time in on the order of hundreds of microseconds.  When a request to read or write large amounts of data from/to a file server occurs or if the needed volume is temporarily busy, the CIFS client will frequently timeout the request and tear down the SMB virtual circuit.  This has a negative impact on applications as it results in all file handles being invalidated and all locks being dropped which must then be re-established. 

In order for the UNC server name "AFS" to be visible on all clients, the Microsoft Loopback Adapter (MLA) must be installed in order to provide a private network adapter to which the "AFS" Netbios name can be bound.  The installation of the MLA negatively effects several popular software licensing and anti-spyware products which use the network adapter MAC address as a unique key.

The solution is to replace the SMB server with a native Windows File System Redirector that can be supported on Windows 2000 SP4, Windows XP SP2, Windows 2003 SP1, Windows XP 64, Windows 2003 R2, Windows Vista, Windows 7, Server 2008 and Server 2008 R2.

Development has been completed.  Awaiting integration into a future OpenAFS 1.7/1.8 release.  See http://www.openafs.org/roadmap.html for timelines.

Disconnected Operations

Microsoft Windows users are used to the "Windows Offline Folders" functionality which permits them to synchronize local copies of files or folders from a CIFS server to their local disk for use when disconnected from the network.  UMichigan long ago implemented a read-write disconnected mode for the UNIX AFS client which permits users to continue using data within the AFS cache while in an offline mode.  Once the client is restored to an online state the modifications made to the cache buffers are written back to the file server provided that there are no conflicts.   If there are conflicts a manual conflict resolution process must be initiated. 

Implementing disconnected operations requires much more than just making the contents of the AFS cache available.  Many issues affecting the end user experience must be addressed.

1. how do items (files, directories, volumes) get pinned in the cache?
   • the AFS cache manager does not read whole files from the file server, it reads only the requested chunks. therefore, if there are items that must be available in the cache while offline they must be selected and pinned so that the cache manager keeps the entire file in the cache and does not recycle any of its chunks.
   • files cannot be treated as individual items but instead must be treated as part of a "pin set" or "application set" that contain all of the related files so that all of the files required by an application or maintained within a given dataset are cached together and taken offline/online together.
2. how does the cache manager determine when to go offline and how is this conveyed to the user?
   • since AFS is highly distributed it can be disconnected from a single server or a single cell or the entire network but in the end it is the AFS volumes that matter. If no instance of a volume is reachable, then all of the directories and files on the volume are "offline".
   • a user should be able to manually select "offline" mode for a file, directory, volume, cell, or global.
   • if a "pin set" was taken offline automatically and becomes available again, the "pin set" can be automatically put back into an online state if:
     • none of the files on the file server have changed since the "pin set" was taken offline and all of the active locks can be recovered, or
     • some of the files have changed but none of the files are actively in use by applications
     • any other state will require a delay in restoration of the online state in order to prevent application crashes or data corruption
3. when offline, the cache manager permits the user to write to the contents of the cache including creating new directories, files, symlinks, mount points, etc. how does the cache manager handle synchronization and collisions? several rules apply.
   • for each "pin set" the entire set must be in the same state.
   • for each "pin set" the same collision policy must apply
     • client cache wins
     • server cache wins
     • prompt the user
     • prompt the afs administrator o whenever a collision occurs, the version that is replaced must be backed up in order to permit the user or administrator to recover lost changes
4. what is the mechanism for end user interaction?
   • first, the proposed explorer shell extensions need to be implemented
   • then, offline state management property pages can be added to each object and a "pin set" name space can be implemented to permit the user to view and modify the list of pinned objects and their current state o finally, an "afs notification icon" can provide a shortcut to the "pin set" name space folder as well as provide a visual indication for the online state including:
     • manual online or offline
     • all online or offline
     • workstation cell online or offline
     • a specific "pin set" online or offline

Estimated implementation time: TBD

Second Level Cache Architecture

The OpenAFS cache manager on Windows uses a single memory mapped paging file as the cache.  This imposes a couple restrictions.  First, on 32-bit operating systems the cache cannot be larger than the largest contiguous memory address region which is typically between 650MB and 1.2GB depending on other software packages that have been installed.  Second, as the paging file is memory mapped into the afsd_service address space, there is no mechanism by which the virtual memory associated with the service can be limited without reducing the overall cache size. 

