Isode Products

M-Vault Directory

 

Replication

A key benefit of M-Vault is the ability to replicate data. X.500 DISP (Directory Information Shadowing Protocol) provides flexible replication with the following features:

  • Total and incremental replication.
  • Initiation by consumer or supplier.
  • Attribute filtering.
  • On demand replication, or timed scheduling options.
  • Operator requested connections.
  • Automatic recovery from inconsistencies.
  • Control of data to be shadowed.
  • Secondary shadowing, so that data may be replicated over multiple hops.

M-Vault provides easy to set up replication, with flexible control of the replication options.

In order to support replication of data with directory servers that do not support X.500 DISP, Isode's Sodium Sync product should be used. The merits of different approaches to replication is discussed in the Isode White Paper Replicating and Synchronizing Data Between Directory Servers.

Data Distribution

The real power of an X.500 directory is the ability of the servers, or Directory System Agents (DSAs), to perform distributed operations on behalf of client applications. Distributed operations are handled by the Directory System Protocol (DSP), as defined in X.518 and X.519. DSP enables a set of DSAs to appear as a single, coherent directory service, but leverage the benefits of distribution of information.

The configuration of the directory is controlled by knowledge information, which is the mechanism that enables the location of data in the various DSAs to be represented in the directory. The X.500 specifications define a range of knowledge features that enable a distributed directory. The M-Vault directory server provides support for subordinate references and cross-references. In addition, the server is capable of dynamically learning about other servers and automatically constructing knowledge references to those servers. This functionality is core to the operation of an X.500 based directory.

M-Vault also has the unique ability to include LDAP only servers in the distributed directory using LDAP chaining.


Integrating Directory Servers

Using DSP one server can access information held in another via the network. A real world example of this could be where different departments manage and administer their own data in a local M-Vault server. When a user in one department queries their server for data in another department, M-Vault will use its knowledge to access the appropriate remote server to satisfy the query.

Where departments implement an LDAP only server M-Vault can be used to connect these to a X.500 distributed directory. It does this by converting X.500 requests to LDAP requests (and vice versa) as necessary. Clients of the LDAP only server access the wider directory by following a referral to an M-Vault server from the LDAP directory. Similarly clients of servers in the wider directory can access data in LDAP only servers as M-Vault can convert any incoming X.500 to an LDAP request and then pass that request along. Further details of the M-Vault's ability to provide access to a distributed directory for LDAP clients and servers can be found in the M-Vault Connector product page.

 

 
Copyright © 2008 Isode privacy   feedback Subscribe to our rss newsfeed