WildFire in a large AD environment

Sam_Johnston · May 2, 2006, 10:10pm

I’‘m interested in setting up WildFire in a fairly large, globally distributed AD environment. Currently I have it working nicely against a local (geo based) OU which contains a handful of (function based) OUs and around a thousand users, but I’‘m wary about pointing it at the root for fear of thrashing AD. I was thinking that multiple servers could be a good idea but wasn’'t sure where to start with that - is this possible/supported? Assuming I can have multiple servers sharing the same XMPP domain and sharing presence information, it would follow that I could have an external server as well for external users.

matt · May 4, 2006, 7:25am

sam,

With the latest Wildfire, even very large AD environments should work pretty well. How large of a directory is it?

Can you explain the multiple server idea further? Do you mean multiple Wildfire servers, multiple AD servers?

Regards,

Matt

Sam_Johnston · May 4, 2006, 11:35am

We’‘re talking about two dozen or so AD servers across a dozen locations with about 3,000 active users. There are three main geos (separate OUs) and I was considering setting up a server for each and letting them share presence information between them. I’'d have to go back to the AD books to work out whether each DC has all the information necessary for the searches without having to resort to referrals etc.

matt · May 4, 2006, 4:47pm

Sam,

That sounds pretty reasonable. 3K users in Wildfire should be no problem. Or, if you setup one WIldfire server for each OU and then use server to server to tie them together, that should work great as well.

Regards,

Matt

Cameron_Moore · May 4, 2006, 5:30pm

Correct me if I’‘m wrong, but if you split them onto multiple Wildfire servers, you would need a different realm (ie. Jabber domain) for each server. Isn’'t that right?

matt · May 4, 2006, 5:36pm

Yep, I should have explained that more carefully. You’‘d have something like uk.example.com, jp.example.com, us.example.com as the server names if the OU’'s matched specific countries.

Regards,

Matt

Cameron_Moore · May 4, 2006, 6:28pm

One other thing. If you have then on multiple servers, would you be able to push out shared roster groups from one server to another or could you create shared roster groups on one server that contain users from another domain?