Documentation Home
> Sun Java System Directory Server Enterprise Edition 6.3 Deployment Planning Guide
Sun Java System Directory Server Enterprise Edition 6.3 Deployment Planning Guide
Book Information
Index
A
B
C
D
E
F
G
H
I
J
L
M
N
P
R
S
T
V
Preface
Part I Overview of Deployment Planning for Directory Server Enterprise Edition
Chapter 1 Introduction to Deployment Planning for Directory Server Enterprise Edition
About Directory Server Enterprise Edition
Quality of Service Requirements for a Robust Directory Service
Directory Server Enterprise Edition Components and Their Capabilities
Directory Server
Directory Server and Security
Directory Server and Availability
Directory Server and Scalability
Directory Server and Serviceability
Directory Proxy Server
Directory Proxy Server and Availability
Directory Proxy Server and Security
Identity Synchronization for Windows
Directory Editor
Directory Server Resource Kit
Directory Server Enterprise Edition Components in a Deployment
About Deployment Planning
Solution Life Cycle
Chapter 2 Business Analysis for Directory Server Enterprise Edition
About Business Analysis
Defining Directory Server Enterprise Edition Business Requirements
Part II Technical Requirements
Chapter 3 Usage Analysis for Directory Server Enterprise Edition
Usage Analysis Factors
Chapter 4 Defining Data Characteristics
Determining Data Sources and Ownership
Identifying Data Sources
Determining Data Ownership
Distinguishing Between User and Configuration Data
Identifying Data From Disparate Data Sources
Structuring Data With the Directory Information Tree
DIT Terminology
Designing the DIT
Choosing a Suffix
Creating the DIT Structure and Naming Entries
Branch Points and Naming Considerations
Replication Considerations
Access Control Considerations
Grouping Directory Data and Managing Attributes
Static, Dynamic, and Nested Groups
Static Groups
Dynamic Groups
Nested Groups
Managed, Filtered, and Nested Roles
Deciding Between Groups and Roles
Advantages of the Groups Mechanism
Advantages of the Roles Mechanism
Restricting Permissions on Roles
Managing Attributes With Class of Service
Using CoS When Many Entries Share the Same Value
Using CoS When Entries Have Natural Relationships
Avoiding Excessive CoS Definitions
Designing a Directory Schema
Schema Design Process
Maintaining Data Consistency
Other Directory Data Resources
Chapter 5 Defining Service Level Agreements
Identifying System Qualities
Defining Performance Requirements
Identifying Client Applications
Determining the Number and Size of Directory Entries
Determining the Number of Reads
Determining the Number of Writes
Estimating the Acceptable Response Time
Estimating the Acceptable Replication Latency
Defining Availability Requirements
Defining Scalability Requirements
Defining Security Requirements
Defining Latent Capacity Requirements
Defining Serviceability Requirements
Chapter 6 Tuning System Characteristics and Hardware Sizing
Host System Characteristics
Port Numbers
Directory Server and Directory Proxy Server LDAP and LDAPS Port Numbers
Directory Server DSML Port Numbers
Directory Service Control Center and Common Agent Container Port Numbers
Identity Synchronization for Windows Port Numbers
Hardware Sizing For Directory Service Control Center
Hardware Sizing For Directory Proxy Server
Configuring Virtual Memory
Configuring Worker Threads and Backend Connections
Disk Space for Directory Proxy Server
Network Connections for Directory Proxy Server
Hardware Sizing For Directory Server
The Tuning Process
Making Sample Directory Data
What to Configure and Why
Directory Server Database Page Size
Directory Server Cache Sizes
Directory Server Indexes
Directory Server Administration Files
Directory Server Replication
Directory Server Threads and File Descriptors
Directory Server Growth
Top Tuning Tips
Simulating Client Application Load
Directory Server and Processors
Directory Server and Memory
Directory Server and Local Disk Space
Directory Server and Network Connectivity
Limiting Directory Server Resources Available to Clients
Limiting System Resources Used By Directory Server
Basic Directory Server Sizing Example: Disk and Memory Requirements
System Characteristics
Preparing a Directory Server Instance
Populating the Suffix With 10,000 Sample Directory Entries
Populating the Suffix With 100,000 Sample Directory Entries
Populating the Suffix With 1,000,000 Sample Directory Entries
Summary of Observations
Operating System Tuning For Directory Server
Operating System Version and Patch Support
Basic Security Checks
Accurate System Clock Time
Restart When System Reboots
System-Specific Tuning With The idsktune Command
File Descriptor Settings
Transmission Control Protocol (TCP) Settings
Inactive Connections
Outgoing Connections
Retransmission Timeout
Sequence Numbers
Tuning TCP Settings on Solaris 10 Systems
Physical Capabilities of Directory Server
Chapter 7 Identifying Security Requirements
Security Threats
Overview of Security Methods
Determining Authentication Methods
Anonymous Access
Simple Password Authentication
Simple Password Authentication Over a Secure Connection
Certificate-Based Client Authentication
SASL-Based Client Authentication
Preventing Authentication by Account Inactivation
Preventing Authentication by Using Global Account Lockout
External Authentication Mappings and Services
Proxy Authorization
Designing Password Policies
Password Policy Options
Password Policies in a Replicated Environment
Password Policy Migration
Password Synchronization With Windows
Determining Encryption Methods
Securing Connections With SSL
Encrypting Stored Attributes
What Is Attribute Encryption?
