AppNote: Clustering eDirectory and IDM on Windows 2003
Novell Cool Solutions: AppNote
By Michel Bluteau
Digg This -
Posted: 1 Jun 2005
This article is a quick setup guide on how to enable a many-to-one cluster for eDirectory and Identity Manager (with drivers) on top of Windows 2003 Enterprise Server. A standy-server must be available, because it is not possible to run multiple instances of eDirectory on the same instance of Windows 2003, even with the upcoming eDirectory 8.8. A single failover event can be managed unless a second standby server is added. This article will mostly cover the eDirectory/Identity Manager part, asssuming that the Windows 2003 Cluster environment is already in place, with shared external storage like a SCSI or Fiber SAN, etc.
For more information on Windows 2003 Clustering, refer to the Microsoft documentation. For example:
- http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/2e0186ba- 1a09-42b5-81c8-3ecca4ddde5e.mspx
Because clustering solutions are relatively simple on the software side, we can assume that if a manual failover can be accomplished, even while simulating external shared storage, then a full-blown clustering solution can be implemented for a given configuration.
Before you get started with clustering, be sure your system meets the following requirements:
- 2+ Windows 2003 Enterprise Edition servers(Standard Edition does not support Clustering)
- 1 Windows 2003 Standard or Enterprise server set as a Domain Controler(required for Clustering which stores it configuration in Active Directory)
- Novell eDirectory 8.7.3 or 8.8
- Identity Manager 2.01 with drivers configured(optional)
- External shared storage(optional)
I was able to build my configuration using 3 VMware virtual machines, all running Windows 2003 Enterprise server, without actual external storage for my first test. A shared drive mapped from both the Active Server and Standby Server can do the trick.
Here are the steps to get a clustering solution installed on your system.
1.. Install the 3 Windows 2003 Servers.
Let's call them Win2003DC, Win2003A and Win 2003B. A cluster must be configured, and Win2003A and Win2003B must be part of the cluster. If one of the servers has access to External Shared storage, then one cluster Group can be configured. This group would include the shared storage, a secondary IP address, and the application to failover (in our case it will be eDirectory).
2. Install eDirectory (using external shared storage, not c:\novell), iManager, and Identity Manager on Win2003A.
3. Create a new tree in eDirectory.
4. On the Win2003B server, install a dummy eDirectory tree, as well as iManager (pointing to the secondary address associated with the cluster Group) and Identity Manager.
5. In the Control Panel, set the NDS Server service to Manual (not Automatic).
6. Access Win2003A and navigate to c:\windows\system32\novell\NICI. Make sure that the same instance of NICI is present on the Standby Server(Win2003B) otherwise iMonitor, iManager, and other services will not work.
Figure 1: The location for NICI, which must be copied to the Standby Server.
7. Log in as Administrator (local or Domain) and take ownership of the system subfolder (through Advanced Security settings for the folder properties) and the two files located under it (see Figures 2 and 3 below).
Figure 2: The two files located under NICI\system
Figure 3: Administrator taking ownership for the system folder
8. Make sure the Administrator is granted Full Control rights for the System folder and the two files located under System.
Figure 4: Administrator getting Full Control Permission for the system folder
Once the Administrator has Full Control over the system folder, he or she can copy the NICI folder to the Standy Server (Win2003B) and replace the NICI from the dummy installation performed on Win2003B. In a many-to-one scenario, the failover operation must take care of copying the NICI from the failed server (copied to the external storage or a temporary location on Win2003B) to c:\windows\system32\novell for Win2003B.
9. On Win2003B, replace the c:\novell installation path for eDirectory with the path to the shared storage, such as s:\novell. This is the location where the eDirectory for Win2003A has been installed.
Figure 5: eDirectory installation location for Win2003B, the Standby Server
10. You can simulate external storage by copying eDirectory from Win2003A (c:\novell) to Win2003B (c:\failover\novell):
Figure 6: Manually copying eDirectory from Win2003A to Win2003B to simulate external storage
11. Configure the eDirectory service on Win2003B to start from either external storage or to a local folder (to simulate external storage).
Figure 7: Services Control Panel for NDS Server service
Figure 8: NDS Server0 service on Win2003B, pointing to dummy eDirectory install
Figure 9: Registry key controling the location of eDirectory for NDS Server0 service on Win2003B
Figure 10: Registry key on Win2003B set to a local directory other than the one for the dummy install, in order to simulate shared external storage (such as s:\novell)
Figure 11: NDS Server0 service after Registry key has been modified on Win2003B
12. Shut down eDirectory on Win2003A.
13. Start eDirectory on Win2003B, on top of moving the secondary IP address used by iManager, with shared external storage (if available).
This completes a successfull failover installation.
Other Considerations: NICI and Windows 2003 Cluster
If you do not properly manage the NICI portion, both iManager and iMonitor(e.g. DSTrace) will not work (authentication failure), and potentially the Identity Manager drivers will fail. Each installation of eDirectory has a one-to-one relationship with NICI and NICI keys, so you must make sure the right NICI installation is on the Standby server for a complete and successful failover.
As for the configuration for Windows 2003 Cluster, you need to create a cluster group that includes the external shared storage, the secondary IP address, and the application (which is eDirectory). The script required to start eDirectory must start eDirectory on the Standby server (Win2003B), such as using net start "NDS Server0". We must also use a script for copying the right instance of NICI to c:\windows\system32\novell if we are in a many-to-one configuration (more than one active server with one Standby server).
You can use the Windows 2003 executable REG.EXE in the script in order to import the correct registry keys for NDS Server0. For example, in a three-node cluster, with two servers running eDirectory/IdM and a 3rd server being the standby server, Win2003A could load eDirectory from drive M: and Win2003B could load it from drive N:. In a failover scenario, Win2003C would need to load eDirectory from either M: (if Win2003A fails) or N: (if Win2003B) fails. The registry keys can be exported from Win2003A and Win2003B into two files that can be used by the script to properly set the registry keys for Win2003C.
For example, I have a working configuration that runs a script (Generic Application). When I load the service "NDS Server0" (Generic Service), the script must reside in memory; otherwise, Windows Cluster thinks it has failed. Here is the script I am using (Win2003A.bat):
rd /S /Q c:\windows\system32\novell\NICI xcopy /E /Y /O M:\NICI c:\windows\system32\novell\ reg.exe IMPORT M:\Win2003Akeys.reg PAUSE
The PAUSE on the last line of the script keeps the script (CMD) resident in memory, so when Windows Cluster checks for its presence, it finds it. This script must be executed before the service "NDS Server0" is loaded.
Even if the clustering of eDirectory and Identity Manager on top of Windows Server is not documented, it is fairly easy to setup a working configuration. You can leverage Windows Clustering and the information related to UNIX or Linux in the documentation or in study cases. Because eDirectory is a service, most other additions like iMonitor and Identity Manager (and drivers) are managed through this single service.
Be sure to dedicate special attention to NICI, because NICI material is specific to each eDirectory installation or server (not the eDirectory tree). You can also simulate external storage using a manual copy or a mapped drive.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com