You can use the Data Synchronizer Installation Summary Sheet to gather the information you need so that you are prepared to provide the information requested by the Data Synchronizer Installation program. The Summary Sheet organizes the information in the order in which you need it during the installation and configuration process.
A Synchronizer system can consist of a single Synchronizer server or multiple Synchronizer servers. A single Synchronizer server can handle approximately 500 users, depending on the amount of synchronization traffic generated by those users. For planning guidelines, review Section 1.1.3, Data Synchronizer Configurations.
|
DATA SYNCHRONIZER INSTALLATION SUMMARY SHEET |
|---|
|
Print one copy of the Data Synchronizer Installation Summary Sheet for each Synchronizer server that you are planning for your Synchronizer system. |
If you plan to install Data Synchronizer on multiple servers, you can proceed through the following planning sections server by server, or you can apply each planning section to all planned servers, then proceed to the next planning section.
IMPORTANT:For best security, plan to install the Data Synchronizer software on servers inside your DMZ.
The Data Synchronizer Installation program needs access to an LDAP directory. The LDAP information that you provide during installation provides you with access to Synchronizer Web Admin, the administrative tool used to manage your Synchronizer system after installation.
In order to communicate with your LDAP directory, the Data Synchronizer Installation program needs the IP address or DNS hostname of your LDAP server. It also needs the port number that the LDAP server listens on. The LDAP port number depends on whether the LDAP server requires a secure SSL connection. The default secure port number is 636. The default non-secure LDAP port number is 389.
|
DATA SYNCHRONIZER INSTALLATION SUMMARY SHEET |
|---|
|
Under , specify the IP address or DNS hostname of your LDAP server, and mark whether a secure SSL connection is required. |
If the LDAP server requires a secure connection, additional setup might be required. See Securing Communication with the LDAP Server
in Synchronizer System Security
in the Novell Data Synchronizer System Administration Guide.
IMPORTANT:If there is a firewall between the Synchronizer server and the LDAP server, be sure to configure the firewall to allow communication on the selected LDAP port.
In order to access the LDAP directory, the Data Synchronizer Installation program needs the username and password of an administrator user on the LDAP server who has sufficient rights to access the user and group information stored there. At least Read rights are required. You can use the admin LDAP user or an admin-equivalent user. For more information about the required rights for the user you choose, see TID 7006841: LDAP Admin Rights for Data Synchronizer in the Novell Support Knowledgebase.
You need to provide the username, along with its context in your LDAP directory tree, in the following format:
cn=username,ou=organizational_unit,o=organization
|
DATA SYNCHRONIZER INSTALLATION SUMMARY SHEET |
|---|
|
Under , specify a fully qualified username with sufficient rights to read the user and group information in your LDAP directory, along with the password for that user. |
During installation, you must provide a user container and a group container from which Synchronizer Web Admin lists users and groups that you can add to your Synchronizer system. The Installation program lets you browse for the user and group containers. It then displays the containers in the following LDAP format:
ou=container_name,ou=organizational_unit,o=organization
|
DATA SYNCHRONIZER INSTALLATION SUMMARY SHEET |
|---|
|
Under , specify a container object and its context in the LDAP directory tree where User objects are located. If Group objects are located in a different container, list that container as well. |
When Synchronizer Web Admin generates lists of users and groups, it searches the containers you specify, as well as subcontainers. If you want Synchronizer Web Admin to be able to search multiple, organizationally separate containers for users and groups, you can configure this functionality after you have installed Data Synchronizer, as described in Searching Multiple LDAP Contexts for Users and Groups
in Synchronizer System Management
in the Novell Data Synchronizer System Administration Guide.
If you plan to use LDAP authentication, a number of variables affect how you add users to your Synchronizer system:
|
Using LDAP groups |
LDAP groups are a powerful tool for ongoing Synchronizer system management. When you add LDAP groups to your Synchronizer system, you can later add and delete users in the LDAP groups, and the users are automatically added or deleted for all connectors that are configured with those groups. This saves you from the repetitive work of manually adding or deleting users for two or more connectors using Synchronizer Web Admin. When you add or delete the users in the LDAP group, Synchronizer Web Admin automatically adds or deletes the users for all connectors that are configured with the group. |
|
Setting application names |
If users’ LDAP usernames are not the same as their GroupWise user IDs, you must set users’ application names in Synchronizer Web Admin to map from LDAP usernames to GroupWise user IDs. This must be done regardless of whether you add the users during installation or after installation, and it applies to users who are added by being members of LDAP groups. To plan ahead for this process, review |
|
Single-server installation |
If you are planning a single-server Synchronizer system, you might already have or want to create LDAP groups based on departmental membership, organizational roles, geographic locations, or even the need to participate in data synchronization. |
|
Multi-server installation |
If you are planning a multi-server Synchronizer system, you might already have or want to create LDAP groups that would be set up on different Synchronizer servers. You might be planning several Synchronizer servers based on geographic location, so having an LDAP group of users for each geographic location would facilitate adding users to connectors. If you want a separate Synchronizer server for executives, creating an LDAP group of executives would allow you to add them as a group, rather than selecting each executive individually. If you have a very large number of groups with no particular distinguishing characteristics, you might want to create LDAP groups based on the first letter of users’ last names or usernames (for example, A-I, J-R, and S-Z). |
Regardless of the variables involved in adding users to your Synchronizer system, effective planning can make the process of adding users easier and faster.
|
DATA SYNCHRONIZER INSTALLATION SUMMARY SHEET |
|---|
|
Under , specify LDAP groups of users to add to your Synchronizer system. If the LDAP groups do not already exist, create them in your LDAP directory before configuring connectors. Under , specify any individual users that are not part of LDAP groups that you want to add to your Synchronizer system. |
IMPORTANT:Be sure to add yourself to the Synchronizer system for testing purposes.
In order to configure the GroupWise Connector as you run the Data Synchronizer Installation program, you need to gather certain information about the GroupWise system where users want to synchronize data.
A GroupWise trusted application can log into a GroupWise Post Office Agent (POA) in order to access GroupWise mailboxes without needing personal user passwords. The GroupWise Connector requires such mailbox access in order to synchronize GroupWise data with other applications.
Before you install Data Synchronizer, you must use ConsoleOne to configure the GroupWise Connector as a GroupWise trusted application. You might name the trusted application GroupWiseConnector.
A trusted application uses a key that consists of a long string of letters and numbers to provide authentication to the GroupWise POA. ConsoleOne creates the key in a file in a specified location that is accessible to ConsoleOne. You need to create only one trusted application key for the GroupWise Connector, regardless of the number of servers where you install Data Synchronizer, and regardless of the number of domains and post offices in your GroupWise system.
NOTE:If your GroupWise system connects to any external GroupWise domains, that external GroupWise system needs its own Data Synchronizer installation on an additional Synchronizer server, along with its own separate trusted application key.
Follow the instructions in Creating a Trusted Application and Key
in System
in the GroupWise 8 Administration Guide to set up a trusted application and obtain a trusted application key for the GroupWise Connector.
IMPORTANT:Do not use an existing trusted application key that is already in use by another application.
When you set up the GroupWise Connector as a trusted application, you only need to fill in three fields in the Create Trusted Application dialog box in ConsoleOne:
Do not fill in any other fields.
IMPORTANT:In order for the Data Synchronizer Installation program to access the key file, you might need to copy it to a convenient location on the Synchronizer server. The Installation program automatically transfers the trusted application key from the key file into the configuration of the GroupWise Connector.
|
DATA SYNCHRONIZER INSTALLATION SUMMARY SHEET |
|---|
|
Under , specify the name of the trusted application that you created in ConsoleOne and the location where the Data Synchronizer Installation program can access the trusted application key file. |
The GroupWise Connector accesses your GroupWise system by communicating with a Post Office Agent (POA). The selected POA must be configured for SOAP, as described in Supporting SOAP Clients
in Post Office Agent
in the GroupWise 8 Administration Guide.
The selected POA can obtain information about all users in all post offices in your GroupWise system, if your GroupWise system has a GroupWise name server, as described in Simplifying Client/Server Access with a GroupWise Name Server
in Post Office Agent
in the GroupWise 8 Administration Guide.
The Data Synchronizer Installation program and the GroupWise Connector need the IP address or DNS hostname of the server where the POA is running. In addition, they need the POA SOAP port, which is 7191 by default. Typically, the same port number is used regardless of whether the POA is configured for a secure SSL SOAP connection. The Data Synchronizer Installation program and the GroupWise Connector need to know whether or not the connection is secure, because they use one of the following URLs to communicate with the POA:
|
Non-Secure SOAP URL: |
http://poa_server_address:soap_port/soap |
|
Secure SOAP URL: |
https://poa_server_address:soap_port/soap |
|
DATA SYNCHRONIZER INSTALLATION SUMMARY SHEET |
|---|
|
Under , specify the IP address or DNS hostname of the server where a POA configured for SOAP is running. Specify the SOAP port, and whether or not the POA requires a secure SSL SOAP connection. |
IMPORTANT:By default, the GroupWise Connector communicates with the POA using port 4500. If there is a firewall between the Synchronizer server and the POA server, be sure to configure the firewall to allow communication on port 4500. If necessary, you can configure the GroupWise Connector to use a different port number after installation, as described in Changing the GroupWise Connector Listening Port
in GroupWise Connector Configuration
in the Groupwise Connector Installation and Configuration Guide.
When you run the Data Synchronizer Installation program, it creates a PostgreSQL database that is used to store Synchronizer system configuration information that you see in Synchronizer Web Admin. It also stores pending events when synchronization between the Sync Engine and connectors is interrupted.
The Synchronizer database is named datasync, and the user that has access is named datasync_user. You must supply the password for the Synchronizer database user.
|
DATA SYNCHRONIZER INSTALLATION SUMMARY SHEET |
|---|
|
Under , specify the password that you want to use for the Synchronizer database. |
Some connectors use a secondary database to store events when synchronization between the connectors is interrupted. Refer to each connector’s Installation and Configuration Guide to determine whether the connector you are installing uses a secondary database. The GroupWise Connector does not use a secondary database.
If you need to change the password on the Synchronizer database after you have installed Data Synchronizer, see Changing the Synchronizer Database Password
in Synchronizer System Management
in the Novell Data Synchronizer System Administration Guide
If you need to change the password on a connector’s secondary database, refer to each connector’s Installation and Configuration Guide.
Configuration and administration of your Synchronizer system is performed through Synchronizer Web Admin. From Synchronizer Web Admin, you can:
Add connectors to your Synchronizer system
Add users to connectors
Start, stop, and configure connectors
Reconfigure the connection to your LDAP server
Reconfigure the Sync Engine
To protect your Synchronizer system operation and configuration, you must choose one LDAP administrator user to access Synchronizer Web Admin. This LDAP user becomes the initial Synchronizer administrator. For simplest administration, use the LDAP Admin user or an admin-equivalent user. If you prefer to establish a Synchronizer administrator user with fewer rights than the LDAP Admin user, make sure the user has sufficient rights to read the User and Group objects that you need to access as you add users to connectors in Synchronizer Web Admin.
Make sure that you know this administrator user’s password.
|
SINGLE-SERVER DATA SYNCHRONIZER INSTALLATION SUMMARY SHEET |
|---|
|
Under , specify the LDAP administrator username and password that you want to grant access to Synchronizer Web Admin. |
You can add more users as Synchronizer administrators after installation, as described in Setting Up Multiple Synchronizer Administrator Users
in Synchronizer System Management
in the Novell Data Synchronizer System Administration Guide.