Migrating an RSA Authentication Manager deployment from one environment to another
RSA Product Set: SecurID RSA Product/Service Type: Authentication Manager RSA Version/Condition: 8.1 Service Pack 1 or later
This article explains the process of migrating an Authentication Manager deployment from one supported environment to another supported environment; for example, from Microsoft Hyper-V to VMware or from a hardware SecurID appliance to VMware.
To minimize the impact to a production environment an administrator may want to consider the following steps to migrate an Authentication Manager deployment from one supported environment to another supported environment. For this knowledge article a Microsoft Hyper-V environment hosting a primary and replica instance running Authentication Manager 8.1 Service Pack 1 Patch 4 software in production will be migrated to an Authentication Manager deployment in a VMware environment.
Deploy RSA Authentication Manager 8.1 software, in this example the 8.1 .ova template and build a new primary instance using new fully-qualified hostname and network settings. The new primary instance deployment will require an authentication manager 8 license zip file.
Following the steps in Create a Backup Using Back Up Now, perform a backup from the 8.1 SP1 P4 (220.127.116.11.0) production Authentication Manager deployment, in this example running in a Microsoft Hyper-V environment.
Following the steps in Restore from Backup, restore the production backup onto the new primary instance running RSA Authentication Manager 8.1 Service Pack 1 Patch 4 (18.104.22.168.0) software.
An Authentication Manager backup can only be restored into a primary instance running the same software level as the primary instance that performed the backup.
Ensure any configured identity sources used in production are reachable from the new primary instance.
If you are not changing the new primary instance IPv4 network settings then you will need to update RSA Authentication Agents (and/or third party products) with a new configuration record (sdconf.rec) file.
Confirm the new primary instance can process end user authentications. Use the Real-Time Authentication Activity Monitor to verify authentication activity. From the Security Console on the primary instance choose Reporting > Real-time Activity Monitors > Authentication Activity Monitor and choose Start Monitor.
Having confirmed the new primary instance is performing its job then deploy Authentication Manager 8.1 software to the new replica then build and attach the new replica instance. This new replica instance can use the old production replica network settings or not, depending on how you want to setup the new replica instance.
Perform further authentication testing. Use the Real-Time Authentication Activity Monitor to verify authentication activity. From the Security Console on the primary instance choose Reporting > Real-time Activity Monitors > Authentication Activity Monitor and choose Start Monitor.