This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
AmitSharma2
New Contributor
New Contributor
‎2020-06-25 03:23 AM

RSA Web Tier

Hi Guyz,

 

I have few queries regarding Webtier deployment as below:

  1. The Virtual host & Webtier hostname will be the self service URL that will be published over Internet?
  2. My network has 1 Primary instance & 4 Replica instance & want to deploy webtier, I have created 2 webtier on windows server, can we use the same Webtier packge from AM to all webtier servers?
  3. do we need to generate a new webtier package from autentication manager or we can use the same one package on all  webtiers?
  4. I want to Load balance my self service traffic from internet between two webtier servers for this we will be using a dedicated third party Load balancer, so the load balancer IP in authentication manager will be my LB VIP right?
Labels (1)
0 Likes
Reply
3 Replies
StevenSpicer
Valued Contributor Valued Contributor
Valued Contributor
‎2020-06-26 10:16 AM

1. The webtier hostname is the hostname (fqhn) that the webtier is installed on. This should not be visible outside your network. The Virtual Hostname is the externally-visible name used to reach the Self Service Console and CT-KIP servce from the internet. 

2. If you mean the webtier install zip, yes, It contains what you need for both Linux and Windows.

3. The webtier pkg file you generate on the Primary is specific to the individual webtier, so yes, you need to generate one for each webtier.

4. The IP addresses should be the internal addresses; that is, these are the addresses that the webtiers will see the connection requests coming from.

Reply
AmitSharma2
New Contributor
New Contributor
‎2020-07-03 01:21 AM

Hi Steven,

 

Thanks for your reply.

For point 4, We have configured the LB IP as the Proxy IP of the Load balancer which will be observed by the Web tier.

But still when we are accessing the Self-service URL via DMZ zone its not working. The self service console is not opening. we have even changed the self service URL to the one which is exposed to internet.

0 Likes
Reply
StevenSpicer
Valued Contributor Valued Contributor
Valued Contributor
In response to AmitSharma2
‎2020-07-06 08:51 AM

Can you hit the webtier directly with your browser from your desktop, instead of going through the load balancer?  Something like https://<fqhn>:<port>/console-selfservice/ where fqhn is the real hostname of the webtier and port is the port it listens on -- probably 443.

Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.