HP UX Direry Server 6.3.5 Replication across a wide-areanetwork, 6.3.6Using replication for high availability, When creating agreements for replication over a

Wide-area networks typically have higher latency, a higher bandwidth-delay product, and lower speeds than local area networks . Directory Server version 7.1 and later support efficient replication when a supplier and consumer are connected via a wide-area network.

In previous versions of Directory Server, the replication protocols that were used to transmit entries and updates between suppliers and consumers were highly latency-sensitive, because the supplier would send only one update operation, then wait for a response from the consumer. This led to reduced throughput with higher latencies.

Since version 7.1, the supplier sends many updates and entries to the consumer without waiting for a response. Thus, on a network with high latency, many replication operations can be in transit on the network, and replication throughput is similar to that which can be achieved on a local area network.

NOTE:

If a supplier is connected to another supplier running an earlier version of Directory Server, it falls back to the old replication mechanism for compatibility. It is therefore necessary to run at least version 7.1 on both the supplier and consumer servers in order to achieve the benefits of the new latency-insensitive replication.

There are both performance and security issues to consider for both the Directory Server and the efficiency of the network connection:

•Where replication is performed across a public network such as the Internet, the use of SSL is highly recommended. This guards against eavesdropping of the replication traffic.

•When creating agreements for replication over a wide-area network, avoid constant synchronization between the servers. Replication traffic could consume a large portion of the bandwidth and slow down the overall network and Internet connections.

•When initializing consumers, do not to initialize the consumer immediately; instead, utilize file system replica initialization, which is much faster than online initialization or initializing from file. Refer to the HP-UX Directory Server administrator guide for information on using filesystem replica initialization.

Use replication to prevent the loss of a single server from causing the directory service to become unavailable. At a minimum, replicate the local directory tree to at least one backup server.

Some directory architects argue that information should be replicated three times per physical location for maximum data reliability. The extent to use replication for fault tolerance depends on the environment and personal preferences, but base this decision on the quality of the hardware and networks used by the directory service. Unreliable hardware requires more backup servers.

NOTE:

Do not use replication as a replacement for a regular data backup policy. For information on backing up the directory data, refer to the HP-UX Directory Server administrator guide.

To guarantee write-failover for all directory clients, use a multi-master replication scenario. If read-failover is sufficient, use single-master replication.

LDAP client applications can usually be configured to search only one LDAP server. Unless there is a custom client application to rotate through LDAP servers located at different DNS host names, the LDAP client applications can only be configured to look up a single DNS host name for a Directory Server. Therefore, it is probably necessary to use either DNS round-robins or