Benefits of an Exclusive Multimaster Deployment of Oracle Directory Server Enterprise Edition

Similar documents
Veritas NetBackup and Oracle Cloud Infrastructure Object Storage ORACLE HOW TO GUIDE FEBRUARY 2018

JD Edwards EnterpriseOne Licensing

Installation Instructions: Oracle XML DB XFILES Demonstration. An Oracle White Paper: November 2011

Oracle Data Provider for.net Microsoft.NET Core and Entity Framework Core O R A C L E S T A T E M E N T O F D I R E C T I O N F E B R U A R Y

Generate Invoice and Revenue for Labor Transactions Based on Rates Defined for Project and Task

April Understanding Federated Single Sign-On (SSO) Process

Creating Custom Project Administrator Role to Review Project Performance and Analyze KPI Categories

StorageTek ACSLS Manager Software Overview and Frequently Asked Questions

Oracle CIoud Infrastructure Load Balancing Connectivity with Ravello O R A C L E W H I T E P A P E R M A R C H

October Oracle Application Express Statement of Direction

An Oracle White Paper December, 3 rd Oracle Metadata Management v New Features Overview

Transitioning from Oracle Directory Server Enterprise Edition to Oracle Unified Directory

An Oracle White Paper November Primavera Unifier Integration Overview: A Web Services Integration Approach

Overview. Implementing Fibre Channel SAN Boot with the Oracle ZFS Storage Appliance. January 2014 By Tom Hanvey; update by Peter Brouwer Version: 2.

Configuring Oracle Business Intelligence Enterprise Edition to Support Teradata Database Query Banding

Load Project Organizations Using HCM Data Loader O R A C L E P P M C L O U D S E R V I C E S S O L U T I O N O V E R V I E W A U G U S T 2018

An Oracle White Paper September Security and the Oracle Database Cloud Service

Oracle Service Registry - Oracle Enterprise Gateway Integration Guide

Best Practice Guide for Implementing VMware vcenter Site Recovery Manager 4.x with Oracle ZFS Storage Appliance

Cloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017

Technical White Paper August Recovering from Catastrophic Failures Using Data Replicator Software for Data Replication

Oracle JD Edwards EnterpriseOne Object Usage Tracking Performance Characterization Using JD Edwards EnterpriseOne Object Usage Tracking

Oracle Privileged Account Manager

Achieving High Availability with Oracle Cloud Infrastructure Ravello Service O R A C L E W H I T E P A P E R J U N E

Technical Upgrade Guidance SEA->SIA migration

Oracle Secure Backup. Getting Started. with Cloud Storage Devices O R A C L E W H I T E P A P E R F E B R U A R Y

August 6, Oracle APEX Statement of Direction

An Oracle White Paper May Oracle VM 3: Overview of Disaster Recovery Solutions

Tutorial on How to Publish an OCI Image Listing

Handling Memory Ordering in Multithreaded Applications with Oracle Solaris Studio 12 Update 2: Part 2, Memory Barriers and Memory Fences

Oracle DIVArchive Storage Plan Manager

Migration Best Practices for Oracle Access Manager 10gR3 deployments O R A C L E W H I T E P A P E R M A R C H 2015

An Oracle White Paper June Exadata Hybrid Columnar Compression (EHCC)

DATA INTEGRATION PLATFORM CLOUD. Experience Powerful Data Integration in the Cloud

An Oracle White Paper October The New Oracle Enterprise Manager Database Control 11g Release 2 Now Managing Oracle Clusterware

Oracle JD Edwards EnterpriseOne Object Usage Tracking Performance Characterization Using JD Edwards EnterpriseOne Object Usage Tracking

Repairing the Broken State of Data Protection

Automatic Receipts Reversal Processing

Leverage the Oracle Data Integration Platform Inside Azure and Amazon Cloud

RAC Database on Oracle Ravello Cloud Service O R A C L E W H I T E P A P E R A U G U S T 2017

Oracle Clusterware 18c Technical Overview O R A C L E W H I T E P A P E R F E B R U A R Y

An Oracle White Paper July Methods for Downgrading from Oracle Database 11g Release 2

An Oracle White Paper October Minimizing Planned Downtime of SAP Systems with the Virtualization Technologies in Oracle Solaris 10

CONTAINER CLOUD SERVICE. Managing Containers Easily on Oracle Public Cloud

ORACLE DATABASE LIFECYCLE MANAGEMENT PACK

MySQL CLOUD SERVICE. Propel Innovation and Time-to-Market

An Oracle White Paper October Deploying and Developing Oracle Application Express with Oracle Database 12c

