Hello,

we have 3 RPS and 3 AACs, i tried to run the tfim rp config script where it only takes one aac end point while running it and when i try to provide the 2nd aac endpoint it replaces the first one on the /isam junction backend. So i ran tfim rp config script once and manually added other two aac runtime backends manually to /isam junction. All is good until here, but when i look in to the ISAM RP config i see a entry created for 

[isam-fed-autocfg:uuidXXXXXXXXXXXXXX]
junction = /isam
federationRuntimeHost = X.X.X.X

ISAM RP config doesn't allow me to add additional RP configs here, we are on 9.0.4....is there a way to get in multiple aac backends ips in to rps? will this affect my federation setup?

------------------------------
Sairam Durgaraju
Advisor
Cigna
------------------------------

Hello,

I'm pretty sure that the entry you've referred to is there to facilitate unconfig if you were to do that in the wizard.

Manually dding the other AAC runtimes as extra backend junction points is, I think, the right approach.

If you are using Context Based Access or other functions that call direct to AAC then you'd need to add these to the cluster definitions in the RP config file. Search for the AAC address you gave in auto config to find these other references. 

Cheers... Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------

Original Message:
Sent: Fri September 13, 2019 11:46 AM
From: Sairam Durgaraju
Subject: ISAM RP FED CONFIG - MULTIPLE AACs

Hello,

we have 3 RPS and 3 AACs, i tried to run the tfim rp config script where it only takes one aac end point while running it and when i try to provide the 2nd aac endpoint it replaces the first one on the /isam junction backend. So i ran tfim rp config script once and manually added other two aac runtime backends manually to /isam junction. All is good until here, but when i look in to the ISAM RP config i see a entry created for

[isam-fed-autocfg:uuidXXXXXXXXXXXXXX]
junction = /isam
federationRuntimeHost = X.X.X.X

ISAM RP config doesn't allow me to add additional RP configs here, we are on 9.0.4....is there a way to get in multiple aac backends ips in to rps? will this affect my federation setup?

------------------------------
Sairam Durgaraju
Advisor
Cigna
------------------------------

Hi Jon, 

Given only one Runtime Node specified under the configuration stanza(example below) and multiple backend AAC/Fed servers added via junction, Does WebSEAL still ensure load balancing across the replicated servers for AAC/Fed runtimes using a "least-busy" scheduling algorithm.


Example: Only one runtime host added under the stanza,

[isam-fed-autocfg:uuidXXXXXXXXXXXXXX]
junction = /isam
federationRuntimeHost = X.X.X.X


Regards,
Rama

------------------------------
Rama Yenumula
------------------------------

Original Message:
Sent: Fri September 13, 2019 01:35 PM
From: Jon Harry
Subject: ISAM RP FED CONFIG - MULTIPLE AACs

Hello,

I'm pretty sure that the entry you've referred to is there to facilitate unconfig if you were to do that in the wizard.

Manually dding the other AAC runtimes as extra backend junction points is, I think, the right approach.

If you are using Context Based Access or other functions that call direct to AAC then you'd need to add these to the cluster definitions in the RP config file. Search for the AAC address you gave in auto config to find these other references.

Cheers... Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Fri September 13, 2019 11:46 AM
From: Sairam Durgaraju
Subject: ISAM RP FED CONFIG - MULTIPLE AACs

Hello,

we have 3 RPS and 3 AACs, i tried to run the tfim rp config script where it only takes one aac end point while running it and when i try to provide the 2nd aac endpoint it replaces the first one on the /isam junction backend. So i ran tfim rp config script once and manually added other two aac runtime backends manually to /isam junction. All is good until here, but when i look in to the ISAM RP config i see a entry created for

[isam-fed-autocfg:uuidXXXXXXXXXXXXXX]
junction = /isam
federationRuntimeHost = X.X.X.X

ISAM RP config doesn't allow me to add additional RP configs here, we are on 9.0.4....is there a way to get in multiple aac backends ips in to rps? will this affect my federation setup?

------------------------------
Sairam Durgaraju
Advisor
Cigna
------------------------------

Hi Rama,

Like I said, that config entry is just to keep a record of the config for later unconfiguration.  It won't impact load balancing (or anything else).

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------

Original Message:
Sent: Fri September 13, 2019 01:53 PM
From: Rama Yenumula
Subject: ISAM RP FED CONFIG - MULTIPLE AACs

Hi Jon,

Given only one Runtime Node specified under the configuration stanza(example below) and multiple backend AAC/Fed servers added via junction, Does WebSEAL still ensure load balancing across the replicated servers for AAC/Fed runtimes using a "least-busy" scheduling algorithm.


Example: Only one runtime host added under the stanza,

[isam-fed-autocfg:uuidXXXXXXXXXXXXXX]
junction = /isam
federationRuntimeHost = X.X.X.X


Regards,
Rama

------------------------------
Rama Yenumula

Original Message:
Sent: Fri September 13, 2019 01:35 PM
From: Jon Harry
Subject: ISAM RP FED CONFIG - MULTIPLE AACs

Hello,

I'm pretty sure that the entry you've referred to is there to facilitate unconfig if you were to do that in the wizard.

Manually dding the other AAC runtimes as extra backend junction points is, I think, the right approach.

If you are using Context Based Access or other functions that call direct to AAC then you'd need to add these to the cluster definitions in the RP config file. Search for the AAC address you gave in auto config to find these other references.

