The latency and reliability of authentication services can be improved in some situations by replicating authentication servers in widely-distributed locations, and configuring specific SMA appliances to use a nearby replicated authentication server instead of the central instance, which might be on another continent.
To accomplish this
Establish the authentication server settings in the central policy and then synchronize the central policy with all the managed SMA appliances. See Setting up a Basic GTO Service.
Navigate to Management Server > Configure.
Click Central Management Settings.
In the Policy Synchronization section, select Each node has its own authentication server.
Click Pending Changes.
Click Apply Pending Changes.
Now the central authentication server settings will only be pushed to appliances during policy synchronization if an authentication server of the same name does not already exist at the SMA managed appliance. Stated another way, if an SMA appliance already has an authentication server setting whose name matches a name configured at the CMS, that setting will not be touched during policy synchronization.
For each SMA appliance that needs local modifications to authentication server settings, log onto the management console at that appliance and adjust the configuration of the existing authentication server(s).
As long as each central policy authentication server has a corresponding SMA policy authentication server with the same name, your local changes will be preserved. Don't create or delete authentication servers from the SMA policy as you cannot modify other parts of the local configuration that reference these servers. Those changes will be overwritten the next time CMS synchronizes the central policy with this SMA.