LDAP Proxying and Virtualization Requirements vs. Capabilities



Similar documents
Chapter 2 TOPOLOGY SELECTION. SYS-ED/ Computer Education Techniques, Inc.

MOC 6436A: Designing Active Directory Infrastructure and Services in Windows Server 2008

Supporting Large-scale Deployments through Virtual Directory Technology. A White Paper by Phil Hunt Director, Product Management, OctetString, Inc.

Designing Database Solutions for Microsoft SQL Server 2012 MOC 20465

CNS Implementing NetScaler 11.0 For App and Desktop Solutions

Designing and Deploying Messaging Solutions with Microsoft Exchange Server 2010 Service Pack B; 5 days, Instructor-led

Fundamentals of Windows Server 2008 Network and Applications Infrastructure

10533A: Deploying, Configuring, and Administering Microsoft Lync Server 2010

Deployment Topologies

Creating Web Farms with Linux (Linux High Availability and Scalability)

This presentation describes the IBM Tivoli Monitoring 6.1 Firewall Implementation: KDE Gateway Component.

MCSE SYLLABUS. Exam : Managing and Maintaining a Microsoft Windows Server 2003:

Chapter 10: Scalability

Virtual Machine in Data Center Switches Huawei Virtual System

Fedora Directory Server FUDCon III London, 2005

ITKwebcollege.ADMIN-Basics Fundamentals of Microsoft Windows Server

Availability Digest. Redundant Load Balancing for High Availability July 2013

LinuxWorld Conference & Expo Server Farms and XML Web Services

Application Note. Active Directory Federation Services deployment guide

redborder IPS redborder Just common sense IPS overview Common sense

Microsoft Office Communications Server 2007 R2

Load Balancing using Pramati Web Load Balancer

Designing and Implementing a Server Infrastructure

Relational Databases in the Cloud

Cisco Application Networking Manager Version 2.0

INTRODUCTION TO FIREWALL SECURITY

Module 4. Planning and Designing Load Balancing

10533: Deploying, Configuring, and Administering Microsoft Lync Server 2010 Duration: Five Days

Microsoft Lync Server Overview

10231B: Designing a Microsoft SharePoint 2010 Infrastructure

50. DFN Betriebstagung

The following sections provide information on the features and tasks of Server Inventory:

70-662: Deploying Microsoft Exchange Server 2010

Ecomm Enterprise High Availability Solution. Ecomm Enterprise High Availability Solution (EEHAS) Page 1 of 7

High Availability Implementation for JD Edwards EnterpriseOne

IBM Global Technology Services September NAS systems scale out to meet growing storage demand.

Designing and Implementing a Server Infrastructure

Sametime 9 Meetings deployment Open Mic July 23rd 2014

Oracle Net Services for Oracle10g. An Oracle White Paper May 2005

Load Balancing for Microsoft Office Communication Server 2007 Release 2

High Availability. FortiOS Handbook v3 for FortiOS 4.0 MR3

SharePoint 2013 Logical Architecture

OpenLDAP Configuration and Tuning in the Enterprise

Blackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security

OBIEE 11g Scaleout & Clustering

70-413: Designing and Implementing a Server Infrastructure

Building a Highly Available and Scalable Web Farm

FAN An Architecture for Scalable, Service-Oriented Data Management

Hyper-V Network Virtualization Gateways - Fundamental Building Blocks of the Private Cloud

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

R3: Windows Server 2008 Administration. Course Overview. Course Outline. Course Length: 4 Day

Microsoft SharePoint 2010 Administration

Basic Administration for Citrix NetScaler 9.0

Architectural Overview

TO DEPLOY A VIRTUAL DIRECTORY TOP THREE REASONS. White Paper June Abstract

Web Application Hosting in the AWS Cloud Best Practices

High-Availability and Scalability

Oracle Data Integrator 11g New Features & OBIEE Integration. Presented by: Arun K. Chaturvedi Business Intelligence Consultant/Architect

