Previous Topic: Common Policy Store and Key Store

Next Topic: Multiple Policy Stores with Separate Key Stores

Multiple Policy Stores with a Common Key Store

If a network configuration consists of multiple Policy Servers with separate policy stores in a single sign-on environment, it is possible to have a common key store that all of the Policy Servers use for key rollover.

The following figure shows multiple Policy Servers using a common key store.

One Policy Server generates dynamic keys and stores them in the central key store. Each Policy Server is configured using the Policy Server Management Console to use the central key store; Agent key generation should be disabled for all other Policy Servers. Agents poll their respective Policy Servers to retrieve new keys. The Policy Servers retrieve new keys from the common key store and pass them to the SiteMinder Agents.

Note: This scenario requires an additional registry setting that forces Policy Servers that are not generating keys to poll the key store for key updates.

More information:

Key Management Considerations

Set the EnableKeyUpdate Registry Key


Copyright © 2010 CA. All rights reserved. Email CA about this topic