Does CA LDAP Server support High Availability or Failover with ACF2 or Top Secret?

book

Article ID: 144064

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - z/OS CA ACF2 - MISC CA Top Secret - LDAP CA LDAP Server for z/OS CA Top Secret

Issue/Introduction

Today the CA LDAP Server is running in one LPAR.  Can the CA LDAP Server also could be started in another LPAR to get a High Availability environment?  So if one CA LDAP Server goes away for some reason, the other CA LDAP Server should be able to run and support all users?  This could also be called a "failover" solution.

 

     

Environment

Product: ACF2, Top Secret

Component : CA LDAP Server for z/OS

Resolution

The LDAP protocol does not support "failover" to switch to a different port for a different LDAP.  What is recommended is to use DVIPA (dynamic virtual IP addresses), which is part of TCP/IP for several releases now.  Then LDAP connects to DVIPA on the mainframe, and if a connection fails, it will switch to a different one depending on how DVIPA is set up.  Here is an IBM link that is a starting point.

https://www.ibm.com/support/knowledgecenter/SSLTBW_2.4.0/com.ibm.zos.v2r4.halz002/vipa_dyn_using.htm