Novell recommends using replication to provide the first line of protection for NDS in a multi-server installation. Additionally, back up the NDS database on a regular basis in case it is needed to replace objects that have been accidentally deleted.
Note that if you have multiple servers in the NDS tree, the entire NDS can be backed up from any of those servers. You do not need to back up all of NDS from all of the NDS TSAs in the tree unless you are doing it for redundancy purposes.
Single-server strategy. NDS installations that consist of a single network server must rely completely on Backup Exec to provide protection for the directory database, since the built-in replication feature cannot be used.
You should back up the entire NDS database whenever any type of backup (either full or modified) is performed. If the NDS database rarely changes, that is, if the objects stored within and/or their properties and values are seldom modified, then less frequent backups may be performed.
As with file system backups, you must consider what might be lost if a disaster occurs on the day the next full backup is to be performed. Be sure to figure in the time it takes to rebuild the changes to the directory manually, if such a disaster occurs.
Single administrator – multiple servers strategy. NDS installations that have a single network administrator (a single object with supervisor rights to the entire directory database), and multiple servers should rely almost entirely on the built-in replication features of NDS for fault tolerance. If a disaster occurs on a specific server, NDS remains intact and available from replicas that are stored on other servers. When the failed server is repaired, NDS is reinstalled using Novell’s NWCONFIG.NLM on NetWare 5.x or later. Replicas are then placed back onto the server, if required.
Multiple administrator strategy. NDS installations that have multiple network administrators, each with access to only a portion of the directory tree, are faced with additional challenges when designing a backup strategy. Within this type of installation, it is rare that an object has full rights to the entire directory tree, as is the case with many smaller- to medium-sized networks.
Instead, the tree is logically broken into smaller components. For example, partitions with specific administrators assigned the responsibility to manage each component. While this type of installation offers the highest level of network security, it brings with it the most complicated level of disaster recovery.
The best method for implementing fault tolerance should remain partition replication. Because it is likely that Inherited Rights Filters (IRFs) are applied at the container level, a properly replicated directory offers a much quicker restoration in the event of a disaster. If possible, you should create an object that has full rights as a trustee of the root of the NDS tree, and perform full backups on the NDS tree, instead of partial backups. Doing so reduces the complexity of rebuilding NDS in the event of a disaster.