Internal organization of the NAS

The NAS file storage system uses a combination of technologies from Active Directory and the EPFL integrated NAS provider.

EPFL

Each EPFL user is accredited to a unit at the top level of the institution’s hierarchy.
This accreditation has two properties:

  • The user has an Active Directory account
    If the user has several accreditations, the first one is the main one.
  • Active Directory

Active Directory

  • Each Active Directory user has a unique ID.
  • Every file that is modified inherits this unique ID.
  • The only process to change the ID of a file is to take ownership of it by an administrator account, after this operation all files have the ID of the administrator account.

NAS

The use of the electronic infrastructure of EPFL is defined in LEX 6.1.4.

The content of the storage space reserved by an employee of a unit and/or for a unit (hereafter called unit storage space) is under the responsibility of the head of the unit.

Private use of the unit storage space is clearly marked by the users (directory marked as private in its name).
The head of the unit may prohibit or restrict the private use of the unit storage space in accordance with Art. 29 LEX 6.1.4.

The NAS is organized with one share per top level unit.

This share is organized with two automatically created structures:

  • unit-common
    All users accredited in the unit have the possibility to modify the contents.
  • unit-administration
    Reserved for the administration of the unit, adding and deleting members is done by requesting the NAS administrators.


Nominative folders are also created automatically, they follow the main accreditation.

Before leaving, users are responsible for transferring all their professional data to the person designated by the unit manager. They must delete their personal data from the unit’s storage space.

After a user leaves EPFL, the person designated by the head of the unit will immediately delete private data marked as such and not deleted by the user, and may move non-private content and delete the name folder according to the organization set up by the head of the unit.

Each user has a quota linked to his account independent of the location of the data: 30 GB per user, 50 GB for the secretary, 100 GB for the professor.
The management of these quotas is done by the NAS administrators.

Each laboratory has a volume of 1 TB which is offered by EPFL.
The increase of this volume is at the charge of the units.

On the technical side

  • By design, Windows allows only one Active Directory account to be connected (you cannot connect the NAS with two different accounts at the same time from the same computer).
  • On the NAS, for each Active Directory account, we need to define an explicit (or implicit) quota.
  • In the case of implicit quotas, they are the same for all users, but they do not replace explicit quotas.

Project management

It is possible to create groups and link them to specific folders. But this is time consuming and error prone (we always add users, but never delete them).
I strongly recommend to make a simple path (have / don’t have access) to the folder and not to try to make a complex management structure.
The NAS managers in the units manage the day-to-day operation, adding and removing users manually!
This is a tedious and error-prone task.
On the NAS, simplicity is the key to success.

Creating an additional share for a unit for a function

There are two ways to create a share for a unit

  1. Inside the unit’s folder
    • Constraints:
      • The members of the share must be accredited in the unit.
      • The name of the folder must correspond to unit-function.
      • The folder name is in lower case.
      • The name of the groups must match the name of the folder.
    • Advantage:
      • There is no need to manage the quota of each member.
  2. Outside the unit folder
    • Constraints:
      • The share name must match unit-function.
      • The share name is in lower case.
      • The name of the groups must match the name of the share.
      • The default quota of the unit must be changed to the maximum necessary value per user.
      • As only a global quota can be defined, it corresponds to the maximum size of all shares outside the unit’s folder.
    • Advantage:
      • It is possible to create shares for accredited members in several units.

NAS administrators

The NAS administrators are Laurent Kling and David Desscan