jqueiroz Contributor.
Contributor.
161 views

Partitioning Guidelines...


Hi all,

I'm facing some problems with my eDir tree. We have a bunch of servers
spread over several WAN links; the tree was partitioned so the
HQ-related objects live in a partition right below the root, and each
branch have a partition under HQ.
We have 3 OES 11 servers on HQ, 2 of them NCS nodes, and the other is a
VM running IDM. Each branch have one or two OES 2 / OES 2 SP3 / OES 11
SP2 servers. One of the NCS nodes on HQ is the master of all partitions,
as we manage all the network from HQ LAN.

Since we started installing NCS on the branches we're having problems to
manage it on iManager, as the cluster plugin throws an error when I try
to contact it. After lots of tests, I finally solved the problem
installing a R/W replica of HQ partition on the branch master node.

I found that the problem occurs because the LUM service on the master
nodes takes too much time to autenticate the Admin user (which lives in
the HQ partition).
Right now, I'm searching how can I repartition my tree in a way that I
have maximum efficiency and minimal latency.

One of the things I'm evaluating is the use of R/O partitions on the
branches, but I don't know if this will impact adversely on the way LUM
works.

Could you point me some documentation on partitioning over WAN links
besides "eDirectory 8.8 Administration Guide"
(https://www.netiq.com/documentation/edir88/edir88/data/a2iiidv.html)?

Thanks in advance.


--
jqueiroz
------------------------------------------------------------------------
jqueiroz's Profile: https://forums.netiq.com/member.php?userid=5242
View this thread: https://forums.netiq.com/showthread.php?t=54010

Labels (1)
0 Likes
1 Reply
Knowledge Partner
Knowledge Partner

Re: Partitioning Guidelines...


Your problem seems to be related to LUM and NCS so it depends on what
those services need.
I would design any generic eDir tree to have a common Root (obviously)
and a single common O underneath it as one partition with nothing else
in it and have that as one partition. Then have all locations as
separate OU:s and separate partitions including all local users, groups
as well as servers etc. Then have one OU called "resources" or something
with objects that might be needed at several locations, such as the
admin user. That way you can replicate the local partition locally but
also have the common resource partition as well as the small root
partition on one local server.

Do not use R/O, they use as much resources as R/W with no benifit. The
main problem is that you can't use it to log in.

You write that you have one IDM server, that server has to have replicas
of all partitions holding users.

I guess your problem is that you already have a design and need to get
it to work.
One possibility might be to just create a new partition under your HQ
partition for common objects, create a new admin there, replicate it to
all sites and use that user when administrating the ncs nodes. That way
you would not have to touch the present design.


--
joakim_ganse
------------------------------------------------------------------------
joakim_ganse's Profile: https://forums.netiq.com/member.php?userid=159
View this thread: https://forums.netiq.com/showthread.php?t=54010

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.