WAN Traffic Manager comes with the following predefined policy groups. For more information on applying policy groups in ConsoleOne, see Applying WAN Policies.
The policies in this group limit the time traffic can be sent to between 1 a.m. and 3 a.m. There are two policies.
This policy limits the checking of backlinks, external references, and login restrictions, the running of janitor or limber, and schema synchronization to these hours.
This policy limits all other traffic to these hours.
To restrict all traffic to these hours, both policies must be applied.
The policies in this group limit the time traffic can be sent to between 7 a.m. and 6 p.m. There are two policies.
This policy limits the checking of backlinks, external references, and login restrictions, the running of janitor or limber, and schema synchronization to these hours.
This policy limits all other traffic to these hours.
To restrict all traffic to these hours, both policies must be applied.
The policies in this group only allow traffic to be sent that has a cost factor below 20. There are two policies.
This policy prevents the checking of backlinks, external references, and login restrictions, the running of janitor or limber, and schema synchronization unless the cost factor is less than 20.
This policy prevents all other traffic unless the cost factor is less than 20.
To prevent all traffic with a cost factor of 20 or more, both policies must be applied.
The policies in this group allow only IPX traffic. There are two policies.
This policy prevents the checking of backlinks, external references, and login restrictions, the running of janitor or limber, and schema synchronization unless the traffic that is generated is IPX.
This policy prevents all other traffic unless the traffic is IPX.
To prevent all non-IPX traffic, both policies must be applied.
The policies in this group are sample policies for various eDirectory traffic types. They contain the variables eDirectory passes in a request of this type.
This is a sample policy for traffic types with addresses.
This is a sample policy for traffic types without addresses.
Before eDirectory checks any backlinks or external references, it queries WAN Traffic Manager to see if this is an acceptable time for this activity. NDS_BACKLINKS does not have a destination address; it requires a NO_ADDRESSES policy. If WAN Traffic Manager returns DONT_SEND, backlink checking will be put off and rescheduled. The following variables are supplied.
The time of the last round of backlink checking since eDirectory started. When eDirectory starts, Last is initialized to 0. If NDS_BACKLINKS returns SEND, Last is set to the current time after eDirectory finishes backlinking.
The version of eDirectory.
The expiration interval for all connections created while backlinking. <0, 0 Use the default expiration interval (default). >0 Expiration interval to be assigned to this connection.
Table 64.
Value
Description
This variable indicates when eDirectory should schedule the next round of backlink checking. In past, 0 Use the default scheduling. In future Time when backlinking should be scheduled.
Table 65.
Value
Description
This variable tells eDirectory what to do if it needs to create a new connection while doing backlinking. CheckEachNewOpenConnection is initialized to 0.
Table 66.
This variable tells eDirectory what to do if it needs to reuse a connection it believes is already open while doing backlinking. CheckEachAlreadyOpenConnection is initialized to 0.
Table 67.
NDS_BACKLINK_OPEN is a traffic type that is used only if either CheckEachNewOpenConnection or CheckEachAlreadyOpenConnection was set to 1 during the corresponding NDS_BACKLINKS query.
This query is generated whenever CheckEachNewOpenConnection is 1 and eDirectory needs to open a new connection for backlinking or CheckEachAlreadyOpenConnection is 1 and eDirectory needs to reuse an already existing connection.
The version of eDirectory.
If ConnectionIsAlreadyOpen is TRUE, ExpirationInterval will be set to the expiration interval already set on the existing connection. Otherwise it will be set to the ExpirationInterval assigned in the NDS_BACKLINKS query. A 0 value indicates that the default (2 hours) should be used. On exit, the value of this variable is assigned as the expiration interval for the connection. <0, 0 Use the default expiration interval (default). >0 Expiration interval to be assigned to this connection.
Table 68.
Value
Description
This variable is TRUE if eDirectory can reuse an existing connection and FALSE if it needs to create a new connection.
Table 69.
If ConnectionIsAlreadyOpen is TRUE, then ConnectionLastUsed is the last time that a packet was sent from eDirectory using this connection. Otherwise, it will be 0. TRUE ConnectionLastUsed is the time that eDirectory last sent a packet on this connection. FALSE ConnectionLastUsed will be 0.
Table 70.
Value
Description
Before eDirectory checks a login restriction, it queries WAN Traffic Manager to see if this is an acceptable time for this activity. The traffic type NDS_CHECK_LOGIN_RESTRICTIONS does not have a destination address; it requires a NO_ADDRESSES policy. If WAN Traffic Manager returns DONT_SEND, the check will error out. The following variables are supplied:
The version of eDirectory.
If the result of NDS_CHECK_LOGIN_RESTRICTIONS is DONT_SEND, then the values in Table 71 will be returned to the operating system. 0 Login is allowed. 1 Login is not allowed during the current time block. 2 Account is disabled or expired. 3 Account has been deleted.
Table 71.
Value
Description
The expiration interval that should be assigned to this connection. <0, 0 Use the default expiration interval (default). >0 Expiration interval to be assigned to this connection.
