What is considered as "slow links" when setting up "multi-write-groups" for CA Directory

View Only

Back to discussions

Expand all | Collapse all

What is considered as "slow links" when setting up "multi-write-groups" for CA Directory

1. What is considered as "slow links" when setting up "multi-write-groups" for CA Directory

0 Recommend
Jiangping Li
Posted Jun 01, 2023 03:24 AM

Reply Reply Privately
Hi there,

In directory documentation, it says that "You should use multi-write groups for any situation where there are slow links".

I am just wondering if we have specific numbers to define "slow links" for directory replication, such as network latency in milli-seconds?

I would probably set up multi-write groups for directory deployment across AWS regions, and between AWS and on-premises DSA instances.

So that replications between AWS regions, or between AWS region and on-premises are asynchronous.

Regards,

Jiangping Li
2. RE: What is considered as "slow links" when setting up "multi-write-groups" for CA Directory

1 Recommend
Alan Baugher
Posted Jun 02, 2023 09:59 AM
Edited by Alan Baugher Jun 04, 2023 05:03 PM

Reply Reply Privately
Hi Jiangping,

Slow links refers to the network latency between DATA DSAs replication, that may be depended on geographical location or also the number & type of network devices that the replication may need to travel through.

For a project we did for global replication, we measured the latency between remote data centers to be about 200 msec. While this does not seem to be alot, it does have a visual impact for certain use-cases. In our case, password replication, since we were using a reverse password sync agent, this agent would not return a successful error code until replication was complete. Without MW groups feature, this delay impacted the user experience.

For your architecture with AWS regions, I would suggest using the time log of CA Directory DATA DSAs to help measure the latency for basic replication to determine if you need to leverage MW groups.

Below is a write up of what we did for the global password reset solution, that leveraged MW Groups with the embedded CA Directory for the provisioning store of the IGA suite (Identity Manager).

https://anapartner.com/2021/10/08/global-password-reset/

Additionally, you may use a virtualization solution, like VMware Workstation Network preference to force a slower network, to emulate real world latency in your test/lab environment.

https://anapartner.com/2020/08/24/multi-write-hub-model-with-democorp/

Cheers,

Alan Baugher

------------------------------
Alan Baugher
ANA
------------------------------

Original Message
3. RE: What is considered as "slow links" when setting up "multi-write-groups" for CA Directory

0 Recommend
Jiangping Li
Posted Jun 05, 2023 03:58 AM

Reply Reply Privately
Thanks Alan for your insight. It is really helpful.

Regards,

Jiangping Li

Original Message

Symantec IGA

What is considered as "slow links" when setting up "multi-write-groups" for CA Directory

Jiangping LiJun 01, 2023 03:24 AM

Alan BaugherJun 02, 2023 09:59 AM

Jiangping LiJun 05, 2023 03:58 AM

1. What is considered as "slow links" when setting up "multi-write-groups" for CA Directory

2. RE: What is considered as "slow links" when setting up "multi-write-groups" for CA Directory

3. RE: What is considered as "slow links" when setting up "multi-write-groups" for CA Directory