View Identity Router Status in the Cloud Administration Console

Document created by RSA Information Design and Development Employee on Jul 14, 2016Last modified by RSA Information Design and Development Employee on Sep 15, 2020
Version 52Show Document
  • View in full screen mode

You can view status and monitoring information for the identity routers in your deployment using the Cloud Administration Console. Use this information to help troubleshoot configuration and authentication issues.

When status changes occur, additional diagnostic information is provided in the System Event Monitor (Platform > System Event Monitor) and identity router audit logs. See System Event Monitor Messages for the Cloud Authentication Service and Identity Router Audit Log Messages .

Procedure 

  1. Sign into the Cloud Administration Console.
  2. Click Platform > Identity Routers.

    The console displays the following basic status information for each identity router in your deployment:

    • Name

    • Description

    • Virtualization environment

    • Current status of the identity router

      The following table describes the identity router status indicators:

                                     

      Identity Router StatusDescription
      ACTIVE The identity router is connected to the Cloud Authentication Service and operating normally.
      INACTIVE The identity router is not connected to the Cloud Authentication Service.
      DEBUGThe identity router is connected to the Cloud Authentication Service and debug-level logging is enabled.
      DISTRESSED There is a problem with the identity router. Contact RSA Customer Support for troubleshooting assistance.
      OUT_OF_DATEThe identity router is not using the latest software version. See Update Identity Router Software for a Cluster to install the latest software.

  3. To display advanced status information for a specific identity router, click the arrow next to the identity router name.
    • Name of the cluster to which the identity router belongs

    • Date and time of the last status check between the Cloud Authentication Service and the identity router

    • Date and time of the last authentication service check

    • Hostname of the identity router

    • Eth0 IP address

      Identity Router PlatformEth0 Address
      VMware/Hyper-VManagement interface IP address
      Amazon Web ServicesIP address of the only network interface
      Authentication ManagerAuthentication Manager IP address
    • Eth1 IP address

      This is the portal interface IP address for VMware/Hyper-V identity routers. This information is not available for Amazon Web Services identity routers or the identity routers embedded in Authentication Manager.

    • Identity router software version number

    • Date and status of the last identity router software update

    • Date and status of the last identity router adapter update

    • Status of RADIUS and SSO Agent services on the identity router

      Service StatusDescription
      RUNNINGThe service is enabled and operating normally.
      STOPPEDThe service is enabled but is not working. To troubleshoot, run a simple test to confirm that the service is stopped, view the identity router system log for errors, or restart the identity router to try to restart the service.
      DISABLEDThe service is not enabled.

      The last reported status is displayed for the following items. Status indicators are green for healthy, yellow for partially healthy, or red for unhealthy. Yellow status for DNS and and AD/LDAP connections indicates that some configured servers are healthy while others are not. Click the arrow next to a status indicator to view IP addresses or domain names for configured servers.

    • AD/LDAP. If no identity sources are configured, click the icon, then click Not Configured to open a new tab and configure an identity source. Every two minutes, the identity router checks connectivity to the identity source servers by connecting to each server and attempting to look up a random user.

    • DNS. Updated every minute. Displays a configuration icon if DNS is not configured.

      PlatformDNS Configuration
      VMware, Hyper-V, Amazon Web ServicesIdentity Router Setup Console
      Authentication ManagerAuthentication Manager Operations Console.
      Click Administration > Network > Appliance Network Settings.

    • NTP. Updated every minute. Displays a configuration icon if NTP is not configured.

      PlatformNTP Configuration
      VMware, Hyper-V, Amazon Web ServicesIdentity Router Setup Console
      Authentication ManagerNTP is not displayed because the identity router uses the NTP server that is configured for Authentication Manager.

    • Authentication Manager. Updated every two minutes. If you want to configure RSA SecurID Token users to access resources protected by the Cloud Authentication Service, click the icon, then click Not Configured to open a new tab and configure an Authentication Manager connection. For instructions, see Enable RSA SecurID Token Users to Access Resources Protected by the Cloud Authentication Service.

    • Software Update Service. Updated every 5 minutes. Required for the identity router to perform software updates.

    • Adapter Update Service. Updated every 5 minutes. Required for the identity router to perform updates.

    • Heartbeat Service. Sends identity router information to the Cloud Authentication Service every 15 seconds. If the identity router stops responding, check the date and time of the last heartbeat to help determine when the connection was lost.

    • Cloud Time Synchronization. Indicates whether identity router time is within 60 seconds of the time reported by the Cloud Authentication Service as required for successful authentication.

    • Cluster. Updated every 60 seconds. For information on cluster quorums, see Clusters.

      StatusDescription
      GreenHealthy. Cluster is in quorum. More than 50% of identity routers can communicate with each other. Users can authenticate through the cluster.
      Red Unhealthy. All configured identity routers are offline.
      YellowPartially healthy. Cluster is not in quorum and is in read-only mode, but at least one configured identity router is online.

      Cluster status is not provided for identity routers that are embedded in Authentication Manager.

    • Memory Usage.

      StatusDescription
      GreenHealthy. More than 25% of free memory is available.
      RedUnhealthy. Less than 25% of free memory is available.

      For the identity router that is embedded in Authentication Manager, the maximum and free memory is displayed for the identity router. The maximum host memory is the total memory of the Authentication Manager host.

    • CPU Usage.

      StatusDescription
      GreenHealthy. Average CPU idle percent is above 20% since the last run of this indicator, which runs every minute.
      RedUnhealthy. Average CPU idle percent is less than 20% since the last run of this indicator, which runs every minute.

      For the identity router that is embedded in Authentication Manager, the CPU Usage data applies to the Authentication Manager host, instead of the identity router itself.

    • Cloud Authentication Service Connections. Tracks the status of each IP address and the overall connection status:

      • Current is the Cloud Authentication Service IP address currently being used.
      • Alternate is Cloud Authentication Service IP address(es) that are reachable but not in use.

      StatusDescription
      Green

      Green indicates that the Cloud Authentication Service can reach an IP address (healthy).

      If the current IP address and every alternate IP address is healthy, the overall Cloud Authentication Service Connections status is reported as healthy.

      Red

      Red indicates that the identity router cannot reach an IP address (unhealthy).

      If the current IP address or at least one alternate IP address is unhealthy, the overall Cloud Authentication Service Connections status is reported as unhealthy.

 

 

 

You are here
Table of Contents > Identity Routers > Managing Identity Routers > View Identity Router Status in the Cloud Administration Console

Attachments

    Outcomes