Chapter 1 Before You Install

Before installing Directory Server Enterprise Edition software in a production environment, obtain the plans for deployment that were created with the help of Sun Java System Directory Server Enterprise Edition 6.1 Deployment Planning Guide. With the plans in hand, read this section to gauge how to approach installation for your deployment.

This chapter includes the following sections.

• The Administration Framework and Installation briefly covers administration framework concepts that are key for installation in a production environment.

• Comparison of Single System And Distributed Installation compares and contrasts installations that involve a single host system with installations that involve multiple systems.

• Directory Server Enterprise Edition Software Distributions compares the different Directory Server Enterprise Edition software distributions available.

• Installation in Solaris Zones addresses what to consider when installing Directory Server Enterprise Edition in a Solaris zone.

• Installation Procedure Quick Reference provides you with the complete information on what you require to install or upgrade to Directory Server Enterprise Edition 6.1.

The Administration Framework and Installation

This section highlights key aspects of the administration framework you must understand before installing server software in a production environment. This section does not address the developer and performance tuning tools provided with Directory Server Resource Kit. You can install such tools independently of the administration framework.

Before you read this section, read Directory Server Enterprise Edition Administration Model in Sun Java System Directory Server Enterprise Edition 6.1 Deployment Planning Guide. In particular, consider the figure in that section which shows the network traffic flows. The figure shows network traffic flows between the configuration management tools, Directory Service Control Center (DSCC), dsconf(1M), and dpconf(1M), the local administration agents, and servers. The figure also shows communication between the local agents, the local command line tools, dsadm(1M) and dpadm(1M), and the servers that you manage.

Notice the command line management and monitoring tools, dsconf(1M) and dpconf(1M), require only LDAP access to the servers that you manage. LDAP traffic typically flows through the default ports, 389 for LDAP and 636 for secure LDAP using SSL. When you create servers as a non-root user, the default ports are 1389 for LDAP, and 1636 for secure LDAP using SSL.

By convention, only root can install software using reserved port numbers less than 1024. Solaris systems allow the administrator to permit non-root users to use privileged ports, using role-based access control (RBAC).

DSCC is a web application that runs in the following modes.

• Inside the Sun Java Web Console framework when installed using the native packages distribution.

• Using the Web Archive (WAR) file that is stored on your system during the Directory Server Enterprise Edition installation. The WAR file is further deployed with application server.

You typically install DSCC on only one system in your deployment. You then manage all your servers from that installation of DSCC. You access DSCC through a browser by going to the URL, which by default is https://hostname:6789, http://hostname:8080, or https://hostname:8181 based on the software distribution you use to install Directory Server Enterprise Edition and the configuration of the application server in case of installation using the zip distribution.

DSCC requires LDAP access to the servers for online management operations. DSCC also requires Java Management Extension (JMX) access to agents installed alongside the servers. The agents perform server process management operations on behalf of DSCC, operations that cannot be performed through LDAP on a running server. You can then work through a browser to DSCC to create and to start new servers.

As part of the normal installation process, you install the local DSCC agents alongside server software. DSCC contacts the agents over the network using a specific port number. You must therefore either accept the default port number, 11162, or specify a different port number.

The agents run inside a common agent container on the server system. This common agent container provides its agents with a single external port for management applications. The common agent container also consolidates resources to save resources on systems where multiple local agents share the container. The common agent container is in fact the agent that listens for DSCC on the default port number, 11162, routing management traffic to other agents. DSCC thus communicates with local agents through the common agent container. For troubleshooting purposes, a common agent container can be managed independently using the cacaoadm command.

Figure 1–1 Ports and Protocols After Installation of Native Packages Distribution

Each time that you install Directory Server Enterprise Edition software from the zip distribution, you also install an instance of the common agent container. Therefore, when you install multiple versions in parallel on the same host system, only one version can use the default port. You can install from the zip distribution where a common agent container instance already uses the default port. You must then specify a different port number for the additional common agent container instance.

Server software installation is a three stage process.

1. Install configuration management software.

   During this stage, configuration management tools are installed. DSCC is also initialized.

