We know that for protecting web resources using CA Siteminder ,we have to install the Agents on the servers on which the resources are hosted.But what happens if there are multiple virtual servers on a single physical server.Lets discuss what features does Siteminder have to deal with Virtual Servers.
Each virtual server is a logical entity and acts as an independent server.Suppose, using virtual servers, we set up a single server to host both www.abc.com and www.xyz.com. One can assign a unique IP address to a virtual server or an IP address that is shared with the physical server or another virtual server.
Although we configure only one Web Agent per Web Server, we can configure Agent identities to protect our virtual servers. If one user tries to access the protected resources on the server through www.abc.com and another user tries through the server www.xyz.com , each server is protected by an agent identity. The advantage of creating an agent identity for each virtual server is that we can define unique realms and rules for each site.
The settings that we define for the Web Agent apply to all virtual servers that we define for that Web server instance; however, each virtual server processes requests independently and the Policy Server treats each virtual server request
separately. However, if we have more than one instance of the iPlanet Web server, such as a server for HTTP communication and a server for HTTPS communication, two WebAgent.conf files exist. Each file can have multiple agent identities.
To configure support for virtual servers, we need to do one of the following three:
- ? Define and add an Agent identity for each virtual server, specify an agent name and assign it the IP address of a virtual server.
- ? Define an Agent identity only for virtual servers that need to be uniquely identified.
- ? Use the DefaultAgentName parameter.
Defining Agent Identities for Virtual Servers:
The Agent Name parameter and its associated IP address provide mapping for Web server interfaces to agent names as defined in the policy store. Web Agents need to make Agent API calls in the proper agent name context in order for the correct set of rules and policies to apply. If no Agent name or IP address is assigned for mapping to the policy store, then the Web Agent will use the default agent name.
To protect virtual servers using unique Agent identities, add a Web Agent for each virtual server in the Agent Name parameter. Adding separate Web Agents for each virtual server enables we to define unique realms and rules for each
To add a Web Agent identity:
1. Enter the name of the agent and the IP address, separated by a comma.
2. Optionally, specify the port number associated with the IP address (for example: 22.214.171.124:8080). We may want to specify the port number if our virtual servers share the same IP address, but use different ports.
To add more than one Agent, place each entry on a separate line. For example:
If we add an Agent Identity, also define it in the Policy Server User Interface with the same configuration. Make sure that the Agent Identity is defined in Policy Server User Interface exactly as it is defined for the Agent configuration