Sun Directory Server Enterprise Edition 7.0 Release Notes

Chapter 3 Installation Notes

This chapter tells you where to download Directory Server Enterprise Edition software, and lists primary installation requirements.

This chapter includes the following sections:

Refer to the Sun Directory Services blog for the most current information about the Directory product line.

Support Services and Licenses

Before you start with the product installation, make sure you read the support and licensing information thoroughly.

Support Services

Sun Software Service Standard, Premium and Premium Plus plan offerings are available for Sun Directory Server Enterprise Edition and can be purchased either through a Sun sales representative, an authorized Sun reseller, or online at http://www.sun.com/sales/index.jsp. These service plans include telephone and online technical support, on-demand software updates, online system administration resources, support notification services and one-stop interoperability assistance (Premium and Premium Plus plans only). In addition, the Premium Plus plan features a customer advocate and a customer-focused support team.

For complete feature set information, visit: http://www.sun.com/service/serviceplans/software/overview.xml

You may access the service lists describing all Sun service program offerings at: http://www.sun.com/servicelist

Licenses for Directory Server Enterprise Edition Managed Entries

Licenses are provided based on the number of entries you plan to manage using Directory Server Enterprise Edition. After a license is provided, you can replicate the entries as many times as required to get maximum flexibility out of your directory implementation. The only condition is that you do not change any of the replicated entries and store all of the replicated entries on the same operating system. If the replicated entries are stored on any other operating system, you must purchase a license for those entries.

Solaris licences up to version Solaris 10 update 5, provided 200,000 free entries for Directory Server. In this case, the licences covered only the core directory server component, not the other Directory Server Enterprise Edition components. You can still purchase an upgrade from core directory server component to full Directory Server Enterprise Edition. To get support for those 200,000 Directory Server entries, a Software Service Plan for Directory Server must be purchased. The Solaris Service Plan does not cover those entries.

You can review the latest license for a given version of a product before downloading it from http://www.sun.com/software/products/directory_srvr_ee/get.jsp.

Getting the Software

You can download Sun Directory Server Enterprise Edition 7.0 software from the following location.

http://www.sun.com/software/products/directory_srvr_ee/get.jsp

The download page serves as a starting point to direct you to the proper downloads depending on the distribution type you need to download. Directory Server Enterprise Edition 7.0 is available in the following distributions.

Native package distribution (for Solaris only)
Zip distribution (for all platforms)

Note –

Before you install Sun Java System Identity Synchronization for Windows version 6.0, you must read the Technical Note. This Technical Note provides additional installation instructions to install Identity Synchronization for Windows for Directory Server Enterprise Edition 7.0.

Sun Java System Identity Synchronization for Windows version 6.0 is not bundled with the Sun Directory Server Enterprise Edition 7.0 distribution. You can download the Identity Synchronization for Windows software from http://www.sun.com/software/products/directory_srvr_ee/get.jsp.

Hardware Requirements

This section covers hardware requirements for Directory Server Enterprise Edition software.

Directory Server Enterprise Edition Hardware Requirements

Directory Server Enterprise Edition software requires the following hardware.

Component	Platform Requirement
RAM	1-2 GB for evaluation purposes Minimum 4 GB for production servers
Local disk space	400 MB disk space for binaries. By default, binaries installed from native packages are placed in `/opt` on UNIX® systems. For evaluation purposes, an additional 2 GB local disk space for server software might be sufficient. If you are using Directory Server, consider that entries stored in Directory Server use local disk space. Directory Server does not support logs and databases installed on NFS-mounted file systems. Sufficient space should be provided for the database on a local file system in, for example, `/var/opt` or `/local`. For a typical production deployment with a maximum of 250,000 entries and no binary attributes such as photos, 4 GB might be sufficient. Directory Server may use more than 1.2 GB of disk space for its log files. This should be taken into account that 4 GB storage space is only for the databases, not the logs. Directory Server supports SAN disk storage. Before using SAN disk, you need to understand the layout and the design of the disk because the write performance of the system is affected if many applications simultaneously access data from the same disk. Directory Proxy Server does not support installation on NFS-mounted file systems. Sufficient space should be provided for the instance, and for all files used by the instance on a local file system in, for example, `/var/opt` or `/local`. Directory Proxy Server can use more than 1.2 GB of disk space for its log files.

Component

Platform Requirement

RAM

1-2 GB for evaluation purposes

Minimum 4 GB for production servers

Local disk space

400 MB disk space for binaries. By default, binaries installed from native packages are placed in /opt on UNIX® systems. For evaluation purposes, an additional 2 GB local disk space for server software might be sufficient.

