High availability for the policy server

We can enable the replication of the ISAM runtime settings and the certificate database settings to achieve high availability for the policy server. In a clustered environment, the ISAM policy server can run on any node in the cluster. However, configure the policy server on the primary master if we want high availability. To achieve high availability, we must adhere to the following requirements:

We can configure the cluster to replicate the runtime settings and certificate database settings on the Replication tab of the Cluster Configuration page. For information about these settings, see the "Replicate settings across the cluster" details in Manage cluster configuration.

When we enable replication of the runtime settings, the policy server configuration and policy database information is copied from the primary master to every node in the cluster. The keys that are used for SSL communication between the ISAM servers are also distributed across the cluster. If these settings are changed, the primary master sends the updates to the other nodes in the cluster. The following process occurs when we enable replication of the runtime settings from the local management interface of the primary master:

If there are WebSEAL instances or authorization servers, which are configured against a different policy server, we must reconfigure them to use the policy server on the primary master.

If we are using an external directory server with SSL enabled, configure the cluster to replicate the certificate database settings. If we enable this replication setting, the key files for SSL communication with the external directory server are distributed across the cluster.

If the primary master fails, we can promote any other node in the cluster to be the new primary master. The policy server starts automatically on the new primary master. All of the ISAM servers on the other nodes are automatically reconfigured to use the policy server on the new primary master. The ISAM servers can connect to the new policy server without requiring a restart. For information about promoting a node to primary master, see Promoting a node to primary master when the original primary master is unavailable. When a node is promoted to primary master and replication for the runtime settings is enabled, the following process occurs:

When we disable replication of the runtime settings, the policy server configuration and policy database information is removed from the other nodes in the cluster. If we are using the local LDAP on the primary master, the replicated copies of the LDAP files are removed from the other nodes. The WebSEAL instances and authorization servers in the cluster continue to use the policy server on the primary master. After we disable the replication, restart the ISAM server on each node in the cluster.

If the policy server is configured with a local LDAP server as the user registry, high availability is provided. Each node of the cluster contains a read-only replica of the LDAP server used automatically in failover scenarios.

If the LDAP server provided by the primary master becomes unavailable to a node, any authorization servers that run on that node will failover to their local replicas. During this time, only read operations are possible. When the primary master LDAP server becomes available again, the node will automatically revert to normal operation.

Parent topic: Cluster support