Article Number
000034167
Applies To
RSA Product Set: SecurID Access
RSA Product/Service Type: Identity Router
Issue
As of the Fall 2016 SecurID Access release, on-premise Identity Router (IDR) updates are now managed by the customer as discussed in the documentation entitled
Update Identity Router Software for a Cluster.
This article describes what you can expect while performing an IDR Cluster software update.
Resolution
- Each IDR in a cluster will take approximately 10 to 30 minutes to update, depending on the performance of your VMware infrastructure.
- During an update, the IDR's Platform > Identity Routers status will change from OUT_OF_DATE to DISTRESSED. The status will change to ACTIVE when the update is complete. You must refresh the page to see status changes.
- During an update you cannot select Test or View Log from the Admin Console; nor can you access the IDR Setup Console (a/k/a the setup.jsp).
- If you have a high availability cluster with properly configured load balancer and session replication, users may see little or no impact during a software update. Even with high availability, however, your load balancer needs to detect a pool member being down for some period of time before removing it from rotation, so some users may still be directed to a "down" (updating) IDR during that time, and see an error message.
- If you have a single IDR environment, then all services will be down during the update. End-users will need to log in again after the update is complete.
Notes
If an IDR is both OUT_OF_DATE and in DEBUG logging mode, the dashboard IDR update message and IDR list page (Platform > Identity Routers) status will be inconsistent. If you refresh, the dashboard message may appear or disappear, and the IDR list page will alternate between showing OUT_OF_DATE or DEBUG.