Symantec Access Management

What are the recommendation/best practices to configure secure communication between different stores used by Siteminder

1. Policy and Key store
- Using CA Directory (DSA's are setup on multiple host with replication agreement)

2. User Store
- LDAP (SunOne/Oracle 11g)
- Windows AD

What will be the impact/overhead to performance when using SSL vs non-SSL communication.

Hi all,

Any recommendations for ths one?

Thanks!
Chris

Hi sdomb,

CA does not really have a best practice document around this topic that I can point you to. As always security is a trade of in performance, convenience and security. That being said most companies if they are using siteminder internally only tend not to setup SSL between the policy server and the different stores as you do have to maintain the SSL certs etc.

However most companies that use SiteMinder internally and externally or externally only usually do setup SSL certs for all stores as they are already managing these certs for their web sites as well. Adding a few more does not make this much more difficult.

As to performance, yes there will be some performance overhead with the SSL communication but with today’s high-end systems that most enterprises are deploying this is no longer an issue. Of course your due diligence should include bench mark load testing for both configuration, with SSL and without SSL to make sure the hard ware you have in place can handle the load you need it to.


Hope this helps

Gene