Implementation Guide › Performance Tuning › Web Tier Performance › Improve Agent Performance through Load Balancing

Improve Agent Performance through Load Balancing

When you have multiple SiteMinder Agents and Policy Servers, dynamic load balancing reduces latency and improves throughput because the Agents distribute requests among all the Policy Servers. Dynamic load balancing gives the Agents faster access to Policy Servers and more efficient authentication and authorization.

The EnableFailover parameter of the Host Configuration Object uses one of the following values to determine how Web Agent connections are handled:

• When the value is set to yes, the Agent always tries to connect to the first Policy Server listed (from left to right) in the Host Configuration Object. If you have multiple Policy Servers, all the Agents try to connect to the first one. The other servers in the list are not contacted unless the first server in the list is not available. In high-volume environments, this configuration is less efficient than load balancing because some Policy Servers handle many connections while others handle fewer connections, if any.
• When the value is set to no, load-balancing is enabled. The Agents balance their requests among all the Policy Servers in listed in the Host Configuration Object in a round-robin fashion. We recommend this setting because it produces better throughput when using multiple Policy Servers. Failover still occurs if one of the load balancing Policy Servers is not available.

  Note: For more information, see the SiteMinder Policy Server Configuration Guide.

SiteMinder Failover and Load Balancing with Multi-Threaded Web and Application Servers

SiteMinder Agents running on multi-threaded web and application servers (such as Sun Java System, IIS, an Apache-based server in worker mode, or WebSphere Application Server), open the minimum number of sockets to a Policy Server at startup.

If you configure your environment for failover or load-balancing between Policy Servers, then the Agent opens the minimum number of sockets to each Policy Server at startup. Connections to a load-balanced Policy Server occur in the same way, although fewer sockets are opened to each Policy Server, because each is getting only half of the total requests.

If configured for failover, and an error occurs between the Agent and the primary Policy Server, then connections to the failover Policy Server are used. Failover occurs per service, so there could be active connections to both the primary and the failover Policy Servers at once. Once the primary Policy Server comes back up, the sockets opened to the failover server remain. All new sockets are opened to the primary Policy Server.

More information:

Web Agent and Policy Server Interaction using Apache-based Web Server Worker Mode

SiteMinder Failover and Load Balancing with Multi-Process Web and Application Servers

A SiteMinder Agent running on a multi-process web or application server (such as an Apache-based server running in pre-fork mode) opens the same number of connections to all configured Policy Servers, regardless of whether failover has occurred or not.

When failover occurs, it happens independently for each child, because each child process has its own connections to the Policy Server. This results in a 500 error for each socket as failover takes place. After the primary Policy Server comes back up, the sockets opened to the failover server remain open. All new sockets are opened to the primary Policy Server.

More information:

Web Agent and Policy Server Interaction using Apache-based Web Server Pre-Fork Mode