Copyright      Index      Next
Sun Java(TM) System Directory Server 5 2004Q2 Deployment Planning Guide

Contents

Preface

Who Should Read This Guide

How This Guide Is Organized

Using the Documentation

Conventions

Resources and Tools on the Web

How to Report Problems

Sun Welcomes Your Comments

Chapter 1   Directory Server Overview

Server Architecture Overview

Directory Design Overview

Planning the Installation

Planning Data and Data Access

Designing the Schema

Designing the Directory Tree

Designing the Topology

Designing the Replication Process

Designing a Secure Directory

Planning a Monitoring Strategy

Directory Deployment Overview

Piloting Your Directory

Putting Your Directory Into Production

Chapter 2   Planning and Accessing Directory Data

Introduction to Directory Data

What Your Directory Might Include

What Your Directory Should Not Include

Defining Your Data Needs

Performing a Site Survey

Identifying Client Applications

Identifying Data Sources

Characterizing Directory Data

Determining Directory Availability Requirements

Considering a Data Master Server

Determining Data Ownership

Determining Data Access

Documenting Your Site Survey

Repeating the Site Survey

Accessing Directory Data With DSML Over HTTP/SOAP

DSMLv2 Over HTTP/SOAP Deployment

Chapter 3   Directory Server Schema

Directory Server Schema

Schema Design Process

Mapping Your Data to the Default Schema

Viewing the Default Directory Schema

Matching Data to Schema Elements

Customizing the Schema

When to Extend Your Schema

Obtaining and Assigning Object Identifiers

Naming Attributes and Object Classes

Strategies for Defining New Object Classes

Strategies for Defining New Attributes

Deleting Schema Elements

Creating Custom Schema Files - Best Practices and Pitfalls

Maintaining Data Consistency

Schema Checking

Selecting Consistent Data Formats

Maintaining Consistency in Replicated Schema

Other Schema Resources

Chapter 4   The Directory Information Tree

Introduction to the Directory Tree

Designing the Directory Tree

Choosing a Suffix

Creating Your Directory Tree Structure

Distinguished Names, Attributes, and Syntax

Naming Entries

Grouping Directory Entries and Managing Attributes

Static and Dynamic Groups

Managed, Filtered, and Nested Roles

Role Enumeration and Role Membership Enumeration

Role Scope

Role Limitations

Deciding Between Groups and Roles

Managing Attributes with Class of Service (CoS)

About CoS

Cos Definition Entries and CoS Template Entries

CoS Priorities

Pointer CoS, Indirect CoS, and Classic CoS

CoS Limitations

Other Directory Tree Resources

Chapter 5   Distribution, Chaining, and Referrals

Topology Overview

Distributing Data

Using Multiple Databases

About Suffixes

Referrals and Chaining

Using Referrals

Using Chaining

Deciding Between Referrals and Chaining

Chapter 6   Understanding Replication

Introduction to Replication

Replication Concepts

Common Replication Configurations

Single Master Replication

Multi-Master Replication

Cascading Replication

Mixed Environments

Fractional Replication

Defining a Replication Strategy

Performing a Replication Survey

Replication Resource Requirements

Replication Backward Compatibility

Using Replication for High Availability

Using Replication for Local Availability

Using Replication for Load Balancing

Example Replication Strategy for a Small Site

Example Replication Strategy for a Large Site

Replication Strategy for a Large, International Enterprise

Using Replication with Other Directory Features

Replication and Access Control

Replication and Directory Server Plug-Ins

Replication and Chained Suffixes

Schema Replication

Replication and Multiple Password Policies

Replication Monitoring

Chapter 7   Access Control, Authentication, and Encryption

Security Threats

Unauthorized Access

Unauthorized Tampering

Denial of Service

Overview of Security Methods

Analyzing Your Security Needs

Determining Access Rights

Ensuring Data Privacy and Integrity

Conducting Security Audits

Selecting Appropriate Authentication Methods

Anonymous Access

Simple Password

Proxy Authorization

Simple Password Over a Secure Connection

Certificate-Based Client Authentication

SASL-Based Client Authentication

Preventing Authentication by Account Inactivation

Designing Password Policies

Password Policy Features

Configuring Password Policies

Preventing Dictionary-Style Attacks

Password Policies in a Replicated Environment

Designing Access Control

ACI Format

Default ACIs

Setting Permissions

Requesting Effective Rights Information

Tips on Using ACIs

ACI Limitations

Securing Connections With SSL

Encrypting Attributes

What is Attribute Encryption?

Attribute Encryption Implementation

Attribute Encryption and Performance

Attribute Encryption Usage Considerations

Grouping Entries Securely

Using Roles Securely

Using CoS Securely

Securing Configuration Information

Other Security Resources

Chapter 8   Directory Server Monitoring

Defining a Monitoring and Event Management Strategy

Directory Server Monitoring Tools

Directory Server Monitoring

Monitoring Directory Server Activity

Monitoring Database Activity

Monitoring Disk Status

Monitoring Replication Activity

Monitoring Indexing Efficiency

Monitoring Security

SNMP Monitoring

About SNMP

SNMP Monitoring in Directory Server

Chapter 9   Reference Architectures and Topologies

Addressing Failure and Recovery

Planning a Backup Strategy

Choosing a Backup Method

Choosing a Restoration Method

Sample Replication Topologies

Single Data Center

Two Data Centers

Three Data Centers

Five Data Centers

Single Data Center Using the Retro Change Log Plug-In

Chapter 10   System Sizing

Suggested Minimum Requirements

Minimum Available Memory

Minimum Local Disk Space

Minimum Processing Power

Minimum Network Capacity

Sizing Physical Memory

Sizing Memory for Directory Server

Sizing Memory for the Operating System

Sizing Total Memory

Dealing With Insufficient Memory

Sizing Disk Subsystems

Sizing Directory Suffixes

How Directory Server Uses Disks

Distributing Files Across Disks

Disk Subsystem Alternatives

Monitoring I/O and Disk Use

Sizing for Multiprocessor Systems

Sizing Network Capacity

Sizing for SSL

Glossary

Index

Copyright      Index      Next

---

Copyright 2004 Sun Microsystems, Inc. All rights reserved.