Synchronizing User Records - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SECURE ACCESS DEVICES GUIDE REV 01 Manual

CHAPTER 19

Synchronizing User Records

Copyright © 2010, Juniper Networks, Inc.
User record synchronization relies on client/server pairings. The client is the Secure Access
appliance that users log in to start their remote access. Each client is associated with
one primary server and one backup server to store user record data. Clients can be
individual appliances or a node within a cluster.
A server in this instance is the Secure Access appliance that stores the user record data.
Each server can be configured to replicate its user record data to one or more peer servers.
Servers are identified by a user-defined logical name. The same logical name can be
assigned to more than one authentication server to let you associate authentication
servers of different types to the same user. For example, SA1 is an ACE authentication
server with user1 who creates a bookmark to
authentication server with the same user1. For the
transferred from SA1/ACE/user1 to SA2/AD/user1 you would assign the logical name
"Logical1" to both the ACE server on SA1 and the Active Directory server on SA2.
As long as the logical name is the same, the authentication servers can be different types
and can have different server names and still be associated with a common user. The
username must be the same for user record data to be synchronized across the servers.
The logical authentication server (LAS) and username combination is what uniquely
identifies a user record.
The following user records are synchronized between the client and server:
Bookmarks
Web
File
Terminal Services
JSAM
Preferences
Persistent cookies
. SA2 is an Active Directory
www.juniper.net
www.juniper.net bookmark to be
277