--- title: About LDAP health checks description: LDAP health checks provide information about the status and availability of LDAP external servers. Configure the PingDirectoryProxy server health checks that work best for your environment. component: pingdirectory version: 11.0 page_id: pingdirectory:pingdirectoryproxy_server_administration_guide:pd_proxy_ldap_health_checks canonical_url: https://docs.pingidentity.com/pingdirectory/11.0/pingdirectoryproxy_server_administration_guide/pd_proxy_ldap_health_checks.html revdate: September 13, 2023 section_ids: results: Results frequency: Frequency server-states-and-search-response-times: Server states and search response times --- # About LDAP health checks LDAP health checks provide information about the status and availability of LDAP external servers. Configure the PingDirectoryProxy server health checks that work best for your environment. PingDirectoryProxy provides the following health checks: * Measure the response time for searches and examine the entry contents The health check might retrieve a monitoring entry from a server and base the health check result on whether the entry was returned, how long it took to be returned, and whether the value of the returned entry matches what was expected. * Monitor the replication backlog If a server falls too far behind in replication, then the PingDirectoryProxy server can stop sending requests to it. A server is classified as `degraded` or `unavailable` if the threshold is reached for the number of missing changes, the age of the oldest missing change, or both. * Consume Directory Server administrative alerts If the PingDirectory server indicates there is a problem, such as an index that must be rebuilt, then it flags itself as `degraded` or `unavailable`. When the PingDirectoryProxy server detects this, it stops sending requests to the server. The PingDirectoryProxy server detects administrative alerts as soon as they are issued by maintaining an LDAP persistent search for changes within the `cn=alerts` branch of the PingDirectory server. When the PingDirectoryProxy server is notified by the PingDirectory server of a new alert, it immediately retrieves the base `cn=monitor` entry of the PingDirectory server. If this entry has a value for the `unavailable-alert-type` attribute, then the PingDirectoryProxy server considers it unavailable. If this entry has a value for the `degraded-alert-type` attribute, then the PingDirectoryProxy server considers it `degraded`. Clients of the PingDirectoryProxy server can use a similar mechanism to detect and react when server flags itself as `degraded` or `unavailable`. * Monitor the busyness of the server If a server becomes too busy, you can mark it as `degraded` or `unavailable` so that less heavily-loaded servers are preferred. ## Results The health check results contain the following server states: * `Available` Completely accessible for use. * `Degraded` The server can be used if necessary but has a condition which can make it less desirable than other servers. For example, it is slow to respond or has fallen behind in replication. * `Unavailable` Completely unsuitable for use. For example, the server is offline or is missing critical data. Health check results include a numeric score that has a value between 1 and 10. This score helps rank servers with the same state. For example, two servers are available and one has a score of 8 and the other a score of 7, you can configure the PingDirectoryProxy server to prefer the server with the higher score. The results of health checks are made available to the load-balancing algorithms to help determine where to send requests. The PingDirectoryProxy server attempts to use servers with a state of `available` before trying servers with a state of `degraded`. It never attempts to use servers with a state of `unavailable`. Some load-balancing algorithms also take the health check score into account, such as the health-weighted load-balancing algorithm that prefers servers with higher scores over those with lower scores. You should configure the algorithms that work best for you environment. ## Frequency The PingDirectoryProxy server periodically invokes health checks to monitor each LDAP external server and initiates health checks in response to failed operations. It checks the health of the LDAP external servers at intervals configured in the LDAP server's `health-check-frequency` property. The PingDirectoryProxy server contains safeguards to ensure that only one health check is in progress at any time against a backend server to avoid affecting its ability to process other requests. To associate a health check with an LDAP external server and set the health check frequency, you must configure the `health-check` and `health-check-frequency` properties of the LDAP external server. You can find more information about configuring the properties of the external server in [Configuring an external server using `dsconfig`](pd_proxy_config_ldap_ext_servers.html#config_ext_server_dsconfig). ## Server states and search response times In some cases, an LDAP health check defines different sets of criteria for promoting and demoting the state of a server. A `degraded` server might need to meet more stringent requirements to be reclassified as `available` than originally for it to be considered `degraded`. If response time is used in the process of determining the health of a server, then the PingDirectoryProxy server might have a faster response time threshold for transitioning a server from `degraded` back to `available` than the threshold used to consider it `degraded` in the first place. This threshold difference helps avoid cases in which a server repeatedly transitions between the two states because it's operating near the threshold. For example, the health check used to measure search response time is configured to mark any server as `degraded` when the search response time is greater than 1 second. You can configure that the response time must be less than 500 ms before the server is made available again so that the PingDirectoryProxy server doesn't flip back and forth between `available` and `degraded`. You can find more information about configuring health checks in [Configuring server health checks](pd_proxy_config_server_health_checks.html).