Implementing NDS on Various Sizes of Networks

Small-sized networks are commonly site-, workgroup-, and department- oriented in structure. They are easily managed by a system-wide administrative group with central management at the organizational and departmental levels.

The Directory tree begins with a single Organization object with few or no Organizational Unit objects below. If Organizational Units exist, they are based on functional groups, projects, departments, etc., within a single site.

Resources are usually shared by all network users and groups.

Although small-sized business might be restricted to a single- or multiple- segment LAN, time services is still important.

A Single Reference time server is usually adequate for LAN-based networks. The Single Reference time server is monitored and periodically adjusted for time by the network supervisors.

All other servers in the network are designated as Secondary time servers.

Workgroup boundaries generally determine the number of partitions required in a tree. You should partition your tree in relation to the use and physical location of network resources. You should create partitions only if they provide better performance or fault tolerance to the network and tree. Small networks may not require partitioning.

If you think it is necessary, create a small number of partitions at the top levels of the tree.

Each server on the network should contain all the resources needed at its location, because small-network users rarely connect to servers at other locations. Replicas, in this case, will most likely not decrease WAN traffic.

However, replicas provide fault tolerance. You should copy two to three replicas of each partition somewhere on the network to provide fault tolerance.

Medium-sized networks are commonly workgroup- and department- oriented in structure. They are typically managed by a central, system-wide administrative group and department network supervisors.

The Directory tree begins with a general Organization object that has multiple Organizational Unit objects below. Organizational Units are based on functional groups, projects, departments, etc.

In the Organization object and high-level Organizational Units are enterprise resources that are managed centrally, including the following:

Create User objects for centralized supervisors and Organizational Unit (OU) supervisors within their respective container objects. The OU-level supervisors are often department network supervisors.

Centralized supervisors are responsible for general network management and overall support for the Directory tree. OU-level supervisors are responsible for day-to-day tasks, such as User object and resource management and local server backup.

Centralized management helps facilitate the implementation of network- wide standards. You should create and distribute a standards document for the entire network before implementing NDS.

Because many medium-sized networks maintain some level of WAN connectivity, time services support is an important consideration.

A Single Reference time server is usually inadequate for networks that have WAN connections. You should use a group of Primary time servers as the basis for network time services.

Determine which servers within your organization provide system-wide services, such as directories or applications that are accessed by multiple departments or the entire organization.

Choose a limited number from the group of servers you identified to be installed as Primary time servers. Limiting the number of Primary time servers to a select few minimizes the network traffic used when the time servers vote on the current time. Typically, you should have one or two Primary time servers at each location on the network.

Set up remaining servers as Secondary time servers.

Partitioning medium-sized networks should follow the structure of your Organizational Unit objects. You might want to create a partition for each high-level Organizational Unit in the tree.

This allows each partition to contain all the resource objects that a particular department needs to access. Place the [Root] and Organization objects in the same partition.

Create replicas to ensure adequate redundancy of critical partitions. Determine which servers within your organization provide system-wide services, such as applications that are accessed by multiple departments or the entire organization.

Place replicas of the partitions that include these critical servers on other servers in different locations on the network. This allows all users to authenticate to an enterprise resource without increasing network traffic.

For servers that provide local services, place replicas of the partitions that include them on other local servers.

If only one server exists at a location, place a replica of the partition that includes the server on a server in a different location. Provide additional replicas if possible.

The Directory tree begins with a general Organization object that has multiple Organizational Unit objects below. Organizational Units are based on functional groups, projects, departments, etc., and also on-site locations such as cities or countries.

Large networks typically require both system-wide administrative groups with central management at the organizational and departmental levels and site-based administrative groups that manage local resources and objects.

Large networks typically have a number of high-level divisions within the organization that form the top level of Organizational Units. Most of these divisions are divided into subdepartments which form a second level of Organizational Units. A third level of Organizational Units might consist of locations or functional groups.

Because most large-sized networks maintain high levels of WAN connectivity, which span time zones and international datelines, time services support requires careful planning.

It is critical to have a constant reference of time in order for NDS synchronization to take place. Time is also important to the proper execution of certain events and features, such as network backups and time-based security.

You should use one Reference time server and a group of Primary time servers as the basis for network time services. This ensures that a proper and accurate time reference is available at all times.

Determine which servers within your organization provide system-wide services, such as directories or applications that are accessed by the entire organization. From the servers you identify, select one to function as the Reference time server and set up the others as Primary time servers.

Each geographically distinct site should have at least one Primary time server.

All other NetWare servers in the network should be set up as Secondary time servers.

The Reference time server should be adjusted periodically by an outside time source, possibly the U.S. Naval Observatory Clock in Annapolis, Maryland.

Partitioning of large-sized networks should follow a multi-tiered partition plan.

Each division-level Organizational Unit has its own partition representing that container and its objects. Each lower-level Organizational Unit is the root for a partition that includes itself and all the other container and leaf objects beneath it in that branch of the tree.

The [Root] and Organization objects should form one partition. This partitioning structure ensures that all the critical access points in the tree are available and can be replicated for redundancy.

Create replicas to ensure adequate redundancy of critical partitions. Determine which servers within your organization provide system-wide services, such as applications that are accessed by multiple departments or the entire organization.

Place replicas of the partitions that include these critical servers on other servers in different locations on the network. This allows all users to authenticate to an enterprise resource without increasing network traffic.

For servers that provide local services, place replicas of the partitions that include them on other local servers.

If only one server exists at a location, place a replica of the partition that includes the server on a server in a different location. Provide additional replicas if possible.

For added security and fault tolerance, place a read/write replica of each partition on a server at the Organization object level of each Directory tree. This enables the central network management staff to maintain a complete Directory database in one location.

Make sure that every partition has a sufficient number of replicas available on the network, including replicas on appropriate distant servers, to ensure fault tolerance and to decrease WAN link traffic.

Most replicas should be located on servers within the main corporate network, except for other locations that have multiple servers. In these cases, replicas of the appropriate partitions are located on all these servers.