Manuals / Sun Microsystems / Computer Equipment / Server

Sun Microsystems 8190994 manual Migration Scenarios, Migrating the Consumers

Models: 8190994

1 148

Download 148 pages 5.33 Kb

Page 54

Migration Scenarios

Advantages of an all-master topology include the following:

■Availability. Write traffic is never disrupted if one of the servers goes down.

■Simplicity. In an all-master topology, there is no need to set up referrals to route reads and writes to different servers.

There may be reasons that an all-master topology is not viable in a specific deployment. For example, fractional replication cannot be used in an all-master topology because fractional replication is only supported from masters to consumers.

Migration Scenarios

This section provides sample migration scenarios for a variety of replicated topologies.

Migrating a Replicated Topology to an Identical

Topology

Before you start migrating replicated servers, determine whether your deployment might not be better served by changing the architecture of the topology. This section describes how to migrate if you want to keep your existing topology. Migrating a replicated topology to an identical topology, involves migrating the consumers, then the hubs, then the masters. The following sections demonstrate a sample migration of a simple multi-master topology.

Migrating the Consumers

For each consumer in the replicated topology:

1.Reroute clients to another consumer in the topology.

2.Disable any replication agreements to the consumer you want to migrate.

3.Stop the consumer.

4.Migrate the consumer according to the instructions under Chapter 1.

5.Start the consumer.

6.Enable the replication agreements from the hubs to that consumer.

7.If you have migrated the data, check that replication is in sync.

8.If you have not migrated the data, reinitialize the consumer.

9.Reroute clients back to the consumer.

The following sequence of diagrams illustrate the migration of a consumer, as described above. The first diagram shows the version 5 topology before the migration.

54	Sun Java System Directory Server Enterprise Edition 6.0 Migration Guide • March 2007

Sun Confidential: Registered

Image 54

Sun Microsystems 8190994 manual Migration Scenarios, Migrating a Replicated Topology to an Identical Topology