If you are using Directory Server, consider that entries stored in Directory Server use local disk space. Directory Server does not support logs and databases installed on NFS-mounted file systems. Sufficient space should be provided for the database on a local file system in, for example, /var/opt or /local. For a typical production deployment with a maximum of 250,000 entries and no binary attributes such as photos, 4 GB might be sufficient.

Directory Server may use more than 1.2 GB of disk space for its log files. This should be taken into account that 4 GB storage space is only for the databases, not the logs.

Directory Server supports SAN disk storage. Before using SAN disk, you need to understand the layout and the design of the disk because the write performance of the system is affected if many applications simultaneously access data from the same disk.

Directory Proxy Server does not support installation on NFS-mounted file systems. Sufficient space should be provided for the instance, and for all files used by the instance on a local file system in, for example, /var/opt or /local.

Directory Proxy Server can use more than 1.2 GB of disk space for its log files.

Identity Synchronization for Windows Hardware Requirements

Identity Synchronization for Windows software requires the following hardware.

Component	Platform Requirement
RAM	512 MB for evaluation purposes wherever components are installed. More memory is preferred.
Local disk space	400 MB disk space for minimal installation alongside Directory Server.

Operating System Requirements

This section covers operating systems, patches and service packs required to support Directory Server Enterprise Edition component products.

Directory Server Enterprise Edition Operating System Requirements

The Directory Server Enterprise Edition software is validated with full installations of the operating systems listed here, not with reduced “base”, “End User”, or “core” installations. Certain operating systems require additional service packs or patches as shown in the following table.

Supported OS Versions for Directory Server Enterprise Edition	Distribution Type Supported	Additional Required Software and Comments
Solaris 10 U5 Operating System for SPARC® 64-bit and x64	Native packages and zip distribution	The recommended patch clusters available at these sites: For SPARC, the recommended patch cluster available at `http://sunsolve.sun.com/pdownload.do?target=10_Recommended.zip` For x64, the recommended patch cluster available at `http://sunsolve.sun.com/pdownload.do?target=10_x86_Recommended.zip`
Solaris 9 Operating System for SPARC 64-bit and x86	Native packages and zip distribution	The recommended patch clusters available at these sites: For SPARC, the recommended patch cluster available at `http://sunsolve.sun.com/pdownload.do?target=9_Recommended.zip` For x86, the recommended patch cluster available at `http://sunsolve.sun.com/pdownload.do?target=9_x86_Recommended.zip`
Solaris 10 U5 Trusted extension Operating System for SPARC 64-bit and x64	Native packages and zip distribution	The recommended patch clusters available at these sites: For SPARC, the recommended patch cluster available at `http://sunsolve.sun.com/pdownload.do?target=10_Recommended.zip` For x64, the recommended patch cluster available at `http://sunsolve.sun.com/pdownload.do?target=10_x86_Recommended.zip`
OpenSolaris 2009.06 Operating System for SPARC 64–bit and x64	Zip distribution	No additional patches required.
Red Hat Enterprise Linux 5 U3 Operating System for x64	Zip distribution	No additional patches required.
Red Hat Enterprise Linux 4 Enterprise Server and Advanced Server U8 Operating System for x64 and x86	Zip distribution	No additional patches required.
SuSE Linux Enterprise Server 10 U2 Operating System for x32	Zip distribution	No additional patches required.
SuSE Linux Enterprise Server 10 U2 Operating System for x64	Zip distribution	No additional patches required.
HP-UX 11iv2 PA-RISC 64–bit	Zip distribution	No additional patches required.
Microsoft Windows Server 2003 Standard Edition for x86 and x64	Zip distribution	Service Pack 2
Microsoft Windows Server 2003 Enterprise Edition for x86 and x64	Zip distribution	Service Pack 2
Microsoft Windows Server 2008 Standard Edition for x86 and x64	Zip distribution	Service Pack 1
Microsoft Windows Server 2008 Enterprise Edition for x86 and x64	Zip distribution	Service Pack 1

For all supported versions of Microsoft Windows, Directory Server and Directory Proxy Server run only in 32-bit mode, and the filesystem type must be NTFS.
Directory Server Enterprise Edition 7.0 32-bit is not supported on 64-bit platforms except Microsoft Windows.
If a new service pack or update for a supported platform is released, Directory Server Enterprise Edition 7.0 supports that.

Note that installations on SUSE Linux Enterprise Server require you to reset several Java environment variables. See Sun Directory Server Enterprise Edition 7.0 Installation Guide for more details.

