Policy Server health checks support from a load balancer
search cancel

Policy Server health checks support from a load balancer


Article ID: 227672


Updated On:


CA Single Sign On Federation (SiteMinder) SITEMINDER CA Single Sign On Agents (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder)



When running a Web Agent with a Load Balancer:

  • How SiteMinder Web Agent connects to Policy Servers?
  • What protocol does it use?
  • What kind of health check monitoring that can be performed from Load balancer?



At first glance, the communication protocol is proprietary (1).

It uses algorithms depending on the FIPS mode which has been selected at the Policy Server level (2).

The load balancing at the Web Agent level is done on "response time" given by the Policy Server when Policy Server is configured in a Cluster in the HCO (3). Otherwise, it follows the round robin mode (4).

To see that activity, enable further components on the Web Agent traces (5).

Reading documentation further, Load Balancing and Failover aren't monitoring features, but rather performance ones.

The load balancing is based on the "server response time" or round robin, and the failover on "the number of available servers" (6).

About the TCP monitoring, the same page mentions:

  "Do not configure a TCP heartbeat or health–check directly against the Policy Server TCP ports. Heartbeats and health–checks that are applied directly against the TCP ports of the Policy Server can adversely affect its operation (7)."

As per the documentation, use the OneView Monitor to monitor the Policy Server cluster (7).

To prevent a Web Agent or Web Agent Option Pack to connect to a Policy Server which is up and running, having its ports opened, but encountering difficulties to send expected responses, detect the errors on both sides in OneView Monitor above in conjunction with APM and then put offline the Policy Server which is experiencing problems (8).


Additional Information



    Policy server and Web Agent communication protocol in use


    Encryption algorithm in traffic - Policy Server - Web Agent


    Manage Policy Server Load Distribution


    Host Configuration Dialog Settings


    Web Agent traces configuration for connection and clustering information

    Clustering Policy Servers


    Use OneView Monitor to Analyze Performance  


    CA APM SSO Features