A Forum reader recently asked:
"I was wondering if anyone out there would be kind enough to enlighten me on the basics of Replicas."
And here's the response from Aaron Burgemeister ...
The documentation will help you a lot.
An eDirectory tree is divided up into partitions. There is always a [root] partition which contains the whole tree to start with. From that point on containers can be partitioned off into their own subtrees. The [root] partition is always there in a healthy tree.
A replica is a copy of a partition. The eDirectory docs recommend having at least three replicas of all partitions (three copies of every part of the tree). A server can hold multiple replicas as long as they only have one replica of each partition they hold.
Besides masters, there are read-writes, read-only's, filtered read-writes, filtered read-only's, and subordinate references. In the world of directories (meaning directory services, not directories in a filesystem) there is a concept of master/slave and multi-master. eDirectory is a multi-master implementation meaning that you can write to different copies (replicas) of the same datasets (partitions) at the same time. The "master" referred to in this concept (multi-master) is not exactly the same as an eDirectory master, however. A read/write is also a "master" in that it can be written to. Anything that holds a copy of data and can be written-to is a "master".
A "Master" replica in eDirectory terms is basically a special read-write replica that is in charge of some special things. These include:
- Obituaries (synchronizing object creates, deletes, renames, moves)
- Schema (synchronized "out and down" - meaning from the Master to the other replicas in the same partition, then down to child partitions)
- Partitioning and replication (defining new partitions, merging in old partitions, creating or removing replicas of those partitions)
You can only have one Master replica in eDirectory, although you can have as many replicas of other types as you want. A subordinate-reference (sub-ref) replica is not one you can create or destroy on purpose. Attempting to do so will cause problems if you succeed - so don't try it.
Partitions and Replicas
Partitioning and replication have been around since NDS was originally released with NetWare 4.0 as I recall (1993-ish). It's not new at all in theory or in implementation, though I think eDirectory/NDS was the first to do it and definitely does it the best. Active Directory may do something like this, but I've never heard of anybody actually trying it (just have replicas (domain controllers) holding all data in all locations). OpenLDAP and other LDAP-based directories can also have replicas, but partitioning is a bit trickier and NOTHING makes it as easy as eDirectory does (I promise ... I've tried others).
Partitioning is used to prevent excessive WAN traffic when data are needed by certain parts of a tree. Consider an environment where large parts of the tree (users, groups, computers) are across an ocean with a slow connection, or connected via a 56K modem (a common occurrence when eDirectory/NDS was invented). It's not practical to have all data at all locations.
Also, eDirectory can span to over one billion objects (proven years ago in a test to do just that). It is not desirable to have all of those terabytes on all servers at the same time when only certain parts are needed in certain locations. Creating a tree that large all on one server becomes a major pain, requiring significant hardware resources. Doing the same thing across 100 boxes is something I could do in my spare time with cheap hardware.
Security and Performance
Having replicas could also be considered for security reasons. Stealing a box in a remote location without security guards is hardly a problem if it only holds a few dozen objects out of millions (well, less of a problem, at least). Any server running eDirectory can hold replicas, and usually will. eDirectory is eDirectory is eDirectory no matter where it lives. I wouldn't put it on Windows if I had other options (NetWare, Linux, and Solaris are the best performers).
A tree cannot exist without replicas. The tree exists in replicas, so no replicas, no tree. Two servers in the same tree can hold master replicas (and often do) but they must be of different partitions (sections of the tree). A server in a tree can hold no replicas (and often does), but it can always talk to the tree to get eDirectory information as needed.
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.