Application Container Cloud

Bastion Hosts. Protected Access for Virtual Cloud Networks O R A C L E W H I T E P A P E R F E B R U A R Y

Frequently Asked Questions Oracle Content Management Integration. An Oracle White Paper June 2007

Oracle Grid Infrastructure 12c Release 2 Cluster Domains O R A C L E W H I T E P A P E R N O V E M B E R

TABLE OF CONTENTS DOCUMENT HISTORY 3

Loading User Update Requests Using HCM Data Loader

Sun Fire X4170 M2 Server Frequently Asked Questions

STORAGE CONSOLIDATION AND THE SUN ZFS STORAGE APPLIANCE

Using the Oracle Business Intelligence Publisher Memory Guard Features. August 2013

Oracle Utilities CC&B V2.3.1 and MDM V2.0.1 Integrations. Utility Reference Model Synchronize Master Data

An Oracle White Paper September, Oracle Real User Experience Insight Server Requirements

Correction Documents for Poland

An Oracle White Paper February Benefits of Using the Solaris 10 OS with Oracle Directory Server Enterprise Edition

Oracle Virtual Directory 11g Oracle Enterprise Gateway Integration Guide

Oracle Grid Infrastructure Cluster Domains O R A C L E W H I T E P A P E R F E B R U A R Y

NOSQL DATABASE CLOUD SERVICE. Flexible Data Models. Zero Administration. Automatic Scaling.

Siebel CRM Applications on Oracle Ravello Cloud Service ORACLE WHITE PAPER AUGUST 2017

WebCenter Portal Task Flow Customization in 12c O R A C L E W H I T E P A P E R J U N E

Oracle Communications Interactive Session Recorder and Broadsoft Broadworks Interoperability Testing. Technical Application Note

An Oracle White Paper October Advanced Compression with Oracle Database 11g

A Distinctive View across the Continuum of Care with Oracle Healthcare Master Person Index ORACLE WHITE PAPER NOVEMBER 2015

Integrating Oracle SuperCluster Engineered Systems with a Data Center s 1 GbE and 10 GbE Networks Using Oracle Switch ES1-24

Oracle Cloud Applications. Oracle Transactional Business Intelligence BI Catalog Folder Management. Release 11+

Migrating VMs from VMware vsphere to Oracle Private Cloud Appliance O R A C L E W H I T E P A P E R O C T O B E R

Oracle Enterprise Performance Reporting Cloud. What s New in September 2016 Release (16.09)

ORACLE SNAP MANAGEMENT UTILITY FOR ORACLE DATABASE

ORACLE SERVICES FOR APPLICATION MIGRATIONS TO ORACLE HARDWARE INFRASTRUCTURES

Oracle WebLogic Portal O R A C L E S T A T EM EN T O F D I R E C T IO N F E B R U A R Y 2016

Technical White Paper August Migrating to Oracle 11g Using Data Replicator Software with Transportable Tablespaces

Oracle Fusion Middleware

Extreme Performance Platform for Real-Time Streaming Analytics

An Oracle Technical Article March Certification with Oracle Linux 4

See What's Coming in Oracle CPQ Cloud

Oracle Cloud What's New for Oracle WebCenter Portal Cloud Service

Oracle Access Manager 10g - Oracle Enterprise Gateway Integration Guide

An Oracle White Paper December Oracle Exadata Database Machine Warehouse Architectural Comparisons

PeopleSoft Fluid Navigation Standards

VIRTUALIZATION WITH THE SUN ZFS STORAGE APPLIANCE

An Oracle White Paper February Optimizing Storage for Oracle PeopleSoft Applications

Oracle Business Activity Monitoring 12c Best Practices ORACLE WHITE PAPER DECEMBER 2015

VISUAL APPLICATION CREATION AND PUBLISHING FOR ANYONE

Oracle Data Masking and Subsetting

Oracle Flashback Data Archive (FDA) O R A C L E W H I T E P A P E R M A R C H

An Oracle White Paper July Oracle WebCenter Portal: Copying a Runtime-Created Skin to a Portlet Producer

Oracle Database Vault

Oracle Enterprise Manager Ops Center. Introduction. Creating Oracle Solaris 11 Zones Guide 12c Release 1 ( )

DevOps for Oracle Forms Using Developer Cloud Service

Configuring a Single Oracle ZFS Storage Appliance into an InfiniBand Fabric with Multiple Oracle Exadata Machines

Oracle Enterprise Data Quality New Features Overview

Oracle Enterprise Manager Ops Center. Introduction. Creating Oracle Solaris 11 Zones 12c Release 2 ( )

Differentiate Your Business with Oracle PartnerNetwork. Specialized. Recognized by Oracle. Preferred by Customers.

