How does the 'Data Collection Service Scoping' driver work with multiple driversets?

  • 7007136
  • 02-Nov-2010
  • 26-Apr-2012

Environment

Novell Identity Manager 3.4.0

Situation

How does the new DCS driver work with multiple driversets?

Resolution

The new 'Data Collection Service Scoping' (NOVLDCSSCPNG) package provides static and dynamic scoping capabilities for enterprise environments with multiple driversets and multiple pairs of Data Collection Service Drivers and Managed System Gateway Drivers.


During or after installation, the Data Collection Service Driver role for the package it is being installed on, must be selected:


Primary:

The driver synchronizes everything except subtrees of other driver sets. A primary Data Collection Service Driver may well service a whole identity vault or it may work in conjunction with one or multiple secondary drivers.


Secondary:

The driver synchronizes only its own driver set but nothing else. A secondary Data Collection Service Driver usually requires a primary driver to run in a different driverset or no data outside the local driver set is sent to the Data Collection Service.


Custom:

Allows the administrator to define custom scoping rules. The only implicit scope is the local driver set, everything else is considered out-of-scope unless it is explicitly added to the list of custom scopes. A custom scope is the distinguished name in slash format of a container in the identity vault whose subordinates or subtree should be synchronized.



Common scenarios:

Below is a list of all the common scenarios scoping was designed for:


1. Single server/driver set IDV

   - no scoping required, do not install scoping package


2. Multi server, single driver set IDV

   - make sure the IDM server holds replicas of all partitions from which data should be collected

   - no scoping required, do not install scoping package


3. Multi server, multi driver set IDV


   3.1 All servers hold a replica of all partitions from which data should be collected

       - scoping is required to avoid the same change be process by multiple DCS drivers

       - install scoping package on all DCS drivers

       - elect one DCS driver to be the "Primary" driver

       - configure all other DCS drivers to be "Secondary" drivers


   3.2 All servers DO NOT hold a replica of all partitions from which data should be collected


       3.2.1 All partitions from which data should be collected are being hold by ONLY ONE IDM server

             - scoping is required to avoid the same change be process by multiple DCS drivers

             - install scoping package on all DCS drivers

             - configure all DCS drivers to be "Primary" drivers


       3.2.2 All partitions from which data should be collected ARE NOT being held by ONLY ONE IDM server (some partitions are held by more than one IDM server)

             - scoping is required to avoid the same change be process by multiple DCS drivers

             - install scoping package on all DCS drivers

             - configure all DCS drivers to be "Custom" drivers

               - define custom scoping rules for each driver

               - make sure to not create any overlapping scopes

 

Sample Traces


The following traces were taken at level 0 for the DCS driver with scoping enabled and for all the different driver roles.


Primary

-------

[10/13/10 12:20:54.206]:Data Collection Service Driver ST:Scoping: (Re-)Initializing rules for driver role 'primary'...

[10/13/10 12:20:54.208]:Data Collection Service Driver ST:Scoping: Excluding '\DORADOIDV\system\driverset2' and subtree (remote driver set).

[10/13/10 12:20:54.209]:Data Collection Service Driver ST:Scoping: Excluding '\DORADOIDV\system\driverset3' and subtree (remote driver set).

[10/13/10 12:20:54.209]:Data Collection Service Driver ST:Scoping: Done (re-)initializing rules.

[10/13/10 12:20:54.211]:Data Collection Service Driver ST:

DirXML Log Event -------------------

     Driver:   \DORADOIDV\system\driverset1\Data Collection Service Driver

     Channel:  Subscriber

     Object:   \DORADOIDV\system\driverset1\Test

     Status:   Warning

     Message:  Code(-8019) Operation vetoed on unassociated object.

[10/13/10 12:21:53.817]:Data Collection Service Driver ST:Scoping: Vetoing '\DORADOIDV\system\driverset2\Avaya Driver2' (remote driver set).



Secondary

---------

[10/13/10 12:16:14.480]:Data Collection Service Driver ST:Scoping: (Re-)Initializing rules for driver role 'secondary'...

[10/13/10 12:16:14.481]:Data Collection Service Driver ST:Scoping: Including '\DORADOIDV\system\driverset1' and subtree (local driver set).

[10/13/10 12:16:14.481]:Data Collection Service Driver ST:Scoping: Done (re-)initializing rules.

[10/13/10 12:16:14.482]:Data Collection Service Driver ST:Scoping: Vetoing '\DORADOIDV\data\groups' (out of scope).

[10/13/10 12:18:11.729]:Data Collection Service Driver ST:

DirXML Log Event -------------------

     Driver:   \DORADOIDV\system\driverset1\Data Collection Service Driver

     Channel:  Subscriber

     Object:   \DORADOIDV\system\driverset1\Test2

     Status:   Warning

     Message:  Code(-8019) Operation vetoed on unassociated object.

 

Custom

------

[10/13/10 12:10:13.991]:Data Collection Service Driver ST:Scoping: (Re-)Initializing rules for driver role 'custom'...

[10/13/10 12:10:13.992]:Data Collection Service Driver ST:Scoping: Including '\DORADOIDV\system\driverset1' and subtree (local driver set).

[10/13/10 12:10:13.992]:Data Collection Service Driver ST:Scoping: Including 'data\users' and subtree (custom scope rule).

[10/13/10 12:10:13.993]:Data Collection Service Driver ST:Scoping: Including 'system\driverset2' and subtree (custom scope rule).

[10/13/10 12:10:13.993]:Data Collection Service Driver ST:Scoping: Including 'system' and subtree (custom scope rule).

[10/13/10 12:10:13.993]:Data Collection Service Driver ST:Scoping: Done (re-)initializing rules.

[10/13/10 12:10:14.086]:Data Collection Service Driver ST:

DirXML Log Event -------------------

     Driver:   \DORADOIDV\system\driverset1\Data Collection Service Driver

     Channel:  Subscriber

     Object:   \DORADOIDV\data\users\m

     Status:   Success

[10/13/10 12:12:04.157]:Data Collection Service Driver ST:Scoping: Vetoing '\DORADOIDV\data' (out of scope).

[10/13/10 12:12:34.026]:Data Collection Service Driver ST:

DirXML Log Event -------------------

     Driver:   \DORADOIDV\system\driverset1\Data Collection Service Driver

     Channel:  Subscriber

     Object:   \DORADOIDV\data\users

     Status:   Success

[10/13/10 12:12:35.499]:Data Collection Service Driver PT:

DirXML Log Event -------------------

     Driver:   \DORADOIDV\system\driverset1\Data Collection Service Driver

     Channel:  Publisher

     Status:   Success

     Message:  <description>Success</description>

[10/13/10 12:12:35.500]:Data Collection Service Driver PT:

DirXML Log Event -------------------

     Driver:   \DORADOIDV\system\driverset1\Data Collection Service Driver

     Channel:  Publisher

     Status:   Success

     Message:  <description>Success</description>

[10/13/10 12:13:14.596]:Data Collection Service Driver ST:Scoping: Vetoing '\DORADOIDV\data\groups' (out of scope).