Innosoft international inc. Ó 1999 Innosoft International, Inc. Using LDAPv3 for Directory-Enabled Applications & Networking Greg Lavender Director of.

Slides:

Advertisements

Similar presentations

Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.

Advertisements

Internet Applications INTERNET APPLICATIONS. Internet Applications Domain Name Service Proxy Service Mail Service Web Service.

Presented by Mr.Vihang S. Kathe IBC High availability Solution High performing IT Solutions.

ITIS 3110 Jason Watson. Replication methods o Primary/Backup o Master/Slave o Multi-master Load-balancing methods o DNS Round-Robin o Reverse Proxy.

Chapter 7 LAN Operating Systems LAN Software Software Compatibility Network Operating System (NOP) Architecture NOP Functions NOP Trends.

F5 Solution for Microsoft Exchange 2010 James Hendergart Business Development Manager Helen Johnson Solution Engineer.

MyFloridaMarketPlace Roundtable Technical/Networking Presentation March 19, :00 a.m. – noon.

Information Technology Registry Services Security LDAP-based Attributes and Authentication.

Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

CSE 190: Internet E-Commerce Lecture 16: Performance.

Lesson 17 – UNDERSTANDING OTHER NETWARE SERVICES.

Lesson 20 – OTHER WINDOWS 2000 SERVER SERVICES. DHCP server DNS RAS and RRAS Internet Information Server Cluster services Windows terminal services OVERVIEW.

1 Web Content Delivery Reading: Section and COS 461: Computer Networks Spring 2007 (MW 1:30-2:50 in Friend 004) Ioannis Avramopoulos Instructor:

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Module 14: Scalability and High Availability. Overview Key high availability features available in Oracle and SQL Server Key scalability features available.

 Distributed Software Chapter 18 - Distributed Software1.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

Chapter 7: Using Windows Servers to Share Information.

Module 12: Designing an AD LDS Implementation. AD LDS Usage AD LDS is most commonly used as a solution to the following requirements: Providing an LDAP-based.

Internal NetworkExternal Network. Hub Internal NetworkExternal Network WS.

Chapter 10 Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Explain how the functions of the application layer,

Technology Overview. Agenda What’s New and Better in Windows Server 2003? Why Upgrade to Windows Server 2003 ?  From Windows NT 4.0  From Windows 2000.

Module 5: Planning a DNS Strategy. Overview Planning DNS Servers Planning a Namespace Planning Zones Planning Zone Replication and Delegation Integrating.

INSTALLING MICROSOFT EXCHANGE SERVER 2003 CLUSTERS AND FRONT-END AND BACK ‑ END SERVERS Chapter 4.

1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.

IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples.

CH2 System models.

Module 8 Configuring Mobile Computing and Remote Access in Windows® 7.

Using Novell iChain ® 2 to Deliver Internal Network Access without a VPN Brian Six Technical Account Manager Novell, Inc.

Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.

Internet security and Acceleration 2004 Presented By Jaime Hernandez Calvin Lau Nery Leon Nancy Smith.

1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.

Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.

5.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning.

Module 4 Planning and Deploying Client Access Services in Microsoft® Exchange Server 2010 Presentation: 120 minutes Lab: 90 minutes After completing.

Module 11: Implementing ISA Server 2004 Enterprise Edition.

Appendix A UM in Microsoft® Exchange Server 2010.

How to create DNS rule that allow internal network clients DNS access Right click on Firewall Policy ->New- >Access Rule Right click on Firewall.

2  Supervisor : MENG Sreymom  SNA 2012_Group4  Group Member  CHAN SaratYUN Sinot  PRING SithaPOV Sopheap  CHUT MattaTHAN Vibol  LON SichoeumBEN.

Translate tech terms into plain English. ?

Module 5 Planning and Deploying Message Transport in Microsoft® Exchange Server 2010.

1 Installing and Maintaining ISA Server Planning an ISA Server Deployment Understand the current network infrastructure. Review company security.

