Attach the Replica Instance to the Primary Instance

Attaching the replica instance to the primary instance enables the replica instance to synchronize data with the primary instance. The replica instance records all authentications locally and sends the authentication and log data to the primary instance at regular intervals. When the primary instance is unavailable, the replica instance holds this data locally until the primary instance becomes available.

Note: The replica instance cannot authenticate users during the attachment process.

Replica attachment automatically updates the RADIUS server on the replica instance with any dictionary file edits that were made to the RADIUS server on the primary instance. For example, any custom dictionaries added on the primary instance are available on the replica instance, and modifications made to the master dictionary or vendor.ini file on the primary instance are automatically updated on the replica instance. After replica attachment completes, you must manually copy to other RADIUS servers any RADIUS dictionaries or dictionary file edits that must be synchronized across the environment.

The instances use the TCP/IP protocol over an encrypted link for secure database synchronization. Instances can communicate over a local area network (LAN) or a wide area network (WAN).

For information on firewalls, see the appendix “Port Usage” in the RSA Authentication Manager Setup and Configuration Guide.

Before you begin

Confirm the following:

  • You generated a replica package file on the primary instance and downloaded the replica package to your local machine. For instructions, see Generate a Replica Package.

  • The primary and replica instances can resolve and connect to each other on the following ports:

    • 7002/TCP

    • 7022/TCP

  • The RSA RADIUS service is running on the primary instance.

    Even if you do not plan to use RADIUS, the service must be running for the replica attachment to succeed.

  • The clocks on the primary and replica instances are synchronized. If the clocks are off by more than 10 minutes, the attachment fails.

  • If you deferred attaching the replica instance after it was configured using Quick Setup, power on the replica instance and access Quick Setup. Quick Setup resumes at the Attach to Primary Instance page.


  1. On the Attach to Primary Instance page under Upload Replica Package, click Browse, and select the replica package file to upload from your local machine. Click Next.

  2. Under Provide Credentials, enter your Operations Console administrator User ID and password, and click Next.

After you finish

  • Check the replication status by viewing the Replication Status Report for the replica instance. In the Operations Console for the replica instance, click Deployment Configuration > Instances > Status Report.

  • Make sure that the web browsers used to access the Security Console or the Operations Console have JavaScript enabled. See your web browser documentation for instructions on enabling JavaScript.

  • After the replica instance is attached to the primary instance, network setting changes made in the VMware vSphere Client will no longer take effect. Use the Operations Console in the primary instance to change the network settings.

Related Concepts

Replica Instance