An Access Manager deployment configured as a site allows centralized configuration management for the entire deployment.
Multiple server deployment: Multiple (two or more) Access Manager instances are deployed on at least two different host servers. For example, you might deploy two instances on one server and a third instance on another server. Or you might deploy all instances on different servers. You can also configure the Access Manager instances in session failover mode, if required for your deployment.
Load balancer: One or more load balancers route client requests to the various Access Manager instances. You configure each load balancer according to your deployment requirements (for example, to use round-robin or load average) to distribute the load between the Access Manager instances. A load balancer simplifies the deployment, as well as resolves issues such as a firewall between the client and the back-end Access Manager servers.
You can use a hardware or software load balancer with your Access Manager deployment. For example, for information about the Application Server Load Balancing Plug-in, see the Sun Java System Application Server Enterprise Edition 8.2 Quick Start Guide.
Directory Server: All Access Manager instances access the same Directory Server.
If you have an Access Manager multiple server deployment, use either of these methods to configure your deployment as a site:
If you plan to implement Access Manager session failover, the amsfoconfig script configures a deployment as a site. See Chapter 6, Implementing Session Failover.
If you don't plan to implement session failover, perform these steps the Access Manager Console, as described in this section:
Add the load balancer URL to the Site Name (site ID).
Map the load balancer Site Name (site ID) to each Access Manager instance in the Platform Server List.
Add the load balancer to the Realm/DNS Aliases.
In addition, Access Manager automatically sets the fqdnMap property (in memory) to include the load balancer, so you do not need to explicitly set this property in the AMConfig.properties file.
The following procedure refers to the Access Manager 7.1 Console in Realm Mode.
Log in to the Access Manager Console as amAdmin.
Add the load balancer URL to the Site Name:
In the Access Manager Console, click Configuration, System Properties, and then Platform.
Under Site Name, click New and enter the following values for the load balancer:
Server: Load balancer protocol, host name, and port. For example: http://lb.example.com:80
Site Name: Unique two-digit site identifier (site ID). For example: 10
When you are finished, click OK.
After adding the load balancer to the Site Name, click Save. The entry for the load balancer now includes the site ID. For example: http://lb.example.com:80|10
The site ID must be unique with respect to server IDs and other site IDs. For example, you cannot use 01 for both a site ID and a server ID.
On the same Console panel, map the load balancer to each Access Manager instance:
In the Server list under Instance Name, click each instance name to display the Edit Server Instance panel for the instance.
Map the Site Name (site ID) for the load balancer to the Access Manager instance. For example, using a load balancer with a Site Name of 10, for the first server, the Instance Name would 01|10.
Click OK and repeat the steps for the other Access Manager instances.
When you are finished, all Access Manager instances should be mapped to the load balancer. For example:
http://amserver1.example.com:8080|01|10 http://amserver2.example.com:8080|02|10 http://amserver3.example.com:8080|03|10
Click Save to save the configuration.
Add the Realm/DNS alias for the load balancer:
For clients such as a policy agent, the load balancer (as opposed to the individual Access Manager instances) should be the sole entry point. For example, if you are using a policy agent, modify the appropriate entries in the AMAgent.properties file to point to the load balancer.
The following procedure refers to the Access Manager 7.1 Console in Legacy Mode.
Log in to the Access Manager Legacy Console as amadmin on the first Access Manager host server.
Add each additional instance to the Platform Server List:
Add each additional instance to the DNS Alias List: