|   | |
| Sun Java(TM) System Directory Server 5.2 2005Q1 Technical Overview | |
Chapter 7
Directory Server ManageabilityIn the context of such a powerful product, manageability is crucial to the user and this chapter outlines what Directory Server provides in terms of product manageability. The chapter is divided into the following sections:
Server Management Console
Directory Server Console provides what users need in the context of such a powerful product, namely a user-friendly management console for performing administrative directory tasks, such as finding and adding entries, updating schema, creating and managing groups and roles, creating CoS, creating and managing access control instructions, inactivating user accounts or domains of accounts, creating replication agreements, and enabling replication. The Directory Server Administration Guide contains procedural information on how to use Directory Server Console to perform all administrative tasks you will need to perform throughout your directory deployment.
Directory Server Console also provides support for the assistive software and technologies that make software accessible to users with disabilities.
The user interface provided by Directory Server Console for managing replication serves as a good example of how user-friendly Directory Server Console can render complex configuration and management tasks. To begin with it provides the user with at a glance information about the status of replication, as each suffix node in the Console has a replication node attached to it, and in turn an icon indicating whether or not the suffix is replicated, as shown in Figure 7-1.
Figure 7-1 Replication Nodes in Directory Server Console With Their Replication Enabled and Replication Disabled Icons
When you click a replication node under a suffix in Directory Server Console, its contents provide you with different options depending on the state of the suffix as illustrated in Figure 7-2.
Figure 7-2 Replication Panel on the Directory Server Console Configuration Tab
In addition to this intuitive user interface Directory Server also provides a wizard for automatically creating replication agreements. When configuring and managing the replication topologies for large, enterprise deployments, this kind of manageability is very welcome.
Extensive Monitoring Possibilities
Another key area of manageability is the ability to monitor, because for your Directory Server to be manageable, you must be able to monitor its activity. Directory Server provides extensive monitoring possibilities and this section examines them in more detail:
Command-Line Tools
Command-line monitoring tools include operating system-specific tools to monitor performance such as disk usage, LDAP tools such as ldapsearch to collect server statistics stored in the directory, third party tools, or custom shell or Perl scripts.
Directory Server Logs
The access, audit, and error logs provided with Directory Server are a rich source of monitoring information. These logs can be monitored manually or parsed using custom scripts to extract monitoring information relevant to your deployment. For information on the scripts that can be used to access logging information, refer to the Directory Server Resource Kit Tools Reference. For information on viewing and configuring log files refer to "Monitoring Directory Server Using Log Files" in the Directory Server Administration Guide.
Directory Server Console
Directory Server Console enables you to monitor directory operations in real time, via a graphical user interface. The Console provides general server information, including a resource summary, current resource usage, connection status, and global database cache information. It also provides general database information such as the database type, status and entry cache statistics, cache information, and information relative to each index file within the database. In addition, the Console provides information relative to the connections and operations performed on each chained suffix.
Replication Discovery and Monitoring Tools
Directory Server provides replication management tools that allow you to monitor replication between servers. These tools simplify administration, particularly for complex Directory Server architectures and can help you avoid errors. In addition to these tools which are described below, new attributes have been added to the replication agreement entry to help you identify the changes that have been sent to a consumer.
The replication discovery and monitoring tools include:
insync
This tool checks if a master replica is synchronized with one or more consumer replicas, thus enabling you to manage potential conflicts between suppliers or even whole servers.
entrycmp
This tool compares a replicated entry to a copy of the entry on the consumer or master, thus enabling you to assess replication status.
repldisc
This tool depicts your complete replication topology starting from one server and building a graph all the known servers in the topology, which is particularly beneficial when dealing with complex directory deployments.
Simple Network Management Protocol (SNMP)
Directory Server supports monitoring with the Simple Network Management Protocol (SNMP). SNMP is the standard mechanism for global network control and monitoring, and enables network administrators to centralize network monitoring activity.
For a detailed description of SNMP and Directory Server's SNMP managed object support see the SNMP Monitoring section in the Directory Server Deployment Planning Guide. For information on how to set up and configure SNMP refer to "Monitoring Directory Server Using SNMP" in the Directory Server Administration Guide.