000012857 - Vmware support for RSA Authentication Manager 7.1

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000012857
Applies ToAuthentication Manager 7.1 SP2
2003 Server SP2
Replication fails frequently. Replication status in Operation console displays "server unreachable" and "Needs action"
Error: "Server unreachable" in replication status
IssueVmware support for RSA Authentication Manager 7.1

Anything that affects the ability to write to the file system can cause replication or the database to fail.


RSA Authentication Manager 7.1.0 and 7.1.1 without the Oracle 10.2.0.4 database patch were never supported under any form of virtualization.  Primary support for these versions expired in 2011, regardless of virtualization or database patch level.


 


Supported Virtualization Platforms:  RSA Authentication Manager 7.1.SP2  SP3 and SP4 is supported on VMWare ESX 3.5 and 4.0 (full-version) with some limitations.  The full-kit (not upgrade) version of AM7.1 SP4 for Win2008-R2-64 and RHEL-5-64 adds VMWare ESX 4.1 and ESXi 4.1 as supported platforms.  Support for additional versions of VMWare ESXi is expected for the future, please see the knowledge base website for the updated platform list.   No other virtualization platforms are supported at this time.


 
The following Advanced VMware ESX Infrastructure features and tools are NOT supported, and cannot be enabled on RSA Servers:


  • Snapshots (note: this contradicts an earlier SCOL notice saying snapshots are allowed. In SP3 release notes, snapshots are NOT supported)
  • VMotion
  • Distributed Resource Scheduler (DRS)
  • High Availability (HA)
  • VMware Consolidated Backup (VCB)
  • Legato Filesystem Sync Driver
  • VMWare Virtual Memory Control driver (balloon driver)

These features disrupt with write access to embedded oracle control files. This can cause all processes related to replication to fail completely, and potentially corrupt the database. RSA recommends that customers use the features built in to RSA Authentication Manager 7.1 for these types of services. It is recommended that RSA Authentication Manager backup should be done from RSA operations console.


No other virtualization platforms are supported at this time.


 The following VMWare ESX  features are supported in SP2 - SP4, when used as per the Installation Guide:


? Cloning


? Physical to virtual conversion


? Virtual to physical migration


Note:The release notes for SP4 have a typo. It should read 4.0 and 3.5. There is no 4.5 version at this time.
Resolution

Disable VMotion, DRS, HA , Consolidated Backup, and Legato Filesystem Sync Driver on all RSA servers prior to installation.


 


A securcare note was sent on May 15, 2009 which describes the vmware support for RSA Authentication Manager 7.1. The below securcare note can be accessed at below link. https://knowledge.rsasecurity.com/scolcms/set.aspx?id=8421 


 


Please refer to page 152 in Installation guide for 7.1.SP2 at https://knowledge.rsasecurity.com/docs/rsa_securid/rsa_auth_mgr/71sp2/auth_manager_installation_guide.pdf


 


Any software that can lock Oracle files can cause database corruption. This includes AntiVirus, Backup, and System Management software. If these are used, they should be configured to never touch any Authentication Manager files while the services are running.
Notes

Pre-Installation VMWare memory settings


 


In order for the embedded Oracle database in RSA Authentication Manager to work properly on VMWare, the memory requirements are  different than for a Physical machine. The following minimum memory settings are required for VMWare, and should be set before installation.


 


Allocated memory should be set to a minimum of 4G for a 32-bit OS and 8G for a 64-bit OS.


 


Reserved memory should be set to a minimum of 4G for a 32-bit OS and 8G for a 64-bit OS.


 


Allocated memory and reserved memory should be set to the same value.


 


The VMWare virtual machine memory control driver (sometimes called the Balloon memory driver) needs to be disabled in VMWare, 


see AM-20536 in the SP4 release notes.


 


 


If these specifications are not followed, database errors may cause failures.


RSA Security released 2 new installers for AM7.1 for 2 additional platforms in June 2011. These install AM7.1 with SP4, and are for Win2008-R2-64 and RHEL5.5-64 .  Since they install in a 64-bit environment, if installing on a virtualized environment, use the memory settings for a 64-bit OS (at least 8GB allocated, at least 8GB reserved, and they need to match)
Pre-installation Disk Space settings: The swap space should be set to at least 4095MB, and if your OS will allow it, to 2x the amount of RAM. The minimum free disk space before installation of AM7.1 is 60GB if the system will be a standalone Primary. If a Replica will be used, or may be in the future, 160GB+ of free disk space before installation of AM7.1 is preferred.  If you cannot allocate this much free disk space, please see the Admin Guide topics:

See  Changing the Limit for Oracle Database Archive Logs    Refer RSA Authentication Manager 7.1 SP2 Administrator guide page 367


See  Manage Database Utility Refer to RSA Authentication Manager 7.1 SP3 Administrator guide page 265


See  Manage Database Utility Refer to RSA Authentication Manager 7.1 SP4 Administrator guide page 305 for the Primary and  Freeing Disk Space Allocated for Logging on a Replica Instance   Refer to RSA Authentication Manager 7.1 SP4 Administrator guide page 405


RSA recommends that you allocate 75% of your free space for replication.


If installing on Windows,  the installer looks for a hard-coded location of c:\temp to place certain files during installation, make sure it exists and is open to all.
You must link the both the VMWare host and the guest OS to the same known-good NTP Server before installation of AM7.1.  If there are any Replicas in the environment (virtual or physical) they must also be linked to the NTP Server, or an NTP server traceable to the same one.  
Legacy Article IDa49362

Attachments

    Outcomes