Hi RSA support team,
We're deploying the AM 8.1 in the project now. there's one issue we need to get your confirmation.
RSA uses builtin HA software shipped with the RSA appliance. The two appliances, the primary and the replica appliances, work in active/standby mode or active/active mode?
For now we got the 1 primary instance and 2 replica instance. if we can set the authentication priority for those 3 instances?
for example in the picture beolw:
if the NNOC01 instance broken down,then the NNOC01 users authentication traffic will be toke over by NNOC02;
if the NNOC01& NNOC02 instances Both broken down,then the traffic will be toke over by Laghar01;
Thanks
matt qi
RSA primary and replicas are always active to authenticate whatever traffic hits them. It is up to the agent to pick and choose which RSA server it wants to authenticate against. SID protocol will try to quasi-load balance, radius agents are typically 'primary' and 'failover'. Anyhow, all RSA servers are active, full copies of the primary, and replicas simply try to log what happens on them to the primary.
You can make contact lists for SID agents if you want to force them to only prefer to authenticate against certain RSA servers, but by default the contact list for all agents is 'all RSA servers'.