   As DSCC stores its configuration data in its own, private Directory Server instance, Directory Server is installed from native packages alongside DSCC.

2. Install server software on the systems where you plan to run server instances.

   During this stage, server software, required libraries, local administration tools, and local agents are installed where server instances run.

   At the close of this stage, no servers are running. Yet, all the software is in place to allow you to set up directory services.

3. Create and configure server instances on the systems.

   During this stage, Directory Server and Directory Proxy Server instances are created. Instances are created either through a web browser with DSCC, or with the local administration tools that are installed alongside the server software. Server instances are then configured either through Directory Service Control Center or through the configuration management command line tools.

The first two stages are combined when you install everything on a single host system. DSCC nevertheless uses the local agents to perform certain operations on the servers. Thus, the local agents must still be installed in a local common agent container.

In the zip distribution, the WAR file that is used to configure DSCC is copied on your system during the second stage. No installation or initialization of the WAR file is done during the first stage. The WAR file is further deployed with the supported application server to configure DSCC.

Comparison of Single System And Distributed Installation

This section compares and contrasts single host system installations with installations that involve multiple systems.

This section explains the outcomes of two basic choices about your installation.

1. The choice whether to install DSCC and configuration management tools on the same host as the servers that you manage. Alternatively, you can install the tools on a different host from the servers that you manage remotely.

2. The choice whether to create multiple server instances on the same host, or create each server instance on a different host.

Where You Install Directory Service Control Center

Installing DSCC on the same host as the servers that you manage provides a quick and simple solution for evaluation and development. This solution is not recommended for production installations where you rely on redundant systems and on server replica to provide high availability.

When you install DSCC you also install Directory Server software. DSCC uses its own private instance of Directory Server to store configuration information. If you also install the local agent for Directory Server alongside DSCC, you can create Directory Server instances on the system through a web browser to DSCC. You can do so without having to know additional host names and port numbers.

You can install DSCC on a different host from the servers you manage remotely. This solution is recommended for production installations where you rely on redundant systems and on server replica to provide high availability.

Figure 1–2 Administration Host and Server Host on Different Systems

When you install DSCC on the administration host, you must be root. However, you can then use DSCC installed on the administration host to manage server hosts installed as non-root.

The DSCC configured using the WAR file deployed with the supported application server installs DSCC outside of Sun Java Web Console and you need not to be root.

For example, you install DSCC on a server or even a suitable workstation outside the data center. You also install server software from the zip distribution on server hosts inside the data center, performing such installations as non-root. Over secure LDAP and JMX, you can then create, configure, and manage all your servers through a web browser to DSCC on the administration host.

Where You Create Server Instances

For production installations, you rely on redundant systems, load balancing, failover capabilities, and server replica to provide high availability. You therefore typically create servers on multiple host systems. Yet, more powerful host systems might each house multiple server instances.

When you create multiple server instances on a single host system, only one server instance can listen on the default ports. As long as you install Directory Server Enterprise Edition software only once, multiple server instances can share the same common agent container.

When you install multiple Directory Server Enterprise Edition versions on a system, each version comes with its own common agent container. Only one of those common agent containers can listen on the default port for JMX management traffic.

Directory Server Enterprise Edition Software Distributions

This section compares the different Directory Server Enterprise Edition software distributions available.

• Java Enterprise System Distribution introduces the native package distribution that is provided as part of Sun Java Enterprise System.

  You install software from the Java Enterprise System distribution with the Java Enterprise System installer.

  The Java Enterprise System installer installs Directory Server Enterprise Edition 6.0. You need to upgrade to Directory Server Enterprise Edition 6.1 using the native package distribution that is provided separately from Java Enterprise System distribution for this version. For more information on native package distribution for Directory Server Enterprise Edition 6.1, see To Upgrade to Directory Server Enterprise Edition 6.1 Using Native Packages.

• Zip Distribution introduces the zip distribution, which supports non-root installations.

• Comparison of Distributions summarizes the software that is provided in each distribution.

Figure 1–3 The Two Software Distributions

Java Enterprise System Distribution

This section introduces the Java Enterprise System distribution, which comes with the Java ES installer.

