|
|
|
The Settings tab is where you configure a number of general Policy Server settings. From the Settings tab, you can:
In addition to the Administration TCP Port, the Policy Server listens on three other TCP ports that are enabled upon installation to communicate with SiteMinder Agents. This group box allows you to assign port settings and thread pooling used to communicate with SiteMinder Agents.
Activates the TCP ports used by the Policy Server to communicate with Agents. (Enabled by default at installation).
Port that serves requests for the Policy Server authentication process.
Default: The default value is 44442.
Port that serves requests for the Policy Server authorization process
Default: The default value is 44443.
Port that serves requests for the Policy Server accounting process.
Default: The default value is 44441.
Note: Specify corresponding port numbers for the Policy Server in the Trusted Host Configuration Object.
Verify that the Network Services file lists no other services utilizing these ports. Also verify that if a firewall is located between SiteMinder Agents and Policy Servers, the firewall is configured to allow traffic to the ports used by the Policy Server processes.
This group box contains the port used for browser-based policy management and a timeout value for administrative inactivity.
Activates the TCP port used by the Policy Server for the administration process.
Port on which the Policy Server User Interface listens.
Default: This value is set to 44444.
Number of minutes of inactivity allowed before a SiteMinder Administrative session times out. The default value is 0 (zero) minutes, which means that the Policy Server User Interface can stay open indefinitely without regard to activity. Otherwise, the administrative session times out after the specified number of minutes.
Note: Unless the Policy User Interface always runs in a secure location, we recommend that you specify a non-zero timeout value, so that the UI times out when left unattended.
This group box allows you to specify the maximum number of Policy Server threads, and the idle timeout for a connection to the Policy Server.
Indicates the maximum number of connections supported by the Policy Server, independent of the number of threads. All connections share the thread pool to fulfill requests.
Default: The default value is 256. This number can be increased significantly, especially in deployments with the following: Apache Web servers protected by SiteMinder Web Agents and IIS Web servers using virtual servers protected by SiteMinder Web Agents.
Time, in minutes, that a Policy Server connection can remain inactive before it is terminated. The default value is 10 minutes.
This group box lets you configure cache and thread settings to tune Policy Server performance.
Determines the maximum number of worker threads in the thread pool for Normal Priority messages.
Default: 8
Limit: The maximum number of worker threads available to Normal Priority messages depends on the operating system on which the Policy Server is installed and on the amount of memory available to the system. See your vendor-specific documentation for more information about thread usage.
The default number of worker threads in the thread pool available for High Priority messages is five and the maximum number is 20. You can change the default value by adding and setting the PriorityThreadCount registry key.
To add the PriorityThreadCount registry key in Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\PolicyServer
Note: Verify that the name of the key includes the equal sign (=).
Example: PriorityThreadCount=
Example: 0x6;
Limit: A value less than five or greater than 20 disables the registry key. When the key is disabled, the number of worker threads in the pool for High Priority messages is the default value of five.
To add the PriorityThreadCount registry key in UNIX
Specifies the Policy Server installation path.
HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\PolicyServer
Note: Verify that the name of the key includes the equal sign (=).
Example: PriorityThreadCount=
Example: 0x6;
Limit: A value less than five or greater than 20 disables the registry key. When the key is disabled, the number of worker threads in the pool for High Priority messages is the default value of five.
Number of megabytes of memory reserved for the authorization cache.
This group box allows you to specify settings when your deployment includes RADIUS components.
Select this check box to activate RADIUS UDP ports. You cannot modify the Authentication and Accounting ports unless you select this check box.
Port that serves RADIUS authentication requests. The default value for this port is 1645.
Port that serves RADIUS accounting requests.
Default: The default value for this port is 1646.
Note: Verify that the Network Services file lists no other services utilizing these ports. Also verify that if a firewall is located between SiteMinder Web Agent(s) and Policy Server(s), the firewall is configured to allow traffic to the ports listed earlier.
The OneView Monitor runs locally on a Policy Server. However, you can specify remote settings as follows:
If set, the monitor service running on the same system as the Policy Server accepts connections from other Policy Servers in a clustered environment. Marking this check box allows you to configure the local Policy Server as the central monitor in a cluster of Policy Servers.
If set, the monitor service is running on another Policy Server in a clustered environment. If you select Remote monitoring, supply the host name (or IP address) and port where the monitoring service is running in the field below the check box.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |