|
Key Takeaways
|
|
Perception is not reality
When an application breaks and we hear things like, “My login is not working,” or “The web app is slow,'' more often than not SiteMinderTM seems to be in the line of fire. However, in my experience, it has usually been a third-party or other configured item like firewall rules that have turned out to be the culprit. Now I am not saying that it is never SiteMinder. Potentially the issue could be anywhere, but I guess the bigger question here is how do we prove it one way or the other?
SiteMinder reference architecture
Before we dive into how we can help security and application teams answer the question, “Where is the problem?” let’s look at SiteMinder’s reference architecture.
SiteMinder provides secure single sign-on (SSO) and flexible access management to applications and web services on premises, in the cloud, from a mobile device, or at a partner’s site. It is critical for flawless delivery of business-critical applications.
The Access Gateway is the entry point, routing the traffic depending on whether the resource is protected or not and also if it's available in cache or not. Depending on that, the request may then go to the policy server. There can be numerous decision points. In most cases, a user entitlement store like SAML or LDAP is also present and interacts with the policy server for user authentication and authorization rules.
SiteMinder sits in between users and the application for secure access. Given that, it is important that a monitoring system keeps an eye on the critical flow between these endpoints. It should have the ability to observe and record the availability and performance aspects and report any errors or anomalous behavior proactively. This system should be sophisticated and purpose-built by experts who understand SiteMinder really well.
DX Application Performance Management (DX APM) for Symantec SiteMinder for SSO
At a very high level, DX APM for SiteMinder is a combination of DX APM plugins that are shipped with these SiteMinder components: Access Gateway, Policy Server, and Web Agent. They extract key performance metrics from these components and report to the DX APM Infrastructure Agent (APM IA), which collects and forwards the data to DX APM SaaS. These out-of-the-box plugins are shipped with SiteMinder, which eliminates the need to go through the trouble of downloading and installing them separately. Plugins only have to be enabled and configured to send the monitoring data to the DX APM instance.
DX APM also provides out-of-the-box alerts and dashboards. With out-of-the-box plugins, metrics, alerts, and dashboards, monitoring SiteMinder becomes really easy and quick to set up. It also correlates the metrics and alarms to identify where the actual problem is that needs to be fixed. For example, some of the out-of-the-box policy server metrics measure the policy server queue length, response time, database average response time, and so on. Similarly, on the gateway and the web agent, it monitors the response times, the loads in transactions per second, etc. DX APM not only provides these metrics in a single view for visual correlation but also presents performance breach alarms. Here, it also correlates the alarms, which can then be used for faster triage and remediation.
Creating the bridge between IT operations and security teams
IT operations and security teams follow different workflows at different enterprises. Some use ”follow the red” on a dashboard, while others prefer to get notified of a problem based on the severity. And then, of course, there are teams that leverage the best of both workflows. Firstly, regardless of the standard procedures, teams often struggle to find the root cause and reduce the mean time to identify the real problem. Secondly, IT operations teams and security teams often find it challenging to collaborate because they lack a unified view of monitoring data.
DX APM provides a platform to foster collaboration through role-based access and privilege control. So, in a scenario where the policy server queue length spike is affecting the average response times, both security and IT operations teams can view the same performance metrics and create tickets, assign problems, and notify the right team with the contextual information required for triage. This creates a self-service environment for the responsible teams, driving accountability and laying the foundation to automate mundane issue triage and remediation.
At Broadcom, apart from the quick time to value as described above, we also recognize that sometimes you do come across new needs or gaps. Both the DX APM and SiteMinder teams work in close collaboration and address those gaps as can be seen from the screenshots below. Metrics like URL timing is a good example of such collaboration. In this case, the log from FWTrace.log is parsed and KPIs extracted and reported to DX APM. The same applies to CA Directory and Host TCP Queue metrics.
Benefits of DX APM for SiteMinder
- Fast time to- value: Built-in DX APM integration with SiteMinder and SaaS option for quick proof-of-concept and testing
- Out-of-the-box KPIs: For full SiteMinder component visibility
- Built-in dashboards: Out-of-the-Box dashboard templates provide both broad overviews and deep insights
- Built-in alerts: For proactive monitoring
- Continuous improvement: For close collaboration between DX APM and SiteMinder teams to extend monitoring coverage
Srikant Noorani
Srikant Noorani, Client Services Architect focusing on AIOps and Observability, has over 20 years experience working on complex technical challenges. A hands-on architect with a passion for guiding enterprises in their digital transformation journey, Srikant has worked on the largest APM deployments plus DevOps,...
Other resources you might be interested in
Why 1% Packet Loss Is the New 100% Outage
In an era of real-time apps and multiple clouds, the old rules about 'acceptable' network errors no longer apply. See why you need end-to-end observability.
Rally Office Hours: September 25, 2025
Rally Office Hours delivers an essential product tip: Learn to transition from Legacy Custom Pages to powerful Custom Views. Plus, Q&A insights.
Defining the Network Engineer of Tomorrow
Read this post and see why the most important investment isn't in new hardware, but in transforming your team from device managers to service delivery experts.
Harnessing AppNeta’s Browser- and HTTP-based Workflows to Track User Experience
AppNeta’s browser- and HTTP-based workflows let you see what users actually experience. Preempt issues before they become headaches for your end users.
“Rego U” Recap: Why SPM Is Still Hot
Rego Consulting’s Annual Conference underscored why strategic portfolio management (SPM) is still essential. Leverage SPM to bridge strategy and execution.
What's New in AutoSys 24.1: Built for the Modern Automation Landscape
See how AutoSys 24.1 is designed to streamline your daily tasks, accelerate troubleshooting, and simplify how you integrate with the latest technologies.
Rally Office Hours: September 18, 2025
In the latest edition of Rally office hours, learn about changes to the Progress Views widget and then follow the weekly Q&A session with Rally product experts.
Automic Automation Cloud Integrations: Google Cloud Batch Agent Integration
See how Broadcom's Google Cloud Batch Automation Agent makes it easy to schedule, queue, and execute batch processing workloads on Google Cloud resources.
Why Has Network Management Missed Its Own Revolution?
Every major IT revolution was powered by the network. It's time for network management it to have its own revolution.