Frequently Asked Questions

1. What is the Trellis NAS Bridge Appliance (aka TNBA, aka Trellis NBA)?

Trellis NBA is an appliance that makes it easier to access files from one location (i.e., a client) even though files may be stored on different computers, different file servers, and different operating systems. The servers might also be under the control of different systems administrators. With Trellis NBA, files can be accessed by applications and interactively as if they were local files.

2. What makes a VM-based appliance a good way to deploy Trellis NBA? (aka TNBA, aka Trellis NBA)?

- need to use privileged ports (for SAMBA) - privilege for user id management, ability to support multiple users

3. How is Trellis NBA different from using CIFS/SMB to access files?

Trellis NBA supports accessing files using CIFS/SMB too. But, TNBA has other, new features including: support for Secure Shell access, whole-file caching (which can improve performance), and consolidating multiple CIFS/SMB servers into one single, virtualized server. With a single mount point, it is possible to access files on multiple servers and use multiple protocols. More details are found in the other FAQ entries.

4. What operating systems are supported/targeted by Trellis NBA?

Most importantly, Trellis NBA targets users whose *clients* are Windows or Unix machines. The file servers can be running any operating system that supports Secure Shell access or will export files using CIFS/SMB. In our testing, we have focused on Linux and Windows clients. In theory, TNBA should work with any operating system that can mount a volume that is exported using CIFS/SMB. Thus, TNBA should work with Mac OS X clients, but we have not tested this.

5. How can I use Trellis NBA? What are some basic use-case scenarios?

Use-Case Scenario 1: I have a Windows machine/client at home. Some of my files are on a server at work. My work does not allow me to mount my folders directly on my home machine (usually for security reasons). But, I can Secure Shell into the server at work. Trellis NBA allows my Windows client at home to mount my folders/files from work so that I can directly use them with my applications. My alternative is to use, say, WinSCP to copy the files from work to home, work with them, and then (remember to) copy them back. With Trellis NBA, I simply mount and use, like a normal file server. Use-Case Scenario 2: I have a Linux machine/client at home. Some of my files are on a server at work. My work does not allow me to NFS mount my folders directly on my home machine (for security and performance reasons). But, I can Secure Shell into the server at work. Trellis NBA allows my Linux client at home to mount my folders/files from work so that I can directly use them with my applications. My alternative was to use, say, Secure Copy to copy the files from work to home, work with them, and then (remember to) copy them back. With Trellis NBA, I simply mount and use, like a normal file server. Use-Case Scenario 3: I have either a Windows or a Linux machine/client. I need to access some files from Department A on their Windows server. I need to access some files from Department B on their Unix server. Specifically, the Unix server will not allow me to NFS mount the files because of security reasons. With Trellis NBA, I can set it up so that I can mount and access files from *both* servers with one step. Use-Case Scenario 4: My work involves multiple, separate groups. Some groups have their own backups and some don't have backups at all. With Trellis NBA, all my data appears under a single Windows drive or Unix directory, greatly simplifying the backup process.

6. Why is there nothing interesting to "see" after the virtual machines boots?

The Trellis NBA is designed to be used and (mainly) configured via a Web browser connection. On the console, Trellis NBA does not use any interesting graphics or X windows.

7. What is a "bridge", in the context of Trellis NBA?

Trellis NBA is a bridge in the sense that heterogeneous clients and servers continue to use their native operating systems and protocols (e.g., Windows, Linux, CIFS/SMB, SSH) and Trellis NBA will translate and interoperate between them.

8. What is a client, in the context of Trellis NBA?

The client is the machine on which the user will either run applications with the files or manipulate the files interactively. We have focused our testing and development on Linux and Windows clients. But, any operating system (e.g., Mac OS X, other BSD-based Unices) that can mount a CIFS/SMB exported volume can also be a client of Trellis NBA.

9. What is a NAS, in the context of Trellis NBA?

NAS stands for networked attached storage. Common examples of NAS include Network File System (NFS) servers, SAMBA-based servers, and Windows servers exporting via CIFS/SMB. There are many different kinds of NAS and different protocols for NAS. Trellis NBA tries to virtualize different NAS and protocols into a single mount point, provided by a single appliance.

