Contents Overview 1 Overview of the Metadirectory Design and Development Process 2 Defining a Data Model 5 Developing a Join Strategy 9 Determining the Naming Structure 11 Determining the Physical Topology 13 Designing a Management and Security Strategy 15 Lab A: Designing and Developing a Metadirectory 17 Review 18 Module 14: Designing and Developing a Metadirectory BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Information in this document is subject to change without notice. The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted. Complying with all applicable copyright laws is the responsibility of the user. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation. If, however, your only means of access is electronic, permission to print one copy is hereby granted. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.  2000 Microsoft Corporation. All rights reserved. Microsoft, BackOffice, MS-DOS, Windows, Windows NT, <plus other appropriate product names or titles. The publications specialist replaces this example list with the list of trademarks provided by the copy editor. Microsoft is listed first, followed by all other Microsoft trademarks in alphabetical order. > are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A. and/or other countries. <The publications specialist inserts mention of specific, contractually obligated to, third-party trademarks, provided by the copy editor> Other product and company names mentioned herein may be the trademarks of their respective owners. Module 14: Designing and Developing a Metadirectory iii BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Instructor Notes Instructor_notes.doc Module 14: Designing and Developing a Metadirectory 1 BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Overview ! Overview of the Metadirectory Design and Development Process ! Defining a Data Model ! Developing a Join Strategy ! Determining the Naming Structure ! Determining the Physical Topology ! Designing a Management and Security Strategy During the MMS planning phase, you created a list of functional requirements for the proposed metadirectory. The next phase in the MMS planning and design process is to apply the results from the planning into the design and development of a metadirectory implementation that meets the functional requirements for the proposed metadirectory. During design and development, you create a blueprint, called a data model, which specifies how information will flow in and out of the metadirectory. You will then configure and test management agents to verify that the information flows as defined in the data model. Additionally, during this phase you will define the metadirectory namespace, the physical topology, and the metadirectory’s management and security requirements. After completing this module, you will be able to: ! Describe the process of designing and developing a metadirectory that meets the functional requirements of an organization. ! Design a data model of the metadirectory, metaverse-connector space relationship, and attribute flows. ! Design and develop a strategy to join connected directories to the metadirectory. ! Determine an appropriate naming structure for the metadirectory. ! Determine a MMS server topology that is based on the number of MMS servers, MMS server locations, and connected directories in your enterprise. ! Design a metadirectory management and security strategy. Topic Objective To provide an overview of the module topics and objectives. Lead-in In this module, you will learn about designing and developing a metadirectory based on a set of functional requirements. 2 Module 14: Designing and Developing a Metadirectory BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY # ## # Overview of the Metadirectory Design and Development Process Designing and Developing a Metadirectory Solution is an Iterative Process Designing and Developing a Metadirectory Solution is an Iterative Process Define a Data Model Define a Data Model Determine a Naming Structure Determine a Naming Structure Develop a Join Strategy Develop a Join Strategy Determine the Physical Topology Determine the Physical Topology Develop and Test MAs Develop and Test MAs Design Management and Security Strategy Design Management and Security Strategy The metadirectory planning phase produced a set of function requirements that specify the content, behavior, management, and security requirements of a metadirectory that meets the needs of an organization. By working with the deliverables from the planning phase the next step is to design and develop the metadirectory. During this process, you will perform the following: ! Define a data model. This consists of a detailed data model for the proposed metadirectory. The data model includes specifying the metadirectory to connected directory relationships and designing the flow of attributes between the metadirectory and connected directories. ! Develop a strategy for joining connected directories to the metadirectory. This includes planning and testing the joining of connected directories to the metadirectory. A good join strategy reduces the number of entries that must be manually joined to the metadirectory. ! Create a naming structure for the metadirectory. Defining the correct naming structure for your organization is critical because it affects the manageability, security, performance, and usability of the metadirectory. ! Define a physical metadirectory topology. The physical topology of the metadirectory determines where to interconnect management agents to connected directories, and where to physically locate MMS servers to support access and management needs. Topic Objective To introduce the process of designing and developing a metadirectory. Lead-in Module 14: Designing and Developing a Metadirectory 3 BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY ! Develop and test management agents. To meet the functional requirements of the proposed metadirectory, you may need to customize the management agents included with MMS or develop new management agents MAs. You will also have to test managements to verify whether they produce the expected metadirectory behavior and whether information flows properly among connected directories. ! Develop a management and security strategy. You will need to determine the appropriate access controls that will enforce your administrative model. The design and development of a metadirectory implementation consists a set of related processes; it is not a linear set of tasks. Therefore, approach the design phase as an iterative prototyping, learning, and development process. You should experiment with metadirectory concepts, the connected directory environments, and the tools and functionality MMS provides to validate and then implement a solution that best addresses the functional requirements for your metadirectory. 