A Primer on OpenDS
April 23, 2009
Ludovic Poitou
OpenDS Community Manager
Sun Microsystems, Inc.

Who am I ?
• Ludovic Poitou
• Software Architect
in the Directory Engineering team
• Based in the Grenoble Engineering Center, France
• Work on LDAP and Directory Services since 1996
• Involved with OpenDS since project launch,
Community Manager since 2007.
• http://blogs.sun.com/Ludo
2
OpenDS Primer – April 23, 2009

Agenda
• Introduction to the OpenDS Project
• OpenDS 2.0
• The Roadmap
3
OpenDS Primer – April 23, 2009

LDAP 10 years ago
• Email address book
• White pages for Enterprises
• Mostly Read Access
> Fast
> Thousands read requests per second
• Small data sets
> 100.000 user entries was BIG
> 20 attributes was a lot
• Very infrequent changes
> Less than10% writes
4
OpenDS Primer – April 23, 2009

Use of LDAP Today
• Tens of Millions of user entries
• More data per users
• More transient, writable data
> Authentication auditing
> Web session cookies
> Presence
• Mission critical applications
> Telecom Operators, Financial institutions
> Central security point
5
OpenDS Primer – April 23, 2009

The OpenDS project
• Released in Open Source
July 2006
>
CDDL
>
https://opends.dev.java.net/
>
https://www.opends.org/
>
• Written in Java 6
OpenDS Primer – April 23, 2009

The Community
• Sun driven development
> Over 12 years of experience of LDAP and building
scalable servers
> 41 committers
> 10 full time developers, 4 testers, 2 technical writers
> Others are also working on Sun Directory Services products
• 21 External contributors
• 330 registered users
• Collaborating with other communities :
7
OpenDS Primer – April 23, 2009

OpenDS Goals
• A complete set of Directory Services
Directory Back-end database
>
Full LDAPv3 compliance and standard extensions
>
Multi-Master replication
>
Directory Proxy Services : load-balancing, data
>
distribution, security services
> Virtual Directory Capabilities
• Horizontal and Vertical Scalability
• Sun Directory Server Enterprise Edition will be
OpenDS based in the future
8
OpenDS Primer – April 23, 2009

Three Principles
• Ease of Use
> Installation, Configuration, Management, Monitoring...
• Performance
> Throughput
> Response time
> Determinism
• Extensibility
> Many interfaces defined
> Default implementation provided
9
OpenDS Primer – April 23, 2009

OpenDS 1.0
• Released in July 2008
• Installs in 6 clicks and under 3 minutes
• Embeddable in Java applications
> For a better out of the box experience
> For better security, performance and availability
Scriptable installations
•
Full LDAPv3 compliant + many extensions
•
Supports Multi-Master Replication
•
Sun OpenDS Standard Edition 1.0 as a supported
•
product 10
OpenDS Primer – April 23, 2009

OpenDS 1.2
• Released in February 2009.
• Goal
> Deliver in OpenSolaris 2009.06 package repository
• Features
GUI for managing the server – Control Panel
>
SASL Security
>
Administration Connector
>
Access Control based on Security Strength factor
>
SVR4 packages, support for SMF and RBAC
>
Better performances
>
11
OpenDS Primer – April 23, 2009

OpenDS 2.0
12
OpenDS Primer – April 23, 2009

OpenDS 2.0
• Targetted for June 2009
• Features:
Assured Replication
>
International collation rules
>
Recurring tasks
>
SASL security with TLS
>
MySQL Cluster NDB back-end
>
Performances
>
• Sun OpenDS Standard Edition 2.0 for support
13
OpenDS Primer – April 23, 2009

Assured Replication
• Extension to the current Loose Consistency model
• Make sure operation has been forwarded up to
other locations in the Replication topology BEFORE
the LDAP client call returns
• No isolation of commits
• Safe Data : Make sure data is safe on several
replicas
• Safe Read : Make sure data can be read from a set
of given replicas
• Best effort mode
14
OpenDS Primer – April 23, 2009

Assured Replication: Performances
• Throughput at constant CPU usage
> Safe Data level 2 : 5 % cost
> Safe Read 2 servers : 14 % cost
• Response time
> Safe Data : 25% cost
> Safe Read : 50% cost
• Safe Data with File system cache write is 70%
faster than write to the disk with safe write cache
15
OpenDS Primer – April 23, 2009

International Collation Rules
• Unicode / UTF-8 support in standards Matching
Rules
• Ability to Search / Sort / Index based on Local
specific rules
> Case folding handling and ordering is different in French
or Swedish
> Provides better results for matching names according to
the Users' native language.
16
OpenDS Primer – April 23, 2009

Recurring Tasks
• Provides the ability to schedule regular tasks within
OpenDS
> Backup, Export but also Import, Restore
• Cron like syntax
• Ability to view, cancel scheduled tasks
• Example, automatic backup
> backup --recurringTask \"00 * * * *\"
--backupDirectory /example/backup
--backUpAll --backupID \"Hourly\"
17
OpenDS Primer – April 23, 2009

MySQL Cluster
• MySQL Cluster NDB is
an in-memory,
distributed, replicated
database
> Proven 99,999%
availability
> Scales as you grow
> Uses off-the-shelf
HW
• OpenDS access directly
the Data Nodes 18
OpenDS Primer – April 23, 2009

MySQL Cluster NDB Back-end
• Alternate data storage back-end for OpenDS
• Allows concurrent transactional access to the data
through LDAP, SQL or direct APIs
• Gives consistent high performance throughput and
response times for read and write operations
• Common data model for OpenDS and OpenLDAP
19
OpenDS Primer – April 23, 2009

OpenDS performances
• Huge effort done on code profiling and optimization
> Refactor the Attribute API, the ASN1 encoding/decoding
library
> Reduced copying
> Reduced memory usage
• Results in
Improved scalability for large entries
>
lower response times
>
Higher throughput
>
Better determinism
>
20
OpenDS Primer – April 23, 2009

OpenDS performance
• Better out of the box configuration
> Automatically tunes number of worker threads
> Automatically tunes number of cleaner threads
• Remember: OpenDS default configuration is for
developers' laptop. Tune settings for scaling:
https://www.opends.org/wiki/page/HowToTunePerformance
• Overall since 1.0:
> About 4 time faster
> Gained 2 to 3 Nine's in determinism
> More robust write performances
21
OpenDS Primer – April 23, 2009

OpenDS 2.0 Performance figures
• Configuration
> Sun X4150 > Internal disk
> 8 x Intel 3.2GHz > 10M 1.5K entries
> 64GB RAM > Fully preloaded
• Search rate • Modify rate
8 clients / CPU 35% idle 2 clients / CPU 75% idle
> >
15500 op/s 4000 op/s
> >
10% = 0.193417 10% = 0.237901
> >
50% = 0.223053 50% = 0.288164
> >
90% = 0.278756 90% = 0.36565
> >
99% = 0.362329 99% = 0.486679
> >
99.9% = 0.422575 99.9% = 0.706433
> >
99.99% = 35.5056 99.99% = 11.1529
> >
99.999% = 41.8817 99.999% = 65.5304
> >
Average = 0.237412 Average = 0.303045
> >
22
OpenDS Primer – April 23, 2009

OpenDS Roadmap
23
OpenDS Primer – April 23, 2009

Roadmap
• Working on the release plan:
> quartely “Express” releases
> yearly “Product” releases
• OpenDS 2.2 planned for October 2009
• OpenDS 3.0 planned for Mid 2010
24
OpenDS Primer – April 23, 2009

Feature-wise
• Publicly available ChangeLog
• Transactions for LDAP
• PassThrough authentication service with delegation
to LDAP and Kerberos
• Improved ease of use
• More monitoring and configuration GUI
• Log analysis tools
• More performance and scalability improvements
25
OpenDS Primer – April 23, 2009

More information
• OpenDS
> http://www.opends.org/
> https://www.opends.org/wiki/
• Sun OpenDS
> http://wikis.sun.com/display/sunopends/Home
• Interested in OpenDS: Join our community
> https://opends.dev.java.net/servlets/ProjectMembershipRequest
26
OpenDS Primer – April 23, 2009

ATEMPLATE –
Primer on OpenDS
ENDING SLIDE
WITHOUT PHOTO
April 23, 2009
Ludovic Poitou
ludovic.poitou@sun.com
http://blogs.sun.com/Ludo
27