T 2.124 Lack of, or inadequate, planning of partitioning and replication in the directory service

Two essential aspects when planning the use of a directory service are the partitioning and replication processes. Partitioning is the process of distributing the directory data of a directory service among separate areas (partitions). Not every partitioning scheme can be implemented as desired, and the scheme must follow certain rules that are based on the logic of the hierarchical tree structure.

The replication of the partitions of the directory service serves primarily to increase the availability of the directory system and for the purpose of load distribution. Redundant data storage also improves the reliability. For this reason, planning is critically important because it may be possible to subsequently change the partition and replication settings, but such changes can lead to inconsistencies under certain circumstances.

When changes are made to the directory service, it takes a certain amount of time until the new settings are installed everywhere because the directory service is distributed among several different systems. This can result in a time frame in which the directory service is inconsistent. Such inconsistencies can be a problem, especially in the definitions of authentication data or with the data access rights to directory service objects, for example.

The partitions defined for the directory service can have a direct impact on the replication activities of the overall system. If planned inadequately, then a flat tree structure, for example, could create very large replication rings. For example, if a replication ring is very large, then there will be a certain risk that at least one server in the ring will not be accessible for some time, which can then lead to the generation of error and status messages on every other directory service server in the replication ring. Such error and status messages can lead to an increase in the time and effort required for the administration of a large portion of the directory tree.

Furthermore, incorrect or inadequate planning of the partitions and replication of the directory service can also lead to losses of data as well as to inconsistencies in the data stored, to poor availability of the directory service, to a lower overall system performance, and possibly even to system failures.