|Applies To||RSA ClearTrust 5.5.3 Entitlements Server (EServer)|
F5 Networks BIG-IP Load Balancer
|Issue||How to use F5 Networks Big IP to monitor RSA ClearTrust Entitlements Server (EServer) for failover|
The RSA ClearTrust Entitlements Server (EServer) is the only server component that lacks built-in redundancy capabilities. This is due to potential datastore modification conflicts when multiple EServers are running concurrently. According to the ClearTrust Installation and Configuration Guide, "hot" failover can be enabled with F5 Networks' Big IP hardware.
|Resolution||F5 Networks Big IP Load Balancer can be configured to determine the status of RSA ClearTrust Entitlements Server (EServer):|
1. Configure and deploy a script that enables Big IP to monitor the socket associated with the entitlements server's API port; Big IP will send a telnet request to the socket. If the socket is unresponsive, Big IP will then failover to another EServer.
2. Configure and deploy a script that enables Big IP to submit Java commands to the EServer API port. Using the ClearTrust Administrative API, write a Java program that uses native ClearTrust methods to determine the status of the entitlements server. Big IP can respond to the results of this program and failover to another EServer when appropriate.
NOTE: Because there are instances where the EServer fails to respond to specific requests, even if its API port is open, the second solution is preferable
|Legacy Article ID||a29766|