Secure web-based file sharing system with distributed backing storage system

SCS DFS system

SCS Nextcloud system

SCS haproxy system

Table of Contents

Project Charter


Project Objective: Purpose

The purpose is to provide a multi-platform file sharing/syncing system to meet the needs of the SCS as agreed by K. Salem and CSCF Managers.

Project Scope/Deliverables

The high-level outcomes and results of this project are as follows:
  • File sharing/syncing system (FSS) with end-user documentation.
  • Distributed File System (DFS) to backing for the file sharing/syncing system and provide a versatile, large-capacity storage facility for future CSCF/CS/MFCF services.

Scope Includes/Excludes



Service Requires From Delivers To
40GbE ring network - - three-building HA Ethernet/RDMA DFS internal replication and client services (eg. OwnCloud)
DFS networking 40GbE ring HA data storage via filesystem (glusterfs, CephFS) or block (libgfapi, iSCSI, RDB) client services
FSS (OwnCloud) storage; networking; database; haproxy; container DFS; 40GbE ring/10GbE IST; MySQL.cs; CSI File sync and share and TBD SCS users and groups

  • high-speed dedicated storage network
  • distributed file system (DFS) with ~300TB usable capacity meeting CSCF requirements as below
  • OwnCloud(-like) web-based, multi-platform file share/sync system (FSS) that leverages DFS, existing authentication services, CS database and web proxy systems.
  • Fileshare includes versioning capability with ability for user to recover previous versions of deleted, modified, corrupted or ransomware'd files.
  • User data encryption to provide at least:
    • No recognizable user data on backing media (DFS hard drives)
    • Encryption from client hardware to FSS server via TLS
  • rigorous testing of system for performance metrics and failure modes
  • global system monitoring DFS_Monitoring
  • necessary documentation - especially for day-to-day maintenance and tasks which will be handled by CSI group
  • system deployment
    • PXE booting cluster
    • salt configuration to deploy DFS and OwnCloud systems


  • HA NFS service with Kerberos authentication. This service may be demonstrated as a PoC.


  • Project must be CSCF-budget neutral. Cost of build and maintenance of FSS/DFS must not exceed cost of services it supersedes.

Assumptions and Risks

  • Completion and testing of 40GbE ring network ST#104790.
  • A HA FSS system requires the resources of a CS(CF) TCP/HTTP(S) load balancer (haproxy). ST#107102
  • All FSS data is vulnerable to security breach on FSS server/container
  • 15U of rack space within 2m cable reach of 40GbE switches in each data center (DC3558, MC3105, M33101).
  • 6x 208V 10A power feeds for each 15U of rack space.
  • Network/direct connection to attached UPS for each DFS server for monitoring and controlled shutdown on mains loss. ST#107485

Project Members

ldpaniak (project manager), a2brenna, gxshen, nfish / cscflab, dmerner

Project Stakeholders

lfolland omnafees dlgawley

Project Sponsor

Ken Salem


Implementation Plan

Meeting notes

Detailed Maintenance Documentation

-- LoriPaniak - 2017-02-12

Topic attachments
I Attachment History Action Size Date Who Comment
PDFpdf Distributed_File_System_Growth_-_Google_Docs.pdf r1 manage 110.9 K 2016-06-05 - 23:29 LoriPaniak Initial proposal to CSCF Director regarding DFS project and corollary projects
SVG (Scalable Vector Graphics)svg overview.svg r2 r1 manage 119.6 K 2017-01-22 - 00:02 LoriPaniak  
Edit | Attach | Watch | Print version | History: r31 < r30 < r29 < r28 < r27 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r31 - 2018-04-27 - LoriPaniak
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback