Large-sized networks are enterprise focused, linking large, organizational networks with many other equal- or smaller-sized networks. They require flexibility, advanced security, and centralized management of distant resources as well as local supervision.
The following figure shows an example of a Directory tree for a large-sized network:
Example of Large-Sized Directory Tree
The Directory tree begins with a general Organization object that has multiple Organizational Unit objects below. Organizational Units are based on functional groups, projects, departments, and so on, and also on-site locations such as cities or countries.
Large networks typically require both system-wide administrative groups with central management at the organizational and departmental levels and site-based administrative groups that manage local resources and objects.
Large networks typically have a number of high-level divisions within the organization that form the top level of Organizational Units. Most of these divisions are divided into subdepartments which form a second level of Organizational Units. A third level of Organizational Units might consist of locations or functional groups.
Within Organization and Organizational Unit objects are enterprise resources that are managed centrally, including the following:
As organizations grow, it is necessary to maintain the workgroup and departmental structure of an organization while sufficiently increasing the centralized administration.
You should create User objects for centralized supervisors and Organizational Unit-level supervisors within their respective container objects.
Centralized supervisors are responsible for general network management and overall support for the Directory tree. Organizational Unit-level supervisors are responsible for day-to-day tasks, such as User object and resource management and local file server backup.
Centralized management also helps facilitate the implementation of network-wide standards. You should create and distribute a standards document for the entire network before implementing NDS.
Because most large-sized networks maintain high levels of WAN connectivity, which span time zones and international datelines, time services support requires careful planning.
It is critical to have a constant reference of time in order for NDS synchronization to take place. Time is also important to the proper execution of certain events and features, such as network backups and time-based security.
You should use one Reference time server and a group of Primary time servers as the basis for network time services. This ensures that a proper and accurate time reference is available at all times.
Determine which servers within your organization provide system-wide services, such as directories or applications that are accessed by the entire organization. From the servers you identify, select one to function as the Reference time server and set up the others as Primary time servers.
Each geographically distinct site should have at least one Primary time server.
All other NetWare servers in the network should be set up as Secondary time servers.
The Reference time server should be adjusted periodically by an outside time source, possibly the U.S. Naval Observatory Clock in Annapolis, Maryland.
Partitioning of large-sized networks should follow a multi-tiered partition plan.
Each division-level Organizational Unit has its own partition representing that container and its objects. Each lower-level Organizational Unit is the root for a partition that includes itself and all the other container and leaf objects beneath it in that branch of the tree.
The [Root] and Organization objects should form one partition. This partitioning structure ensures that all the critical access points in the tree are available and can be replicated for redundancy.
Create replicas to ensure adequate redundancy of critical partitions. Determine which servers within your organization provide system-wide services, such as applications that are accessed by multiple departments or the entire organization.
Place replicas of the partitions that include these critical servers on other servers in different locations on the network. This allows all users to authenticate to an enterprise resource without increasing network traffic.
For servers that provide local services, place replicas of the partitions that include them on other local servers.
If only one server exists at a location, place a replica of the partition that includes the server on a server in a different location. Provide additional replicas if possible.
For added security and fault tolerance, place a read/write replica of each partition on a server at the Organization object level of each Directory tree. This enables the central network management staff to maintain a complete Directory database in one location.
Make sure that every partition has a sufficient number of replicas available on the network, including replicas on appropriate distant servers, to ensure fault tolerance and to decrease WAN link traffic.
Most replicas should be located on servers within the main corporate network, except for other locations that have multiple servers. In these cases, replicas of the appropriate partitions are located on all these servers.