Attribute Encryption Implementation
Attribute Encryption and Performance
Designing Access Control With ACIs
Default ACIs
ACI Scope
Obtaining Effective Rights Information
Tips on Using ACIs
Designing Access Control With Connection Rules
Designing Access Control With Directory Proxy Server
How Connection Handlers Work
Grouping Entries Securely
Using Roles Securely
Using CoS Securely
Using Firewalls
Running as Non-Root
Other Security Resources
Chapter 8 Identifying Administration and Monitoring Requirements
Directory Server Enterprise Edition Administration Model
Remote Administration
Designing Backup and Restore Policies
High-Level Backup and Recovery Principles
Choosing a Backup Method
Binary Backup
Backup to LDIF
Choosing a Restoration Method
Binary Restore
Restoration From LDIF
Designing a Logging Strategy
Defining Logging Policies
Defining Log File Creation Policies
Defining Log File Deletion Policies
Manually Creating and Deleting Log Files
Defining Permissions on Log Files
Designing a Monitoring Strategy
Monitoring Tools Provided With Directory Server Enterprise Edition
Identifying Monitoring Areas
Data Administration With Directory Editor
Part III Logical Design
Chapter 9 Designing a Basic Deployment
Basic Deployment Architecture
Basic Deployment Setup
Improving Performance in a Basic Deployment
Using Indexing to Speed Up Searches
Optimizing Cache for Search Performance
All Entries and Indexes Fit Into Memory
Sufficient Memory For 32-Bit Directory Server
Insufficient Memory
Optimizing Cache for Write Performance
Chapter 10 Designing a Scaled Deployment
Using Load Balancing for Read Scalability
Using Replication for Load Balancing
Basic Replication Concepts
Master, Consumer, and Hub Replicas
Suppliers and Consumers
Multi-Master Replication
Unit of Replication
Change Log
Replication Agreement
Replication Priority
Assessing Initial Replication Requirements
To Determine Initial Replication Requirements
Load Balancing With Multi-Master Replication in a Single Data Center
Load Balancing With Replication in Large Deployments
Using Server Groups to Simplify Multi-Master Topologies
Using Directory Proxy Server for Load Balancing
Using Distribution for Write Scalability
Using Multiple Databases
Using Directory Proxy Server for Distribution
Routing Based on the DIT
Routing Based on a Custom Algorithm
Using Directory Proxy Server to Distribute Requests Based on Bind DN
Distributing Data Lower Down in a DIT
Logical View of Distributed Data
Physical View of Data Storage
Directory Server Configuration for Sample Distribution Scenario
Directory Proxy Server Configuration for Sample Distribution Scenario
Considerations for Data Growth
Using Referrals For Distribution
Using Directory Proxy Server With Referrals
Chapter 11 Designing a Global Deployment
Using Replication Across Multiple Data Centers
Using Multi-Master Replication Over a WAN
Group and Window Mechanisms
Replication Compression
Using Fractional Replication
Using Prioritized Replication
Sample Replication Strategy for an International Enterprise
Using Directory Proxy Server in a Global Deployment
Sample Distribution Strategy for a Global Enterprise
Chapter 12 Designing a Highly Available Deployment
Availability and Single Points of Failure
Mitigating SPOFs
Deciding Between Redundancy and Clustering
Advantages and Disadvantages of Redundancy
Advantages and Disadvantages of Clustering
How Redundancy and Clustering Handle SPOFs
Redundancy at the Hardware Level
Redundancy at the Software Level
Using Replication and Redundancy for High Availability
Using Redundant Replication Agreements
Promoting and Demoting Replicas
Using Directory Proxy Server as Part of a Redundant Solution
Using Application Isolation for High Availability
Sample Topologies Using Redundancy for High Availability
Using Replication for Availability in a Single Data Center
Single Data Center Failure Matrix
Single Data Center Recovery Procedure
To Recover on Failure of One Component
Using Replication for Availability Across Two Data Centers
Using Multiple Directory Proxy Servers
Using Application Isolation
Using Clustering for High Availability
Hardware Redundancy
Monitoring in a Clustered Solution
System Maintenance
Directory Server Failover Data Service
Disaster Recovery
Recovery in the Event of Application Failure
Recovery in the Event of Server Failure
Part IV Advanced Deployment Topics
Chapter 13 Using LDAP-Based Naming With Solaris
Why Use an LDAP-Based Naming Service?
Migrating From NIS to LDAP
Migrating From NIS+ to LDAP
Chapter 14 Deploying a Virtual Directory
When to Use a Virtual Directory
Typical Virtual Directory Scenarios
Connecting User Identities From Different Data Sources
Merging New Corporate Data Into an Existing Directory Structure
Chapter 15 Designing a Deployment With Synchronized Data
Identity Synchronization for Windows Deployment Considerations
© 2010, Oracle Corporation and/or its affiliates