Clustering - Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual

14.6.9 Clustering

An authoritative server is the cluster member that holds the authentication information for a given
user session. For a request associated with a given session to be processed, it must be routed
("proxied") to the authoritative cluster member. If an L4 switch causes a request to go to a non-
authoritative cluster member, that cluster member proxies the request to the authoritative cluster
member.
When a request is received, a cluster member uses multiple means to determine which cluster
member is the authoritative server for the request. It looks for a parameter on the query string of the
URL indicating the authoritative server. It looks for an HTTP cookie, indicating the authoritative
server. If these do not exist, the cluster member examines the payload of the HTTP request to
determine the authoritative server. Payload examinations result in immediate identification of the
authoritative server or a user session ID or user identity ID that can be used to locate the
authoritative server.
If a user session ID or user identity ID is found, the ID is broadcast to all cluster members asking
which member is the authoritative server for the given ID. The authoritative server receives the
broadcast message, determines that it indeed holds the given session or user, and responds
accordingly.
The higher the number of proxied requests, the lower the performance of the entire system.
Furthermore, the higher the number of payload examinations and ID broadcasts, the lower the
performance of the entire system. If these numbers are high, verify the configuration of the L4
switch. Make sure that the session persistence option is enabled, which allows clients to be directed
to the same Identity Server after they have established a session.
Statistic
Currently Active Proxied
Requests
Total Proxied Requests
Total Non-Proxied Requests The total number of non-proxied requests that have been processed since
Authoritative Server
Obtained from URL
Parameter
Authoritative Server
Obtained from Cookie
Payload Examinations
Successful Payload
Examinations
Identity ID Broadcasts
Description
The number of currently active proxied HTTP requests.
The total number of proxied requests that have been processed since the
Identity Server was started. A request becomes a proxied request when
the request is sent first to a non-authoritative machine.
the Identity Server was started. A request becomes a non-proxied request
when the request is sent first to the authoritative machine.
The total number of authoritative servers identified by using the parameter
from the URL query string since the Identity Server was started.
The total number of authoritative servers identified by using the HTTP
cookie since the Identity Server was started.
The total number of attempted payload examinations to identify the
authoritative server since the Identity Server was started.
The total number of successful payload examinations to identify the
authoritative server since the Identity Server was started.
The total number of attempted Identity ID Broadcasts to identify the
authoritative server since the Identity Server was started.
Maintaining an Identity Server 339