MS 20413A: Designing and Implementing a Server Infrastructure

70-647: Windows Server Enterprise Administration

XpoLog Center Suite Data Sheet

Deploying Microsoft SharePoint Services with Stingray Traffic Manager DEPLOYMENT GUIDE

Designing a Windows Server 2008 Network Infrastructure

SINGLE COURSE. 136 Total Hours. After completing this course, students will be able to:

Injazat s Managed Services Portfolio

Managing SIP-based Applications With WAN Optimization

Creating the Conceptual Design by Gathering and Analyzing Business and Technical Requirements

Enterprise Voice and Online Services with Microsoft Lync Server 2013

Deploying, Configuring, and Administering Microsoft Lync Server 2010

RemoteApp Publishing on AWS

Module 1: Overview of Network Infrastructure Design This module describes the key components of network infrastructure design.

Load-Balanced Merak Mail Server

Implementing Microsoft Office Communications Server 2007 With Coyote Point Systems Equalizer Load Balancing

Parallels. Clustering in Virtuozzo-Based Systems

CNS-200-1I Basic Administration for Citrix NetScaler 9.0

Upgrading User-ID. Tech Note PAN-OS , Palo Alto Networks, Inc.

FioranoMQ 9. High Availability Guide

EVERYTHING LDAP. Gabriella Davis

Guide to Deploying Microsoft Exchange 2013 with Citrix NetScaler

This presentation provides an overview of the architecture of the IBM Workload Deployer product.

SonicOS Enhanced 4.0: NAT Load Balancing

Course 10533A: Deploying, Configuring, and Administering Microsoft Lync Server 2010

An Oracle White Paper July Oracle Primavera Contract Management, Business Intelligence Publisher Edition-Sizing Guide

Elastic Application Platform for Market Data Real-Time Analytics. for E-Commerce

Why Choose Integrated VPN/Firewall Solutions over Stand-alone VPNs

Routing Security Server failure detection and recovery Protocol support Redundancy

Application Note. Lync 2010 deployment guide. Document version: v1.2 Last update: 12th December 2013 Lync server: 2010 ALOHA version: 5.

20413C: Designing and Implementing a Server Infrastructure

Oracle Identity Analytics Architecture. An Oracle White Paper July 2010

Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs

Designing and Implementing a Server Infrastructure

CNS-208 Citrix NetScaler 10.5 Essentials for ACE Migration

Application Description

CDAT Overview. Remote Managing and Monitoring of SESM Applications. Remote Managing CHAPTER

Transcription:

LDAP Proxying and Virtualization Requirements vs. Capabilities GUUG 1 st Int. Conference on LDAP Cologne, 07-SEP-2007 Andre Posner, Sun Microsystems GmbH Robert Polster, Sun Microsystems GmbH

Agenda Terminology > LDAP Proxying > LDAP Virtualization / Virtual Directory LDAP Proxying & Virtualization Scenarios > Mitigation of Client Shortcomings > Request Routing and Security > Transparency During Upgrade / Migration > Consolidation of Distributed and Disparate Data Repositories LDAP Proxy Deployment > High-Available and Secured LDAP Proxy Topology > Increased WRITE Performance > Reduced Client WAN Access Conclusion

Terminology: LDAP Proxying

LDAP Proxying Characteristics Proxy acts as directory service requestor on behalf of its client(s) Proxy may alter client request and service response Additional features > Traffic Load Balancing > Service Health-Checking > Traffic rerouting and replaying BINDs in case of outages > Access control mechanisms > Data aggregation and abstraction

Terminology: LDAP Virtualization / Virtual Directory

LDAP Virtualization Characteristics Core concept: Data Views > Physical Data View > Virtual Data View > Transformation Actions > Properties > LDAP Data Views > LDIF Data Views > Join Data Views > JDBC Data Views (see next slide) Virtual Access Control > Connection Classes Virtual Schema Checking > Schema Compatibility

LDAP Virtualization JDBC Data View JDBC Tables > represent relational database tables JDBC Object Class > maps one or more JDBC Tables to an LDAP objectclass JDBC Data View > aggregates JDBC Object Classes into a single data view

LDAP Proxying & Virtualization Scenario #1: Mitigatation of Client Shortcomings

Mitigatation of Client Shortcomings Scenario: Inabilities of LDAP client applications > poor LDAP client code quality (design, concept) > clients cannot handle referrals > clients cannot share/reuse established LDAP connections > clients cannot reliably detect service failures (no timely fail-over) Remedy: A modern LDAP proxy > Automatic/transparent following of referrals > Reliable and configurable health-checking mechanisms > Automatic fail-over/-back to/from directory service instances > Connection Pooling to backend systems > Nice to have: (Partial) BER-decoding of client-originating LDAP requests for increased performance and scalability

LDAP Proxying & Virtualization Scenario #2: Request Routing and Security

Request Routing and Security Scenario: Hardware load balancer capabilities fall short > Distributed user-base on backends > Optimized directory server tuning for READ, WRITE operations > Different (LDAP) backends implement different access control mechanism Remedy: Advanced LDAP loadbalancing features > Combined data view across mutiple backends > Operation type based load-balancing > Homogeneous, fine grained access control established by directory proxy

LDAP Proxying & Virtualization Scenario #3: Transparency During Upgrade/Migration

Transparency During Upgrade / Migration Scenario: Impossibility of simultaneous migration of client and server > Missing client required attributes in LDAP backends > DIT redesign required > Different syntax between client and server for the same semantics Remedy: Introducing an abstraction layer between client and server > Constructing attributes/-values on-the-fly > Transformation of base-dns and search filters components in client requests > Transformation of object DNs in server responses > Transformation/Construction of attribute-values in server responses

LDAP Proxying & Virtualization Scenario #4: Consolidation of Distributed and Disparate Data Repositories

Consolidation of Distributed and Disparate Data Repositories Scenario: A Company Merger > Demand for an instant and unified view of any merger-relevant data > Lay of the land > Standalone suffixes > dispersed subtrees > data portioned out by distribution logic > disparate data storage technologies (directories, RDBMS, flat files) > schematic discrepancies Remedy: A Virtual Directory > Virtual Data Views per client application > Join Data Views that aggregate and transform other data views (LDAP, JDBC) > JDBC Data Views that construct and expose a volatile DIT

LDAP Proxy Deployment

LDAP Proxy Deployment High-Available and Secured LDAP Proxy Topology No real data on proxies; can easily be scaled horizontally Firewall building block controls extranet access Backend directory server accept connections from proxies only Client requests are directed to proxy server farm via LB building block; HA on IP level Multiple proxy instances to avoid SPoF Fully-meshed MM-topology ensures HA on directory server level

LDAP Proxy Deployment Increased WRITE Performance Directory proxies enable data distribution amongst involved directory server instances Distributed data is aggregated on the proxy layer Data distribution is a decisive approach to increase WRITE performance on the directory server layer

LDAP Proxy Deployment Reduced Client WAN Access Client requests are processed locally, thus reducing network overhead Local directory server instances effectively partition directory infrastructure, thus increasing performance and scalability Due to automatic following of referrals by proxies, all data appears to be local from a client perspective

Conclusion

Sun Directory Proxy Server 6 We can do it! Virtual Directory Capabilities - Virtual Directory provides a consolidated virtual view of a users identity across multiple disparate data sources - Support for both LDAP directories and databases - Ability to read and write data - Support for mapping resources into a virtual DIT - Enhanced access controls for security and availability - Operation routing and load-balancing

Q & A Your questions, please.

Thank you. Andre.Posner@Sun.COM Robert.Polster@Sun.COM