2011-07-06 // Mac OS X: NFS instead of AFP for home directories
This is a rather interesting thing I've come across, using NFS as protocol instead of AFP for home directories.
Changing the protocol fixed several annoying issues for us:
- Microsoft Office can now save files in your network home!!! With AFP you'd get the annoying error saying it can't store on a network volume. With NFS you don't get this error, it just works!
- MS Office also had issues with just saving a file in your home folder, this issue is now gone as well.
- OmniGraffle also had a similar issue with saving files in your home folder, this is also solved.
- TextWrangler also had issues with saving in your home folder, 1303 error if I remember correct, this is now also solved.
- I'm not aware of other applications but at this point I'm very happy with getting rid of these errors!
- Login with multiple network users onto one Mac. The AFP protocol doesn't support user switching of network users, NFS does which helps us out allot for certain computers where multiple people work behind.
- The default archive utility now works.
- This used to give errors when using it with your AFP home directory, this basically meant that it was unusable. We were forced to use Stuffit Expander in order to make file extraction possible.
- Now we can use both without any errors.
- And as a last big thing which was fixed for us, the main reason why we now use NFS, is the overall performance.
Let me explain the last point because that's something that won't count for everyone. (and give a small impression of our setup)
Our servers are in a datacenter which is geographically located in a different city then our office. We have an Ethernet VPN connection to the datacenter which is guaranteed 100Mbit full-duplex, the latency is very stable at 7-8ms (even at a high load).
We run all of our home directories, network shares, mailboxes, etc. on the server. So all that stuff has to go over the E-VPN connection. Before we moved the server to the datacenter it was running in our office, and as a test it was also on a 100Mbit port. Latency wasn't that stable, sometimes 0.2ms other times 15ms.
But, when everything was at the office it all just worked and we were all happy people :P
Since the move to the datacenter a bunch of things became extremely slow, mainly:
- Network homes. Applications responded slower, getting a directory listing took longer then usual, etc.
- Network shares. Same issues but in this case it's mostly the directory listing that people complained about.
- Synchronising mobile accounts. This went from quick checks that took maybe a few minutes to long checks that took up to 30 minutes. Basically unacceptable. (this was partly due to me forgetting to check the “server-side file tracking” box. But even with that box checked it takes up to 15 minutes.
So, as a result we went on research. We didn't believe that latency was the issue, and after some searching we came across this Apple article:
It basically explains that AFP is a smart protocol which checks the distance between the client and the server. In our case the server moved further away which probably triggered the slow performance for AFP, making it think it was on a WAN connection.
But, we want it to pretend to be on a LAN connection!
Sadly the article is old and all those settings simply don't work on Mac OS X 10.6 server. I've done allot of tweaking, including trying to tweak the TCP stack. Yet all without luck.
After a while I just went for a desperate act and decided to do some tests with NFS, since I was still convinced AFP was the issue.
During the tests the performance became better and I noticed the side affects that a bunch of applications were now working as intended instead of giving weird errors!
The only problem we might have now is that our 100Mbit connection is too slow (terms of data throughput), as a result we're looking into maybe upgrading it to 1000Mbit and just be done with it. (we're still a growing company, on a short-term basis we might gain 20 extra users which would meant hat we really need to upgrade the E-VPN line.
Anyway, overall this was THE magic “check box” that solved most of our problems. We saw a performance increase, user experiences have improved and we've gained some extra functionality :)
