Symantec SiteMinder Best Practices: Enable Dynamic Host Configuration Object (HCO)

When a Symantec SiteMinder Web Agent is installed and successfully registered to the SiteMinder Policy Server, the wizard creates a Host Configuration File (SmHost.conf) in the following location: 

$web_agent_home/config. 

The agent uses settings in the SmHost.conf file during the initialization phase of each web server child process. Within the SmHost.conf file is a parameter which identifies the Host Configuration Object that the agent uses for it’s runtime settings.

By default, each SiteMinder Web Agent is NOT configured to support Dynamic Host Configuration Objects. This can be troublesome for organizations who require changes (either Policy Server’s being added or removed) in a standard OR clustered HCO configuration as such a change would require the web agent to be restarted to take effect.

Configuring the SiteMinder Web Agent to support Dynamic HCO’s will prevent the web agent from requiring a restart for: 

1) Adding or Removing new policy servers to the HCO or 

2) Adding or Removing a single policy server from a Cluster within the HCO.

A Symantec SiteMinder Policy Server needs to be taken offline from processing but remains active. By removing the SiteMinder Policy Server from the HCO, the web agents will no longer send requests to the removed policy server and no agents will require restarts.

Prerequisites

  • The SiteMinder Web Agent must be installed.
  • The SiteMinder Web Agent configuration must be completed successfully.

Needs to Know

  • By default, the default setting is not defined in SmHost.conf. When not defined, the default is “NO”.
  • Changing any value in the SiteMinder Web Agent’s SMHost.conf file will require a restart to the web agent.

Instructions

Task 1 – Configure the SiteMinder Web Agent with Dynamic Host Configuration Object Support

  1. Open the following file with a text editor: $web_agent_home/config/SmHost.conf and add the following text to the end of the file.
  2. Save and close the SmHost.conf file.
  3. Restart the SiteMinder Web Agent.

Summary of Dynamic Host Configuration Objects

Enabling Dynamic Host Configuration objects should be a part of the default web agent installation process for every organization. This will allow zero disruption to the organization when changes are required to the SiteMinder Policy Server Architecture.

Looking for additional help with dynamic host configuration objects? ISX Consulting is an elite IAM security firm that offers boundless expertise in a range of cybersecurity and business process services, including Symantec SiteMinder. Take your interoperability to the next level, and contact an ISX consultant today.

ISXSymantec SiteMinder Best Practices: Enable Dynamic Host Configuration Object (HCO)

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *