PingDirectory

Notification mode architecture

Notification mode, a configuration setting on the Sync Pipe, requires a one-way directional Sync Pipe from a source endpoint topology to a target client application.

PingDataSync detects the changes in the PingDirectory server’s Lightweight Directory Access Protocol (LDAP) change log, filters the results specified in the Sync Classes, applies any distinguished name (DN) and attribute mappings, then reconstructs the change information from the change log attributes. A server extension picks up the notification arguments from the SyncOperation interface (part of the Server SDK) and converts the data to the desired output format. The server extension establishes the connections and protocol logic to push the notification information to the client applications or services. All of the operations, administration, and management functions available in standard mode, such as monitoring, (LDAP, JMX, SNMP), alerts (JMX, SNMP, SMTP), and logging features are the same for notification mode.

The Server SDK includes documentation and examples on how to create a directory server extension to support notification mode.

For a given entry, PingDataSync sends notifications in the order that the changes occurred in the change log even if a modified attribute has been overwritten by a later change. For example, if an entry’s telephoneNumber attribute is changed three times, three notifications will be sent in the order they appeared in the change log.

A diagram illustrating notification mode architecture

Sync source requirements

A separate Sync Pipe is required for each client application that should receive a notification.

The Sync sources must consist of one or more instances of the following directory or proxy servers with PingDataSync:

  • PingDirectory Server and PingDirectoryProxy Server 3.0.5 or later

  • Nokia 8661 Directory Server

  • A Sync destination of any type

You should not configure PingDataSync to interact with backend source servers through a load balancer. You can use PingDirectoryProxy for this configuration instead, assuming you are using PingDirectory servers as your backends.

Although the PingDirectoryProxy server and Nokia 8661 Directory Proxy Server can front other vendor’s directory servers, such as Active Directory (AD) and Sun DSEE, for processing LDAP operations, PingDataSync cannot synchronize changes from these sources through a proxy server. Synchronizing changes directly from AD and Sun DSEE cannot be done with notification mode.

Failover capabilities

For sync source failovers, configure replication between the PingDirectory servers to ensure data consistency between the servers. A PingDirectoryProxy server can also front the backend PingDirectory server set to redirect traffic if connection to the primary server fails. A PingDirectoryProxy server must be used for synchronizing changes in an entry-balancing environment. Once the primary PingDirectory server is online, it assumes control with no information loss because its state information is kept across the backend PingDirectory servers.

For sync destination failovers, connection retry logic must be implemented in the server extension, which will use the Sync Pipe’s advanced property settings to retry failed operations. There is a difference between a connection retry and an operation retry. An extension should not retry operations because PingDataSync does this automatically. However, the server extension is responsible for re-establishing connections to a destination that has gone down, or failing over to an alternate server. The server extension can also be designed to trigger its own error-handling code during a failed operation.

For PingDataSync failovers, the secondary PingDataSync servers will be at or slightly behind the state where the primary server initiated a failover. Both primary and secondary PingDataSyncs track the last failed acknowledgement, so once the primary server fails over to a secondary server, the secondary server will not miss a change.

If failover is a concern between PingDataSync servers, change the sync-failover-polling-interval property from 7500 ms to a smaller value. This will result in a quicker failover, but will marginally increase traffic between the two PingDataSync servers. The sync-failover-connection-timeout and sync-failover-response-timeout properties can also be updated to use different failover timeout durations. Use the dsconfig command to access the property on the Global Sync Configuration menu.

Notification sync pipe change flow

Multi-threaded Sync Pipes allow PingDataSync to process multiple notifications in parallel in the same manner as synchronizing changes in standard mode, which increases throughput and offsets network latency. A single change-detection thread pulls in batches of change log entries and queues them internally. To guarantee consistency, PingDataSync’s internal locking mechanisms ensure the following properties:

  • Changes to the same entry will be processed in the same order that they appear in the change log.

  • Changes to parent entries will be processed before changes to its children.

  • Changes to entries with the same RDN value are handled sequentially.

The number of concurrent threads is configurable on the Sync Pipe using the num-worker-threads property. In general, single-threading should be avoided.

A diagram illustrating notification sync pipe change flow