GALSync with hub-and-spoke architecture

  • Article

Source reference

This article has originally been posted on the (now archived) ILM forum. Therefore it has been ported to the TN Wiki for continued maintenance.

 

Hub-and-spoke GALSync

In case you wish to implement a hub-and-spoke infrastructure for your Global Address List Sync with ILM/FIM, you need to tune the original GALSync setup.

Hub-and-spoke architecture means one master GAL domain which communicates with slave domains, without direct provisioning between slave domains.

For ease of use, I've put the decision logic in one function (shouldprovision).

In the GALMV.vb file you need to create a private function (based on VB.NET code):

 

Private Function  shouldprovision( _         ByVal currentMVentry As MVEntry, _   
     ByVal mANAme As String) As  Boolean
 
    'The only domain and MA name you need to know is the master domain
    'The master domain name is the FQDN of the AD domain
    'this is compared with the msOriginationForest attribute 
    Const masterDomain As String  = "g1.local" 'msOriginatingForest format
 
    'The master MA Name is the GALSync MA Name in the ILM GUI
    Const masterMAName As String  = "GALSYNC1" 'MA NAME
 
    Dim IsHub As Boolean  = _
           currentMVentry(EXCH_ORIGINATING_FOREST).StringValue.Equals(masterDomain)   
    Dim IsSpoke As Boolean  = (Not  mANAme.Equals(masterMAName))   
    'Provisioning OK if
          '1. source = hub and target = spoke
          '2. source = spoke and target = hub
 
    'Provisioning NOT OK if  
          'source = spoke and target = spoke  
 
    'Sample configuration with Hub: GAL1, spokes = GAL2,GAL3
       'See Truth table below
 
    'The function who matches this functionality is an inverted XOR
    'More info: http://en.wikipedia.org/wiki/XNOR_gate
 
    Return Not  (IsSpoke Xor  IsHub)   
End Function

 

Truth table:

'Source MA

Target MA

isHub

IsSpoke

ShouldProvision Result

GAL1

GAL2

TRUE

TRUE

TRUE

GAL1

GAL3

TRUE

TRUE

TRUE

GAL2

GAL1

FALSE

FALSE

TRUE

GAL2

GAL3

FALSE

TRUE

FALSE

GAL3

GAL1

FALSE

FALSE

TRUE

GAL3

GAL2

FALSE

TRUE

FALSE

In the Sub Provision of the GALMV.vb extension, add a call to the ShouldProvision function, like

       

/../
For i = 0 To galMAs.Length - 1
     MA = mventry.ConnectedMAs(galMAs(i).MAName)
     If 0 = MA.Connectors.Count Then
     '
     ' If there were no connectors, then we are going to add one
     '
     '## NEW CODE SNIPPET##>
     If shouldprovision(mventry, galMAs(i).MAName) THEN _  '<## NEW CODE SNIPPET##
     AddOrRenameConnector(MA, galMAs(i), mventry)
     ElseIf 1 = MA.Connectors.Count Then
/../

In this way the provisioning is blocked if not allowed.

 

See also: