Sun Java logo     Previous      Contents      Index      Next     

Sun logo
Sun Java System Identity Synchronization for Windows 1 2004Q3 Installation and Configuration Guide 

Appendix E  
Installation Notes for Replicated Environments

Identity Synchronization for Windows 1 2004Q3 supports synchronizing users in a single replicated suffix.

Note

This appendix summarizes procedures used to configure and secure a multimaster replication (MMR) deployment. The information is taken directly from the Sun Java System Directory Server 5 2004Q2 Administrator’s Guide — and is not Identity Synchronization for Windows-specific.

Designing and implementing an MMR deployment is complex.
Refer to the Sun Java System Directory Server 5 2004Q2 Deployment Guide to plan your deployment and the Sun Java System Directory Server 5 2004Q2 Administrator’s Guide to implement the deployment.

This appendix is organized into the following sections:

Configuring Replication

Note

In multimaster replication (MMR) environments, Identity Synchronization for Windows allows you to specify a preferred and a secondary master server for any given Sun directory source.

Directory Server version 5 2004Q2 now supports four-way MMR (where you can change the replicated database at any of the four masters). When you install the Plugin on a third or fourth master, you must select the Other host type and enter Directory Server instance’s parameters manually during Plugin installation.

The following steps assume you are replicating a single suffix. If you are replicating more than one suffix, you may configure them in parallel on each server. In other words, you may repeat each step to configure replication on multiple suffixes.

To configure any replication topology, proceed in the following order:

  1. Define a replication manager entry on all servers except single masters (or use the default replication manager on all servers.)
  2. On all servers containing a dedicated consumer replica:
    1. Create an empty suffix for the consumer replica.
    2. Enable the consumer replica on the suffix through the replication wizard.
    3. Optionally, configure the advanced replica settings.
  3. On all servers containing a hub replica, if applicable:
    1. Create an empty suffix for the hub replica.
    2. Enable the hub replica on the suffix through the replication wizard.
    3. Optionally, configure the advanced replica settings.
  4. On all servers containing a master replica:
    1. Choose or create a suffix on one of the masters that will be the master replica.
    2. Enable the master replica on the suffix through the replication wizard.
    3. Optionally, configure the advanced replica settings.
  5. Configure the replication agreements on all supplier replicas, in the following order:
    1. Between masters in a multimaster set.
    2. Between masters and their dedicated consumers.
    3. Between masters and hub replicas.

      4. Optionally, you can configure fractional replication at this stage.

  6. Configure replication agreements between the hub replicas and their consumers.
  7. For multimaster replication, initialize all masters from the same master replica containing the original copy of the data. Initialize the hub and consumer replicas.

Configuring Replication Over SSL

Note

In this procedure, all references are chapters in the Sun Java System Directory Server 5 2004Q2 Administration Guide.

To configure Directory Servers involved in replication so that all replication operations occur over an SSL connection, complete the following steps:

  1. Configure both the supplier and consumer servers to use SSL.

    2. Refer to Chapter 11, “Managing Authentication and Encryption” for details.

    Note

    • Replication over SSL will fail if the supplier server certificate is an SSL server-only certificate that cannot act as a client during an SSL handshake.
    • Replication over SSL is currently unsupported with self-signed certificates.

  2. If replication is not configured for the suffix on the consumer server, enable it as described in Chapter 8, “Enabling a Consumer Replica.”
  3. Follow the procedure in Chapter 8, “Advanced Consumer Configuration,” to define the DN of the certificate entry on the consumer as another replication manager.
  4. If replication is not configured for the suffix on the supplier server, enable it as described in Chapter 8, “Enabling a Hub Replica” or “Enabling a Master Replica.”
  5. On the supplier server, create a new replication agreement to send updates to the consumer on the secure SSL port. Follow the procedure in Chapter 8, “Creating Replication Agreements,” for detailed instructions. Specify a secure port on the consumer server and select the SSL option of either using a password or a certificate. Enter a DN for the SSL option that you chose, either a replication manager or a certificate.

After you finish configuring the replication agreement, the supplier will send all replication update messages to the consumer over SSL and will use certificates if you chose that option. Customer initialization will also use a secure connection if performed through the console using an agreement configure for SSL.

Configuring Identity Synchronization for Windows in an MMR Environment

The following procedure summarizes the steps for configuring Identity Synchronization for Windows in an MMR Environment — detailed instructions are provided in other sections of this publication.

  1. From the Identity Synchronization for Windows Console, specify a preferred and secondary Directory Server master for the suffix to be synchronized.
    (Review Creating a Sun Java System Directory Source.)

    2. You do not have to provide information about other Directory Servers in your topology.

  2. Prepare the preferred and secondary servers from the Console or using the idsync prepds command line utility. (Review Preparing the Directory Server or Using prepds.)

    3. If you use the command line utility, you should prepare both servers in a single invocation by specifying arguments for both the preferred and secondary servers.

  3. Install the Directory Server Connector for the suffix replicated between these directories. (Review Installing the Directory Server Connector.)
  4. Install the Directory Server Plugin on the preferred master, the secondary master, and every other Directory Server instance that manages users in the replicated suffix. (Review Installing Directory Server Plugins.)


Previous      Contents      Index      Next     

Part No: 817-6199-05.   Copyright 2004 Sun Microsystems, Inc. All rights reserved.