Download - OpenDS Primer Aquarium
A Primer on OpenDS
April 23, 2009
Ludovic PoitouOpenDS Community ManagerSun Microsystems, Inc.
OpenDS Primer – April 23, 2009 2
Who am I ?
• Ludovic Poitou• Software Architect
in the Directory Engineering team• Based in the Grenoble Engineering Center, France• Work on LDAP and Directory Services since 1996• Involved with OpenDS since project launch,
Community Manager since 2007.• http://blogs.sun.com/Ludo
OpenDS Primer – April 23, 2009 3
Agenda
• Introduction to the OpenDS Project• OpenDS 2.0• The Roadmap
OpenDS Primer – April 23, 2009 4
LDAP 10 years ago
• Email address book • White pages for Enterprises• Mostly Read Access
> Fast> Thousands read requests per second
• Small data sets> 100.000 user entries was BIG> 20 attributes was a lot
• Very infrequent changes> Less than10% writes
OpenDS Primer – April 23, 2009 5
Use of LDAP Today
• Tens of Millions of user entries• More data per users• More transient, writable data
> Authentication auditing> Web session cookies> Presence
• Mission critical applications> Telecom Operators, Financial institutions> Central security point
OpenDS Primer – April 23, 2009 6
The OpenDS project
• Released in Open Source> July 2006> CDDL> https://opends.dev.java.net/> https://www.opends.org/
• Written in Java
OpenDS Primer – April 23, 2009 7
The Community
• Sun driven development> Over 12 years of experience of LDAP and building
scalable servers> 41 committers
> 10 full time developers, 4 testers, 2 technical writers> Others are also working on Sun Directory Services products
• 21 External contributors• 330 registered users• Collaborating with other communities :
OpenDS Primer – April 23, 2009 8
OpenDS Goals
• A complete set of Directory Services> Directory Back-end database> Full LDAPv3 compliance and standard extensions> Multi-Master replication> Directory Proxy Services : load-balancing, data
distribution, security services> Virtual Directory Capabilities
• Horizontal and Vertical Scalability• Sun Directory Server Enterprise Edition will be
OpenDS based in the future
OpenDS Primer – April 23, 2009 9
Three Principles
• Ease of Use> Installation, Configuration, Management, Monitoring...
• Performance> Throughput> Response time> Determinism
• Extensibility> Many interfaces defined> Default implementation provided
OpenDS Primer – April 23, 2009 10
OpenDS 1.0
• Released in July 2008• Installs in 6 clicks and under 3 minutes• Embeddable in Java applications
> For a better out of the box experience> For better security, performance and availability
• Scriptable installations• Full LDAPv3 compliant + many extensions• Supports Multi-Master Replication• Sun OpenDS Standard Edition 1.0 as a supported
product
OpenDS Primer – April 23, 2009 11
OpenDS 1.2
• Released in February 2009.• Goal
> Deliver in OpenSolaris 2009.06 package repository
• Features> GUI for managing the server – Control Panel> SASL Security> Administration Connector> Access Control based on Security Strength factor> SVR4 packages, support for SMF and RBAC> Better performances
OpenDS Primer – April 23, 2009 12
OpenDS 2.0
OpenDS Primer – April 23, 2009 13
OpenDS 2.0
• Targetted for June 2009• Features:
> Assured Replication> International collation rules> Recurring tasks> SASL security with TLS> MySQL Cluster NDB back-end> Performances
• Sun OpenDS Standard Edition 2.0 for support
OpenDS Primer – April 23, 2009 14
Assured Replication
• Extension to the current Loose Consistency model• Make sure operation has been forwarded up to
other locations in the Replication topology BEFORE the LDAP client call returns
• No isolation of commits• Safe Data : Make sure data is safe on several
replicas• Safe Read : Make sure data can be read from a set
of given replicas• Best effort mode
OpenDS Primer – April 23, 2009 15
Assured Replication: Performances
• Throughput at constant CPU usage> Safe Data level 2 : 5 % cost> Safe Read 2 servers : 14 % cost
• Response time> Safe Data : 25% cost> Safe Read : 50% cost
• Safe Data with File system cache write is 70% faster than write to the disk with safe write cache
OpenDS Primer – April 23, 2009 16
International Collation Rules
• Unicode / UTF-8 support in standards Matching Rules
• Ability to Search / Sort / Index based on Local specific rules> Case folding handling and ordering is different in French
or Swedish> Provides better results for matching names according to
the Users' native language.
