Directory failover and load balancing

Since the Directory is the main role that manages all entity configuration in your system, you must ensure that the Directory service is always available, and does not become overloaded.

The Directory service is available as long as its two components are available:
The Directory Manager role handles Directory failover and load balancing for your system. It manages failover for the Directory role and Directory database independently, allowing you to have separate lists of servers assigned to host the two components. These two lists of servers can overlap or be completely separate.
NOTE: There can only be one Directory Manager role in your system. It is created automatically when your software license supports multiple Directory servers.

Differences between Directory servers and the main server

To configure Directory failover and load balancing, you must know the difference between Directory servers and the main server.
  • Directory server: Click to hide description
    Servers assigned to host the Directory role. The Directory role can run on five Directory servers simultaneously for load balancing. They distribute the workload for credential authentication, software license enforcement, Directory database report queries, and so on.

    Users can log on to Security Center through any of the Directory servers. By default, the Directory Manager redirects the connection requests across all Directory servers in a round robin fashion, but you can bypass load balancing on specific workstations as necessary.

  • Main server: Click to hide description
    The primary Directory server in your system (). It has full read/write access to the Directory database. If your system is configured for Directory failover and load balancing, the additional Directory servers () only have read access to the database.

When a Directory server fails, only the client applications connected to Security Center through that server must reconnect. If the main server fails, then all clients on the system must reconnect, and the responsibility of being the main server is passed down to the next Directory server in the failover list.