Hello,
I am planning to evaluate RSA SecurID Access (SSO Features) for which I am looking for it's NFR Kit. Is this the part number which will fulfill my requirements "VIA-AC-S-NFR" or do I need to buy any other SKU as well.
My second question is that for the demo purposes my company cannot provide me public ip, and we need a url of identity router, to be communicated with the cloud (as this is what I have understood from the documentation). So do we have any alternative for this. Like if I use some Dynamic DNS and perform my evaluation. Will that work?
Please let me know on this.
Thanking You
Zia
You need to be connected to the internet, which obviously means there must be a public IP address (and outbound NAT) somewhere in the path between your on-premises IDR (private network) and RSA Hosted Tenant (public internet). However you don't need a static public IP address or an inbound NAT/Firewall rule to register to the cloud or otherwise maintain communications to the cloud. As long as the IDR can reach the internet (outbound traffic) on TCP port 443 and UDP port 1194, the IDR will be able to register and maintain a connection to the cloud services even if the outbound NAT address changes. In the event the public IP address changes at the NAT boundary, communications between the IDR and the Hosted Tenant will experience a brief interruption while a new encrypted session is established on UDP 1194 using the certificates exchanged during registration.
All of this presumes you have a persistent on-premises environment where the IDR will be running and able to reach the internet continuously (minor service interruptions notwithstanding). It is not recommended or supported to deploy the IDR into a non-persistent environment as long lived service interruptions will likely prevent the IDR from receiving updates from the cloud and if the IDR fails to receive critical updates it will not longer be able to connect to the RSA hosted service.