Contents

Sun Microsystems, Inc 4150 Network Circle Santa Clara, CA U.S.A Enterprise Edition 6.0 Migration GuideSun Java System Directory Server Sun Confidential RegisteredSun Confidential Registered This distribution may include materials developed by third parties1 Overview of the Migration Process for Directory Server Contents2 Automated Migration Using the dsmig Command 3 Migrating Directory Server ManuallyMigrating the Schema Manually New Plug-Ins in Directory Server 7 Migrating Identity Synchronization for Windows Index ContentsSun Confidential Registered Sun Confidential Registered Migrating a Multi-Master Replication Deployment FiguresMigrating a Single-Host Deployment Migrating a Multi-Host Deployment with Windows NTSun Confidential Registered Tools Previously Under ServerRoot/shared/bin TablesMapping Between 5 and 6.0 Password Policy Attributes Location of Certificate and Key FilesTables Sun Confidential Registered Sample Export Configuration FileExamples EXAMPLESun Confidential Registered Before You Read This Book PrefaceWho Should Use This Book How This Book Is OrganizedDirectory Server Enterprise Edition Documentation Set TABLE P-1 Directory Server Enterprise Edition DocumentationContinued Related ReadingTABLE P-1 Directory Server Enterprise Edition Documentation http//docs.sun.com/coll/DirEdit05q1Default Paths and Command Locations Default PathsRedistributable Files Sun Confidential Registered TABLE P-2 Default PathsJava Enterprise System installer, the default install-path is of Directory Server or Directory ProxyCommand Locations TABLE P-3 Command LocationsContinued Typographic ConventionsTABLE P-3 Command Locations TABLE P-4 Typographic ConventionsSymbol Conventions Shell Prompts in Command ExamplesSymbol Conventions ContinuedDocumentation, Support, and Training Third-Party Web Site ReferencesSearching Sun Product Documentation Sun Welcomes Your Comments “Before You Migrate” on page Overview of the Migration Process for Directory ServerBefore You Migrate “Deciding on the New Product Distribution” on pagePrerequisites to Migrating a Single Directory Server Instance From Prerequisites to Migrating a Single Directory Server Instance FromBefore You Migrate Deciding on the New Product Distribution Outline of Migration StepsDeciding on Automatic or Manual Migration TABLE 1-1 Migration Matrix Showing Support for Automated Migration“Using dsmig to Migrate Security Data” on page Automated Migration Using the dsmig Command“Using dsmig to Migrate the Schema” on page “Using dsmig to Migrate Configuration Data” on pageUsing dsmig to Migrate the Schema Prerequisites for Running dsmig$ dsmig migrate-config old-instance-path new-instance-path Using dsmig to Migrate Security DataUsing dsmig to Migrate Configuration Data $ dsmig migrate-security old-instance-path new-instance-pathPlug-in Configuration Data Chained Suffix Configuration DataConfiguration Data for o=netscapeRoot Configuration Data For Suffixes With Multiple BackendsReplication Configuration Data Configuration Attributes Not Migrated by dsmignsabandonedsearchcheckinterval Using dsmig to Migrate User Data Tasks to be Performed After Automatic Migration$ dsmig migrate-data old-instance-path new-instance-path Sun Confidential Registered “Migrating Security Settings Manually” on page “Migrating the Schema Manually” on page“Migrating Configuration Data Manually” on page Migrating Directory Server ManuallyMigrating the Schema Manually Migrating Configuration Data ManuallyMigration of Specific Configuration Attributes Global Configuration Attributes Migrating Configuration Data ManuallyChapter 3 Migrating Directory Server Manually Security Configuration Attributes Feature Configuration AttributesMapping Tree Configuration Attributes Replica Configuration Attributes Replication Configuration AttributesFractional Replication Configuration Attributes Change Log AttributesPassword Policy Configuration Attributes Replication Agreement ConfigurationTABLE 3-3 Mapping Between 5 and 6.0 Password Policy Attributes SNMP Attributes UniqueID Generator Configuration AttributesDatabase Configuration Attributes TABLE 3-3 Mapping Between 5 and 6.0 Password Policy AttributesChained Suffix Attributes 7-Bit Check Plug-In Plug-In Configuration AttributesClass of Service Plug-In DSML Frontend Plug-InReferential Integrity Plug-In Pass Through Authentication Plug-InPassword Synchronization Plug-In Retro Change Log Plug-InMigrating Security Settings Manually Migrating User Data Manually Migrating User Plug-Ins Manually Tasks to be Performed After Manual MigrationMigrating User Plug-Ins Manually Overview of Migrating Replicated Servers “Issues Related to Migrating Replicated Servers” on pageMigrating a Replicated Topology “Overview of Migrating Replicated Servers” on pageMigration of Replication Agreements Issues Related to Migrating Replicated ServersIssues With the New Password Policy Migration of ReferralsManual Reset of Replication Credentials Problems Related to Tombstone PurgingNew Replication Recommendations Migration Scenarios Migrating a Replicated Topology to an Identical TopologyMigrating the Consumers Migration Scenarios FIGURE 4-1 Existing version 5 TopologyFIGURE 4-2 Isolating the Consumer From the Topology Chapter 4 Migrating a Replicated TopologyThe next step involves migrating the version 5 consumer Migrating the Hubs Migration Scenarios FIGURE 4-5 Existing version 5 Topology With Migrated ConsumersFIGURE 4-6 Isolating the Hub From the Topology 6.0 Consumer BMigration Scenarios The next step involves migrating the version 5 hubFIGURE 4-7 Migrating the version 5 Hub Chapter 4 Migrating a Replicated TopologyMigrating the Masters 9. If you have migrated the data, check that replication is in sync FIGURE 4-11 Migrating the version 5 Master The next step involves migrating the version 5 masterFIGURE 4-10 Isolating the Master From the Topology Migration ScenariosMigrating a Replicated Topology to a New Topology Migrating All the Servers FIGURE 4-13 Existing version 5 TopologyPromoting the Hubs FIGURE 4-14 Existing Topology With Migrated ServersPromoting the Consumers FIGURE 4-15 Migrated Topology With Promoted Hub ReplicasMigrating Over Multiple Data Centers Sun Confidential Registered “Changes to ACIs” on page “Command Line Changes” on page Changes in the Administration Framework“Changes in the Administration Framework” on page “Changes to the Console” on page “New Password Policy” on pageChanges in the ACI Scope Changes to ACIsRemoval of the o=netscapeRoot Suffix Changes in Suffix-Level ACIsCommand Line Changes Continued TABLE 5-1 Directory Server 5 and 6 commandsVersion 6.0 Command Sun Confidential RegisteredTABLE 5-3 Version 5 Commands That Have Been Deprecated Deprecated CommandsTABLE 5-1 Directory Server 5 and 6 commands ContinuedNew Password Policy Changes to the ConsolePassword Policy Compatibility The pwd-compat-mode property can have one of the following values Changes to Plug-Ins New Plug-Ins in Directory ServerChanges to the Installed Product Layout Plug-Ins Deprecated in Directory ServerChanges to the Plug-In API Online Help Previously Under ServerRoot/manual Administration Utilities Previously Under ServerRootBinaries Previously Under ServerRoot/bin Libraries and Plug-Ins Previously Under ServerRoot/libPlug-Ins Previously Under ServerRoot/plugins Utilities Previously Under ServerRoot/shared/binContinued Certificate and Key FilesTABLE 5-5 Tools Previously Under ServerRoot/shared/bin TABLE 5-6 Location of Certificate and Key FilesServer Instance Subdirectories Silent Installation and Uninstallation TemplatesServer Instance Scripts Previously Under ServerRoot/slapd-ServerID“Mapping the Connection Pool Configuration” on page Mapping the Global Configuration“Mapping the Global Configuration” on page “Mapping the Groups Configuration” on pageMapping the Global Configuration Mapping the Global Security Configuration Access Control on the Proxy Configuration Managing CertificatesTABLE 6-2 Mapping of Security Configuration Mapping the Connection Pool Configuration TABLE 6-3 Mapping of Connection Pool AttributesMapping the Groups Configuration Mapping the Group ObjectMapping the Network Group Object CONNECTION-HANDLER-NAME is-ssl-mandatorytrueCONNECTION-HANDLER-NAME is-ssl-mandatoryfalse This functionality exists but with less granularity than in Mapping Bind ForwardingSet this as a property for a specific listener port by using Directory Proxy Server 5. Set this limit as a property for aMapping Operation Forwarding Connection Handler Property Settings$ dpconf help-properties grep request-filtering-policy Mapping Subtree Hiding Mapping Search Request Controls$ dpconf help-properties grep resource-limits-policy Mapping Compare Request Controls Mapping Attributes Modifying Search RequestsMapping Attributes Restricting Search Responses $ dpconf help-properties grep search-data-hiding-ruleMapping the Referral Configuration Attributes Directory Proxy Server 5 AttributesDirectory Proxy Server 6.0 Properties Mapping the Server Load Configuration Mapping the Properties Configuration