000037844 - Migrating an RSA Authentication Manager 8.x deployment to a new location with different network settings

Document created by RSA Customer Support Employee on Sep 5, 2019Last modified by RSA Customer Support Employee on Sep 18, 2019
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000037844
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
IssueThis article explains what to do when the RSA Authentication Manager production deployment must be moved to a new location using different network settings.
ResolutionThe steps below show a possible migration flow based on a scenario of one primary and one replica instance.


Migration flow overview


 

TaskOld Environment New EnvironmentActionComments

   1.

  
  • Primary
  • Replica
  
--
     

  
--

  

   2.

  
  • Primary
  • Replica
  

  
  • Add primary
  

  
  • Deploy a new Authentication Manager primary instance in the new environment using new network settings.
  
IMPORTANT: Ensure the new primary instance is the same software level as the old production primary, else the production backup cannot be restored.
  
   Refer to article 000034558 - How to download RSA Authentication Manager 8.x full kits and service packs from RSA Link for steps on how to download the software.
  
   Refer to Chapter 2 of the RSA Authentication Manager 8.4 Setup and Configuration Guide on deploying a primary instance.
  
   The complete suite of documentation for RSA Authentication Manager 8.4 is available on RSA Link. 

   3.

  
  • Primary
  • Replica
  

  
  • Primary
  • Add production data
  

     
The new primary instance is now running with production data after restoring from backup.

   4.

  
  • Primary
  • Replica
  

  
  • Primary
  • Add replica
  

  
  • Deploy and attach a new Authentication Manager replica instance to the new primary instance.
  
Refer to Chapter 3 of the RSA Authentication Manager 8.4 Setup and Configuration Guide on deploying a replica instance.
  
   The complete suite of documentation for RSA Authentication Manager 8.4 is available on RSA Link. 
    

   5.

  
  • Primary
  • Replica
  

  
  • Primary
  • Replica
  • Update Authentication Agents, RADIUS clients and third-party product configurations
  

  
  • Generate a new configuration file (sdconf.rec) and replace the existing sdconf.rec on currently deployed authentication agents and third-party products using an UDP agent with the new sdconf.rec.
  • Manually update any RADIUS clients with the IP address and hostname of the new Authentication Manager instances in the new deployment.
  

   The configuration file (sdconf.rec) informs the authentication agent and third-party product using an UDP agent of the IP addresses of the Authentication Manager instances in the deployment.
  
   IMPORTANT: Only replace the sdconf.rec file on authentication agents and third-party products using an UDP agent.
  
   RADIUS clients are likely to require a manual change for the new IP address or hostname of the Authentication Manager instances in the new environment.
  
   Task 5 is not required where you are going to use the same production hostname and IP addresses for the new primary and replica instances. Refer to documentation on Primary or Replica Instance Network Settings Updates for information and related tasks for changing the network settings on a primary and/or replica instance.

   6.

  
  • Primary
  • Replica
  

  
  • Primary
  • Replica
  • Perform testing in new environment
  

  


   Thoroughly test the new Authentication Manager deployment; this includes:



  
  • Authentication testing, and 
  • Checking scheduled tasks such as cleanup unresolvable users, log archives, backups, etc.. are still enabled and monitor the new Authentication Manager deployments, perhaps through critical system event notifications.
  

   Confirm that the new Authentication Manager deployment is working correctly:
     

   7.

  
  • Primary
  • Replica
  

  
  • Primary
  • Replica
  

  
  • Stand down the old Authentication Manager deployment now that the new Authentication Manager deployment is working.
  

   Migration completed to the new environment.



For additional assistance see the RSA Authentication Manager 8.4 Help documentation.
NotesThis migration example does not include the following:
  • Updating the software of the Authentication Manager deployment. Contact RSA Customer Support if you require assistance with this task.
  • Configuration changes to a web tier deployment. The task would be to uninstall the existing web tier deployment and rebuild with new web tier packages from the new Authentication Manager deployment. Contact RSA Customer Support if you require assistance with this task.
  • Changing an Authentication Manager Prime configuration to communicate with the new primary instance. Please engage RSA Professional Services to assist with this task of changing an Authentication Manager Prime configuration.
  • Changes to custom applications using the RSA Authentication Manager Admin SDK.

Attachments

    Outcomes