Question about HCO policy server clusters
search cancel

Question about HCO policy server clusters


Article ID: 42188


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



When configuring the policy servers in a cluster in the HCO, it asks for a single port number. For non-clustered HCOs, the policy server is always coded with three ports (e.g., 44441, 44442, 44443).

I would like to add policy server clusters to my system to improve geographic fail-over and overall system reliability. How can I do this? Do I need to configure all three ports?


You do not need to configure more than one port for Policy Server clusters in CA Single Sign-On. You can simply use one port and the configuration will work as expected. The reason for this is as follows:


1) Ports 44441 and 44442 exist as legacy ports for older (4.x and earlier) agents, which require three available connections on three separate ports. In modern implementations of CA Single Sign-On, only 44443 is used.

2) Any number of clusters can use 44443 (or any other custom port of your choice); the disambiguation and other connection management items are dealt with on the backend, so that additional port assignments are not required for normal operations.


Release: ESPSTM99000-12.51-Single Sign On-Extended Support Plus