Different hardware load balancers provides various methods of determining the health of the hardware and applications that they are serving. This section describes general recommendations rather than vendor-specific cases.
Complicating the issue of server health determination is that SiteMinder health and load may not be the only consideration for the load balancer. For example, a relatively unburdened Policy Server can be running on a system otherwise burdened by another process. The load balancer should therefore also take into account the state of the server itself (CPU, Memory Usage and Disk Activity).
Hardware load balancers can use active monitors to poll the hardware or application for status information. Each major vendor supports various active monitors. This topic describes several of the most common monitors and their suitability for monitoring the Policy Server.
The TCP Half Open monitor performs a partial TCP/IP handshake with the Policy Server. The monitor sends a SYN packet to the Policy Server. If the Policy Server is up, it sends a SYN-ACK back to the monitor to indicate that it is healthy.
An SNMP monitor can query the SiteMinder MIB to determine the health of the Policy Server. A sophisticated implementation can query values in the MIB to determine queue depth, socket count, threads in-use, and threads available, and so on. SNMP monitoring is therefore the most suitable method for getting an in-depth sense of Policy Server health.
To enable SNMP monitoring, configure the SiteMinder OneView Monitor and SNMP Agent on each Policy Server. For more information, refer to Using the OneView Monitor and Monitoring CA SiteMinder® Using SNMP.
Note: Not all hardware load balancers provide out-of-the-box SNMP monitoring.
The ICMP health monitor pings the ICMP port of almost any networked hardware to see if it is online. Because the ICMP monitor does little to prove that the Policy Server is healthy, it is not recommended for monitoring Policy Server health.
The TCP Open Monitor performs a full TCP/IP handshake with a networked application. The monitor sends well-known text to a networked application; the application must then respond to indicate that it is up. Because the Policy Server uses end-to-end encryption of TCP/IP connections and a proprietary messaging protocol, TCP Open Monitoring is unsuitable for monitoring Policy Server health.
In-band health monitors run on the hardware load balancer and analyze the traffic that flows through them. They are lower impact than active monitors and impose very little overhead on the load balancer.
In-band monitors can be configured to detect a particular failure rate before failing over. In-band monitors on some load balancers can detect issues with an application and specify an active monitor that will determine when the issue has been resolved and the server is available once again.
|
Copyright © 2015 CA Technologies.
All rights reserved.
|
|