This document describes a simple setup to meet requirements to have high availability for policy store and key store - failover using CA Directory
Replication is the mechanism that is used to maintain multiple copies of directory data synchronized and available for all LDAP applications
CA SiteMinder all versions up to present one (12.8.8)
CA Directory has the following replication schemes available:
Replication can be configured in one of two ways: Configuration files or DXManager (which is not covered in this document):
Instructions:
Follow the steps below to create the CA Directory DSAs for Policy Store and Session Store for each server in the replication agreement. Assuming that:
Then this would be the procedure
On ServerA:
Within the same DXHOME\config\servers\ServerA_smpolicystore.dxi file, edit the following line setting it to 'true' to enable MW-DISP recovery replication.
set multi-write-disp-recovery = true;
By default (when a DSA gets created), this is set to 'false'.
On ServerB:
Within the same <DXHOME>\config\servers\ServerB_smpolicystore.dxi file, edit the following line setting it to 'true' to enable MW-DISP recovery replication.
set multi-write-disp-recovery = true;
By default (when a DSA gets created), this is set to 'false'.
Now will a good time to restart the DSAs on BOTH servers. Once done, test your multi-write replication setup to confirm it is working. See example below.
Example:
Configure Failover from SMCONSOLE
Access SMCONSOLE
Data TAB enter LDAP server IP addresses and port numbers in the LDAP Server field as a space-delimited list of LDAP server addresses.
You can specify a unique port for each server. If your LDAP servers are running on a non-standard port (389 for non SSL/ 636 for SSL), append the port number to the last server IP address using a ':' as a delimiter. For example, if your servers are running on ports <Port_ServerA> and <Port_ServerB>, you can enter the following:
<IP_Address_ServerA>:<Port_ServerA> <IP_Address_ServerB>:<Port_ServerB>
For this technote example SMCONSOLE data tab configuration: (NOTE no port was added using the default LDAP port of 389)
LDAP IP Address:
ServerA ServerB