Federation Manager GuideLoad Balancing Support for Federation ManagerHow to Configure Load Balancing › Set up the Federation Manager Systems to Work with a Load Balancer

Previous Topic: Configure the Load Balancer

Next Topic: Configure Redirections to an SSL Load Balancer (optional)

Set up the Federation Manager Systems to Work with a Load Balancer

To use load balancing across a Federation Manager deployment, set up two or more Federation Manager systems.

To support load balancing with Federation Manager

  1. Install Federation Manager on each system, specifying the same Federation Manager Administrator Password for each installation.

    Note: Federation Manager can run in standalone or proxy mode, but the servers must use the same mode.

  2. Run the Federation Manager Configuration wizard on one system.
  3. Log in to the Federation Manager UI.
  4. Navigate to Infrastructure, System Settings.

    The Configure System Settings dialog displays.

  5. In the Server Settings section, change the Global Base URL to include the host and port of the load balancer in your network. Setting this URL helps ensure that the default URL for all entities in any partnership is correct.
  6. Set up a federation partnership by completing the following tasks
    1. Import certificates and private keys to Federation Manager.
    2. Establish user directories connections.
    3. Configure local entities.
    4. Specify a remote entity. You can import metadata to create the remote entity.
    5. Configure a partnership between the local and remote entities.
    6. Verify that the federation works with the remote partner.
  7. Run the Configuration wizard on the secondary systems, using the same virtual host name of the load balancer that you entered for the first system.

    Each Federation Manager system must use the same virtual host name. The virtual host name is the host you specify for the Server Name in the Apache Configuration when you run the Configuration wizard. If Federation Manager uses more than one virtual host or domain, modify the server.conf file to include the additional entries.

    To modify the server.conf file

    1. Navigate to federation_mgr_home/secure-proxy/proxy-engine/conf.
    2. Open the server.conf file in an editor.
    3. Go to the # Default Virtual Host section.
    4. Add the base URL to the hostnames setting using fully qualified host names, as follows:

      <VirtualHost name="default">

      hostnames="defaultbaseurl.ca.com:80, newbaseurl.ca.com:80"

      </VirtualHost>

      Note: Specify multiple host_name:port entries for the hostnames setting, separating each entry with a comma.

      Example:

      <VirtualHost name="default"

      hostnames=lb5.ca.com:80

      </VirtualHost>

  8. Migrate the smkeydatabase from the primary system to the other systems. If SSL is configured, follow a two part process.

    Note: If you change you any aspect of the certificate configuration on one system, make the same changes to all other systems. Change the configuration using the Certs and Keys page in the UI. Changes can include adding or removing certificates, keys, or CRL data.

  9. Log in to the Federation Manager UI on the other systems that do not have partnerships configured.
  10. Navigate to Infrastructure, System Settings. In the UI Settings section, click Disable Administration.

    Access the Federation Manager UI locally, without going through the load balancer. If the other Federation Manager systems are up and running, enable administration on only one system. If the administration system is disabled at any time, log in a different system and reenable administration.

Now that all Federation Manager systems are pointing to the same database, the load balancer configured previously, can balance traffic between the systems.