PingDirectory

Overview of the PingDirectoryProxy features

The following overview describes the PingDirectoryProxy server’s features and capabilities.

The PingDirectoryProxy server is a fast, scalable, and easy-to-use LDAP proxy server that provides high availability and additional security for the PingDirectory server while remaining largely invisible to client applications. From a client perspective, request processing is the same, whether communicating with the PingDirectory server directly or going through the PingDirectoryProxy server.

The PingDirectoryProxy server provides the following features:

High availability

The PingDirectoryProxy server allows you to transparently fail over between servers if a problem occurs as well as ensuring that the workload is balanced across the topology. If a client does not support following referrals, the server can follow them on the client’s behalf.

Data mapping and transformation

The PingDirectoryProxy server can perform distinguished name (DN) mapping and attribute mapping to allow clients to interact with the server using older names for directory content. It allows clients to continue working when they would not be able to work directly with the PingDirectory server, either because of changes that have occurred at the data layer or to inherent design limitations in the clients.

Horizontal scalability and performance

Reads can be horizontally scaled using load balancing. In large data centers, if the data set is too large to be cached or to provide horizontal scalability for writes, the PingDirectoryProxy server can automatically split the data across multiple systems. This feature allows the PingDirectoryProxy server to improve scalability and performance of the PingDirectory server environment.

Load balancing and failover

You can spread the workload across multiple directory servers in a large data center using load-balancing algorithms. Load balancing is also useful when a server becomes degraded or non-responsive because client process requesting directs to a different server.

Security and access control

The PingDirectoryProxy server can add additional firewall capabilities as well as constraints and filtering to help protect the PingDirectory server from attacks. You can use a PingDirectoryProxy server in a DMZ as opposed to allowing clients to directly access the PingDirectoryProxy server in the internal network or providing the data in the DMZ. It can help provide secure access to the data and you can define what actions clients are allowed to do. For example, you can prevent clients from making modifications to data when connected through a VPN no matter what their identity or permissions.

Tracking of operations across the environment

In the past, administrators have complained that when they see a request in the access log they have no idea where it came from and cannot track it back to a particular client. The PingDirectoryProxy server contains controls that allow administrators to track requests back to the client that issued them. Whenever the PingDirectoryProxy server forwards a request to the PingDirectory server, it includes a control in the request so that the PingDirectory server’s access log has the IP address of the client, address and connection ID of the PingDirectory server. In the response back to the client, it similarly includes information about the PingDirectory server that processed the request, such as the connection ID and operation ID. This feature makes it easier for administrators to monitor in their environment.

Monitoring and management tools

Because the PingDirectoryProxy server uses many of the components of PingDirectory, it can leverage them to provide protocol support, logging, management tools for configuration and monitoring, and schema. You can use the DataMetricsServer, the dsconfig tool, and the administrative console to manage the PingDirectoryProxy server.