directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Boreham" <da...@bozemanpass.com>
Subject Re: [replication] Master slave replication will not suffice
Date Thu, 24 Feb 2005 16:11:38 GMT
>> Once you have replication what's the point in embedding?
> 
> No network latency between say,
> 
> DNS and LDAP or
> Kerberos and LDAP or
> DHCP and LDAP ...
> 
> Also the there is less entropy to the system.  It also means that there 
> are not as many exposed points for attack from a security standpoint.  
> Intra process communication is more secure and faster than two separate 
> inter process servers talking to each other.
> 
> Does this make sense or am I missing something here?  I'm begining to 
> doubt myself because you're like the 3rd person to think there was a 
> flaw with this reasoning.

I think you're on the right track. What you're describing
is a 'distribution of service' approach : take a set of key
services and ensure that they're available reliably and
efficiently everywhere they're needed. An obvious approach
to ensure this is to simply run an instance of a server
for each service on every machine (or at least every
server class machine). Then, if the machine is up,
then most likely the services are available, which is a good thing.

However, having done so you now have a distrubution
of data problem. If the underlying data is not available
locally, then the benefits of distribution of service are not
achieved because the problem has simply moved from
the initial service endpoint to the data service (LDAP or
RDBMS or whatever). 

Therefore to achieve distribution of service you also need
to distribute the underlying data. There is some benefit to
using a single unified mechanism for this (e.g. replicated
LDAP) : no need to wrangle with N different things ---
NIS pushes, DNS slaves, Kerberos secondaries, and so on.

Therefore your idea to have an LDAP-based MMR
mechanism, with local gateway services (NIS, DNS, KRB)
that use the local copy of the LDAP data, makes perfect 
sense to me.





Mime
View raw message