Starting the Policy Server, I always see messages concerning the secondary cache. What is the use of the secondary cache?
The presence of the Primary Cache is to prevent LDAP and ODBC reads to the Policy Store. But having only the Primary Cache causes problem.
When a modification is made to the Policy Store data, the Policy Server has to set a lock on the Primary Cache to load the modifications. The lock had the effect to delay protection, authentication and authorization processing in the Policy Server.
To overcome this problem, the Policy Server uses 2 caches: a Primary and a Secondary. When it starts, the Policy Server initializes both Caches and fills the Primary Cache with data from the Policy Store. The Secondary Cache is initialized but maintained empty until the Primary Cache need to be updated.
When a modification occurs to the Policy Store Data such as Domain, Realm, Policies, etc. the Policy Server makes a copy of the data from the Primary Cache to the Secondary one, and once done, it marks the Secondary Cache as the active one. Then the Policy Server can update the data in the Primary Cache without harming the protection, authentication and authorization processes.
Once the Primary Cache Data are up to date, the Policy Server marks it back as the active one.