3.3 Configuring the Federation Manager Load Balancer

In this phase of the deployment, you set up Load Balancer 9 to manage Federation Manager requests. For more information about the f-5 Networks BIG-IP load balancers used in this deployment, see 2.9 Setting Up Load Balancer Hardware and Software in this manual.

Use the following as your checklist for configuring the Federation Manager Load Balancer:

1. Configure Load Balancer 9 for the Federation Manager Servers.

2. Configure Federation Manager 1 to work with the Federation Manager Load Balancer.

3. Configure Federation Manager 2 to work with the Federation Manager Load Balancer.

4. Verify that the Federation Manager load balancers are working properly.

To Configure Load Balancer 9 for the Federation Manager Servers

Before You Begin

• Contact your network administrator to obtain an available virtual IP address for the load balancer you want to configure.

  You must also know the IP address of the load balancer hardware, the URL for the load balancer login page, and a username and password for logging in to the load balancer application.

  ---

  Note –

  The load balancer hardware and software used in the lab facility for this deployment is BIG-IP® manufactured by F5 Networks. If you are using different load balancer software, see the documentation that comes with that product for detailed settings information.

  ---

• You must also have ready the IP addresses for Federation Manager 1 and Federation Manager 2.

  To obtain these IP addresses, on each Federation Manager host, run the following command:

  ifconfig —a

1. Create a Pool.

   A pool contains all the backend server instances.

   1. Go to URL for the Big IP load balancer login page.

   2. Open the Configuration Utility.

      Click “Configure your BIG-IP (R) using the Configuration Utility.”

   3. In the left pane, click Pools.

   4. On the Pools tab, click the Add button.

   5. In the Add Pool dialog, provide the following information:

      Pool Name

      Example: fm_server_pool

      Load Balancing Method

      Round Robin

      Resources

      Add the IP address of both Federation Manager hosts. In this example:

      192.18.72.89 (for Federation Manager 1)

      192.18.72.86 (for Federation Manager 2)

   6. Click the Done button.

2. Add a Virtual Server.

   If you encounter Javascript errors or otherwise cannot proceed to create a virtual server, try using Microsoft Internet Explorer for this step.

   1. In the left frame, Click Virtual Servers.

   2. On the Virtual Servers tab, click the Add button.

   3. In the Add a Virtual Server dialog box, provide the following information:

      Address

      192.18.69.14 (for LoadBalancer-9.siroe.com )

      Service

      1080

   4. Continue to click Next until you reach the Select Physical Resources page.

      Select Pool, and then choose fm_server_pool from the drop-down list.

   5. On the same page, set the Cookie Name property to fmlbcookie.

   6. Click the Done button.

3. Configure the load balancer for persistence.

   1. In the left frame, click Pools.

   2. Click the name of the pool you want to configure.

      In this example, fm_server_pool.

   3. Click the Persistence tab.

   4. On the Persistence tab, under Persistence Type, select Active HTTP Cookie and set the following:

      Method:

      Insert

      When the Insert method is specified, the first time a server receives a request, the load balancer inserts a cookie and cookie value. On subsequent requests, when the load balancer sees the same cookie name and value, it redirects the request to the same server that received the initial request.

   5. Click Apply.

4. Create a new monitor.

   This monitor will simply indicate whether the Federation Manager servers are running or stopped.

   1. Click the Monitors tab.

   2. Click the Add.

   3. In the Name and Parent window, provide the following information, and then click Next.

      Name

      fm_servers_monitor

      Inherits From

      http

   4. In the Basic Properties window, accept the default values, and then click Next.

      Interval

      5

      Timeout

      16

   5. In the Configure Destination Address and Service window, accept the default values and then click Done.

      The new monitor is added to the list on the Monitors tab.

5. Click the Basic Associations tab.

   1. Find the IP addresses for Federation Manager 1 and for Federation Manager 2

      In this example: 192.18.72.89 for Federation Manager 1, and 192.18.82.86 for Federation Manager 2.

   2. In the Node dropdown list, select fm_servers_monitor.

   3. Mark the ADD box for each IP address, and then click APPLY.

      When you click Nodes in the left frame of the console, you will be able to see if each server is running or stopped.

To Configure Federation Manager 1 to Work with the Federation Manager Load Balancer

1. As a root user, log in to the Federation Manager 1 host.

2. Go to the directory that contains the AMConfig.properties file.

   # cd /var/opt/SUNWam/fm/war_staging/web-src/WEB-INF/classes

3. In the AMConfig.properties file, set the following property:

   com.sun.identity.server.fqdnMap[LoadBalancer-9.siroe.com]=LoadBalancer-9.siroe.com

4. Add the following property:

   com.sun.identity.url.redirect=https,LoadBalancer-9.siroe.com

   This property will be used when you terminate SSL at the Federation Manager load balancer.

5. Add the Federation Manager load balancers to the Organization Aliases list.

   1. Go to the Federation Manager login URL:

      http://Federationmanager-1.siroe.com:8080/federation/UI/Login

   2. Log in to the Federation Manager console:

      User Name:

      amadmin

      Password:

      11111111

   3. Click the Configuration tab. On the General Properties page, Under Organizational Attributes, add the Federation Manager load balancer to the DNS Aliases list.

      In the Add field, enter LoadBalancer-9.siroe.com, and then click Add.

      Click Save.

6. Regenerate the Federation Manager WAR file.

   #cd /opt/SUNWam/fm/bin # ./fmwar -n federation -d /var/opt/SUNWam/fm/war_staging -s /export/fmsilent

7. Redeploy the Federation Manager WAR file.

   See the section To Regenerate and Redeploy the Federation Manager 1 WAR File in this manual.

To Configure Federation Manager 2 to Work with the Federation Manager Load Balancer

1. As a root user, log in to the Federation Manager 2 host.

2. Go to the directory that contains the AMConfig.properties file.

   # cd /var/opt/SUNWam/fm/war_staging/web-src/WEB-INF/classes

3. In the AMConfig.properties file, set the following properties:

   com.sun.identity.server.fqdnMap[LoadBalancer-9.siroe.com]=LoadBalancer-9.siroe.com

4. Add the following property:

   com.sun.identity.url.redirect=https,LoadBalancer-9.siroe.com

   This property will be used when you terminate SSL at the Federation Manager load balancer.

5. Add the Federation Manager load balancers to the Organization Aliases list.

   1. Go to the Federation Manager login URL:

      http://FederationManager-2.siroe.com:8080/federation/UI/Login

   2. Log in to the Federation Manager console:

      User Name:

      amadmin

      Password:

      11111111

   3. Click the Organization tab. Under Organization Attributes, add the Federation Manager load balancers to the DNS Aliases list.

      In the Add field, enter LoadBalancer-9.siroe.com, and then click Add.

      Click Save.

6. Regenerate the Federation Manager 2 WAR file.

   See the section in this manual, To Regenerate and Redeploy the Federation Manager 2 WAR File.

To Verify that the Federation Manager Load Balancers are Working Properly

1. Use the tail command to monitor traffic requests to Federation Manager 1 and Federation Manager 2.

   1. As a root user, log in to the Federation Manager 1 host.

   2. Restart the Federation Manager 1 server:

      # cd /FederationManager-base/SUNWwbsvr/https-FederationManager-2.siroe.com # ./stop; ./start

   3. Use the tail command to monitor the Federation Manager access log.

      # tail —f logs/access

   4. As a root user, log in to the Federation Manager 2 host.

   5. Start the Federation Manager 2 server:

      # cd FederationManager-base/SUNWwbsvr/https-FederationManager-2.siroe.com # ./stop; ./start

   6. Use the tail command to monitor the Directory Server access log.

      # tail —f logs/access

2. Go to the following Federation Manager URL:

   http://LoadBalancer-9.siroe.com:1080/federation/UI/Login

3. Log in to the Federation Manager console:

   User Name:

   amadmin

   Password:

   11111111

   As you log in and log out of the Federation Manager console, you should see in the access log that all requests are going to the same Federation Manager server. This indicates that the load balancer is working properly, and that the persistence setting is properly configured.