Secure AFS is an option for storing High Risk Data in a secure, centralized location. Secure AFS is based on AFS (Andrew File System), a distributed networked file system in wide use at Stanford for general data storage.
Secure AFS group accounts are similar to regular AFS group accounts, but with the following important differences:
- File access — You can only access a Secure AFS account through WebAFS (or through your favorite AFS client, such as OpenAFS, if you are connected to Stanford VPN).
- File permissions — Permissions are restricted to write access granted to a single workgroup per Secure AFS account; no other permissions may be set on the account.
- File backup — To ensure the safety of files, all data is backed up nightly. Backups are kept for 30 days. If you accidentally delete an important file from Secure AFS, the file can be restored.
- File storage — Secure AFS space is stored on separate AFS servers in a secure firewall zone.
- Web service — No web publishing services are available.
- Expiration — Secure AFS account space is granted for one year and must be renewed annually. Access to files in Secure AFS is disabled if the account is not renewed. At account setup, users can choose a grace period up to 18 months defining how long files should be kept once the account expires. During the grace period, the user may renew the account in order to gain access to the files again. At the end of the grace period, Secure AFS accounts are automatically removed and the files purged.
This service has to be requested and access is restricted to members of a workgroup with an associated Secure AFS group account.
Create a new workgroup or use an existing workgroup: To request the Secure AFS service, you must be an administrator of a workgroup. The workgroup does not need any special features or properties, but note that workgroups with a large membership are usually not appropriate for controlling access to Moderate and High Risk Data. Note: Workgroup administrators must add themselves as members as well in order to access the Secure AFS group.
Submit a Secure AFS Group Request: Once you have a workgroup, submit a Secure AFS Group Request. You can request up to 5 GB of space and tie access to the space to any workgroup for which you're an administrator. The Secure AFS space will be created and usable immediately.
Secure AFS space is separate from any existing user, group, department, data, or class AFS space that you administer or have access to. The newly created Secure AFS space will be in a different location and path than your existing space and cannot be put in a subdirectory of your normal group or department space. Its permissions and renewal are handled separately from any other AFS space. This is due to the special security restrictions and access control for Secure AFS space.
Manage your Secure AFS Groups: You can use this interface to view and update the settings for your group. These settings include the workgroup that controls access, the file path in AFS, quota, and expiration date.
To learn more about AFS, consult the File Storage: AFS web pages listed in the left sidebar.