10. What is a home node, in the context of Trellis NBA?

The "home node" is the original source of a file's data. Trellis NBA can use Secure Shell (and Secure Copy) or CIFS/SMB to access the file on the home node. When the application or user is done with the file, Trellis NBA copies back the new data to the home node.

11. How is Trellis NBA different from WinSCP?

WinSCP provides a nice graphical user interface (GUI) to interactively browse remote files and copy a file from remote-to-local and vice versa. Applications cannot directly open the files on a remote server; the user has to explicitly copy the files into and out of the local file system. Trellis NBA allows you to mount a remote account (e.g., via Secure Shell) or file server (e.g., via CIFS/SMB) and use it as if it was just another file system. In particular, applications can access those files without the user having to use a GUI to copy those files locally first.

12. What can Trellis NBA do that other systems cannot do?

Mounting a remote server via a Secure Shell connection is a key feature of Trellis NBA. WinSCP allows one to interactively copy files via Secure Shell and Secure Copy, but Trellis NBA allows applications to access the files without the need for explicit copying by the user. There are systems that support, for example, the CIFS/SMB or NFS protocol over Secure Shell (often, via tunneling). For example, there is Secure NFS Over SSH (http://www.math.ualberta.ca/imaging/snfs/). If the user has superuser privileges and/or the trust of systems administrators, this is a viable solution. However, NFS has some known security (with respect to arbitrary users being able to mount arbitrary volumes) and performance issues. In contrast, Trellis NBA does not require any special privilege and Trellis NBA uses whole-file caching for better performance across slower networks. As a bridging system, Trellis NBA does NOT "simply" provide a way to carry, say, the NFS protocol over a tunnel. Currently, Trellis NBA uses one set protocols to access the home node (e.g., SSH, CIFS/SMB) and one (with more to come in the future) protocol (e.g., CIFS/SMB) to serve the file to the client.

13. What are the basics of using Trellis NBA?

There are four major steps to using the appliance: (a) Installing the Appliance First, you need to get a copy of the appliance, (TrellisNBA-1.0.0.zip), uncompress it somewhere, and open it in VMware Player. You will be prompted to select a root password as well as a password for the web user interface. The web password will be used to connect to the appliance and configure it via a web browser. The root password allows you to log into the appliance directly, via the console or ssh, and is typically not required. Take care to pick good passwords and keep them secret. After these passwords have been provided, the IP address will be displayed via the console, e.g.: "The appliance's web GUI is accessible through the URL: https://192.168.107.128" The web interface is now accessible, at this address, with the username 'trellis' and the password you provided. (b) Optional Configuration -- Allowing Network Users to Access the Appliance By default, the appliance ships with the NAT networking mode. This is ideal for the case where other users on the network will not use the appliance, or when the host computer is portable and connects to different networks at different times. In this mode, the appliance is automatically assigned a private IP address by VMware's internal DHCP server. As an alternative, it is possible to use bridged networking. In this mode, the appliance will request its IP address from a DHCP server on the local network. It will then be accessible to other users on the network. To change the networking mode, select 'Bridged' or 'NAT' from the 'Ethernet' menu, and then reboot the appliance. If you can connect to the appliance via a web browser (e.g. at https://192.168.107.128 in the example above), you can select the 'Reboot System' option from the 'Status & Diagnostics' menu in the web interface. Or, you can log into the console as root, with the password you supplied earlier, and type 'reboot <return>' at the prompt. Finally, it is possible to use NAT networking but also share access to the appliance with other users on the network. This is useful, for example, when an external DHCP server is not available. In this case, use NAT networking, but configure VMware to forward ports 80 (http), 443 (https), and 139 (CIFS file sharing) from the host computer to the appliance. In this configuration, it is also necessary to configure the host firewall, if any, to allow access to these ports. For this to work, the host must not be using ports 80, 443, or 139, e.g. to serve web pages or files. Therefore, this does not work on default configurations of Windows where port 139 is used for remote access to shared folders. To configure port forwarding under Linux, stop all instances of VMware player, Workstation, etc., and then, as root, add the following lines to the file '/etc/vmware/vmnet8/nat/nat.conf' in the '[incomingtcp]' section:      80 = <appliance IP address goes here>:80      443 = <appliance IP address goes here>:443      139 = <appliance IP address goes here>:139 Should the appliance's IP address change in the future, this file would need to be edited again. (c) Configuring the Web GUI As mentioned in step (a), you can connect to the web interface via your web browser at the address displayed on the console, e.g. 'https://192.168.107.128'. To authenticate, use the username 'trellis' and the password you provided earlier. (d) Mounting from the client

14. What's wrong with manually copying files from server-to-client and client-to-server, in order to use them?

Short answer: Most applications (e.g., Microsoft Office, or Unix tools and editors) expect to be given the name of a file and then the application simply opens the file. If the file must be copied, then the user has to assume that tedious and error-prone responsibility. Trellis NBA handles the chore of copying files automatically such that applications simply open and close the files they need. Longer answer: ????

15. Tell me honestly, what works well and what does not work well with Trellis NBA, version 1.0.

What works well: Using Trellis NBA on a Windows client that is running the NBA under VMWare on the same Windows machine. Using Trellis NBA on a Linux client that is running the NBA under VMWare on the same Linux machine. What is not yet tested: Using Trellis NBA with a Mac OS X client.

16. What are the rules-of-thumb of maintaining security when using the Trellis NBA?

First, as with any computer system, never give out the root password for the virtual machine / appliance. Files, keys, and passwords are at risk if someone is able to login as root. Second, the default configuration of Trellis NBA is to: Only allow root to log into the virtual machine. Only allow Web browsers to connect to the appliance using encrypted https. Do not change any of these default configurations unless you are sure of what you are doing. There is more information on the security of the Trellis NBA in the security section. See the Security link in the menu to the left.

17. Who produced the Trellis NBA?

The Trellis research group, with Paul Lu as Principal Investigator, at the Department of Computing Science, University of Alberta, Edmonton, Alberta, Canada is the author of the Trellis NBA. http://www.cs.ualberta.ca/~paullu/Trellis/ http://www.cs.ualberta.ca/~paullu/TrellisNBA/ Over the years, a number of people have contributed to the design and code base of Trellis NBA. But, for this release, the primary developers are Mike Closson, Paul Lu, Cam Macdonell, and Paul Nalos.

18. What is the Trellis research group and project?

The Trellis Project is an academic research project on the techniques and technologies required to create overlay metacomputers (i.e., user-level aggregations of computing resources that may be in different administrative domains) for high-performance computing (HPC). Although the Trellis Project shares many goals with well-known projects in grid computing, we are investigating different approaches to solving the research problem. Our academic papers can be found via: http://www.cs.ualberta.ca/~paullu/Trellis/ The Trellis Project has developed prototypes of global metaschedulers (for computational jobs), a security infrastructure (based on Secure Shell), and distributed file systems (based on bridging between LAN and WAN protocols). A milestone of of the Trellis Project was the CISS-3 experiment (Canadian Internetworked Scientific Supercomputer, version 3) in September 2004, in which over 4,100 processors from universities across Canada were aggregated to complete two different computational science workloads, using the Trellis scheduler and Trellis NFS distributed file system. The Trellis NBA draws heavily from the ideas and code base for both the Trellis Security Infrastructure and the Trellis distributed file system.

19. Why is an academic research project producing an appliance?

We want people to use our software. Of course, we hope to influence the design of systems with our ideas and results. One way to accomplish that goal is to produce useful software. Also, our future research efforts and future CISS experiments will use appliance-like approaches to deploying software.

20. I was able to mount a file system/server, then I rebooted, and now I cannot mount the same file system. Why?

The SSH agent with the key must be reloaded with each reboot. Please repeat Step 2 and continue.

Credits and Thank Yous

Software: Linux Gentoo Distribution GNU FreeNAS SAMBA OpenSSH VMWare People:     Mike Closson, Paul Lu, Cam Macdonell, Paul Nalos, the Trellis Team