JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Identity Synchronization for Windows 6.0 Deployment Planning Guide
search filter icon
search icon

Document Information


1.  Introduction

2.  Case Study: Deploying in a Multimaster Replication Environment

3.  Case Study: Deploying in a High-Availability Environment Over a Wide Area Network Using SSL

Global Telco Deployment Information

Directory Server Setup

Active Directory Information


Installation and Configuration Overview

Primary and Secondary Installations

Periodically Linking New Users

Large Deployment Considerations

Configuration Walkthrough

Primary Installation

Failover Installation

Setting Up SSL

Increasing Connector Worker Threads

Aligning Primary and Failover Configurations

Setting Multiple Passwords for uid=PSWConnector

Initial idsync resync Operation

Initial idsync resync Operation for Primary Installation

Initial idsync resync Operation for Failover Installation

Periodic idsync resync Operations

Periodic idsync resync Operation for Primary Installation

Periodic idsync resync Operation for Failover Installation

Configuring Identity Manager

Understanding the Failover Process

Directory Server Connector

Active Directory Connector

Initializing the Connector State

Failover Installation Maintenance

When to Failover

Failing Over

Stopping Synchronization at the Primary Installation

Starting Synchronization at the Failover Installation

Re-enabling the Directory Server Plugins

Changing the PDC FSMO Role Owner

Monitoring the Logs

Failing Back to the Primary installation

A.  Pluggable Authentication Modules

B.  Identity Manager and Identity Synchronization for Windows Cohabitation

C.  Logging and Debugging



When to Failover

Identity Synchronization for Windows is a background system that with one exception is not user-facing. Therefore, if it is temporarily unavailable, for example, due to routine hardware maintenance, then most users will be unaffected. Once the system is restored, Identity Synchronization for Windows will synchronize all changes that were made while it was unavailable. The user-facing aspect is the on-demand password synchronization performed from the Directory Server Plugin to Active Directory. If on-demand password synchronization fails, then the user will not be able to log into Directory Server. Therefore, Identity Synchronization for Windows provides more availability options for this area. The Directory Server Plugin can be configured to authenticate to any Active Directory domain controller, so even if all but one Active Directory domain controller is down, on-demand password synchronization will still succeed.

Note - The Directory Server Plugins receive their configuration from the Directory Server Connector over an encrypted channel. This configuration, which includes the location of the Active Directory domain controllers and credentials, is cached in memory by the plugin, so even if the Directory Server Connector is unavailable, it will still be able to connect to Active Directory. However, if Directory Server is restarted, then the plugin's cached configuration is lost, and on-demand synchronization at that Directory Server will fail until the Directory Server Connector is available.

Depending on the size of the deployment, the failover procedure might take anywhere from minutes to over an hour to perform. Therefore, the failover procedure should not be undertaken if the Identity Synchronization for Windows outage is expected to be short and temporary, for example, during the system restart of the Identity Synchronization for Windows Core machine. Failover is recommended only in situations where Identity Synchronization for Windows must be completely re-installed or a complete idsync resync operation must be run over a large population.

For example: