Load balance is User Directory behind H/W based LB Supported, eg OUD, ADLDS is it supported / Certified
search cancel

Load balance is User Directory behind H/W based LB Supported, eg OUD, ADLDS is it supported / Certified

book

Article ID: 282631

calendar_today

Updated On:

Products

CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

Using  a load balancer between the Siteminder Policy Server and a bank of user directories

Environment

PS: Any version
OS : Any version

Resolution

Using a load balancer between the SiteMinder Policy Server and a bank of user directories isn't explicitly NOT supported. They are commonly used in customer environments.

The load balancer should be transparent to the SiteMinder Policy Server.  What isn't supported are problems related to, or resulting from the behavior of the load balancer.  This includes configuring, tuning, and troubleshooting the load balancer and load balancer performance.

If you are going to configure a load balancer between the policy server and the user store, then you should consider the following:

1) LDAP Connections:

The Siteminder policy server opens a set of connections per server or cluster defined in the user directory.  When using a load balancer, if a single virtual host or VIP is described in the connection properties, then only a single set of connections is opened.  This can lead to bottlenecks as the threads processing requests for that user directory are sitting waiting for an available LDAP connection and the rest of the agent requests in the queue sit and wait for available threads.

To resolve this, within the user directory, define the virtual host or VIP in the "Server" field, then <click> "Configure".  There, set the Pool Size value to be the number of LDAP Connections that you want the policy server to use for that user directory.

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/policy-server-configuration/support-for-ldap-connection-pool.html

 

2) Session Persistence (Stickiness)

The Siteminder Policy Server opens a set of LDAP connections to the user store

1 Bind

1 Search

1 Ping (IsAlive)

Under some conditions, load balancers have been known to connections to different servers.  So the Ping goes to one and the Bind to another, for example.  Session persistence (stickiness) can address that potential issue. This setting is configured on the load balancer.  Review your OEM documentation.

Powered by Wolken Software