ORACLE FABRIC MANAGER

Working with Time Zones in Oracle Business Intelligence Publisher ORACLE WHITE PAPER JULY 2014

Transcription:

An Oracle White Paper February 2012 Benefits of an Exclusive Multimaster Deployment of Oracle Directory Server Enterprise Edition

Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle s products remains at the sole discretion of Oracle.

Introduction... 1 Legacy Master Read Servicing Model... 2 Limited Number of Servers... 2 Applications Conducting Both Read and Write Operations... 2 Enhanced Directory Server Features for Write Operations... 2 Write Referral Risk and Mitigation... 3 Considerations for Directory Server Multimaster Deployments... 3 Consumer Directory Deployment Models (Read Only)... 4 Highly Secured Consumer Directory Server Model... 4 Lightweight Consumer Directory Server Model... 4 Comparison of Replication Topologies... 5 Example of an Exclusively Multimaster Replication Topology... 7 For More Information... 8

Introduction One of the significant features introduced since Sun Directory Server Enterprise Edition 6 (hereafter referred to as "Directory Server 6") is that it allows unlimited master directory servers. This document describes the benefits of deploying an exclusively multimaster topology instead of a master, consumer, and replication hub directory topology as Directory Server 5.2 customers used to do. While this document uses Directory Server 11g as example for exclusive multimaster deployments, it is applicable to any versions starting with Directory Server 6.0. Using an exclusively multimaster deployment provides the following benefits: Mitigates risk in isolating existing application write behavior Provides the greatest aggregate performance in a highly distributed and balanced model Lowers administrative burden in failover and recovery requirements Customers using Directory Server 5.x masters for read traffic typically use one or more of the models described in this document. To define read and write operations, write operational traffic is considered to be any of the following: creation of new directory objects (in a typical user model, creation of new users), object modification (password, telephone, surname changes), and object deletion (user purging). Read operational traffic is search operations (in a typical user model, authentications, authorizations, and entitlements) 1

Legacy Master Read Servicing Model Limited Number of Servers Customers can combine read and write traffic on the same physical servers. Typically, within the Directory Server 5.2 framework, this model is used to save in hardware costs. Services are potentially impacted during peak usage and maintenance. Degraded performance might occur for provisioning (write) applications during heavy read operation load and, alternatively, when heavier write demand impacts read or search availability. High availability is generally not a key business requirement in these Directory Server 5.2 models. Applications Conducting Both Read and Write Operations This model is typically used in companies when there is limited knowledge of the behavior or capabilities of their business applications. These applications might direct all operations to masters to avoid write referral requirements. Application owners might independently direct new applications to the masters without the consent of the directory owners or administrators. These applications are sometimes identified only when observing directory server read operation statistics. Bulk provisioning applications directed to the masters conduct minimal required read operations to manipulate and update target directory objects. Within this model, multiple Directory Server 5.x Directory Proxy Server instances are sometimes deployed. One or more are designated for bulk provisioning applications using weighted or failover routing. The others are designated for everything else, including random writes distributed across a balanced routing table. Enhanced Directory Server Features for Write Operations The following enhancements were introduced in Directory Server 6 (and thus in Directory Server 7 and Oracle Directory Server Enterprise Edition 11g). They are specific to write operation performance and agility, and they should be considered during the architectural definition stage. Faster write acceptance Support for unlimited master directories Increased write speed by distributing write operations Write affinity ability Enhanced replication ability and speed Support for full and partially meshed replication topologies Increased management and administration of replication 2

