A Scalable Solution for Deploying CA SiteMinder
When Enterprises require powerful, fine-grained access control to application resources with a large user
community, they often implement robust enterprise class SSO solutions such as CA Siteminder. Barracuda
Web Application Firewalls offer full-scale integration with CA SiteMinder. The integration encompasses
authentication, authorization and single sign-on capabilities in single domain and multi-domain
environments, along with performance enhancements. Deploying SiteMinder using the Barracuda Web
Application Firewall reduces implementation complexity and improves transactional throughput. The
Barracuda Web Application Firewall serves as the single high-performance Policy Enforcement Point
allowing the SiteMinder suite to focus on its role as the Policy Decision Point (PDP). Major benefits to the
Perform authentication/authorization functions further out in your security perimeter. The
Barracuda – CA integration negates having to install CA web agents on every server, thusly reducing
the management complexity.
Enforce Single User Session. For large deployments, multiple Barracuda Web Application Firewalls
can be used to provide Single Sign On capability for a host of applications. In this setup, users can use
different client machines to create multiple active sessions for a given user. Multiple Barracuda Web
Application Firewalls share session state information to prevent the same user from logging in multiple
Increase the Breadth of CA SiteMinder usage. Offloading SSO to the Barracuda Web Application
Firewall extends CA SiteMinder capability to applications not designed for remote access. This allows
organizations to apply identity management policies to internal or legacy applications.
Create fault tolerant architecture. Barracuda Web Application Firewalls support multi policy server
deployment via the Host Configuration Object (HCO) setting of the policy servers. In case of a failure to
reach one policy server the Barracuda Web Application Firewall connects with one of the other policy
servers specified in the HCO.
Improve Operational Efficiency: Deploying Barracuda Web Application Firewall obviates the need
for installing the SiteMinder web agents on multiple Web servers that are used to serve the application.
The custom integration with CA SiteMinder enables Barracuda Web Application Firewall to query user
properties from the policy server and make them available to the applications using HTTP headers.
Reduce management overhead. With only the Barracuda Web Application Firewall accessing the
SiteMinder policy server, the network setup is cleaner making the network more manageable and
easier to troubleshoot.
Provide an integrated view. Most of the applications are developed independently. Using the
extensive content rewriting capabilities of the Barracuda Web Application Firewall organizations
can provide an integrated, single domain view to the external world even though the individual
applications may be using multiple different domains.
Gain visibility. Active SiteMinder sessions are tracked on the Barracuda Web Application Firewall. This
gives the administrator a point in time view of the number of active users accessing the resources
protected by the Barracuda Web Application Firewall and CA SiteMinder.