Previous Topic: Configuring SiteMinder Agent to Policy Server Communication Using a Hardware Load BalancerNext Topic: Using the OneView Monitor


Clustering Policy Servers

This section contains the following topics:

Clustered Policy Servers

Configure Clusters

Configure a Policy Server as a Centralized Monitor for a Cluster

Point Clustered Policy Servers to the Centralized Monitor

Clustered Policy Servers

Load balancing and failover in a CA SiteMinder® deployment provide a high level of system availability and improve response time by distributing requests from CA SiteMinder® Agents to Policy Servers. Defining clusters in combination with load balancing and failover further enhance the level of system availability and system response time.

Traditional round robin load balancing without clusters distributes requests evenly over a set of servers. However, this method is not the most efficient in heterogeneous environments, where computing powers differ, because each server receives the same number of requests regardless of its computing power.

Another problem with efficiency can occur when data centers are located in different geographical regions. Sending requests to servers outside a certain locale can lead to the increased network communication overhead, and in some cases to the network congestion.

To address these issues and to improve system availability and response time, you can define a cluster of Policy Servers and associated CA SiteMinder® Agents configured to perform (software-based) load balancing and failover.

Policy Server clusters provide the following benefits over a traditional load balancing/failover scheme:

Note: Policy Servers clusters are not suitable or necessary for environments in which Policy Servers communicate with Agents through hardware load balancers.

The following figure illustrates a simple CA SiteMinder® deployment using two clusters:

Diagram showing clustered policy servers.

Consider Cluster A and Cluster B as distributed in two different geographical locations, separated by several time zones. By dividing the Web Agents and Policy Servers into distinct clusters, the network overhead involved with load balancing across geographically separate regions is only incurred if the Policy Servers in one of the clusters fail, requiring a failover to the other cluster.

More information:

Failover Thresholds

Clustered Environment Monitoring

Failover Thresholds

In any clustered CA SiteMinder® environment, you must configure a failover threshold. When the number of available Policy Servers falls below the specified threshold, all requests that would otherwise be serviced by the failed Policy Server cluster are forwarded to another cluster.

The failover threshold is represented by a percentage of the Policy Servers in a cluster. For example, if a cluster consists of four Policy Servers, and the failover threshold for the cluster is set at 50%, when three of the four Policy Servers in the cluster fail, the cluster fails, and all requests fail-over to the next cluster.

The default failover threshold is zero, which means that all servers in a cluster must fail before failover occurs.

Hardware Load Balancing Considerations

If you are deploying a hardware load balancer between the CA SiteMinder® Policy Server and Web Agents, consider the following:

More information:

Contact CA Technologies

Configure Clusters

Policy Server clusters are defined as part of a Host Configuration Object. When a CA SiteMinder® agent initializes, the settings from the Host Configuration Object are used to setup communication with Policy Servers.

Note: For more information about Host Configuration Objects, see the Web Agent Configuration Guide and the Policy Server Configuration Guide.

Follow these steps:

  1. Click Infrastructure, Hosts. Host Configuration Objects.
  2. Click Create Host Configuration.
  3. In the Clusters section, click Add.

    The Cluster Setup section opens.

    Note: You can click Help for a description of fields, controls, and their respective requirements.

  4. Enter the IP address and the port number of the Policy Server in the Host and Port fields respectively.
  5. Click Add to Cluster.

    The Policy Server appears in the servers list in the Current Setup section.

  6. Repeat these steps to add other Policy Servers to the cluster.
  7. Click OK to save your changes.

    Your return to the Host Configuration dialog The Policy Server cluster is listed in a table.

  8. In the Failover Threshold Percent field, enter a percentage of the number of Policy Servers that must be active and click Apply.

    If the percentage of active servers in the cluster falls below the percentage you specify, the cluster fails over to the next available cluster in the list of clusters. This setting applies to all clusters that use the Host Configuration Object.

    Important! The Policy Server specified in the Configuration Values section is overwritten by the Policy Servers specified in a cluster. This Policy Server is no longer used because a cluster is configured. For the value of the Policy Server parameter in the Configuration Values section to apply, do not specify any Policy Servers in a cluster. If clusters are configured, and you decide to remove the clusters in favor of a simple failover configuration delete all Policy Server information from the cluster.

  9. Click Submit to save your changes.

Configure a Policy Server as a Centralized Monitor for a Cluster

The OneView Monitor can be configured to monitor a Policy Server cluster. To enable this configuration, one Policy Server must be set up as a centralized monitor with the other clustered Policy Servers pointing to it.

To configure a Policy Server as a centralized monitor

  1. Start the Policy Server Management Console.

    Important! If you are accessing this graphical user interface on Windows Server 2008, open the shortcut with Administrator permissions. Use Administrator permissions even if you are logged in to the system as an Administrator. For more information, see the release notes for your CA SiteMinder® component.

  2. In the Settings tab, select Allow Incoming Remote Connections.

    Note: For more information about the settings and controls on this tab, click Help, Management Console Help.

  3. Click OK to save your changes and close the Policy Server Management Console.
  4. Restart the OneView Monitor.

This setting allows the centralized Policy Server monitor to accept remote connections from the other clustered Policy Servers.

Note: The network channel between a Policy Server and a Monitor process is non-secure.

After you configure a Policy Server as a centralized monitor, configure the Policy Server Management Console to point the other clustered Policy Servers to it.

More information:

Configuring Port Numbers

Point Clustered Policy Servers to the Centralized Monitor

To point Policy Servers to a centralized monitor

  1. For each Policy Server that will point to the monitoring service, open the Policy Server Management Console.

    Important! If you are accessing this graphical user interface on Windows Server 2008, open the shortcut with Administrator permissions. Use Administrator permissions even if you are logged in to the system as an Administrator. For more information, see the release notes for your CA SiteMinder® component.

  2. In the Settings tab, under OneView Monitor, select Connect to Remote Monitor.

    Note: For more information about the settings and controls on this tab, click Help, Management Console Help.

  3. In the field below, enter the hostname and TCP port number of the system where the monitoring service is configured. For example:

    server.company.com:44449.

  4. Click OK to save your changes and close the Policy Server Management Console.
  5. Restart the Policy Server.