We are building CA SSO 12.8 in AWS cloud and as part of the design, we have decided to use AWS ELB in between SPS and policy server.
However, we are running out of options to enable CA Policy server health check from AWS ELB.
user case 1:
Since AWS platform has to be spin-in another instance of policy server or spin-out based on load/ due to uncertain situations and server failures, AWS platform has to spin-in new platform.
use case 2:
ELB has to distribute the load across available policy servers, to do that it has to do a health check.
Please suggest, how external load balancer can receive status of policy server ?
Have you considered monitoring the health of the Policy Server using OneView monitor?
Another option would be the SNMP protocol support in the Policy Server if they have a third party Network Monitoring Tool.
Install and Configure SNMP Support - CA Single Sign-On - 12.8 - CA Technologies Documentation
Below articles will give you details of setting up Load Balancer between Agent and Policy servers.
Configure Agent to Policy Server Communication Using a Hardware Load Balancer - CA Single Sign-On - 12.8 - CA Technologi…
Hope this helps !
Use Case 2 : ELB has to distribute the load across available policy servers, to do that it has to do a health check.
This is my first recommendation always.
However if we choose to go down the path of using a ELB, then here is what I recommend based on experience.
Thank you all for your input. we have decided to install webagent on policy server and make a request to protected resource from ELB.
When we are doing this, we have realized two issues.
1. calling protected resource from ELB enables the healthcheck on policy server status (available or not available). I suspect, how we can get the CPU status of each policy server.
2. Installed apache & WA, however when I was running webagent from systemctl LLAWP process failed to start due to siteminder load module in httpd.conf file. do we have any handy on auto start-up script for webagent process ?
Regarding-1 : how we can get the CPU status of each policy server?
ELB cannot monitor the CPU of a backend server. ELB can monitor latency's based on Responses and take actions. It seems like ELB pretty much does Round Robin only for TCP listeners on Classic LB. You'll need an external tool to monitor backend servers.
Amazon provides something called 'CloudWatch' which can monitor all the components E2E.
Elastic Load Balancing Latency Troubleshooting
CloudWatch Metrics for Your Classic Load Balancer - Elastic Load Balancing
Elastic Load Balancing Capacity Troubleshooting
How Elastic Load Balancing Works - Elastic Load Balancing
Regarding-2 : when I was running webagent from systemctl LLAWP process failed to start due to siteminder load module in httpd.conf file.
CA SSO WebAgent LoadModule in httpd.conf is correct. What was the error you received in apache error logs? I would recommend you spin a different discussion for this. Rather than adding too many discussions in one thread here.
Regarding-3 : do we have any handy on auto start-up script for webagent process.
Since CA SSO WebAgent LoadModule is added in httpd.conf, when Apache starts, during that time LLAWP would also start. In reality you need to configure AutoStart for the WebServer. The WebAgent is configured with WebServer.