RSA maintains a disaster recovery environment for the Cloud Authentication Service. When the Cloud Authentication Service environment becomes unavailable for any reason, your deployment automatically switches to the disaster recovery environment.
RSA recommends that you test access to the disaster recovery environment before it is needed to ensure a smooth transition during unexpected downtime.
To test access for your identity routers, on an identity router, do the following:
Enable SSH on an identity router. For instructions, see Access SSH for Identity Router Troubleshooting.
From the identity router command line, enter the following:
openssl s_client -connect 220.127.116.11:443
18.104.22.168 is the IP address of the disaster recovery environment.
You receive information back about the certificate chain and other details. If you are unable to reach the disaster recovery environment, the command eventually times out and you see SSL-related error messages.
- Repeat this for one identity router in each data center (or different firewall settings) in your deployment.
To test access for your internal users, on an internal machine, do the following:
Enter the following in a browser: https://22.214.171.124
You will see an error that the site is insecure. This is expected for the test.
View details about the connection and confirm that *auth.securid.com is included in the certification path.
For example, on Google Chrome, click the Not secure warning in the address bar. Then click the certificate and confirm that it is issued to *auth.securid.com.
- Repeat this for one internal machine in each data center (or different firewall settings) in your deployment.
If you are unable to access the disaster recovery environment, confirm that you have the correct firewall and whitelist settings. For more information, see the "Connectivity Requirements" section in your Quick Setup Guide.
Table of Contents > Product Documentation and Support > placeholder 16