Administration Guide › Deploying the SPS › SPS Deployment in an Enterprise › Sticky-Bit Load Balancing

Sticky-Bit Load Balancing

When using the cookieless session schemes supported by the SPS, session information for users who access resources through SPS is maintained in an in-memory session store. Because the session information is maintained at the SPS where a user is first authenticated, the same SPS should be used for all the user requests in a single session. When implemented in clusters, the SPS must be used in conjunction with sticky-bit load balancers to provide a consistent connection to the same SPS, enabling single sign-on when using session schemes other than the traditional SiteMinder cookie session scheme.

To deploy the SPS using cookieless session schemes the following must be considered:

• In most deployments, the SPS is deployed in clusters, with several servers sharing the load of incoming requests. The load balancing is handled by load balancer devices. These devices must have sticky bit capability to maintain single sign-on.

  Sticky bit load balancers ensure that once a user’s session is established with a specific SPS in a cluster, that SPS services all of the user’s requests. This capability is required because the SPS maintains session information for cookie-less sessions in active memory. If a user’s request is not handled using sticky bit technology, the user will be charged for new credentials each time a request is fulfilled by a different SPS in the cluster of servers.

• When configuring the settings for the SPS, the default virtual host defined in the server.conf file of the SPS must be defined using the name and IP address of the load balancing device.
• The load balancing device must be configured as the point of entry to the SPS.
• The load balancing device must point to the cluster of SPSs.
• The httpd.conf file, located in the sps_home/secure-proxy/httpd/conf directory, must be modified so that the value of the ServerName directive is set to the name of the load balancing device, not the system on which you installed the SPS.
• If using SSL, a certificate must be issued to the load balancer, not the SPS.
• The system or systems on which you install the SPS must have approximately 1K of memory for each simultaneous user session that will be maintained in the in-memory session store. For example, if a single system must maintain 1000 concurrent sessions, the system must have 1 megabyte of RAM available for this purpose.