2.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 2: Examining.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 ver.2 Module 8 City College.

CCNA4 v3 Module 6 v3 CCNA 4 Module 6 JEOPARDY K. Martin.

DNS DNS overview DNS operation DNS zones. DNS Overview Name to IP address lookup service based on Domain Names Some DNS servers hold name and address.

Security fundamentals Topic 10 Securing the network perimeter.

1 Firewall Rules. 2 Firewall Configuration l Firewalls can generally be configured in one of two fundamental ways. –Permit all that is not expressly denied.

ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.

Implementing Microsoft Exchange Online with Microsoft Office 365

1/11/2016Lecturer : Trần Thị Ngọc Hoa1 ISA Array  Introduction  Deployment.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.

The Hierarchical Trust Model. PGP Certificate Server details Fast, efficient key repository –LDAP, HTTP interfaces Secure remote administration –“Pending”

1 Welcome to Designing a Microsoft Windows 2000 Network Infrastructure.

VIRTUAL SERVERS Chapter 7. 2 OVERVIEW Exchange Server 2003 virtual servers Virtual servers in a clustering environment Creating additional virtual servers.

Model: DS-600 5x 10/100/1000Mbps Ethernet Port Centralized WLAN management and Access Point Discovery Manages up to 50 APs with access setting control.

Server Administration, Server Management and Networking Alokes Chattopadhyay.

Security fundamentals

3.1 Types of Servers.

REPLICATION & LOAD BALANCING

F5 Internet Quality Control Products and Services

3.1 Types of Servers.

ETHANE: TAKING CONTROL OF THE ENTERPRISE

3.1 Types of Servers.

Working at a Small-to-Medium Business or ISP – Chapter 7

Working at a Small-to-Medium Business or ISP – Chapter 7

Design Unit 26 Design a small or home office network

Working at a Small-to-Medium Business or ISP – Chapter 7

Presentation transcript:

innosoft international inc. Ó 1999 Innosoft International, Inc. Using LDAPv3 for Directory-Enabled Applications & Networking Greg Lavender Director of Technology Innosoft International, Inc.

innosoft international inc. Ó 1999 Innosoft International, Inc. An LDAP-enabled Enterprise Directory Infrastructure Existing DBMS Intranet services Unified login services Applications Legacy Directories System Mgmt DNS, DHCP, SLP NDS, Notes, X.500 HR, Facilities, etc.Mail, web, chat, etc. Telecomm, Workflow, etc. X.509, SSO, PAM, NTDC LDAP-enabled Enterprise Directory Backbone (multiple distributed LDAP servers) PKI sync VPN Routers, Firewalls, RAS Devices

innosoft international inc. Ó 1999 Innosoft International, Inc. How to Get There Top-down – identify authoritative directory data sources export and load data into an LDAP directory – periodic or on-change synchronization to get updates – eventually you might make the directory authoritative – incrementally deploy LDAP-enabled user applications easiest is a white pages directory for web or requires you to set security and access control policies eventually allow users to update their own information

innosoft international inc. Ó 1999 Innosoft International, Inc. How to Get There Bottom-up – LDAP-enable the network application infrastructure web server authentication remote access authentication (e.g., RADIUS) firewall user authentication POP and IMAP mail authentication host and IP address management policy based routing and VPN security directory in support of public-key authentication

innosoft international inc. Ó 1999 Innosoft International, Inc. Example Applications Enterprise whitepages directory Enterprise network services directory ISP high volume messaging Voice-over-IP use of directory

innosoft international inc. Ó 1999 Innosoft International, Inc. LDAP Enterprise Whitepages Directory Sun Console UltraSPARC 2 Solaris 2.6 Veritas FS 1 x 300 MHz processor 512 MB memory 2 x 4 GB storage (primary) Sun E3000 Solaris 2.6 Veritas FS 2 x 336 MHz processors 2 GB memory 2 x 4 GB storage (primary) high availability heartbeat (Ethernet) 2 x 4 GB storage (mirror) 2 x 4 GB storage (mirror) Sun UltraSCSI Disk Array Innosoft Server 4 x 9 GB storage (primary) Hub Enterprise Web Users Web ServersHigh Availability 24x7 LDAP Directory Service Directory Manager Enterprise Mail Users LDAP HTTP LDAP HTTP SNMP