The Java ES installer offers a graphical wizard, a command-line interactive wizard, and also silent installation capabilities to add natively packaged software to your system. As this distribution is based on native packages, you must be root to perform the installation with the Java ES installer.

All Java ES software can work together, relying on a common framework of basic components and of libraries. You can therefore install all of the software products together on a single system if you choose to do so.

The Java ES installation software also facilitates patching, and migration from previous Java ES versions, including upgrade of common components. Furthermore, the software that you install integrates with the system, so you can configure directory services to restart automatically when the operating system reboots. With a native package based installation, you benefit from the package versioning and patching tools that are part of the operating system.

This guide does not describe all installation alternatives available using the Java ES installer. This guide does, however, address the key Java ES installer wizard screens related to Directory Server Enterprise Edition 6.0 software installation. For detailed instructions on using all features of the Java ES installer, see the Java Enterprise System documentation at http://docs.sun.com/coll/1286.2.

After you install the Java Enterprise System distribution, you must apply the patches for Directory Server Enterprise Edition 6.1.

Zip Distribution

This section introduces the zip distribution, which provides the dsee_deploy(1M) command-line installer.

This distribution offers self-contained software that you can install anywhere on local disk where you have write permission. You can both install, and also administer zip distribution software as a non-root user.

On Windows, in order to enable remote management capabilities when installing the zip distribution, you must install either as Administrator, or as a user who belongs directly to the local Administrators group.

As zip distribution software is self-contained, each software installation performed from the zip distribution is independent. You can therefore install software from multiple zip distribution versions on the same system. Your system administrator must manually configure the software that you install to restart when the operating system reboots, however.

Furthermore, with the zip distribution, you must keep careful track of what you have installed, and which patches you have applied.

Comparison of Distributions

This section identifies which software is supported in each distribution.

Both distributions allow you to create and configure Directory Server and Directory Proxy Server instances as non-root.

A server instance can only be managed by one DSCC.

Identity Synchronization for Windows and Directory Editor software are bundled with the zip distribution, but are not installed using the dsee_deploy command. This guide does cover Identity Synchronization for Windows installation, however. See Part II, Installing Identity Synchronization for Windows.

This guide does not cover installation of Directory Editor software. If you plan to install Directory Editor software, then read instead the installation instructions in the Sun Java System Directory Editor 1 2005Q1 Installation and Configuration Guide.

Installation in Solaris Zones

This section addresses what to consider when installing Directory Server Enterprise Edition in a Solaris zone.

Global and full local Solaris zones present Directory Server Enterprise Edition software with complete systems. Directory Server Enterprise Edition software within a full local zone, as within the global zone, runs as if the zone were an independent physical system. The software does not share services or file locations with other zones. In global zones, and in full local zones, you therefore install as if you were on an independent system.

In sparse zones, you can install some services to be used in system-wide fashion. Single instances of Java Enterprise System common component services can therefore be used by multiple Java ES server instances. For example, Directory Server Enterprise Edition software in sparse zones can use the same Common Agent Container and Java ES Monitoring Framework installed in the global zone. You must, however, install the system-wide services before you can complete installation of sparse zone software that depends on the system-wide services.

Directory Server Enterprise Edition does not, however, require you to use system-wide services when you install in a sparse zone. When you install self-contained software from the zip distribution, you also install the common component services in the sparse zone. Therefore, zip distribution installations in sparse zones resemble installations on independent systems.

The following table outlines constraints for Directory Server Enterprise Edition installations, which pertain essentially to installations in sparse zones.

For details about installation from the Java Enterprise System distribution in sparse zones, see the Java Enterprise System documentation, http://docs.sun.com/coll/1286.2.

Installation Procedure Quick Reference

This section provides you with the complete information on what you require to install or upgrade to Directory Server Enterprise Edition 6.1.

• Native packages based distribution — Need to have Directory Server Enterprise Edition 6.0 installed on your computer before upgrading to Directory Server Enterprise Edition 6.1.

• Zip based distribution — No pre installation required.

From the following table, based on your current installation and the type of distribution you are using for installation, you can directly access the related information to install or upgrade to Directory Server Enterprise Edition 6.1.