Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual page 23

When you enable session failover and an Identity Server goes down, the user's session information
is preserved. Another peer server in the cluster re-creates the authoritative session information in the
background. The user is not required to log in again and experiences no interruption of services.
"Prerequisites" on page 23

"Configuring Session Failover" on page 23

 "How Failover Peers Are Selected" on page 23
Prerequisites
An Identity Server cluster with two or more Identity Servers.

 Sufficient memory on the Identity Servers to store additional authentication information. When
an Identity Server is selected to be a failover peer, the Identity Server stores about 1 KB of
session information for each user authenticated on the other machine.
Sufficient network bandwidth for the increased login traffic. The Identity Server sends the

session information to all the Identity Servers that have been selected to be its failover peers.
All trusted Embedded Services Providers need to be configured to send the attributes used in

Form Fill and Identity Injection policies at authentication. If you use any attributes other than
the standard credential attributes in your contracts, you also need to send these attributes. To
configure the attributes to send, click Devices > Identity Servers > Edit > Liberty > [Name of
Service Provider] > Attributes.
Configuring Session Failover
1 In the Administration Console, click Devices > Identity Servers.
2 In the list of clusters and Identity Servers, click the name of an Identity Server cluster.
3 Click the IDP Failover Peer Server Count, then select the number of failover peers you want
each Identity Server to have.
 To disable this feature, select 0.
To enable this feature, select one or two less than the number of servers in your cluster.

For example, if you have 4 servers in your clusters and you want to allow for one server
being down for maintenance, select 3 (4-1=3). If you want to allow for the possibility of
two servers being down, select 2 (4-2=2).
If you have eight or more servers in your cluster, the formula 8-2=6 gives each server 6
peers. This is probably more peers than you need for session failover. In a larger cluster,
you should probably limit the number of peers to 2 or 3. If you select too many peers, your
machines might require more memory to hold the session data and you might slow down
your network with the additional traffic for session information.
4 Click OK.
How Failover Peers Are Selected
The failover peers for an Identity Server are selected according to their proximity. Access Manager
sorts the members of the cluster by their IP addresses and ranks them according to how close their IP
addresses are to the server who needs to be assigned failover peers. It selects the closest peers for the
assignment. For example, if a cluster member exists on the same subnet, that member is selected to
be a failover peer before a peer that exists on a different subnet.
Configuring an Identity Server
23