Directory Server Enterprise Edition delivers Java 1.6 and supports both Java 1.5 and 1.6.

Identity Synchronization for Windows Operating System Requirements

Identity Synchronization for Windows components run on the operating system versions listed here. Certain operating systems require additional service packs or patches as shown in the following tables.

Supported OS Versions for Identity Synchronization for Windows	Additional Required Software and Comments
Solaris 10 Operating System for SPARC, x86, and AMD x64 architectures	Patches: For SPARC, the recommended patch cluster available at `http://sunsolve.sun.com/pdownload.do?target=10_Recommended.zip` For x64, the recommended patch cluster available at `http://sunsolve.sun.com/pdownload.do?target=10_x86_Recommended.zip`
Solaris 9 Operating System for SPARC and x86 architectures	Patches: For SPARC, the recommended patch cluster available at `http://sunsolve.sun.com/pdownload.do?target=9_Recommended.zip` For x86, the recommended patch cluster available at `http://sunsolve.sun.com/pdownload.do?target=9_x86_Recommended.zip`
Red Hat Enterprise Linux Advanced Server 4.0 Update 2 for x86 and AMD x64	The following compatibility libraries are recommended: `compat-gcc-32-3.2.3-47.3.i386.rpm` `compat-gcc-32-c++-3.2.3-47.3.i386.rpm` The following compatibility library is required: `compat-libstdc++-33-3.2.3-47.3.rpm` Even when running Red Hat on a 64-bit system, 32-bit system libraries are installed. These compatibility libraries are available from Red Hat media or `https://www.redhat.com/rhn/rhndetails/update/`.
Microsoft Windows 2003 Server Standard Edition	Service Pack 1
Microsoft Windows 2003 Server Enterprise Edition	Service Pack 1

Note –

Identity Synchronization for Windows is not supported on SUSE or HP-UX systems.

Software Dependency Requirements

Directory Server Enterprise Edition Software Dependency Requirements

The key software dependency requirements are as following:

Directory Server relies on the Network Security Services, NSS, layer for cryptographic algorithms. NSS has been validated to work with the Sun cryptographic framework provided on Solaris 10 systems, which supports cryptographic acceleration devices.
On Microsoft Windows systems, you must disable the pop-up blocker to make Directory Service Control Center work properly.
Directory Proxy Server will work with any LDAPv3 compliant directory servers, but it is tested only with Sun Directory Server.
On Solaris 10, rc.scripts are deprecated so commands like dsadm autostart are not supported. Instead use Solaris 10 Service Management Facility (SMF) to handle these types of requests. For example, dsadm enable-service. For more information on SMF, see the Solaris operating system documentation.

Supported Application Servers for Directory Service Control Center

The Directory Service Control Center supports the following application servers:

Sun Java System Application Server 9.1
GlassFish 2.1
Tomcat 5.5 and 6.0
Sun Java System Web Server 7.0
BEA WebLogic Server 10.0

For more information, see Appendix A, Deploying DSCC WAR File With Supported Application Servers, in Sun Directory Server Enterprise Edition 7.0 Installation Guide.

Supported JDBC Data Sources

For virtualization, Directory Proxy Server has been validated with the following JDBC data sources, using the drivers mentioned below. Though Directory Proxy Server works with all the JDBC 3 compliant drivers.

JDBC Data Source	JDBC Driver
DB2 v9	IBM DB2 JDBC Universal Driver Architecture 2.10.27
Microsoft SQL Server 2005	sqljdbc.jar 1.2.2323.101
MySQL 5.x	MySQL-AB JDBC Driver mysql-connector-java-5.0.4
Oracle 10g Database	Oracle JDBC driver 10.2.0.2.0 (See Directory Proxy Server 7.0 Limitations for more information.)
JavaDB 10.5.3.0	Apache Derby Network Client JDBC Driver 10.5.3.0

Supported Browsers for Directory Service Control Center

The following table displays the browsers for each operating system that supports Directory Service Control Center.

Operating System	Supported Browser
Solaris 10 and Solaris 9 (SPARC and x86)	Firefox 2 and 3
Red Hat Linux and SUSE Linux	Firefox 2 and 3
Windows 2003/2008	Microsoft Internet Explorer 6 and 7, and Firefox 2 and 3

Identity Synchronization for Windows and Directory Server Plug-in Requirements in a Firewall Environment

Each Directory Server plug-in must be able to reach the Directory Server connector’s server port, which was chosen when the connector was installed. Plug-ins that run in Directory Server Master replicas must be able to connect to Active Directory’s LDAP, port 389, or LDAPS, port 636. The plug-ins that run in other Directory Server replicas must be able to reach the master Directory Server LDAP and LDAPS ports.