Table 72.
Value
Description
Table 73.
Table 74.
NDS_CHECK_LOGIN_RESTRICTION_OPEN is used only if either CheckEachNewOpenConnection or CheckEachAlreadyOpenConnection was set to 1 during the corresponding NDS_CHECK_LOGIN_RESTRICTIONS query. This query is generated whenever CheckEachNewOpenConnection is 1 and eDirectory needs to:
The following variables are provided:
The version of eDirectory.
<0, 0 Use the default expiration interval (default). >0 Expiration interval to be assigned to this connection.
Table 75.
Value
Description
Table 76.
If ConnectionIsAlreadyOpen is TRUE, then ConnectionLastUsed is the last time that a packet was sent from eDirectory using this connection. Otherwise, it will be 0. TRUE ConnectionLastUsed is the time that eDirectory last sent a packet on this connection. FALSE ConnectionLastUsed will be 0.
Table 77.
Value
Description
Before eDirectory runs the janitor, it queries WAN Traffic Manager to see if this is an acceptable time for this activity. The NDS_JANITOR does not have a destination address; it requires a NO_ADDRESSES policy. If WAN Traffic Manager returns DONT_SEND, janitor work will be put off and rescheduled. The following variables are supplied:
The time of the last round of janitor work since eDirectory started. When eDirectory starts, Last is initialized to 0. If NDS_JANITOR returns SEND, Last is set to the current time after eDirectory finishes the janitor.
The version of eDirectory.
The expiration interval for all connections created while running the janitor. <0, 0 Use the default expiration interval (default). >0 Expiration interval to be assigned to this connection.
Table 78.
Value
Description
This variable indicates when eDirectory should schedule the next round of janitor work. In the past, 0 Use the default scheduling. In the future Time when the janitor should be scheduled.
Table 79.
Value
Description
This variable tells eDirectory what to do if it needs to create a new connection while running the janitor. CheckEachNewOpenConnection is initialized to 0.
Table 80.
This variable tells eDirectory what to do if it needs to reuse a connection it determines is already open while running the janitor. CheckEachAlreadyOpenConnection is initialized to 0.
Table 81.
NDS_JANITOR_OPEN is used only if either CheckEachNewOpenConnection or CheckEachAlreadyOpenConnection was set to 1 during the corresponding NDS_JANITOR query. This query is generated whenever CheckEachNewOpenConnection is 1 and eDirectory needs to open a new connection before doing backlinking, or CheckEachAlreadyOpenConnection is 1 and eDirectory needs to reuse an already existing connection.
The version of eDirectory.
If ConnectionIsAlreadyOpen is TRUE, ExpirationInterval will be set to the expiration interval already set on the existing connection. Otherwise, it will be set to the ExpirationInterval assigned in the NDS_JANITOR query. A 0 value indicates that the default (2 hours, 10 seconds) should be used. On exit, the value of this variable is assigned as the expiration interval for the connection. <0, 0 Use the default expiration interval (default). >0 Expiration interval to be assigned to this connection.
Table 82.
Value
Description
This variable is TRUE if eDirectory needs to reuse an existing connection and FALSE if it needs to create a new connection.
Table 83.
If ConnectionIsAlreadyOpen is TRUE, then ConnectionLastUsed is the last time that a packet was sent from eDirectory using this connection. Otherwise, it will be 0. TRUE ConnectionLastUsed is the time that eDirectory last sent a packet on this connection. FALSE ConnectionLastUsed will be 0.
Table 84.
Value
Description
Before eDirectory runs limber, it queries WAN Traffic Manager to see if this is an acceptable time for this activity. The traffic type NDS_LIMBER does not have a destination address; it requires a NO_ADDRESSES policy. If WAN Traffic Manager returns DONT_SEND, limber will be put off and rescheduled. The following variables are supplied.
The time of last limber since eDirectory started.
The version of eDirectory.
The expiration interval for all connections created while running limber checks. <0, 0 Use the default expiration interval (default). >0 Expiration interval to be assigned to this connection.
Table 85.
Value
Description
Table 86.
Table 87.
Time for the next round of limber checking. If this is not set, NDS_LIMBER will use the default.
NDS_LIMBER_OPEN is used only if either CheckEachNewOpenConnection or CheckEachAlreadyOpenConnection was set to 1 during the corresponding NDS_LIMBER query. This query is generated whenever CheckEachNewOpenConnection is 1 and eDirectory needs to open a new connection before running limber. This query is generated whenever CheckEachNewOpenConnection is 1 and eDirectory needs to open a new connection before doing schema synchronization or CheckEachAlreadyOpenConnection is 1 and eDirectory needs to reuse an already existing connection.
The version of eDirectory.
The expiration interval that should be assigned to this connection. <0, 0 Use the default expiration interval (default). >0 Expiration interval to be assigned to this connection.
Table 88.
Value
Description
Table 89.
