Notifying replica databases when the master authorization database is updated

When an administrator makes security policy changes, the policy server adjusts to the master authorization database to reflect these changes. To ensure these changes also are dispersed to any authorization servers with replica databases, we can do one or more of the following:

• Configure a Security Verify Access application server, such as WebSEAL, to poll the master authorization database at regular intervals for updates. By default, polling is disabled.
• Enable the policy server to notify authorization servers each time the master authorization database is updated. This automatic process is recommended for environments where database changes are infrequent. For more information, see Notifying replica databases automatically.
• Notify authorization servers, on demand, after you make updates to the master authorization database. This manual process is recommended for environments where database changes are frequent and involve substantial changes. For instructions, see Notifying replica databases manually.

After you select the method that we want to use to update replica databases (automatic, manual, or both), we can fine-tune settings in the ivmgrd.conf file on the policy server. For more information, see Setting the maximum number of notification threads and Setting the notification wait time.

• Notifying replica databases automatically
  We can enable the policy server to send notifications to authorization servers each time the master authorization database is updated. In turn, the authorization servers automatically request a database update from the policy server.
• Notifying replica databases manually
  When the master authorization database is updated, we can use the PDServer.replicateServer method to send notifications to application servers that are configured to receive database update notifications.
• Setting the maximum number of notification threads
  
• Setting the notification wait time
  There is a time delay between when the policy server updates the master authorization database and when notification is sent to database replicas.

Parent topic: Administer servers