This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
DanaBurton
Beginner
Beginner
‎2020-03-20 01:40 PM

External Identity Source - redundancy

Situation

DC 1             DC2

Primary     -    Replica

Replica         Replica

Primary instance connected to identity source AD in DC1

 

 

1. DC1 Primary replicates to DC2 Replica

2. DC2 goes down

3. Promote DC2 Replica to Primary

4. Question with newly promoted DC2 Primary see DC1 identity source?

 -    I say no

Question - can I put the replicated DC2 AD in as the Directory Failover URL?

 

So if it is now, how do I replicate the external identity source that has all the tokens assigned to DC2 Primary?

 

Cheers

 

Dana Burton

Labels (1)
Labels
0 Likes
Reply
2 Replies
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
‎2020-03-20 02:14 PM

You try to configure an LDAP Identity Source that is local to the AM server, primary and replicas, with failover local if possible but remote is OK since it is failover only.

LDAP_URLs.png

When you promote a replica, it keeps its LDAP configuration, which should have been local AD first.  Inherent assumption in all this is that the LDAP servers in both locations are the 'same' identity source, so all AM users are found in same place just on different Domain Controllers.

0 Likes
Reply
DanaBurton
Beginner
Beginner
In response to JayGuillette
‎2020-03-20 02:29 PM

Thanks.... that is what I thought... just need confirmation

 

Cheers

 

Dana

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.