If ConnectionIsAlreadyOpen is TRUE, then ConnectionLastUsed is the last time that a packet was sent from DS using this connection. Otherwise, it will be 0. TRUE ConnectionLastUsed is the time that eDirectory last sent a packet on this connection. FALSE ConnectionLastUsed will be 0.
Table 90.
Value
Description
Before eDirectory synchronizes the schema, it queries WAN Traffic Manager to see if this is an acceptable time for this activity. The traffic type NDS_SCHEMA_SYNC does not have a destination address; it requires a NO_ADDRESSES policy. If WAN Traffic Manager returns DONT_SEND, schema synchronization will be put off and rescheduled. The following variables are supplied:
The time of the last successful schema synchronization to all servers.
The version of eDirectory.
The expiration interval for all connections created while synchronizing the schema. <0, 0 Use the default expiration interval (default). >0 Expiration interval to be assigned to this connection.
Table 91.
Value
Description
Table 92.
Table 93.
NDS_SCHEMA_SYNC_OPEN is used only if either CheckEachNewOpenConnection or CheckEachAlreadyOpenConnection was set to 1 during the corresponding NDS_SCHEMA_SYNC query. This query is generated whenever CheckEachNewOpenConnection is 1 and eDirectory needs to open a new connection before doing schema synchronization or CheckEachAlreadyOpenConnection is 1 and eDirectory needs to reuse an already existing connection.
The version of eDirectory.
The expiration interval that should be assigned to this connection. <0, 0 Use the default expiration interval (default). >0 Expiration interval to be assigned to this connection.
Table 94.
Value
Description
Table 95.
If ConnectionIsAlreadyOpen is TRUE, then ConnectionLastUsed is the last time that a packet was sent from eDirectory using this connection. Otherwise, it will be 0. TRUE ConnectionLastUsed is the time that eDirectory last sent a packet on this connection. FALSE ConnectionLastUsed will be 0.
Table 96.
Value
Description
Whenever eDirectory needs to synchronize a replica, it makes a query to WAN Traffic Manager using the traffic type NDS_SYNC. The following variables are provided by eDirectory for use in WAN policies.
Time of the last successful synchronization to this replica.
The version of eDirectory.
The expiration interval for the connection to the server holding the updated replica. <0, 0 Use the default expiration interval (default). >0 Expiration interval to be assigned to this connection.
Table 97.
Value
Description
The policies in this group allow only existing WAN connections to be used. There are two policies:
This policy prevents the checking of backlinks, external references, and login restrictions, the running of janitor or limber, and schema synchronization except on existing WAN connections.
This policy prevents all other traffic to existing WAN connections.
To prevent all traffic to existing connections, both policies must be applied.
The policies in this group allow only existing WAN connections to be used but assumes that a connection that hasn't been used for 15 minutes is being spoofed and should not be used. There are two policies.
This policy prevents the checking of backlinks, external references, and login restrictions, the running of janitor or limber, and schema synchronization except on existing WAN connections that have been open less than 15 minutes.
This policy prevents other traffic to existing WAN connections that have been open less than 15 minutes.
To prevent all traffic to existing connections open less than 15 minutes, both policies must be applied.
The policies in this group allow traffic only in the same network area. A network area is determined by the network section of an address. In a TCP/IP address, Wan Traffic Manager assumes a class C address (addresses whose first three sections are in the same network area). In an IPX address, all addresses with the same network portion are considered to be in the same network area. There are three policies.
This policy prevents the checking of backlinks, external references, and login restrictions, the running of janitor or limber, and schema synchronization unless the traffic that would be generated is in the same network area.
This policy restricts TCP/IP traffic unless the traffic that would be generated is in the same TCP/IP network area.
This policy restricts IPX traffic unless that traffic that would be generated is in the same IPX network area.
The policies in this group allow only TCP/IP traffic. There are two policies.
This policy prevents the checking of backlinks, external references, and login restrictions, the running of janitor or limber, and schema synchronization unless the traffic that would be generated is TCP/IP.
This policy prevents all other traffic unless the traffic is TCP/IP.
To prevent all non-TCP/IP traffic, both policies must be applied.
The policies in this group restrict all traffic to between 1 a.m. and 1:30 a.m. but allows servers in the same location to talk continuously. This group uses the following policies, all of which must be applied:
This policy has a priority of 40 for NA and address traffic.
This policy allows no traffic to be sent. If WAN Traffic Manager finds no (0) policies where the selector returned greater than 0, it defaults to SEND. This policy prevents this case.
This policy restricts NDS_SYNC traffic to between 1 a.m. and 1:30 a.m.
This policy allows all processes to start at any time, but WAN Traffic Manager must be consulted for each *_OPEN call. It schedules the process to run four times a day at 1:00, 7:00, 13:00, and 19:00.
This policy allows all processes to start between 1:00 a.m. and 1:30 a.m. and run to completion without further queries to WAN Traffic Manager. The processes run four times a day, every six hours. The 1:00 process is handled by this policy; the other processes are handled by the Start Rest. Procs, NA.