Frequently Asked Interview Questions

Agent to Policy Server Dynamic Load Balancing

  • Trusted host distributes requests across multiple policy servers
  • Allows for more efficient user authentication and authorization
  • Uses a dynamic load balancing algorithm to send request to best available
  • policy server, based on best response time and throughput.
  • Dynamically adapts to changes in load
  • Equally effective as round-robin in homogeneous environments
  • Extremely effective in heterogeneous environments
  • NOTE: Requires common policy and key stores
Dynamic load balancing lets the Trusted Host distribute requests across multiple Policy Servers, which provides faster access to Policy Servers and therefore, more efficient user authentication and authorization. It also prevents a single Policy Server from becoming overloaded with requests. The trusted host sends each request to the best available policy server, where availability is based on best response time and throughput.
In a homogeneous environment, where all policy servers exhibit equivalent response time, dynamically load balancing is essentially equivalent to a round robin algorithm that sends requests to each policy server in turn.
In a heterogeneous environment, where policy servers run on different hardware and exhibit different performance characteristics, the dynamic load balancing algorithm allows the trusted host to take full advantage of the capabilities of each policy server machine.

NOTE: Both failover and load balancing require the configuration of common policy and encryption key data. This can provided by having:
  • a common policy store that includes the key store
  • separate policy stores that are exact replicas including encryption keys
  • separate policy stores that are exact replicas with a common key store


The above picture shows the Host Configuration Object dialog, which contains the configuration for any trusted host assigned to this object. In this case, the PolicyServer parameter contains a multi-value list of policy server IP addresses and the EnableFailOver parameter is defaulted to NO. This setting will cause the trusted host to use dynamic load balancing across all of the policy servers specified in the PolicyServer parameter.

Most Visited Pages

Home | Site Index | Contact Us