Sample High-Availability Installation

Before you install , consider the goals for your implementation. For example, one goal could be a resilient implementation that consistently provides good performance. Another goal could be scalability.
cim1268
Before you install
Identity Manager
, consider the goals for your implementation. For example, one goal could be a resilient implementation that consistently provides good performance. Another goal could be scalability.
A high-availability implementation provides the following features:
  • Failover -- Switches to another system automatically if the primary system fails or is temporarily offline for any reason.
  • Load balancing -- Distributes processing and communications activity evenly across a computer network so that performance remains good and no single device is overwhelmed.
  • Various deployment tiers that provide the flexibility to serve dynamic business requirements.
To provide these high-availability features, the following implementation options exist:
  • The
    Identity Manager
    Server can be installed on an application server cluster to allow the failover to any of the node in the cluster, providing uninterrupted access to users. The application server can be a 64-bit format, which provides better performance than a 32-bit application server.
  • The Provisioning Server uses a CA Directory router to route traffic to a Provisioning Directory.
  • Identity Manager
    includes connector servers that you configure per-directory or per-managed systems. Installing multiple connector servers increases resilience. Each connector server is also an LDAP server, similar to the Provisioning Server.
Example High Availability Installation
The following diagram is an example that provides high availability for the
Identity Manager
Server, Provisioning Server, Provisioning Directory, and CA Single Sign-on (formerly known as SiteMinder) Policy Server. The use of alternate components and clusters provide the high availability features.
Image of a sample High Availability Installation
Image of a sample High Availability Installation
In addition to illustrating high availability, this figure shows the different platforms that are used for the components comparing to the SiteMinder illustration. For example, the database uses Oracle instead of Microsoft SQL Server, which appeared in the previous illustration.
Identity Manager
Server Architecture
A
Identity Manager
implementation may span a multi-tiered environment that includes a combination of hardware and software, including three tiers:
  • Web Server tier
  • Application Server tier
  • Policy Server tier (optional)
Each tier may contain a cluster of servers that perform the same function to share the workload for that tier. You configure each cluster separately, so that you can add servers only where they are needed. For example, in a clustered
Identity Manager
implementation, a group of several systems may all have a
Identity Manager
Server installed. These systems share the work that
Identity Manager
Server has performed.
Nodes from different clusters may exist on the same system. For example, an application server node can be installed on the same system as a Policy Server node.
Provisioning Components Architecture
Provisioning provides high availability solutions in the following three tiers:
  • Client tier
    The clients are the
    Identity Manager
    User Console,
    Identity Manager
    Management Console and the Provisioning Manager. You can group clients that are together based on their geographic locations, organizational units, business functions, security requirements, provisioning workload, or other administration needs. Generally, we recommend keeping clients close to the endpoints they manage.
  • Provisioning Server tier
    Clients use primary and alternate Provisioning Servers, in order of their failover preference. Client requests continue to be submitted to the first server until that server fails. In other words, the connection stays active until the server fails. If a failure occurs, the client reviews the list of configured servers in order of preference to find the next available server.
    The Provisioning Server can have multiple connector servers in operation. Each connector server handles operations on a distinct set of endpoints. Therefore, your organization could deploy connector servers on systems that are close in the network to the endpoints. For example, assume that you have many UNIX /etc endpoints. In such case, install one connector server on each server so that each connector server controls only the endpoints on the server where it is installed.
    Installing Connector Servers close to the endpoints also reduces delays in managing accounts on endpoints.
  • CA Directory tier (Provisioning Directory)
    Provisioning Servers uses a CA Directory router to send requests to primary and alternate Provisioning Directories in order of preference.