Does CA LDAP Server support High Availability or Failover with ACF2 or Top Secret?

Article Id: 144064

Status: Published

Updated On: 31-01-2020 07:14

Products:

CA ACF2 , CA ACF2 - z/OS , CA ACF2 - MISC , CA Top Secret - LDAP , CA LDAP Server for z/OS , CA Top Secret

Issue/Introduction:

Today the CA LDAP Server is running in one LPAR. Can the CA LDAP Server also could be started in another LPAR to get a High Availability environment? So if one CA LDAP Server goes away for some reason, the other CA LDAP Server should be able to run and support all users? This could also be called a "failover" solution.

Environment:

Product: ACF2, Top Secret

Component : CA LDAP Server for z/OS

Resolution:

The LDAP protocol does not support "failover" to switch to a different port for a different LDAP. What is recommended is to use DVIPA (dynamic virtual IP addresses), which is part of TCP/IP for several releases now. Then LDAP connects to DVIPA on the mainframe, and if a connection fails, it will switch to a different one depending on how DVIPA is set up. Here is an IBM link that is a starting point.

https://www.ibm.com/support/knowledgecenter/SSLTBW_2.4.0/com.ibm.zos.v2r4.halz002/vipa_dyn_using.htm