Attribute Renaming PropertyForbidden Entry Property LDAP Server Property $ dpconf help-properties grep ldap-data-sourceSource” in Sun Java System Directory Server Load Balancing PropertyEnterprise Edition 6.0 Administration Guide Sun Confidential RegisteredEnterprise Edition 6.0 Administration Guide Monitoring Backend ServersSearch Size Limit Property Log Property$ dpconf set-access-log-prop PROPERTYVALUE TABLE 6-17 Version 5 and Version 6 Log FunctionalityMapping the Events Configuration Mapping the Events ConfigurationMapping the Actions Configuration Properties“Migration Overview” on page “What to Do if the 1.1 Uninstallation Fails” on pageMigrating Identity Synchronization for Windows “Before You Migrate Identity Synchronization for Windows” on pageMigration Overview Before You Migrate Identity Synchronization for WindowsExporting Version 1.1 Configuration Preparing for Identity Synchronization for Windows MigrationUsing the export11cnf Utility Inserting Clear-Text PasswordsSample Export Configuration File cleartextPassword=Continued index=0 location=ou=people,dc=example,dc=com filter=Continued TopologyHost TopologyHostAttributeMap AttributeDescription parent.attr=SunAttribute EXAMPLE 7-1 Sample Export Configuration FileContinued name=uniquemember syntax=1.3.6.1.4.1.1466.115.121.1.25INSERT PASSWORD BETWEEN THE DOUBLE QUOTES IN THE ABOVE ContinuedUsing the checktopics Utility Checking for Undelivered Messages2 Wait until the messages are applied to the destination connector To Clear Messages2 From a command prompt, type the subcommand as follows 1 Open a Terminal window and cd to the migration directoryForcing Password Changes on Windows NT Migrating Your SystemPreparing for Migration Use the following procedure to prepare for migration to versionPreparing to migrate from version 1.1, and 1.1 SP1, to version 2 Export your version 1.1 configuration settings to an XML file3 Add passwords to the exported XML file 7 On Windows NT only, perform the following steps b. Save the NT Change Detector Service counters5 Verify that your system is in a stable state i. Open the Registry Editor by executing regedt32.exeOn Solaris Type serverRoot \/slapd-hostname \/restart-slapd Uninstalling Identity Synchronization for WindowsTo Uninstall Identity Synchronization for Windows Version On Windows Type serverRoot\\\slapd- hostname\\\restart-slapd.batOn Solaris or SPARC Type ./runUninstaller.sh On Windows Type \\runUninstaller.batInstalling or Upgrading the Dependent Products Installing Identity Synchronization for WindowsTo install the Identity Synchronization for Windows 6.0 components cd serverRoot\isw-hostname\bin idsync prepds arguments\9 Start the service and the synchronization “Manually Uninstalling 1.1 Core and Instances from Solaris” on page What to Do if the 1.1 Uninstallation FailsManually Uninstalling 1.1 Core and Instances from Solaris “Manually Uninstalling a 1.1 Instance from Windows NT” on pageTo Manually Uninstall Core From a Solaris Machine etc/init.d/imq stop4 Remove the Directory Server Plugin f. Stop Directory Server h. Restart Directory Server5 Back-up copy and rename the current productregistry file located in 8 Clean up the configuration directory as follows a. Remove all the Console jar files by typing Manually Uninstalling 1.1 Core and Instances from Windows10 Clean up all other Console-related files as follows b. Remove all the Console servlet jar files by typingTo uninstall Core from a Windows 2000 machine serverRoot\isw-hostname\Core and Instances from Windows 2000” on page net stop slapd-myhostnameb. Select Registry →Export Registry File from the menu bar 4 In the Registry Editor, select Edit →Delete from the menu bar8 Clean up the configuration directory as follows Manually Uninstalling a 1.1 Instance from Windows NT serverRoot\\\isw-hostname\ a. Open the Services window, right-click on Change Detector Service and select Properties a. Select the registry key entry in the left pane Other Migration Scenarios 9 Remove the Password Filter DLL10 Restart your machine for all changes to take effect Multi-Master Replication Deployment “Multi-Master Replication Deployment” on page“Multi-Host Deployment with Windows NT” on page Multi-Host Deployment with Windows NT Three hosts are used in this deployment scenario A Windows NT systemA host for all other components Password Changes on Both Directory Server Masters are Lost FIGURE 7-3 Migrating a Multi-Host Deployment with Windows NTChecking the Logs Index instance-path Page XML configuration documents Continued