I was talking with a customer yesterday who is migrating all of their AM servers to Amazon Web Services. Their process involves adding new replicas in AWS, then promoting one of them to become the primary, and then shutting down the original (on-prem) AM servers.
They have a lot of Windows clients using the RSA Authentication Agent for Microsoft Windows (a.k.a. “Local Authentication Client”/LAC) agent to protect desktop logins, and had some questions about how those agents get updates regarding which AM servers exist.
- Should the LAC agent automatically pick up changes to the available AM servers, and if so, is this done as part of an authentication request processing, and/or at any other time (such as at Windows reboot time)?
- Does the LAC agent use Contact Lists (https://community.rsa.com/docs/DOC-77058), and/or a different mechanism?
- Is there an easy way to see if the new AM servers are being detected by the client (such as by looking at the client's files - perhaps failover.dat, sdconf.rec, sdstatus.12, or securid files?)
- Does the customer need to push out an updated sdconf.rec file to all clients during or after the server migration?