Configuring Connection Groups

Contents

Overview

A Connection Group consists of a number of external servers that the Enterprise Gateway connects to (for example, RSA Access Manager servers for authorization). The Enterprise Gateway attempts to connect to all the servers in the group in a round-robin fashion, therefore providing a high degree of failover. If one or more servers are unavailable, the Enterprise Gateway can still connect to an alternative server.

The Enterprise Gateway attempts to connect to the listed servers according to the priorities assigned to them. For example, assume there are two High priority servers, one Medium priority server, and one Low priority server configured. Assuming the Enterprise Gateway can successfully connect to the two High priority servers, it alternates requests between these two servers only in a round-robin fashion. The other group servers are not used. However, if both High priority servers become unavailable, the Enterprise Gateway then tries to use the Medium priority server, and only if this fails is the Low priority server used.

Connection Groups are available in Policy Studio on the External Connections tab according to the filter from which they are available. For example, Connection Sets under the RSA ClearTrust Connection Sets node are available in the RSA Access Manager filter. For more details, see the RSA Access Manager Authorization topic.

Configuring a Connection Group

You can configure a Connection Group using the Connection Group dialog. The external servers are listed in order of priority in the table on the Connection Group dialog. The Enterprise Gateway attempts to connect to the server at the top of the list first. If this server is not available, a connection attempt is made to the second server, and so on until an available server is contacted. If none of the listed servers are available, the client is not authorized and a SOAP fault is returned to the client.

You can increase or decrease the priorities of the listed external servers using the Up and Down buttons. You can add, edit, and delete Access Manager servers using the Add, Edit, and Remove buttons.

Configuring a Connection

You can configure a single connection using the Connection Configuration dialog. To configure a single Access Manager Connection, perform the following steps:

  1. Enter the name or IP address of the machine hosting the selected Access Manager server in the Location field.
  2. Enter the Port on which the specified Access Manager server is listening.
  3. Select a suitable Timeout for connections to this server.
  4. Select the appropriate Connection Type for the Enterprise Gateway to use when connecting to the specified Access Manager server. Connections between the Enterprise Gateway and the Access Manager server can be made in the clear, over Anonymous SSL, or Mutual SSL Authentication (two-way SSL).
  5. If SSL Authentication is selected, you must select an SSL mutual authentication certificate. This certificate is then used to authenticate to the Access Manager server.