Deploying LDAP directories using multimaster technology is a way to achieve policy store redundancy. A multimaster policy store lets each Policy Server communicate with the closest replicated version. This method of communication:
The following configuration is recommended when configuring an LDAP policy store in multi-master mode:
This master does not need to be the same as the master used for Administration. However, we recommend that you use the same master store for both keys and administration. In this configuration, all key store nodes should point to the master rather than a replica.
Note: If you use a master for key storage other than the master for administration, then all key stores must use the same key store value. No key store should be configured to function as both a policy store and a key store.
Due to possible synchronization issues, other configurations may cause inconsistent results, such as policy store corruption or Agent keys that are out of sync.
Contact SiteMinder Support for assistance with other configurations.
The following diagram illustrates a multimaster policy store environment:
Copyright © 2010 CA. All rights reserved. | Email CA about this topic |