Account Synchronization - Deployment Walkthrough

This document provides a walkthrough on how to deploy ClearOS across a hybrid and distributed environment. By the end of the walkthrough, 7 ClearOS systems will be configured with account information (users, groups, passwords) synchronized across all systems:

  • A central directory and primary domain controller (PDC) running in head office
  • A ClearOS file and app server running in VMware at the head office
  • ClearOS gateways at head office and 3 remote offices. The remote offices are configured as backup domain controllers (BDCs).
  • A Zarafa Professional for ClearOS mail server running in the cloud at Amazon EC2

This sample deployment is a good guide whether you have a simple 2 node solution, or a more complex 100 node deployment involving on premise, private cloud and public cloud.

Big Picture - One Master Node with Many Slaves

The Account Synchronization architecture in ClearOS is straightforward. A single master system is used add, delete and update users and groups. This account information is then fully replicated across multiple slave systems and the same users, groups and passwords are available on the slaves. For that reason, the slave systems do not need to be connected to the master in order to keep functioning. Instead, the slaves will continue to function and will re-establish replication once the master system is available.

Best Practices

If you are planning on deploying a master/slave network on more than a handful of systems, the following practices are recommended:

  • Use a dedicated installation (cloud, virtual machine, or bare metal) for the master node. Only a barebone set of apps should be installed on this system.
  • Make sure the firewall is as restrictive as possible.

Part 1 - Headquarters

Please refer to this document.

Part 2 - Remote Office

Please refer to this document.

content/en_us/kb_bestpractices_account_synchronization_-_deployment_walkthrough.txt · Last modified: 2018/06/07 08:08 by nickh