CA Single Sign-On Tech Tip by Patrick Dussault, Support Engineer for June the 26th 2015.
Question :
Starting the Policy Server, I always see messages concerning the
secondary cache. What is the use of the secondary cache ?
Answer :
The presence of the Primary Cache is to prevent LDAP and
ODBC reads to the Policy Store. But having only the Primary
Cache causes problem.
When a modification is made to the Policy Store data, the Policy Server
has to set a lock on the Primary Cache to load the modifications.
The lock had the effect to delay protection, authentication
and authorization processing in the Policy Server.
To overcome this problem, the Policy Server uses 2 caches : a Primary
and a Secondary. When it starts, the Policy Server initializes both
Caches and fill the Primary Cache with data got from the Policy Store.
The Secondary Cache is initialized but maintained empty until the
Primary Cache need to be updated.
When a modification occurs to the Policy Store Data such as Domain, Realm,
Policies, etc. the Policy Server makes a copy of the data from the Primary
Cache to the Secondary one, and once done, it marks the Secondary Cache as the
active one. Then the Policy Server can update the data in the Primary Cache
without harming the protection, authentication and authorization processes.
Once the Primary Cache Data are up to date, the Policy Server
marks it back as the active one.