Considering the directory proxy servers for SDS:

https://www.ibm.com/support/knowledgecenter/en/SSVJJU_6.4.0/com.ibm.IBMDS.doc_6.4/ds_ag_srv_adm_dd_proxy_server.html

1. can the directory proxy servers run active/active but still treat the SDS servers behind them as active/passive ? (i.e. provide a load balanced way in for load balancers which only support distributing load - not active/passive configuration. e.g. azure LBs, etc)

2. Do the directory proxy servers proxy 12100 HTTPS admin interface traffic AND port 636 LDAPS or just LDAPS  ? (we require both as solution makes use of DSML interface and LDAP interface)

3. If they do handle both ports/services - can you confirm that they can treat port 12100 traffic similarly to port 636 traffic in ensuring that only one of the 2 SDS servers behind them will receive requests at any time (active/passive) since our solution is highly dependant on only one SDS server being active (receiving ALL services/ports traffic at any time)
   
   
   

Hello Latha,

1) Running Directory Proxy Servers in active/active mode is a perspective from a client application or load balancer/VIP view. Yes, you can configure your client applications/load balancers/VIPs to treat available Directory Proxy Servers in what ever the configuration per your application needs. Could be active/active or active/passive etc...
Now coming to one Directory Proxy Server, the default configuration would be send all updates to one backend server behind the proxy and load balance all the reads across all available backend servers. The only allowed configuraable change is to make the Directory Proxy Server send all the updates and reads to only one backend server (making the remaining backend server(s) to be passive or stand by). This configuration is suggested for applications (such as ISIM) which demand high degree of data consistency. (To enable high consistency, you need to set the attribute ibm-slapdProxyHighConsistency to true.)
Refer: https://www.ibm.com/support/knowledgecenter/SSVJJU_6.4.0/com.ibm.IBMDS.doc_6.4/ds_ag_srv_adm_dd_high_consistency.html

2) Directory Proxy Server is similar to a normal (backend) SDS instance with db2 database with reference to ports. Directory Proxy Server will have 4 ports, 2 for normal proxy ibmslapd (e.g.: non-ssl 389 and ssl 636) and similarly a non-ssl and ssl port for admin server ibmdiradm process.
Typically SDS Web Admin Tool (which runs in a WebSphere Application Server Profile) uses ports 12100 (http) and 12101 (https). These are only meant for administering SDS instances from a browser interface.
Neither Directory Proxy Server nor SDS Web Admin Tool handles DSML requrests. You need to have a DSML service configured (it may use port 12100 in case if Web Admin Tool is not using it on a given system). Do you know what solution you have in place for this DSML service. In the backend of this DSML service, it could either go to a Directory Proxy Server or a normal backend Directory Server.

Just to give you a text based graphical representation:
DSMLClient <---httpsPort--> DSMLService <--ldapsPort--> LDAPServer(Proxy or Normal server)

3) You need to look to what solution you have in place for DSML. But in short, if high consistency feature is turned on (true) in Directory Proxy Server, it will route all the updates/reads from any client to only one backend Directory Server (in active / standby mode), irrespective of which client is connecting to Proxy.

I hope this helps.

Thanks,
Ram.