IBM BS029ML Self Help Guide - Page 87
System requirements, Performance and availability, before
View all IBM BS029ML manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 87 highlights
System requirements It is important to conduct a preliminary review of your system hardware and software in both new and existing LDAP infrastructures to ensure that they meet the supported levels for WebSphere Portal Server. The InfoCenter is routinely updated with specific versions and recommended compatible levels of configuration, If you are considering an upgrade to your LDAP implementation, we advise you to refer to 3.1.1, "How do I prepare my system for installation" on page 56 before attempting an upgrade of your environment. Performance and availability WebSphere Portal Server provides you with the option of installing the LDAP server on the same server that WebSphere Portal Server will be housed; however, if performance is of utmost importance for your portal application(s), we recommend that you provide a separate physical server for your LDAP. High Availability: Single LDAP servers provide a single point of failure and therefore are not a feasible option for deployment on an enterprise scale. For many environments, high availability is not a option or exception. The goal of high availability without performance impact are challenges organizations continue to face. High availability for the LDAP server is best achieved by having an LDAP proxy that will forward back-end requests. WebSphere Portal Server provides the option of configuring fail-over capability natively through the WebSphere Member Manager component. If you plan to configure WebSphere Portal Server for LDAP failover, you should enable security with realms and modify the wmm.xml as part of the post configuration steps in the InfoCenter. By default, the Reuse connection parameter should be enabled in the WebSphere Application Server console, or failover will not occur successfully should the primary server suffer an outage. LDAP Schema Design: While it is possible to set up WebSphere Portal Server with only one user and one group, this is not advisable. The LDAP Schema Design and Directory Information Tree (DIT) should ideally be thoughtfully planned and agreed to by all stake holders in your organization before you even attempt installation, and certainly before this phase in your deployment. Improper design of your LDAP Schema can affect the lookup performance in your LDAP, which will directly affect your portal implementation. Read-Only LDAP: LDAP uses existing users in your registry, meaning the users and groups will need to be created before they can access the portal. Authentication with read-only LDAP is performed using LDAP binding. Connection to a read-only LDAP WebSphere Portal Server requires an LDAP bind ID with the ability to read and search for the users in the subset of the DIT. LDAP that allow write permissions: Allows users to create and modify their personal attributes in a directory. When write access is allowed, WebSphere Portal Server users can use such features as Self Registration and self-care to register accounts for themselves. Write privileges to the LDAP requires an LDAP bind ID to be created with the ability to write and search for the users in the subset of the DIT. Note: In both instances, the LDAP Bind ID created for use with WebSphere Portal Server does not need to be the root ID for the directory server; in fact, it should not be. LDAP Servers are oriented toward read-only operations and assume that information will be read from the LDAP server more than it is updated. Write operations will naturally be more expensive then read-only operations as a result and may require infrastructure changes to accommodate the cost. Review the documentation for your LDAP Server for discussion topics in this area. Chapter 3. WebSphere Portal installation 73