A.5 Preventing Identity Manager Synchronization Loops

If you have three or more clusters each in separate eDirectory trees in your business continuity cluster, you should set up IDM User object and Cluster Resource object synchronization in a manner that prevents Identity Manager synchronization loops. Identity Manager synchronization loops can cause excessive network traffic and slow server communication and performance.

For example, in a three-cluster business continuity cluster, an Identity Manager synchronization loop occurs when Cluster One is configured to synchronize with Cluster Two, Cluster Two is configured to synchronize with Cluster Three, and Cluster Three is configured to synchronize back to Cluster One. This is illustrated in Figure 2-3.

Figure A-1 Three-Cluster Identity Manager Synchronization Loop

A preferred method is to make Cluster One an Identity Manager synchronization master in which Cluster One synchronizes with Cluster Two, and Cluster Two and Cluster Three both synchronize with Cluster One. This is illustrated in Figure 2-4.

Figure A-2 Three-Cluster Identity Manager Synchronization Master

You could also have Cluster One synchronize with Cluster Two, Cluster Two synchronize with Cluster Three, and Cluster Three synchronize back to Cluster Two as illustrated in Figure 2-5.

Figure A-3 Alternate Three-Cluster Identity Manager Synchronization Scenario

To change your BCC synchronization scenario:

  1. In the Connections section of the Business Continuity Cluster Properties page, select one or more peer clusters that you want a cluster to synchronize to, then click Edit.

In order for a cluster to appear in the list of possible peer clusters, that cluster must have the following: