OpenDS Primer Aquarium

A Primer on OpenDS

April 23, 2009

Ludovic PoitouOpenDS Community ManagerSun Microsystems, Inc.

OpenDS Primer – April 23, 2009 2

Who am I ?

• Ludovic Poitou• Software Architect

in the Directory Engineering team• Based in the Grenoble Engineering Center, France• Work on LDAP and Directory Services since 1996• Involved with OpenDS since project launch,

Community Manager since 2007.• http://blogs.sun.com/Ludo


Agenda

• Introduction to the OpenDS Project• OpenDS 2.0• The Roadmap


LDAP 10 years ago

• Email address book • White pages for Enterprises• Mostly Read Access

> Fast> Thousands read requests per second

• Small data sets> 100.000 user entries was BIG> 20 attributes was a lot

• Very infrequent changes> Less than10% writes


Use of LDAP Today

• Tens of Millions of user entries• More data per users• More transient, writable data

> Authentication auditing> Web session cookies> Presence

• Mission critical applications> Telecom Operators, Financial institutions> Central security point


The OpenDS project

• Released in Open Source> July 2006> CDDL> https://opends.dev.java.net/> https://www.opends.org/

• Written in Java

https://opends.dev.java.net/

https://www.opends.org/


The Community

• Sun driven development> Over 12 years of experience of LDAP and building

scalable servers> 41 committers

> 10 full time developers, 4 testers, 2 technical writers> Others are also working on Sun Directory Services products

• 21 External contributors• 330 registered users• Collaborating with other communities :


OpenDS Goals

• A complete set of Directory Services> Directory Back-end database> Full LDAPv3 compliance and standard extensions> Multi-Master replication> Directory Proxy Services : load-balancing, data

distribution, security services> Virtual Directory Capabilities

• Horizontal and Vertical Scalability• Sun Directory Server Enterprise Edition will be

OpenDS based in the future


Three Principles

• Ease of Use> Installation, Configuration, Management, Monitoring...

• Performance> Throughput> Response time> Determinism

• Extensibility> Many interfaces defined> Default implementation provided


OpenDS 1.0

• Released in July 2008• Installs in 6 clicks and under 3 minutes• Embeddable in Java applications

> For a better out of the box experience> For better security, performance and availability

• Scriptable installations• Full LDAPv3 compliant + many extensions• Supports Multi-Master Replication• Sun OpenDS Standard Edition 1.0 as a supported

product


OpenDS 1.2

• Released in February 2009.• Goal

> Deliver in OpenSolaris 2009.06 package repository

• Features> GUI for managing the server – Control Panel> SASL Security> Administration Connector> Access Control based on Security Strength factor> SVR4 packages, support for SMF and RBAC> Better performances


OpenDS 2.0


OpenDS 2.0

• Targetted for June 2009• Features:

> Assured Replication> International collation rules> Recurring tasks> SASL security with TLS> MySQL Cluster NDB back-end> Performances

• Sun OpenDS Standard Edition 2.0 for support


Assured Replication

• Extension to the current Loose Consistency model• Make sure operation has been forwarded up to

other locations in the Replication topology BEFORE the LDAP client call returns

• No isolation of commits• Safe Data : Make sure data is safe on several

replicas• Safe Read : Make sure data can be read from a set

of given replicas• Best effort mode


Assured Replication: Performances

• Throughput at constant CPU usage> Safe Data level 2 : 5 % cost> Safe Read 2 servers : 14 % cost

• Response time> Safe Data : 25% cost> Safe Read : 50% cost

• Safe Data with File system cache write is 70% faster than write to the disk with safe write cache


International Collation Rules

• Unicode / UTF-8 support in standards Matching Rules

• Ability to Search / Sort / Index based on Local specific rules> Case folding handling and ordering is different in French

or Swedish> Provides better results for matching names according to

the Users' native language.


Recurring Tasks

• Provides the ability to schedule regular tasks within OpenDS> Backup, Export but also Import, Restore

• Cron like syntax• Ability to view, cancel scheduled tasks• Example, automatic backup

> backup --recurringTask "00 * * * *" --backupDirectory /example/backup --backUpAll --backupID "Hourly"


MySQL Cluster

• MySQL Cluster NDB is an in-memory, distributed, replicated database> Proven 99,999%

availability> Scales as you grow> Uses off-the-shelf

HW• OpenDS access directly

the Data Nodes


MySQL Cluster NDB Back-end

• Alternate data storage back-end for OpenDS• Allows concurrent transactional access to the data

through LDAP, SQL or direct APIs• Gives consistent high performance throughput and

response times for read and write operations• Common data model for OpenDS and OpenLDAP


OpenDS performances

• Huge effort done on code profiling and optimization> Refactor the Attribute API, the ASN1 encoding/decoding

library> Reduced copying> Reduced memory usage

• Results in> Improved scalability for large entries> lower response times> Higher throughput> Better determinism


OpenDS performance

• Better out of the box configuration> Automatically tunes number of worker threads> Automatically tunes number of cleaner threads

• Remember: OpenDS default configuration is for developers' laptop. Tune settings for scaling:

https://www.opends.org/wiki/page/HowToTunePerformance

• Overall since 1.0:> About 4 time faster> Gained 2 to 3 Nine's in determinism> More robust write performances


OpenDS 2.0 Performance figures

• Configuration> Sun X4150> 8 x Intel 3.2GHz> 64GB RAM

• Search rate> 8 clients / CPU 35% idle

> 15500 op/s

> 10% = 0.193417

> 50% = 0.223053

> 90% = 0.278756

> 99% = 0.362329

> 99.9% = 0.422575

> 99.99% = 35.5056

> 99.999% = 41.8817

> Average = 0.237412

• Modify rate> 2 clients / CPU 75% idle

> 4000 op/s

> 10% = 0.237901

> 50% = 0.288164

> 90% = 0.36565

> 99% = 0.486679

> 99.9% = 0.706433

> 99.99% = 11.1529

> 99.999% = 65.5304

> Average = 0.303045

> Internal disk> 10M 1.5K entries> Fully preloaded


OpenDS Roadmap


Roadmap

• Working on the release plan:> quartely “Express” releases> yearly “Product” releases

• OpenDS 2.2 planned for October 2009• OpenDS 3.0 planned for Mid 2010


Feature-wise

• Publicly available ChangeLog• Transactions for LDAP• PassThrough authentication service with delegation

to LDAP and Kerberos• Improved ease of use• More monitoring and configuration GUI• Log analysis tools• More performance and scalability improvements


More information

• OpenDS> http://www.opends.org/> https://www.opends.org/wiki/

• Sun OpenDS> http://wikis.sun.com/display/sunopends/Home

• Interested in OpenDS: Join our community> https://opends.dev.java.net/servlets/ProjectMembershipRequest

TEMPLATE –ENDING SLIDEWITHOUT PHOTO

A Primer on OpenDS

April 23, 2009

Ludovic [email protected]://blogs.sun.com/Ludo

27

mailto:[email protected]

OpenDS Primer Aquarium

Technology

Transcript of OpenDS Primer Aquarium