This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
KennethFranco
Beginner
Beginner
‎2018-03-04 10:14 PM

Procedure to Migrate RSA Authentication Manager Appliance to Virtual Appliance

Jump to solution

Hi.

We currently have two RSA AM appliances (8.1.1.4) - one is Primary and one is Replica and having a base license.

We have a requirement to migrate these appliances to a virtual appliance (VMware). I would like to seek your help on how to do this. I have a basic idea but could you please confirm if this is correct? Or advise if you have a simpler approach with less risk?

1. Shutdown the current Replica appliance

2. Install a new virtual instance (also 8.1.1.4) on VMWare and make it as a new Replica. I will use the IP address and FQDN of the previous replica appliance

3. Once set up, I will sync (need some details here) this Replica instance to the existing Primary appliance

4. On the Primary appliance, promote this new virtual Replica instance to Primary. So users will be able to use this new vm to authenticate. The Primary appliance will then demote itself and become a Replica

5. Shutdown the previous Primary appliance

6. Set up a second virtual appliance with the same version (8.1.1.4). Assign the FQDN and IP address of the previous Primary appliance. Set this up as a Replica.

7. Sync this new virtual Replica with the virtual Primary

 

Your feedback is appreciated.

 

Thanks.

Labels (1)
0 Likes
Reply
1 Solution

Accepted Solutions
EdwardDavis
Employee
Employee
‎2018-03-05 09:27 AM

Jump to solution

If you have a primary and replica now, just install a 2nd replica as a new vmware replica, patch

it up to match the version of the primary, then do a planned promotion so it becomes the new

primary and the others are now replicas. Then delete one and install a new replica vmware. 

 

This also works on a base license where we only allow 1 replica. On a base,  you can add 1 more replica

(there will be an exceed replica limit warning, but it does not affect the systems)

so moving from hardware to vmware by 'leapfrogging' can be pretty seamless, and you are never without 1 replica.

View solution in original post

0 Likes
Reply
3 Replies
jeffshurtliff
Administrator Administrator
Administrator
‎2018-03-05 08:50 AM

Jump to solution

Hi Kenneth,

 

I have moved this thread to the RSA SecurID Suite" data-type="space so that you can get an answer to your question.

 

You can post future questions and discussions directly to that community by clicking on the Ask a Question or Start a Discussion button on the RSA SecurID Suite" data-type="space page.

 

securid_discussions-section.png

 

Thanks,
Jeff

0 Likes
Reply
EdwardDavis
Employee
Employee
‎2018-03-05 09:27 AM

Jump to solution

If you have a primary and replica now, just install a 2nd replica as a new vmware replica, patch

it up to match the version of the primary, then do a planned promotion so it becomes the new

primary and the others are now replicas. Then delete one and install a new replica vmware. 

 

This also works on a base license where we only allow 1 replica. On a base,  you can add 1 more replica

(there will be an exceed replica limit warning, but it does not affect the systems)

so moving from hardware to vmware by 'leapfrogging' can be pretty seamless, and you are never without 1 replica.

0 Likes
Reply
KennethFranco
Beginner
Beginner
In response to EdwardDavis
‎2018-03-12 03:18 AM

Jump to solution

Thanks Edward. 

 

Current Primary appliance - 192.168.1.1

Current Replica appliance - 192.168.1.2

 

 

If I install the new vm replica, I will provide it with a new IP address (i.e 192.168.1.3) . And when I promote it to become primary, my authentication agents will not be able to connect because they only know the original IP addresses (1.1 and 1.2) since this new IP is not configured on them unless I change all of them which I am trying to avoid. 

With this in mind, is it possible to do this AFTER promoting the new vm to primary?

1. Kill/unplug the original replica appliance (1.2) 

2. Change the IP/FQDN of the new vm replica from 1.3 to 1.2 ? 

3. Test if this newly promoted vm can authenticate users

4. Assuming #3 is ok, set up another vm replica (192.168.1.4) 

5. Kill/unplug the original primary appliance (1.1)

6. Change the IP of the new vm replica from 1.4 to 1.1 

7. Attach this 2nd vm replica (1.1) to vm primary (1.2)

8. Promote this 2nd vm to become primary

 

End state:

Primary vm - 192.168.1.1 

replica vm - 192.168.1.2

 

Does this look logical? Appreciate your thoughts. 

Thank you.

 

Regards,

Kenneth

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.