AnsweredAssumed Answered

RSA Authentication Manager primary and replica operation over a WAN link

Question asked by xZZwBaW3aurjqG1h6369bzV7cEnKYVZaS5vv5BqyJ9o= on Aug 2, 2016
Latest reply on Oct 17, 2016 by Luka Kodric

RSA Authentication Manager primary and replica operation over a WAN link

Hello,

hope anyone will be able to answer my question or give advise or experience. Many thanks to all of you in advance.

 

The story:

We're running two sites, one in Germany the other one in Nigeria they are connected by a WAN link that experiences latency and packet loss several times a day.

Both site are terminating client-vpn and shall use 2-facts for authentication

The German site has 120 users, the other one only 15(!).

The users belong to local AD domains at each site that do not have a trust relationsship, but belong to the same root domain. RSA SID700 and SID820 token shall be used.

 

The setup:

I'd like to run a primary RSA Authentication Manager in Germany and use a replica at Nigeria. Both devices need to be able to use both, the German and the Nigerian AD domains. Nigerian shall use the local replica for authentication not the primray.

 

My questions:

1. Will the setup work along to my description?

2. If the WAN links fail, primary and replica won't be able to synchronize. What needs to done after the WAN link is restablished?

3. Whats the worst case scenario?

 

Many thanks for your support,

Ralph.

Outcomes