Below is a typical deployment of a pair of Sun Directory Servers deployed in 2 data centers. They are configured for Multi-Master Replication (MMR).
This deployment is simple. Only port 389 (bi-directional) is required to be enabled on the firewall.
Now, if the Administrators are all stationed in Data Center 1 where DS 1 is and they would like to manage all Directory Servers via DSCC (Directory Server Control Control), we have a challenge.
We need to understand how DSCC, Cacao and Directory Server works.
Basically, DSCC manages Directory Server instances through Cacao agent. On each physical server where Directory Server is installed, we need a Cacao agent installed as well. This agent runs on port 11162 by default.
Now, if we make changes to the Directory Server configuration, there is a need to update the DSCC registry. This ensures the states are kept intact. DSCC registry runs on port 3998 and 3999 (SSL) by default.
So, what do we need to configure on the firewall?
- Port 11162 (uni-directional) from DS1 to DS2
- Port 3998 and 2999 (uni-directional) from DS2 to DS1
- Port 636 (bi-directional) <- for starting/stopping Directory Server via DSCC (Thanks, Teck Meng!)