Presentation is loading. Please wait.

Presentation is loading. Please wait.

Innosoft international inc. Ó 1999 Innosoft International, Inc. Using LDAPv3 for Directory-Enabled Applications & Networking Greg Lavender Director of.

Published byTaylor Bolas Modified over 9 years ago

Similar presentations

Presentation on theme: "Innosoft international inc. Ó 1999 Innosoft International, Inc. Using LDAPv3 for Directory-Enabled Applications & Networking Greg Lavender Director of."— Presentation transcript:

1 innosoft international inc. Ó 1999 Innosoft International, Inc. Using LDAPv3 for Directory-Enabled Applications & Networking Greg Lavender Director of Technology Innosoft International, Inc. Greg.Lavender@innosoft.com

2 innosoft international inc. Ó 1999 Innosoft International, Inc. An LDAP-enabled Enterprise Directory Infrastructure Existing DBMS Intranet services Unified login services Applications Legacy Directories System Mgmt DNS, DHCP, SLP NDS, Notes, X.500 HR, Facilities, etc.Mail, web, chat, etc. Telecomm, Workflow, etc. X.509, SSO, PAM, NTDC LDAP-enabled Enterprise Directory Backbone (multiple distributed LDAP servers) PKI sync VPN Routers, Firewalls, RAS Devices

3 innosoft international inc. Ó 1999 Innosoft International, Inc. How to Get There Top-down – identify authoritative directory data sources export and load data into an LDAP directory – periodic or on-change synchronization to get updates – eventually you might make the directory authoritative – incrementally deploy LDAP-enabled user applications easiest is a white pages directory for web or email requires you to set security and access control policies eventually allow users to update their own information

4 innosoft international inc. Ó 1999 Innosoft International, Inc. How to Get There Bottom-up – LDAP-enable the network application infrastructure web server authentication remote access authentication (e.g., RADIUS) firewall user authentication POP and IMAP mail authentication host and IP address management policy based routing and VPN security directory in support of public-key authentication

5 innosoft international inc. Ó 1999 Innosoft International, Inc. Example Applications Enterprise whitepages directory Enterprise network services directory ISP high volume messaging Voice-over-IP use of directory

6 innosoft international inc. Ó 1999 Innosoft International, Inc. LDAP Enterprise Whitepages Directory Sun Console UltraSPARC 2 Solaris 2.6 Veritas FS 1 x 300 MHz processor 512 MB memory 2 x 4 GB storage (primary) Sun E3000 Solaris 2.6 Veritas FS 2 x 336 MHz processors 2 GB memory 2 x 4 GB storage (primary) high availability heartbeat (Ethernet) 2 x 4 GB storage (mirror) 2 x 4 GB storage (mirror) Sun UltraSCSI Disk Array Innosoft Server 4 x 9 GB storage (primary) Hub Enterprise Web Users Web ServersHigh Availability 24x7 LDAP Directory Service Directory Manager Enterprise Mail Users LDAP HTTP LDAP HTTP SNMP

7 innosoft international inc. Ó 1999 Innosoft International, Inc. Enterprise Network Services with LDAP Proxy & Replicated Servers Extranet/ Internet Replicated LDAP Servers LDAP Proxy SMTP/POP/IMAP HTTP Mail Server Web Server LDAP access for user authentication LDAP access for user authentication, mail routing, and delivery options access control load balancing & failover LDAP

8 innosoft international inc. Ó 1999 Innosoft International, Inc. High Volume ISP Mail Services with Replicated LDAP Servers Internet Master LDAP Server SMTP/POP/IMAP Multiple boundary SMTP relays with local LDAP replica for high performance user authentication and mail routing LDAP Replication

9 innosoft international inc. Ó 1999 Innosoft International, Inc. LDAP Directory in a VoIP System Call Processing Server LDAP server used as a routing and subscriber authentication database Phones VoIP Network Each CPS caches routing table and sets an LDAP “search trigger” to be notified in the event of a route update When routing update occurs, LDAP search trigger fires and asynchronously updates each CPS LDAP Directory Server

10 innosoft international inc. Ó 1999 Innosoft International, Inc. Key Considerations Performance and scalability – 500+ queries/sec with 1 CPU, millions of directory entries Replication for high availability – multiple slaves AND multiple masters for high availability Security and access control – SSLv3 for authentication and encryption – LDAP firewall proxy as front-line of defense Load balancing and failover – proxy server to distribute queries and detect failures

11 innosoft international inc. Ó 1999 Innosoft International, Inc. High Availability Directories have become mission critical – users get used to accessing data 24x7 – critical applications require 100% availability Option 1: provide HA with expensive hardware – centralize data and provide hardware fault tolerance Option 2: provide HA with lower cost hardware – distribute and replicate data for high availability – provide failover and load balancing

12 innosoft international inc. Ó 1999 Innosoft International, Inc. High Availability LDAP Services Put authoritative information close to users No single point of failure (multiple masters) Deal with failure transparently Distribute work load for efficiency All of the above lead to 24x7 availability