The goal of the second level cache architecture is to provide an open plug-in interface by which third parties can implement their own second level cache.  This would permit afsd_service to limit use of the paging file for file/directory status objects, volume metadata and the active working set of file contents.  When a cache miss occurs in the paging file, a call would be issued to the second level cache implementation.  Only if the second level cache does not hold the required data would the file server be contacted.

By producing an open interface, the second level cache could be implemented as a distributed peer-to-peer cache within a local area subnet as opposed to a single local file cache.

Estimated implementation time: TBD

Explorer Shell Extension Improvements

The existing AFS Shell Extension adds an "AFS" menu when the current folder or selected objects exist within the AFS name space.  This menu is a hodge-podge of items.  A few of the items appropriately belong on a context menu but are in the wrong place and most of the items should be Property sheets or should display the information to the end user in a different manner.  The following is a proposal for a replacement.

Custom Column Handler

OpenAFS should provide a custom column handler to introduce several new detail columns that would display additional information about objects within AFS.  For example, columns can be provided to optionally display and perhaps edit:

• symlink details
• mount point details
• AFS FID
• AFS owner
• AFS group
• AFS cell
• AFS volume

Estimated implementation time: 18 to 24 hours

Custom Context Menu Handler

Instead of the existing handler that simply adds an "AFS" menu containing everything, the new handler will selectively modify the existing context menu's behaviors when the current folder is located within AFS.  

• The "New" submenu will be extended with "Symlink" and "Mount Point" menu items when the Current Folder is active.
• The "Delete" menu item will be removed whenever a symlink or mount point is selected.
• A "Remove Symlink" menu item will be added whenever all the selected items are symlinks.
• A "Remove Mount Point" menu item will be added whenever all the selected items are mount points.
• A "Flush File/Dir" menu item will be added.
• A "Flush Volume" menu item will be added.

Estimated implementation time: 12 to 16 hours

AFS Property Sheets

A variety of property sheets will be added.  Some will be context sensitive and others will be general tools.

• An "AFS File" sheet
  • File name
  • AFS FID
  • Owner name and AFS ID
  • Group ID
  • UNIX file attributes
  • Flush File from cache button

   

  

• An "AFS Directory" sheet
  • Directory name
  • AFS FID
  • Owner name and AFS ID
  • Group ID
  • UNIX file attributes
  • Flush Directory button

   

• An "AFS Mount Point" sheet
  • Mount Point name
  • Mount Point destination with Edit button
  • Mount Point destination Properties button which displays a properties dialog for root directory of the destination volume.
  • Volume Name
  • Owner Name and AFS ID
  • Group ID
  • UNIX file attributes
  • Flush Mount Point button

   

• An "AFS Symlink" sheet
  • Symlink name
  • Symlink destination with Edit button
  • Symlink destination Properties button which displays a properties dialog for the item referred to by the link
  • AFS FID
  • Owner Name and AFS ID
  • Group ID
  • UNIX file attributes
  • Flush Symlink button

   

   

• An "AFS Volume" sheet
  • Volume name
  • Cell Name
  • Owner name and AFS ID
  • Quota
    • Space allocated
    • Space used
    • Space free
    • Percentage used (perhaps a graph)
  • Partition
    • Space allocated
    • Space used
    • Space available
  • Flush Volume button

   

   

• An "AFS ACL" sheet
  • Displays current positive and negative ACEs
  • Add new positive or negative ACEs
    • Select permissions as checkboxes
    • Search functionality assist with selection of usernames or groups
  • Remove existing positive or negative ACEs
  • Clone ACLs to subdirectories within same volume
  • AFS Group Editor button displays the AFS Groups Panel from the Control Panel

   

For any given item the "AFS ACL", "AFS Volume", and "AFS Directory" sheets will be added to the Properties dialog.  The "AFS File", "AFS Symlink", and "AFS Mount Point" sheets will be added when an item of that type is selected.

