THE MIGRATION
In order to exploit the superior features of Oracle
Internet Directory and Net8, ease network management, and lower administration
cost, Oracle strongly recommends customers migrate from Oracle Names
and TNSNAMES.ORA file to LDAP directory naming using Oracle Internet
Directory as soon as it is feasible. Oracle9i is the terminal
release of Oracle Names.
CHOOSING AN LDAP DIRECTORY
SERVER
It is important to choose the right software to power
your directory deployment. There are a number of directory server products
available on the market today from a variety of vendors, varying widely
in capabilities and cost. The challenge is to pick the right products
that will best meet your directory requirements and work well in your
environment. Choosing a directory that is not certified with or does
not support the applications and standards you need can lead to increased
costs for maintaining your services and all the applications that surround
it. Conversely, a directory server product that can accommodate 10%
more traffic at the high end may allow an organization to deploy five
LDAP servers instead of six, resulting in a potential saving of hundreds
of thousands of dollars over the lifetime of a service. Another factor
that makes choosing the right software crucial is that it can be expensive
and time-consuming to replace one software product with another - even
though open standards such as LDAP tend to reduce such cost.
Directory products tend to vary widely in their capabilities.
Although LDAP is a general-purpose protocol, the needs of one directory
deployment may be quite different from those of another. For example,
an LDAP server implementation that provides strong security features
might be well suited for deployment on the public Internet, whereas
another product that provides minimal security may be appropriate for
a small workgroup. Typically, though, the most stringent of the requirements
applicable to a given deployment tend to drive the choice of directory
server in most organizations.
There are several criteria in evaluating a directory
server:
- Core features
- Management features
- Reliability
- Performance and scalability
- Security
- Standards conformance
- Interoperability and vendor support
- Cost
- Flexibility and extensibility
Oracle certifies Oracle Internet Directory as the
LDAP directory to be used with Oracle Names, Net8, and the rest of the
Oracle product stack. OID is the most scaleable, reliable and secure
directory available on the market today. It has a growing list of supported,
certified vendors, and has already become the directory of choice for
most high-end, carrier-grade deployments. In addition, the newly-released
directory integration platform (March 2001) enables OID to synchronize
data with virtually any other source of directory data - whether it
is stored in an LDAP-compliant directory or not.
TOPOLOGY DESIGN
The directory service's topology describes the way
an organization divides its directory tree aiming physical servers and
how it allocates those servers among this organization's physical locations.
Making good choices about an organization directory topology will help
it achieve the best possible performance for its directory-enabled applications,
increase directory availability, and better manage the directory.
Depending on company's IT structure and responsibility
distribution, capabilities of directory software, and speed/traffic
of different location in the physical network, an organization can have
several different topology designs. Oracle Names customers can replicate
the domain structure used in Oracle Names, or can develop an entirely
different one depending on the companies' needs. In order to simplify
the migration procedure, Oracle recommends that customers take the opportunity
to redesign and simplify overly complex topologies prior to the migration
from Oracle Names, or if that is not possible, after the migration to
Oracle Internet Directory.
Below is an example of acme.com's topology. The hierarchical
directory information tree (DIT) of acme.com is partitioned into three
regions of North America, Asia Pacific, and European Union; each server
is responsible for one region. Please note the entry of a cn=OracleContext
entry is required to create and store all Oracle objects in Oracle Internet
Directory. Choosing locations for cn=OracleContext depends on how the
administration of the directory tree will be delegated.
ORACLE NAMES SERVER MIGRATION/TNSNAMES.ORA
FILE EXPORT
Oracle provides tools enabling you to export network
objects from Oracle Names server, or found in a TNSNAMES.ORA file, into
Oracle Internet Directory.
MIGRATING FROM ORACLE NAMES
SERVER
Three tasks need to be accomplished:
- Create structure in Oracle Internet Directory.
Net8 Configuration Assistant enables administrators to create an entry
called cn=OracleContext to store all Oracle objects in Oracle Internet
Directory. This can be done either during the installation or after
the installation.
- Obtain the list of objects to export: NAMESCTL
offers three commands to help with this task: LIST_DOMAINS, LIST_DELEGATED,
and LIST_OBJECTS.
- Export objects to Oracle Internet Directory: The
NAMESCTL utility exports network objects into the directory with the
DUMP_LDAP command, which enables administrators to export the objects
to an LDIF file or directly into Oracle Internet Directory. This command
allows administrators to export to either a similar DIT or a dissimilar
DIT.
EXPORTING THE TNSNAMES.ORA
FILE
A wizard in Net8 Manager enables administrators to
export net service names easily into Oracle Internet Directory. However,
the computer performing the export of data must be configured for server
directory access.
For more detailed descriptions about this migration,
please refer to the current version of Oracle8i Net8 Administrator's
Guide.
CLIENT MIGRATION
Two tasks for client migration need to accomplished:
first, to configure directory access on client using Net8 Configuration
Assistant. This procedure can be done either during the configuration
or after the configuration. Then, to choose LDAP as the first naming
method in a panel of Net8 Configuration Assistant.
However, given the logistical challenges associated
with migrating large number of client machines simultaneously, Oracle
recommends that high priority clients be migrated first, and the use
of Oracle Names Proxy, a new feature in Oracle9i, which gives customers
a grace period to migrate all the clients. This feature is especially
useful to customers with large numbers of Oracle clients.
COEXISTENCE ISSUES
Oracle recommends customers to migrate to our most
current release to exploit Oracle's new features and enhancements. However,
to provide interoperability with previous releases and facilitate migration,
Oracle provides some coexistence solutions:
- Oracle8i clients can connect to pre-Oracle8i databases;
- Pre-Oracle8i clients cannot use LDAP-compliant
directory naming for name resolution;
- Pre-Oracle8i clients can continue to use Oracle
Names to connect to Oracle8i databases, and the upcoming Oracle Names
Proxy to connect to Oracle9i databases.
CONCLUSION
The LDAP-compliant directory naming method has been implemented
in Oracle databases starting from Oracle8i Release 2. LDAP is the clear direction
for Oracle databases networking management and configuration. Oracle9i takes
a great step forward by enhancing several features in directory naming, which
is expected to reduce customer's Total Cost of Ownership (TCO) significantly.
In order to take advantage of these superior features, Oracle strongly recommends
customers to migrate from Oracle Names and TNSNAMES.ORA file to LDAP-compliant
directory naming at the first opportunity. The tools provided in Oracle9i facilitate
this migration in a seamless fashion.
| 
Bookmark
