: Jeff Handy's Blog
: Final Cut Server - Initial decisions
Being that we are mixing our Final Cut Server into an existing workflow, we have a couple of infrastructure issues to go over tomorrow. I'll be looking into these in even finer detail this evening. What I learned in the class is that Final Cut Server does not play well with the so-called magic triangle. This is a commonly used method by admins to sync up Open Directory (Mac server) groups with Active Directory (Windows server) groups. The bottom line is that we have to choose one method of user authentication or the other - we cannot hybrid the two. Why some admins like to hybrid the two is still a bit of a mystery to me. Not to get bogged down by that detail, we'll be debating the pros and cons of each of the two methods.
I like the idea of not duplicating work. So, I like the thought of using Active Directory since our tech support crew already maintains that system for our Windows network. Since 98% of our net work consists of Windows computers, it stands to reason that the Macs assimilate to the existing system and not the other way around. Make sense? I think so. If we go with Open Directory, we'd have to first learn about it, train others and maintain a completely different authentication system. That means additional resources would have to be allocated to make sure the AD and OD systems are synchronized manually - yikes!
The downsides to using AD, as I understand them, are:
1. This is a very new feature and not yet stable. Certainly, we'll have to test early and often, which we would have done anyway.
2. Each Mac has to be configured for kerberos authentication. From what I can tell, this doesn't seem to be a big deal at all and can probably be automated for new client systems.
3. Additional configuration of the server. Again, this looks like a fairly simple process and would only have to be done once, in theory.
4. Each Windows client would have to be modified to include a kerberos authentication file. This can likely be added to a login script for all Windows users within particular groups.
All in all, I think we could do worse. At least in the cases I've read about, AD does work, but it's on the buggy side and takes extra set up to work in the first place. With all of the benefits of AD authentication, it makes sense to move forward with that. Barring any major concerns or objections, I think this is the direction we'll end up taking for group and user permissions on FCSvr.
The second major topic will be our XSAN configuration. Currently, it's not quite set up for optimal use. Each of our RAIDs is a separate volume - five volumes in all. Now, I'm no XSAN admin, but I can see from our book that we need to separate the functions of XSAN first and customize the volume and affinities from that. If we configure the volumes right, we should end up with much higher performance on the biggest need, our capture end edit functions. Then, we should be able to delegate the slower systems to volumes that we allocate to archival and stock media functions. And finally a volume that would be optimized for sharing FCP project files. I honestly don't know how that conversation will go and I have no definite ability to make good decisions for the details. Again, I'll have to get more homework done this evening.
Wish me luck!