You configure storage locations for Policy Server databases (policy store, key store, and audit logs) from the Management Console Data tab.
To configure Policy Server data storage settings
Important! If you are accessing this graphical user interface on Windows Server 2008, open the shortcut with Administrator permissions. Use Administrator permissions even if you are logged in to the system as an Administrator. For more information, see the release notes for your SiteMinder component.
Note: For more information about the settings and controls on this tab, click Help, Management Console Help.
Note: The table at the end of this procedure lists the databases you can configure and the storage options available for each one. The combination of these settings determines the settings displayed in the context-sensitive group box below them.
The following table lists SiteMinder database types and the available storage options:
Database |
Database Description |
Available Storage |
---|---|---|
Policy Store |
The database for the Policy Store. You must specify the Policy Store database. |
LDAP ODBC |
Key Store |
The database that contains keys used to encrypt cookies created by SiteMinder Agents. |
LDAP ODBC |
Audit Logs |
The database where you store audit logs containing event information. |
ODBC Text file |
Session Server |
The database in which the session server stores persistent session data. |
ODBC |
The Policy Store is the database in which all Policy Server objects are stored.
To configure the policy store database
Note: If you have one or more Policy Servers communicating with an LDAP-enabled policy store, configure the same setting in the Management Console on each of those Policy Server systems.
After you configure the Policy Store, you can optionally configure databases. If the Policy Store is of a compatible storage type (that is, if the Policy Store is configured to be stored in a database that is also a valid storage option for the other database), you can configure the Policy Server to use the policy store database as one or more of the following:
Important! If you are using an LDAP database as your Policy Store, do not use the Policy Store database for audit logs. Audit logs cannot be written to an LDAP database. If you are using the SiteMinder sample data source (SmSampleUsers) as your Policy Store, do not use the Policy Store database for audit logs. Audit logs are not supported by the sample policy store.
To configure another database to be stored in the Policy Store database, set the Use Policy Store Database option that appears between the Database drop-down list and the Storage Options area whenever a database other than Policy Store is chosen from the Database drop-down list.
When the Use Policy Store Database option is selected, the Storage drop-down list and the context-sensitive Storage Options are grayed-out.
The Key store is where the Policy Server stores keys used to encrypt cookies created by SiteMinder Agents.
To configure a separate database for the key store
Note: The Policy Server supports mixed LDAP/ODBC policy and key stores. The policy store can exist in an ODBC database and the key store can reside in an LDAP Directory Server or vice versa. For a list of supported databases, refer to the SiteMinder Platform Matrix on the Technical Support site.
The audit log database is where the Policy Server stores audit logs containing event information.
Storing audit logs in a database has the potential add to latency to your environment. This latency occurs because of the additional traffic between the Policy Server and the database. As the amount of transactions increase, this database latency can affect the performance of the Policy Server. When the database slows down, the Policy Server also slows down.
Consider logging to a text file and exporting those logs to a database as an alternative if the performance of your database is unacceptable.
Follow these steps:
When deciding whether to store the Policy Server audit logs in an ODBC database or text file, consider the following factors:
We recommend 60 seconds for heavy loads. The default is 30 seconds.
We recommend 30 seconds for heavy loads. The default is 15 seconds.
We recommend 30 seconds for heavy loads. The default is 15 seconds.
Note: The value of ConnectionHangwaitTime must always be at least double the value of QueryTimeout and LoginTimeout.
Copyright © 2012 CA.
All rights reserved.
|
|