Planning for high availability with IBM Security Access Manager
Plan for a high availability deployment with IBM® Security Access Manager reverse proxy instances.
When there are multiple back-end servers, session affinity in IBM Security Access Manager can only be configured for the same junction.
To achieve high availability when IBM Security Access Manager is fronting IBM Security Privileged Identity Manager, you must ensure that all subsequent requests across the different junctions from a IBM Security Privileged Identity Manager client during the same session are forwarded to the same IBM Security Privileged Identity Manager virtual appliance.
Figure 1. High availability with IBM Security Access Manager reverse proxy
The suggested configuration consists of the following
elements:
- 1 IBM Security Access Manager Reverse Proxy fronting 1 IBM Security Privileged Identity Manager virtual appliance.
- 1 IBM Security Access Manager virtual appliance can have more than 1 IBM Security Access Manager Reverse Proxy depending on the virtual appliance capacity.
- A Load Balancer with session affinity enabled to manage the IBM Security Access Manager Reverse Proxies.
- In the PIM VA Load Balancer Configuration, set the Load Balancer DNS to point to the Load Balancer.