|Previous||Table of Contents||Next|
The NIS+ namespace is the arrangement of information stored by NIS+. You can arrange the information in the namespace in a variety of ways to suit the needs of your organization. The hierarchical namespace of NIS+ is similar to that used by DNS and by the UNIX file system. With a hierarchical namespace, you can decentralize administration and improve security. When Solaris 1.x NIS was developed, the basic assumption was that the network and organization-wide namespace would be small enough for one person to administer. The growth of networked computing has resulted in a need to change this assumption.
NIS+ is designed to work best when the information in the NIS+ namespace is arranged into configurations called domains. An NIS+ domain is a collection of information about the systems, users, and network services in a portion of an organization. In the sample network shown in Figure 5-1, the domains for a fictitious company, Starlight Corporation, are organized by division.
Figure 5-1 Creation of administrative domains.
As Starlight Corporation grows beyond a few hundred systems, the corresponding growth of its NIS+ directory begins to affect manageability and performance. Functional groups, such as Engineering and Sales/Marketing, may choose to create local subdomains and appoint (or hire) autonomous system administrators for these subdomains. These local administrators take responsibility for administering their own subdomains, thus relieving the central administration group of some of its workload.
As Starlight Corporation continues to grow, further decentralized administrative requirements may emerge. Administrators will be able to continue to subdivide the domains along functional groups or other natural administrative lines, such as by location or by building. Figure 5-2 shows how the Starlight network has decentralized the Sales domain.
Figure 5-2 Hierarchical domains.
Each domain can be administered either locally or centrally. Alternatively, some portions of domain administration can be performed locally, while others remain under the control of a central administrator. A domain can even be administered from within another domain. As more domains are created, NIS+ clients will continue to have the same access to the information in other NIS+ domains of the company.
AdminSuites Database Manager and the NIS+ commands allow authorized administrators to interactively administer and add, delete, or change information in NIS+ servers from systems across the domain or enterprise network. Administrators do not need to remotely log into or have superuser privileges on these servers to be able to perform administrative functions. The following sections describe the components of the NIS+ namespace. NIS+ security is discussed later in this chapter.
The NIS+ namespace contains the following components:
Directory, table, and group objects are organized into NIS+ domains. Entry objects are contained in tables. Link objects provide connections between different objects. Directory and table objects are described in detail in the following sections.
Directory objects, which are the framework of the namespace, divide it up into separate parts. Each domain consists of a directory object; its two administrative directories, org_dir and groups_dir; and a set of NIS+ tables, as shown in Figure 5-3.
Figure 5-3 The org_dir and groups_dir directories for two domains.
The org_dir directory contains NIS+ tables that are used for storing information about users and systems on your network. The tables are described in the section Table Objects. The groups_dir directory stores information about the NIS+ groups for the domain. A directory object is considered a domain only if it contains its own administrative tables in the org_dir and groups_dir subdirectories. The NIS+ scripts that are run when NIS+ is set up create these two default directories. Figure 5-4 shows the contents of the org_dir directory for the Starlight Corporation top-level domain and two subdomains.
Figure 5-4 An example of the domains, directories, and tables in an NIS+ namespace.
The top-level domain in an NIS+ hierarchy is called the root domain. The root domain is the first NIS+ domain installed. Each directory contains administrative information on resources local to that domain.
|Previous||Table of Contents||Next|