[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Intense LDAP write operations

To: "Subbu K. k." <KKSUBRAMANIAM@novell.com>, TGullotta@access360.com, ietf-ldapext@netscape.com, Martin.Rahm@nokia.com
Subject: RE: Intense LDAP write operations
From: "Lloyd, Alan" <Alan.Lloyd@ca.com>
Date: Fri, 9 Jun 2000 16:18:50 +1000

If you are worried about capacity and scaleability - well replicated systems
dont scale - Just consider the telephone system - we log on where we are and
use local calls, national calls and long distance calls - ie the
authentication base is distributed. X.500 is a distributed system in that it
forms a distributed system infrastructure.. ie one does not need to
replicate AU to the US, US to the UK and so on..

It seems odd that one would put a billion objects in one server and then
have to replicate this all over the place? Becuase one could not have a
distributed system.

In addition the real test for a directory is not lots of objects that
replicate - its the ability to have these objects distributed  - as well as
having a distributed service that can handle high user concurrency - eg 100s
of Ms of users - all logging on in seconds and all wanting directory service
information...in seconds.

In terms of design - with multi LDAP/DAP/DSP/DISP backbone load balancing /
alternate DSA modules - coupled to DSA processes, with one or more DBs, etc
- we can do fault tolerant, load balancing distributed/replicated meshed
based global directory services and integrate LDAP servers. So the issues of
read/write requirements is met in the operation system design of the
directory service..


Replicated systems... one only does this for fault tolerance.. If you
replicate names/passworrd/certs/CRLs, ACI for millions of entries all over
the world then - one will have a considerable security issue to deal with..

regards alan

-----Original Message-----
From: Subbu K. k. [mailto:KKSUBRAMANIAM@novell.com]
Sent: Thursday, June 08, 2000 7:33 PM
To: TGullotta@access360.com; ietf-ldapext@netscape.com;
Martin.Rahm@nokia.com
Subject: RE: Intense LDAP write operations


Not really. It is just that when you have millions of objects, they tend to
be read much more often than modified. For instance, when a user object is
created, it is read thousands of times before it gets updated.
Operationally, NDS does update its database internally for its replication
status etc. The last login time attribute does get updated for every login,
but this is an operational attribute.

NDS itself uses a transactional database to ensure full integrity and
incremental replication to ensure scalability. It has tested to hold more
than 1 billion objects on a single E450. As installed, it just takes less
than a megabyte for its database.

Subbu K. K.

>>> <TGullotta@access360.com> 06/07/00 09:08PM >>>
Subbu,

Has Novell done any benchmarks on read vs. write operations? It seems that
in a lot of directory implementations, although not every entry is being
updated that frequently, if you have a million or so users, just periodic
updates to entries could add up when you look at the total number of users.
I would think this is realistic. Is it a problem with NDS?

Tony Gullotta
Lead System Architect
access360


-----Original Message-----
From: Subbu K. k. [mailto:KKSUBRAMANIAM@novell.com] 
Sent: Wednesday, June 07, 2000 12:15 AM
To: ietf-ldapext@netscape.com; Martin.Rahm@nokia.com 
Subject: Re: Intense LDAP write operations


I dont think this was the sweet spot planned for directories. Writes would
entail applying locks on the data store which would impact the regular
search, retrieval and any sync operations. You also need to deal with
atomicity of updates to the group of attributes and the latency of
propagation of changes across multiple copies of the data store. A
transactional database may be a better choice.

Are you sure you need a directory service and not a transactional database
engine that supports LDAP in addition to SQL?

Subbu K. K
?---------------------------------------------
K. K. Subramaniam
Product Manager, Novell Directory Services (UNIX)
Novell

>>> <Martin.Rahm@nokia.com> 06/07/00 12:27PM >>>
Hi,

I am working on a problem where LDAP would be used to keep a directory with
user data.  One concern I have is that LDAP is supposed to be less efficient
when it comes to intense write operations.

Can LDAP handle millions of users data in a directory where some of the data
(a few attributes) needs to be updated very frequently?  How would that
affect performance and is LDAP effective when the searched data must be
returned prompty with very little delay?

If anyone has any comments on this, I would appreciate it,

Martin Rahm

Follow-Ups:
- RE: Intense LDAP write operations
  - From: "Alexis Bor" <alexis.bor@directoryworks.com>

Prev by Date: Private-Elite-Offshore-Banking-CyberClub
Next by Date: RE: Unidentified subject! LDAP updates
Index(es):
- Chronological
- Thread