Copyright      Index      Next
Sun Java(TM) System Directory Server 5.2 2005Q1 Deployment Planning Guide

Contents

List of Figures    

List of Tables    

Preface    

Conventions    

Related Books    

Documentation, Support, and Training    

Related Third-Party Web Site References    

Sun Welcomes Your Comments    

Chapter 1   Directory Server Overview    

Server Architecture Overview    

Directory Design Overview    

Planning the Installation    

Planning Data and Data Access    

Designing the Schema    

Designing the Directory Tree    

Designing the Topology    

Designing the Replication Process    

Designing a Secure Directory    

Planning a Monitoring Strategy    

Directory Deployment Overview    

Piloting Your Directory    

Putting Your Directory Into Production    

Chapter 2   Planning and Accessing Directory Data    

Introduction to Directory Data    

What Your Directory Might Include    

What Your Directory Should Not Include    

Defining Your Data Needs    

Performing a Site Survey    

Identifying Client Applications    

Identifying Data Sources    

Characterizing Directory Data    

Determining Directory Availability Requirements    

Considering a Data Master Server    

Determining Data Ownership    

Determining Data Access    

Documenting Your Site Survey    

Repeating the Site Survey    

Accessing Directory Data With DSML Over HTTP/SOAP    

DSMLv2 Over HTTP/SOAP Deployment    

Chapter 3   Directory Server Schema    

Directory Server Schema    

Schema Design Process    

Mapping Your Data to the Default Schema    

Viewing the Default Directory Schema    

Matching Data to Schema Elements    

Customizing the Schema    

When to Extend Your Schema    

Obtaining and Assigning Object Identifiers    

Naming Attributes and Object Classes    

Strategies for Defining New Object Classes    

Strategies for Defining New Attributes    

Deleting Schema Elements    

Creating Custom Schema Files - Best Practices and Pitfalls    

Maintaining Data Consistency    

Schema Checking    

Selecting Consistent Data Formats    

Maintaining Consistency in Replicated Schema    

Other Schema Resources    

Chapter 4   The Directory Information Tree    

Introduction to the Directory Tree    

Designing the Directory Tree    

Choosing a Suffix    

Creating Your Directory Tree Structure    

Distinguished Names, Attributes, and Syntax    

Naming Entries    

Grouping Directory Entries and Managing Attributes    

Static and Dynamic Groups    

Managed, Filtered, and Nested Roles    

Role Enumeration and Role Membership Enumeration    

Role Scope    

Role Limitations    

Deciding Between Groups and Roles    

Managing Attributes with Class of Service (CoS)    

About CoS    

Cos Definition Entries and CoS Template Entries    

CoS Priorities    

Pointer CoS, Indirect CoS, and Classic CoS    

CoS Limitations    

Other Directory Tree Resources    

Chapter 5   Distribution, Chaining, and Referrals    

Topology Overview    

Distributing Data    

Using Multiple Databases    

About Suffixes    

Referrals and Chaining    

Using Referrals    

Using Chaining    

Deciding Between Referrals and Chaining    

Chapter 6   Understanding Replication    

Introduction to Replication    

Replication Concepts    

Common Replication Configurations    

Single Master Replication    

Multi-Master Replication    

Cascading Replication    

Mixed Environments    

Fractional Replication    

Defining a Replication Strategy    

Performing a Replication Survey    

Replication Resource Requirements    

Replication Backward Compatibility    

Using Replication for High Availability    

Using Replication for Local Availability    

Using Replication for Load Balancing    

Example Replication Strategy for a Small Site    

Example Replication Strategy for a Large Site    

Replication Strategy for a Large, International Enterprise    

Using Replication With Other Directory Features    

Replication and Access Control    

Replication and the Retro Change Log Plug-In    

Replication and the Referential Integrity Plug-In    

Replication and Pre-Operation and Post-Operation Plug-Ins    

Replication and Chained Suffixes    

Schema Replication    

Replication and Multiple Password Policies    

Replication Monitoring    

Chapter 7   Access Control, Authentication, and Encryption    

Security Threats    

Unauthorized Access    

Unauthorized Tampering    

Denial of Service    

Overview of Security Methods    

Analyzing Your Security Needs    

Determining Access Rights    

Ensuring Data Privacy and Integrity    

Conducting Security Audits    

Selecting Appropriate Authentication Methods    

Anonymous Access    

Simple Password    

Proxy Authorization    

Simple Password Over a Secure Connection    

Certificate-Based Client Authentication    

SASL-Based Client Authentication    

Preventing Authentication by Account Inactivation    

Designing Password Policies    

Password Policy Features    

Configuring Password Policies    

Preventing Dictionary-Style Attacks    

Password Policies in a Replicated Environment    

Designing Access Control    

ACI Format    

Default ACIs    

Setting Permissions    

Requesting Effective Rights Information    

Tips on Using ACIs    

ACI Limitations    

Securing Connections With SSL    

Encrypting Attributes    

What is Attribute Encryption?    

Attribute Encryption Implementation    

Attribute Encryption and Performance    

Attribute Encryption Usage Considerations    

Grouping Entries Securely    

Using Roles Securely    

Using CoS Securely    

Securing Configuration Information    

Other Security Resources    

Chapter 8   Directory Server Monitoring    

Defining a Monitoring and Event Management Strategy    

Directory Server Monitoring Tools    

Directory Server Monitoring    

Monitoring Directory Server Activity    

Monitoring Database Activity    

Monitoring Disk Status    

Monitoring Replication Activity    

Monitoring Indexing Efficiency    

Monitoring Security    

SNMP Monitoring    

About SNMP    

SNMP Monitoring in Directory Server    

Chapter 9   Reference Architectures and Topologies    

Addressing Failure and Recovery    

Planning a Backup Strategy    

Choosing a Backup Method    

Choosing a Restoration Method    

Sample Replication Topologies    

Single Data Center    

Two Data Centers    

Three Data Centers    

Five Data Centers    

Single Data Center Using the Retro Change Log Plug-In    

Chapter 10   System Sizing    

Suggested Minimum Requirements    

Minimum Available Memory    

Minimum Local Disk Space    

Minimum Processing Power    

Minimum Network Capacity    

Sizing Physical Memory    

Sizing Memory for Directory Server    

Sizing Memory for the Operating System    

Sizing Total Memory    

Dealing With Insufficient Memory    

Sizing Disk Subsystems    

Sizing Directory Suffixes    

How Directory Server Uses Disks    

Distributing Files Across Disks    

Disk Subsystem Alternatives    

Monitoring I/O and Disk Use    

Sizing for Multiprocessor Systems    

Sizing Network Capacity    

Sizing for SSL    

Glossary    

Index    259

Copyright      Index      Next

---

Copyright 2005 Sun Microsystems, Inc. All rights reserved.