Cheers... Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Fri September 13, 2019 11:46 AM
From: Sairam Durgaraju
Subject: ISAM RP FED CONFIG - MULTIPLE AACs

Hello,

we have 3 RPS and 3 AACs, i tried to run the tfim rp config script where it only takes one aac end point while running it and when i try to provide the 2nd aac endpoint it replaces the first one on the /isam junction backend. So i ran tfim rp config script once and manually added other two aac runtime backends manually to /isam junction. All is good until here, but when i look in to the ISAM RP config i see a entry created for

[isam-fed-autocfg:uuidXXXXXXXXXXXXXX]
junction = /isam
federationRuntimeHost = X.X.X.X

ISAM RP config doesn't allow me to add additional RP configs here, we are on 9.0.4....is there a way to get in multiple aac backends ips in to rps? will this affect my federation setup?

------------------------------
Sairam Durgaraju
Advisor
Cigna
------------------------------

Thank you Jon, this is helpful !

------------------------------
Sairam Durgaraju
Advisor
Cigna
------------------------------

Original Message:
Sent: Fri September 13, 2019 02:47 PM
From: Jon Harry
Subject: ISAM RP FED CONFIG - MULTIPLE AACs

Hi Rama,

Like I said, that config entry is just to keep a record of the config for later unconfiguration.  It won't impact load balancing (or anything else).

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Fri September 13, 2019 01:53 PM
From: Rama Yenumula
Subject: ISAM RP FED CONFIG - MULTIPLE AACs

Hi Jon,

Given only one Runtime Node specified under the configuration stanza(example below) and multiple backend AAC/Fed servers added via junction, Does WebSEAL still ensure load balancing across the replicated servers for AAC/Fed runtimes using a "least-busy" scheduling algorithm.


Example: Only one runtime host added under the stanza,

[isam-fed-autocfg:uuidXXXXXXXXXXXXXX]
junction = /isam
federationRuntimeHost = X.X.X.X


Regards,
Rama

------------------------------
Rama Yenumula

Original Message:
Sent: Fri September 13, 2019 01:35 PM
From: Jon Harry
Subject: ISAM RP FED CONFIG - MULTIPLE AACs

Hello,

I'm pretty sure that the entry you've referred to is there to facilitate unconfig if you were to do that in the wizard.

Manually dding the other AAC runtimes as extra backend junction points is, I think, the right approach.

If you are using Context Based Access or other functions that call direct to AAC then you'd need to add these to the cluster definitions in the RP config file. Search for the AAC address you gave in auto config to find these other references.

Cheers... Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Fri September 13, 2019 11:46 AM
From: Sairam Durgaraju
Subject: ISAM RP FED CONFIG - MULTIPLE AACs

Hello,

we have 3 RPS and 3 AACs, i tried to run the tfim rp config script where it only takes one aac end point while running it and when i try to provide the 2nd aac endpoint it replaces the first one on the /isam junction backend. So i ran tfim rp config script once and manually added other two aac runtime backends manually to /isam junction. All is good until here, but when i look in to the ISAM RP config i see a entry created for

[isam-fed-autocfg:uuidXXXXXXXXXXXXXX]
junction = /isam
federationRuntimeHost = X.X.X.X

ISAM RP config doesn't allow me to add additional RP configs here, we are on 9.0.4....is there a way to get in multiple aac backends ips in to rps? will this affect my federation setup?

------------------------------
Sairam Durgaraju
Advisor
Cigna
------------------------------

Hi Jon, 

Given, only one RuntimeHost(example below) entry under WebSEAL configuration and multiple AAC/Fed runtime servers added under WebSEAL junction, does WebSEAL still provide load balancing across the replicated  AAC/Fed runtime servers using a "least-busy" scheduling algorithm.

Example configuration as as provided in the original message:

[isam-fed-autocfg:uuidXXXXXXXXXXXXXX]
junction = /isam
federationRuntimeHost = X.X.X.X

Regards,
Rama

------------------------------
Rama Yenumula
------------------------------

Original Message:
Sent: Fri September 13, 2019 01:35 PM
From: Jon Harry
Subject: ISAM RP FED CONFIG - MULTIPLE AACs

Hello,

I'm pretty sure that the entry you've referred to is there to facilitate unconfig if you were to do that in the wizard.

Manually dding the other AAC runtimes as extra backend junction points is, I think, the right approach.

If you are using Context Based Access or other functions that call direct to AAC then you'd need to add these to the cluster definitions in the RP config file. Search for the AAC address you gave in auto config to find these other references.

Cheers... Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Fri September 13, 2019 11:46 AM
From: Sairam Durgaraju
Subject: ISAM RP FED CONFIG - MULTIPLE AACs

Hello,

we have 3 RPS and 3 AACs, i tried to run the tfim rp config script where it only takes one aac end point while running it and when i try to provide the 2nd aac endpoint it replaces the first one on the /isam junction backend. So i ran tfim rp config script once and manually added other two aac runtime backends manually to /isam junction. All is good until here, but when i look in to the ISAM RP config i see a entry created for

[isam-fed-autocfg:uuidXXXXXXXXXXXXXX]
junction = /isam
federationRuntimeHost = X.X.X.X

ISAM RP config doesn't allow me to add additional RP configs here, we are on 9.0.4....is there a way to get in multiple aac backends ips in to rps? will this affect my federation setup?

------------------------------
Sairam Durgaraju
Advisor
Cigna
------------------------------