I was wondering if anyone has deployed IBM Tivoli Access Manager in an environment with a load balancer (especially with CSM module).
We have a 6513 with CSM that supports over 20 serverfarms for regular http and https traffic. We are going to use the above product for more security and better access management for one of our web sites. This product has few components with WebSeal to be the main one who gets the request (incoming traffic to a web site) and then does authentication and authorization based on connections to LDAP and a Policy Server.
The first thing I can think is to direct the traffic from firewall (PIX) to this webseal box first and then after it has done its job, just forward it to the VIP on the CSM, so being like an extra box between the PIX and CSM for that specific web site's traffic (and just needs to have the web site's VIP as its default gateway).
If you have any input or link to more information, it will be much appreciated.
P.S. I did not find anything specific to load balancers in the related documents on the IBM web site.
We have just deployed multiple Access Manager environments behind a pair of CSS 11503 for redundancy. The CSS's are configured inline with a pair of 6513's. We have also done this with the older Local Director LD416.
In general to configure WebSEAL behind a load balancer. Setup a virtual address on the front side of the load balancer. This will be the address you will tunnel or nat all the outside traffic to.
Bind the Virtual Address to the address(es) of the WebSEAL servers. In order to keep session state use an IP sticky mode. Otherwise unless you have failover cookies setup, the remote user will loose their session when they come back into the site on another connection.
Then use a single WebSEAL junction with multiple servers to load balance backend resources.
Allow through what ever ports WebSEAL is configured to listen on, usually 80/443, on the front side.
In general it will be internet -> PIX -> 6513 -> CSS -> WebSEAL -> webservers.
The unmanaged mode is also known as Network only switching, which is introduced in Brazos release. It adds the flexibility for customer to use only network automation for service appliance.
If a device is configured a...
Usually, we can access ESXi Shell by pressing Alt+F1 from ESXi DCUI (Direct Console User Interface).
But on HyperFlex system, it just shows black window.
This is expected behavior because HyperFlex redirects ESXi Shell output to SoL...
Configuring an Export Policy Using the GUI
This procedure explains how to configure an Export policy using the APIC GUI. Follow these steps to trigger a backup of your data:
On the menu bar, choose Admi...