| Skip Navigation Links | |
| Exit Print View | |
|
Oracle Directory Server Enterprise Edition Deployment Planning Guide 11g Release 1 (11.1.1.5.0) |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Oracle Directory Server Enterprise Edition Deployment Planning Guide 11g Release 1 (11.1.1.5.0) |
Part I Overview of Deployment Planning for Directory Server Enterprise Edition
1. Introduction to Deployment Planning for Directory Server Enterprise Edition
2. Business Analysis for Directory Server Enterprise Edition
Part II Technical Requirements
3. Usage Analysis for Directory Server Enterprise Edition
4. Defining Data Characteristics
5. Defining Service Level Agreements
6. Tuning System Characteristics and Hardware Sizing
Directory Server and Directory Proxy Server LDAP and LDAPS Port Numbers
Directory Server DSML Port Numbers
Directory Service Control Center and Common Agent Container Port Numbers
Hardware Sizing For Directory Service Control Center
Hardware Sizing For Directory Proxy Server
Configuring Worker Threads and Backend Connections
Disk Space for Directory Proxy Server
Network Connections for Directory Proxy Server
Hardware Sizing For Directory Server
Directory Server Database Page Size
Directory Server Administration Files
Directory Server Threads and File Descriptors
Simulating Client Application Load
Directory Server and Processors
Directory Server and Local Disk Space
Directory Server and Network Connectivity
Limiting Directory Server Resources Available to Clients
Limiting System Resources Used By Directory Server
Operating System Tuning For Directory Server
Operating System Version and Patch Support
System-Specific Tuning With The idsktune Command
Transmission Control Protocol (TCP) Settings
Physical Capabilities of Directory Server
Other Tips to Improve Overall Performance
For Maximum Search Rate (Searches Only)
For Maximum Modification Rate (Modifications Only)
Small, Medium, and Large Data Sets
Optimum Search Performance (Searches Only)
Optimum Modify Performance (Modifications Only)
Tuning Indexes for Performance
Basic Directory Server Sizing Example: Disk and Memory Requirements
Preparing a Directory Server Instance
Populating the Suffix With 10,000 Sample Directory Entries
Populating the Suffix With 100,000 Sample Directory Entries
Populating the Suffix With 1,000,000 Sample Directory Entries
7. Identifying Security Requirements
8. Identifying Administration and Monitoring Requirements
9. Designing a Basic Deployment
10. Designing a Scaled Deployment
11. Designing a Global Deployment
12. Designing a Highly Available Deployment
Part IV Advanced Deployment Topics
13. Using LDAP-Based Naming With Solaris
14. Deploying a Virtual Directory
At design time, select port numbers for each Directory Server and Directory Proxy Server instance. If possible, do not change port numbers after your directory service is deployed in a production environment.
Separate port numbers must be allocated for various services and components.
Directory Server and Directory Proxy Server LDAP and LDAPS Port Numbers
Directory Service Control Center and Common Agent Container Port Numbers
Specify the port number for accepting LDAP connections. The standard port for LDAP communication is 389, although other ports can be used. For example, if you must be able to start the server as a regular user, use an unprivileged port, by default 1389. Port numbers less than 1024 require privileged access. If you use a port number that is less than 1024, certain LDAP commands must be run as root.
Specify the port number for accepting SSL-based connections. The standard port for SSL-based LDAP (LDAPS) communication is 636, although other ports can be used, such as the default 1636 when running as a regular user. For example, an unprivileged port might be required so that the server can be started as a regular user.
If you specify a non-privileged port and a server instance is installed on a system to which other users have access, you might expose the port to a hijack risk by another application. In other words, another application can bind to the same address/port pair. The rogue application might then be able to process requests that are intended for the server. The application could also be used to capture passwords used in the authentication process, to alter client requests or server responses, or to produce a denial of service attack.
Both Directory Server and Directory Proxy Server allow you to restrict the list of IP addresses on which the server listens. Directory Server has configuration attributes nsslapd-listenhost and nsslapd-securelistenhost. Directory Proxy Server has listen-address properties on ldap-listener and ldaps-listener configuration objects. When you specify the list of interfaces on which to listen, other programs are prevented from using the same port numbers as your server.
In addition to processing requests in LDAP, Directory Server also responds to requests sent in the Directory Service Markup Language v2 (DSML). DSML is another way for a client to encode directory operations. Directory Server processes DSML as any other request, with the same access control and security features.
If your topology includes DSML access, identify the following:
A standard HTTP port for receiving DSML requests. The default port is 80.
If SSL is activated, an encrypted (HTTPS) port for receiving encrypted DSML requests. The default port is 443.
A relative URL that, when appended to the host and port, determines the complete URL that clients must use to send DSML requests
For information about configuring DSML, see To Enable the DSML-over-HTTP Service in Oracle Directory Server Enterprise Edition Administration Guide.
Directory Service Control Center, DSCC, is a web application that enables you to administer Directory Server and Directory Proxy Server instances through a web browser. For a server to be recognized by DSCC, the server must be registered with DSCC. Unregistered servers can still be managed using command-line utilities.
DSCC communicates with DSCC agents located on the systems where servers are installed. The DSCC agents run inside a common agent container, which routes network traffic to them and provides them a framework in which to run.
If you plan to use DSCC to administer servers in your topology, identify the following port numbers.
The encrypted HTTPS port for accessing DSCC on the system where DSCC is installed. The default port is 8080.
The management traffic port for DSCC to access its agents local to the server through the common agent container, default: 11162, on the system where the server instances are installed.
The port numbers for the DSCC Registry instance, if you plan to replicate the configuration information. See dsccsetup(1M) for details.
Even if all components are installed on the same system, DSCC still communicates with its agents through these network ports.
If your deployment includes identity synchronization with Microsoft Active Directory, an available port is required for the Message Queue instance. This port must be available on each Directory Server instance that participates in the synchronization. The default non-secure port for Message Queue is 80, and the default secure port is 443.
You must also make additional installation decisions and configuration decisions when planning your deployment. For details on installing and configuring Identity Synchronization for Windows, see Oracle Identity Synchronization for Windows 6.0 Installation and Configuration Guide.
|