Question:

When configuring the policy servers in a cluster in the HCO, it asks for a single port number. For non-clustered HCOs, the policy server is always coded with three ports (e.g., 44441, 44442, 44443).

I would like to add policy server clusters to my system to improve geographic fail-over and overall system reliability. How can I do this? Do I need to configure all three ports?

Answer: 

You do not need to configure more than one port for Policy Server clusters in CA Single Sign-On. You can simply use one port and the configuration will work as expected. The reason for this is as follows:

1) Ports 44441 and 44442 exist as legacy ports for older (4.x and earlier) agents, which require three available connections on three separate ports. In modern implementations of CA Single Sign-On, only 44443 is used.

2) Any number of clusters can use 44443 (or any other custom port of your choice); the disambiguation and other connection management items are dealt with on the backend, so that additional port assignments are not required for normal operations.