000035778 - RSA Authentication Manager 8.2 Service Pack 1 Patch 6 introduces manual synchronization

Document created by RSA Customer Support Employee on Jan 9, 2018Last modified by RSA Customer Support Employee on Dec 19, 2018
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000035778
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.2 SP1 P6 or later
IssueThe replication status reports Out of Sync and the action to synchronization the primary instance database fails, as the primary database dump is too big to be pushed to the replica instance in a timely fashion, probably due to the primary and replica instances being separated geographically.
ResolutionRSA Authentication Manager 8.2 Service Pack 1 Patch 6 introduces a method of performing a manual transfer of the primary dump and primary dump SHA-256 signature file to the replica instance.

NOTE: This procedure requires secure shell (SSH) to be enabled on the Authentication Manager instances in the deployment.  Refer to the article on how to Enable Secure Shell on the Appliance for more information.
 

The following instructions allow an administrator to perform the manual transfer of the primary dump and primary dump SHA-256 signature file to a single replica instance. Where there is more than one replica instance in the Authentication Manager deployment, repeat the instructions for each replica instance that requires a sync. Only synchronize one replica instance at a time.



On a replica instance



  1. Logon to the command line of a replica instance with the rsaadmin account.
  2. On the replica instance navigate to /opt/rsa/am/utils folder using the command:


cd /opt/rsa/am/utils


  1. Add a new global parameter to the replica instance using the command: 


./rsautil store -a add_config auth_manager.synchronization.manual_transfer.wait.minutes 15 GLOBAL 501


The global parameter auth_manager.synchronization.manual_transfer.wait.minutes is a timer delay providing fifteen (15) minutes for the administrator to perform a manual transfer of the primary dump and signature file to the replica instance. This value can be altered; however, fifteen minutes is more than enough time to move a 2GB primary dump with SHA-256 signature file to the replica instance.




  1. Restart the Authentication Manager replica instance to activate the above global parameter.




/opt/rsa/am/server/rsaserv restart all



On the primary instance



  1. Logon to command line of the primary instance with the rsaadmin account.
  2. Logon to the primary Operations Console and select Deployment Configuration > Instances > Status Report
  3. Click the Sync link in the Action column for the replica instance where you have the SSH session open.
  4. Wait for the task Starting database dump on primary to start.
  5. At the command line of the primary instance, navigate to /opt/rsa/am/replication/attachment_data_for_replica:


cd /opt/rsa/am/replication/attachment_data_for_replica


  1. In the /opt/rsa/am/replication/attachment_data_for_replica directory, the administrator will find a new folder called instance_<number>.
  2. Navigate into this fdirectory:


cd instance_<number>


The primary_dump and primary_dump.sha256 will be created in the instance_<number> folder. When the administrator sees the primary_dump.sha256 file then further tasks are required to get the primary_dump and primary_dump.sha256 files into the /opt/rsa/am/replication/attachment_data_from_primary folder on the replica instance.

This  article provides instructions to use SFTP (a secure command line FTP program). Alternatively use a different secure FTP client (for example, WinSCP) to copy the primary_dump and primary_dump.sha256 files from the /opt/rsa/am/replication/attachment_data_for_replica/instance_<number> folder on the primary instance into the /opt/rsa/am/replication/attachment_data_from_primary folder on the replica instance.



Back on the replica instance



  1. Navigate to the /opt/rsa/am/replication/attachment_data_from_primary directory.
  2. Use the secure FTP program on the replica instance to connect to the primary instance


sftp <IP_Address_of_primary>


  1. In the secure FTP program navigate to the local directory called /opt/rsa/am/replication/attachment_data_for_replica.


lcd /opt/rsa/am/replication/attachment_data_for_replica


  1. List the contents of this folder to get the instance folder name.


sftp> ls
instance_810a23043f02a8c0293c1ae3674260f9   logs
sftp>


  1. Now navigate into the instance_<number> directory:


sftp> cd instance_810a23043f02a8c0293c1ae3674260f9
sftp>


  1. Manually transfer the primary dump and primary dump SHA-256 signature file to the replica instance using the get command.



get primary_dump
get primary_dump.sha256



  1. Check the remote files on the primary instance are the same size as the files copied to the replica instance.


sftp> ls -lah
drwx------    0 1000     1000         4.0K Dec 19 12:31 .
drwx------    0 1000     1000         4.0K Dec 19 12:26 ..
-rw-------    0 1000     1000         754M Dec 19 12:31 primary_dump
-rw-------    0 1000     1000          64B Dec 19 12:31 primary_dump.sha256
sftp> lls -alh
total 755M
drwx------ 2 rsaadmin rsaadmin 4.0K Dec 19 12:33 .
drwxr-xr-x 5 rsaadmin rsaadmin 4.0K Dec 19 12:25 ..
-rw------- 1 rsaadmin rsaadmin 754M Dec 19 12:33 primary_dump
-rw------- 1 rsaadmin rsaadmin   64 Dec 19 12:33 primary_dump.sha256
sftp>


  1. Where the files match in size, the administrator can exit the secure FTP program:


exit

 

Back on the primary instance



  1. Go back to the web browser showing the Sync tasks in the primary Operations Console and monitor the completion of the tasks.
  2. After the Task Starting replica services has completed click the Done button and check the replication status of the replica instance. It is expected to be Normal.
NotesWhere the customer is not running an Authentication Manager deployment with RSA Authentication Manager 8.2 Service Pack 1 Patch 6 software then the Authentication Manager instances can be updated with the later software before using this RSA knowledge article.

Refer to 000035766 Software update for RSA Authentication Manager 8.x fails with error: Replication flush failed if there is an issue with the software update.

Attachments

    Outcomes