CA SiteMinder® Federation Standalone Guide › Load Balancing Support for Federation System › How to Configure Load Balancing › Set up the Federation Systems to Work with a Load Balancer

Set up the Federation Systems to Work with a Load Balancer

To use load balancing across a federation deployment, set up two or more CA SiteMinder® Federation Standalone systems.

Note: The procedure assumes that all systems are version 12.52.

Follow these steps:

1. Install the product on each system, specifying the same Federation Administrator Password for each installation.

   Note: Whether the prodcut is run in standalone or proxy mode, the servers must use the same mode.

2. Run the Configuration Wizard on one system.
3. Log in to the Administrative UI.
4. Navigate to Infrastructure, System Settings.
5. In the Server Settings section, change the Global Base URL to include the host and port of the load balancer in your network. Set this URL so that the default URL for all partnership entities is correct.
6. Set up a federation partnership by completing the following tasks
   1. Import certificates and private keys.
   2. Establish user directories connections.
   3. Configure local entities.
   4. Specify a remote entity.
   5. Configure a partnership between the local and remote entities.
   6. Verify that the federation works with the remote partner.
7. Run the Configuration Wizard on the secondary systems, using the same virtual host name of the load balancer that you entered for the first system.

   Each federation system must use the same virtual host name. The virtual host name is the host that you specify for the Server Name in the Apache configuration when you run the Configuration Wizard.

   If the product uses more than one virtual host or domain, modify the server.conf file to include the additional entries.

   To modify the server.conf file

   1. Navigate to federation_install_dir/secure-proxy/proxy-engine/conf.
   2. Open the server.conf file in an editor.
   3. Go to the # Default Virtual Host section.
   4. Add the base URL to the hostnames setting using fully qualified host names, as follows:

      <VirtualHost name="default">

      hostnames="defaultbaseurl.example.com:80, newbaseurl.example.com:80"

      </VirtualHost>

      Note: Specify multiple host_name:port entries for the hostnames setting, separating each entry with a comma.

      Example:

      <VirtualHost name="default"

      hostnames=lb5.example.com:80

      </VirtualHost>

8. Migrate SSL keys and certificates that are stored by the embedded Apache and Tomcat web servers.
   • Follow the SSL migration procedure to complete this task. Migrating SSL data lets you avoid the purchase of a new key or certificate.
   • Generate a new key/certificate request and then get the certificate signed. SSL certificates are not included in the imported configuration file.

   Note: Replicate any change to the certificate configuration on one system to all other systems. Make configuration changes from the Certs and Keys page in the UI. Changes include adding or removing certificates, keys, or CRL data.

9. Log in to the Administrative UI on the other systems that do not have partnerships configured.
10. Navigate to Infrastructure, System Settings. In the UI Settings section, click Disable Administration.

    Access the Administrative UI locally, without going through the load balancer. If the other systems are up and running, enable administration on only one system. If the administration system is disabled at any time, log in a different system and reenable administration.

Now that all federation systems are pointing to the same data store, the configured load balancer is able to balance traffic between the systems.