|
| Sun ONE Directory Server 5.2 Deployment Guide |
Chapter 1 Directory Server Design and Deployment Overview
Sun ONE Directory Server provides a centralized directory service for your intranet, network, and extranet information. Directory Server integrates with existing systems and acts as a centralized repository for the consolidation of employee, customer, supplier, and partner information. You can extend Directory Server to manage user profiles and preferences, as well as extranet user authentication.
An introduction to basic LDAP and directory concepts and to Sun ONE Directory Server is provided in the Sun ONE Directory Server Getting Started Guide. This chapter provides you with an overview of the directory design and deployment process, and is divided into the following sections:
Directory Design Overview
Planning your directory service before actual deployment is the most important task for ensuring the success of your directory. In the directory design phase you will gather data about your directory requirements, such as environment and data sources, users, and the applications that will use the directory. With this data, you can design a directory service that meets your requirements.
The flexibility of Sun ONE Directory Server allows you to rework your design to meet unexpected or changing requirements, even after you deploy Directory Server. That said , the more modifications you can avoid through good design, the better.
Design Process Outline
The design process is broken into six steps:
- Planning and Accessing Directory Data
Your directory will contain data, such as user names, telephone numbers, and group details. Chapter 2 "Planning and Accessing Directory Data", helps you analyze the various sources of data in your organization and understand their relationship with one another. It describes the types of data you might store in your directory, how you intend to access that data, and other tasks you need to perform to design the contents of your Directory Server.
- Designing the Schema
Directory Server is designed to support one or more directory-enabled applications. These applications have requirements of the data you store in your directory, such as format requirements. Your directory schema determines the characteristics of the data stored in your directory. Chapter 3 "Designing the Schema", introduces the standard schema shipped with Sun ONE Directory Server, describes how to customize the schema, and provides tips for maintaining consistent schema.
- Designing the Directory Tree
Once you decide what data your directory contains, you need to organize and reference that data. This is the purpose of the directory tree. In Chapter 4 "Designing the Directory Tree", the directory tree is introduced. You are guided through the design of your data hierarchy and introduced to the mechanisms that help you optimize your entry grouping and attribute management. Sample directory tree designs are also provided.
- Designing the Directory Topology
Topology design involves determining how you divide your directory tree among multiple physical Directory Servers and how these servers communicate with one another. Chapter 5 "Designing the Directory Topology," describes the general principles behind topology design, discusses using multiple databases, describes the mechanisms available for linking your distributed data together, and explains how Directory Server itself keeps track of distributed data.
- Designing the Replication Process
With replication, multiple Directory Servers maintain the same directory data to increase read performance and provide fault tolerance. Chapter 6 "Designing the Replication Process", describes how replication works, what kinds of data you can replicate, common replication scenarios, and tips for building a highly available directory service.
- Designing a Secure Directory
It is essential that you plan how to protect the data in the directory and design the other aspects of your service to meet the security requirements of your users and applications. Chapter 7 "Designing a Secure Directory," describes common security threats, provides an overview of security methods, discusses the steps in analyzing your security needs, and provides tips for designing access controls and protecting the integrity of your directory data.
- Monitoring Your Directory
Up to this point, you have concentrated on designing a directory service that addresses your requirements and is as secure as possible. However, if you cannot monitor your directory service satisfactorily, then you will not be able to either evaluate the success of your directory service deployment or follow the day-to-day directory activities. Chapter 8 "Monitoring Your Directory" discusses how to monitor your directory using SNMP, the Directory Server Console, the log files, database monitoring, and the replication monitoring tools provided with Directory Server.
Directory Deployment Overview
After you have designed your directory service, you start the deployment phase. The deployment phase consists of the following steps:
Piloting Your Directory
The first step of the deployment phase is installing a server instance as a pilot and testing whether your service can handle your user load. If the service is not adequate, adjust your design and pilot it again. Adjust your pilot design until you have a robust service that you can confidently introduce to your enterprise.
For a comprehensive overview of creating and implementing a directory pilot, refer to Understanding and Deploying LDAP Directory Services (T. Howes, M. Smith, G. Good, Macmillan Technical Publishing, 1999).
Putting Your Directory Into Production
Once you have piloted and tuned the service, you need to develop and execute a plan for taking the directory service from a pilot to production. Create a production plan that includes the following:
- An estimate of the resources you need
- A list of the tasks you must perform before installing servers
- A schedule of what needs to be accomplished and when
- A set of criteria for measuring the success of your deployment
For information on administering and maintaining your directory, refer to the Sun ONE Directory Server Administration Guide.