Print

Print


We are exploring the option to implement a web file manager at https://webfiles.uvm.edu that will replace both the old WebDAV service at that same address, and the old file manager at https://www.uvm.edu/files.  If we do it, it will be very cool.

We still will want maintain SFTP access to files.uvm.edu.  Some people want it for scripted file transfers, or find the protocol more convenient for other reasons.  However, SFTP really will not be needed for off campus access if we deploy the new web file manager, on account of its aforementioned extreme awesomeness.  Additionally, "webfiles" never was an ideal host name for an SFTP gateway, and exposing two file access protocols to the Internet doubles the exposure of our files to prying eyes.  I would prefer to maintain one web-facing file access tool, and have that tool be the best one available.

-J. Greg Mackinnon | ETS Systems Architecture and Administration | x68251

On 12/7/2011 10:50 AM, Andrew Hendrickson wrote:
[log in to unmask]" type="cite">Wait, sorry, I meant the https://www.uvm.edu/files web service to Zoo storage.  Wrong URL.

On Dec 6, 2011, at 2:37 PM, J. Greg Mackinnon wrote:

We are deferring the retirement of the WebDAV service on "webfiles.uvm.edu" while we explore other options that could replace and enhance this service.  At present, we are experimenting with a third-party web-based file manager that would present files on multiple file servers though a single web interface. 

If we choose to deploy this service, we likely will stop allowing use of the SFTP protocol on "webfiles.uvm.edu", and instead move that protocol directly to "files.uvm.edu".  In this case, Internet access to "files.uvm.edu" using SFTP likely will require a VPN connection.

We will keep this list updated when we have more information.  A new plan should be announced before the end of the month.

-J. Greg Mackinnon | ETS Systems Architecture and Administration | x68251

On 11/18/2011 1:18 AM, Greg Mackinnon wrote:
[log in to unmask]" type="cite">Following the migration of "files.uvm.edu" to new equipment on the 25th of October, we informed this list that access to home shares on the filer (i.e. "My Documents") was no longer available via "webfiles.uvm.edu" using the HTTP/WebDAV protocol.

Since that time, we have been considering the future of the "files.uvm.edu" gateway server at "webfiles.uvm.edu".  We have reached the following tentative plan:
  • All HTTP/WebDAV access to the file server will be discontinued starting December 7th, 2011
  • The SFTP service on "webfiles.uvm.edu" will be relocated to instead run directly on "files.uvm.edu".  "webfiles.uvm.edumay be retained as an alias address, but its use should be discontinued after December 7th.
  • ETS will continue to investigate the possibility of deploying a web-based file management tool for browser-only Internet access to "files.uvm.edu", and perhaps "zoofiles" and "netfiles" as well.
  • Following the deployment of a web file access tool, we may block access to the SFTP service on "files.uvm.edu" from the Internet.

The reasons for these changes are enumerated below:

    1. Moving the SFTP service directly to the file server will improve performance of SFTP file transfers
      Our new Windows file server, unlike its NetApp predecessor, is capable of running a local SFTP server.  The removal of the gateway host should allow for a significant boost in transfer speed.
    2. The WebDAV service is not heavily used at present:
      On any given day we see no more than 20 unique IP addresses accessing the web server.
    3. Other off-campus file access methods are available:
      We have had a only a handful of problem reports concerning the disappearance of "MyDocs" on webfiles, and have yet to identify a use case where SFTP or VPN connectivity could not be substituted for WebDAV
    4. Implementation of a replacement WebDAV service may take an excessive amount of time:
      A 100% re-implementation of home share access will require generation of a good deal of server-side code, which could take weeks.  This time would better be spent on the development of a more useful, unified web file manager.
    5. There are security risks involved with continuation of the WebDAV service:
      Exposing file server data to the Internet using web protocols significantly increases the attack surface of institutional data, without adding markedly different functionality from other existing access methods.
      Additionally, the server currently running "webfiles.uvm.edu" has been pending an OS upgrade for years owing to the fact that newer versions of the MS HTTP/WebDAV server will require security changes on the file server that we have not wanted to implement to date. These risks also apply to the SFTP protocol, but we feel this is the less vulnerable of the two access protocols running on the server at present.

  • As in the past, use of the Cisco AnyConnect VPN will allow off-campus users to connect to "files.uvm.edu" using the native "CIFS" protocol.

    To make the transition easier, we plan to update our off-campus access documentation to include details on currently supported SFTP and VPN products on campus. 

    Thank you,
    -J. Greg Mackinnon | ETS Systems Architecture and Administration | x68251


Andrew Hendrickson
CAS IT Administrator
UVM, College of Arts & Sciences
438 College Street #402
Burlington, VT
05405

802-656-7971
802-656-4529 (fax)


To submit a request for service please use: