search cancel

Question about HCO policy server clusters

book

Article ID: 42188

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Question:

When configuring the policy servers in a cluster in the HCO, it asks for a single port number. For non-clustered HCOs, the policy server is always coded with three ports (e.g., 44441, 44442, 44443).

I would like to add policy server clusters to my system to improve geographic fail-over and overall system reliability. How can I do this? Do I need to configure all three ports?

Answer: 

You do not need to configure more than one port for Policy Server clusters in CA Single Sign-On. You can simply use one port and the configuration will work as expected. The reason for this is as follows:

 

1) Ports 44441 and 44442 exist as legacy ports for older (4.x and earlier) agents, which require three available connections on three separate ports. In modern implementations of CA Single Sign-On, only 44443 is used.

2) Any number of clusters can use 44443 (or any other custom port of your choice); the disambiguation and other connection management items are dealt with on the backend, so that additional port assignments are not required for normal operations.

Environment

Release: ESPSTM99000-12.51-Single Sign On-Extended Support Plus
Component: