Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
DavidClarke2
Beginner
Beginner

Availability Monitoring - query regarding allowing pings

Hi

 

As part of the solution for a refreshed RSA Authentication Manager I am

confirming the design for Availability Monitoring

 

I've found a guide for SNMP from https://community.rsa.com/docs/DOC-36986

 

For our availability monitoring, could someone confirm whether the

appliance allow pings?

 

 

 

Regards,

 

David Clarke

Unless stated otherwise above:

IBM United Kingdom Limited - Registered in England and Wales with number

741598.

Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU

 

Labels (1)
0 Likes
3 Replies
HusseinElBaz
Employee
Employee

Hello David,

 

By default the server allows ping.

 

Best Regards,

0 Likes
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor

Ping is kind of a very low level test, I have seen Windows NT workstations that display a Blue Screen but still respond to a Ping.  Also, if RSA services were down,, the Ping would only tell you that the Appliance was connected to the Network and Powered on.

 

A full Logon test that is repeatable cannot be done with a PassCode, unless you plan to have someone to manually enter a Passcode and click Logon every x number of minutes.  Could get expensive, so most testing in this way involves a Fixed Passcode, and still can get complicated with developing your own API agent.

 

A good, easy compromise is a TCP port test, which most SNMP applications have supported for decades.  I would configure a test for one of the common Authentication Manager ports, either TCP 5580 or TCP 5550.  If these ports are up, then RSA services are probably running.  Combine with Critical Event Notifications for LDAP and replication in the AM Security Console and your have a pretty good up check for AM primary and replica.

0 Likes
EdwardDavis
Employee
Employee

What I would do (if it was my setup) is use a auth testing tool that

 

a) does a radius login every 1 minute to each rsa server

 

b) uses a username with a fixed passcode

this username has no access to anything else in the enterprise

this username sole purpose is test auths

and the user name is in active directory so I can test ad connection at same time

 

c) set up a radius test tool (like radlogin4) and have it do an auth

test to my primary and each replica on a 1 minute cycle. if it

fails 3 times in a row (or whatever) , then (radlogin4) can notify me via email

or other notification

0 Likes