- A cluster is a set of servers with dynamic load balancing.
- Load is dynamically distributed among the servers in a cluster.
- Trusted hosts can be configured to failover to another cluster when the available servers fall below a configurable threshold.
- Once the original cluster recovers sufficiently, trusted hosts automatically fail back.
- Centralized monitoring of policy servers in a cluster.
Load balancing and failover in a SiteMinder deployment provide a high level of system availability and improve response time by distributing requests from SiteMinder Agents to Netegrity Policy Servers. Defining clusters in combination with load balancing and failover further enhance the level of system availability and system response time. Traditional round robin load balancing without clusters distributes requests evenly over a set of servers. However, this method is not the most efficient in heterogeneous environments where computing powers differ, since each server receives the same number of requests regardless of its computing power. Another problem with efficiency may occur when data centers are located in different geographical regions. Sending requests to servers outside a certain locale can lead to the increased network communication overhead, and in some cases to the network congestion. To address these issues and to improve system availability and response time, you can define a cluster of Policy Servers. A cluster is a set of one or more servers, with dynamic load-balancing between the servers. Policy Server clusters provide the following benefits over a traditional load balancing/failover scheme:
- Load is dynamically distributed between Policy Servers in a cluster based on server response time.
- A cluster can be configured to failover to another cluster if the number of available servers in the cluster falls below a configurable threshold.
The picture above illustrates clusters defined in terms of geographic distribution.
Configuring Clusters
- Use the Clusters tab in the Host Conf Object
- Define a cluster, set the threshold, and order clusters
- Settings in the Clusters tab are used instead of the Policy Server parameter in the General tab
Clusters are configured in the Clusters tab of the Host Configuration Object. To add a cluster, click the Add button to open the Cluster Setup dialog. Once you have defined all the servers you want included in the cluster, you return to the Clusters tab, where you configure the failover threshold and the ordering of clusters. The failover threshold is defined in terms of the percentage of machines in the cluster that must be available in order for the cluster to be utilized. If the percentage of active servers falls below the percentage you specify, the cluster failovers to the next available cluster in the list of clusters. The Policy Server User interface automatically calculates the Failover Threshold values displayed in the column to the right of the lists of servers in each cluster. The number that appears in the Failover Threshold column is the minimum number of servers in the cluster that must be available. If the number of available servers falls below the specified number, failover occurs. When you set the Failover Threshold Percentage, it applies to all clusters that use the Host Configuration Object. The first cluster in the list is the primary cluster. Use the up and down arrows to reorder clusters. The information in the Clusters tab supersedes the information in the General tab. More specifically, when clusters are configured, the trusted host ignores the PolicyServer parameter configured in the General tab and uses the Clusters information in its place. Timeout and socket settings in the General tab apply to all policy servers in all clusters.
Cluster Setup
In the Add Server group box:
1. Specify the policy server by performing one of the following:
- Select the IP Address radio button and enter the IP address of a Policy Server in the cluster in the provided fields. Note: If you do not know the IP address of the Policy Server, but you know the host name, click the DNS Lookup button to search for the IP address of the Policy Server.
- Select the Domain Name radio button and enter the domain name of the system where the Policy Server is installed. For example, server.company.com.
3. Click the Add to Cluster button. The Policy Server appears in the list of servers in the Current Setup group box.