000026746 - How to promote an appliance replica and attach other replicas when the primary is unavailble

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000026746
Applies ToRSA AUthentication Manager 7.1 SP4 and higher
RSA SecurID Appliance 3.0.4 and higher
Promote
Replica
IssuePromote replica appliance
Attach replica to promoted primary
Minimize downtime during promotion
Primary appliance failed
Appliance disaster recovery
Replica cleanup and attach
Replica promotion
Resolution

NOTE: Please note that some of the following command begin with a ?./?


1)      If at all possible get a backup from the failed primary.  If you cannot get a backup through the Operations Console, try running a backup from the command line:


a)      Establish an ssh session to the appliance


b)      Sudo su rsaadmin


c)       cd /usr/local/RSASecurity/RSAAuthenticationManager/utils


d)      ./rsautil manage-backups ?a export ?f /tmp/backup.dmp


e)      Chmod 777 /tmp/backup.dmp


f)       FTP the files /tmp/backup.dmp  and  /tmp/backup.secrets off the appliance


2)      Stop all RSA services on all RSA servers:


a)      Establish an ssh session to the appliance


b)      Sudo su rsaadmin


c)       cd /usr/local/RSASecurity/RSAAuthenticationManager/server


d)      ./rsaam stop


3)      On the replica that is being promoted:


a)      Clean up any lingering processes:


i)        ps ?ef | grep java


ii)       You should have one line of results which is for the ?ps? command that you just ran.  If you have more than one result, use the PID (Process ID) from the resulting list and kill all additional processes:


(1)    kill -9 <PID>


iii)     ps ?ef | grep ora


iv)     You should have one line of results which is for the ?ps? command that you just ran.  If you have more than one result, use the PID (Process ID) from the resulting list and kill all additional processes:


(1)    kill -9 <PID>


b)      cd /usr/local/RSASecurity/RSAAuthenticationManager/db/admin/<instance name>/bdump


i)        Where <instance name> is a name unique to your system.


c)       rm *.trc


d)      cd /usr/local/RSASecurity/RSAAuthenticationManager/server


e)      ./rsaam start db


f)       ./rsaam start OC


g)      Log in to the Operations Console


h)      Select Deployment Configuration > Instances > Promote to Primary


i)        Click <Next> and then confirm the promotion


j)        Once the promotion is complete, delete any other replicas:


i)        Select Deployment Configuration > Instances > Manage Existing


ii)      Click Delete Replicas


iii)    Select the replica instance that you want to delete


iv)    Click Delete


v)      Click Yes, delete the replica


vi)    Click Delete


k)      Return to the ssh session and start the remaining services


i)        cd /usr/local/RSASecurity/RSAAuthenticationManager/server


ii)       ./rsaam start


iii)     Validate the system


(1)    Log in to the Security Console and spot check the data


(2)    Perform a few test authentications


l)        If you have a replica RDIUS server:


i)        Select Deployment Configuration > RADIUS > Manage Existing


ii)       Select the RADIUS server to promote and click Manage RADIUS Server


iii)     Click <Promote>


m)    If you do not have a replica RADIUS server you will have to configure the RADIUS server


4)      On each of the remaining replicas:


a)      Establish an ssh session to the appliance


b)      Sudo su rsaadmin


c)       cd /usr/local/RSASecurity/RSAAuthenticationManager/utils


d)      ./rsautil manage-replication ?a cleanup-offline-site


5)      On the primary, generate a replica package and attach the other replicas (this must be done one at a time)


a)      In the Security Console select Deployment Configuration > Instances > Generate Replica Package


b)      Enter the required data as appropriate for your deployment


c)       In the Initial Data Transfer field, select ?Manual?


d)      Click <Generate Files> and then download them to your local system


6)      On the replica, log in to the Operations Console and attach it using the package files that you downloaded


7)      Perform steps 5 & 6 until all replicas are attached


8)      Push the replicas out to the clients:


a)      In the primary Security Console:


i)        Select Access > Authentication Agents > Authentication Manager Contact List > Automatic Rebalance


ii)       Click <Rebalance>


9)      On the primary Operations Console, make a fresh backup

Legacy Article IDa62520

Attachments

    Outcomes