Failover and Load Balancing
- SiteMinder allows the following failover and load balancing strategies:
– Agent topolicy server
o Failover
o Dynamicload balancing
o Policyserver clustering
– Policyserver to user directory
o Failover
o Roundrobin load balancing
o UserDirectory clustering
– Policyserver to policy store
o Filover
Failover is aredundancy mode. If the primary Policy Server fails, there is a backup PolicyServer to take over policy operations. Failover is the default operation mode.When the Trusted Host initializes, it operates in Failover mode
Load balancing letsthe Trusted Host distribute requests across multiple Policy Servers, whichprovides faster access to Policy Servers and therefore, more efficient userauthentication and authorization. It also prevents a single Policy Server frombecoming overloaded with requests.
SiteMinder canspread LDAP queries over multiple LDAP servers to enable failover and loadbalancing. If configured for failover, SiteMinder uses one LDAP server tofulfill requests until that server fails to respond. When the default serverdoes not respond, SiteMinder routes the request to the next server specifiedfor failover. This process can be repeated over multiple servers. Once thedefault server is able to fulfill requests again, SiteMinder routes requests tothe original server.
Load balancing and failover in a SiteMinder deploymentprovide a high level of system availability and improve response time bydistributing requests from SiteMinder Agents to Netegrity Policy Servers.Defining clusters in combination with load balancing and failover furtherenhance the level of system availability and system response time.
Traditional round robin load balancing without clustersdistributes requests evenly over a set of servers. However, this method is notthe most efficient in heterogeneous environments where computing powers differ,since each server receives the same number of requests regardless of itscomputing power. Another problem with efficiency may occur when data centersare located in different geographical regions. Sending requests to serversoutside a certain locale can lead to the increased network communicationoverhead, and in some cases to the network congestion.
To address these issues and to improve system availabilityand response time, you can define a cluster of Policy Servers. A cluster is aset of one or more servers, with dynamic load-balancing between the servers.
Policy Server clusters provide the following benefits over atraditional load balancing/failover scheme:
• Load is dynamically distributed between Policy Serversin a cluster based on server response time.
• A cluster can be configured to failover to another clusterif the number of available servers in the cluster falls below a configurablethreshold.
