Sun ONE logo      Previous      Contents      Index      Next     

Sun ONE Identity Synchronization for Windows Installation and Configuration Guide

Appendix E  
Installation Notes for Replicated Environments

This Appendix gives brief overviews of the steps required to configure and secure a Multi-master replication (MMR) deployment in the following sections:

Summary of Steps for Configuring Replication

Identity Synchronization for Windows 1.0 supports replicating a single suffix. To configure any replication topology, you should proceed in the following order:

  1. Define your replication manager entry on all servers except single masters. Or simply decide to use the default replication manager on all servers.
  2. On all servers containing a dedicated consumer replica:
    1. Create an empty suffix for the consumer replica.
    2. Enable the consumer replica on the suffix through the replication wizard.
    3. Optionally, configure the advanced replica settings.
  3. On all servers containing a hub replica, if applicable:
    1. Enable the hub replica on the suffix through the replication wizard.
    2. Optionally, configure the advanced replica settings.
  4. On all servers containing a master replica:
    1. Choose a suffix on one of the masters that will be the master replica.
    2. Enable the master replica on the suffix through the replication wizard.
    3. Optionally, configure the advanced replica settings.
  5. Configure the replication agreements on all supplier replicas, in the following order:
    1. Between masters in a multi-master set.
    2. Between masters and their dedicated consumers.
    3. Between masters and hub replicas.

      4. Optionally, you may configure fractional replication and initialize the consumer and hub replicas at this stage. In the case of multi-master replication, initialize all masters from the same master replica containing the original copy of the data.

  6. Configure replication agreements on all hub replicas supplied directly from a master. These agreements are between the hub replicas and their consumers. Optionally, you may initialize the consumer replicas at this stage. Repeat this step for every level of hubs in your cascading replication.

    7. Note

    It is very important to create and configure all replicas before you attempt to create a replication agreement. This also allows you to initialize consumer replicas immediately after you create the replication agreement. Consumer initialization is always the last stage in setting up replication.

Replication Over SSL

You can configure Directory Servers involved in replication so that all replication operations occur over an SSL connection. To do so, complete the following steps:

Note

All references in the following procedure refer to chapters in the Sun ONE Directory Server 5.2 Administrator’s Guide

  1. Configure both the supplier and consumer servers to use SSL.

    2. Refer to Chapter 11 “Implementing Security” for details.

    Note

    Replication over SSL will fail if the supplier server certificate is:

    • A self-signed certificate.
    • An SSL server-only certificate that cannot act as a client during an SSL handshake.

  2. If replication is not configured for the suffix on the consumer server, enable it as described in “Enabling a Consumer Replica”.
  3. Follow the procedure in “Advanced Consumer Configuration”, to define the DN of the certificate entry on the consumer as another replication manager.
  4. If replication is not configured for the suffix on the supplier server, enable it as described in “Enabling a Hub Replica”, or “Enabling a Master Replica”.
  5. On the supplier server, create a new replication agreement to send updates to the consumer on the secure SSL port. Follow the procedure in “Creating Replication Agreements”, for detailed instructions. Specify a secure port on the consumer server and select the SSL option of either using a password or a certificate. Enter a DN for the SSL option that you chose, either a replication manager or a certificate.

After you finish configuring the replication agreement, the supplier will send all replication update messages to the consumer over SSL and will use certificates if you chose that option. Customer initialization will also use a secure connection if performed through the console using an agreement configure for SSL.



Previous      Contents      Index      Next     

Copyright 2003 Sun Microsystems, Inc. All rights reserved.