To minimize the impact to a production environment an administrator may want to consider the following steps to migrate an Authentication Manager deployment from one supported environment to another supported environment. For this knowledge article a Microsoft Hyper-V environment hosting a primary and replica instance running Authentication Manager 8.1 Service Pack 1 Patch 4 software in production will be migrated to an Authentication Manager deployment in a VMware environment.

Migration Steps 

1. Deploy RSA Authentication Manager 8.1 software, in this example the 8.1 .ova template and build a new primary instance using new fully-qualified hostname and network settings. The new primary instance deployment will require an authentication manager 8 license zip file.

Please review 000034558 - How to download RSA Authentication Manager 8.x full kits and service packs from RSA Link.

Relevant documentation

• RSA Authentication Manager 8.1 SP1 Virtual Appliance Getting Started 
• RSA Authentication Manager 8.1 SP1 Setup and Configuration Guide

Ensure any configured identity sources used in production are reachable from the new primary instance.

2. Apply RSA Authentication Manager 8.1 Service Pack 1 software to the new primary instance.

• Download RSA Authentication Manager 8.1 Service Pack 1  and RSA Authentication Manager 8.1 SP1 Release Notes.

Review the RSA Authentication Manager Updates page.

3. Apply RSA Authentication Manager 8.1 Service Pack 1 Patch 4 software to the new primary instance.  Download the software and readme for RSA Authentication Manager 8.1 Service Pack 1 Patch 4 (8.1.1.4.0).
4. Following the steps in Create a Backup Using Back Up Now, perform a backup from the 8.1 SP1 P4 (8.1.1.4.0) production Authentication Manager deployment, in this example running in a Microsoft Hyper-V environment.
5. Following the steps in Restore from Backup, restore the production backup onto the new primary instance running RSA Authentication Manager 8.1 Service Pack 1 Patch 4 (8.1.1.4.0) software.

An Authentication Manager backup can only be restored into a primary instance running the same software level as the primary instance that performed the backup.

6. Plan to shut down the production Authentication Manager deployment and change the new primary instance IPv4 network settings to match those used in production.  Refer to Change the Primary Instance IPv4 Network Settings for more information.

If you are not changing the new primary instance IPv4 network settings then you will need to update RSA Authentication Agents (and/or third party products) with a new configuration record (sdconf.rec) file.

7. Confirm the new primary instance can process end user authentications. Use the Real-Time Authentication Activity Monitor to verify authentication activity.  From the Security Console on the primary instance choose Reporting > Real-time Activity Monitors > Authentication Activity Monitor and choose Start Monitor.
8. Having confirmed the new primary instance is performing its job then deploy Authentication Manager 8.1 software to the new replica then build and attach the new replica instance. This new replica instance can use the old production replica network settings or not, depending on how you want to setup the new replica instance. 
9. Using the RSA Authentication Manager 8.1 Service Pack 1  and RSA Authentication Manager 8.1 SP1 Release Notes downloaded in step 2, apply RSA Authentication Manager 8.1 Service Pack 1 software to the new replica instance.
10. Using the software for RSA Authentication Manager 8.1 Service Pack 1 Patch 4 obtained in step 3, apply Patch 4 to the new replica instance.
11. Check replication between the primary and replica instances.
12. Verify RSA RADIUS Replication.
13. Perform further authentication testing.  Use the Real-Time Authentication Activity Monitor to verify authentication activity.  From the Security Console on the primary instance choose Reporting > Real-time Activity Monitors > Authentication Activity Monitor and choose Start Monitor.