Configuring IBM MFA for high availability
In general use, the IBM® MFA web services started task needs to run only on one LPAR in a sysplex. However, you can start the IBM MFA web services started task on multiple LPARs that share the same RACF® database for high availability.
Before you begin
- Configure cache token sharing to be C or X so that the cache is shared, as described in Configure IBM MFA STC configuration attributes.
- If using Certificate Authentication, the client Windows system must have the Internet option "Use HTTP 1.1" checked.
- When ordering server certificates to use with IBM MFA web services, ensure that you specify Subject Alternate Names that cover all LPAR names that a user may enter into their browser to reach the server, as described in Configure an AT-TLS profile.