Understanding and Deploying LDAP Directory Services > 25. Case Study: A Large Multinational Enterprise > Maintenance |
MaintenanceOngoing maintenance of HugeCo's large directory service requires a lot of attention from IS system administrators. This is especially true at the present time because the service is still evolving as new directory-enabled applications are being integrated. All basic maintenance is handled using automated procedures that are similar to those used for other systems the IS organization manages . The sections that follow provide specific information on each aspect of directory maintenance within HugeCo's deployment. Data Backups and Disaster RecoveryAs discussed earlier in this chapter, each master server is paired with a hot standby master server to protect against machine failures. Written procedures were created that system administrators can follow to bring a standby master online. Once a month the standby servers are tested to ensure that they are functional. The master servers are backed up to disk nightly and archived to tape using 4mm DAT drives . Twice a week each region sends a set of backup tapes to another region for offsite storage. The backup procedures are largely automated and similar to those used for all the services HugeCo's IS organization supports. HugeCo outsources all its disaster recovery planning and services to IBM Business Recovery Systems, which maintains cold sites in each of HugeCo's four regions . Maintaining DataThe IS organization spends a lot of time and money on data maintenance across all of HugeCo's systems. Corporate data is held in a variety of databases, and keeping the data up-to-date is largely a manual process. One of the goals of the directory service team was to increase the overall data maintenance burden as little as possible. This was accomplished though a combination of automated processes and the distribution of data maintenance responsibilities. To integrate with its PeopleSoft HR database, HugeCo contracted with Netscape Professional Services to create a custom directory synchronization tool. The synchronization tool runs once per hour to transfer changes made in the HR database to the directory service. Basic information about employees is synchronized, including name , contact information, ID number, and location. The synchronization tool takes care of creating new hugeCoPerson entries in the directory service when employees join HugeCo, and it disables user accounts by altering passwords after an employee leaves the company. The synchronization tool, written in Perl, operates on text extracts generated from the PeopleSoft database, and it uses the PerLDAP module to access the LDAP directory. To distribute directory data maintenance responsibilities, the HugeCo team defined the following categories of directory data managers:
For access control purposes, groups are maintained in the directory for each category of data administrators. The one exception is the end user category: End users are identified by the absence of group membership. Access control rules were placed in the directory to give people in each category an appropriate level of access. By allowing departmental administrators and end users to manage some of their own information, the data management burden carried by the IS employees (the directory administrators and help desk staff) is minimized.
MonitoringThe overall HugeCo strategy for network monitoring revolves around HP OpenView, a commercial network monitoring system (NMS). Each regional IS department runs an HP OpenView system that monitors the network and the applications located in that region. In addition, the central IS organization runs an HP OpenView system that monitors the global network and centrally managed applications such as the PeopleSoft system. A combination of techniques was used to integrate the Netscape Directory Server software and important directory-enabled applications into the NMSs. First, the built-in SNMP support provided by the server software was used to provide basic service and performance monitoring. Then a set of Perl scripts was developed using the PerLDAP module to probe all the critical directory servers from several locations on HugeCo's network. Finally, indirect monitoring of the directory service was started through extensive probing of critical directory-enabled applications, including the email servers, the PeopleSoft synchronization process, the phonebook servers, and the Web servers that support critical applications. As much as possible, probes mimic the operations that end users and applications frequently perform.
When a problem is detected by HugeCo's OpenView monitoring system, the following automated notification methods are used to bring the problem to the attention of the appropriate system administrator:
Overall, the directory service and associated applications have proved to be very reliable. So far there has been no need to automate such actions as restarting failed directory server processes or machines. TroubleshootingHugeCo's IS organization maintains a well-documented set of escalation procedures stating that senior members of the IS staff will be called in over time to address critical problems. Directory-specific procedures were developed during the directory pilot deployment and refined over time to ensure that problems are addressed quickly by the right people.
|
Index terms contained in this sectionbackupsHugeCo case study case studies HugeCo maintenance 2nd 3rd 4th 5th 6th 7th 8th 9th data maintenance HugeCo case study 2nd 3rd 4th 5th directories case studies HugeCo 2nd 3rd 4th 5th 6th 7th 8th 9th disaster recovery HugeCo case study HugeCo case study maintenance 2nd 3rd 4th 5th 6th backups data maintenance 2nd 3rd 4th 5th disaster recovery monitoring 2nd 3rd 4th 5th 6th troubleshooting maintenance HugeCo case study 2nd 3rd 4th 5th 6th backups data 2nd 3rd 4th 5th disaster recovery monitoring 2nd 3rd 4th 5th 6th troubleshooting monitoring HugeCo case study 2nd 3rd 4th 5th 6th performance monitoring HugeCo case study 2nd 3rd 4th 5th 6th troubleshooting HugeCo case study |
2002, O'Reilly & Associates, Inc. |