[log in to unmask]" type="cite">Following the migration of "files.uvm.edu" to new equipment on the 25th of October, we informed this list that access to home shares on the filer (i.e. "My Documents") was no longer available via "webfiles.uvm.edu" using the HTTP/WebDAV protocol.
Since that time, we have been considering the future of the "files.uvm.edu" gateway server at "webfiles.uvm.edu". We have reached the following tentative plan:
- All HTTP/WebDAV access to the file server will be discontinued starting December 7th, 2011
- The SFTP service on "webfiles.uvm.edu" will be relocated to instead run directly on "files.uvm.edu". "webfiles.uvm.edu" may be retained as an alias address, but its use should be discontinued after December 7th.
- ETS will continue to investigate the possibility of deploying a web-based file management tool for browser-only Internet access to "files.uvm.edu", and perhaps "zoofiles" and "netfiles" as well.
- Following the deployment of a web file access tool, we may block access to the SFTP service on "files.uvm.edu" from the Internet.
The reasons for these changes are enumerated below:
- Moving the SFTP service directly to the file server will improve performance of SFTP file transfers
Our new Windows file server, unlike its NetApp predecessor, is capable of running a local SFTP server. The removal of the gateway host should allow for a significant boost in transfer speed.
- The WebDAV service is not heavily used at present:
On any given day we see no more than 20 unique IP addresses accessing the web server.
- Other off-campus file access methods are available:
We have had a only a handful of problem reports concerning the disappearance of "MyDocs" on webfiles, and have yet to identify a use case where SFTP or VPN connectivity could not be substituted for WebDAV
- Implementation of a replacement WebDAV service may take an excessive amount of time:
A 100% re-implementation of home share access will require generation of a good deal of server-side code, which could take weeks. This time would better be spent on the development of a more useful, unified web file manager.
- There are security risks involved with continuation of the WebDAV service:
Exposing file server data to the Internet using web protocols significantly increases the attack surface of institutional data, without adding markedly different functionality from other existing access methods.
Additionally, the server currently running "webfiles.uvm.edu" has been pending an OS upgrade for years owing to the fact that newer versions of the MS HTTP/WebDAV server will require security changes on the file server that we have not wanted to implement to date. These risks also apply to the SFTP protocol, but we feel this is the less vulnerable of the two access protocols running on the server at present.
As in the past, use of the Cisco AnyConnect VPN will allow off-campus users to connect to "files.uvm.edu" using the native "CIFS" protocol.
To make the transition easier, we plan to update our off-campus access documentation to include details on currently supported SFTP and VPN products on campus.
-J. Greg Mackinnon | ETS Systems Architecture and Administration | x68251