search cancel

Configure Failover for Siteminder ODBC Policy Stores

book

Article ID: 252607

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

This KB details how to configure failover to an alternate ODBC Policy Store.  The Siteminder Policy Server does not have a Load Balancing mechanism for connecting to the Policy Store, it only supports Failover.  This is because the Policy Server loads the entire policy store into cache at start-up, and then only queries for policy store changes, and updates the policy store cache with the update.  Policy Store writes are typically extremely low as compared to transactional databases, therefore only one active Policy Store connection is needed at a time.

Environment

Release : 99.0

Resolution

1) Configure a unique DSN per Policy Store server or Policy Store instance.

[ODBC Data Sources]
PStore1=DataDirect 8.0 Oracle Wire Protocol
PStore2=DataDirect 8.0 Oracle Wire Protocol

[PStore1]
Driver=/opt/CA/siteminder/odbc/lib/NSora28.so
Description=DataDirect 8.0 Oracle Wire Protocol
HostName=OracleDB1.smlab.com
PortNumber=1521
...

[PStore2]
Driver=/opt/CA/siteminder/odbc/lib/NSora28.so
Description=DataDirect 8.0 Oracle Wire Protocol
HostName=OracleDB2.smlab.com
PortNumber=1521
...

2) Define each DSN in the 'Data Source' field in the SMConsole on the Data tab, or within the 'sm.registry' using comma-delimited values.

<PS_Install_Dir>/siteminder/registry/sm.registry

====================
HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Database\Default
Data Source= PStore1, PStore2; REG_SZ
====================

3) Stop and Start the Policy Server.

The Policy Server will now initially connect to the first DSN defined (PStore1), and failolver to the second server (PStore2) when PStore1 appears offline.