Estimated implementation time: 60 to 80 hours

AFS Tool Band

An AFS Tool Band will provide graphical shortcuts to:

• The AFS Groups editor
• The AFS Volume Property sheet
• The AFS ACL Property sheet
• The AFS Directory Property sheet
• The AFS File Property sheet (if the selected item is a file)
• The AFS Symlink Property sheet (if the selected item is a symlink)
• The AFS Mount Point Property sheet (if the selected item is a mount point)

Estimated implementation time: 12 to 16 hours

AFS Tool Tips Handler

A tool tips handler provides support for additional information about an object when the user hovers the mouse over the object.  Tool tips could be used to display the destinations for symlinks and mount points.

Estimated implementation time: 12 to 16 hours

AFS MetaData Handler

A metadata handler can be used to provide enhanced information about selected objects with the "Details" box within the Folders view.

Estimated implementation time: 18 to 24 hours

Name Spaces

The Explorer Shell namespace can be extended by providing a plug-in to Windows Explorer called a Shell Namespace Extension. These extensions create a virtual namespace within Windows Explorer and have full control over how the namespace is rendered to the user.  A new namespace can be attached to the current Shell namespace as a child of an existing namespace, including file system folders allowing the user to navigate to the new namespace.

Estimated prerequisite implementation time: 62 to 108 hours

Recently Viewed Volumes

The number of volumes in typical cells for large organizations are frequently counted in the tens of thousands.  The Recent name space will show users the most recently accessed volumes from which file data was either read or written.  Users will be able to pin volumes within the name space and can easily map drive letters to any listed volume.  Volumes are represented as shortcuts.  Opening an entry in this name space will redirect the user to a permanent path that can be accessed by applications.

Estimated implementation time: 45 to 72 hours

My User Volume Custom Name Spaces for Organizations

A name space extension can be developed for individual cells which will dynamically select the user's personal volume based upon the Kerberos principal name stored in the AFS token used to access the cell.

Each organization develops their own layout for volumes in their cell which are frequently based around users, projects, groups, departments, classes, etc.  When there are thousands of volumes within each category it can often be challenging for end users to find the particular data they are searching for.  The AFS Name Space extension permits custom name spaces to be defined which can be used to assist end users in finding the volumes that most interest them.

Once a volume is selected, drive letters can be conveniently mapped.

Estimated implementation for first organization: 220 to 334 hours

Subsequent organizations: 70 to 100 hours (includes custom installers and organization specific deployment guide)

OpenAFS Control Panel Replacement

The existing control panel provides a mixture of functionality related to the logged in user as well as the system-wide configuration of the AFS Client Service.  Configuration of the AFS Client Service should require administrative access which should not be available to all users.  To improve the user experience, the control panel should only contain functionality that is applicable to the user.  All of the administrator privileged functionality should be moved to the Microsoft Management Console.  Microsoft Windows Vista will enforce this functional split by preventing processes from starting with administrative privilege even when the user is an "Administrator" unless the user explicitly grants the permission.  Separate processes that run only with Administrative privilege must be created when changes to the machine or service configuration is required.

Therefore, the new OpenAFS Control Panel will only provide the following functionality:

AFS Group Editor Panel

The AFS Group Editor will provide all of the functionality of the pts command line tool.  Shortcuts to this panel will accessible from the AFS Explorer Shell Extensions.

Estimated implementation time: 36 to 48 hours

Network Identity Manager AFS Plug-in Panel

This panel will duplicate some of the configuration capabilities of Network Identity Manager and permit the user to select which Network Identities will be used to obtain tokens for which cells.

Estimated implementation time: To be determined

Microsoft Management Console Shortcut

A shortcut to start the OpenAFS Client Service MMC Plug-in will be provided if the user has administrative privileges.

Estimated implementation time: 2 to 3 hours

OpenAFS Client Service Microsoft Management Console Plug-in

The Microsoft Management Console (MMC)has become the standard for configuring policy for Windows Services.  The AFS Client Service is highly configurable and yet only a small fraction of the options can be adjusted via the existing AFS Control Panel.  The majority must be set by manually adding or modifying registry values.   The list of registry values used by OpenAFS for Windows is documented in Appendix A of the Release Notes. 

The MMC will also provide access to:

• File Server Preferences (Display, Add, Modify, Make Default)
• Volume Server Preferences (Display, Add, Modify, Make Default)
• CellServDB Editor
• AFS Client Service (Start, Stop, Restart)

This project is being worked on by Brant Gurganus.  See the project web site.  http://code.google.com/p/openafsclientmmc/

Vista User Account Control Privilege Separation

Microsoft Vista's User Account Control requires that privileged operations such as starting or stopping services or modifying machine configuration cannot be performed by processes that are executed as normal users.  This requires that the Network Identity Manager AFS Provider configuration page be modified to remove the privileged operations and provide a privileged access method to the Microsoft Management Console.

Estimated implementation time: 2 to 3 hours

AFS Servers on Microsoft Windows

As of the 1.5.25 release, the AFS Servers essentially work on Microsoft Windows provided that they are manually configured.  The AFS Server Configuration Wizard can be used provided that nothing goes wrong during the initial configuration.   Unfortunately, the wizard is not very robust and cannot be used to resume an install after an error condition has been corrected.  Regardless, the wizard makes a number of assumptions about Microsoft Windows and the AFS client that no longer hold true.  In addition, the salvager is known to crash.  As a result its use is strongly discouraged.

The long term goal of this project is to develop and distribute AFS Servers that can be deployed on Microsoft Windows Server and that will integrate well into the Active Directory environment.  There are several sub-projects that must be achieved:

• Finish porting the AFS servers to Windows Server 2003 and Windows Server 2008.  (6 weeks)
  • All servers must be made aware of power management events
  • All servers must be made compatible with dynamic changes to the network configuration
  • The file server and volserver must be made compatible with modern disk management
    • There should be no requirement that AFS have dedicated partitions for AFS volume storage
    • AFS partition names (/vicepxx) should be capable of being mapped to arbitrary paths
    • File server quota management must take non-AFS disk usage into account
    • NTFS should be required
    • AFS metadata should be stored in secondary streams instead of pre-pended to the start of each objects data.
  • The Bos server must be updated to log to the Windows Event Log in addition to file based logs.
  • AFS Server configuration should be migrated to the registry.
• Installation documentation (1 week)
  • Documentation must be written explaining how to manually install and configure the AFS servers and integrate them into a heterogeneous cell.
  • Documentation must be written explaining how to manually install and configure the AFS servers in an all Windows environment in which Active Directory is used for authentication
• Testing (2 weeks)
  • Test suites must be developed that will test not only operation of a working cell but disaster recovery as well
• Integration with Active Directory (3 weeks)
  • An LDAP proxy for the AFS Protection Server should be developed that would permit Active Directory accounts and groups to be used as AFS objects that can be placed on ACLs within AFS.
    • Groups must be extended with an AFS PTS ID
    • User accounts must be extended with an AFS PTS ID
    • Objects for foreign users must be added that will permit the assignment of an AFS PTS ID
  • Extend the Active Directory User and Computers MMC snap-in to contain AFS Property pages for Users and Groups to permit management of AFS PTS IDs
• The AFS Server Manager should be transformed into a Microsoft Management Console snap-in (2 weeks)
  • The AFS Server must use a different algorithm for AFS Server discovery.  The existing method is much too expensive in DNS queries to be useful in large environments.
• An installation wizard should be developed   (2 weeks)
  • Creation of a new cell
  • Addition of a new server in an existing cell

Estimated implementation time: 640 hours.

Additional Feature Requests?

Send additional feature requests to openafs@secure-endpoints.com.