RADIUS Data Replication

Document created by RSA Information Design and Development Employee on Jun 13, 2017Last modified by RSA Information Design and Development Employee on Jan 19, 2021
Version 16Show Document
  • View in full screen mode

RADIUS synchronizes data on the RADIUS replica servers with the data on the RADIUS primary server. The primary server detects when an administrator changes RADIUS data through the Security Console and sends all RADIUS data that can be replicated to the replica servers. If no changes have been made, data is not replicated.

The RADIUS primary server does not replicate RADIUS configuration files or RADIUS dictionary files. Each RADIUS server has its own set of these files. When you make changes to the files of the RADIUS primary server, you must make the same changes to the files of each RADIUS replica server in your deployment.

You must log on to the Operations Console on the RADIUS server you want to modify to view and edit the RADIUS configuration files. For more information about the configuration files, see the RSA Authentication Manager RADIUS Reference Guide. For more information about the dictionary files, see the documentation for your RADIUS device.

You use either of two methods to replicate RADIUS data:

  • Configure periodic replication

  • Initiate replication

By default, the deployment is configured to use periodic replication.

Configure Periodic Replication Method

Periodic replication is the default method. When this is enabled, the RADIUS primary server performs these steps:

  1. Searches for changes to the RADIUS data on the primary server every 15 minutes.

  2. Replicates any changes to each RADIUS replica server.

  3. Verifies that each RSA RADIUS replica server has the latest data.

If an RSA RADIUS replica server fails to update after replication, the RADIUS primary server logs a message to the system log and to the Authentication Manager Critical System Event Notification system, which can be configured to send e-mail to designated personnel. The failure notification can take up to 15 minutes to be logged and sent.

Note:  There is no failure notification when you disable periodic replication.

Initiate Replication Method

The initiate replication method requires that administrators use the Security Console to start replicating RADIUS data to the RADIUS replica servers. You can use this method regardless of whether periodic replication is enabled or RADIUS data has been changed. If a RADIUS replica server is offline for a period of time and therefore not up-to-date, once the RADIUS server is available, initiating replication sends the latest RADIUS data to all RADIUS replica servers in the deployment.

Out-of-Date RADIUS Replica Servers

Data on a RADIUS replica server becomes out-of-date when the RADIUS replica server is unavailable for an extended period of time, for example, it is offline or the RADIUS primary server cannot connect to the replica due to a network issue.

A replica server that is unavailable cannot receive data from the RADIUS primary server. However, once the RADIUS replica server becomes available, it checks for missed updates once per hour and initiates replication when it finds more up-to-date data.

If the RADIUS data changes before the hour interval, the RADIUS replica server can still receive the updates through the replication method you configured.






Previous Topic:View RADIUS Servers
You are here
Table of Contents > RADIUS > RADIUS Data Replication