OpenDS Primer – April 23, 2009 17
Recurring Tasks
• Provides the ability to schedule regular tasks within OpenDS> Backup, Export but also Import, Restore
• Cron like syntax• Ability to view, cancel scheduled tasks• Example, automatic backup
> backup --recurringTask "00 * * * *" --backupDirectory /example/backup --backUpAll --backupID "Hourly"
OpenDS Primer – April 23, 2009 18
MySQL Cluster
• MySQL Cluster NDB is an in-memory, distributed, replicated database> Proven 99,999%
availability> Scales as you grow> Uses off-the-shelf
HW• OpenDS access directly
the Data Nodes
OpenDS Primer – April 23, 2009 19
MySQL Cluster NDB Back-end
• Alternate data storage back-end for OpenDS• Allows concurrent transactional access to the data
through LDAP, SQL or direct APIs• Gives consistent high performance throughput and
response times for read and write operations• Common data model for OpenDS and OpenLDAP
OpenDS Primer – April 23, 2009 20
OpenDS performances
• Huge effort done on code profiling and optimization> Refactor the Attribute API, the ASN1 encoding/decoding
library> Reduced copying> Reduced memory usage
• Results in> Improved scalability for large entries> lower response times> Higher throughput> Better determinism
OpenDS Primer – April 23, 2009 21
OpenDS performance
• Better out of the box configuration> Automatically tunes number of worker threads> Automatically tunes number of cleaner threads
• Remember: OpenDS default configuration is for developers' laptop. Tune settings for scaling:
https://www.opends.org/wiki/page/HowToTunePerformance
• Overall since 1.0:> About 4 time faster> Gained 2 to 3 Nine's in determinism> More robust write performances
OpenDS Primer – April 23, 2009 22
OpenDS 2.0 Performance figures
• Configuration> Sun X4150> 8 x Intel 3.2GHz> 64GB RAM
• Search rate> 8 clients / CPU 35% idle
> 15500 op/s
> 10% = 0.193417
> 50% = 0.223053
> 90% = 0.278756
> 99% = 0.362329
> 99.9% = 0.422575
> 99.99% = 35.5056
> 99.999% = 41.8817
> Average = 0.237412
• Modify rate> 2 clients / CPU 75% idle
> 4000 op/s
> 10% = 0.237901
> 50% = 0.288164
> 90% = 0.36565
> 99% = 0.486679
> 99.9% = 0.706433
> 99.99% = 11.1529
> 99.999% = 65.5304
> Average = 0.303045
> Internal disk> 10M 1.5K entries> Fully preloaded
OpenDS Primer – April 23, 2009 23
OpenDS Roadmap
OpenDS Primer – April 23, 2009 24
Roadmap
• Working on the release plan:> quartely “Express” releases> yearly “Product” releases
• OpenDS 2.2 planned for October 2009• OpenDS 3.0 planned for Mid 2010
OpenDS Primer – April 23, 2009 25
Feature-wise
• Publicly available ChangeLog• Transactions for LDAP• PassThrough authentication service with delegation
to LDAP and Kerberos• Improved ease of use• More monitoring and configuration GUI• Log analysis tools• More performance and scalability improvements
OpenDS Primer – April 23, 2009 26
More information
• OpenDS> http://www.opends.org/> https://www.opends.org/wiki/
• Sun OpenDS> http://wikis.sun.com/display/sunopends/Home
• Interested in OpenDS: Join our community> https://opends.dev.java.net/servlets/ProjectMembershipRequest
TEMPLATE –ENDING SLIDEWITHOUT PHOTO
A Primer on OpenDS
April 23, 2009
Ludovic [email protected]://blogs.sun.com/Ludo
27