Cloud Security Perspectives and Insights

Oracle Directory Server Enterprise Edition (DSEE) to Oracle Unified Directory (OUD) Upgrade and Co-existence

Greg Jensen
Sr Principal Director - Security - Cloud Business Group

As a follow up on “Why
Customers Should Upgrade Directory Server Enterprise Edition (DSEE) to Oracle
Unified Directory (OUD)?
”, I would like to illustrate in a case study how easily upgrade can be achieved.

An upgrade process can be defined as the steps required for moving from a state where application leverage data managed within a DSEE directory service to a state where applications leverage data managed within an OUD directory service.

are multiple ways to achieve that goal:

Export data and re-import data

Leverage a synchronization tool

Enable replication gateway

We have discussed the pro and cons for each one in this blog entry. For more information, you can dive into the details in the OUD’s Transition Guide. In this blog we will focus on how to leverage replication gateway for co-existence and upgrade from DSEE to OUD.
Clearly OUD’s unique feature called “replication gateway” provides ability to keep DSEE and OUD directories in sync for more than just users entries as it also synchronize operational states which is something that synchronization tools have hard time to perform.
Now let’s review the required step when you decide to go for upgrade via “replication gateway”.
Your starting point is likely a configuration like this:

Fig 1: Original environment
Then, you will install an OUD instance; it should go as a straight forward operation as OUD can be installed in just a few minutes.

Fig 2: DSEE and OUD environments
Please refer to quick installation as documented is the installation guide.
Then you start the upgrade. In most cases this can indeed be achieved through 3 steps as simple as 1-2-3
1/ Diagnose, migrate configuration and schema
This is achieved via our ds2oud command, provided as part of OUD.
This first step is important because it will analyze the features used by DSEE to identify those that could require specific attention because they could not be mapped automatically to an OUD equivalent. It will go through plug-ins, schema extensions, password policy used, encrypted attributes, index settings, global configuration parameters.

Fig3: Step 1: Diagnose & Migrate configuration and Schema
It will then be used to diagnose the Directory Server data; this will identify schema differences that cannot be automatically migrated and will require manual adaptation. The ds2oud tool will then be used to migrate automatically the schema and configuration from DSEE to OUD. 
2/ Export / Import data from DSEE to OUD

Fig4: Step 2: Export & Import data from DSEE to OUD

In this step data will be exported including metadata that will be transformed by the export to the OUD format. Then you will import that resulted LDIF file into OUD directory server.
3/ Activate replication gateway

Fig5: Step 3: Setup Replication Gateway

Install and configure the replication gateway as described in the “Setting Up the Replication Gateway” documentation.
This set up bidirectional replication between the two environments. From here any changes that took place on DSEE since you exported the data will be replicated to OUD and any change made on OUD will also be replicated to DSEE. Optionally you can specify that you want changes to be replicated only in one way-
Final step is to redirect application from DSEE to OUD, this can be achieved by updating the load-balancer or proxy configuration. In this scenario you can fall back to DSEE by reverting the load-balancer/proxy configuration

Fig6: Switching applications from DSEE to OUD

Scenario described above cover general case, based on your configuration and existing services in DSEE further steps might be required to perform necessary adaptations.
In such deployment, you will keep the two environments in synchronization while applications get validated on the new environment. You continue to upgrade more DSEE servers to OUD during the co-existence period, and ultimately the replication gateway will be removed and the DSEE servers will be de-provisioned.
In summary, OUD is Oracle’s strategic, next-generation directory and the upgrade path for DSEE. Oracle encourages DSEE customers to upgrade to OUD to take advantage of the latest functionality in order to support on-premise, cloud, and mobile applications while benefiting from a lower TCO, improved user experience, and enhanced security.

We will continue to share upgrade best practices and case studies in future blogs, so please stay tuned. 
Additional references and details can be found here:
Oracle Unified Directory documentation and transition guide, Oracle Directory Services blog, Sylvain Duloutre’s Weblog

About the Author

Etienne Remillon is Senior Principal Product Manager for Oracle Unified Directory and Directory Server Enterprise Edition products. Etienne has been in the X500 and LDAP Directory Services area for the past 20 years starting with Sun Microsystems.

THE AUTHOR can be reached via LinkedIn

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.