Agenda: Topics to discuss:

• overview of hardware and test results.
• Install of Ceph on DFS hardware for testing.
• Demo of NextCloud and Seafile frontends. Discussion of salt management.
• Possibility of obtaining NetApp-backed file share for performance testing.

0) Hardware racked and wired and ready for testing. Initial testing complete, details in ST#106589. Noted that dc3558-421 system Mellanox NIC only connects to system at PCIe Gen2 rather than Gen3. Swapped out card with no change. Reset BIOS to default -> no change. Forcing Gen3 on slot results in errors and downgrade to Gen1. If further troubleshooting does not resolve, will swap out motherboard with spare and RMA.

1) a2brenna will proceed with Ceph deployment on DFS hardware for testing FSS options when hardware issues are resolved. Expect to have rados block devices available to at least one CSI server hosting a container with external IP access. Particulars of test configuration:

• CSI server will have a 10Gbit+ connection to the DFS ring network with container access to this network (dlgawley).
• CSI server will have 1Gbps+ (10Gbps preferred!) public connection on VLAN TBD with container access to this network (dlgawley).
• Require hostnames and IP addresses on public network for user access/testing (ldpaniak/nfish).
• Install of FSS on container with basic Ubuntu image and configuration (via salt) (nfish/ldpaniak).
• Testing of FSS with DFS backing storage (lfolland/nfish/ldpaniak/willing volunteers). Would like to tax the system with multiple, simultaneous "large" accesses from multiple network locations. Ideally tax 10Gbit connections.

2) nfish presented NextCloud and SeaFile web interfaces and demonstrated options. Both appear viable with basic options required for CS FSS. NextCloud may have a feature edge but SeaFile has client-side encryption option built in. Notables:

• NextCloud client does not exist in packaged form at this point. Legacy OwnCloud client works with latest NextCloud.
• SeaFile claims superior performance. Latest NextCloud release (not tested/demoed) claims performance improvements.
• SeaFile encryption is volume-based and optional. Not sure of encryption engine.
• SeaFile uses a proxy system for TLS connections to system instead of common apache TLS configuration as NextCloud.
• NextCloud web interface support drag-and-drop of files into folders. No d-n-d from web interface.
• NextCloud supports federated shared folders across multiple NextCloud servers.

Discussion of relative importance of client-side encryption: Propose to rank FSS on following attributes:

• performance
• community: size, vitality, ease of communication with devs
• features: encryption, client system support
• longevity of project (especially going forward)
• ease of maintenance: in-place, data-preserving, timely updates

Suggestion to use NextCloud on ecryptfs shadow directory to provide client-side encryption for Linux clients. Windows clients support EFS for folder-level encryption: https://en.wikipedia.org/wiki/Encrypting_File_System How does EFS interact with FSS volumes? Are the contents of a shared/synced encrypted folder encrypted on the backend?

3) Discussion of testing NetApp performance with same metrics we are using for DFS/FSS suggests that while interesting, benchmarking of a production system with multiple end users (MFCF) may not be worth the disruption.

-- LoriPaniak - 2016-09-08