How can an existing directory deployment be reviewed to highlight improvements
search cancel

How can an existing directory deployment be reviewed to highlight improvements


Article ID: 55144


Updated On:


CA Directory CA Security Command Center CA Data Protection (DataMinder) CA User Activity Reporting



Suggestions on reviewing and improving and existing Directory implementation.


Review the Hardware Configuration


  • Appropriate server and disk sizing: Enough CPUs, Disks, RAM.

  • Adequate capacity planning for future growth: Estimate current growth and predict when the existing system will be over loaded.

  • Options for increasing performance by adding hardware: Can the backplane/chassis accommodate additional CPUs, Disks, RAM.

Review the Network Configuration and Monitoring


  • Adequate bandwidth. Normally LDAP operations are small, however if large binary object are stored in the directory or there are many applications or concurrent connections bandwidth may cause a problem.

  • Low latency. High latency throttles response time in synchronous replicated environments.

  • If multiple NICs are configured then ensure both networks have been independently tested.
Review the OS configuration


  • Running processes on each server, in addition to eTrust Directory, these indicate if the box is not dedicated to DXserver. This may explain inconsistency in performance.

  • Check the OS scheduler doesn't contain batch jobs that require large resources, database reporting for example.

  • Disk striping/mirroring and RAID levels. If maybe possible to improve performance by changing these.

  • Disk fragmentation, another performance killer.

Review the Ingres configuration


  • Improvements in performance by adding locations, tuning the transaction log, tuning the DMF cache.

  • If journaling is enabled for disaster recovery.

  • If checkpoints are being taken regularly and how many are being kept both on disk and on tape.

Review the DXserver configuration


  • Holes in connectivity: How is the DXserver knowledge shared?

  • Failover: Are alternate DSAs defined?

  • Security: Are the security flags min-auth and auth-levels consistent across the backbone?

  • Performance Tuning: Is DXcache configured?

Review the DXserver Logs


  • Alarms and Warning indicating problems in configuration or operation.

  • The statistics logs over a 24 hour period. Graph each DSA log to show load profiles.

  • The query logs can be used to separately graph the profile of searches and updates.

  • The level of trace is not too high, choking performance.

Review the Disaster Recovery Plan and Operational Procedures


  • A disaster recovery plan exists and includes contingency for the directory servers.

  • Operational procedures include step-by-step instructions to perform: OS and Ingres backups/restores, DXserver management, Ingres management and tuning.

  • The operational team responsible for monitoring and managing the directory are sufficiently trained.

  • The DR plan and operational procedures are regularly tested.


Component: ETRDIR