13 innosoft international inc. Ó 1999 Innosoft International, Inc. Fallback Multi-Master Replication Uses LDAPv3 – weakly consistent replication based on “anti-entropy” protocol concepts reduced bandwidth demands Primary and secondary master servers – masters coordinate to remain consistent – multiple slaves for scalability and fast response time – “second-level slaves” to support replication hierarchies

14 innosoft international inc. Ó 1999 Innosoft International, Inc. A HA LDAP Server Scenario Primary MasterFallback Master Replicated Slaves Secondary Slave Updates Incremental Update Propagation Updates Referral synchronization

15 innosoft international inc. Ó 1999 Innosoft International, Inc. LDAP Proxy Server A secure “chaining” LDAP server – configurable query filtering for security blocks denial-of-service attacks stops “trawling” – filters connections, search requests access control groups can rewrite search requests/results – transparently forwards operations to one or more servers – does automatic failover

16 innosoft international inc. Ó 1999 Innosoft International, Inc. Load Balancing/Failover LDAP Proxy Servers Master or Slave Servers Searches or Updates Forward Operations to a Server in a Server Group LDAP proxy server monitors directory servers for load and balances operations across masters or slaves in a server group. Also applies coarse grained access control Load Balancing

17 innosoft international inc. Ó 1999 Innosoft International, Inc. Transparent Failover Load Balancing/Failover Proxy Servers Masters or Slaves Searches or Updates Forward Operations to a Server in a Server Group Proxy server monitors directory servers and detects server failure and redirects operations until recovery

Download ppt "Innosoft international inc. Ó 1999 Innosoft International, Inc. Using LDAPv3 for Directory-Enabled Applications & Networking Greg Lavender Director of."

Similar presentations

Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.

Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.
Internet Applications INTERNET APPLICATIONS. Internet Applications Domain Name Service Proxy Service Mail Service Web Service.

Internet Applications INTERNET APPLICATIONS. Internet Applications Domain Name Service Proxy Service Mail Service Web Service.
Presented by Mr.Vihang S. Kathe IBC High availability Solution High performing IT Solutions.

Presented by Mr.Vihang S. Kathe IBC High availability Solution High performing IT Solutions.
ITIS 3110 Jason Watson. Replication methods o Primary/Backup o Master/Slave o Multi-master Load-balancing methods o DNS Round-Robin o Reverse Proxy.

ITIS 3110 Jason Watson. Replication methods o Primary/Backup o Master/Slave o Multi-master Load-balancing methods o DNS Round-Robin o Reverse Proxy.
Chapter 7 LAN Operating Systems LAN Software Software Compatibility Network Operating System (NOP) Architecture NOP Functions NOP Trends.

Chapter 7 LAN Operating Systems LAN Software Software Compatibility Network Operating System (NOP) Architecture NOP Functions NOP Trends.
F5 Solution for Microsoft Exchange 2010 James Hendergart Business Development Manager Helen Johnson Solution Engineer.

F5 Solution for Microsoft Exchange 2010 James Hendergart Business Development Manager Helen Johnson Solution Engineer.
MyFloridaMarketPlace Roundtable Technical/Networking Presentation March 19, 2003 9:00 a.m. – noon.

MyFloridaMarketPlace Roundtable Technical/Networking Presentation March 19, :00 a.m. – noon.
Information Technology Registry Services Security LDAP-based Attributes and Authentication.

Information Technology Registry Services Security LDAP-based Attributes and Authentication.
Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.

Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
CSE 190: Internet E-Commerce Lecture 16: Performance.

CSE 190: Internet E-Commerce Lecture 16: Performance.
Lesson 17 – UNDERSTANDING OTHER NETWARE SERVICES.

Lesson 17 – UNDERSTANDING OTHER NETWARE SERVICES.
Lesson 20 – OTHER WINDOWS 2000 SERVER SERVICES. DHCP server DNS RAS and RRAS Internet Information Server Cluster services Windows terminal services OVERVIEW.

Lesson 20 – OTHER WINDOWS 2000 SERVER SERVICES. DHCP server DNS RAS and RRAS Internet Information Server Cluster services Windows terminal services OVERVIEW.
1 Web Content Delivery Reading: Section 9.2.2 and 9.4.3 COS 461: Computer Networks Spring 2007 (MW 1:30-2:50 in Friend 004) Ioannis Avramopoulos Instructor:

1 Web Content Delivery Reading: Section and COS 461: Computer Networks Spring 2007 (MW 1:30-2:50 in Friend 004) Ioannis Avramopoulos Instructor:
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
Module 14: Scalability and High Availability. Overview Key high availability features available in Oracle and SQL Server Key scalability features available.

Module 14: Scalability and High Availability. Overview Key high availability features available in Oracle and SQL Server Key scalability features available.
 Distributed Software Chapter 18 - Distributed Software1.

 Distributed Software Chapter 18 - Distributed Software1.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Chapter 7: Using Windows Servers to Share Information.

Chapter 7: Using Windows Servers to Share Information.

Similar presentations

Ads by Google