A trusted host is any client system where one or more agents can be installed.
Register a trusted host from the system where you install an agent. Host registration is part of the Agent configuration process. The registration tool creates the SmHost.conf file. After this file is created successfully, the client computer becomes a trusted host. A trusted host must be registered to communicate with the Policy Server.
Important! You only register the host once, not each time you install or configure a Web Agent.
Upon initialization, the agent uses the configuration settings of trusted host in the Host Configuration File (SmHost.conf). The agent attempts to connect to the first Policy Server listed in the Host Configuration File. If the first attempt fails, the trusted host attempts to connect to the next Policy Server listed.
Note: You cannot create a trusted host using the Administrative UI; you can only view a trusted host once it is registered or delete a trusted host.
Once the Web Agent connects to its bootstrap Policy Server, the trusted host looks for the Host Configuration Object in the Smhost.conf file. The trusted host retrieves its configuration details from this Host Configuration Object.
Most of the trusted host configuration settings are set in a Host Configuration Object. The only exceptions are the PolicyServer and RequestTimeout parameters, which are set in the Host Configuration file, SmHost.conf.
The RequestTimeout parameter specifies the number of seconds that the trusted host waits before deciding that a Policy Server is unavailable. Use this setting to optimize the response time of the web server.
Note: When the Policy Server is busy due to heavy traffic or a slow network connection, increase the RequestTimeout value.
The operation mode determines how the trusted host works with multiple Policy Servers. The following operation modes are available:
Failover is a redundancy mode. If the primary Policy Server fails, there is a backup Policy Server to take over policy operations. Failover is the default operation mode. When the trusted host initializes, it operates in Failover mode.
In this mode, every trusted host request is delivered to the first Policy Server in the list. If that Policy Server does not respond, the trusted host marks it unavailable. The trusted host sends the request to the next Policy Server in the list. If a previously failed Policy Server recovers, it is returned to its original place in the list.
The round‑robin mode is a dynamic load‑balancing mode. The Agents balance their requests among all the Policy Servers that are listed in the Host Configuration Object.
In road robin mode, the trusted host delivers a request to the first Policy Server in the list. The next request is delivered to the second Policy Server in the list, and so on. This process continues until the trusted host has sent requests to all the available Policy Servers. The next request returns to the first Policy Server in the list and the cycle begins again.
If a Policy Server fails, the request is re‑directed to the next Server in the list. The trusted host marks the failed Server as unavailable and redirects all of the requests to other servers. After the failed server recovers, it is automatically restored to its original place in the list.
We recommend this setting because dynamic load balancing produces better throughput when using multiple Policy Servers, resulting in more efficient user authentication and authorization. Dynamic load balancing also prevents a single Policy Server from becoming overloaded with requests. Failover still occurs if one of the load balancing Policy Servers is not available.
The operation mode determines how the trusted host works with multiple Policy Servers. Two operation modes exist: failover and round robin.
Follow these steps:
The value for the EnableFailover parameter applies to all Policy Servers specified in the Host Configuration Object.
The trusted host and Policy Server communicate across TCP/IP connections. The number of available sockets for the authorization, authentication, and accounting ports of the Policy Server determines the number of available TCP/IP connections.
The number of sockets per port controls the number of simultaneous threads accessing the Policy Server from the web server. Separate web server threads handle each user access request. Each thread requires its own socket. The web server maintains a pool of threads for requests and only creates one when there are no more available threads. As traffic increases, the number of sockets per port must increase.
Several settings affect the TCP/IP connections between the trusted host and the Policy Server.
Defines the maximum number of TCP/IP connections that the trusted host uses to communicate with the Policy Server. By default, this value is set to 20, which suits low- and medium-traffic web sites. Increase this number in the following situations:
Determines the number of TCP/IP connections open for the Policy Server at startup. The default value is 2. If you are managing a high-traffic web site, increase this number.
Specifies the number of TCP/IP connections that the Agent opens when new connections are required. The default value is 2. Increase number of sockets to add at each required at each level when you require more sockets.
You delete a trusted host when you are reregistering it. You reregister a host using the smreghost registration tool. This tool is installed with the Web Agent.
Note: You can run the Web Agent Configuration Wizard to reregister a trusted host, but delete or rename the SmHost.conf file or the Wizard does not prompt you to register a trusted host. We recommend that you use the smreghost tool. For more information about registering and reregistering trusted hosts, see the Web Agent Installation Guide.
To delete a trusted host
The Trusted Hosts page appears.
A list of trusted hosts that match the search criteria opens.
Note: You can select more than one trusted host at a time.
You are prompted to confirm the deletion of the host.
The Trusted Host is deleted.
|
Copyright © 2015 CA Technologies.
All rights reserved.
|
|