Symantec Access Management

 View Only
  • 1.  F5 load balancer with siteminder for BootStrap

    Posted Jun 22, 2015 12:34 PM

    Hi All,

     

    I wanted to know your thoughts about how to achieve monitoring of policy server's behind a load balancer, we are going to use LB's for just BootStrapping policy servers. Going through the documentation it says that ideally you should use an API call to do a healthcheck  rather than  TCP connect against the policy server ports.  What are you using in yours and whats the downsize of each of the approaches.

     

    If i use a script , does is protected suffice or doing an Auth and Az is a complete test to check the health of policy servers.

     

    Thanks



  • 2.  Re: F5 load balancer with siteminder for BootStrap

    Posted Jun 26, 2015 01:35 PM

    Is anyone able to assist this user with their question?

     

    Thank you



  • 3.  Re: F5 load balancer with siteminder for BootStrap

    Posted Jun 26, 2015 01:51 PM

    Would not recommend TCP on the SiteMinder ports.  These are the ports trusted hosts use with encrypted shared secrets.  These queries are likely to generate many "failed handshake" type messages on your policy server smps logs.

     

    We execute a perl api script which does a real Authentication using a "localhost" HCO.  Our monitoring tool then does an SNMP query to check how long the login takes.



  • 4.  Re: F5 load balancer with siteminder for BootStrap

    Posted Jun 26, 2015 02:54 PM

    Thanks Mike, i had the script in place but didn't have an idea on how to use that on LB , i think you gave me an idea.

     

    Thanks



  • 5.  Re: F5 load balancer with siteminder for BootStrap

    Posted Jul 02, 2015 10:46 PM

    Hi,

     

    I just got perl script implemented to check the bootstrap of policy server. I am looking for some guidance on how to enable it on F5 Load Balancer.

     

    Thanks,

    Sanjay



  • 6.  Re: F5 load balancer with siteminder for BootStrap

    Posted Jul 06, 2015 12:29 PM

    You can try to call this from a shell script and ask F5 to run that Script based on the success failure you can predefine what you want to return in each case to F5, At least that is what i am trying to do , still not complete yet



  • 7.  Re: F5 load balancer with siteminder for BootStrap

    Posted Jul 07, 2015 09:50 AM


    Hi,

     

    Thanks for your help. My F5 admin is saying it can NOT execute perl script and .not advisable to run shell script. So would you please share more details on what exactly you setup on F5, it will be a great help.

     

    My shell script, produes following output.

    On Success, we get following output

    Fri Jul  3 09:35:01 2015 Success, is Protected, Authentication, Authorization

    On Failure, we get following output

    Fri Jul  3 10:00:02 2015 ERROR: Failed to connect to policy sever with error code -3

     

    Thanks,

    Sanjay



  • 8.  Re: F5 load balancer with siteminder for BootStrap

    Posted Jul 07, 2015 09:54 AM

    Sanjay,

     

    I am working on it with my F5 admin's , haven't reached a solution yet .  approach mentioned above is what we aree trying to follow to run a script , its still an ongoing discussion.

     

    Thanks



  • 9.  Re: F5 load balancer with siteminder for BootStrap

    Posted Oct 13, 2015 10:37 AM

    Any updates? 

     

    Is F5 capable of calling a shell script which invokes a perl script?   If so, it seems calling the perl script directly would be just as easy...



  • 10.  Re: F5 load balancer with siteminder for BootStrap

    Posted Oct 13, 2015 11:20 AM

    Hi,

     

    unfortunately F5 can not execute perl scripts or sh scripts in our env. so an alternate java based health check script is under progression.

     

    Thanks,

    Sanjay