An Overview of the Directory Needs Definition Process

Understanding and Deploying LDAP Directory Services > 25. Case Study: A Large Multinational Enterprise > Maintenance

<  BACK CONTINUE  >
153021169001182127177100019128036004029190136140232051053062216123029246013030130030236089

Maintenance

Ongoing maintenance of HugeCo's large directory service requires a lot of attention from IS system administrators. This is especially true at the present time because the service is still evolving as new directory-enabled applications are being integrated. All basic maintenance is handled using automated procedures that are similar to those used for other systems the IS organization manages . The sections that follow provide specific information on each aspect of directory maintenance within HugeCo's deployment.

Data Backups and Disaster Recovery

As discussed earlier in this chapter, each master server is paired with a hot standby master server to protect against machine failures. Written procedures were created that system administrators can follow to bring a standby master online. Once a month the standby servers are tested to ensure that they are functional.

The master servers are backed up to disk nightly and archived to tape using 4mm DAT drives . Twice a week each region sends a set of backup tapes to another region for offsite storage. The backup procedures are largely automated and similar to those used for all the services HugeCo's IS organization supports.

HugeCo outsources all its disaster recovery planning and services to IBM Business Recovery Systems, which maintains cold sites in each of HugeCo's four regions .

Maintaining Data

The IS organization spends a lot of time and money on data maintenance across all of HugeCo's systems. Corporate data is held in a variety of databases, and keeping the data up-to-date is largely a manual process. One of the goals of the directory service team was to increase the overall data maintenance burden as little as possible. This was accomplished though a combination of automated processes and the distribution of data maintenance responsibilities.

To integrate with its PeopleSoft HR database, HugeCo contracted with Netscape Professional Services to create a custom directory synchronization tool. The synchronization tool runs once per hour to transfer changes made in the HR database to the directory service. Basic information about employees is synchronized, including name , contact information, ID number, and location. The synchronization tool takes care of creating new hugeCoPerson entries in the directory service when employees join HugeCo, and it disables user accounts by altering passwords after an employee leaves the company. The synchronization tool, written in Perl, operates on text extracts generated from the PeopleSoft database, and it uses the PerLDAP module to access the LDAP directory.

To distribute directory data maintenance responsibilities, the HugeCo team defined the following categories of directory data managers:

  • Directory administrators, who are granted full access rights to all the data in the directory service.

  • Departmental administrators, who are granted nearly full access rights to the people and group entries for their department. Departmental administrators are not, however, allowed to change any attributes managed by the HR database synchronization process.

  • Help desk staff, who are permitted to set passwords for all people entries.

  • End users, who are allowed to change home contact information, URLs, descriptions, and a few other fields within their own entries.

For access control purposes, groups are maintained in the directory for each category of data administrators. The one exception is the end user category: End users are identified by the absence of group membership. Access control rules were placed in the directory to give people in each category an appropriate level of access. By allowing departmental administrators and end users to manage some of their own information, the data management burden carried by the IS employees (the directory administrators and help desk staff) is minimized.

20-20 Hindsight: Improving Data Quality

As an increasing number of HugeCo employees found out about the new directory service and began to examine their own data, the IS help desk started to receive quite a few reports of erroneous information. To get a better handle on the problem and determine the cause, the central IS organization is developing an email survey tool that will extract information from both the PeopleSoft HR database and the directory service. Surveys will be sent to a random sample of 5,000 employees in an effort to determine how widespread the data quality problems are. The results will be checked against directory audit logs to determine the source of the incorrect information, and the data gathered by the survey will be used to decide where to focus future data quality improvement efforts .

Monitoring

The overall HugeCo strategy for network monitoring revolves around HP OpenView, a commercial network monitoring system (NMS). Each regional IS department runs an HP OpenView system that monitors the network and the applications located in that region. In addition, the central IS organization runs an HP OpenView system that monitors the global network and centrally managed applications such as the PeopleSoft system.