Operational-based routing ability Enhanced proxy routing based on availability Enhanced memory and cache management Global user lockout on failed password attempts Write Referral Risk and Mitigation Some Directory Server 5.x users experience risk related to applications and clients that are unable to effectively follow write referrals when write operations are requested from a consumer (read-only) directory server. This risk is mostly mitigated by using Oracle Directory Proxy Servers, because they can be defined to follow write referral requests on behalf of clients and applications. This transparent proxy operation is successful except for applications that do not generate the appropriate return codes. In these cases, a few options exist to mitigate risk; most involve small adjustments in the application code or the use of application environmental variables. Another mitigation that is used is to direct these specific applications and clients to master directory servers on which write referrals are not presented or required. Risk can be further mitigated by using Directory Server 11g. Directory Server 11g supports an exclusive multimaster based architecture with unlimited masters, which can avoid write referral requirements because each master has the ability to accept localized write operations. The Directory Proxy Server also has the ability to direct write operations to the master directory servers. This ability can be defined according to design preferences, so a primary master can be thought of as the target or it can be routed using a balanced or weighted definition across the master directory servers. Directory Server 5.x also supports an exclusive multimaster architecture, but it supports a maximum of four multimaster directory servers. Considerations for Directory Server Multimaster Deployments Full, exclusive use of master directory servers can be a deployment practice with Directory Server 11g. Read-only consumer directories can be deployed only to address specific business requirements. An exclusive master topology provides such high availability, increased aggregate performance advantages, and growth flexibility that read-only consumer directories might be less desirable and might be used only to fulfill specific business requirements. Replication hubs, which are frequently used in Directory Server 5.x architectures, might be less significant in Directory Server 11g deployments. Support of full and meshed replication topologies and the enhanced management of replication agreements might make replication hub components less relevant and without cost advantage. Companies can replace the replication hub architecture in their legacy deployments with an additional multimaster directory to gain 3

additional aggregate performance in a load-balanced strategy and also to provide additional unattended failover redundancy within their framework. Synchronizing failed password attempts is achieved by writeable master directory servers. Consumer directory servers can be leveraged in a failed-password, retry-count model when operational routing is used to direct authentications to masters. Comparisons between an exclusive multimaster model and a master-to-consumer model are provided later in this document. Consumer Directory Deployment Models (Read Only) Fractional Replication Consumer Directory Server Model Fractionally replicated consumer directory servers provide directories that are deployed with a minimal set of user attributes in a read-only state, and these servers can be positioned in unsecured openly accessible areas (DMZs). In addition, these servers can be configured with fewer hardware requirements than the masters due to their limited data sets, potential for lower indexing and cache, and lack of a change log database. Highly Secured Consumer Directory Server Model Consumer directory servers are not capable of accepting write operations. These servers can be further protected by prohibiting indirect client or application writes by blocked write referrals when Directory Proxy Servers are used. Consistent protections can be provided in an exclusively multimaster deployment as well through options available within the Directory Proxy Servers and native directory server. A typical use case for a restricted consumer read-only topology in which writes cannot be introduced, even indirectly by referrals, might be when the authoritative source of data exists in a back-end data repository pushed to the LDAP directory. Manipulation of data is never initiated within the LDAP architecture by LDAP clients or applications. The LDAP architecture in this model is basically a consumer of changes that are made from other data sources and pushed to the LDAP directory. Lightweight Consumer Directory Server Model Consumers can be deployed in a combined master-to-consumer model consistent with the Directory Server 5.x model. There is little gained in this two-directory-server-profile model (three profiles when replication hubs are used), and it includes a loss of some of the benefits gained in an exclusively master deployment. The emphasis in a consumer model, relative to performance, is typically to reduce directory server overhead by not maintaining a localized change log database. Read-only consumer directory servers do not maintain replication synchronization change logs. 4

A master-to-consumer or multimaster-to-consumer model can include Directory Server 11g operation-based routing or write referral handling through the ODSEE 11g Directory Proxy Services. Comparison of Replication Topologies EXCLUSIVELY MULTIMASTER TOPOLOGY MULTIMASTER-TO-CONSUMER TOPOLOGY HIGH AVAILABILITY High availability is realized because all masters can be configured consistently. Any master can be used to restore or initialize another master or build an additional master. High availability is provided by redundancy within each of the server profiles, masters, consumers, and replication hubs. Greater hardware investment is typically required in definition of the different server profiles because redundancy and sustained service levels are required for each profile. AGGREGATE PERFORMANCE When all exclusive master servers are configured consistently throughout and balanced through use of the ODSEE 11g Directory Proxy Servers, aggregate performance can be realized and grown inserting additional servers without any adverse service impact. Having two or three profiles of servers, masters, and consumers, and potentially having replication hubs, and incorporating required redundancy within each of the profiles typically results in only similar servers being balanced and used for aggregate usage. There is greater likelihood that one profile or another will be less utilized, and aggregate performance potential from the whole architecture is not available. WRITE REFERRALS AND LOCALIZED WRITE OPERATIONS All masters have the ability to accept localized writes and replicate these writes to other directory servers. No write referrals are required when only masters are used. This increases the speed of the write commitment because additional operational overhead is not required. Write affinity can also be leveraged so that immediate searches after writes are fulfilled successfully. Only master directory servers are capable of accepting local writes. Consumer directories require write referral handling or operation-based routing to a master for write acceptance. Write referral handling and operation-based routing can be facilitated through the ODSEE 11g Directory Proxy Services. CHANGE LOG DATABASES Change log databases exist only on master directory servers and are used to maintain replication synchronization to peer or subordinate servers. The advantage is that all masters can be identically configured and maintain synchronization. A master server can be restored or initialized quickly from another master and maintain quick synchronization based on the use of change log databases. A small disadvantage of having local change log databases on each master is the additional server disk write I/O. This disadvantage is mitigated by Change log databases exist only on master directory servers and are used to maintain replication synchronization to peer or subordinate servers. Consumers can be promoted to masters upon a recovery requirement but this requires administrative intervention, and a consumer might require significant time to establish itself as a master or peer with other servers. Best practices do not depend on consumer promotion to master strategies. The best practice master recovery model uses an alternate multimaster in an unattended failover. Best practice deployments include a minimum of three master directory servers 5

