Deployment Example 1: Access Manager 7.1 Load Balancing, Distributed Authentication UI, and Session Failover

1.2 Key Features of Deployment

All components (including installations of Access Manager and Directory Server, the Distributed Authentication User Interface, and policy agents) are redundant to achieve high availability.
All components use ZIP-based installation.
All components use load-balancing for session failover and high performance.
Each Directory Server contains two instances:
1. am-config stores Access Manager configuration data.
2. am-users serves as the LDAP v3 data store for user entries.
The environment includes one service access interface for external users and agents, and a separate service access interface for internal administrators.
Access Manager servers are configured to run as non-root users.
The environment is configured for system failover capability, ensuring that when one Access Manager server goes down, requests are redirected to the second Access Manager server.

Caution –
It is important to note that system failover, by itself, does not ensure Access Manager session failover. Session failover is configured separately.
The environment is configured for session failover capability. Session failover ensures that when the Access Manager server where the user's session was created goes down, the user's session token can still be retrieved from a backend session database. Thus, the user is continuously authenticated, and does not have to log into the system again unless the session is invalidated as a result of logout or session expiration.
Communications to the load balancer for the Access Manager servers and to the load balancer for the Distributed Authentication User Interface are in Secure Sockets Layer (SSL). SSL is then terminated and communications between the load balancers and their respective components is non-SSL.
Policy agents are configured with a unique agent profile to authenticate to Access Manager.
The Distributed Authentication User Interface uses a custom user profile to authenticate to Access Manager instead of the default amadmin or UrlAccessAgent.