1.1 Key Features of This Deployment Example

• All components such as Directory Servers, Access Manager Servers, Distributed Authentication UI servers, and Policy Agents are redundant to achieve high availability.

• Both Web Policy Agents and J2EE Policy Agents are used to protect resources in the environment.

• All components use load-balancing for system failover and for high availability.

• Each Directory Server contains three instances: one named ds-config for storing Directory Server configuration, one named am-config for storing Access Manager configuration, and one named am-users for storing Access Manager users. The am-users instance serves as the LDAPv3 user data store.

• The environment includes one service access interface for external users and agents, and a separate service access interface for internal administrators.

• Actual firewalls were not used in this deployment. However, critical components such as Access Manager and Directory Server can be protected by three firewalls as illustrated in Figure 1–1. In this illustration, only simple components and interfaces are exposed to the Internet in a minimally-secured zone known as the DMZ.

• Access Manager servers are reconfigured to run as non-root users.

• The environment is configured for system failover capability. System failover ensures that when one Access Manager server goes down, requests are redirected to a second Access Manager server. It is important to note that system failover, by itself, does not ensure Access Manager session failover.

• The environment is configured for session failover capability. Session failover ensures that when the Access Manager server where the user's session was created is stopped, the user's session token can still be retrieved from a backend session database. The user is continuously authenticated, and does not have to log into the system again unless the session is invalidated. For example, a session is invalidated when the logout occurs or when the session expires.

• An existing LDAPv3 user data store is integrated into the environment.

• SSL is terminated at the load balancer for Access Manager servers and at the load balancer for Access Manager Distributed Authentication UI servers. In this deployment example, communication to each of these load balancers is in SSL, and communication between the load balancer and the server is non-SSL.

• Each policy agent in the deployment is configured with a unique agent profile used by the agent to authenticate itself to Access Manager.

• The Distributed Authentication UI servers use a custom user profile to authenticate to Access Manager instead of a default of amadmin or UrlAccessManager.