test

Sun Java System Directory Server Enterprise Edition 6.2 Installation Guide

Chapter 1 Before You Install

Before installing Directory Server Enterprise Edition software in a production environment, obtain the plans for deployment that were created with the help of Sun Java System Directory Server Enterprise Edition 6.2 Deployment Planning Guide. With the plans in hand, read this section to gauge how to approach installation for your deployment.

This chapter includes the following sections.

The Administration Framework and Installation

This section highlights key aspects of the administration framework you must understand before installing server software in a production environment. This section does not address the developer and performance tuning tools provided with Directory Server Resource Kit. You can install such tools independently of the administration framework.

Before you read this section, read Directory Server Enterprise Edition Administration Model in Sun Java System Directory Server Enterprise Edition 6.2 Deployment Planning Guide. Consider the following figure which shows how the network traffic flows. The figure shows network traffic flows between the configuration management tools, DSCC, dsconf(1M), and dpconf(1M), the local administration agents, and servers. The figure also shows communication between the local agents, the local command line tools, dsadm(1M) and dpadm(1M), and the servers that you manage.

Administration framework and installation model

Notice the command line management and monitoring tools, dsconf(1M) and dpconf(1M), require only LDAP access to the servers that you manage. LDAP traffic typically flows through the default ports, 389 for LDAP and 636 for secure LDAP using SSL. When you create servers as a non-root user, the default ports are 1389 for LDAP, and 1636 for secure LDAP using SSL.

By convention, only root can install software using reserved port numbers less than 1024. Solaris systems allow the administrator to permit non-root users to use privileged ports, using role-based access control (RBAC).

DSCC is a web application that runs in the following modes:

You typically install DSCC on only one system in your deployment. You then manage all your servers from that installation of DSCC. You access DSCC through a browser using the URL, https://hostname:6789, http://hostname:8080, or https://hostname:8181 based on the software distribution you use to install Directory Server Enterprise Edition and the configuration of the application server in case of installation using the zip distribution.

DSCC requires LDAP access to the servers for online management operations. DSCC also requires Java Management Extension (JMX) access to agents installed alongside the servers. The agents perform server process management operations on behalf of DSCC, that cannot be performed through LDAP on a running server. You can use DSCC to create and to start new servers.

As part of the normal installation process, you install the local DSCC agents alongside server software. DSCC contacts the agents over the network using a specific port number. You must therefore either accept the default port number, 11162, or specify a different port number.

The agents run inside a common agent container on the server system. This common agent container provides its agents with a single external port for management applications. The common agent container also consolidates resources to save resources on systems where multiple local agents share the container. The common agent container is the agent that listens for DSCC on the default port number, 11162, routing management traffic to other agents. DSCC communicates with local agents through the common agent container. For troubleshooting purposes, a common agent container can be managed independently using the cacaoadm command.

Figure 1–1 Ports and Protocols After Installation of Native Packages Distribution

This figure shows the ports used by the components of the administration framework, and the management protocol traffic going through those ports.

Each time you install Directory Server Enterprise Edition software from the zip distribution, you also install an instance of the common agent container. Therefore, when you install multiple versions in parallel on the same host system, only one version can use the default port. You cannot install from the zip distribution where a common agent container instance already uses the default port. You must then specify a different port number for the additional common agent container instance.

    Server software installation is a three stage process.

  1. Install configuration management software.

    The configuration management tools are installed and DSCC is initialized.

    As DSCC stores its configuration data in its own, private Directory Server instance, Directory Server is also installed from native packages during the DSCC installation.

  2. Install server software on the systems where you plan to run server instances.

    The server software, required libraries, local administration tools, and local agents are installed. All the software is installed to enable you to set up directory services but no servers are running at this point.

  3. Create and configure server instances on the systems.

    The Directory Server and Directory Proxy Server instances are created. Instances are created either using DSCC, or with the local administration tools that are installed alongside the server software. Server instances are then configured either through DSCC or through the configuration management command line tools.

The first two stages are combined when you install everything on a single host system. DSCC uses the local agents to perform certain operations on the servers. Thus, the local agents must be installed in a local common agent container.

In the zip distribution, the Web Archive (WAR) file that is used to configure DSCC is copied to your system during the second stage. No installation or initialization of the WAR file is done during the first stage. The WAR file is further deployed with the supported application server to configure DSCC.

Comparison of Single System And Distributed Installation

This section compares and contrasts single host system installations with installations that involve multiple systems.

    Following are the ways in which you can do the installation:

  1. To install DSCC and configuration management tools on the same host as the servers that you manage. Alternatively, you can install the tools on a different host from the servers that you manage remotely.

  2. To create multiple server instances on the same host, or create each server instance on a different host.

Where You Install Directory Service Control Center

Installing DSCC on the same host as the servers that you manage provides a quick and simple solution for evaluation and development. This solution is not recommended for production installations where you rely on redundant systems and on server replica to provide high availability.

When you install DSCC, you also install Directory Server software. DSCC uses its own private instance of Directory Server to store configuration information. If you also install the local agent for Directory Server alongside DSCC, you can create Directory Server instances on the system using DSCC. You can do so without having to know additional host names and port numbers.

