RSA Authentication Manager primary and replica operation over a WAN link
hope anyone will be able to answer my question or give advise or experience. Many thanks to all of you in advance.
We're running two sites, one in Germany the other one in Nigeria they are connected by a WAN link that experiences latency and packet loss several times a day.
Both site are terminating client-vpn and shall use 2-facts for authentication
The German site has 120 users, the other one only 15(!).
The users belong to local AD domains at each site that do not have a trust relationsship, but belong to the same root domain. RSA SID700 and SID820 token shall be used.
I'd like to run a primary RSA Authentication Manager in Germany and use a replica at Nigeria. Both devices need to be able to use both, the German and the Nigerian AD domains. Nigerian shall use the local replica for authentication not the primray.
1. Will the setup work along to my description?
2. If the WAN links fail, primary and replica won't be able to synchronize. What needs to done after the WAN link is restablished?
3. Whats the worst case scenario?
Many thanks for your support,