You can configure a load balancer to direct network traffic evenly among multiple identity routers in a cluster, and to enable other high-availability features such as keychain synchronization. The load balancer must meet the following requirements.
When queried by a load balancer, the identity router status servlet delivers a text-based report that describes usage and status of the hardware and services running on the identity router.
Note:This information does not apply to the identity router embedded in RSA Authentication Manager.
Identity Router Status Servlet URLs
The status servlet is accessible at https://<identityroutermanagementIP><:port>/status/v2, where:
<identityroutermanagementIP> is the identity router management IP address
<:port> is :9786 for identity routers in the Amazon cloud, identity routers with one network interface, and identity routers deployed in Authentication Manager. This is not required for on-premises identity routers with two network interfaces.
Note:Alternatively, you can use http://<identityroutermanagementIP>:8080/status/v2. Traffic to port 8080 is blocked by the default identity router firewall rules. You must configure a custom firewall rule to access the status servlet on port 8080.
If High Availability is enabled for the cluster, you can also access the status servlet through the portal interface using the following URLs:
Portal Interface URL
Full component-level status
See your load balancer documentation to configure status queries. Your load balancer must have specific capabilities to connect to the identity router. For more information, see Load Balancer Requirements.
Load Balancer Status
Load balancer status, /status/v2/lbstatus, returns OK when all resources and services on the identity router are working. Load balancer status is determined by the .status field of all the Status Indicators listed in /status/v2.
If the identity router cannot connect to the Cloud Authentication Service, the lbstatus is OK because the identity router can still reach the identity source and users can access applications that only require an LDAP directory password. Step-up authentication fails and an error message is logged.
Identity Router Status Servlet Report Description
The following table describes each section of the identity router status report.
General status of the identity router, and the date and time when the status report was last updated.
GlobalStatus.status returns OK when all resources and services on the identity router are working. Cross-site replication does not affect this status.
GlobalStatus.status is determined by the .status field of all the Status Indicators listed in /status/v2, except for CrossSiteReplStatus. If any .status field is Failed, then the GlobalStatus.status is also Failed.
#LAST UPDATE : Tue, 10 May 2016 23:26:20 +0000
RSA SecurID Access Services
Status of RSA SecurID Access services hosted by the identity router.
Active services list, and a count of services in each state (running, paused, stopped).
ServicesStatus.status returns OK when all RSA SecurID Access services are working.
Services related to SSO Agent or RADIUS which are stopped or paused because those features are disabled do not affect this status.