Layer7 Access Management

Expand all | Collapse all

High availability SSO

Jump to Best Answer
  • 1.  High availability SSO

    Posted 05-30-2017 08:13 PM

    To do a High Availability for CA SSO with CA Directory as policy store how many boxes do I need? 2 CA Directory and 2 Policy store connected to 1 UI? 

  • 2.  Re: High availability SSO
    Best Answer

    Posted 05-30-2017 08:21 PM

    There is no magic number. Having a pair is good enough to get started.

    How many do you actually need, depends upon the amount of load you expect, your fault tolerance, geographical distribution of the environment  etc..


    Have you read through this ?:

    Architectural Use Cases - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation 

  • 3.  Re: High availability SSO

    Posted 05-30-2017 10:18 PM

    Yes. I have read. I am in my test environment. And looking for minimum number of boxes to do a High Availability of CA Directory as policy store. Having 2 CA directory and 2 policy store is needed, is mu opinion. IS that correct?

  • 4.  Re: High availability SSO

    Posted 05-30-2017 10:20 PM

    Yes, if you are testing failover of policy store you will need minimum of two policy store.

    Same case for Policy server.

  • 5.  Re: High availability SSO

    Posted 05-31-2017 12:16 AM

    But keep in mind there is no reason to put the policy store on a separate box, especially when it is CA directory. The policy store is a relatively static data set stored in memory. Having the policy store and policy server coexist on the same server is a fairly common pattern. 

    In fact you could just as easily do an adminui on the policy server as well in a small environment. 

  • 6.  Re: High availability SSO

    Posted 05-31-2017 03:26 AM

    Just wanted to add for consideration, that for HA tests it is always better to have separate boxes so you can perform network availability tests as well, and it always give you more possibilities for the tests, while the best option is to try to match the deployment you would have in production as long as you can.

  • 7.  Re: High availability SSO

    Posted 05-31-2017 03:30 AM

    We do co locate policy server and policy store in production.  Rusty pattern holds through in all environments.  



    There is almost no reason no to put both on the same server for the vast majority of SSO implementations.