4 Module 14: Designing and Developing a Metadirectory BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Mapping the Functional Requirements to Design and Development Design Phase Design Phase Design Phase Functional Requirement Functional Requirement Functional Requirement Define a Data Model Define a Data Model $ The attributes stored in each metadirectory entry $ The directory from where each attribute initially originates $ The directory that will be authoritative for each attribute $ The attributes stored in each metadirectory entry $ The directory from where each attribute initially originates $ The directory that will be authoritative for each attribute Develop a Join Strategy Develop a Join Strategy $ A list of directories to be integrated in the metadirectory $ The metadirectory entry types $ The naming convention for metadirectory entries $ A list of directories to be integrated in the metadirectory $ The metadirectory entry types $ The naming convention for metadirectory entries Determine a Naming Structure Determine a Naming Structure Determine the Physical Topology Determine the Physical Topology Design Management and Security Strategy Design Management and Security Strategy $ The metadirectory management method $ The metadirectory security policy $ The metadirectory entry types $ The metadirectory management method $ The metadirectory security policy $ The metadirectory entry types $ The metadirectory management method $ The metadirectory security policy $ The metadirectory management method $ The metadirectory security policy $ The metadirectory management method $ The metadirectory security policy $ The metadirectory management method $ The metadirectory security policy Each of the functional requirements that you identified during the metadirectory planning phase will be used during the design and development of the metadirectory. The following table identifies the phase in the design and development process in which each the functional requirement is used: Design Phase Functional Requirement from Planning Phase Define a Data Model • The attributes stored in each metadirectory entry • The directory from where each attribute initially originates • The directory that will be authoritative for each attribute Develop a Join Strategy • A list of directories to be integrated in the metadirectory • The metadirectory entry types • The naming convention for metadirectory entries Determine a Naming Structure • The metadirectory management method • The metadirectory security policy • The metadirectory entry types Determine the Physical Topology • The metadirectory management method • The metadirectory security policy Design Management and Security Strategy • The metadirectory management method • The metadirectory security policy Topic Objective To identify which design phase addresses the functional requirements developed during the planning process. Lead-in Module 14: Designing and Developing a Metadirectory 5 BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY # ## # Defining a Data Model ! The Data Model Is a Blueprint for the Metadirectory % Defines how MAs should be configured and operated % Defines how MAs function together to flow data into and out of the metadirectory ! The Data Model Specifies: % The strategy for initially populating the metadirectory % The mode in which each management agent is run % The attribute flow rules The metadirectory data model defines how management agents need to be configured and operated to meet the content and behavior requirements that you determined during the metadirectory planning phase. When defining the data model, you will determine how the management agents function together to flow information into and out of the metadirectory. The data model provides a blueprint that guides you through the development and testing of management agents. The metadirectory data model specifies the following: ! A strategy for how to initially populate the metadirectory with data from each connected directory. ! The mode in which each management agent is run to initially populate the metadirectory and to maintain the relationships between entries in the metadirectory and entries in each connected directory. ! The attribute flow rules that define how information flows between connected directories and the metadirectory. You must also design attribute flow in a way that defines and enforces which connected directory is authoritative for each attribute. Topic Objective To introduce the metadirectory data model. Lead-in 6 Module 14: Designing and Developing a Metadirectory BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Assigning Modes to MAs ! Use Reflector Mode To: % Initially populate the metaverse namespace % Create foreign entries in connected directories ! Use Creator Mode To: % Populate a connected directory with entries from the metadirectory % Create foreign entries in connected directories ! Use Association Mode To: % Import attributes, but not entire entries, into the metaverse namespace % Add selective, unique attributes to entries in the metaverse namespace Because a metadirectory system consists of two or more connected directories and their corresponding management agent, you must define how to configure and when to operate each management agent so that collectively, all management agents work together to meet the content and behavior