<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=1110556&amp;fmt=gif">
Skip to content
    June 25, 2024

    Ensure Full Stack Observability of Symantec SiteMinder with DX Application Performance Management

    Key Takeaways
    • Implement full-stack observability to enhance visibility and proactively identify application performance issues.
    • Utilize AI-driven insights to optimize user experiences and improve system reliability and efficiency.
    • Monitor key performance metrics to enable timely responses and reduce application downtime.

    Perception is not reality

    When an application breaks and we hear things like, “My login is not working,” or “The web app is slow,'' more often than not SiteMinderTM seems to be in the line of fire. However, in my experience, it has usually been a third-party or other configured item like firewall rules that have turned out to be the culprit. Now I am not saying that it is never SiteMinder. Potentially the issue could be anywhere, but I guess the bigger question here is how do we prove it one way or the other?

    SiteMinder reference architecture

    Before we dive into how we can help security and application teams answer the question, “Where is the problem?” let’s look at SiteMinder’s reference architecture.

    SiteMinder provides secure single sign-on (SSO) and flexible access management to applications and web services on premises, in the cloud, from a mobile device, or at a partner’s site. It is critical for flawless delivery of business-critical applications.

    The Access Gateway is the entry point, routing the traffic depending on whether the resource is protected or not and also if it's available in cache or not. Depending on that, the request may then go to the policy server. There can be numerous decision points. In most cases, a user entitlement store like SAML or LDAP is also present and interacts with the policy server for user authentication and authorization rules.

    SiteMinder sits in between users and the application for secure access. Given that, it is important that a monitoring system keeps an eye on the critical flow between these endpoints. It should have the ability to observe and record the availability and performance aspects and report any errors or anomalous behavior proactively. This system should be sophisticated and purpose-built by experts who understand SiteMinder really well.

    ESD_FY24_Academy-Blog.Ensure Full Stack Observability of Symantec SiteMinderTM with DX Application Performance Management.Figure 1

    DX Application Performance Management (DX APM) for Symantec SiteMinder for SSO

    At a very high level, DX APM for SiteMinder is a combination of DX APM plugins that are shipped with these SiteMinder components: Access Gateway, Policy Server, and Web Agent. They extract key performance metrics from these components and report to the DX APM Infrastructure Agent (APM IA), which collects and forwards the data to DX APM SaaS. These out-of-the-box plugins are shipped with SiteMinder, which eliminates the need to go through the trouble of downloading and installing them separately. Plugins only have to be enabled and configured to send the monitoring data to the DX APM instance. 

    ESD_FY24_Academy-Blog.Ensure Full Stack Observability of Symantec SiteMinderTM with DX Application Performance Management.Figure 2

    DX APM also provides out-of-the-box alerts and dashboards. With out-of-the-box plugins, metrics, alerts, and dashboards, monitoring SiteMinder becomes really easy and quick to set up. It also correlates the metrics and alarms to identify where the actual problem is that needs to be fixed. For example, some of the out-of-the-box policy server metrics measure the policy server queue length, response time, database average response time, and so on. Similarly, on the gateway and the web agent, it monitors the response times, the loads in transactions per second, etc. DX APM not only provides these metrics in a single view for visual correlation but also presents performance breach alarms. Here, it also correlates the alarms, which can then be used for faster triage and remediation. 

    ESD_FY24_Academy-Blog.Ensure Full Stack Observability of Symantec SiteMinderTM with DX Application Performance Management.Figure 3

    Creating the bridge between IT operations and security teams

    IT operations and security teams follow different workflows at different enterprises. Some use ”follow the red” on a dashboard, while others prefer to get notified of a problem based on the severity. And then, of course, there are teams that leverage the best of both workflows. Firstly, regardless of the standard procedures, teams often struggle to find the root cause and reduce the mean time to identify the real problem. Secondly, IT operations teams and security teams often find it challenging to collaborate because they lack a unified view of monitoring data.

    DX APM provides a platform to foster collaboration through role-based access and privilege control. So, in a scenario where the policy server queue length spike is affecting the average response times, both  security and IT operations teams can view the same performance metrics and create tickets, assign problems, and notify the right team with the contextual information required for triage. This creates a self-service environment for the responsible teams, driving accountability and laying the foundation to automate mundane issue triage and remediation.

    At Broadcom, apart from the quick time to value as described above, we also recognize that sometimes you do come across new needs or gaps. Both the DX APM and SiteMinder teams work in close collaboration and address those gaps as can be seen from the screenshots below. Metrics like URL timing is a good example of such collaboration. In this case, the log from FWTrace.log is parsed and KPIs extracted and reported to DX APM. The same applies to CA Directory and Host TCP Queue metrics.

    ESD_FY24_Academy-Blog.Ensure Full Stack Observability of Symantec SiteMinderTM with DX Application Performance Management.Figure 4

    Benefits of DX APM for SiteMinder

    • Fast time to- value: Built-in DX APM integration with SiteMinder and SaaS option for quick proof-of-concept and testing
    • Out-of-the-box KPIs: For full SiteMinder component visibility
    • Built-in dashboards: Out-of-the-Box dashboard templates provide both broad overviews and deep insights
    • Built-in alerts: For proactive monitoring
    • Continuous improvement: For close collaboration between DX APM and SiteMinder teams to extend monitoring coverage

    Srikant Noorani

    Srikant Noorani, Client Services Architect focusing on AIOps and Observability, has over 20 years experience working on complex technical challenges. A hands-on architect with a passion for guiding enterprises in their digital transformation journey, Srikant has worked on the largest APM deployments plus DevOps,...

    Other posts you might be interested in

    Explore the Catalog
    icon
    Blog December 13, 2024

    Full-Stack Observability with OpenTelemetry and DX Operational Observability

    Read More
    icon
    Blog November 26, 2024

    Topology: Services for Business Observability

    Read More
    icon
    Blog November 22, 2024

    Regular Expressions That I Use Regularly

    Read More
    icon
    Blog November 22, 2024

    Cloud Application Performance: Common Reasons for Slow-Downs

    Read More
    icon
    Blog October 4, 2024

    Capturing a Complete Topology for AIOps

    Read More
    icon
    Blog October 4, 2024

    Fantastic Universes and How to Use Them

    Read More
    icon
    Blog September 26, 2024

    DX App Synthetic Monitor (ASM): Introducing Synthetic Operator for Kubernetes

    Read More
    icon
    Blog September 16, 2024

    Introducing The eBPF Agent: A New, No-Code Approach for Cloud-Native Observability

    Read More
    icon
    Blog August 27, 2024

    Topology for Incident Causation and Machine Learning within AIOps

    Read More