Symantec Access Management

  • Private Community

  • 1.  CA Directory Load Balancing

    Posted Dec 26, 2017 08:08 PM

    Hi All,

     

    We have 3 CA directory servers(12 SP18) with each server having DSA's for IMCD and SMPS. Multiwrite Replication has been set among the DSA's on all 3 servers. In IDM directory and SiteMinder Policy store/User store configuration, these CA directories are listed in same sequence like A,B,C. We haven't configured DXRouter for load balancing.

     

    Lately, we have observed that almost 90% LDAP calls are routed to CA Directory server A and other servers are under utilized.

     

    How can we load balance CA directory servers rather than routing all requests to one server? We are looking for recommendations to evenly distribute the LDAP requests to all 3 CA Directory servers which will help in better response time and maximum throughput.

     

    Thank you !

     

    Regards,

    VK



  • 2.  Re: CA Directory Load Balancing

    Broadcom Employee
    Posted Dec 27, 2017 06:43 AM

    Load Balancing in CA directory is achieved by having router DSA and setting  DSA flag to load-share in DSA Knowledge file.  

     

    Load sharing lets a router DSA distribute incoming requests evenly among all DSA's in the same site that serve the same namespace partition. This improves performance.

    More info can be found at Load Sharing - CA Directory - 12.6 - CA Technologies Documentation 



  • 3.  Re: CA Directory Load Balancing

    Posted Dec 28, 2017 07:07 PM

    Thanks chive08 for your inputs!

     

    I'll have look and implement it in Test environment.



  • 4.  Re: CA Directory Load Balancing

    Posted Dec 29, 2017 12:10 PM

    Quick question on using a router DSA. In the above example could the routers be on the same server? Or is it recommended to be on separate servers? 



  • 5.  Re: CA Directory Load Balancing

    Posted Dec 29, 2017 02:01 PM

    Brian brian.w.jones

     

    The ROUTER can be on any server.

     

    • ROUTER on a standalone server of its own.
    • ROUTER and DATA DSA on same server.
    • ROUTER and APP on same server.
    • TWO ROUTERS on the same server (may be).


  • 6.  Re: CA Directory Load Balancing

    Posted Dec 30, 2017 11:29 AM


  • 7.  Re: CA Directory Load Balancing

    Broadcom Employee
    Posted Dec 28, 2017 11:04 AM

    You may also find this thread useful, given the technology context you provided (IdM, SSO).

    Create this Provisioning Load Balancing Tech Note? 

    There are a few components that you can use from this note - CA Directory Implementation Document Index - CA Technologies



  • 8.  Re: CA Directory Load Balancing

    Posted Dec 28, 2017 07:08 PM

    StefanLesaru - Thanks for your help !

     

    Tech Note provided by you is not accessible to me.



  • 9.  Re: CA Directory Load Balancing

    Broadcom Employee
    Posted Dec 29, 2017 10:58 AM

    Thank you @VVK. I realized that some material is accessible only internally - i.e. the newly created materials for that TechNote.

    The existing TechNotes should be retrievable via the CA Support site. The Directory Implementation library - CA Directory Implementation Document Index - CA Technologies , is externally available, and protected documents are accessible using the CA Support account.