Microsoft is currently working on a symbiotic, serverless, distributed file system named Farsite (Federated, Available, and Reliable Storage for an Incompletely Trusted Environment) which uses new techniques to provide a highly-reliable service. The system is distributed over various machines and its main purpose is to store files. Farsite is serverless in that it is decentralized from a main server or cluster of servers and runs entirely on client machines. In addition, the system is symbiotic, meaning that it works in cooperation with other machines but not entirely trusting all clients.
The main goals of the Farsite program are as follows:
- To provide a stable, constantly available file system that can be run on regular home computers, which have inconsistencies in their software, hardware, and lifetimes.
- To ensure user privacy and stability in a system with not central authority, in which the operating system of a fraction of the machines may be compromised.
- To creates an can adapt and is able to automatically configure itself, reacting appropriately to component failures, usage variations, or environmental changes, without the presence of a central server to provide a basis for decisions.
Advantages of Using Farsite
Microsoft plans to market Farsite to universities or large companies, which make use of thousands of machines and are connected by a high band-width, low-latency network. These areas would benefit from a global name space for files, location-transparent access to both private files and shared files, and improved reliability relative to storing files on a desktop. For instance, if a user needs to access a file remotely, the desktop being accessed must be turned on, have a constant connection to the network, have available system resources, and must not have any hardware failures. If the network card or any other component used to connect to the network is malfunctioning, the user simply canít access his/her computer remotely.
In addition to increased remote accessibility, Farsite addresses problems resulting from a centralized server configuration.
The file system looks like a shared network folder (ie. F:, G:) and can only be accessed by users with authorization. The system will enforce a simple reciprocity rule regarding storage space, making sure that users receive access to storage space equal to the amount of space the client has contributed to the system. The storage process begins with the encryption of the files, which are the replicated and distributed to several machines within the system. Encryption prevents an unauthorized user from viewing a fileís content even though that file may be stored in that userís desktop computer. By making multiple replicas of any given file and distributing those replicas, Farsite prevents malicious users from destroying all the copies of that file.
Replication increases the probability of a file being accessed since a user may access various sources. Therefore, doesnít replication decrease the amount of usable disk space? Replicating files will reduce the space available on client computers, but Farsite uses a technique that counters that effect. If two or more files stored in a client computer have identical contents, the Farsite system combines the files into the space needed to store a single file. Using the technology from Windows 2000, Farsite detects and coalesces identical files and also automatically separated coalesced files when one of them is modified, maintaining the integrity of each separate file. At first glance, the encryption of files seems to make detection of identical files difficult. However, Farsite uses a technique called convergent encryption, which allows the detection and coalescing of identical files even when different encryption keys are used. Rather than enciphering the contents of a user's files directly with the user's key, the contents of each file are one-way hashed, and the resulting hash value is used as a key for enciphering the file contents. The user's key is then used to encipher the hash value, and this enciphered value is attached to the file as meta-data. The user decrypts a file by first deciphering the hash value and then deciphering the file using the hash value as a key. Using this approach, files with identical plaintext will also have identical ciphertext, regardless of the users' keys that encrypt them.