A combination of techniques was used to integrate the Netscape Directory Server software and important directory-enabled applications into the NMSs. First, the built-in SNMP support provided by the server software was used to provide basic service and performance monitoring. Then a set of Perl scripts was developed using the PerLDAP module to probe all the critical directory servers from several locations on HugeCo's network. Finally, indirect monitoring of the directory service was started through extensive probing of critical directory-enabled applications, including the email servers, the PeopleSoft synchronization process, the phonebook servers, and the Web servers that support critical applications. As much as possible, probes mimic the operations that end users and applications frequently perform.

20-20 Hindsight: The Value of Indirect Probes

About a month after the HugeCo directory service was first rolled out worldwide, the IS email team received a complaint from one of the executive vice presidents in the Latin America region: Electronic mail was being delayed for up to 30 minutes before reaching all the intended recipients. This was puzzling because most messages were routinely delivered by the Netscape Mail Transfer Agent (MTA) network within five minutes .

After an afternoon of investigation, the email administrators discovered that all the delayed messages had been sent to a dynamic group (one in which membership is determined by a search of the directory). They quickly brought some directory experts over to look at the problem. In the end, the root cause of the problem was traced to a missing index in the configuration of the directory servers used by the MTAs. Although easily corrected, the problem had gone unnoticed for almost a month (much to the chagrin of the IS staff)

This incident prompted the IS employees to design and implement a series of indirect directory probes that closely emulate the behavior of important applications such as the messaging servers. By proactively monitoring the performance of the system as experienced by end users, the HugeCo IS staff hopes to detect problems earlier in the future

When a problem is detected by HugeCo's OpenView monitoring system, the following automated notification methods are used to bring the problem to the attention of the appropriate system administrator:

  • Text pager messages are sent when an urgent system outage is detected.

  • Electronic mail messages are used to send weekly directory activity summaries and notify administrators immediately about problems such as reduced performance of a directory application.

  • IS staff and end users can access a continuously updated Web page that lists information about all known outages.

Overall, the directory service and associated applications have proved to be very reliable. So far there has been no need to automate such actions as restarting failed directory server processes or machines.

Troubleshooting

HugeCo's IS organization maintains a well-documented set of escalation procedures stating that senior members of the IS staff will be called in over time to address critical problems. Directory-specific procedures were developed during the directory pilot deployment and refined over time to ensure that problems are addressed quickly by the right people.



Understanding and Deploying LDAP Directory Services,  2002 New Riders Publishing
<  BACK CONTINUE  >

Index terms contained in this section

backups
          HugeCo case study
case studies
         HugeCo
                    maintenance 2nd 3rd 4th 5th 6th 7th 8th 9th
data
         maintenance
                    HugeCo case study 2nd 3rd 4th 5th
directories
         case studies
                    HugeCo 2nd 3rd 4th 5th 6th 7th 8th 9th
disaster recovery
          HugeCo case study
HugeCo case study
          maintenance 2nd 3rd 4th 5th 6th
                    backups
                    data maintenance 2nd 3rd 4th 5th
                    disaster recovery
                    monitoring 2nd 3rd 4th 5th 6th
                    troubleshooting
maintenance
          HugeCo case study 2nd 3rd 4th 5th 6th
                    backups
                    data 2nd 3rd 4th 5th
                    disaster recovery
                    monitoring 2nd 3rd 4th 5th 6th
                    troubleshooting
monitoring
          HugeCo case study 2nd 3rd 4th 5th 6th
performance
         monitoring
                    HugeCo case study 2nd 3rd 4th 5th 6th
troubleshooting
          HugeCo case study

2002, O'Reilly & Associates, Inc.



Understanding and Deploying LDAP Directory Services
Understanding and Deploying LDAP Directory Services (2nd Edition)
ISBN: 0672323168
EAN: 2147483647
Year: 1997
Pages: 245

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net