Article Number
000034663
Applies To
RSA Product Set: SecurID Access
RSA Product/Service Type: Identity Router
Issue
Is there any way to to revert or roll-back when attempting to update an RSA SecurID Access Identity Router (IDR)?
Resolution
Rolling back to the previous IDR version via snapshot or some other means is
not supported.
In the unlikely occurrence that an IDR version upgrade fails, download the current image from the admin console, open the VMware console to assign IPs, and go to the IDR Setup Console to register the IDR.
If any HTTP Federated (HFED) applications are being used and the IDR is a member of a cluster then user keychains will automatically be synced from an existing cluster member once the new IDR is active. If this is a single IDR system then restore the keychains from backup as described in the article on how to
Restore a Backup for a Single Cluster.
Please see Chapter 5 (Installing and Configuring the Identity Router) of the
RSA SecurID Access SSO Agent Setup and Configuration Guide, for more information on deploying a replacement IDR.
Notes
Note that if this is defined as a new IDR object in the admin UI AND you had configured anything special (firewall rules, static DNS entries, etc.) on the original IDR object, you would need to reconfigure those items in the new IDR. Therefore, it is important to keep a record of any such changes.