This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

Migrating an RSA Authentication Manager 8.x deployment to a new location with different network settings

Article Number

000037844

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x

Issue

This article explains what to do when the RSA Authentication Manager production deployment must be moved to a new location using different network settings.

Resolution

The steps below show a possible migration flow based on a scenario of one primary and one replica instance.


Migration flow overview

 
TaskOld Environment New EnvironmentActionComments

1.
  • Primary
  • Replica
--
--

2.
  • Primary
  • Replica
  • Add primary
  • Deploy a new Authentication Manager primary instance in the new environment using new network settings.
IMPORTANT: Ensure the new primary instance is the same software level as the old production primary, else the production backup cannot be restored.

Refer to article 000034558 - How to download RSA Authentication Manager 8.x full kits and service packs from RSA Link for steps on how to download the software.

Refer to Chapter 2 of the RSA Authentication Manager 8.4 Setup and Configuration Guide on deploying a primary instance.

The complete suite of documentation for RSA Authentication Manager 8.4 is available on RSA Link. 

3.
  • Primary
  • Replica
  • Primary
  • Add production data
 The new primary instance is now running with production data after restoring from backup.

4.
  • Primary
  • Replica
  • Primary
  • Add replica
  • Deploy and attach a new Authentication Manager replica instance to the new primary instance.
Refer to Chapter 3 of the RSA Authentication Manager 8.4 Setup and Configuration Guide on deploying a replica instance.

The complete suite of documentation for RSA Authentication Manager 8.4 is available on RSA Link. 
 

5.
  • Primary
  • Replica
  • Primary
  • Replica
  • Update Authentication Agents, RADIUS clients and third-party product configurations
  • Generate a new configuration file (sdconf.rec) and replace the existing sdconf.rec on currently deployed authentication agents and third-party products using an UDP agent with the new sdconf.rec.
  • Manually update any RADIUS clients with the IP address and hostname of the new Authentication Manager instances in the new deployment.

The configuration file (sdconf.rec) informs the authentication agent and third-party product using an UDP agent of the IP addresses of the Authentication Manager instances in the deployment.

IMPORTANT: Only replace the sdconf.rec file on authentication agents and third-party products using an UDP agent.

RADIUS clients are likely to require a manual change for the new IP address or hostname of the Authentication Manager instances in the new environment.

Task 5 is not required where you are going to use the same production hostname and IP addresses for the new primary and replica instances. Refer to documentation on Primary or Replica Instance Network Settings Updates for information and related tasks for changing the network settings on a primary and/or replica instance.

6.
  • Primary
  • Replica
  • Primary
  • Replica
  • Perform testing in new environment


Thoroughly test the new Authentication Manager deployment; this includes:

  • Authentication testing, and 
  • Checking scheduled tasks such as cleanup unresolvable users, log archives, backups, etc.. are still enabled and monitor the new Authentication Manager deployments, perhaps through critical system event notifications.

Confirm that the new Authentication Manager deployment is working correctly:

7.
  • Primary
  • Replica
  • Primary
  • Replica
  • Stand down the old Authentication Manager deployment now that the new Authentication Manager deployment is working.

Migration completed to the new environment.

For additional assistance see the RSA Authentication Manager 8.4 Help documentation.

Notes

This migration example does not include the following:
  • Updating the software of the Authentication Manager deployment. Contact RSA Customer Support if you require assistance with this task.
  • Configuration changes to a web tier deployment. The task would be to uninstall the existing web tier deployment and rebuild with new web tier packages from the new Authentication Manager deployment. Contact RSA Customer Support if you require assistance with this task.
  • Changing an Authentication Manager Prime configuration to communicate with the new primary instance. Please engage RSA Professional Services to assist with this task of changing an Authentication Manager Prime configuration.
  • Changes to custom applications using the RSA Authentication Manager Admin SDK.
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2021-04-24 12:42 AM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.