The following overview describes PingDirectoryProxys features and capabilities.
The PingDirectoryProxy is a fast, scalable, and easy-to-use LDAP proxy server that provides high availability and additional security for the PingDirectory while remaining largely invisible to client applications. From a client perspective, request processing is the same, whether communicating with the Directory Server directly or going through the Directory Server.
The PingDirectoryProxy provides the following features:
- High availability
- The Directory Server allows you to transparently fail over between servers if a problem occurs as well as ensuring that the workload is balanced across the topology. If a client does not support following referrals, the Directory Server can follow them on the client’s behalf.
- Data mapping and transformation
- The Directory Server can perform distinguished name (DN) mapping and attribute mapping to allow clients to interact with the server using older names for directory content. It allows clients to continue working when they would not be able to work directly with the Directory Server, either because of changes that have occurred at the data layer or to inherent design limitations in the clients.
- Horizontal scalability and performance
- Reads can be horizontally scaled using load balancing. In large data centers, if the data set is too large to be cached or to provide horizontal scalability for writes, the Directory Server can automatically split the data across multiple systems. This feature allows the Directory Server to improve scalability and performance of the Directory Server environment.
- Load balancing and failover
- You can spread the workload across multiple proxies in a large data center using load-balancing algorithms. Load balancing is also useful when a server becomes degraded or non-responsive because client process requesting directs to a different server.
- Security and access control
- The Directory Server can add additional firewall capabilities as well as constraints and filtering to help protect the Directory Server from attacks. You can use a Directory Server in a DMZ as opposed to allowing clients to directly access the Directory Server in the internal network or providing the data in the DMZ. It can help provide secure access to the data and you can define what actions clients are allowed to do. For example, you can prevent clients from making modifications to data when connected through a VPN no matter what their identity or permissions.
- Tracking of operations across the environment
- In the past, administrators have complained that when they see a request in the access log they have no idea where it came from and cannot track it back to a particular client. The Directory Server contains controls that allow administrators to track requests back to the client that issued them. Whenever the Directory Server forwards a request to the Directory Server, it includes a control in the request so that the Directory Server's access log has the IP address of the client, address and connection ID of the Directory Server. In the response back to the client, it similarly includes information about the Directory Server that processed the request, such as the connection ID and operation ID. This feature makes it easier for administrators to monitor in their environment.
- Monitoring and management tools
- Because the Directory Server uses many of the components of PingDirectory, it can leverage them to provide protocol support, logging, management tools for configuration and monitoring, and schema. You can use the DataMetricsServer, the dsconfig tool, and the administrative console to manage the Directory Server.