You can change the replica instance IPv4 network settings, such as the subnet mask, default gateway, hostname or IP address. There are several reasons why you might need to change the network settings. For example, you might need to change the IP address to resolve an IP address conflict with another resource, you might need to change the subnet mask when the network is reorganized, or you might need to change network settings when you move an appliance from one data center to another.
Before you begin
Users cannot authenticate on this instance while you perform this procedure, and some administrative features are not available. Plan to perform this procedure at a time when the absence of authentication service is minimally disruptive.
In the Fully Qualified Domain Name field, modify the fully qualified domain name (FQDN).
For DNS Servers, add, update or remove an IP address from the list of IP addresses for DNS servers.
To add an IP address, enter the IP address in the DNS Server IP Address field and click Add.
To update an IP address, select the IP address from the list, modify the IP address in the DNS Server IP Address field and click Update.
To remove an IP address, select the IP address form the list and click Remove.
To change the order in which the DNS servers are used, select an IP address and click the up or down arrow.
You may enter multiple IP addresses, and specify the order. Authentication Manager submits DNS lookup queries to the DNS servers in the order listed.
For DNS Search Domains, add, update or remove a a domain from the list of DNS search domains.
To add a search domain, enter the name of the domain in the DNS Search Domain field and click Add.
To update a search domain, select the name of the domain from the list, modify the name in the DNS Search Domain field and click Update.
To remove a search domain, select the domain from the list and click Remove.
To change the order in which the domains are searched, select the domain and click the up or down arrow.
You may enter multiple search domains, and specify the order. Authentication Manager uses the search domains in the order listed.
For each network interface card (NIC) that you want to use, configure the following:
In the IPv4 Address field, modify the IP address. Each NIC supports one IP address.
In the IPv4 Subnet Mask field, modify the subnet mask.
In the IPv4 Default Gateway field, modify the IP address.
Note:Configure IPv6 Settings only if your deployment contains authentication agents that use the IPv6 protocol. The IPv6 settings contain an additional field, IPv6 Prefix Length, instead of the Subnet Mask field.
To configure an additional NIC, select the Enabled checkbox under the name of the NIC, and configure the settings. For a virtual appliance, the Appliance Network Settings page displays an additional NIC only after you add the NIC on the virtual machine hosting the appliance.
Authentication Manager supports dual network interface card (NIC) configurations on the hardware appliance, the Amazon Web Services virtual appliance, the Hyper-V virtual appliance, and the VMware virtual appliance. The Azure virtual machine supports one NIC, and one IP address for the NIC. Features that require more than one NIC are not available on the Azure virtual machine.
Note:Both NICs cannot share an IP address. RSA recommends using a different subnet for each NIC. If two NICs share the same subnet and one NIC becomes unavailable, then Authentication Manager services will not be available on either NIC.
All Authentication Manager services are available on both NICs. You can configure your network to use NIC1 or NIC2 for specific types of traffic, but failover is only provided for agent authentication.
If you want agents to communicate with the IP address of an additional NIC, you must configure the IP address of the additional NIC as an alternate IP address. For more information, see Add Alternative IP Addresses for Instances.
Click Next. The Operations Console displays a review page.
Review the changes you made, highlighted in bold and italic. Click Change Network Settings to accept the changes, click Back to make additional changes, or click Cancel.
Select Yes, change network settings, and click Change Network Settings.
To apply the changes, Authentication Manager restarts the system-level networking service. If you changed the hostname or IP address, Authentication Manager restarts additional services. After the services are running, the Operations Console and the Security Console are available at the new hostname and IP address.
(Optional). You can download a text file that contains the updated network settings for the replica instance. You can refer to this information if you need to restore the original system image on a hardware appliance or if you need to replace a virtual appliance. Do the following:
On the replica instance, log on to the Operations Console.
Under Download Network Settings, click Download network settings.
Save the FQDN_backupOfNetworkSettings.txt file in an external location where it is available for convenient reference.
After you finish
Complete these tasks after changing your replica instance hostname or IP address. If you change both the hostname and the IP address, you must perform all of the tasks that apply to your deployment. Changes to other network settings, such as the subnet mask, do not require these additional tasks.
Verify that the hostname used to access the Consoles (Operations Console, Security Console, and the Self-Service Console) resolves to the new IP address.
For the Azure virtual appliance, in a replicated deployment, make sure the primary instance can communicate with the replica instance. After changing the replica instance IP address, edit the hosts file on the primary instance.
If you installed an SSL certificate that is signed by a third-party certificate authority (CA), changing the hostname causes the deployment to revert to the SSL certificate signed by the Authentication Manager CA that is enabled when the instance is deployed.
To install a new SSL certificate, import a new SSL certificate that is signed by the third-party certificate authority and whose common name (CN) is the new hostname. For instructions, see Replacing the Console Certificate.
If you want agents to communicate with the IP address of an additional NIC, you must configure the IP address of the additional NIC as an alternate IP address. For more information, see Edit an Authentication Agent.
Wait five minutes for the web tier to update. You can then make additional hostname changes as needed.
In a replicated deployment, the web tier obtains the replica instance hostname from the primary instance. The waiting period allows the web tier to maintain communication with the Authentication Manager instances.
Update any other external clients, such as RADIUS and SNMP, to use the new IP address. Changing the IP address for the replica instance also updates the RADIUS IP address. Reconfigure RADIUS clients so that they send requests to the new IP address.
Update any external clients, such as RADIUS clients and SNMP, to use the new hostname.
Check the replication status for the replica instance, and synchronize the replica instance if necessary. For instructions, see Synchronize a Replica Instance.