000022470 - How to use F5 Networks Big IP to monitor RSA ClearTrust Entitlements Server (EServer) for failover

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022470
Applies ToRSA ClearTrust 5.5.3 Entitlements Server (EServer)
F5 Networks BIG-IP Load Balancer
IssueHow to use F5 Networks Big IP to monitor RSA ClearTrust Entitlements Server (EServer) for failover
The RSA ClearTrust Entitlements Server (EServer) is the only server component that lacks built-in redundancy capabilities. This is due to potential datastore modification conflicts when multiple EServers are running concurrently. According to the ClearTrust Installation and Configuration Guide, "hot" failover can be enabled with F5 Networks' Big IP hardware.
ResolutionF5 Networks Big IP Load Balancer can be configured to determine the status of RSA ClearTrust Entitlements Server (EServer):

1. Configure and deploy a script that enables Big IP to monitor the socket associated with the entitlements server's API port; Big IP will send a telnet request to the socket. If the socket is unresponsive, Big IP will then failover to another EServer.

2. Configure and deploy a script that enables Big IP to submit Java commands to the EServer API port. Using the ClearTrust Administrative API, write a Java program that uses native ClearTrust methods to determine the status of the entitlements server. Big IP can respond to the results of this program and failover to another EServer when appropriate.

NOTE: Because there are instances where the EServer fails to respond to specific requests, even if its API port is open, the second solution is preferable
Legacy Article IDa29766

Attachments

    Outcomes