SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
New Contributor
New Contributor

RSA Web Tier

Hi Guyz,


I have few queries regarding Webtier deployment as below:

  1. The Virtual host & Webtier hostname will be the self service URL that will be published over Internet?
  2. My network has 1 Primary instance & 4 Replica instance & want to deploy webtier, I have created 2 webtier on windows server, can we use the same Webtier packge from AM to all webtier servers?
  3. do we need to generate a new webtier package from autentication manager or we can use the same one package on all  webtiers?
  4. I want to Load balance my self service traffic from internet between two webtier servers for this we will be using a dedicated third party Load balancer, so the load balancer IP in authentication manager will be my LB VIP right?
Labels (1)
3 Replies
Valued Contributor Valued Contributor
Valued Contributor

1. The webtier hostname is the hostname (fqhn) that the webtier is installed on. This should not be visible outside your network. The Virtual Hostname is the externally-visible name used to reach the Self Service Console and CT-KIP servce from the internet. 

2. If you mean the webtier install zip, yes, It contains what you need for both Linux and Windows.

3. The webtier pkg file you generate on the Primary is specific to the individual webtier, so yes, you need to generate one for each webtier.

4. The IP addresses should be the internal addresses; that is, these are the addresses that the webtiers will see the connection requests coming from.

New Contributor
New Contributor

Hi Steven,


Thanks for your reply.

For point 4, We have configured the LB IP as the Proxy IP of the Load balancer which will be observed by the Web tier.

But still when we are accessing the Self-service URL via DMZ zone its not working. The self service console is not opening. we have even changed the self service URL to the one which is exposed to internet.


Can you hit the webtier directly with your browser from your desktop, instead of going through the load balancer?  Something like https://<fqhn>:<port>/console-selfservice/ where fqhn is the real hostname of the webtier and port is the port it listens on -- probably 443.