Sun Java System Directory Server Enterprise Edition 6.1 Deployment Planning Guide

Directory Server

Directory Server provides a scalable, high-performance data store for identity information. Directory Server supports the Lightweight Directory Access Protocol (LDAP) v3 and the Directory Service Markup Language (DSML) v2 natively for standards-based access. With LDAP and DSML over HTTP or SOAP (Simple Object Access Protocol), clients anywhere on a network are able to securely search and update directory data objects. Clients are also able to receive changes made by other applications and to authenticate users or applications even through firewalls.

Directory Server and Security

Directory Server provides several security features to achieve compliance with information security policies. These features ensure that only users with proper authorization have access to information.

Directory Server and Availability

Directory Server natively supports a variety of access protocols and offers a highly flexible, scalable replication environment that helps to ensure availability in distributed environments.

Directory Server replication prevents a single point of failure for applications that are using these protocols to access identity data. Directory Server supports a theoretically unlimited number of masters and read-only consumers in a replicated environment across both local and wide area networks. Special features of the replication protocol allow for optimizations when replicating data over high-latency networks. For more information, see Using Replication and Redundancy for High Availability.

On Solaris platforms, Directory Server supports clustering, a pre-packaged high availability hardware and software solution. For more information, see Using Clustering for High Availability.

Directory Server and Scalability

Directory Server provides for both vertical and horizontal growth without major deployment redesign. This level of scalability becomes increasingly critical as deployment grows.

Depending on the hardware, Directory Server can provide sustained search performance of 20,000 entries per second on a single machine and horizontal scalability to several thousand searches per second. For information about how to deploy Directory Server for read scalability, see Chapter 10, Designing a Scaled Deployment.

The requirement to store and update information constantly increases with the expansion of use across the organization. Update performance of Directory Server is close to relational database-write performance. For information about how to deploy Directory Server for write scalability, see Chapter 10, Designing a Scaled Deployment.

Directory Server provides linear CPU scalability to up to 28 CPUs for “read from cache” operations. It allows access to maximum memory capacity and delivers high performance that accommodates large directories on a single system for maximum hardware benefit.

Directory Server and Serviceability

Directory Server provides a comprehensive set of management tools for administering individual servers as well as the entire directory service.

A centralized, web-based administration console can be used to configure and manage multiple Directory Servers. The interface includes all the tools required for effective, day-to-day server administration and service from configuration to monitoring. In addition, the dsadm and dsconf command-line utilities can be used dynamically while the servers are running. These management features mean that most management operations can be performed while the directory is online, thus maximizing availability.

Management flexibility simplifies the deployment of the directory service into many different environments. The command-line utilities make remote management as easy as if the service were in a local data center.