(Illustration by Gaich Muramatsu)
Your idea sounds very interesting. I agree that use PROM or EEPROM to store "the core of coda" and any other necessary binaries is more secure than nfs-root or tftp ram disk, but have you considered about the cost? The method you provided may be used in commercial distribute storage system, coda is an open source software. If we must use PROM, I think it would be difficult for users and developers to use or test coda. > -----Original Message----- > From: Ivan Popov [mailto:pin_at_math.chalmers.se] > Sent: Sunday, March 16, 2003 6:23 PM > To: codalist_at_TELEMANN.coda.cs.cmu.edu > Subject: zero-administration clients and Coda > > > Hello, > > I have figured out a couple of places where Coda can make > life so much easier. > > One "hot area" - thin clients. > ------------------------------ > I have looked at open source solutions. > Still the most popular ones are X-terminals on Linux/*BSD > kernel on NFS-root or tftp-able RAM disk. (very insecure, > hence usable only in limited environments) > > There is another and better solution, vnc over ssl, as soon > as you have a prom to put the binaries and the certificate on. > > Anyway, to use any such software securely, you need: > > - a shared secret or preferably a certificate (should be in PROM), > for your "thin-clients' fat server" > - trustable binaries (on PROM or securely acquired over the network) > > A common case is insufficient PROM to hold the binaries, > hence so popular NFS-root setups. > NFS has a lot of problems - insecurity, lot of traffic, > fully dependent on server being up. > TFTP-bootable filesystem images are insecure too, demand more > RAM space and are harder to maintain. > > If we put on PROM just kernel, venus and a shared secret (or > when Coda will support it - a certificate), then we can > import the rest of the binaries over the network "securely" > and run our favourite thin client software (easily > reconfigurable compared to the case when all things are in PROM) > > Such dhcp-aware client can be plugged in any network, all > over the globe, even behind NAT, and still comfortably and > securely get you at your desktop on your usual host. With no > extra administration required. > > Another area - employees abroad. > -------------------------------- > [no, not only the evident "access my files" thing] > > They want to access resources belonging to their home site, > including but not limited to their files. Usually it is software too. > > Nowadays people are travelling with laptops. Coda helps them > to have their files. But these machines need administration! > There is no feasible way to have a consistent setup on > laptops used by employees on their business trips... > > Except if the machines are setup so that they take *all* > files, including all software (excluding venus :), from Coda. > Then the setup is always consistent, available both connected > and disconnected, and always up-to-date as it pulls the new > version of a file at first access after it has been upgraded > by the system administrators, in Coda. > > My 2c to motivate people invest into Coda! > -- > Ivan > >Received on 2003-03-16 07:41:33