A Forum reader recently asked:

“I was told that it would be good practice to assign multiple servers to my driverset and run some of my drivers on a second server instead of having them all run on the primary. I realize it would be good to assign the multiple servers to the driverset for DR purposes, but is it a good idea to split up where the drivers run between two servers?

Also, I realize it’s good practice with eDirectory to have three servers for
each replica, but for a Vault is 3 really necessary, or would two be

And here’s the response from Aaron Burgemeister …


How you split up your drivers depends on your needs. If you have two drivers, don’t bother splitting them up. If you have 100, you will definitely need to split them up.

Whether that’s between multiple servers in one DriverSet or among multiple DriverSets is up to you and there are benefits to either. The benefit to having more DriverSets is less confusion in the administration tools. Once you get used to having multiple servers in there it’s okay, but at first you may have some fun realizing which server you’re physically modifying when there are multiple servers in a DriverSet.

Alternatively the benefit of having multiple servers in a DriverSet is, as you said, faster failover from one server to another. The only way to do true High Availability (HA) is with Heartbeat on Linux, where you would have just one NCP server associated with a DriverSet but two physical servers servicing that eDirectory instance. Hopefully this gives you some general guidelines but it really depends on your environment.

You should always have at least three replicas of each partition. You can run just fine with two, or even just one, but the reason Novell recommends three is because it’s harder to kill three than it is two or one at a time. Your Vault is a fairly important environment, so if you back off from the real-time redundancy (replicas), be sure you have working, tested backups that you can get to quickly in the event that you lose all replicas.

Also, you should always have an export (that is current) of your drivers, no matter what. Designer limits the need for this, as it is a complete backup, but exports are always nice.

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

No Comments
By: ab
Jul 18, 2007
4:16 am
Active Directory Authentication Automation Cloud Computing Cloud Security Configuration Customizing Data Breach DirXML Drivers End User Management Identity Manager Importing-Exporting / ICE/ LDIF Intelligent Workload Management IT Security Knowledge Depot LDAP Monitoring Open Enterprise Server Passwords Reporting Secure Access Supported Troubleshooting Workflow