UNC-Chapel Hill will retire the Andrew File System (AFS) on November 13, 2018.

The statement is simple. More interesting and intricate, however, are the prudent steps the campus is taking to assist users through the decommissioning process and the history of AFS’ use at the University.

How retirement was decided

Last September nearly 20 IT leaders from across campus came together to assess the current usage of AFS and develop recommendations for the service’s eventual retirement.

Over the next three months, the group met to evaluate usage data for the nearly 9TB of data spread across 5,000 volumes — from file timestamps to user logins to web server access logs.

The AFS Migration Advisory Committee recommended retiring the AFS service, citing security, privacy and future stability concerns.

“It took me almost three months to stop chuckling every time I’d tell someone ‘No, really, we are going to retire AFS, really; yes, in 2018,’” said Matthew Mauzy, who led ITS’ effort to assess an AFS decommission.

ITS Project Manager Brenda Carpen heads up the AFS decommissioning project.

Small percentage actively using AFS

When the group began looking at user activity, there were 18,000 user accounts. Of those, fewer than 400 had updated content in their home directories within the last 18 months.

One of the highest traffic sites in AFS is The Lighthouse Directory, a compilation of more than 20,100 lighthouses from around the world. Its curator updates the site weekly.

The AFS Migration Advisory Committee decided to deactivate the 9,000 users with no user-created content. Of these disabled accounts, only four have since been turned back on. Additionally, more than 200 broken, outdated or no-longer-in-use URLs were removed from the www cluster.

ITS’ project team for the AFS retirement is working with users and departmental IT staff to examine the remaining content in about 300 departmental/project accounts and 9,000 user accounts as well as more than 1,000 websites that have content in AFS space, not including the websites of individuals.

Carolina has used AFS for two decades

For a long time after UNC-Chapel Hill started using AFS in 1996, the distributed file system was the only way that individuals could publish content to the web.

Todd Lewis headshot 2018
Todd Lewis

Over the decades, AFS became integral in numerous ITS and campus wide business services from the software download site to ConnectCarolina user training. AFS is used for MOUs for unc.edu top-level domain names and the code to inject Alert Carolina messages on campus websites. AFS, in fact, has been a remarkably stable service with very few service outages.

“AFS came to campus in 1996 to solve a particular problem: to provide users with a common home directory across all the nodes of the growing email complex,” recalled Todd Lewis, Solutions Engineer of ITS Infrastructure & Operations. “Back then, users logged into servers through a CLI (command-line interface) to run their applications in text mode on servers. That includes email and UserID creation.”

Lewis has been involved with AFS since Carolina began using the file system. For all these years, he’s been creating and/or deprovisioning Onyens and their associated AFS home volumes.

“AFS proved so good at hosting home directories that we soon started using it across most of the Research Computing servers,” Lewis said. “Add an AFS client to your desktop and no matter where you were, there were your files.”

AFS has run its course

Over the years, though, it became apparent that AFS’ suitability was coming to an end. As technology has advanced, most of AFS’ functionality has been replaced by newer technology, such as Office 365 and WordPress.

Nowadays, when applications are local on a desktop or a phone or they run in a web browser that pulls data from remote services, logging into remote servers via CLI is foreign to most users, Lewis said. Also, you don’t find AFS clients on many users’ desktops any longer. Furthermore, few users are proficient with the tools they would need to find and download their AFS files.

In addition, AFS file space was created prior to policies regarding sensitive data. AFS cannot be easily scanned for sensitive data.

Users now have ‘easy button’ for saving files

The ITS project team considered ways ITS could ease any potential distress for users during this AFS shutdown process. Lewis developed what is essentially an easy button for users. “It seemed natural,” he said, “to extend by just a little bit the code that’s been creating these AFS home volumes for 20 years to go the other way and deliver those same volumes to their owners in zip files through the web.”

Screenshot of the web page from which users can download their AFS files
AFS decommissioning tool

With the tool Lewis built, users can download a copy of their home volume and a file of any of their volumes that have either READ or ADMIN ACLs in the root of the volume. They can use this purge tool regardless of whether their volume is currently purged.

As of April 19, when communication about the decommissioning had just begun, more than 350 AFS users had already used this easy-button tool to download their volumes.

The ITS project team is asking AFS users to take two simple actions: visit the decommissioning download tool to download their home directory and then purge their account. ITS has more information available on the project website.

Comments are closed.