Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Online users becoming less anxious over security, privacy
Windows exploit code coming
Patch Tuesday: What the experts say
Cisco says it may drop Tandberg
Cisco crafting telepresence Rosetta Stone
Facebook groups disrupted but not hijacked, Facebook says
NASA brings chemical sensor to iPhone
Cisco warns UC users of limited support for Windows 7
Novell adds debugger to Mono to help Windows apps get to Linux
Firefox, five years out of Phoenix's ashes, aims at mobile, video, offline
Twitter, LinkedIn link up on tweets
Microsoft, Novell say alliance still bearing fruit
VMware bolsters desktop virtualization product
Microsoft Exchange set; SharePoint, OCS to follow
Veterans agency looks beyond EMC for multi-million storage deal
/

How to avoid directory service headaches

Replication technology can bite users who are unaware of its limitations.

Today's breaking news
Send to a friendFeedback

By JOHN FONTANA
Network World, 09/06/99

While the impending release of Microsoft's Active Directory is shedding light on the potential of directory services, a few hidden potholes lay in wait for unsuspecting network architects.

One potential problem is multimaster replication, which is embraced by Microsoft, as well as Novell Directory Services (NDS). The feature is a big plus for administration and access, but it can foster issues of data integrity.

In a multimaster system, a number of directory replicas - with which administrators can update data and users can access information - are available throughout a network. The system provides fault tolerance, reduces WAN traffic and speeds performance by keeping information close to those who need it.

But the technology raises some issues. Because data can be updated and stored in multiple places, problems with data integrity can arise when two or more administrators make changes to the same information within a replication cycle.

If data is inaccurate, applications assuming integrity can malfunction or crash. Applications that demand data integrity are best run on top of transactional databases.

But users say the multimaster risks are small compared to the benefits.

"The beauty of multimaster replication is that you can lose connectivity and still work locally," says Peter Cruishank, network architect for the U.S. Navy, which uses NDS. "The multimaster feature is why we like NDS."

Multimaster issues are minimized by the fact that directory data is updated infrequently and by the low probability that two users will change the same data at the same time. Another strategy is keeping the number of administrators low.

"A lot of administrators with a lot of privileges can wreak havoc in a multimaster system," says Dan Blum, an analyst with The Burton Group. "You can propagate a lot of damage."

Collisions between directory updates are an inherent problem in multimaster systems, according to Blum. The best way to avoid the problem is to shorten replication cycles, but that can increase network costs, he says.

Microsoft and Novell attack the problem in different ways. Active Directory uses an Update Sequence Number system, which assigns a number to each update and uses that number to determine the most current data. Lotus Notes uses a similar approach. Novell time-stamps each update and uses the time to propagate changes.

"We acknowledge that you cannot, in practice, ensure a winner or loser for conflicting updates, unless you are accurately in sync with time," says Peter Houston, lead product manager for Active Directory. "What we do ensure is data integrity. There is zero chance in Active Directory that an attribute will have two different values."

With NDS, if server clocks are out of sync, conflicts can arise as to which server made the last update. If server clocks are so out of sync as to overlap replication cycles, problems can arise with data integrity.

"Our Time Sync feature ensures that all servers are basically set at the same time," says Blair Thomas, NDS marketing manager. "It's a very resilient system."

Most NDS users check critical systems daily to ensure synchronization; that is a duty Active Directory users will need to learn. Currently, NT domains use a single master system.

"Novell's Time Sync is complex and requires a lot of planning," says Neil MacDonald, an analyst with Gartner Group. "Microsoft took a pragmatic approach."

But with either approach, administrators shouldn't ignore the pitfalls as they explore the benefits of multimaster replication.

RELATED LINKS

Contact Senior Editor John Fontana

Other recent articles by Fontana

Download Microsoft's Active Directory Strategy white paper
Includes multimaster replication details.

Novell's NDS Reviewer's Guide
Outlines multimaster replication features.

Sign up for our new directory services newsletter.
Dave Kearns, author of Network World's "Wired Windows" column, delivers news and tips about directory services right to your desktop.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.