Configure Data Storage Options Overview

Policy Server Guides › Policy Server Administration Guide › Configuring Policy Server Data Storage Options › Configure Data Storage Options Overview

Configure Data Storage Options Overview

You configure storage locations for Policy Server databases (policy store, key store, and audit logs) from the Management Console Data tab.

To configure Policy Server data storage settings

Start the Policy Server Management Console.
Important! If you are accessing this graphical user interface on Windows Server 2008, open the shortcut with Administrator permissions. Use Administrator permissions even if you are logged in to the system as an Administrator. For more information, see the release notes for your SiteMinder component.
Click the Data tab.
Note: For more information about the settings and controls on this tab, click Help, Management Console Help.
Select the database that you want to configure from the Database drop-down list. The database you select determines the storage possibilities that are available for that database type and presented on the Storage drop-down list.
Note: The table at the end of this procedure lists the databases you can configure and the storage options available for each one. The combination of these settings determines the settings displayed in the context-sensitive group box below them.
Select a storage type for the selected database from the Storage drop-down list.
Configure data storage options for the chosen Policy Server database in the context-sensitive group box below the Database and Storage controls.
When you have finished, click Apply to save your settings, or click OK to save the settings and exit the Management Console.

The following table lists SiteMinder database types and the available storage options:

Database	Database Description	Available Storage
Policy Store	The database for the Policy Store. You must specify the Policy Store database.	LDAP ODBC
Key Store	The database that contains keys used to encrypt cookies created by SiteMinder Agents.	LDAP ODBC
Audit Logs	The database where you store audit logs containing event information.	ODBC Text file
Session Server	The database in which the session server stores persistent session data.	ODBC

Configure the Policy Store Database

The Policy Store is the database in which all Policy Server objects are stored.

To configure the policy store database

Select Policy Store from the Database drop-down list.
Select an available storage type (LDAP or ODBC) from the Storage drop-down list.
Specify Storage Options appropriate for the chosen storage type.
Click Apply to save your settings, or click OK to save the settings and exit the Console.
(Optional) If you changed the Policy Store database storage type to LDAP, and want the Policy Store to be used as the key store, complete the steps described Configure the Key Store or Audit Logs to Use the Policy Store Database.
Note: If you have one or more Policy Servers communicating with an LDAP-enabled policy store, configure the same setting in the Management Console on each of those Policy Server systems.

More Information:

Configure LDAP Storage Options

Configure the Key Store or Audit Logs to Use the Policy Store Database

After you configure the Policy Store, you can optionally configure databases. If the Policy Store is of a compatible storage type (that is, if the Policy Store is configured to be stored in a database that is also a valid storage option for the other database), you can configure the Policy Server to use the policy store database as one or more of the following:

Key store
Audit logs

Important! If you are using an LDAP database as your Policy Store, do not use the Policy Store database for audit logs. Audit logs cannot be written to an LDAP database. If you are using the SiteMinder sample data source (SmSampleUsers) as your Policy Store, do not use the Policy Store database for audit logs. Audit logs are not supported by the sample policy store.

To configure another database to be stored in the Policy Store database, set the Use Policy Store Database option that appears between the Database drop-down list and the Storage Options area whenever a database other than Policy Store is chosen from the Database drop-down list.

When the Use Policy Store Database option is selected, the Storage drop-down list and the context-sensitive Storage Options are grayed-out.

Configure a Separate Database for the Key Store

The Key store is where the Policy Server stores keys used to encrypt cookies created by SiteMinder Agents.

To configure a separate database for the key store

Choose Key Store from the Database drop-down list.
Choose an available storage type (LDAP or ODBC) from the Storage drop-down list.
Note: The Policy Server supports mixed LDAP/ODBC policy and key stores. The policy store can exist in an ODBC database and the key store can reside in an LDAP Directory Server or vice versa. For a list of supported databases, refer to the SiteMinder Platform Matrix on the Technical Support site.
Specify Storage Options appropriate for the chosen storage type.
Click Apply to save your settings, or click OK to save the settings and exit the Console.

More information:

Configure LDAP Storage Options

Configure a Separate Database for the Audit Logs

The audit log database is where the Policy Server stores audit logs containing event information.

Storing audit logs in a database has the potential add to latency to your environment. This latency occurs because of the additional traffic between the Policy Server and the database. As the amount of transactions increase, this database latency can affect the performance of the Policy Server. When the database slows down, the Policy Server also slows down.

Consider logging to a text file and exporting those logs to a database as an alternative if the performance of your database is unacceptable.

Follow these steps:

Choose Audit Log from the Database drop-down list.
Choose an available storage type from the Storage drop-down list.
Specify Storage Options appropriate for the chosen storage type.
Click Apply to save your settings, or click OK to save the settings and exit the Console.

When deciding whether to store the Policy Server audit logs in an ODBC database or text file, consider the following factors:

SiteMinder Reporting requires that the audit logs are written to an ODBC database. Reporting does not support the text file logs.
SiteMinder audit logging to an ODBC database and to a text file supports internationalization (I18N).
By default, SiteMinder administrator changes to policy store objects are not written to the audit database. These object changes are written to text files that are located in the siteminder_home\audit directory. You can configure SiteMinder to include these events in reports.
Synchronous logging affects the performance of the Policy Server more than asynchronous logging does.
When logging to an ODBC database, set the following registry key values in the HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Database\ registry location. These settings helps prevent losing auditing data under heavy load:

ConnectionHangwaitTime

We recommend 60 seconds for heavy loads. The default is 30 seconds.

QueryTimeout

We recommend 30 seconds for heavy loads. The default is 15 seconds.

LoginTimeout

We recommend 30 seconds for heavy loads. The default is 15 seconds.

Note: The value of ConnectionHangwaitTime must always be at least double the value of QueryTimeout and LoginTimeout.

More information:

Record Administrator Changes to Policy Store Objects

How to Include SiteMinder Administrative Audit Events in Reports