zlacker

>>chmayn+(OP)
An unpopular opinion, but NFS is super handy and useful in reliable private networks with centralised authentication. Sure, it has its downsides that are being worked on with newer versions of the protocol(4+) with addition complexity, but it sure is useful in closely controlled setups like for HPC clusters.

I ran a HPC cluster for an University, and relied upon good old NFSv3 for shared file storage(both home directories, and research datasets). In addition I also built out a big set of softwares compiled in one server and made available to the entire cluster via a read-only NFS mount point. The whole thing works so reliably without any hiccups whatsoever. To over some the limitations of authentication and authorisation with NFS storage, we use a centralised FreeIPA server that allows all machines in the cluster have the same UID/GID mapping everywhere.

As a cream on top, the storage we expose over NFS is ZFS, that integrates nicely with NFS.

Update 1: Yes, data security is a bit of an afterthought with NFS. As anybody in my network with physical access can mount my central storage to another server physically and access data as long as they can recreate UID/GID locally.. but, if I let someone to do this physically, I have bigger problems to deal with first.

>>reacha+F01
Pretty much the same setup we run at the university I work for, though for the whole department instead of just one cluster. Combination ZFS exporting shares with it's built in server and controlling autofs mounts from FreeIPA makes it a pretty easy to use system.

Out of curiosity, did you ever try Kereberized NFS for extra security? We tested it out a while back (and still use it in some small circumstances) but never got it stable enough for production use.

Side-note: I wouldn't be surprised if LDAP+NFS is still pretty common across universities, either as a holdover from Sun days or just out of practicality.