000036541 - Checklist for successful promotion of RSA Authentication Manager 8.x replica instance for maintenance

Document created by RSA Customer Support Employee on Aug 6, 2018
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000036541
Applies ToRSA Product Set:  SecurID
RSA Product/Service Type:  Authentication Manager
RSA Version/Condition:  8.x
IssueThis article describes the general issues that need to be considered during the planning of the promotion of an RSA Authentication Manager 8.x replica instance to primary for maintenance.
Resolution
QueriesAnswers
Is it necessary to have the original primary to be online and functional during the process of replica promotion?Yes, It is mandatory to have the original primary instance online and fully functional during the process of replica promotion.
Who can initiate the process for replica promotion for maintenance? An Operations Console administrator can initiate promotion for maintenance from the Operations Console of the replica instance that is to be promoted. 
  
   Logon to the Operations Console of the replica instance to be promoted as primary and perform the following steps
  
   Procedure
  
  1. In the Operations Console, navigate to Deployment Configuration > Replica Promotion > For Maintenance > Promote to Primary.
  2. Verify the instance details and click Run Pre-Promotion Check.
  3. The progress monitor displays the progress of the promotion operation on the replica instance that is being promoted.
  
Will the original primary instance automatically be demoted to be the replica instance during the process of replica promotion for maintenance?After promotion, the original primary instance is demoted to a replica instance.
Is it necessary to have all the replica instances online and functioning during the replica promotion process for maintenance?It is important to take note that during the promotion for maintenance, the primary instance and all replica instances must be online and functioning. 
What are the services and instances that are affected during the promotion process for maintenance? During the promotion process, authentication, administration, and self-service will be unavailable on the primary and replica instance involved in promotion.
Will the other replicas be available for authentications during the process of replica promotion for maintenance?Authentications remains available on additional replicas in the deployment apart from the replica which is identified for promotion.
Will the old primary be automatically re-attached as the replica to the new primary (that is, the newly promoted replica)?After promotion, the original primary instance is demoted to a replica instance and is automatically synchronized with the new primary instance.
   All additional replica instances are automatically connected to the new primary instance.
What are the impacts on the Webtier during the process of replica promotion for maintenance?If the deployment includes a Webtier, restart the services for each Webtier after promotion. 
What are the impacts on the RSA RADIUS server during the process of replica promotion for maintenance?It is mandatory to initiate RADIUS data replication to synchronize the RADIUS server on each replica instance with the RADIUS server on the new primary instance.
  
   Logon to the Security Console of the new primary instance and perform the following steps to initiate RADIUS data replication:
  
   Procedure
  
  1. In the Security Console, click RADIUS > RADIUS Servers.
  2. Click Initiate Replication.
  
NotesApart from the information above, it is important to ensure that the replica instance being promoted can reach the original primary and all other replica instances on the following ports.
 
Port
   Number
Description
7002
  
  • Used for communication between an Authentication Manager primary and replica instances and for communication between replica instances
  • Used by the RSA application programming interface (API).
  
7022
  
  • Used for communication between Authentication Manager primary and replica instances and for communication between replica instances (for replay detection).
  • Used to communicate with trusted realms.
  • Allows communication between the RSA Authentication Manager appliance and its' web tier.
  
7072
  
  • Required for administering the RSA Authentication Manager deployment from the Operations Console.
  • Accepts requests for Operations Console functions.
  
1812
  
  • This port is used for communication between primary RADIUS and replica RADIUS services.
  • Even If the RSA RADIUS is not in use, but if the deployment has replica instances then it is a must to allow connections between Authentication Manager instances on this port.
  • Restrict connections from other systems that are not Authentication Manager instances.
  
1813
  
  • This port is used to administer RADIUS from the Security Console over the protected RADIUS remote administration channel.
  • Restrict connections from other systems that are not Authentication Manager instances.
  

Attachments

    Outcomes