Change the Hostname of a Primary or Replica Instance in AzureChange the Hostname of a Primary or Replica Instance in Azure

The following information about changing the hostname for a primary or replica instance only applies to the Azure virtual appliance.

After changing the hostname in the primary or replica instance Operations Console, you can access the Azure virtual machine with the new hostname. However, to update the hostname in the Azure portal, you must restore a snapshot to create a new virtual machine with the new hostname. You can keep the original IP address by reusing the original NIC, and you can keep the original virtual machine data by swapping the virtual machine disk.

Before you begin

On the primary or replica instance that you are updating, log on to the Operations Console, and change the hostname.

For more information, see Change the Primary Instance IPv4 Network Settings and Change the Replica Instance IPv4 Network Settings.

Procedure

1. Take a snapshot of the virtual machine that requires a new hostname:
   1. Log on to the Azure portal.
   2. On the Services tab, search for Virtual Machines.
   3. Navigate to the RSA Authentication Manager virtual machine.
   4. Stop the virtual machine.
   5. Click the OS Disk.
   6. Click Create Snapshot. Enter a name for the snapshot and any other required information. Click Create.
2. After the snapshot is created, navigate to the Disks section in the Azure portal, click +Add in the upper left, and create a new disk that uses the new snapshot as the source.
3. Remove the original NIC by attaching a placeholder NIC. An Azure virtual machine requires a NIC.
4. Create a new virtual machine with the new hostname. For instructions, see the Azure Virtual Appliance Getting Started.

   After the virtual machine is created, do not run Quick Setup.

5. Stop the new virtual machine.
6. Attach the original NIC that was removed in Step 3 and detach the default placeholder NIC from the new virtual machine.

   This step retains the original IP address for the new virtual machine.

7. Verify that the Azure Resource Manager Provider Feature to swap disks is registered:
   1. In Azure, connect to Azure Cloud Shell, and select PowerShell.
   2. Run the following command:

      Get-AzureRmProviderFeature -ProviderNamespace 'Microsoft.Compute' -FeatureName 'AllowManagedDisksReplaceOSDisk'

   3. If the swap disks feature is disabled, run the following command:

      Register-AzureRmProviderFeature -FeatureName 'AllowManagedDisksReplaceOSDisk' -ProviderNamespace 'Microsoft.Compute'

      Enabling this feature can take more than 12 minutes.

8. Use the disk that was created from the snapshot in Step 2 as the new operating system disk for the virtual machine:
   1. In Azure, connect to Azure Cloud Shell, and select PowerShell.
   2. Run the following commands:

      $name = 'VM Name of the new virtual machine'

      $resourceGroupName = 'Resource Group name'

      $diskname='Disk Name created from the snapshot'

      $diskResourceID="Resource ID for the disk name"

   3. Get the virtual machine details:

      $vm = get-azurermvm -ResourceGroupName $resourceGroupName -Name $name

   4. Set the properties for the new disk, and update the virtual machine:

      Set-AzureRmVMOSDisk -VM $vm -Name $diskname -ManagedDiskId $diskResourceID | Update-AzureRmVM

9. Start the new virtual machine. After 10 to 15 minutes, the new virtual machine is available with the new hostname, the original IP address, and the original virtual machine data.

   Note: If the hostname change is successful, RSA recommends saving space by removing the original virtual machine, the original disk, and the snapshot from step 1.

After you finish

• Update the DNS server with the new hostname or IP address.

  The Azure appliance requires you to configure a DNS server in the virtual network or use the DNS server provided by Azure. Any on-premises Authentication Manager primary instance or replica instances must use the DNS server that is configured in the virtual network.

• In a replicated deployment, after updating your DNS server, you must log on to the replica instance Operations Console and update the primary instance hostname and IP address on the replica instance. A replica instance requires the primary instance hostname and IP address in order to communicate with the primary instance.

  For instructions, see Update the Primary Instance Hostname and IP Address on a Replica Instance.

• If you installed an SSL certificate that is signed by a third-party certificate authority (CA), changing the hostname causes the deployment to revert to the SSL certificate signed by the Authentication Manager CA that is enabled when the instance is deployed.

  To install a new SSL certificate, import a new SSL certificate that is signed by the third-party certificate authority and whose common name (CN) is the new hostname. For instructions, see Replacing the Console Certificate.

• Repair any trusted realm relationships. For instructions, see Repair a Trust Relationship with a Version 8.0 or Later Realm.
• If your deployment includes a web tier, do the following:

  Description	Web-Tier Task
  Primary instance hostname updated in a deployment with replica instances	The web tier obtains the primary instance hostname from a replica instance. After you update the primary instance hostname on every replica instance, wait five minutes for the web tier to update. You can then make additional replica instance hostname changes as needed.
  Primary instance hostname updated in a deployment with no replica instances	Reinstall the web tier. Perform the following procedure to retain all existing web-tier configuration and customization settings: Uninstall the web tier. For instructions, see Uninstall a Web Tier on Linux or Uninstall a Web Tier on Windows. Run the web tier installer for your platform. For instructions, see the RSA Authentication Manager Setup and Configuration Guide. Update the web tier. For instructions, see Update the Web-Tier.
  Replica instance hostname updated	Wait five minutes for the web tier to update. You can then make additional hostname changes as needed. In a replicated deployment, the web tier obtains the replica instance hostname from the primary instance. The waiting period allows the web tier to maintain communication with the Authentication Manager instances.

• Update any external clients, such as RADIUS clients and SNMP, to use the new hostname.
• Synchronize the primary instance with each out-of-sync replica instance. For instructions, see Synchronize a Replica Instance.