AIX > Administrator > Networks

Securing Access


When it debuted, AIX* 5.3 introduced many new features and functions. One of the more significant additions from a security perspective was the introduction of IBM's implementation of Network File Server (NFS) v4. NFS has been around for many years and is a proven, easy way to share files among multiple systems.


NFS v4 addresses many of the security concerns that were endemic to previous versions of NFS by adding better authentication methods (i.e., Kerberos), better user-name mapping and the ability to encrypt the transmissions taking place. Additionally, the requirement to use TCP rather than User Datagram Protocol (UDP) provides a more stable environment.


NFS is a distributed file system that allows access to files and directories on remote computers as if they were local. A simple NFS environment consists of a server and client system. The server defines and exports one or more directories, file systems or files, and the client system mounts them for local user access. For this to work, NFS make uses networking protocols, daemons on the client and the server, and extensions in the kernel. 



NFS takes advantage of two protocols at the OSI session layer--Sun Remote Procedure Call (RPC) and External Data Representation (XDR); and two protocols at the transport layer--User Datagram Protocol (UDP) and TCP. NFS v2 and v3 have the capability to communicate over UDP or TCP with the default for v2 being UDP and TCP for v3. Since UDP is a stateless protocol, all requests are treated as independent transactions but delivery isn't guaranteed and connections and their state aren't maintained. This caused many people to avoid using NFS because it was seen as unreliable and unstable. The migration to TCP, which is a stateful protocol, enables the server to obtain better performance as well as a more reliable connection. Since a connection is established and maintained between the server and client, it's unnecessary to go through the re-establishment procedures for every transaction. Also, with state being maintained, it's possible to send data in a continuous stream and guarantee its delivery. NFS v4 only works with TCP--UDP is no longer offered.


The key to the functionality within NFS is the use of remote procedure call (RPC), which is a library of procedures that can be used by the client to ask the server to execute other processes on its behalf. These processes can be simple list requests or more complicated move and copy requests.


Also keep in mind that the server and client don't need to be on the same platform. Since different platforms have different ways of representing data, it's critical to have a translation mechanism. This is performed using XDR. Data is converted into XDR format when it's sent to a remote system, and on receipt, it's re-converted into the local format.



Jaqui Lynch is an independent consultant, focusing on enterprise architecture, performance and delivery on Power Systems with AIX and Linux.

comments powered by Disqus



2019 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.


A Primer on Power Systems 10 Gb Ethernet

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store
IBMi News Sign Up Today! Past News Letters