Sun Java System Identity Synchronization for Windows 6.0 Deployment Planning Guide

Global Telco Deployment Information

This section describes Global Telco's existing architecture and what the company wants to achieve in this deployment. This section also lists the Identity Synchronization for Windows features that are highlighted in this case study.

Global Telco's Existing Architecture

Global Telco, a large company with 500,000 employees world-wide, is using Sun Java System Identity Manager (Identity Manager) to support users between Active Directory, Directory Server, Oracle RDBMS, Novel NDS, and other systems. The company has two main data centers: one in the United States, and one in Europe.

The company has a single Active Directory domain ( with four domain controllers, and a Sun Java System Directory Server deployment (dc=gt,dc=com) with four preferred Directory Servers and four read-only replicas.

Directory Server Information

The Sun Java System Directory Server topology includes four preferred Directory Server and four master replicas. Directory Server is the corporate directory server used to control access to web-based applications. The directory server has a single root suffix, dc=gt,dc=com. Information about users is stored in the ou=people, dc=gt,dc=example,dc=com container with uid as the naming attribute.

All four preferred Directory Server have replication agreements with each other, but the four master replicas only have replication agreements with two of the masters.

Note –

Identity Synchronization for Windows treats hub replicas the same as read-only replicas. In many scenarios, using a hub replica is preferred to using a read-only replica because a hub can be easily promoted to a preferred Directory Server.

Figure 3–1 Data Center Information for Directory Server

Data Center Information for Directory Server

Active Directory Information

The Active Directory deployment has a single domain,, with two domain controllers located in the United States and two in Europe. The user information is stored in the standard cn=users container in Active Directory (cn=users,dc=gt,dc=com).

The Active Directory samaccountname attribute value matches the Directory Server uid attribute. The Active Directory domain controller with the PDC FSMO role is located in the United States office.

Figure 3–2 Data Center Information for Active Directory

Data Center Information for Active Directory

Note –

Both and are bridgehead servers that control replication between the two sites.

Global Telco's Technical Requirements

Global Telco wants to achieve the following:

Identity Synchronization for Windows Features in This Case Study

The following Identity Synchronization for Windows features are used in this case study: