UnboundID Directory Proxy Server

Today, UnboundID is announcing the UnboundID Directory Proxy Server, which is a fast, scalable, robust, and easy-to-use LDAPv3 proxy server. It is designed to work with any LDAPv3 directory server, although some advanced functionality is intended for use with the UnboundID Directory Server.

This post describes some of the features and advantages we offer in the Directory Proxy Server product. For more information, contact sales@unboundid.com.

Advanced Health Checking

The UnboundID Directory Proxy Server offers advanced health checking capabilities that can detect and react to problems as soon as they happen, and in some cases even before they happen, so that clients are not adversely impacted by (and often won’t even notice) unexpected hardware, software, or networking failures.

Some of the things that the Directory Proxy Server can consider when monitoring the health of the backend servers include:

  • The length of time required to process operations in the server.
  • The existence and content of specified entries in the server.
  • The replication backlog in the server (both in terms of the number of pending changes and the age of the oldest outstanding change).
  • The level of busyness for that server (both for operations requested through the Directory Proxy Server, as well as through other routes).

In the event that a problem is detected with a backend server, then the Directory Proxy Server can de-prioritize that server relative to other servers in the environment, or can take it out of the mix altogether. Further, if the Directory Proxy Server is used in front of the UnboundID Directory Server, then the Directory Server instances can proactively notify the Directory Proxy Server of any problems that arise. This can help avoid problems that the Directory Proxy Server may not be able to detect on its own (e.g., running low on disk space on the Directory Server system) until they become critical problems resulting in operation failures.

Flexible Load Balancing

The UnboundID Directory Proxy Server offers a number of options for load balancing requests across multiple backend servers, which can help provide both high performance and high availability. Some of the things that it can take into account when deciding where to send a request include:

  • The availability of the backend servers, so that servers which are experiencing a problem of some kind can be avoided.
  • The relative healths of the backend servers, so that servers with a higher health check score can be given a proportionally larger percent of the load.
  • The locations of the backend servers, so that servers in the same data center as the Directory Proxy Server will be preferred over those that are remote. If it is necessary to send requests to remote servers, then those locations can also be prioritized to prefer closer data centers over those that are farther away.
  • Statically-defined weights assigned to individual servers or sets of servers.
  • The type of operation being requested. If you want, you can configure different types of load balancing for each type of operation.
  • Information about the way that previous requests have been handled, so that related requests are consistently routed to the same backend server.
  • Information about the client issuing the request. You can define different policies for different kinds of clients, based on a wide range of criteria.

Scalability and Entry Balancing

The UnboundID Directory Proxy Server can help you improve the overall performance and scalability of your directory environment. The load balancing capabilities mentioned above allow you to spread requests across multiple servers with the same content to ensure high throughput and availability.

In order to achieve optimal performance, you need to be able to cache all of the data in memory. The very compact way in which the UnboundID Directory Server represents entry data both on disk and in memory ensures that any single instance can hold a large number of entries, but sometimes even that may not be enough and you may need to utilize more memory than is available in any single instance. For these cases, the UnboundID Directory Server offers entry balancing, which allows you to seamlessly spread data across multiple sets of servers to take advantage of the aggregate memory across all of those sets. You can do this without the need to alter the content or hierarchy of your data, and without restricting which attributes clients can use in their requests for optimal performance.

Simple Installation, Configuration, and Management

The process for installing and configuring the UnboundID Directory Proxy Server is faster easier than any other LDAP proxy server I have ever used, even for relatively complex deployments across multiple data centers or when using entry balancing. And because the Directory Proxy Server shares much of the same code base as the Directory Server, you can use the same graphical, interactive text-based, and non-interactive command-line interfaces to manage both products. If you’re already familiar with the UnboundID Directory Server, then you can be up and running with the Directory Proxy Server in no time. Even if you’re completely new to the products then you should find the administrative interfaces simple and intuitive, yet still very powerful.

Other Features

Some of the other capabilities offered by the UnboundID Directory Proxy Server include:

  • Easily track requests through the directory environment. Both the Directory Server and the Directory Proxy Server access logs contain information that can easily allow you to correlate information about operations across multiple instances.
  • Transform requests and responses passing through the Directory Proxy Server to match the way that clients expect to access the data, even if that isn’t how it actually appears in the backend servers.
  • Define limits on what clients are allowed to do in the directory environment, including what types of operations they may request and which portions of the DIT they can access. As with load balancing, you can create multiple policies for different kinds of clients based on a very wide range of criteria.
  • Allow administrators to easily access individual backend servers through the Directory Proxy Server (including access to things like the server configuration, schema, and monitor data), bypassing any load balancing and health checking processing that would otherwise be enforced for normal client requests.