innosoft international inc. Ó 1999 Innosoft International, Inc. Enterprise Network Services with LDAP Proxy & Replicated Servers Extranet/ Internet Replicated LDAP Servers LDAP Proxy SMTP/POP/IMAP HTTP Mail Server Web Server LDAP access for user authentication LDAP access for user authentication, mail routing, and delivery options access control load balancing & failover LDAP

innosoft international inc. Ó 1999 Innosoft International, Inc. High Volume ISP Mail Services with Replicated LDAP Servers Internet Master LDAP Server SMTP/POP/IMAP Multiple boundary SMTP relays with local LDAP replica for high performance user authentication and mail routing LDAP Replication

innosoft international inc. Ó 1999 Innosoft International, Inc. LDAP Directory in a VoIP System Call Processing Server LDAP server used as a routing and subscriber authentication database Phones VoIP Network Each CPS caches routing table and sets an LDAP “search trigger” to be notified in the event of a route update When routing update occurs, LDAP search trigger fires and asynchronously updates each CPS LDAP Directory Server

innosoft international inc. Ó 1999 Innosoft International, Inc. Key Considerations Performance and scalability – 500+ queries/sec with 1 CPU, millions of directory entries Replication for high availability – multiple slaves AND multiple masters for high availability Security and access control – SSLv3 for authentication and encryption – LDAP firewall proxy as front-line of defense Load balancing and failover – proxy server to distribute queries and detect failures

innosoft international inc. Ó 1999 Innosoft International, Inc. High Availability Directories have become mission critical – users get used to accessing data 24x7 – critical applications require 100% availability Option 1: provide HA with expensive hardware – centralize data and provide hardware fault tolerance Option 2: provide HA with lower cost hardware – distribute and replicate data for high availability – provide failover and load balancing

innosoft international inc. Ó 1999 Innosoft International, Inc. High Availability LDAP Services Put authoritative information close to users No single point of failure (multiple masters) Deal with failure transparently Distribute work load for efficiency All of the above lead to 24x7 availability

innosoft international inc. Ó 1999 Innosoft International, Inc. Fallback Multi-Master Replication Uses LDAPv3 – weakly consistent replication based on “anti-entropy” protocol concepts reduced bandwidth demands Primary and secondary master servers – masters coordinate to remain consistent – multiple slaves for scalability and fast response time – “second-level slaves” to support replication hierarchies

innosoft international inc. Ó 1999 Innosoft International, Inc. A HA LDAP Server Scenario Primary MasterFallback Master Replicated Slaves Secondary Slave Updates Incremental Update Propagation Updates Referral synchronization

innosoft international inc. Ó 1999 Innosoft International, Inc. LDAP Proxy Server A secure “chaining” LDAP server – configurable query filtering for security blocks denial-of-service attacks stops “trawling” – filters connections, search requests access control groups can rewrite search requests/results – transparently forwards operations to one or more servers – does automatic failover

innosoft international inc. Ó 1999 Innosoft International, Inc. Load Balancing/Failover LDAP Proxy Servers Master or Slave Servers Searches or Updates Forward Operations to a Server in a Server Group LDAP proxy server monitors directory servers for load and balances operations across masters or slaves in a server group. Also applies coarse grained access control Load Balancing

innosoft international inc. Ó 1999 Innosoft International, Inc. Transparent Failover Load Balancing/Failover Proxy Servers Masters or Slaves Searches or Updates Forward Operations to a Server in a Server Group Proxy server monitors directory servers and detects server failure and redirects operations until recovery