Policy Server health checks support from a load balancer

search cancel

Policy Server health checks support from a load balancer

book

Article ID: 227672

calendar_today

Updated On:

Products

CA Single Sign On Federation (SiteMinder) SITEMINDER CA Single Sign On Agents (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder)

Issue/Introduction

When running a Web Agent with a Load Balancer:

How SiteMinder Web Agent connects to Policy Servers?
What protocol does it use?
What kind of health check monitoring that can be performed from Load balancer?

Resolution

At first glance, the communication protocol is proprietary (1).

It uses algorithms depending on the FIPS mode which has been selected at the Policy Server level (2).

The load balancing at the Web Agent level is done on "response time" given by the Policy Server when Policy Server is configured in a Cluster in the HCO (3). Otherwise, it follows the round robin mode (4).

To see that activity, enable further components on the Web Agent traces (5).

Reading documentation further, Load Balancing and Failover aren't monitoring features, but rather performance ones.

The load balancing is based on the "server response time" or round robin, and the failover on "the number of available servers" (6).

About the TCP monitoring, the same page mentions:

"Do not configure a TCP heartbeat or health–check directly against the Policy Server TCP ports. Heartbeats and health–checks that are applied directly against the TCP ports of the Policy Server can adversely affect its operation (7)."

As per the documentation, use the OneView Monitor to monitor the Policy Server cluster (7).

To prevent a Web Agent or Web Agent Option Pack to connect to a Policy Server which is up and running, having its ports opened, but encountering difficulties to send expected responses, detect the errors on both sides in OneView Monitor above in conjunction with APM and then put offline the Policy Server which is experiencing problems (8).