CA SiteMinder® Federation Standalone Guide › User Directory Connections for Authentication › LDAP Directory Connection › Load Balancing and Failover for LDAP User Directories

Load Balancing and Failover for LDAP User Directories

CA SiteMinder® Federation Standalone can distribute LDAP user directory requests over multiple LDAP servers for failover and load balancing.

For load balancing, the system evenly spreads requests over the specified LDAP servers. Coupled with failover, load balancing provides faster, more efficient access to LDAP user directory information.

For failover, the system uses one LDAP server to fulfill requests until that server fails to respond. When the default server does not respond, the system routes the request to the next server configured for failover. This process can be repeated over multiple servers. After the default server is able to fulfill requests again, requests go back to the original server.

Follow these steps:

1. Select the User Directory tab in the UI.
2. Do one of the following:
   • Select Connect to LDAP to create an LDAP directory connection.
   • Select Action, Modify next to an existing LDAP entry you want to edit.

   The User Directory dialog opens.

3. Click Configure Load-balancing or Failover or both in the Configure LDAP User Directory section of the dialog.

   The LDAP Server Load-balancing and Failover table displays.

4. Enter the IP address and port number of in the form, ip_address:port, in the first Failover Node field. Add the addresses of subsequent directory servers in the remaining fields for failover.

   Note: If you are adding a server for failover, the failover directory must use the same type of communication (SSL or non-SSL) as the primary directory. Both directories share the same port number.

   If you only have one entry in the table, then only failover is supported.

5. To configure another group for load balancing, click Add Row and complete the fields as you did in the previous step.

   You can add the same server multiple times for load balancing, which forces a single system to handle more requests. For example, consider two servers in a group: Server1 and Server2. Server1 is a high-performance server and Server2 is a lesser system. You can add Server1 to the load balancing list twice so that it processes two requests for each request processed by Server2.

Example: Load Balancing and Failover

In this example, a SiteMinder environment contains two user directories, A and B, which must meet the following requirements:

• User directory A must failover to user directory B and load balance with B.
• User directory B must failover to user directory A; and load balance with user directory A.

The configuration requires two load balancing groups.

1. Specify the address for user directory B for the first load balancing group and first failover node.
2. Add a load balancing group by clicking Add row.
3. List user directory B as the first server in the new load balancing group.
4. List user directory A as the second sever in the load balancing group.

The result is two load balancing groups with one server each for failover "A B" and "B A", which load balance each other. If both directories are available, load balancing occurs between the first directories in each group: A and B. If user directory A becomes unavailable, failover occurs to user directory B. This results in user directory B handling all the requests until user directory A becomes available.