requirements of the proposed metadirectory. Use the following guidelines to determine the appropriate mode to assign to each management agent: ! Use the Reflector mode to initially populate the metadirectory with the entries and attributes that were defined during the planning phase. For example, to build the metadirectory from an existing human resources (HR) database, operate the HR management agent in Reflector mode to populate the metadirectory with the HR data. You can also use the Reflector mode if your metadirectory requirements specify directory synchronization with email systems. In this scenario, you would use Reflector mode to create entries in the metadirectory from one email system, and then run the management agent for different email systems in Creator mode to create a foreign entry that originates in the first email system. ! Use the Creator mode to create native entries in a connected directory that correspond to entries in the metadirectory. Some directories, such as a simple phone list, can be populated by exporting entries from the metadirectory into a flat file. However, creating native entries in an email system or directory service database usually requires invoking management utilities outside the connected directory to create applications resources, such as a mailbox or user account. Topic Objective To describe how to collectively configure the mode for each management agent in the metadirectory system. Lead-in [...]... organization Determining the naming structure for the proposed metadirectory includes defining the naming context, which is the top level name for the metadirectory namespace, and defining the organizing structure of the metadirectory and the type of containers that you will use in this structure Namespace Considerations When determining the naming structure for the metadirectory, start at the top and consider... connector is the first directory you reflect into the metadirectory To select the prime connector, identify the directory that best represents your information structure Candidates for the prime connector should also contain the most stable and authoritative attribute information ! Join additional directories to the prime connector After you run the management agent for your prime connector in Reflector... best prime connector as the first directory to be reflected into the metaverse namespace, and then look for ways to match attributes from the other connected directories against attributes in the prime connector To avoid including ambiguous, or unmatched, entries in the metadirectory, carefully plan and test your strategy for joining connected directories to the metadirectory This is especially beneficial... network administrator, to request that a user object for the new employee be added to each of those directories Which of these directories is good candidate for a prime connector? What business process change would you suggest to this company to ensure cleaner data in their directories? None of them More than likely, the data in each of these directories would not be very clean Without adequate and. .. support organizations manage the part of the directory stored on the server in their location Next, you must decide who will manage the data on those servers Initially, consider allowing the administrators of the connected directories to continue to manage that data in the metadirectory You can include aliases to those administrative user accounts in the appropriate role lists: directory administrators,... too deep, too cryptic, or too unstable administrators or users may have difficulty finding information by navigating the directory Important It is important to consider the naming context carefully, because changing the naming context for a server will require reinstalling MMS Defining the Organizing Structure You can define the types and names of containers to hold metadirectory entries Depending on... What is clean directory data? Why is a clean directory an important part of the join strategy? Clean directory data ensure that entries in a directory are unique, so that multiple entries for the same real-world object are minimal Clean data is the primary criterion for choosing the first directory that you connect to the metadirectory The clean data in the prime connector will reduce the number of , and. .. TRAINER PREPARATION PURPOSES ONLY Module 14: Designing and Developing a Metadirectory 9 Developing a Join Strategy Topic Objective To Develop a Join Strategy To Develop a Join Strategy To describe the principles for developing a strategy to join connected directories to the metadirectory Determine Which Directory Will Be the Prime Connector Lead -in Join One or More of the Remaining Directories to the. .. directory ! Determine when to use referrals and when to use replication to connect together the different parts of the metadirectory The factors that you must consider when determining the physical metadirectory topology include performance, administration, and connectivity Performance Factors If you are using MMS only to manage directory information, you will not need more than one computer running... mode, you will join one or more of the remaining directories This step will help to gauge the cleanliness of the data Do not expect every entry to join on the first run of the management agent If a majority of the entries do not join, reconsider your choice of the prime connector; the data may not meet the criteria set forth previously If only 60 to 80 percent of the entries join on the first attempt, . MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY Information in this document is subject to change without notice. The names of companies, products, people, characters, and/ or data mentioned. connected directories. ! Develop a strategy for joining connected directories to the metadirectory. This includes planning and testing the joining of connected directories to the metadirectory. A. directories to the prime connector. After you run the management agent for your prime connector in Reflector mode, you will join one or more of the remaining directories. This step will help to