Previous Topic: Trusted Hosts for Web AgentsNext Topic: SiteMinder Agents Overview


Host Configuration Objects for Trusted Hosts

Host Configuration Objects hold configuration settings for trusted hosts. After a trusted host connects to a Policy Server, it uses the settings in the Host Configuration Object.

On the Web Agent side, the Host Configuration Object being used by the trusted host is identified in the hostconfigobject parameter of the SmHost.conf file. The settings in the SmHost.conf file are used by the Web Agent during the initialization phase of each web server child process. This means that the SmHost.conf file is not only used at start-up, but may also be used at run time by web servers that start new child processes to add capacity or to replace processes that stop unexpectedly. After initialization, the settings in the Host Configuration Object are used.

You need to create a Host Configuration Object before you can create trusted host objects.

Copy a Host Configuration Object

To create a Host Configuration object, we recommend you to copy an existing Host Configuration object and modify its properties. You can copy the DefaultHostSettings object and use its properties as a template for the new object.

Important! The name of a Host Configuration Object must be unique; do not use the same name as an existing Agent object. If you use a name assigned to another Web Agent, a message displays stating that the trusted host exists.

To copy a host configuration object

  1. Click Infrastructure, Hosts.
  2. Click Host Configuration Objects.

    The Host Configuration Objects page appears.

  3. Click Create Host Configuration.

    The Host Configuration Search page appears.

  4. Select Create a copy of an object of type Host Configuration and click OK.

    Note: By default, the DefaultHostSettings Host Configuration Object is selected.

    The Create Host Configuration page appears.

    Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.

  5. Enter a name and description.

    Note: Do not start the host configuration object name with a hyphen ("-") character.

  6. In Configuration Values and Clusters, modify the properties that are different for the new object.
  7. Click Submit.

    The Host Configuration Object is created.

Add Multiple Policy Servers to the Host Configuration Object

A trusted host can access multiple Policy Servers. To set up trusted host connections and failover or round robin operation, add the Policy Servers to a Host Configuration object.

Note: If you are using a hardware load balancer to expose Policy Servers as multiple virtual IP addresses (VIPs), we recommend that you configure those VIPs in a failover configuration. Round robin load balancing is redundant as the hardware load balancer performs the same function more efficiently.

Note: The following procedure assumes that you are creating an object. You can also copy the properties of an existing object to create an object.

To add a Policy Server to a Host Configuration object

  1. Click Infrastructure, Hosts
  2. Click Host Configuration Objects.

    The Host Configuration Objects page appears.

  3. Click Create Host Configuration and then click OK.

    The Create Host Configuration page appears.

    Note: By default, the Create a new object of type Host Configuration option is selected.

    Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.

  4. Type the name and a description of the Host Configuration object.
  5. Specify the Host Configuration settings.
  6. In the Clusters group box, click Add.

    The Add Cluster page appears.

  7. Type the IP address and port number of the Policy Server that you want to add to the cluster.

    Note: To add another Policy Server to the cluster, click Add to Cluster. To delete a Policy Server from the cluster, click the minus sign next to Port. To change the sequence of Policy Servers in the cluster, click the up and down arrows.

  8. Click OK.

    The cluster is added.

    Note: To modify a cluster, click the right-facing arrow to its left. To delete a cluster, click the minus sign to its right. To add another cluster, click Add under Clusters, and repeat steps 6 and 7.

  9. Enter the percentage of failover threshold.

    Note: If the percentage of active servers in a cluster is equal to or below the specified percentage, the cluster fails over to the next available cluster in the cluster list.

  10. Click Submit.

    The Host Configuration Object is updated with Policy Server details.

More information:

Host Configuration Objects for Trusted Hosts

Operation Mode

Configure Policy Server Clusters for a Host Configuration Object

You can configure multiple Policy Servers in a cluster for failover operation. Clustering servers enable failover from one group of servers to another.

Note: If you are using a hardware load balancer to expose Policy Servers as multiple virtual IP addresses (VIPs), we recommend that you configure those VIPs in a failover configuration. Clustering is redundant because the hardware load balancer performs the same function more efficiently.

Policy Server clusters are defined as part of a Host Configuration Object. When a CA SiteMinder® Web Agent initializes, the settings from the Host Configuration Object are used to setup communication with Policy Servers.

Note: The following procedure assumes that you are creating an object. You can also copy the properties of an existing object to create an object.

To configure a cluster

  1. Click Infrastructure, Hosts.
  2. Click Host Configuration Objects.

    The Host Configuration Objects page appears.

  3. Click Create Host Configuration and then click OK.

    The Create Host Configuration page appears.

    Note: By default, the Create a new object of type Host Configuration option is selected.

    Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.

  4. Type the name and a description of the Host Configuration object.
  5. Specify the Host Configuration settings.
  6. In the Clusters section, click Add.

    The Add Cluster page appears.

  7. Type the IP address and port number of the Policy Server that you want to add to the cluster.

    Note: To add another Policy Server to the cluster, click Add to Cluster. To delete a Policy Server from the cluster, click the minus sign next to Port. To change the sequence of Policy Servers in the cluster, click the up and down arrows.

  8. Click OK.

    The cluster is added.

    Note: To modify a cluster, click the right-facing arrow in the first column. To delete a cluster, click the minus sign in the last column. To add another cluster, click Add, and repeat steps 7 and 8.

  9. Type a percentage for the Failover Threshold.

    SM automatically calculates the Failover Threshold value that is based on both the number of Policy Servers configured in the cluster and the Failover Threshold Percent you specify. The Failover Threshold value (displayed in the column to the right of the list of servers in each cluster) is the total number of Policy Servers that must be active in the Cluster to consider the Cluster available based on your configuration. If the number of Active Servers in the Cluster falls below the displayed Failover Threshold value, the Cluster fails over to the next available Cluster in the list. If the calculation of the Failover Threshold value that is based on your configuration would result in a non-whole number, the Policy Server rounds the value up to the nearest integer.

    For example, consider a Cluster with 5 Policy Servers configured.

    With a Failover Threshold Percentage ...;

    ...in the range between [0% - 19%], the value of required active servers (Failover Threshold) is rounded up to 1 .

    ...of 20%, the calculated value for Failover Threshold is 1 .

    in the range between [21% - 39%], the value for Failover Threshold is rounded up to 2 .

    of 40%, the calculated value for Failover Threshold is 2 .

    in the range between [41% - 59%], the value for Failover Threshold is rounded up to 3 .

    of 60%, the calculated value for Failover Threshold is 3 .

    in the range between [61% - 79%], the value for Failover Threshold is rounded up to 4 .

    of 80%, the calculated value for Failover Threshold is 4 .

    in the range between [81% - 99%], the value for Failover Threshold is rounded up to 5 .

    of 100%, the calculated value for Failover Threshold is 5 .

    When you set the Failover Threshold Percentage, it applies to all clusters that use the Host Configuration Object.

    Note: If the percentage of active servers in a cluster is equal to or below the specified percentage, the cluster fails over to the next available cluster in the cluster list.

  10. Click Submit.

    The Host Configuration Object is configured with the Policy Server.

    Important! Configuration Values specifies a single Policy Server and a simple failover operation that are only used when no clusters are specified. If you decide to delete all clusters in favor of a simple failover operation, be sure to delete all Policy Server information.

More information:

Duplicate Policy Server Objects