Interoperability with IBM Host Systems
Interoperability with IBM Host Systems |
|
After you choose an appropriate deployment model, you need to determine how to logically group your computers running SNA Server to provide fault tolerance, hot backup, and load-balancing services. How you organize your servers affects your ability to provide secure and robust host connectivity services to your users.
The Active Directory™ directory service feature of Windows 2000 Server stores information about all objects on a local or global network and makes this information easy for users and administrators to find and use.
To accommodate the needs of diverse organizations, Active Directory can be partitioned into domains, and, in larger networks, hierarchies of domain trees. A Windows 2000 domain is a group of computers and resources that shares a common user account database and security policy. Windows 2000 domains contain domain controllers which manage user accounts and control access to network resources. The remaining computers in the domain are either user workstations or servers, such as computers running SNA Server, that provide resources to domain users.
For more information about Active Directory and domains, see the Microsoft® Windows® 2000 Server Resource Kit Distributed Systems Guide.
Every computer running SNA Server is a member of a Windows 2000 domain and is also a member of an SNA Server subdomain. An SNA Server subdomain is a logical grouping of SNA Server–based computers that share common configuration information. These subdomains allow clients running SNA Server Client software to use any of the SNA Server–based computers in the same subdomain to connect to the host system or systems. To the clients running SNA Server Client software, these computers appear to function as a unit, providing a single set of SNA resources.
Although SNA Server runs on the Windows 2000 Server operating system, SNA Server subdomains play no role in Windows 2000 user authentication. Rather, SNA Server relies on Windows 2000 Server to authenticate users.
Note
SNA Server can be configured to use Windows 2000 domain authentication to provide secure, single sign-on to designated host system resources. For more information, see "LAN-to-Host Security" later in this chapter.
Each SNA Server subdomain can contain up to 15 computers running SNA Server, and a Windows 2000 domain can contain an unlimited number of SNA Server subdomains. Because they rely on Windows 2000 domain security to control access to the network, all computers running SNA Server in a particular subdomain must belong to the same Windows 2000 domain.
When you are planning the scope of an SNA Server subdomain and the location of its members, you should consider the capacity of the network link that connects the subdomain members. Whenever the subdomain configuration is changed (by adding a new user or LU, for example), the changed configuration file is propagated to all SNA Server–based computers in a subdomain whose role is set to backup. (SNA Server roles are discussed in the following section.)
To minimize unnecessary replication traffic across slow WAN connections, a subdomain should usually be contained within an Active Directory site. An Active Directory site is one or more TCP/IP subnets that are connected by high-speed links. Windows 2000 allows administrators to control and optimize inter-site replications.
In the distributed deployment model presented earlier in this chapter, you could organize all computers running SNA Server at a branch office site into one subdomain and organize the computers running SNA Server at the central site (near the host) into a separate subdomain.
SNA Server offers additional mechanisms to specifically control SNA Server replication traffic. For example, using the SNA Server Manager, you can control replication traffic by configuring a parameter called Mean Time Between Server Broadcasts. For more information about fine-tuning SNA Server replications, see the SNA Server version 4.0 documentation.
After you have established your Windows 2000 domains and your subdomains, you must assign a role to each computer running SNA Server within each subdomain.
The designation of one of the following three roles identifies which computers running SNA Server have a copy of the SNA Server configuration for the SNA Server subdomain. SNA Server Client–based computers can connect to any computer running SNA Server in the subdomain regardless of its configuration role.
Primary. Provides host connectivity services to your users and contains the master copy of the configuration file. Only one computer can be designated as the primary SNA Server in a subdomain.
Backup. Contains a read-only copy of the configuration file maintained by the primary. Backup servers can be promoted to a primary role if the primary server fails. An SNA Server subdomain can contain up to 14 backup servers.
Member. Does not contain a copy of the configuration file. Members rely on primary and backup servers to maintain configuration information. An SNA Server subdomain can contain up to 14 member servers.
Note
The concept of a backup SNA Server is different from the concept of hot backup. Hot backup is the ability of computers running SNA Server to work together to provide session support even when a server or a connection is not working. When computers running SNA Server provide hot backup, it means that LUs and other resources are configured so that they can fill in and support sessions required by other servers in the subdomain, even if another, similar resource is not available.
The primary computer running SNA Server should be the first server you install in an SNA Server subdomain. If possible, you should have one or more backup servers in the subdomain, as well, to maintain copies of the SNA Server configuration file in case the primary computer running SNA Server fails. If security is an issue, the backup servers should be kept physically secure because each one contains a copy of the SNA Server configuration file.
After you have designated one primary server and its backup servers, the remaining servers can be designated as member servers (computers running SNA Server without a configuration file).
As long as the primary server is running, you can administer SNA Server from a member server just as you would from any other server. You can also manage SNA Server from a computer running Windows 2000 Professional that has SNA Server Manager installed. You can limit the ability of users or groups to administer SNA Server by setting up SNA Server permissions.