Managing A Cluster With Multiple Identity Servers - Novell ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER Manual

2 Select the server, then click Stop. Wait for the Health indicator to turn red.
3 Select the server, then choose Actions > Remove from Cluster.
For information about deleting an Identity Server, see
on page 247.

1.1.5 Managing a Cluster with Multiple Identity Servers

To add capacity and to enable system failover, you can cluster a group of Identity Servers and
configure them in a cluster configuration to act as a single server. However, a cluster is not intended
for login failover because all authentication data for a user is stored in memory on the cluster
member or authenticating server that originally handled the user's authentication. If this server
malfunctions, all users whose authentication data resides on the authenticating server must
reauthenticate unless you also configure session failover (see
Failover," on page 19).
All requests that require user authentication information must be processed on the user's
authenticating server. For example, if an HTTP request is received by a cluster server other than the
authenticating server, then the HTTP request is forwarded to the authenticating server in the cluster.
This server processes the HTTP request and routes it back through the forwarding cluster member
and then to the original requester.
A cluster of Identity Servers should reside behind an L4 switch. Clients access the virtual IP (VIP)
address of the cluster presented on the L4 switch, and the L4 switch alleviates server load by
balancing traffic across the cluster. Whenever a user accesses the virtual IP address assigned to the
L4 switch, the system routes the user to one of the Identity Servers in the cluster, as traffic
necessitates.
"Prerequisites" on page 21
"Setup" on page 22
Prerequisites
An L4 switch installed. You can use the same switch for Identity Server clustering and Access
Gateway clustering, provided that you use different virtual IPs. The LB algorithm can be
anything (hash/sticky bit), defined at the Real server level. For configuration tips, see
"Configuration Tips for the L4 Switch
Persistence (sticky) sessions enabled on the L4 switch. Normally you define this at the virtual
server level.
An Identity Server configuration created for the cluster. You assign all the Identity Servers to
this configuration. See
information about creating an Identity Server configuration. See
Identity Server to a Cluster Configuration," on page 19
servers to configurations.
The base URL DNS name of this configuration must resolve via DNS to the IP address of the
L4 virtual IP address. The L4 switch balances the load between the Identity Servers in the
cluster.
Ensure that the L4 administration server using port 8080 has the following TCP ports open:
8443 (secure Administration Console)
" in the Novell Access Manager 3.1 SP1 Setup
Section 1.1.1, "Creating a Cluster Configuration," on page 14
Section 11.1, "Managing an Identity Server,"
Section 1.1.3, "Configuring Session
Section 1.1.2, "Assigning an
for information about assigning identity
Configuring an Identity Server
Guide.
for
21