|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1
- How to access AM authentication services from two different subnets.
- How to configure Failover for Agent Authentications.
- How to configure networks to use NIC1 or NIC2 for particular type of traffic.
- Build AM server with single NIC, eth0, as normal.
- The eth0 interface will be the primary NIC, for authentication, administration, and replication.
- Backup to a network drive (NFS or Windows share) will go out this interface.
- After system works with single NIC, which is fully supported, you can optionally add 2nd NIC, eth1, which can handle authentication requests, might allow backups (not supported) and should not work for either replication or administration.
|Resolution||Task 4 - After system is working with single NIC, add second NIC for Authentication failover.|
- Log into the Operations console and navigate to Administration > Network > Appliance Network Settings.
- In the Network Interface Card (NIC) Settings, enable eth1 and do the following:
- In the IPv4 Address field, configure the IP address.
- In the IPv4 Subnet Mask field, configure the subnet mask.
- In the IPv4 Default Gateway field, configure the IP address.
- Click Next.
- Review the changes you made and Apply Network Settings to accept these changes.
- After the services are restarted, log into the Operations console and navigate to Administration > Network > Hosts File.
- Update the hosts file with the two IP addresses.
- SSH can be enabled on NIC1 (eth0) or NIC2(eth1).
- Don’t attempt to configure separate FQDN for each IP address. You will break Administration.
- If DNS is configured to return both IP addresses AM code doesn’t expect it and won’t take advantage of it and probably will break Administration to Security Console and Self Service Console.
- RSA recommends using a different subnet for each NIC. If two NICs share the same subnet and one NIC becomes unavailable, then Authentication Manager services will not be available on either NIC.
- Offline Days, Windows Agent Auto-registration, Replication and Security & Self Service Console Administration are not QE tested on a second NIC, therefore are not supported, only UDP authentication requests are supported.