Looking Ahead

Understanding and Deploying LDAP Directory Services > 26. Case Study: An Enterprise with an Extranet > Maintenance

<  BACK CONTINUE  >
153021169001182127177100019128036004029190136140232051053062216123029245039105108238125148

Maintenance

In this section we describe the various procedures used to maintain HugeCo's extranet directory.

Data Backup and Disaster Recovery

Backups of the extranet directory servers are handled in the same manner as backup of the other directory servers. A 4mm DAT drive is attached to the master extranet directory server, and backups are performed nightly. The backups are transferred off-site as part of the twice-weekly schedule described in Chapter 25. Disaster recovery services for extranet applications were added to the contract that HugeCo maintains with a disaster recovery vendor.

Maintaining Data

Maintenance of extranet directory data involves two data sources ”the Oracle database that tracks information about the authorized HugeCo retailers, and the managers at the individual retailers. Each of these data sources is considered authoritative for certain directory information.

The Oracle database is considered the authoritative source for information about the individual retail outlets. The retailer name , telephone and fax numbers , mailing address, retailer number, and list of authorized products are all synchronized from the Oracle database into the directory on a regular basis using a set of Perl scripts developed by HugeCo's IS staff. An established procedure is used to add or remove retailers from the Oracle database, and these changes propagate to the directory via the synchronization scripts.

The entries corresponding to individual employees at the retailers, on the other hand, are owned by the manager at each particular retailer. When a new employee is to be granted access to the extranet applications, the manager uses a special Web-based application to create a new entry in the directory; this creates the directory entry for the employee and sets an initial password. Similarly, when an employee leaves a retailer, access must be revoked . The manager can accomplish this by using the same Web-based application.

20-20 Hindsight: Preventing Stale Directory Data from Accumulating

Delegating the creation of new employee entries to the individual retail managers is an effective way to cut down on costs. In fact, it's absolutely necessary because HugeCo's human resources division has no record of these employees at all.

However, it's also necessary to take steps to ensure that stale directory entries do not accumulate. When employees are terminated , it's the responsibility of the retailer's manager to remove their records. But what happens if the manager forgets to do this? The initial directory design depended on managers to perform this task, and it did not include any method for alerting the manager to the presence of stale data.

To prevent stale directory entries from accumulating, an automatic expiration system was put in place. Each employee entry in the database (except for the manager's entry) is created with an expiration date six months in the future. One month before expiration, the manager is alerted to the fact that the entry is about to expire. The manager can easily reinstate the employee for an additional six-month period by clicking on a button in the user management application; if not reinstated, the employee's entry is removed from the directory. Behind the scenes, a Perl script (which uses the PerLDAP module) runs nightly and searches for employee directory entries that are about to expire. For each such entry found, the script arranges for the manager for that entry to be notified. The same script removes entries that have expired .

When a manager leaves his or her position with a retailer, HugeCo administrative staff remove his or her entry and add a new record when a new manager is hired . HugeCo representatives periodically contact the HRP retailers via telephone as part of a regular administrative procedure, and this is frequently the point when they discover that a manager has left a retailer. If a new manager has been appointed, a new entry is created, and ACLs in the directory are altered to grant appropriate privileges to the new manager.

These steps keep directory data from becoming stale, thereby improving its quality and usefulness .

Monitoring

Monitoring of the extranet application and directory servers is handled by the existing monitoring system described in Chapter 25.

Troubleshooting

Procedures were added to the existing HugeCo directory escalation process to accommodate the Web and directory servers that support the new extranet applications.



Understanding and Deploying LDAP Directory Services,  2002 New Riders Publishing
<  BACK CONTINUE  >

Index terms contained in this section

backups
          HugeCo case study
case studies
         HugeCo
                    maintenance 2nd 3rd 4th 5th 6th 7th 8th
data
         maintenance
                    HugeCo case study 2nd 3rd 4th 5th
directories
         case studies
                    HugeCo 2nd 3rd 4th 5th 6th 7th 8th
disaster recovery
          HugeCo case study
extranets
         HugeCo case study
                    maintenance 2nd 3rd 4th 5th 6th 7th 8th
HugeCo case study
         maintenance
                    backups and disaster recovery
                    data 2nd 3rd 4th 5th
                    monitoring
                    troubleshooting
maintenance
         HugeCo case study
                    backups and disaster recovery
                    data 2nd 3rd 4th 5th
                    monitoring
                    troubleshooting
monitoring
          HugeCo case study
performance
         monitoring
                    HugeCo case study
troubleshooting
          HugeCo case study

2002, O'Reilly & Associates, Inc.



Understanding and Deploying LDAP Directory Services
Understanding and Deploying LDAP Directory Services (2nd Edition)
ISBN: 0672323168
EAN: 2147483647
Year: 1997
Pages: 245

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net