This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
DaveNeff
Contributor
Contributor
‎2022-10-03 03:45 PM

RSA External Servers

Are the RSA External servers actually used in the connection process or are they JUST for the Self Service portal?  If we don't use the portal, can these machines be turned off?

Thanks,

Dave

Reply
8 Replies
CraigDore
Frequent Contributor Frequent Contributor
Frequent Contributor
‎2022-10-03 08:47 PM

Hi Dave - by 'External servers' do you mean the Web Tier application? 

Reply
DaveNeff
Contributor
Contributor
In response to CraigDore
‎2022-10-03 09:12 PM

Yes the Web tiers that sit in our DMZ are for the Self Service Portal and possibly use for connectivity based on the following image:

[cid:image003.jpg@01D8D76C.BD475C80]


Reply
CraigDore
Frequent Contributor Frequent Contributor
Frequent Contributor
‎2022-10-03 09:42 PM

Hi Dave - can't see your image there for some reason but thank-you for clarifying.

The Web Tier provides two services, one that you've observed for user self-service of software, hardware and on-demand tokens. It also provides self-service for token PIN management.

Secondly the Web Tier also provides a CT-KIP provisioning endpoint for secure 'over the air' provisioning of a software token. The CT-KIP URL exists in the Auth Manager appliance however the Web Tier provides a proxy for this service, as CT-KIP protocol requires the mobile phone to connect to an externally available URL. So, if your organisation is using the key agreement technology provided in the CT-KIP protocol, the Web Tier is necessary to make this happen without exposing the Auth Manager primary to external users (via edge network).

If those aspects are not being used by your organisation then no, the Web Tier is not needed.

Reply
DaveNeff
Contributor
Contributor
In response to CraigDore
‎2022-10-04 07:35 AM

Excellent, thanks for the information!!!  Very appreciated.  I will look today to see if I can determine if using the key agreement technology provided in the CT-KIP protocol.

Reply
CraigDore
Frequent Contributor Frequent Contributor
Frequent Contributor
‎2022-10-04 08:02 AM

Hi Dave - there are a few video samples on my YT channel about token provisioning using the self-service console. Here's one example among a few:

https://youtu.be/nYf7S4_eLUY

This stuff is really old (you can tell by the dates from the videos). Have you looked at the SecurID Cloud? Self-service, built-in. QR scan, built-in. No seed records. Device binding, automatic. Dynamically provisioned just like I'm showing in the video. Modern MFA push methods. Token licences don't expire as it's just a subscription. And it works with everything protected by Auth Manager with no adjustments to whatever apps you're protecting. Anyway, that's a better way IMHO but ultimately up to you sir.

Good luck!

Reply
EricaChalfin
Moderator Moderator
Moderator
In response to CraigDore
‎2022-10-04 05:13 PM

@CraigDore,

Thanks for the YouTube link, Great content, despite the dates if the uploads! 😆


Best regards,
Erica
0 Likes
Reply
EricaChalfin
Moderator Moderator
Moderator
In response to DaveNeff
‎2022-10-04 06:06 PM

@DaveNeff,

Can you please try uploading your image again?


Best regards,
Erica
0 Likes
Reply
DaveNeff
Contributor
Contributor
‎2022-10-04 07:12 PM

Thanks Erica, attached.

Thanks Craig!!!

Preview file
152 KB
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.