You can install DSCC on a different host from the servers you manage remotely. This solution is recommended for production installations where you rely on redundant systems and on server replica to provide high availability.

Figure 1–2 Administration Host and Server Host on Different Systems After Installation of Native Packages Distribution

This figure shows DSCC installed on an administration host, accessing the server instance on a server host.

When you install DSCC on the administration host, you must be root. However, you can use DSCC installed on the administration host to manage server hosts installed as non-root.

Note –

The DSCC configured using the WAR file deployed with the supported application server installs DSCC outside of Sun Java Web Console and any non-Root user can perform this action.

For example, you install DSCC on a server or even a suitable workstation outside the data center. You also install server software from the zip distribution on server hosts inside the data center, performing such installations as non-root. Over secure LDAP and JMX, you can then create, configure, and manage all your servers through DSCC on the administration host.

Where You Create Server Instances

For production installations, you rely on redundant systems, load balancing, failover capabilities, and server replica to provide high availability. You therefore typically create servers on multiple host systems. Yet, more powerful host systems might each house multiple server instances.

When you create multiple server instances on a single host system, only one server instance can listen on the default ports. As long as you install Directory Server Enterprise Edition software only once, multiple server instances can share the same common agent container.

When you install multiple Directory Server Enterprise Edition versions on a system, each version comes with its own common agent container. Only one of those common agent containers can listen on the default port for JMX management traffic.

Directory Server Enterprise Edition Software Distributions

This section compares the different Directory Server Enterprise Edition software distributions available.

Figure 1–3 The Two Software Distributions

To install all software, get both distributions.

Java Enterprise System Distribution

This section introduces the Java Enterprise System distribution, which comes with the Java ES installer.

The Java ES installer offers a graphical wizard, a command-line interactive wizard, and also silent installation capabilities to add natively packaged software to your system. As this distribution is based on native packages, you must be root to perform the installation with the Java ES installer.

The Java ES installer provides a fresh installation of Directory Server Enterprise Edition 6.2 on Solaris and Linux. To install Directory Server Enterprise Edition 6.2 on Windows, see Installation Procedure Quick Reference. Directory Server Enterprise Edition 6.2 is not delivered on HP-UX.

All Java ES software can work together, relying on a common framework of basic components and of libraries. You can therefore install all the software products together on a single system.

The Java ES installation software also facilitates installation of shared components. The software integrates with the system, so you can configure directory services to restart automatically when the operating system reboots. With a native package based installation, you benefit from the package versioning and patching tools that are part of the operating system.

This guide does not describe all installation alternatives available using the Java ES installer. However, this guide addresses the key Java ES installer wizard screens related to Directory Server Enterprise Edition 6.2 software installation. For detailed instructions on using all features of the Java ES installer, see the Java Enterprise System documentation at http://docs.sun.com/coll/1286.3.

Native Patches

This section introduces the native patches that enable you to upgrade Directory Server Enterprise Edition 6.0 and 6.1 installations.

You must be root to do the installation using native patches. These patches are applied on the top of the existing Directory Server Enterprise Edition 6.0 or 6.1 installation. Native patches contain all the components of Directory Server Enterprise Edition as in Java Enterprise System distribution but upgrade the only components that are already installed as a part of Directory Server Enterprise Edition 6.0 or 6.1 installation. You cannot do fresh installation of any of the components in Directory Server Enterprise Edition using native patches.

You can install Directory Server Enterprise Edition 6.2 on Windows by installing native patches on the top of Directory Server Enterprise Edition 6.0 installation. The Java Enterprise System distribution does not provide fresh installation for Directory Server Enterprise Edition 6.2 on Windows.

Zip Distribution

This section introduces the zip distribution, which provides the dsee_deploy(1M) command-line installer.

This distribution offers self-contained software that you can install anywhere on local disk where you have write permission. You can both install and administer zip distribution software as a non-root user.

As zip distribution software is self-contained, each software installation performed from the zip distribution is independent. You can therefore install software from multiple zip distribution versions on the same system. Your system administrator must manually configure the software that you install to restart when the operating system reboots.

Furthermore, with the zip distribution, you must keep careful track of what you have installed, and the patches you have applied.

Comparison of Java Enterprise System Distribution and Zip Distribution

This section identifies the software supported in each distribution.

Both the Java ES and zip distributions allow you to create and configure Directory Server and Directory Proxy Server instances as non-root.

Directory Server Enterprise Edition Software Component 

Java Enterprise System Distribution 

Zip Distribution 

Directory Service Control Center 

Provided 

Provided, configurable by deploying WAR file with application server 

Directory Server 

Provided 

Provided, installable with dsee_deploy

Directory Proxy Server 

Provided 

Provided, installable with dsee_deploy

Directory Editor 

Not provided in this distribution 

Provided, but not installed with dsee_deploy

Identity Synchronization for Windows 

Not provided in this distribution 

Provided, but not installed with dsee_deploy

Directory Server Resource Kit 

Not provided in this distribution 

Provided, installed with dsee_deploy

Note –

A server instance can only be managed by one DSCC.

