Symantec Access Management

  • Private Community

  • 1.  CA Directory:  Same DSA for Policy and Session Store?

    Broadcom Employee
    Posted Feb 09, 2018 11:08 AM

    I know that the PolicyStore and SessionStore share the same schema, but is it common to use the same DSA for both roles?  The documentation advises some different settings for the SessionStore, such as cache-index of all attributes for a policy store and a specfic list of attributes for a session store.  It's also recommended that you disable the transaction log and transaction log flushing for a session store.  There are additional differences, but I'll stop here and wait to see what is the common wisdom regarding using the same DSA as both PolicyStore and SessionStore.

     

    P.S.  This question was stimulated by this post:

    https://communities.ca.com/message/242038614-re-ca-directory-how-to-replicate-from-a-particular-server



  • 2.  Re: CA Directory:  Same DSA for Policy and Session Store?
    Best Answer

    Posted Feb 09, 2018 11:45 AM

    Rich

     

    It is better to keep the PStore and SStore separate due to configurations, architectural, performance and replication frequency reasons.

     

    We can keep it same for PoC's or Demo's e.g. I have used OU's in the same DSA to differentiate data e.g. OU=UStore, OU=pstore and OU=sstore. But never designed the same together in a single DSA for a customers DEV / TEST / PROD setups.

     

    Regards

    Hubert



  • 3.  Re: CA Directory:  Same DSA for Policy and Session Store?

    Broadcom Employee
    Posted Feb 12, 2018 03:09 PM

    Thanks HubertDennis, that's the answer I wanted to see!