Identity Synchronization for Windows Software Dependency Requirements

Before you can install Identity Synchronization for Windows, you must install the prerequisite Sun Java System software components, including JRE and Message Queue.

No JRE is provided with Identity Synchronization for Windows.

Identity Synchronization for Windows installer requires J2SE or JRE 1.5.0_09.
The Identity Synchronization for Windows bundle for this release includes Message Queue 3.6 with a license restricted in the context of Directory Server Enterprise Edition.

When installing Identity Synchronization for Windows, you must specify the path to the version of Message Queue to use. The Identity Synchronization for Windows installation program then installs a required broker into Message Queue, so that Identity Synchronization for Windows can use Message Queue for synchronization.

On Windows systems, Identity Synchronization for Windows supports only Message Queue 3.6. You therefore install Message Queue 3.6 provided with the Identity Synchronization for Windows bundle.

Message Queue 3.7 is, however, installed as a Java Enterprise System shared component. On Windows systems by default you can therefore end up with both Message Queue 3.6 and Message Queue 3.7 installed. If you install Java Enterprise System components alongside Identity Synchronization for Windows on a Windows system, be sure Message Queue 3.7 is not selected.

Identity Synchronization for Windows Requirements in a Firewall Environment

You can run Identity Synchronization for Windows in a firewall environment. The following sections list the server ports that you must expose through the firewall.

Message Queue Requirements

By default, Message Queue uses dynamic ports for all services except for its port mapper. To access the Message Queue broker through a firewall, the broker should use fixed ports for all services.

After installing the core, you must set the imq.<service_name>.<protocol_type>.port broker configuration properties. Specifically, you must set the imq.ssljms.tls.port option. Refer to the Message Queue documentation for more information.

Installer Requirements

The Identity Synchronization for Windows installer must be able to communicate with the Directory Server acting as the configuration directory.

If you are installing an Active Directory connector, the installer must be able to contact Active Directory’s LDAP port, 389.
If you are installing a Directory Server connector or a Directory Server plug-in (subcomponent), the installer must be able to contact the Directory Server LDAP port, default 389.

Core Component Requirements

The Message Queue, system manager, and command line interface must be able to reach the Directory Server where the Identity Synchronization for Windows configuration is stored.

Console Requirements

The Identity Synchronization for Windows console must be able to reach the following:

Active Directory over LDAP, port 389, or LDAPS, port 636
Active Directory Global Catalog over LDAP, port 3268, or LDAPS, port 3269
Each Directory Server over LDAP or LDAPS
Administration Server
Message Queue

Connector Requirements

All connectors must be able to communicate with Message Queue.

In addition, the following connector requirements must be met.

The Active Directory connector must be able to access the Active Directory Domain Controller over LDAP, port 389, or LDAPS, port 636.
The Directory Server connector must be able to access Directory Server instances over LDAP, default port 389, or LDAPS, default port 636.

Installation Privileges and Credentials

This section covers privileges or credentials required for installation of Directory Server Enterprise Edition component products.

Directory Server Enterprise Edition Privileges

When installing Directory Server Enterprise Edition from native packages based distribution on Solaris systems, you must install as root.

You can install Directory Server Enterprise Edition from the zip distribution without special privileges. See the Sun Directory Server Enterprise Edition 7.0 Installation Guide for details.

Identity Synchronization for Windows Installation Privileges and Credentials

To install Identity Synchronization for Windows, you must provide credentials for the following.

Configuration Directory Server.
Directory Server being synchronized.
Active Directory.

See Chapter 3, Installing Core, in Sun Java System Identity Synchronization for Windows 6.0 Installation and Configuration Guide for details.

In addition, you must have the following privileges to install Identity Synchronization for Windows.

On Solaris and Red Hat systems, you must install as root.
On Windows systems, you must install as Administrator.

Note –

When you enter passwords by using the text-based installer, the program automatically masks the passwords so passwords are not echoed in the clear. The text-based installer is supported on Solaris and Red Hat systems only.

Installation Notes for Identity Synchronization for Windows

Before installing fresh bits of Identity Synchronization for Windows, be sure to read Chapter 2, Preparing for Installation, in Sun Java System Identity Synchronization for Windows 6.0 Installation and Configuration Guide.

Using Windows 2003 Server and Identity Synchronization for Windows

On Windows 2003 Server, the default password policy enforces strict passwords, which is not the default password policy on Windows 2000.