Symantec Access Management

Experts,

We are using CA SPS 12.52 however ProxyUI is not configured so we manage the proxyrules manually on  each (12 SPS) servers. We have about 70 virtulhosts and few of them contains about 600-800 applications.

The main issue is around the placement of new applications rules (~5 -10) and I know SPS works on the "First Match" principle. I would like to know if there are any best practices followed to manage the proxyrules file.

SelvaS

For the question on Managing ProxyRules.xml

If ProxyUI was enabled, one could take benefit of the SPS GROUP FEATURE, which allows one to manage SPS on different servers using a single UI.

Since in your case ProxyUI is not configured. You could use an automated (e.g. in PERL) script which pushes the proxyrules.xml to all SPS Machines (before pushing does a backup too).

On a side note,

1. Do you perform housekeeping of ProxyRules.xml i.e. stuff that are no longer needed - could be removed. This would also better the performance of evaluation.
2. Since we are pushing proxyrules (with additions and deletions) in automated fashion; make sure the proxyrule changes are exercised in a staging server in Production. We need to think this carefully, as we cannot exercise the rules in PreProdn and move'em blindly into production mainly due to the fact that servers and hostname would different across envs. 

Regards

Hubert