IBM Security Access Manager for Enterprise Single Sign-On, Version 8.2.1

Load balancing and clustering

You can achieve high availability for the IMS Server by setting up multiple hosts with the IMS Server. Use a load balancer as the deployment front end with session-awareness and automatic failover capabilities.

The IMS Server architecture consists of multiple tiers:
  • Load balancer
  • Web server-tier (IBM® HTTP Server)
  • Application-tier (WebSphere® Application Server)
  • Data-tier (For example, DB2®, Oracle or Microsoft SQL Server)
Figure 1. A multi-tiered deployment with a load balancing IP infrastructure as the deployment front end for distributing client requests.The diagram shows a multi-tiered deployment with separate tiers for the data, application, and web server.

The load balancer routes traffic to the Web Server tier, which in turn routes traffic to the Application Server tier. The load balancer is responsible for distributing incoming requests evenly to a collection of IMS Servers on the application-tier. By using a load balancer with session affinity, traffic from each client is always routed to the same IBM HTTP Server.

To set up a cluster for network deployment, see "Setting up a cluster (network deployment)" in the IBM Security Access Manager for Enterprise Single Sign-On Installation Guide.

Load balancing considerations on Windows platforms

If the IBM HTTP Server is deployed on a computer running Windows Server 2003 or later, leverage on the built-in Microsoft Network Load Balancing Service.

Microsoft Network Load Balancing Service acts as a software-based load balancer to the Web Server tier. In this case, there is no need for a separate load balancer hardware component in front of the Web Server tier.

In this setup, the Microsoft Cluster Service must not be enabled on the host machines for IBM HTTP Server. Microsoft does not support running Network Load Balancing Service and Microsoft Cluster Service on the same computer.

Load balancer requirements and considerations

The IMS Server can work with any regular IP-based load balancer. The load balancer can be a hardware-based appliance or a software-based equivalent.

For network deployment

In this configuration, it does not matter whether the IBM HTTP Server is on the same host as the WebSphere Application Server or not. Each IBM HTTP Server can send requests to any WebSphere Application Server instances, on the same, or different host. However, make sure that the WebSphere Application Server plug-in on each IBM HTTP Server node is configured properly.

The load balancer must have the following capabilities:

  • Can load balance across the IBM HTTP Server nodes, and
  • Can perform failover if a node is non-responsive.
  • Can ensure client or session affinity by routing traffic from the same AccessAgent client or session to the same IBM HTTP Server node.
  • Can ping a static IBM HTTP Server web page to verify whether the IBM HTTP Server node is available or not.
Note:
You can run a script to monitor whether the IMS Server or the entire IMS Server cluster is up or down. To enable this script, go to https://<IMS Server>/ims/sentinel.jsp.
  • To monitor a single IMS Server, set the <IMS Server> to the host IP of the IMS Server.
  • To monitor the entire IMS Server cluster, set the <IMS Server> to the virtual IP or FQDN of the IMS Server cluster.
The script accesses a sentinel page that returns the following messages:
  • OK if the IMS Server is active.
  • ERROR if the IMS Server is down.
Parent topic: Planning for high availability and disaster recovery

Feedback