000032917 - Is it Possible to point one of the Webtier instances to the Authentication Manager Replica instead of the Primary in RSA AM 8.1?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000032917
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1.0
O/S Version: Suse Linux
Issue-There is no option in the Operations Console to choose the preferred instance for Self-service and Dynamic seed provisioning traffic.
-Customer would like to configure one of the Webtiers in the DMZ to route traffic to the Replica instead of the Primary instance.
ResolutionThe Self-service and dynamic seed provisioning traffic will be always routed to the primary instance, because these services can only run on the primary instance.
RBA ( risk based authentication)  however, can run on any instance, but Authentication Manager always routes RBA traffic to the preferred RBA instance to distribute the workload. The preferred RBA instance is selected while deploying the Webtier.
The following diagram shows how Self-Service, dynamic seed provisioning, and RBA traffic flows through a web tier:
User-added image