Print

Print


We are /exploring/ the option to implement a web file manager at 
https://webfiles.uvm.edu that will replace both the old WebDAV service 
at that same address, /and/ the old file manager at 
https://www.uvm.edu/files.  If we do it, it will be very cool.

We still will want maintain SFTP access to files.uvm.edu.  Some people 
want it for scripted file transfers, or find the protocol more 
convenient for other reasons.  However, SFTP really will not be needed 
for off campus access if we deploy the new web file manager, on account 
of its aforementioned extreme awesomeness.  Additionally, "webfiles" 
never was an ideal host name for an SFTP gateway, and exposing two file 
access protocols to the Internet doubles the exposure of our files to 
prying eyes.  I would prefer to maintain /one/ web-facing file access 
tool, and have that tool be the best one available.

-J. Greg Mackinnon | ETS Systems Architecture and Administration | x68251

On 12/7/2011 10:50 AM, Andrew Hendrickson wrote:
> Wait, sorry, I meant the https://www.uvm.edu/files web service to Zoo 
> storage.  Wrong URL.
>
> On Dec 6, 2011, at 2:37 PM, J. Greg Mackinnon wrote:
>
>> We are deferring the retirement of the WebDAV service on 
>> "webfiles.uvm.edu <http://webfiles.uvm.edu>" while we explore other 
>> options that could replace and enhance this service.  At present, we 
>> are experimenting with a third-party web-based file manager that 
>> would present files on multiple file servers though a single web 
>> interface.
>>
>> If we choose to deploy this service, we likely will stop allowing use 
>> of the SFTP protocol on "webfiles.uvm.edu <http://webfiles.uvm.edu>", 
>> and instead move that protocol directly to "files.uvm.edu 
>> <http://files.uvm.edu>".  In this case, Internet access to 
>> "files.uvm.edu <http://files.uvm.edu>" using SFTP likely will require 
>> a VPN connection.
>>
>> We will keep this list updated when we have more information.  A new 
>> plan should be announced before the end of the month.
>>
>> -J. Greg Mackinnon | ETS Systems Architecture and Administration | 
>> x68251
>>
>> On 11/18/2011 1:18 AM, Greg Mackinnon wrote:
>>> Following the migration of "files.uvm.edu <http://files.uvm.edu>" to 
>>> new equipment on the 25th of October, we informed this list that 
>>> access to home shares on the filer (i.e. "My Documents") was no 
>>> longer available via "webfiles.uvm.edu <http://webfiles.uvm.edu>" 
>>> using the HTTP/WebDAV protocol.
>>>
>>> Since that time, we have been considering the future of the 
>>> "files.uvm.edu <http://files.uvm.edu>" gateway server at 
>>> "webfiles.uvm.edu <http://webfiles.uvm.edu>".  We have reached the 
>>> following tentative plan:
>>>
>>>   * All HTTP/WebDAV access to the file server will be discontinued
>>>     starting December 7th, 2011
>>>   * The SFTP service on "webfiles.uvm.edu <http://webfiles.uvm.edu>"
>>>     will be relocated to instead run directly on "files.uvm.edu
>>>     <http://files.uvm.edu>".  "webfiles.uvm.edu
>>>     <http://webfiles.uvm.edu>" /may /be retained as an alias
>>>     address, but its use should be discontinued after December 7th.
>>>   * ETS will continue to investigate the possibility of deploying a
>>>     web-based file management tool for browser-only Internet access
>>>     to "files.uvm.edu <http://files.uvm.edu>", and perhaps
>>>     "zoofiles" and "netfiles" as well.
>>>   * Following the deployment of a web file access tool, we may block
>>>     access to the SFTP service on "files.uvm.edu
>>>     <http://files.uvm.edu>" from the Internet.
>>>
>>> The reasons for these changes are enumerated below:
>>>
>>>  *
>>>      1. Moving the SFTP service directly to the file server will
>>>         improve performance of SFTP file transfers
>>>         Our new Windows file server, unlike its NetApp predecessor,
>>>         is capable of running a local SFTP server.  The removal of
>>>         the gateway host should allow for a significant boost in
>>>         transfer speed.
>>>      2. The WebDAV service is not heavily used at present:
>>>         On any given day we see no more than 20 unique IP addresses
>>>         accessing the web server.
>>>      3. Other off-campus file access methods are available:
>>>         We have had a only a handful of problem reports concerning
>>>         the disappearance of "MyDocs" on webfiles, and have yet to
>>>         identify a use case where SFTP or VPN connectivity could not
>>>         be substituted for WebDAV
>>>      4. Implementation of a replacement WebDAV service may take an
>>>         excessive amount of time:
>>>         A 100% re-implementation of home share access will require
>>>         generation of a good deal of server-side code, which could
>>>         take weeks.  This time would better be spent on the
>>>         development of a more useful, unified web file manager.
>>>      5. There are security risks involved with continuation of the
>>>         WebDAV service:
>>>         Exposing file server data to the Internet using web
>>>         protocols significantly increases the attack surface of
>>>         institutional data, without adding markedly different
>>>         functionality from other existing access methods.
>>>         Additionally, the server currently running "webfiles.uvm.edu
>>>         <http://webfiles.uvm.edu>" has been pending an OS upgrade
>>>         for years owing to the fact that newer versions of the MS
>>>         HTTP/WebDAV server will require security changes on the file
>>>         server that we have not wanted to implement to date. These
>>>         risks also apply to the SFTP protocol, but we feel this is
>>>         the less vulnerable of the two access protocols running on
>>>         the server at present.
>>>
>>>     As in the past, use of the Cisco AnyConnect VPN will allow
>>>     off-campus users to connect to "files.uvm.edu
>>>     <http://files.uvm.edu>" using the native "CIFS" protocol.
>>>
>>>     To make the transition easier, we plan to update our off-campus
>>>     access documentation to include details on currently supported
>>>     SFTP and VPN products on campus.
>>>
>>>     Thank you,
>>>     -J. Greg Mackinnon | ETS Systems Architecture and Administration
>>>     | x68251
>>>
>
> Andrew Hendrickson
> CAS IT Administrator
> UVM, College of Arts & Sciences
> 438 College Street #402
> Burlington, VT
> 05405
>
> 802-656-7971
> 802-656-4529 (fax)
>
> [log in to unmask] <mailto:[log in to unmask]>
>
> To submit a request for service please use:
> http://footprints.uvm.edu/ashelp.html
>
>
>
>