This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
KennethKirchner
Beginner
Beginner
‎2017-06-05 07:20 PM

Is there a limit on the number of standard agents in Authentication Manager 8.2?

I am looking for the maximum number of standard agents I can put on an AM8.2 server and if it matters if they are restricted/unrestricted (separate counts for both?)

 

What is the maximum number of users/tokens while we're at it?

0 Likes
Reply
4 Replies
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
‎2017-06-05 09:30 PM

No, but the discussions and patches over the past year focus on the number 50,000, because a few of our larger customers use this many Windows agents, which can auto-register but also can request offline authentication data, so there had to be some adjustments in the AM 8.2 server to handle all this, as well as updates in our agent code to randomize when they all ask for an automatic top off of offline days if online.  If you are considering more than 50,000, we should probably discuss through a support case, but if you see 50,000 as a ceiling, you should be fine at AM 8.2 P5 or later and the newest agent build of v. 7.3.2[92] or the new 7.3.3 due very soon.  If you need to run this many agents with AM 8.1 SP1, you should at least be at P15 and talk to support about a hot fix Engineering did for this version.

And even if you are at 10,000 or less agents, there are still a lot of reasons to be at the latest patches;

AM 8.1 SP1 P15 is your absolute minimum, anything less at this date is problematic

AM 8.2 P5

or AM 8.2 SP1, and get Patch1 when it comes out soon, as AM 8.2 SP1 was based on a code freeze of AM 8.2 P3, so is missing P4 &5

0 Likes
Reply
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
In response to JayGuillette
‎2017-06-05 09:52 PM

the other number bounced around is 1,000,000 users with SecurID tokens, hardware or software.  I don't think there is a number for Risk Based Authenitcators, RBA, but I would expect that number to be much lower

0 Likes
Reply
KennethKirchner
Beginner
Beginner
‎2017-06-06 11:14 AM

Thank you, Jay! Most of our authentication passes through our ACS server, but we have our UNIX systems pointing directly at the AM. I suspect we will have far less than 50K of those agents, probably less than 10K.  We are running 8.2SP1 and plan to keep it updated.

0 Likes
Reply
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
In response to KennethKirchner
‎2017-06-06 11:31 AM

The Authentication request process is short and sweet, especially for non-Windows agents with no offline days, auto-registration or Windows Password integration, basically six 64-byte packets to and from either UDP port 5500 for Native SecurID (SDI as Cisco still calls us, they have been doing SID so long they still refer to us by our original name, Security Dynamics Inc.) or only two 64-byte packets if using RADIUS.  If you want a primer on packet decodes for authentication traffic see attached PPTs

Preview file
1785 KB
Preview file
818 KB
0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.