Policy Server Guides › Policy Server Administration Guide › Clustering Policy Servers › Clustered Policy Servers Introduced

Clustered Policy Servers Introduced

Load balancing and failover in a CA SiteMinder® deployment provide a high level of system availability and improve response time by distributing requests from CA SiteMinder® Agents to Policy Servers. Defining clusters in combination with load balancing and failover further enhance the level of system availability and system response time.

Traditional round robin load balancing without clusters distributes requests evenly over a set of servers. However, this method is not the most efficient in heterogeneous environments, where computing powers differ, because each server receives the same number of requests regardless of its computing power.

Another problem with efficiency can occur when data centers are located in different geographical regions. Sending requests to servers outside a certain locale can lead to the increased network communication overhead, and in some cases to the network congestion.

To address these issues and to improve system availability and response time, you can define a cluster of Policy Servers and associated CA SiteMinder® Agents configured to perform (software-based) load balancing and failover.

Policy Server clusters provide the following benefits over a traditional load balancing/failover scheme:

• Load is dynamically distributed between Policy Servers in a cluster based on server response time.
• A cluster can be configured to failover to another cluster when the number of available servers in the cluster falls below a configurable threshold.

Note: Policy Servers clusters are not suitable or necessary for environments in which Policy Servers communicate with Agents through hardware load balancers.

The following figure illustrates a simple CA SiteMinder® deployment using two clusters:

Consider Cluster A and Cluster B as distributed in two different geographical locations, separated by several time zones. By dividing the Web Agents and Policy Servers into distinct clusters, the network overhead involved with load balancing across geographically separate regions is only incurred if the Policy Servers in one of the clusters fail, requiring a failover to the other cluster.

More information:

Failover Thresholds

Clustered Environment Monitoring

Failover Thresholds

In any clustered CA SiteMinder® environment, you must configure a failover threshold. When the number of available Policy Servers falls below the specified threshold, all requests that would otherwise be serviced by the failed Policy Server cluster are forwarded to another cluster.

The failover threshold is represented by a percentage of the Policy Servers in a cluster. For example, if a cluster consists of four Policy Servers, and the failover threshold for the cluster is set at 50%, when three of the four Policy Servers in the cluster fail, the cluster fails, and all requests fail-over to the next cluster.

The default failover threshold is zero, which means that all servers in a cluster must fail before failover occurs.

Hardware Load Balancing Considerations

If you are deploying a hardware load balancer between the CA SiteMinder® Policy Server and Web Agents, consider the following:

• Do not configure a TCP heartbeat or health–check directly against the Policy Server TCP ports. Heartbeats and health–checks applied directly against the TCP ports of the Policy Server can adversely affect its operation.
• Design a comprehensive facility for the load balancer to test the operational health of the Policy Server.
• Consider the impact of a single Policy Server configuration on the Web Agent failover algorithm as opposed to a multiple Policy Server configuration.
• Consider performance and failure scenarios in Web Agent and Policy Server tuning and monitoring.
• If the load balancer is configured to proxy Agent-to-Policy-Server connections, consider the timeouts and the socket states of the load balancer.

  Note: For more information about deploying a hardware load balancer between Web Agents and Policy Servers, see the related Knowledge Base article (TEC511443) on the Support site.

More information:

Contact CA Technologies

Configure Clusters

Policy Server clusters are defined as part of a Host Configuration Object. When a CA SiteMinder® agent initializes, the settings from the Host Configuration Object are used to setup communication with Policy Servers.

Note: For more information about Host Configuration Objects, see the Web Agent Configuration Guide and the Policy Server Configuration Guide.

Follow these steps:

1. Select the Infrastructure, Hosts. Host Configuration Objects.
2. Click Create Host Configuration.
3. In the Clusters section, click Add.

   The Cluster Setup section opens.

   Note: You can click Help for a description of fields, controls, and their respective requirements.

4. Enter the IP address and the port number of the Policy Server in the Host and Port fields respectively.
5. Click Add to Cluster.

   The Policy Server appears in the servers list in the Current Setup section.

6. Repeat these steps to add other Policy Servers to the cluster.
7. Click OK to save your changes.

   Your return to the Host Configuration dialog The Policy Server cluster is listed in a table.

8. In the Failover Threshold Percent field, enter a percentage of the number of Policy Servers that must be active and click Apply.

   If the percentage of active servers in the cluster falls below the percentage you specify, the cluster fails over to the next available cluster in the list of clusters. This setting applies to all clusters that use the Host Configuration Object.

   Important! The Policy Server specified in the Configuration Values section is overwritten by the Policy Servers specified in a cluster. This Policy Server is no longer used because a cluster is configured. For the value of the Policy Server parameter in the Configuration Values section to apply, do not specify any Policy Servers in a cluster. If clusters are configured, and you decide to remove the clusters in favor of a simple failover configuration delete all Policy Server information from the cluster.

9. Click Submit to save your changes.