Identity Synchronization for Windows and Directory Editor software are bundled with the zip distribution, but are not installed using the dsee_deploy command. This guide covers Identity Synchronization for Windows installation. See Part II, Installing Identity Synchronization for Windows.

This guide does not cover installation of Directory Editor software. If you plan to install Directory Editor software, read the installation instructions in the Sun Java System Directory Editor 1 2005Q1 Installation and Configuration Guide.

Installation in Solaris Zones

This section addresses the key points to consider when installing Directory Server Enterprise Edition in a Solaris zone.

Global and full local Solaris zones present Directory Server Enterprise Edition software with complete systems. Directory Server Enterprise Edition software treats both the zones as an independent physical system. The Directory Server Enterprise Edition installation is like installing on an independent system. The software does not share services or file locations with other zones.

In sparse zones, you can install some services to be used in system-wide fashion. Single instances of Java Enterprise System common component services can therefore be used by multiple Java ES server instances. For example, Directory Server Enterprise Edition software in sparse zones can use the same Common Agent Container and Java ES Monitoring Framework installed in the global zone. You must, however, install the system-wide services before you can complete installation of sparse zone software that depends on the system-wide services.

Directory Server Enterprise Edition does not require you to use system-wide services when you install in a sparse zone. When you install self-contained software from the zip distribution, you also install the common component services in the sparse zone. Therefore, zip distribution installations in sparse zones resemble installations on independent systems.

The following table outlines constraints for Directory Server Enterprise Edition installations, which pertain essentially to installations in sparse zones.

Directory Server Enterprise Edition Software Component 

Software Distribution 

Constraints Installing in Global or Full Local Zone 

Constraints For Sparse Zone Installations 

Directory Service Control Center 

Java Enterprise System distribution 

No constraints 

First install Java Enterprise System shared components in the global zone, then install Directory Service Control Center in the sparse zone. 

Zip distribution 

No constraints 

No constraints 

Directory Server 

Java Enterprise System distribution 

No constraints 

First install Java Enterprise System shared components in the global zone, then install Directory Server in the sparse zone. 

Zip distribution 

No constraints 

No constraints 

Directory Proxy Server 

Java Enterprise System distribution 

No constraints 

First install Java Enterprise System shared components in the global zone, then install Directory Proxy Server in the sparse zone. 

Zip distribution 

No constraints 

No constraints 

Directory Editor 

Zip distribution 

No constraints 

The web application container must allow installation in the sparse zone. 

Identity Synchronization for Windows 

Zip distribution 

No constraints 

Not supported 

Directory Server Resource Kit 

Zip distribution 

No constraints 

No constraints 

For details about installation from the Java Enterprise System distribution in sparse zones, see the Java Enterprise System documentation, http://docs.sun.com/coll/1286.3.

Installation Procedure Quick Reference

This section provides you with the complete information on what you require to install or upgrade to Directory Server Enterprise Edition 6.2.

From the following table, based on your current installation and the type of distribution you are using for installation, you can directly access the related information to install or upgrade to Directory Server Enterprise Edition 6.2.

Previous Directory Server Enterprise Edition Version 

Software Distribution 

Related Information 

None or 5.x 

Native (Solaris and Linux) 

See Software Installation to install Directory Server Enterprise Edition 6.2.

In case of 5.x, you need to migrate Directory Server instances to 6.2. See Sun Java System Directory Server Enterprise Edition 6.2 Migration Guide.

None or 5.x 

Native (Windows) 

Look for the information in the following sequence: 

  1. See Sun Java System Directory Server Enterprise Edition 6.0 Installation Guide to install Directory Server Enterprise Edition 6.0.

  2. See To Upgrade Directory Server Enterprise Edition Using Native Packages to upgrade to version 6.2.

In case of 5.x, you need to migrate Directory Server instances to 6.2. See Sun Java System Directory Server Enterprise Edition 6.2 Migration Guide.

None or 5.x 

Zip 

See To Install Directory Server Enterprise Edition From Zip Distribution to install Directory Server Enterprise Edition 6.2.

Also see, Installing Directory Service Control Center From Zip Distribution

In case of 5.x, you need to migrate Directory Server instances to 6.2. See Sun Java System Directory Server Enterprise Edition 6.2 Migration Guide.

6.0 

Native 

See To Upgrade Directory Server Enterprise Edition Using Native Packages to upgrade to version 6.2.

6.0 

Zip 

See To Install Directory Server Enterprise Edition From Zip Distribution to install Directory Server Enterprise Edition 6.2.

Also see, Installing Directory Service Control Center From Zip Distribution

6.1 

Native 

See To Upgrade Directory Server Enterprise Edition Using Native Packages to upgrade to version 6.2.

6.1 

Zip 

See To Install Directory Server Enterprise Edition From Zip Distribution to install Directory Server Enterprise Edition 6.2.

Also see, Installing Directory Service Control Center From Zip Distribution