2.3 Planning Driver and Replica Placement on Your Servers

In this section:

2.3.1 Determining How Many Zones You Have

Consult with your student information systems administrator to find out how many Zones your environment is using and what they are managing.

Some SIF-enabled student information systems use one Zone for a whole district; some use multiple Zones, such as one per school.

A single instance of the Identity Manager Driver for SIF supports up to 10 Zones. If you have more than 10 Zones we recommend that you install Identity Manager and the SIF driver on more than one server. Each server with Identity Manager and the SIF Driver can service up to 10 Zones.

If you have multiple Zones, compare what the Zone manages to the containers in your eDirectory tree, to see which containers hold objects that are managed by each Zone.

For additional information about planning your containers for managing students, see Creating the Hierarchy of Containers for Students and Staff.

2.3.2 Planning Replica Placement

This information is based on Replicating the Objects that Identity Manager Needs on the Server in the Identity Manager 3.5.1 Installation Guide .

For each Driver object, the server where it runs must hold full master or read/write replicas of the following objects:

  • The User objects that you want this instance of the driver to synchronize.

    The driver can’t synchronize objects unless a replica of those objects is on the same server as the driver. This might necessitate some changes, for example, aggregating replicas onto a single server if the driver needs a tree-wide view of eDirectory data.

  • The Driver Set object for that server.

    You should have one Driver Set object for each server that is running Identity Manager. Inside this Driver Set object is the Driver object that represents the driver that is running on that server. Unless you have specific needs, don’t associate more than one server with the same Driver Set object.

  • The Template objects you want the driver to use when creating users, if you choose to use templates.

    The driver does not require you to specify templates for use when creating users. But if you want the driver to use templates, the Template objects must be on the server where the driver is running.

  • The Server object for that server.

    The Server object is necessary because it allows the driver to generate key pairs for objects. It also is important for Remote Loader authentication.

  • Containers

    All containers specified in the configuration must be visible on the server, such as the Incomplete container and the Disabled container.

2.3.3 Examples of Driver and Replica Placement

In this section:

Example: Placing Drivers and Replicas for One Zone

The following figures show an example of how to place the driver and partition replicas based on an example tree, for an environment with only one Zone that manages the whole district.

Figure 2-6 shows how the example tree is partitioned, and Figure 2-7 shows which replicas are needed on the server.

In this example tree, each school container is in a separate partition. The Driver Set object is also in a separate partition.

In this case, you should specify the District container as the search container. (In the driver configuration, you specify which container is the search container, meaning the container and subcontainers that should be searched to find out if there are duplicate User IDs.)

Figure 2-6 Example Tree for One Zone, Showing Partitioning

In this example, a single Identity Vault server is used for the district. Identity Manager and the driver software must be installed on the server so the server can run the driver.

The partitions that are needed on the Identity Vault server with the driver are shown in Figure 2-7.

Figure 2-7 Partitions Containing Users Must Be Replicated on the Same Server as the Driver

Example: Placing Drivers and Replicas for Multiple Zones

This section gives an example of how to place drivers and replicas on servers, based on an example tree, for an environment with multiple Zones. There are three Zones, one for each school.

Figure 2-8 shows how the example tree is partitioned, and Figure 2-9 shows that all replicas must be on the Identity Vault server.

In this example tree, each school container is in a separate partition, as shown in Figure 2-8. The Driver Set object is also in a separate partition.

For this example, the District container is the search container. The search container should be high enough in the tree to include all students and staff.

In this example, each school contains its own Incomplete container and Disabled container.

NOTE:This is not required; you could use a single Incomplete container. However, we recommend this implementation for school systems with multiple Zones because it makes it easier to see which Zone needs attention if a student account is “stuck” in the Incomplete container, and because it reduces the number of partitions you might need on each server. If you use a single Incomplete container for all Zones, you need to keep a master or read/write replica of it on every server.

Figure 2-8 Example Tree for Multiple Zones, Showing Partitioning

In this example there are three Zones, one per school. Identity Manager and the Identity Manager Driver for SIF are installed on a server that holds replicas of the partitions from each school. One driver is configured to connect to all three Zones.

NOTE:Unlike the example for a single Zone, in this example it’s not necessary to replicate the District container on each server in order to get a replica of the Incomplete container, because separate Incomplete containers for each Zone are inside each individual school container.

Figure 2-9 illustrates the driver and the partitions that are replicated on the server.

Figure 2-9 Multiple Zones