Anonymous_User Absent Member.
Absent Member.
172 views

Clustering

Hello,

I'm thinking of clustering eDirectory/IDM (engine) but instead of having
one node doing nothing I'm thinking about setting up multiple instances
of the same tree, two on each node.

It would look something like this:

Node 1:
-> Instance A [Active]
-> Instance B [Inactive]

Node 2:
-> Instance A [Inactive]
-> Instance B [Active]

By default when everything is running normally each node would be
running it's own instance and it's own IDM drivers.

In case one node fails then the working node would run both instances
until the failed node gets fixed.
So if Node 1 fails:

Node 1 (FAIL):
-> Instance A [Inactive]->Fail over to Node 2.
-> Instance B [Inactive]

Node 2:
-> Instance A [Active]
-> Instance B [Active]


Any idea if that would work?
Is this kind of setup supported?

Thanks!

Labels (1)
0 Likes
6 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Clustering

On Sat, 19 Oct 2013 13:46:07 +0000, alekz wrote:

> I'm thinking of clustering eDirectory/IDM (engine) but instead of having
> one node doing nothing I'm thinking about setting up multiple instances
> of the same tree, two on each node.


With the same tree name? That would be highly inadvisable. Apart from
confusing the clients, if you used the same server names as well, you'd
probably end up with the servers getting confused about synchronization,
even though servers from tree A would't be able to authenticate to tree B
(but they might, rather than just give up, report 672 errors trying to
authenticate to the tree).

Jim
--
Jim Henderson, CNA6, CDE, CNI, LPIC-1, CLA10, CLP10
Novell/SUSE/NetIQ Knowledge Partner
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Clustering

On Sat, 19 Oct 2013 18:34:15 +0000, Jim Henderson wrote:

> On Sat, 19 Oct 2013 13:46:07 +0000, alekz wrote:
>
>> I'm thinking of clustering eDirectory/IDM (engine) but instead of
>> having one node doing nothing I'm thinking about setting up multiple
>> instances of the same tree, two on each node.

>
> With the same tree name? That would be highly inadvisable. Apart from
> confusing the clients, if you used the same server names as well, you'd
> probably end up with the servers getting confused about synchronization,


Ah, ye of little faith. It works fine. Each instance looks like a server,
with its own server name, NCP Server object, etc..

This is really just a smaller version of the cluster I'm running here,
with 5 nodes, six trees, nine instances, plus the IDM RBPM and a
Shibboleth IDP.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.
If you find this post helpful, please click on the star below.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Clustering

On Mon, 21 Oct 2013 14:30:02 +0000, David Gersic wrote:

> On Sat, 19 Oct 2013 18:34:15 +0000, Jim Henderson wrote:
>
>> On Sat, 19 Oct 2013 13:46:07 +0000, alekz wrote:
>>
>>> I'm thinking of clustering eDirectory/IDM (engine) but instead of
>>> having one node doing nothing I'm thinking about setting up multiple
>>> instances of the same tree, two on each node.

>>
>> With the same tree name? That would be highly inadvisable. Apart from
>> confusing the clients, if you used the same server names as well, you'd
>> probably end up with the servers getting confused about
>> synchronization,

>
> Ah, ye of little faith. It works fine. Each instance looks like a
> server,
> with its own server name, NCP Server object, etc..


Hmm.

I would think that service advertising might cause a problem, but I
suppose if you configured things to use configured SLPDAs, the
advertisements from one tree wouldn't conflict with the other.

> This is really just a smaller version of the cluster I'm running here,
> with 5 nodes, six trees, nine instances, plus the IDM RBPM and a
> Shibboleth IDP.


Then again, what you and I might do in our environments (with advanced
knowledge) is different than what we might advise someone with less
experience to do. 🙂 I've done all sorts of things in my lab (and
occasionally in my production environments) that I probably wouldn't
advise those with less expertise to do. 🙂

Jim
--
Jim Henderson, CNA6, CDE, CNI, LPIC-1, CLA10, CLP10
Novell/SUSE/NetIQ Knowledge Partner
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Clustering

On Mon, 21 Oct 2013 17:28:37 +0000, Jim Henderson wrote:

> On Mon, 21 Oct 2013 14:30:02 +0000, David Gersic wrote:
>
>> On Sat, 19 Oct 2013 18:34:15 +0000, Jim Henderson wrote:
>>
>>> On Sat, 19 Oct 2013 13:46:07 +0000, alekz wrote:
>>>
>>>> I'm thinking of clustering eDirectory/IDM (engine) but instead of
>>>> having one node doing nothing I'm thinking about setting up multiple
>>>> instances of the same tree, two on each node.
>>>
>>> With the same tree name? That would be highly inadvisable. Apart
>>> from confusing the clients, if you used the same server names as well,
>>> you'd probably end up with the servers getting confused about
>>> synchronization,

>>
>> Ah, ye of little faith. It works fine. Each instance looks like a
>> server,
>> with its own server name, NCP Server object, etc..

>
> Hmm.
>
> I would think that service advertising might cause a problem, but I
> suppose if you configured things to use configured SLPDAs, the
> advertisements from one tree wouldn't conflict with the other.


SLP is fine, because it depends on what IP address eDir is bound to. As
long as you keep Instance / IP Address / NCP Server together correctly,
there's no problem here.


>> This is really just a smaller version of the cluster I'm running here,
>> with 5 nodes, six trees, nine instances, plus the IDM RBPM and a
>> Shibboleth IDP.

>
> Then again, what you and I might do in our environments (with advanced
> knowledge) is different than what we might advise someone with less
> experience to do. 🙂


Bah. It's covered in the documentation. How hard can it be? 😉

Really, though, if you can handle the concepts of multi-instance
eDirectory, clustering it really isn't any big deal.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.
If you find this post helpful, please click on the star below.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Clustering

On Mon, 21 Oct 2013 20:00:02 +0000, David Gersic wrote:

>> I would think that service advertising might cause a problem, but I
>> suppose if you configured things to use configured SLPDAs, the
>> advertisements from one tree wouldn't conflict with the other.

>
> SLP is fine, because it depends on what IP address eDir is bound to. As
> long as you keep Instance / IP Address / NCP Server together correctly,
> there's no problem here.
>
>
>>> This is really just a smaller version of the cluster I'm running here,
>>> with 5 nodes, six trees, nine instances, plus the IDM RBPM and a
>>> Shibboleth IDP.

>>
>> Then again, what you and I might do in our environments (with advanced
>> knowledge) is different than what we might advise someone with less
>> experience to do. 🙂

>
> Bah. It's covered in the documentation. How hard can it be? 😉
>
> Really, though, if you can handle the concepts of multi-instance
> eDirectory, clustering it really isn't any big deal.


Hmmm, maybe I just misunderstood the question then. 🙂

Jim
--
Jim Henderson, CNA6, CDE, CNI, LPIC-1, CLA10, CLP10
Novell/SUSE/NetIQ Knowledge Partner
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Clustering

On Sat, 19 Oct 2013 13:46:07 +0000, alekz wrote:

> I'm thinking of clustering eDirectory/IDM (engine) but instead of having
> one node doing nothing I'm thinking about setting up multiple instances
> of the same tree, two on each node.


Sure, it'll work fine.

For each instance, you need a dedicated IP address that will move between
the nodes. After setting up an instance, you then need to ensure that
only that IP address is used for the instance (by default, it'll bind to
all). You'll need to configure and check NCP and LDAP. The clients must
never know about or use the node's IP address, only the one dedicated to
the instance.


> Is this kind of setup supported?


With SLES/HA clustering, yes, that's fully supported.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.
If you find this post helpful, please click on the star below.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.