You must configure communication between the authentication agents and RSA Authentication Manager. To do this, use the Security Console to generate a zip file (AM_Config.zip) that contains the Authentication Manager configuration file, sdconf.rec. To configure communication, you copy sdconf.rec to each agent host. The sdconf.rec file contains a snapshot of the server topology as it was when the file was generated. The agent uses the data in the sdconf.rec file as a backup.
The generated zip file also contains a failover.dat file that can be configured on the agent. The failover.dat file allows agent auto-registration to complete when the primary instance is unavailable or separated from the agent host by a firewall that uses Network Address Translation (NAT). This file includes a list of the primary and replica instances, and their alias IP addresses.
Before you begin
- Make sure an agent is connected to Authentication Manager.
- Review the configuration settings. See Configure Agent Settings.
- In the Security Console, click Access > Authentication Agents > Generate Configuration File
- From the Maximum Retries drop-down menu, select the number of times you want the authentication agent to attempt to establish communication with Authentication Manager before returning the message “Cannot initialize agent - server communications.
- From the Maximum Time Between Each Retry drop-down menu, select the number of seconds that you want to set between attempts by the authentication agent to establish communications with Authentication Manager.
- Click Generate Config File.
- Click Download Now, and save AM_Config.zip to your local machine.
After you finish
If you are configuring an agent:
- Copy AM_Config.zip, containing the sdconf.rec file and the failover.dat file, to each agent host. The agent uses the data in the sdconf.rec file as a backup.
- Configure the agent with the new sdconf.rec file and if necessary, the failover.dat file. For instructions, see your agent documentation.