EXCLUSIVELY MULTIMASTER TOPOLOGY MULTIMASTER-TO-CONSUMER TOPOLOGY faster directory write capabilities in Directory Server 11g and by potentially having fewer servers than in a typical redundant master, redundant consumers model (that possibly also has replication hubs) and by having fewer but higher-performance servers. for high availability of writes. Consumers without change log database write overhead consume less disk I/O. PASSWORD RETRY LOCKOUT Only writable severs (masters) are capable of maintaining and synchronizing the failed password attempts. Lockout state is replicated automatically regardless of whether the directory is a master or a consumer. Only writable servers (masters) are capable of maintaining and synchronizing the failed password attempts, so when consumers are used, administrators can direct all authentication requests to the master servers and redirect to consumers their normal search and entitlement operations. This operation-based routing is available through the Directory Server 6 Directory Proxy Server. Lockout state is replicated automatically regardless of whether the directory is a master or a consumer. BINARY BACKUP AND RESTORE Binary recovery is supported only by like servers. A master with a consistent configuration can be used to initialize or recover another master server. Any master can be used in a consistent model. Binary recovery is supported only by like servers. A master with a consistent configuration can be used to initialize or recover another master server. A consumer directory can be used only to initialize or recover another consumer directory server. HARDWARE REQUIREMENTS Fewer servers can be defined in this architecture because each master can have a consistent definition and fulfill both read and write operations. New master servers can be included in aggregate use through proxy and load balancing. Typically, more servers are used because specific servers are assigned to specific assignments. Adequate server redundancy is required for consumers and masters. REPLICATION HUB REQUIREMENTS Typically, in exclusive multimaster topologies, replication hubs are not required because flexible replication routing definitions across masters can be achieved. Replication hubs might be required in some masterto-consumer topologies to offload master replication overhead to the subordinate consumer servers. LOAD-BALANCED WRITES Performance benchmark results indicate that ODSEE 11g enhanced collision avoidance and the speed of directory writes contribute to significant gains in distributing directory writes. Customer preference will dictate this write routing strategy and decisions can be made virtually on the fly between strategies within the Directory Proxy Server. In a master-to-consumer model, only the masters accept the balanced or target writes. Not utilizing all servers as masters dictates that fewer masters are available than in an exclusive model, and this subsequently reduces the aggregate benefit realized in benchmarks distributing the write load. 6

Example of an Exclusively Multimaster Replication Topology Figure 1: Oracle Directory Server Enterprise Edition 11g Topology with two data centers 7

For More Information Here are additional resources: Oracle Directory Server Enterprise Edition web site: http://www.oracle.com/technetwork/middleware/id-mgmt/overview/index-085178.html Oracle Directory Server Enterprise Edition downloads: http://www.oracle.com/technetwork/middleware/id-mgmt/downloads/index.html Oracle Directory Server Enterprise Edition documentation: http://docs.oracle.com/cd/e20295_01/index.htm Oracle Directory Server Enterprise Edition training courses: Oracle Directory Server Enterprise Edition 11g: Maintenance and Operations Oracle Directory Server Enterprise Edition blog: http://blogs.oracle.com/directoryservices 8

Benefits of an Exclusive Multimaster Deployment of Oracle Directory Server Enterprise Edition February 2012 Author: Michael Melore Contributing Authors: Etienne Remillon, Forest Yin, Olaf Stullich Oracle Corporation World Headquarters 500 Oracle Parkway Redwood Shores, CA 94065 U.S.A. Worldwide Inquiries: Phone: +1.650.506.7000 Fax: +1.650.506.7200 oracle.com Copyright 2012, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. UNIX is a registered trademark licensed through X/Open Company, Ltd. 1010

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback