Chapter 2. Planning 37
2.2.3 WebSEAL
Access Manager for e-business has several resource managers that build upon
the core infrastructure to provide access control to Web-based applications.
WebSEAL is a high-performance, multi-threaded
reverse proxy that sits in front
of back-end Web applications. It applies a security policy to a protected object
space. WebSEAL can provide single sign-on solutions and incorporate back-end
Web application server resources into its security policy. Because it is
implemented on an HTTP server foundation, it is limited to enforcing policy for
applications communicating with HTTP and HTTPS protocols.
The back-end services to which WebSEAL can proxy are defined via junctions,
which define a set of one or more back-end Web servers that are associated with
a particular URL. Access Manager for e-business 6.0 provides three types of
junctions, which are described in more detail in the following sections. The three
types are:
򐂰 Standard junction
򐂰 Virtual host junction
򐂰 Transparent path junction
Replicated WebSEALs
It is possible to replicate WebSEAL servers for availability and scalability
purposes. There are specific configuration requirements for creating WebSEAL
replicas, and a front-end load balancing service must be used to distribute
incoming requests among the replicas. Also, since each WebSEAL replica, by
default, maintains active session states for its own authenticated users, when
front-end load balancing options for affinity are limited or not available, it is
recommended that the Access Manager Session Management Server (SMS) be
used to maintain state and avoid limitations for policy enforcement, management,
security, and the end user experience.
Note: Configuring a standby Policy Server requires the use of additional
software such as HACMP™ on AIX.
Note: Front-end load balancing metrics should be configured to keep users
sticky to individual instances of WebSEAL. Only when used with the Session
Management Server should metrics such as
round-robin be used.

Get Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0 now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.