000034663 - Can an upgraded RSA SecurID Access Identity Router be rolled back to a previous version?

Document created by RSA Customer Support Employee on Jan 23, 2017Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000034663
Applies ToRSA Product Set: SecurID Access
RSA Product/Service Type:  Identity Router
IssueIs there any way to to revert or roll-back when attempting to update an RSA SecurID Access Identity Router (IDR)?
ResolutionRolling back to the previous IDR version via snapshot or some other means is not supported
In the unlikely occurrence that an IDR version upgrade fails, download the current image from the admin console, open the VMware console to assign IPs, and go to the IDR Setup Console to register the IDR.
If any HTTP Federated (HFED) applications are being used and the IDR is a member of a cluster then user keychains will automatically be synced from an existing cluster member once the new IDR is active.  If this is a single IDR system then restore the keychains from backup as described in the article on how to  Restore a Backup for a Single Cluster.
Please see Chapter 5 (Installing and Configuring the Identity Router) of the RSA SecurID Access SSO Agent Setup and Configuration Guide, for more information on deploying a replacement IDR.
NotesNote that if this is defined as a new IDR object in the admin UI AND you had configured anything special (firewall rules, static DNS entries, etc.) on the original IDR object, you would need to reconfigure those items in the new IDR. Therefore, it is important to keep a record of any such changes.