Symantec Access Management

  • Private Community

  • 1.  HCO and smhost.conf Settings

    Posted Jun 26, 2015 02:48 PM

    Hi,

     

    I am hoping someone knowledgeable can help answer one question that i don't have complete clarity on.

     

    In smhost.conf the policy servers we define are only for agent start up. if it can't connect to the first one in the list, it'll connect to the second one and download the configurations. Is that correct?

     

    The second question is, in the HCO object.

     

    1. In the first section, what policy servers should i define? Should I define all of them?

    2. What will happen if I have PS defined only in the first section and nothing in the cluster section?

    3. What will happen if I have PS defined only in the cluster section and nothing in the first section?

    4. What will happen if I have PS defined in both first and cluster sections? Is this the only way to achieve load balancing and failover?

     

    Regards,

    Anand.



  • 2.  Re: HCO and smhost.conf Settings
    Best Answer

    Posted Jun 28, 2015 07:53 PM

    Hi Anand,

     

    Web Agents and custom Agents act as trusted hosts by using the information in the SmHost.conf file to locate and make initial connections to a Policy Server. Once the Agent connects to the Policy Server, the initial connections are closed. Any further communication between the Agent and the Policy Server is based on settings in the Host Configuration Object that is located on the Policy Server.

     

    The Policy Servers specified in the smHost.conf file are operating in failover mode. If the primary Policy server is not contactable, it will failover to the next Policy Server in the list.

     

    Beginning with SiteMinder v6.0, failover can occur not only between Policy Servers, but between groups, or clusters, of Policy Servers.

    The cluster functionality also improves server performance by providing dynamic load balancing between the servers in a cluster. With dynamic load balancing, policy operations are automatically distributed between the available servers in a cluster according to the performance capabilities of each server.

     

    Define the first section if you are going ahead with non-clustered servers. Specify the Policy Server(s) that the agents will be referencing and uncheck the "Enable Failover" checkbox if you wish to have the Policy Servers operate in load balancing mode.

     

    You cannot mix clustered and non-clustered servers in a host configuration. So either configure the first section for non-clustered servers or  configure the second section for clustered servers.

     

    Best regards,

    Kelly