000025834 - How can I use a single Windows physical server for multiple auth servers?

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025834
Applies ToRSA ClearTrust 5.0.1 Authorization Server (AServer)
Microsoft Windows 2000 Server SP3
IssueHow can I use a single Windows physical server for multiple auth servers?
RSA ClearTrust 5.0.1 Servers Installation and Configuration Guide provides information on adding redundant server components on a single UNIX platform only
ResolutionPlease note that adding redundant Authorization Servers on a single Window 2000 platform has not been fully qualified by RSA Security. Since the redundancy built resides on the same hardware platform within the single OS, it provides very limited reliability enhancement. In addition, the long term impacts on the system performance as well as stability has not been fully explored.

As stated in the RSA ClearTrust 5.0.1 Servers Installation and Configuration Guide, page 93, when the redundant authorization servers installed on the same platform, the system runs in standard mode. In this mode, the Web Agents will try the same Authorization Server until it fails, in which case it will try the next available Authorization Server in the list. RSA Security strongly recommends Distributed mode (RSA ClearTrust is running multiple Authorization Servers across multiple machines) for better reliability and performance.

To install a redundant authorization server on a single Window 2000 platform, follow these steps:

1. If you want the second auth server to reference a separate aserver.conf file you must make a full copy of the cleartrust server directory. By default, the cleartrust server directory is located at:
        C:\Program Files\RSA\ClearTrust 5.0.1
For example, the new copy of this directory can be copied to:
         C:\Program Files\RSA\CopyofClearTrust 5.0.1

2. Edit the aserver.bat with the correct CT_Root path and change the Listen_pot from 5615 to another available port. For example:

@echo off
if "%CT_ROOT%" == "" goto setCtRoot
goto start
:setCtRoot
set CT_ROOT=C:\PROGRA~1\RSA\CopyofClearTrust501
:start
set LISTEN_PORT=5617
title ClearTrust Authorization Server 02
C:\PROGRA~1\RSA\CopyofClearTrust501\jre\bin\java -DAuth -Xmx128m -Djava.ext.dirs=%CT_ROOT%\lib -DCT_ROOT=%CT_ROOT% -DLISTEN_PORT=%LISTEN_PORT% sirrus.authserver.AuthorizationServer
Pause

3. Create the new Windows2000 Service entry. Navigate to <CT_install_dir>/jre/bin/hotspot and open a command line shell and Run "jservice -i RSAaserver2" to create a new jservice instance called RSAaserver2

4. Run Regedit and copy the values for "class", "classpath" and "options" from the original aserver key HKLM\SYSTEM\CurrentControlSet\Services\RSAaserver\Parameters to the new key HKLM\SYSTEM\CurrentControlSet\Services\RSAaserver2\Parameters

5. Modify the options key of HKLM\SYSTEM\CurrentControlSet\Services\RSAaserver2\Parameters and change the value of the DLISTEN_PORT to 5617

6. modify the options key of HKLM\SYSTEM\CurrentControlSet\Services\RSAaserver2\Parameters and change the value of the -DCT_ROOT= to point to the path of your second aserver.conf file.


Legacy Article IDa17701

Attachments

    Outcomes