RSA Product Set: SecurID Access
RSA Product/Service Type: Identity Router
Is there any way to to revert or roll-back when attempting to update an RSA SecurID Access Identity Router (IDR)?
Rolling back to the previous IDR version via snapshot or some other means is not supported
In the unlikely occurrence that an IDR version upgrade fails, download the current image from the admin console, open the VMware console to assign IPs, and go to the IDR Setup Console to register the IDR.
If any HTTP Federated (HFED) applications are being used and the IDR is a member of a cluster then user keychains will automatically be synced from an existing cluster member once the new IDR is active. If this is a single IDR system then restore the keychains from backup as described in the article on how to Restore a Backup for a Single Cluster
Please see Chapter 5 (Installing and Configuring the Identity Router) of the RSA SecurID Access SSO Agent Setup and Configuration Guide
, for more information on deploying a replacement IDR.
Note that if this is defined as a new IDR object in the admin UI AND you had configured anything special (firewall rules, static DNS entries, etc.) on the original IDR object, you would need to reconfigure those items in the new IDR. Therefore, it is important to keep a record of any such changes.