Symantec Access Management

To do a High Availability for CA SSO with CA Directory as policy store how many boxes do I need? 2 CA Directory and 2 Policy store connected to 1 UI? 

There is no magic number. Having a pair is good enough to get started.

How many do you actually need, depends upon the amount of load you expect, your fault tolerance, geographical distribution of the environment  etc..

Have you read through this ?:

Architectural Use Cases - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation 

Yes. I have read. I am in my test environment. And looking for minimum number of boxes to do a High Availability of CA Directory as policy store. Having 2 CA directory and 2 policy store is needed, is mu opinion. IS that correct?

Yes, if you are testing failover of policy store you will need minimum of two policy store.

Same case for Policy server.

But keep in mind there is no reason to put the policy store on a separate box, especially when it is CA directory. The policy store is a relatively static data set stored in memory. Having the policy store and policy server coexist on the same server is a fairly common pattern. 

In fact you could just as easily do an adminui on the policy server as well in a small environment. 

Just wanted to add for consideration, that for HA tests it is always better to have separate boxes so you can perform network availability tests as well, and it always give you more possibilities for the tests, while the best option is to try to match the deployment you would have in production as long as you can.

We do co locate policy server and policy store in production.  Rusty pattern holds through in all environments.  

There is almost no reason no to put both on the same server for the vast majority of SSO implementations. 

Jason