Federation Manager GuideFailover Support for Federation ManagerHow To Configure Failover with SSL Enabled › Configure SSL-enabled Failover Behind a Load Balancer

Previous Topic: How To Configure Failover with SSL Enabled

Next Topic: Migrate the SSL Setup to the Secondary System

Configure SSL-enabled Failover Behind a Load Balancer

If Federation Manager is behind a TCP load-balancer, the load balancer passes the requests to Federation Manager, which then handles the server-side SSL processing.

To configure Federation Manager for SSL-enabled failover behind a load balancer

  1. Install Federation Manager on each machine, specifying the same Federation Manager Administrator Password for each installation.

    Note: Federation Manager can be installed in standalone or proxy deployment mode, but the primary and secondary server must use the same mode.

  2. Run the Configuration wizard and use the same database connection information on both machines.
  3. When the Configuration wizard prompts for the Apache Configuration information, specify the same virtual host name in the Server Name setting for the primary and secondary Federation Manager machines. Both machines must use the same virtual host name.

    If Federation Manager is using more than one virtual host or domain, the proxy engine's server.conf file needs to list the additional host names and domains in the hostnames field of the Default VirtualHost.

    To edit server.conf

    1. Navigate to the following directory:

      Windows: federation_mgr_home\secure-proxy\proxy-engine\conf

      Solaris: federation_mgr_home/secure-proxy/proxy-engine/conf

    2. Open the server.conf file in an editor.
    3. Go to the # Default Virtual Host section and add the names to the hostnames setting using a fully qualified URL, as follows.

      <VirtualHost name="default">

      hostnames="virtualhost1.ca.com, virtualhost2.ca.com"

      </VirtualHost>

      Note: You can specify multiple URLs for the hostnames setting, separating each entry with a comma.

  4. Log in to the Federation Manager UI.
  5. From the Infrastructure tab, select System Settings.

    The Configure System Settings dialog displays.

  6. Change the Global Base URL to include the host and port of the Proxy Server or load balancer in your federated network. Setting this URL properly ensures that the default URL for all entities in any partnership is correct.

    If you change the value of this field, you must also specify the modified URL in the proxy engine's server.conf file.

    To modify the server.conf file

    1. Navigate to federation_mgr_home/secure-proxy/proxy-engine/conf.
    2. Open the server.conf file in an editor.
    3. Go to the # Default Virtual Host section and add the base URL to the hostnames setting using a fully qualified URL, as follows.

      <VirtualHost name="default">

      hostnames="defaultbaseurl.ca.com, newbaseurl.ca.com"

      </VirtualHost>

    Note: You can specify multiple URLs for the hostnames setting, separating each entry with a comma.

  7. Enable SSL for the embedded Apache Web Server on the primary Federation Manager machine.
  8. Migrate the Apache SSL configuration to the secondary machine in the failover environment.
  9. At the load balancer, configure multiple IP addresses for the same host name, which map to the Federation Manager machines.

More information:

Federation Manager Installation

Maintaining Configuration Changes in a Failover Environment

Copyright © 2010 CA. All rights reserved. Email CA about this topic