6.10. Group Manager Details

6.10.1. Group Manager Configuration

Every server has a group manager module that monitors availability and facilitates redirection. It is coupled with the Authentication Manager.

In setting policies, the Authentication Manager uses the selected authentication modules and decides what tokens are valid and which users have access.


The same policy must exist on every server in the failover group or undesirable results might occur.

The Group Managers create maps of the failover group topology by exchanging keepalive messages among themselves. These keepalive messages are sent to a UDP port (typically 7009) on all of the configured network interfaces. The keepalive message contains enough information for each Sun Ray server to construct a list of servers and the common subnets that each server can access. In addition, the Group Manager tracks the last time that a keepalive message was received from each server on each interface.

The keepalive message contains the following information about the server:

The last two items are used to facilitate load balancing.

The information maintained by the Group Manager is used primarily for server selection when a token is presented. The server and subnet information is used to determine the servers to which a given client can connect. These servers are queried about sessions belonging to the token. Servers whose last keepalive message is older than the timeout are deleted from the list, because either the network connection or the server is probably down.

6.10.1. Group Manager Configuration

The Authentication Manager configuration file, /etc/opt/SUNWut/auth.props, contains properties used by the Group Manager at runtime. The properties are:

  • gmport

  • gmKeepAliveInterval

  • enableGroupManager

  • enableLoadBalancing

  • enableMulticast

  • multicastTTL

  • gmSignatureFile

  • gmDebug

  • gmTarget


These properties have default values that are rarely changed. Only Oracle support personnel should direct you to change these values to help tune or debug your systems. Any properties that are changed must be changed for all servers in the failover group because the auth.props file must be the same on all servers in a failover group.

Property changes do not take effect until the Authentication Manager is restarted, which you can do by performing a warm restart of the Sun Ray services.