Documentation Home
> Oracle Fusion Middleware Deployment Planning Guide for Oracle Directory Server Enterprise Edition
Oracle Fusion Middleware Deployment Planning Guide for Oracle Directory Server Enterprise Edition
Book Information
Index
A
B
C
D
E
F
H
I
J
L
M
N
P
R
S
T
V
Preface
Part I Overview of Deployment Planning for Directory Server Enterprise Edition
Chapter 1 Introduction to Deployment Planning for Directory Server Enterprise Edition
About Deployment Planning
Directory Server Enterprise Edition Components in a Deployment
Solution Life Cycle
Chapter 2 Business Analysis for Directory Server Enterprise Edition
About Business Analysis
Defining Directory Server Enterprise Edition Business Requirements
Part II Technical Requirements
Chapter 3 Usage Analysis for Directory Server Enterprise Edition
Usage Analysis Factors
Chapter 4 Defining Data Characteristics
Determining Data Sources and Ownership
Identifying Data Sources
Determining Data Ownership
Distinguishing Between User and Configuration Data
Identifying Data From Disparate Data Sources
Designing the DIT
Choosing a Suffix
Creating the DIT Structure and Naming Entries
Branch Points and Naming Considerations
Replication Considerations
Access Control Considerations
Designing a Directory Schema
Schema Design Process
Maintaining Data Consistency
Other Directory Data Resources
Chapter 5 Defining Service Level Agreements
Identifying System Qualities
Defining Performance Requirements
Identifying Client Applications
Determining the Number and Size of Directory Entries
Determining the Number of Reads
Determining the Number of Writes
Estimating the Acceptable Response Time
Estimating the Acceptable Replication Latency
Defining Availability Requirements
Defining Scalability Requirements
Defining Security Requirements
Defining Latent Capacity Requirements
Defining Serviceability Requirements
Chapter 6 Tuning System Characteristics and Hardware Sizing
Host System Characteristics
Port Numbers
Directory Server and Directory Proxy Server LDAP and LDAPS Port Numbers
Directory Server DSML Port Numbers
Directory Service Control Center and Common Agent Container Port Numbers
Identity Synchronization for Windows Port Numbers
Hardware Sizing For Directory Service Control Center
Hardware Sizing For Directory Proxy Server
Configuring Virtual Memory
Configuring Worker Threads and Backend Connections
Disk Space for Directory Proxy Server
Network Connections for Directory Proxy Server
Hardware Sizing For Directory Server
The Tuning Process
Making Sample Directory Data
What to Configure and Why
Directory Server Database Page Size
Directory Server Cache Sizes
Directory Server Indexes
Directory Server Administration Files
Directory Server Replication
Directory Server Threads and File Descriptors
Directory Server Growth
Top Tuning Tips
Simulating Client Application Load
Directory Server and Processors
Directory Server and Memory
Directory Server and Local Disk Space
Directory Server and Network Connectivity
Limiting Directory Server Resources Available to Clients
Limiting System Resources Used By Directory Server
Operating System Tuning For Directory Server
Operating System Version and Patch Support
Basic Security Checks
Accurate System Clock Time
Restart When System Reboots
System-Specific Tuning With The idsktune Command
File Descriptor Settings
Transmission Control Protocol (TCP) Settings
Inactive Connections
Outgoing Connections
Retransmission Timeout
Sequence Numbers
Tuning TCP Settings on Solaris 10 Systems
Physical Capabilities of Directory Server
Other Tips to Improve Overall Performance
Tuning Cache Settings
Basic Tuning Recommendations
For Maximum Search Rate (Searches Only)
For Maximum Modification Rate (Modifications Only)
Small, Medium, and Large Data Sets
Optimum Search Performance (Searches Only)
Optimum Modify Performance (Modifications Only)
Tuning Indexes for Performance
Basic Directory Server Sizing Example: Disk and Memory Requirements
System Characteristics
Preparing a Directory Server Instance
Populating the Suffix With 10,000 Sample Directory Entries
Populating the Suffix With 100,000 Sample Directory Entries
Populating the Suffix With 1,000,000 Sample Directory Entries
Summary of Observations
Chapter 7 Identifying Security Requirements
Security Threats
Overview of Security Methods
Determining Authentication Methods
Anonymous Access
Simple Password Authentication
Simple Password Authentication Over a Secure Connection
Certificate-Based Client Authentication
SASL-Based Client Authentication
Preventing Authentication by Account Inactivation
Preventing Authentication by Using Global Account Lockout
External Authentication Mappings and Services
Proxy Authorization
Designing Password Policies
Password Policy Options
Password Policies in a Replicated Environment
Password Policy Migration
Password Synchronization With Windows
Determining Encryption Methods
Securing Connections With SSL
Encrypting Stored Attributes
What Is Attribute Encryption?
Attribute Encryption Implementation
Attribute Encryption and Performance
Designing Access Control With ACIs
Default ACIs
ACI Scope
Obtaining Effective Rights Information
Tips on Using ACIs
Designing Access Control With Connection Rules
Designing Access Control With Directory Proxy Server
How Connection Handlers Work
Grouping Entries Securely
Using Roles Securely
Using CoS Securely
Using Firewalls
Running as Non-Root
Other Security Resources
Chapter 8 Identifying Administration and Monitoring Requirements
Directory Server Enterprise Edition Administration Model
Remote Administration
Designing Backup and Restore Policies
High-Level Backup and Recovery Principles
Choosing a Backup Method
Binary Backup
Backup to LDIF
Choosing a Restoration Method
Binary Restore
Restoration From LDIF
Designing a Logging Strategy
Defining Logging Policies
Defining Log File Creation Policies
Defining Log File Deletion Policies
Manually Creating and Deleting Log Files
Defining Permissions on Log Files
Designing a Monitoring Strategy
Monitoring Tools Provided With Directory Server Enterprise Edition
Identifying Monitoring Areas
Part III Logical Design
Chapter 9 Designing a Basic Deployment
Basic Deployment Architecture
Basic Deployment Setup
Improving Performance in a Basic Deployment
Using Indexing to Speed Up Searches
Optimizing Cache for Search Performance
All Entries and Indexes Fit Into Memory
Sufficient Memory For 32-Bit Directory Server
Insufficient Memory
Optimizing Cache for Write Performance
Chapter 10 Designing a Scaled Deployment
Using Load Balancing for Read Scalability
Using Replication for Load Balancing
Basic Replication Concepts
Master, Consumer, and Hub Replicas
Assessing Initial Replication Requirements
To Determine Initial Replication Requirements
Load Balancing With Multi-Master Replication in a Single Data Center
Load Balancing With Replication in Large Deployments
Using Server Groups to Simplify Multi-Master Topologies
Using Directory Proxy Server for Load Balancing
Using Distribution for Write Scalability
Using Multiple Databases
Using Directory Proxy Server for Distribution
Routing Based on the DIT
Routing Based on a Custom Algorithm
Using Directory Proxy Server to Distribute Requests Based on Bind DN
Distributing Data Lower Down in a DIT
Logical View of Distributed Data
Physical View of Data Storage
Directory Server Configuration for Sample Distribution Scenario
Directory Proxy Server Configuration for Sample Distribution Scenario
Considerations for Data Growth
Using Referrals For Distribution
Using Directory Proxy Server With Referrals
Chapter 11 Designing a Global Deployment
Using Replication Across Multiple Data Centers
Multi-Master Replication
Concepts of Multi-Master Replication
Multi-Master Replication Over WAN
Group and Window Mechanisms
Replication Compression
Fully Meshed Multi-Master Topology
Cascading Replication
Prioritized Replication
Fractional Replication
Sample Replication Strategy for an International Enterprise
Using Directory Proxy Server in a Global Deployment
Sample Distribution Strategy for a Global Enterprise
Chapter 12 Designing a Highly Available Deployment
Availability and Single Points of Failure
Mitigating SPOFs
Advantages and Disadvantages of Redundancy
How Redundancy Handles SPOFs
Redundancy at the Hardware Level
Redundancy at the Software Level
Using Replication and Redundancy for High Availability
Using Redundant Replication Agreements
Promoting and Demoting Replicas
Using Directory Proxy Server as Part of a Redundant Solution
Using Application Isolation for High Availability
Sample Topologies Using Redundancy for High Availability
Using Replication for Availability in a Single Data Center
Single Data Center Failure Matrix
Single Data Center Recovery Procedure
To Recover on Failure of One Component
Using Replication for Availability Across Two Data Centers
Using Multiple Directory Proxy Servers
Using Application Isolation
Part IV Advanced Deployment Topics
Chapter 13 Using LDAP-Based Naming With Solaris
Why Use an LDAP-Based Naming Service?
Migrating From NIS to LDAP
Migrating From NIS+ to LDAP
Chapter 14 Deploying a Virtual Directory
When to Use a Virtual Directory
Typical Virtual Directory Scenario
Connecting User Identities From Different Data Sources
Chapter 15 Designing a Deployment With Synchronized Data
Identity Synchronization for Windows Deployment Considerations
© 2010, Oracle Corporation and/or its affiliates