Addressing SAN Allocation and Permission Challenges
Author: Bob Pank#
Published 1st October 2012
Facilities today face a number of management complexities when allocating storage resources, especially as frame-based and 3D workflows increase in popularity and the amount of multi-format media that professionals are managing continues to grow. Camera acquisition formats are various, many workflows employ proxy generation to save space and bandwidth, and modern non-linear editing systems allow all these formats to co-exist in a single project. This mass of data required for project workflow and delivery insists that the overworked facility engineers become data managers as well.
With the convergence of IT and content creation, many of today’s storage systems designed for post production professionals are heavily biased toward enterprise-level feature sets. While this can be beneficial for larger companies, over time these systems can force smaller facilities and departments into a “big bucket” approach to workflow – storing everything and anything wherever you have permissions to write. This can result in wasted time and money spent tracking down video, audio and project metadata in the archive and backup stages, not to mention project completion when it’s time to delete all that data existing in various locations.
To work around these challenges, creative facilities may mandate that all system users get full access to the storage resource at the root level. While most permission issues subside in this instance, and data deletion and access become easier, it creates a “Wild West” of facility data. Important files are inexplicably deleted, video is captured or encoded to the wrong location and new project versions surface, because artists can’t find the one they were just working on.
The crux of the issue is that many SAN (storage area network) solutions will authenticate users on a file and folder basis, as opposed to the storage volume. This is due to the complexity and sometimes outright inability to create volume allocations to manage project-based data on the fly. However, virtual volumes SANs offer an alternative – dynamic, changeable and simplistic volume-based permissions management. With virtual volumes, administrators have the ability to create project-based allocations for storage – assigning a volume to each given project if desired, or some consolidation of projects under a job code. Those allocations can then be easily divvied out among users with different permissions across the network.
Of course, if a facility has the IT expertise, an IT-based SAN allows you to be more granular about how you assign permissions to each user at each level of the file system – giving you additional flexibility within a given storage volume. However, this method of management is complex for an inexperienced user to understand, learn and operate on a daily basis. In today’s post-production climate, being able to easily manage permissions is key to delivery of the finished product on schedule. Leveraging a multi-user write, virtual-volume shared storage system, you can do so without the IT training required to master the subtle nuances of access control lists, Kerberos and POSIX permissions.
Implementing a shared storage system that allows users to easily manage accounts and allocate storage resources based on those accounts is the best possible route to avoiding the complexities that post production professionals currently face. System security is achieved through user and password login from the desktops over various protocols including Fibre Channel and Ethernet. Project security is enabled through permissions set by the administrator for each user account on the system. Certain users involved in data ingest can have permission to write (capture, render, etc) to a project volume, while others may be allowed to only read that data, but receive immediate updates when new data has been added. Other users outside that project may have no access to the volume at all, and work with other volumes that have been created for their job.
Facilis TerraBlock 5.6, the latest version of our virtual-volume shared storage system, enables the ideal management scenarios mentioned here by introducing user and password authentication for clients. This new feature allows our users to deploy workstations with identical desktops, software and even OS logins, and still access the proper project volume permissions.
TerraBlock 5.6 combines this new authentication feature with our traditional volume-based permissions that reduce the time it would normally take to make changes at a file and folder level. While ensuring simple permissions management, it also removes roadblocks to efficient post production workflows by keeping the internal volume permissions wide open, so that users who have access to a volume will never find themselves without the ability to use any file or folder within that volume. With the FedEx deadline looming, the last thing you want is a permission problem keeping you from inserting that last element for the job.
Facilis’ TerraBlock offers virtual volume management with support for varied connectivity methods (Fibre Channel and Ethernet) and multiple operating systems (Windows, Mac OS X and Linux). We also provide a Multi-user Write shared file system with user and password login, without a per-seat license or fee of any kind. At Facilis we’re committed to constantly evolving our technology; we consider the challenges that accompany the management of a post production workflow, and do our best to offer products that solve those problems.
