Before installing Directory Server Enterprise Edition software in a production environment, obtain the plans for deployment that were created with the help of Sun Java System Directory Server Enterprise Edition 6.0 Deployment Planning Guide. With the plans in hand, read this section to gauge how to approach installation for your deployment.
This chapter includes the following sections.
The Administration Framework and Installation briefly covers administration framework concepts that are key for installation in a production environment.
Comparison of Single System And Distributed Installation compares and contrasts installations that involve a single host system with installations that involve multiple systems.
This section highlights key aspects of the administration framework you must understand before installing server software in a production environment. This section does not address the developer and performance tuning tools provided with Directory Server Resource Kit. You can install such tools independently of the administration framework.
Before you read this section, read Directory Server Enterprise Edition Administration Model in Sun Java System Directory Server Enterprise Edition 6.0 Deployment Planning Guide. In particular, consider the figure in that section which shows the network traffic flows. The figure shows network traffic flows between the configuration management tools, Directory Service Control Center (DSCC), dsconf(1M), and dpconf(1M), the local administration agents, and servers. The figure also shows communication between the local agents, the local command line tools, dsadm(1M) and dpadm(1M), and the servers that you manage.
Notice the command line management and monitoring tools, dsconf(1M) and dpconf(1M), require only LDAP access to the servers that you manage. LDAP traffic typically flows through the default ports, 389 for LDAP and 636 for secure LDAP using SSL. When you create servers as a non-root user, the default ports are 1389 for LDAP, and 1636 for secure LDAP using SSL.
By convention, only root can install software using reserved port numbers less than 1024. Solaris systems allow the administrator to permit non-root users to use privileged ports, using role-based access control (RBAC).
DSCC is a web application. DSCC runs inside the framework known as Sun Java Web Console. You typically install DSCC on only one system in your deployment. You then manage all your servers from that installation of DSCC. You access DSCC through a browser by going to the secure Java Web Console URL, which by default is https://hostname:6789.
DSCC requires LDAP access to the servers for online management operations. DSCC also requires Java Management Extension (JMX) access to agents installed alongside the servers. The agents perform server process management operations on behalf of DSCC, operations that cannot be performed through LDAP on a running server. You can then work through a browser to DSCC to create and to start new servers.
As part of the normal installation process, you install the local DSCC agents alongside server software. DSCC contacts the agents over the network using a specific port number. You must therefore either accept the default port number, 11162, or specify a different port number.
The agents run inside a common agent container on the server system. This common agent container provides its agents with a single external port for management applications. The common agent container also consolidates resources to save resources on systems where multiple local agents share the container. The common agent container is in fact the agent that listens for DSCC on the default port number, 11162, routing management traffic to other agents. DSCC thus communicates with local agents through the common agent container. For troubleshooting purposes, a common agent container can be managed independently using the cacaoadm command.
Each time that you install Directory Server Enterprise Edition software from the zip distribution, you also install an instance of the common agent container. Therefore, when you install multiple versions in parallel on the same host system, only one version can use the default port. You can install from the zip distribution where a common agent container instance already uses the default port. You must then specify a different port number for the additional common agent container instance.
Server software installation is a three stage process.
Install configuration management software.
During this stage, configuration management tools are installed. DSCC is also initialized.
As DSCC stores its configuration data in its own, private Directory Server instance, Directory Server is installed from native packages alongside DSCC.
Install server software on the systems where you plan to run server instances.
During this stage, server software, required libraries, local administration tools, and local agents are installed where server instances run.
At the close of this stage, no servers are running. Yet, all the software is in place to allow you to set up directory services.
Create and configure server instances on the systems.
During this stage, Directory Server and Directory Proxy Server instances are created. Instances are created either through a web browser with DSCC, or with the local administration tools that are installed alongside the server software. Server instances are then configured either through Directory Service Control Center or through the configuration management command line tools.
The first two stages are combined when you install everything on a single host system. DSCC nevertheless uses the local agents to perform certain operations on the servers. Thus, the local agents must still be installed in a local common agent container.
This section compares and contrasts single host system installations with installations that involve multiple systems.
This section explains the outcomes of two basic choices about your installation.
The choice whether to install DSCC and configuration management tools on the same host as the servers that you manage. Alternatively, you can install the tools on a different host from the servers that you manage remotely.
The choice whether to create multiple server instances on the same host, or create each server instance on a different host.
Installing DSCC on the same host as the servers that you manage provides a quick and simple solution for evaluation and development. This solution is not recommended for production installations where you rely on redundant systems and on server replica to provide high availability.
When you install DSCC you also install Directory Server software. DSCC uses its own private instance of Directory Server to store configuration information. If you also install the local agent for Directory Server alongside DSCC, you can create Directory Server instances on the system through a web browser to DSCC. You can do so without having to know additional host names and port numbers.
You can install DSCC on a different host from the servers you manage remotely. This solution is recommended for production installations where you rely on redundant systems and on server replica to provide high availability.
When you install DSCC on the administration host, you must be root. However, you can then use DSCC installed on the administration host to manage server hosts installed as non-root.
For example, you install DSCC on a server or even a suitable workstation outside the data center. You also install server software from the zip distribution on server hosts inside the data center, performing such installations as non-root. Over secure LDAP and JMX, you can then create, configure, and manage all your servers through a web browser to DSCC on the administration host.
For production installations, you rely on redundant systems, load balancing, failover capabilities, and server replica to provide high availability. You therefore typically create servers on multiple host systems. Yet, more powerful host systems might each house multiple server instances.
When you create multiple server instances on a single host system, only one server instance can listen on the default ports. As long as you install Directory Server Enterprise Edition software only once, multiple server instances can share the same common agent container.
When you install multiple Directory Server Enterprise Edition versions on a system, each version comes with its own common agent container. Only one of those common agent containers can listen on the default port for JMX management traffic.