An L4 server is installed. You can use the same server for Identity Server clustering and Access Gateway clustering, provided that you use different virtual IPs. The LB algorithm can be anything (hash/sticky bit), defined at the Real server level.
Persistence (sticky) sessions enabled on the L4 server. Define this at the virtual server level.
An Identity Server configuration created for the cluster. You assign all Identity Servers to this configuration. See Configuring Identity Servers Clusters for information about creating an Identity Server configuration. See Creating a Cluster Configuration for information about assigning Identity Servers to configurations.
The base URL DNS name of this configuration must resolve via DNS to the IP address of the L4 virtual IP address. The L4 balances the load between Identity Servers in the cluster.
Ensure that the L4 administration server using port 8080 has the following ports open:
8443 (secure Administration Console)
7801 (TCP)
636 (for secure LDAP)
389 (for clear LDAP, loopback address)
524 (network control protocol on the L4 machine for server communication)
The identity provider ports must also be open:
8080 (non-secure login)
8443 (secure login)
1443 (server communication)
If you are using introductions (see Creating a Cluster Configuration), you must configure the L4 switch to load balance on ports 8445 (identity provider) and 8446 (identity consumer).