Better Management for Directory (LDAP) Traffic
Many LDAP Directories have several servers handling requests from many clients. The load on each server varies. Redirecting traffic when a server goes away can be a challenge.
There are companies offering “network load balancers.” They are usually pretty expensive and complicated. But they don’t understand the messages they handle. LDAP Directory requests have different requirements than, say, Web requests. So, Symas built a Directory Traffic Manager (DTM). It offers improved flexibility, performance and reliability.
Many Directories have several interconnected servers. Others scatter clusters of servers. Symas’s DTM help you improve your Directory service even in those situations. By monitoring each server, DTM is fast to react to changes. When a server goes off-line, DTM’s monitoring acts fast and keeps thing as smooth as possible.
Symas’s Directory Traffic Manager is currently available for the following 64-bit platforms:
Red Hat Enterprise Linux Releases 6 and 7
SuSE Linux Enterprise Server Release 12
Debian Linux Release 9
Ubuntu Linux Release 18
Symas’s DTM monitors the load on each server in a cluster. That tells DTM how to direct traffic on a per-request (operation) basis. The monitoring itself is based on measuring server response times and operation backlogs, and so puts no additional load on the server(s) themselves. This results in excellent balance of requests among the servers. At peak moments, that gives the best performance. Because DTM is watching all the time, it spots sudden bursts of traffic or heavy requests right away. Again, balancing actions happen fast to keep things smooth. You can add a server or remove one. DTM will see it and take action. This will keep your directory traffic flowing. This feature also makes it easy to do maintenance or add capacity. You can do that on the fly. DTM is easy to manage. You configure it with familiar OpenLDAP configuration tools. DTM makes an extensive list of performance and load information available. It is easy to connect that to your normal monitoring tools. DTM has several ways to manage your Directory Traffic:
Weighted (server one being preferred to server two and three at a ratio 3:1:1, etc.).
Tiered (The main server has a back-up which has a back-up, etc. The main server fails over to its back-up)
You can mix traffic management options to achieve your performance and reliability goals.
We also made it easy to use public-key security capabilities (PKI). DTM supports the complete repertoire of PKI operations supported by OpenLDAP, including:
Server identity verification,
Client identity verifications, and
DTM completely supports TLS 1.3.
APPLICATION AND SERVER COMPATIBILITY
We designed the Directory Traffic Manager for LDAP applications that benefit the most from load balancing. It handles requests from clients running any LDAP v3 library, but applications that use certain extended operations and server controls, such as browsers and other user interface applications, are best connected directly to the servers. This will not interfere with load balancing activities of DTM. For a complete list of supported controls and extended operations, please contact us. While DTM has been most extensively tested with OpenLDAP servers, it is designed to work with directory servers that support LDAP v3 and proxied authentication. Most types of SASL binds are also supported when the server supports the `ldapwhoami` extended operation. For more information, please contact us.