This article describes the basic concepts of and terminology used with Microsoft Metadirectory Services (MMS). The metadirectory server is an enterprise metadirectory you can use to integrate all directories in an organization into one central repository. It can also be used for migration purposes and consolidation of directories. The following topics are included in this article:
- Description of a Metadirectory
- Microsoft Metadirectory Overview
- MMS Client Access
- MMS Security
- MMS Distributed Directory
Description of a MetadirectoryA metadirectory is a dedicated enterprise directory solution that joins (or merges) information between the various existing directory systems and programs used within an enterprise, and then provides access to the consolidated information for Lightweight Directory Access Protocol (LDAP) clients, Web browsers, and possibly other computers.
Microsoft Metadirectory OverviewIn the MMS model, the enterprise metadirectory structure is comprised of one or more servers, management agents, and connected directories:
Management AgentsManagement agents are responsible for importing connected directory information into the connector namespace, and where desired, merging it with entries in the metaverse. It keeps the directory information synchronized by allowing attributes to flow bi-directionally. There is one management agent for each connected directory.
Connected DirectoryA connected directory is essentially any directory that you want to integrate into the metadirectory. The only requirement is that the directory contents must be organized into some minimal hierarchical structure, and that there a method for extracting the directory information in it exists. The information extracted from the connected directory is imported into the metadirectory. Optionally you may want to export information from the metadirectory into the connected directory.
Metadirectory NamespaceWhile the metadirectory contents can be presented as a single tree structure, it can also be thought of as consisting of two logical namespaces.
Connector SpaceThe area into which connected directory entries are first imported. This area links each connected namespace with the metadirectory.
MetaverseThat portion of the directory that presents the global view of the union of entries from multiple connected directories.
MMS Client AccessThe MMS client access consists of four primary client access methods:
Compass ClientA stand-alone client with the most complete features and most efficient interface of the MMS clients. Can be used to manage the directory.
Active Compass ClientAn ActiveX implementation of the Compass client that runs within any browser that supports ActiveX technology. Can be used to manage the directory. This client must be installed to run.
LDAP-Compliant User AgentE-mail, programs.
Web AccessWindows Explorer, Netscape Navigator.
MMS SecurityMMS security is comprised of three key features:
Login and AuthenticationThere are two kind of logins, anonymous and authenticated logins. Authenticated logins (or named logins), require a password. The password may be a "simple" password or a "strong" password.
Access ControlsAccess controls are used to evaluate the level of access to entries in the directory.
MMS Distributed DirectoryMMS has two methods to scale the product to your organization. The Distributed Directory is required for the following uses or conditions:
- Distant geographical locations.
- Load balancing and/or redundancy.
- Servers to manage connected directories.
- Other servers to service end users.
- Servers to support programs.
ReferralsUsed to set a pointer within the directory to point to another location on a different server. Note that this is transparent (not visible) to the user. This is useful when there are space requirements that need to be distributed to other servers but the users still can obtain access one central location.
NOTE: Referrals are accurate but the performance penalty may be quite high as you cannot guarantee the capabilities of the authoritative server.
ReplicationUsed to replication part of the tree structure on one server to another. This places a read-only copy of the tree on one server and the original location will reside on another location. This is useful for redundency of data as well as distributing the load from another heavily-used computer.
NOTE: Replication involves a "snapshot" view which is never guaranteed to be accurate.
ID članka: 246312 - posljednja izmjena: 19. lip 2014. - verzija: 1