HP-UX Directory Server 8.1 deployment guide
6.3.5 Replication across a wide-area network
Wide-area networks typically have higher latency, a higher bandwidth-delay product, and lower
speeds than local area networks . Directory Server version 7.1 and later support efficient replication
when a supplier and consumer are connected via a wide-area network.
In previous versions of Directory Server, the replication protocols that were used to transmit
entries and updates between suppliers and consumers were highly latency-sensitive, because
the supplier would send only one update operation, then wait for a response from the consumer.
This led to reduced throughput with higher latencies.
Since version 7.1, the supplier sends many updates and entries to the consumer without waiting
for a response. Thus, on a network with high latency, many replication operations can be in
transit on the network, and replication throughput is similar to that which can be achieved on a
local area network.
NOTE:
If a supplier is connected to another supplier running an earlier version of Directory Server, it
falls back to the old replication mechanism for compatibility. It is therefore necessary to run at
least version 7.1 on both the supplier and consumer servers in order to achieve the benefits of
the new latency-insensitive replication.
There are both performance and security issues to consider for both the Directory Server and
the efficiency of the network connection:
• Where replication is performed across a public network such as the Internet, the use of SSL
is highly recommended. This guards against eavesdropping of the replication traffic.
• Use a T-1 or faster Internet connection for the network.
• When creating agreements for replication over a wide-area network, avoid constant
synchronization between the servers. Replication traffic could consume a large portion of
the bandwidth and slow down the overall network and Internet connections.
• When initializing consumers, do not to initialize the consumer immediately; instead, utilize
file system replica initialization, which is much faster than online initialization or initializing
from file. Refer to the HP-UX Directory Server administrator guide for information on using
filesystem replica initialization.
6.3.6 Using replication for high availability
Use replication to prevent the loss of a single server from causing the directory service to become
unavailable. At a minimum, replicate the local directory tree to at least one backup server.
Some directory architects argue that information should be replicated three times per physical
location for maximum data reliability. The extent to use replication for fault tolerance depends
on the environment and personal preferences, but base this decision on the quality of the hardware
and networks used by the directory service. Unreliable hardware requires more backup servers.
NOTE:
Do not use replication as a replacement for a regular data backup policy. For information on
backing up the directory data, refer to the HP-UX Directory Server administrator guide.
To guarantee write-failover for all directory clients, use a multi-master replication scenario. If
read-failover is sufficient, use single-master replication.
LDAP client applications can usually be configured to search only one LDAP server. Unless there
is a custom client application to rotate through LDAP servers located at different DNS host
names, the LDAP client applications can only be configured to look up a single DNS host name
for a Directory Server. Therefore, it is probably necessary to use either DNS round-robins or
6.3 Defining a replication strategy 85