Considerations When Selecting a Directory Service for Your Environment
Articles and Tips: tip
Testing Unit Manager
KeyLabs
13 Jul 2000
This section offers important factors to consider when choosing a directory service for your network.
In recent months, numerous directory service performance results have been published, each claiming that the winning directory service is the best for you. However, it is unwise to rely on such reports alone because they focus on a very small portion of a total directory service solution, such as LDAP performance. In the majority of implementations, LDAP performance is a small fraction of what the consumer wants their directory services to fulfill.
Factors to Consider
There are many considerations that customers should review before choosing a directory service for their particular environment. This article attempts to outline these considerations, listing the questions you should ask in evaluation a particular vendor's offering.
Performance. Since we've already mentioned performance, we'll start with that. You should try to ascertain whether the directory service performs well enough to meet your needs. If the server hosting the directory service is used for other applications or services, do these applications or services interfere with the performance of the other? If the directory service is used for information searching, are the searches through whatever protocol or access method within your needs? Does performance slow down with more objects? Does the directory service have a caching model that is customizable, and will directly improve performance from the accessing users point of view? Does the directory service or its underlying network operating system (NOS) support multiple processors for scaling performance as more horsepower is added?
Scalability. Be sure to consider scalability. Think about how many objects you intend to create in the directory. The majority of objects will be users, but other objects can include printers, groups, queues, catalogs, third- party applications, and so on. All leading directories are capable of holding millions of objects; the main differences are the replication and partitioning schemes allowed in each of them.
Hardware Requirements. Another important consideration is whether the directory service you want will run on your existing hardware. If so, will it require upgrades to memory, processors, and storage capacity? Will it require additional servers to handle the amount of objects, as well as provide other services that are important to your installation?
Some directory services allow partitioning of the directory data, so that only a portion of the whole will be stored on any given server. Other services require all objects to be stored on all servers. Some directories benefit from more RAM for caching, while others find that more processors will be the most beneficial.
Supported Protocols. Be sure to ask about protocols. Does the directory service support the protocols your business needs (TCP/IP, IPX, NetBEUI, LDAP, and so on)? Does it support these protocols natively, or through some encapsulation or emulation method? Does the directory service require a proprietary protocol? Does it adhere to networking standards, or does it attempt to make its own version of that standard?
Security. Don't forget security. What encryption solution does the directory service use? Is traffic over the wire secure? If LDAP is used to access the directory, can SSL (Secure Socket Layer) connections be obtained? Will the directory allow SSL connections from any standard client, or is a proprietary client or shim needed?
Administration. Does the directory service have the utilities necessary to manage it? Are all of the necessary functions included in a single executable, or do you need multiple applications in order to manage the directory? Can the directory service be managed from the server itself, or is a client machine necessary? Can the management utilities be run from any client operating system, or is it specific to a few? If so, does the client operating system match the type you use in your business?
Migration. Does the directory service have utilities to migrate information and objects from your existing environment, or must everything be re-created manually? Does the directory allow you to implement workstation/server/network upgrades in a piece-meal type fashion, or must all involved servers/clients be upgraded at once? Does the directory service support legacy NOS/OS combinations during the upgrade and installation process?
Stability. Does the directory solution have built-in failsafes in the event of a power-outage or hardware failure? Do the transactions clean themselves up and retain the integrity of the underlying database? Does the host server have to be restarted or reset because of utilization, performance degradation or failures?
Error Correction. Does the directory service have utilities or methods to repair the database on any or all servers associated with the directory? Do these tools run on the server or on the client, or on both? Does the server running the selected directory service need to be taken off-line while repair functions are executed? Does the directory service support or have native implementations of a health checking feature? How does the administrator get notified of potential problems in the directory? Do the repair utilities have enough help to allow a system administrator to find and correct the majority of basic issues, or must you place a call with the vendor's support for many or all problems?
Platform Support. Does the directory support all platforms in your environment? If you have a heterogeneous server environment with different hardware and network operating system configurations, can the directory function with all of them? Does the directory support the client operating systems that you have in your environment?
Usability. Usability is a very general term describing how a directory solution delivers the functionality and features that are needed in your environment. Does the directory solution have ample documentation and help files, both at the server and client level? Is the vendor's technical support actually useful? Can you get the directory service to do what you want, without hiring the vendor's consultants to help with the task?
Third-Party Support. Is the directory service supported by all of the applications, hardware, and network infrastructure that you use in your network environment? Does the directory service allow you to utilize existing products you are happy with, or does it insist on a proprietary solution native to its platform? Does the directory service allow for integration with third-party applications such as backup, virus protection, e-mail packages, and so on? Will the implementation of the directory solution require that any of these will have to be updated or replaced? If so, be sure to include the upgrade costs in your initial decision-making figures.
Conclusion
The directory services that are presently being offered have some basic similarities, such as the ability to store objects in a centralized "database,"only they are implemented in different ways. The inherent functionality that meets your needs is the most important factor when choosing a directory service. Don't be fooled by marketing hype and perimeter feature testing-know the facts and know what you need. A directory service must at least provide that level of functionality or it is useless; it doesn't matter how many other features it has, if it doesn't have the ones you need for your implementation, then it's not for you.
* Originally published in Novell AppNotes
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.