I have noticed that when I open Policy Manager and login to the Gateway, it opens 20 connections with the Gateway during load and once the UI is loaded, it tries to maintain at least one connection. i.e. 19 connections in CLOSE_WAIT state and 1 connection in ESTABLISHED state. When the oldest CLOSE_WAIT closed, it opens up another connection in ESTABLISHED state and the previous one goes into CLOSE_WAIT.
Though I understand this is something happening behind the scenes and something which we must not be interested, however it effects our working when we try to access the Gateway from different locations.
We intermittently get error like 'Connection to the Gateway broken' even while we are working and Policy Manager abruptly closed. In another case, we keep getting 'Waiting for response from the Gateway' and it takes ages to open and sometimes it doesn't open. All this from locations where I can make happily a web service call to the Gateway i.e. no issue with the connectivity to the Gateway as such from the workstations as such.
Can I understand a bit more on this behaviour? Are these all restman calls behind the scenes? Do we need to have any special considerations when connecting from different parts of the network i.e. secure, internet, dmz, vpn?
The Policy Manager when it connects will pull down all the assertions and services into a local cache which was found to be opening multiple connections to pull down the assertions. This behavior has been changed in version 9.1 of the Policy Manager/Gateway to increase the performance and stability over distributed data centers. One thing to note that the Policy Manager does require that the connection(s) are sticky to one gateway node and not moving between gateway nodes.
Director, CA Support
Thanks Stephen. It seems the connections are expected to be kept open like JDBC connection pools and in case one connection gets dropped abruptly (due to some firewall or router in between) the Gateway abruptly closes. I have noticed a consistent 20 connections being made and when goes out another one is made to keep the count of 20. Didn't get my head around this Policy Manager behaviour as a result unable to use Policy Manager in some of the environments.
I've reviewed the behavior at the network level for version 9.1 and the Policy Manager only uses 1 connection now for basic policy work and will open additional ones for things like View logs, Dashboard, and Audit Event Viewer.