Chapter 4. Configuration and customization 175
4.11 Session Management Server
The Session Management Server solution is most commonly used in a scenario
where client requests are directed by a load balancing mechanism to two or
more replicated WebSEAL servers. The replicated servers are identical. They
contain replica copies of the WebSEAL protected object space, junction
database, and (optionally) dynurl database. The client is not aware of the
replicated front-end server configuration. The load balancing mechanism is the
single point of contact for the requested resource.
The Session Management Server is an independent service that acts as a
centralized session repository for a clustered WebSEAL server environment. The
major function of the Session Management Server is to act as a distributed
session cache.
There are two variations of server clusters:
Multiple servers that present the exact same content (Web site) to users.
The main users of the Session Management Server are replicated Web
security servers organized into groups called replica sets. A
replica set
consists of servers with identical configurations and protected Web spaces,
such that a client session created by one member of a replica set could be
used unmodified by another. Replica sets can provide performance benefits
such as load balancing and high availability.
Multiple servers that present differing, but related, content to users.
These Web sites do not present the same content but typically have single
sign-on requirements between each other and share the Tivoli Access
Manager user registry and Policy Server. A group of replica sets is called a
session realm. Certain policies, including maximum concurrent session policy
and policies affecting credential change, can apply consistently across a
session realm. From the user and administrator points of view, sessions exist
as a single entity across a session realm. All replica sets in a session realm
must use the same DNS domain.
In a case that the Session Management Server is configured to handle session
information for WebSEAL, it is obvious that WebSEAL needs to maintain a stable
connection with the Session Management Server. (WebSEAL returns HTTP
error 503 “Service unavailable” to the client when it does not have an active
connection to a Session Management Server.) In architecting a Session
Management Server solution, we need to consider a WebSphere cluster
environment to avoid a single point of failure for the Session Management Server
configuration.
Get Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
